diff options
Diffstat (limited to 'selftest/target/Samba3.pm')
| -rwxr-xr-x | selftest/target/Samba3.pm | 4315 |
1 files changed, 4315 insertions, 0 deletions
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm new file mode 100755 index 0000000..bbce55e --- /dev/null +++ b/selftest/target/Samba3.pm @@ -0,0 +1,4315 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU GPL, v3 or later. + +# NOTE: Refer to the README for more details about the various testenvs, +# and tips about adding new testenvs. + +package Samba3; + +use strict; +use warnings; +use Cwd qw(abs_path); +use FindBin qw($RealBin); +use POSIX; +use target::Samba; +use File::Path 'remove_tree'; + +sub return_alias_env +{ + my ($self, $path, $env) = @_; + + # just an alias + return $env; +} + +sub have_ads($) { + my ($self) = @_; + my $found_ads = 0; + my $smbd_build_options = Samba::bindir_path($self, "smbd") . " --configfile=/dev/null -b|"; + open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!"); + + while (<IN>) { + if (/WITH_ADS/) { + $found_ads = 1; + } + } + close IN; + + # If we were not built with ADS support, pretend we were never even available + print "smbd does not have ADS support\n" unless $found_ads; + return $found_ads; +} + +# return smb.conf parameters applicable to @path, based on the underlying +# filesystem type +sub get_fs_specific_conf($$) +{ + my ($self, $path) = @_; + my $mods = ""; + my $stat_out = `stat --file-system $path` or return ""; + + if ($stat_out =~ m/Type:\s+btrfs/) { + $mods .= "streams_xattr btrfs"; + } + + if ($mods) { + return "vfs objects = $mods"; + } + + return ''; +} + +sub new($$) { + my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_; + my $self = { vars => {}, + SambaCtx => $SambaCtx, + bindir => $bindir, + srcdir => $srcdir, + server_maxtime => $server_maxtime + }; + bless $self; + return $self; +} + +sub teardown_env($$) +{ + my ($self, $envvars) = @_; + + if (defined($envvars->{CTDB_PREFIX})) { + $self->teardown_env_ctdb($envvars); + } else { + $self->teardown_env_samba($envvars); + } + + return; +} + +sub teardown_env_samba($$) +{ + my ($self, $envvars) = @_; + my $count = 0; + + # This should cause smbd to terminate gracefully + close($envvars->{STDIN_PIPE}); + + my $smbdpid = $envvars->{SMBD_TL_PID}; + my $nmbdpid = $envvars->{NMBD_TL_PID}; + my $winbinddpid = $envvars->{WINBINDD_TL_PID}; + my $samba_dcerpcdpid = $envvars->{SAMBA_DCERPCD_TL_PID}; + + # This should give it time to write out the gcov data + until ($count > 20) { + my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); + my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); + my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); + my $samba_dcerpcdchild = Samba::cleanup_child( + $samba_dcerpcdpid, "samba-dcerpcd"); + if ($smbdchild == -1 + && $nmbdchild == -1 + && $winbinddchild == -1 + && $samba_dcerpcdpid == -1) { + last; + } + sleep(1); + $count++; + } + + if ($count <= 20 && + kill(0, $smbdpid, $nmbdpid, $winbinddpid, $samba_dcerpcdpid) == 0) { + return; + } + + $self->stop_sig_term($smbdpid); + $self->stop_sig_term($nmbdpid); + $self->stop_sig_term($winbinddpid); + $self->stop_sig_term($samba_dcerpcdpid); + + $count = 0; + until ($count > 10) { + my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); + my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); + my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); + my $samba_dcerpcdpid = Samba::cleanup_child( + $samba_dcerpcdpid, "samba-dcerpcd"); + if ($smbdchild == -1 + && $nmbdchild == -1 + && $winbinddchild == -1 + && $samba_dcerpcdpid == -1) { + last; + } + sleep(1); + $count++; + } + + if ($count <= 10 && + kill(0, $smbdpid, $nmbdpid, $winbinddpid, $samba_dcerpcdpid) == 0) { + return; + } + + warn("timelimit process did not quit on SIGTERM, sending SIGKILL"); + $self->stop_sig_kill($smbdpid); + $self->stop_sig_kill($nmbdpid); + $self->stop_sig_kill($winbinddpid); + $self->stop_sig_kill($samba_dcerpcdpid); + + return 0; +} + +sub teardown_env_ctdb($$) +{ + my ($self, $data) = @_; + + if (defined($data->{SAMBA_NODES})) { + my $num_nodes = $data->{NUM_NODES}; + my $nodes = $data->{SAMBA_NODES}; + + for (my $i = 0; $i < $num_nodes; $i++) { + if (defined($nodes->[$i])) { + $self->teardown_env_samba($nodes->[$i]); + } + } + } + + close($data->{CTDB_STDIN_PIPE}); + + if (not defined($data->{SAMBA_NODES})) { + # Give waiting children time to exit + sleep(5); + } + + return 0; +} + +sub getlog_env_app($$$) +{ + my ($self, $envvars, $name) = @_; + + my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n"; + my $out = $title; + + open(LOG, "<".$envvars->{$name."_TEST_LOG"}); + + seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET); + while (<LOG>) { + $out .= $_; + } + $envvars->{$name."_TEST_LOG_POS"} = tell(LOG); + close(LOG); + + return "" if $out eq $title; + + return $out; +} + +sub getlog_env($$) +{ + my ($self, $envvars) = @_; + my $ret = ""; + + $ret .= $self->getlog_env_app($envvars, "SMBD"); + $ret .= $self->getlog_env_app($envvars, "NMBD"); + $ret .= $self->getlog_env_app($envvars, "WINBINDD"); + + return $ret; +} + +sub check_env($$) +{ + my ($self, $envvars) = @_; + + my $childpid = waitpid(-1, WNOHANG); + + # TODO ... + return 1; +} + +# Declare the environments Samba3 makes available. +# To be set up, they will be called as +# samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...) +%Samba3::ENV_DEPS = ( + # name => [dep_1, dep_2, ...], + nt4_dc => [], + nt4_dc_smb1 => [], + nt4_dc_smb1_done => ["nt4_dc_smb1"], + nt4_dc_schannel => [], + + simpleserver => [], + fileserver => [], + fileserver_smb1 => [], + fileserver_smb1_done => ["fileserver_smb1"], + maptoguest => [], + ktest => [], + + nt4_member => ["nt4_dc"], + + ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"], + ad_member_rfc2307 => ["ad_dc_ntvfs"], + ad_member_idmap_rid => ["ad_dc"], + admem_idmap_autorid => ["ad_dc"], + ad_member_idmap_ad => ["fl2008r2dc"], + ad_member_fips => ["ad_dc_fips"], + ad_member_offlogon => ["ad_dc"], + ad_member_oneway => ["fl2000dc"], + ad_member_idmap_nss => ["ad_dc"], + ad_member_s3_join => ["vampire_dc"], + + clusteredmember => ["nt4_dc"], +); + +%Samba3::ENV_DEPS_POST = (); + +sub setup_nt4_dc +{ + my ($self, $path, $more_conf, $domain, $server) = @_; + + print "PROVISIONING NT4 DC..."; + + my $nt4_dc_options = " + domain master = yes + domain logons = yes + lanman auth = yes + ntlm auth = yes + raw NTLMv2 auth = yes + rpc start on demand helpers = false + + CVE_2020_1472:warn_about_unused_debug_level = 3 + server require schannel:schannel0\$ = no + server require schannel:schannel1\$ = no + server require schannel:schannel2\$ = no + server require schannel:schannel3\$ = no + server require schannel:schannel4\$ = no + server require schannel:schannel5\$ = no + server require schannel:schannel6\$ = no + server require schannel:schannel7\$ = no + server require schannel:schannel8\$ = no + server require schannel:schannel9\$ = no + server require schannel:schannel10\$ = no + server require schannel:schannel11\$ = no + server require schannel:torturetest\$ = no + + server schannel require seal:schannel0\$ = no + server schannel require seal:schannel1\$ = no + server schannel require seal:schannel2\$ = no + server schannel require seal:schannel3\$ = no + server schannel require seal:schannel4\$ = no + server schannel require seal:schannel5\$ = no + server schannel require seal:schannel6\$ = no + server schannel require seal:schannel7\$ = no + server schannel require seal:schannel8\$ = no + server schannel require seal:schannel9\$ = no + server schannel require seal:schannel10\$ = no + server schannel require seal:schannel11\$ = no + server schannel require seal:torturetest\$ = no + + vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no + + fss: sequence timeout = 1 + check parent directory delete on close = yes +"; + + if (defined($more_conf)) { + $nt4_dc_options = $nt4_dc_options . $more_conf; + } + if (!defined($domain)) { + $domain = "SAMBA-TEST"; + } + if (!defined($server)) { + $server = "LOCALNT4DC2"; + } + my $vars = $self->provision( + prefix => $path, + domain => $domain, + server => $server, + password => "localntdc2pass", + extra_options => $nt4_dc_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + samba_dcerpcd => "yes", + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $vars->{DOMSID} = $vars->{SAMSID}; + $vars->{DC_SERVER} = $vars->{SERVER}; + $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; + $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; + $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; + $vars->{DC_USERNAME} = $vars->{USERNAME}; + $vars->{DC_PASSWORD} = $vars->{PASSWORD}; + + return $vars; +} + +sub setup_nt4_dc_smb1 +{ + my ($self, $path) = @_; + my $conf = " +[global] + client min protocol = CORE + server min protocol = LANMAN1 +"; + return $self->setup_nt4_dc($path, $conf, "NT4SMB1", "LCLNT4DC2SMB1"); +} + +sub setup_nt4_dc_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env); +} + +sub setup_nt4_dc_schannel +{ + my ($self, $path) = @_; + + print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ..."; + + my $pdc_options = " + domain master = yes + domain logons = yes + lanman auth = yes + + server schannel = yes + # used to reproduce bug #12772 + server max protocol = SMB2_02 +"; + + my $vars = $self->provision( + prefix => $path, + domain => "NT4SCHANNEL", + server => "LOCALNT4DC9", + password => "localntdc9pass", + extra_options => $pdc_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $vars->{DOMSID} = $vars->{SAMSID}; + $vars->{DC_SERVER} = $vars->{SERVER}; + $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; + $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; + $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; + $vars->{DC_USERNAME} = $vars->{USERNAME}; + $vars->{DC_PASSWORD} = $vars->{PASSWORD}; + + return $vars; +} + +sub setup_nt4_member +{ + my ($self, $prefix, $nt4_dc_vars) = @_; + my $count = 0; + my $rc; + + print "PROVISIONING MEMBER..."; + + my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; + if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") { + $require_mutexes = ""; + } + + my $member_options = " + security = domain + dbwrap_tdb_mutexes:* = yes + ${require_mutexes} +"; + my $ret = $self->provision( + prefix => $prefix, + domain => $nt4_dc_vars->{DOMAIN}, + server => "LOCALNT4MEMBER3", + password => "localnt4member3pass", + extra_options => $member_options); + + $ret or return undef; + + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + do { + print "Waiting for the LOGON SERVER registration ...\n"; + $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c"); + if ($rc != 0) { + sleep(1); + } + $count++; + } while ($rc != 0 && $count < 10); + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $ret); + return 0; + } + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; + $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # Add hosts file for name lookups + $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'"; + + if (system($cmd) != 0) { + warn("check failed\n$cmd"); + return undef; + } + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DOMSID} = $nt4_dc_vars->{DOMSID}; + $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; + $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; + $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; + + return $ret; +} + +sub setup_clusteredmember +{ + my ($self, $prefix, $nt4_dc_vars) = @_; + my $count = 0; + my $rc; + my @retvals = (); + my $ret; + + print "PROVISIONING CLUSTEREDMEMBER...\n"; + + my $prefix_abs = abs_path($prefix); + mkdir($prefix_abs, 0777); + + my $ctdb_data = $self->setup_ctdb($prefix); + + if (not $ctdb_data) { + print "No ctdb data\n"; + return undef; + } + + print "PROVISIONING CLUSTERED SAMBA...\n"; + + my $num_nodes = $ctdb_data->{NUM_NODES}; + my $nodes = $ctdb_data->{CTDB_NODES}; + + # Enable cleanup of earlier nodes if a later node fails + $ctdb_data->{SAMBA_NODES} = \@retvals; + + for (my $i = 0; $i < $num_nodes; $i++) { + my $node = $nodes->[$i]; + my $socket = $node->{SOCKET_FILE}; + my $server_name = $node->{SERVER_NAME}; + my $pub_iface = $node->{SOCKET_WRAPPER_DEFAULT_IFACE}; + my $node_prefix = $node->{NODE_PREFIX}; + + print "CTDB_BASE=${node_prefix}\n"; + print "CTDB_SOCKET=${socket}\n"; + + my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; + if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") { + $require_mutexes = "" ; + } + + my $member_options = " + security = domain + server signing = on + clustering = yes + rpc start on demand helpers = false + rpcd witness:include node ips = yes + ctdbd socket = ${socket} + include = registry + dbwrap_tdb_mutexes:* = yes + ${require_mutexes} +"; + + my $node_ret = $self->provision( + prefix => "$node_prefix", + domain => $nt4_dc_vars->{DOMAIN}, + server => "$server_name", + password => "clustermember8pass", + netbios_name => "CLUSTEREDMEMBER", + share_dir => "${prefix_abs}/shared", + extra_options => $member_options, + no_delete_prefix => 1); + if (not $node_ret) { + print "Provision node $i failed\n"; + teardown_env($self, $ctdb_data); + return undef; + } + + my $registry_share_template = "$node_ret->{SERVERCONFFILE}.registry_share_template"; + unless (open(REGISTRYCONF, ">$registry_share_template")) { + warn("Unable to open $registry_share_template"); + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + print REGISTRYCONF " +[registry_share] + copy = tmp + comment = smb username is [%U] +"; + + close(REGISTRYCONF); + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "$net conf import $node_ret->{CONFIGURATION} ${registry_share_template}"; + + my $net_ret = system($cmd); + if ($net_ret != 0) { + warn("net conf import failed: $net_ret\n$cmd"); + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + do { + print "Waiting for the LOGON SERVER registration ...\n"; + $rc = system("$nmblookup $node_ret->{CONFIGURATION} " . + "$node_ret->{DOMAIN}\#1c"); + if ($rc != 0) { + sleep(1); + } + $count++; + } while ($rc != 0 && $count < 10); + + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + push(@retvals, $node_ret); + } + + $ret = {%$ctdb_data, %{$retvals[0]}}; + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; + $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + + for (my $i=0; $i<@retvals; $i++) { + my $node_provision = $retvals[$i]; + my $ok; + $ok = $self->check_or_start( + env_vars => $node_provision, + samba_dcerpcd => "yes", + winbindd => "yes", + smbd => "yes", + child_cleanup => sub { + map { + my $fh = $_->{STDIN_PIPE}; + close($fh) if defined($fh); + } @retvals }); + if (not $ok) { + teardown_env($self, $ret); + return undef; + } + } + + # + # Build a unclist for every share + # + unless (open(NODES, "<$ret->{CTDB_NODES_FILE}")) { + warn("Unable to open CTDB nodes file"); + teardown_env($self, $ret); + return undef; + } + my @nodes = <NODES>; + close(NODES); + chomp @nodes; + + my $conffile = $ret->{SERVERCONFFILE}; + $cmd = ""; + $cmd .= 'sed -n -e \'s|^\[\(.*\)\]$|\1|p\''; + $cmd .= " \"$conffile\""; + $cmd .= " | grep -vx 'global'"; + + my @shares = `$cmd`; + $rc = $?; + if ($rc != 0) { + warn("Listing shares failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + chomp @shares; + + my $unclistdir = "${prefix_abs}/unclists"; + mkdir($unclistdir, 0777); + foreach my $share (@shares) { + my $l = "${unclistdir}/${share}.txt"; + unless (open(UNCLIST, ">${l}")) { + warn("Unable to open UNC list ${l}"); + teardown_env($self, $ret); + return undef; + } + foreach my $node (@nodes) { + print UNCLIST "//${node}/${share}\n"; + } + close(UNCLIST); + } + + $ret->{DOMSID} = $nt4_dc_vars->{DOMSID}; + $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; + $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; + $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; + + return $ret; +} + +sub provision_ad_member +{ + my ($self, + $prefix, + $machine_account, + $dcvars, + $trustvars_f, + $trustvars_e, + $extra_member_options, + $force_fips_mode, + $offline_logon, + $no_nss_winbind) = @_; + + if (defined($offline_logon) && defined($no_nss_winbind)) { + warn ("Offline logon incompatible with no nss winbind\n"); + return undef; + } + + my $prefix_abs = abs_path($prefix); + my @dirs = (); + + mkdir($prefix_abs, 0777); + + my $share_dir="$prefix_abs/share"; + push(@dirs, $share_dir); + + my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users"; + push(@dirs, $substitution_path); + + # Using '/' as the winbind separator is a bad idea ... + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users"; + push(@dirs, $substitution_path); + + my $smbcacls_sharedir="$share_dir/smbcacls"; + push(@dirs,$smbcacls_sharedir); + + my $option_offline_logon = "no"; + if (defined($offline_logon)) { + $option_offline_logon = "yes"; + } + + my $netbios_aliases = ""; + if ($machine_account eq "LOCALADMEMBER") { + $netbios_aliases = "netbios aliases = foo bar"; + } + + unless (defined($extra_member_options)) { + $extra_member_options = ""; + } + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + $netbios_aliases + template homedir = /home/%D/%G/%U + auth event notification = true + password server = $dcvars->{SERVER} + winbind scan trusted domains = no + winbind offline logon = $option_offline_logon + + allow dcerpc auth level connect:lsarpc = yes + dcesrv:max auth states = 8 + rpc start on demand helpers = false + + # Begin extra member options + $extra_member_options + # End extra member options + +[sub_dug] + path = $share_dir/D_%D/U_%U/G_%G + writeable = yes + +[sub_dug2] + path = $share_dir/D_%D/u_%u/g_%g + writeable = yes + +[sub_valid_users] + path = $share_dir + valid users = ADDOMAIN/%U + +[sub_valid_users_domain] + path = $share_dir + valid users = %D/%U + +[sub_valid_users_group] + path = $share_dir + valid users = \@$dcvars->{DOMAIN}/%G + +[valid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_users_group] + path = $share_dir + valid users = \"\@$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_group] + path = $share_dir + valid users = \"+$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_group] + path = $share_dir + valid users = \"&$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_nis_group] + path = $share_dir + valid users = \"+&$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_unix_group] + path = $share_dir + valid users = \"&+$dcvars->{DOMAIN}/domain users\" + +[invalid_users] + path = $share_dir + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_and_invalid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => $machine_account, + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + mkdir($_, 0777) foreach(@dirs); + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + if (defined($force_fips_mode)) { + $ret->{GNUTLS_FORCE_FIPS_MODE} = "1"; + $ret->{OPENSSL_FORCE_FIPS_MODE} = "1"; + } + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + if (defined($force_fips_mode)) { + $cmd .= "GNUTLS_FORCE_FIPS_MODE=1 "; + $cmd .= "OPENSSL_FORCE_FIPS_MODE=1 "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (defined($offline_logon)) { + my $wbinfo = Samba::bindir_path($self, "wbinfo"); + + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "yes")) { + return undef; + } + + # Fill samlogoncache for alice + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --pam-logon=ADDOMAIN/alice%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --ccache-save=ADDOMAIN/alice%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + # Fill samlogoncache for bob + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --pam-logon=ADDOMAIN/bob%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --ccache-save=ADDOMAIN/bob%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + # Set windindd offline + my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "UID_WRAPPER_ROOT='1' "; + $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd offline"; + if (system($cmd) != 0) { + warn("Setting winbindd offline failed\n$cmd"); + return undef; + } + + # Validate the offline cache + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "UID_WRAPPER_ROOT='1' "; + $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd validate-cache"; + if (system($cmd) != 0) { + warn("Validation of winbind credential cache failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + + # Shut down winbindd + teardown_env($self, $ret); + + ### Change SOCKET_WRAPPER_DIR so it can't connect to AD + my $swrap_env = $ENV{SOCKET_WRAPPER_DIR}; + $ENV{SOCKET_WRAPPER_DIR} = "$prefix_abs"; + + # Start winbindd in offline mode + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "offline")) { + return undef; + } + + # Set socket dir again + $ENV{SOCKET_WRAPPER_DIR} = $swrap_env; + + } else { + if (defined($no_nss_winbind)) { + $ret->{NSS_WRAPPER_MODULE_SO_PATH} = ""; + $ret->{NSS_WRAPPER_MODULE_FN_PREFIX} = ""; + } + + if (not $self->check_or_start( + env_vars => $ret, + samba_dcerpcd => "yes", + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + # forest trust + $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; + $ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP}; + $ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6}; + $ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME}; + $ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME}; + $ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD}; + $ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN}; + $ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM}; + + # external trust + $ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER}; + $ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP}; + $ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6}; + $ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME}; + $ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME}; + $ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD}; + $ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN}; + $ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM}; + + return $ret; +} + +sub setup_ad_member +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER..."; + + return $self->provision_ad_member($prefix, + "LOCALADMEMBER", + $dcvars, + $trustvars_f, + $trustvars_e); +} + +sub setup_ad_member_s3_join +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER..."; + + return $self->provision_ad_member($prefix, + "LOCALADMEMBER2", + $dcvars, + $trustvars_f, + $trustvars_e); +} + +sub setup_ad_member_rfc2307 +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap cache time = 0 + idmap negative cache time = 0 + idmap config * : backend = autorid + idmap config * : range = 1000000-1999999 + idmap config * : rangesize = 100000 + idmap config $dcvars->{DOMAIN} : backend = rfc2307 + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : ldap_server = ad + idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com + idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com + + password server = $dcvars->{SERVER} +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "RFC2307MEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; +} + +sub setup_admem_idmap_autorid +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_autorid config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config * : backend = autorid + idmap config * : range = 1000000-19999999 + idmap config * : rangesize = 1000000 + + # Prevent overriding the provisioned lib/krb5.conf which sets certain + # values required for tests to succeed + create krb5 conf = no +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "ADMEMAUTORID", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; +} + +sub setup_ad_member_idmap_rid +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rid config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + idmap config $dcvars->{DOMAIN} : backend = rid + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + # Prevent overriding the provisioned lib/krb5.conf which sets certain + # values required for tests to succeed + create krb5 conf = no + map to guest = bad user + winbind expand groups = 10 + server signing = required +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "IDMAPRIDMEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; +} + +sub setup_ad_member_idmap_ad +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_ad config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + password server = $dcvars->{SERVER} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + idmap config $dcvars->{DOMAIN} : backend = ad + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : unix_primary_group = yes + idmap config $dcvars->{DOMAIN} : unix_nss_info = yes + idmap config $dcvars->{DOMAIN} : deny ous = \"ou=sub,DC=samba2008r2,DC=example,DC=com\" + idmap config $dcvars->{TRUST_DOMAIN} : backend = ad + idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 + gensec_gssapi:requested_life_time = 5 + winbind scan trusted domains = yes +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "IDMAPADMEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; + $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD}; + $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN}; + $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM}; + $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID}; + + return $ret; +} + +sub setup_ad_member_oneway +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH one-way trust..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + password server = $dcvars->{SERVER} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + gensec_gssapi:requested_life_time = 5 +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + server => "S2KMEMBER", + password => "loCalS2KMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; + $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD}; + $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN}; + $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM}; + $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID}; + + return $ret; +} + +sub setup_ad_member_fips +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD FIPS MEMBER..."; + + return $self->provision_ad_member($prefix, + "FIPSADMEMBER", + $dcvars, + $trustvars_f, + $trustvars_e, + undef, + 1); +} + +sub setup_ad_member_offlogon +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER OFFLINE LOGON..."; + + return $self->provision_ad_member($prefix, + "OFFLINEADMEM", + $dcvars, + $trustvars_f, + $trustvars_e, + undef, + undef, + 1); +} + +sub setup_ad_member_idmap_nss +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER WITHOUT NSS WINBIND WITH idmap_nss config..."; + + my $extra_member_options = " + # bob:x:65521:65531:localbob gecos:/:/bin/false + # jane:x:65520:65531:localjane gecos:/:/bin/false + # jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false + # jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false + idmap config $dcvars->{DOMAIN} : backend = nss + idmap config $dcvars->{DOMAIN} : range = 65518-65521 + + # Support SMB1 so that we can use posix_whoami(). + client min protocol = CORE + server min protocol = LANMAN1 + + username map = $prefix/lib/username.map +"; + + my $ret = $self->provision_ad_member($prefix, + "ADMEMIDMAPNSS", + $dcvars, + $trustvars_f, + $trustvars_e, + $extra_member_options, + undef, + undef, + 1); + + open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); + print USERMAP " +!jacknomapper = \@jackthemappergroup +!root = jacknomappergroup +root = $dcvars->{DOMAIN}/root +bob = $dcvars->{DOMAIN}/bob +"; + close(USERMAP); + + return $ret; +} + +sub setup_simpleserver +{ + my ($self, $path) = @_; + + print "PROVISIONING simple server..."; + + my $prefix_abs = abs_path($path); + mkdir($prefix_abs, 0777); + + my $external_streams_depot="$prefix_abs/external_streams_depot"; + remove_tree($external_streams_depot); + mkdir($external_streams_depot, 0777); + + my $simpleserver_options = " + lanman auth = yes + ntlm auth = yes + vfs objects = xattr_tdb streams_depot + change notify = no + server smb encrypt = off + allow trusted domains = no + +[vfs_aio_pthread] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + aio_pthread:aio open = yes + smbd async dosmode = no + +[vfs_aio_pthread_async_dosmode_default1] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_pthread_async_dosmode_default2] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread xattr_tdb + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[async_dosmode_shadow_copy2] + path = $prefix_abs/share + read only = no + vfs objects = shadow_copy2 xattr_tdb + smbd async dosmode = yes + +[vfs_aio_fork] + path = $prefix_abs/share + vfs objects = aio_fork + read only = no + vfs_aio_fork:erratic_testing_mode=yes + +[dosmode] + path = $prefix_abs/share + vfs objects = + store dos attributes = yes + hide files = /hidefile/ + hide dot files = yes + +[hidenewfiles] + path = $prefix_abs/share + hide new files timeout = 5 + +[external_streams_depot] + path = $prefix_abs/share + read only = no + streams_depot:directory = $external_streams_depot +"; + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => "LOCALSHARE4", + password => "local4pass", + extra_options => $simpleserver_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + smbd => "yes")) { + return undef; + } + + return $vars; +} + +sub create_file_chmod($$) +{ + my ($name, $mode) = @_; + my $fh; + + unless (open($fh, '>', $name)) { + warn("Unable to open $name"); + return undef; + } + chmod($mode, $fh); +} + +sub setup_fileserver +{ + my ($self, $path, $more_conf, $server) = @_; + my $prefix_abs = abs_path($path); + my $srcdir_abs = abs_path($self->{srcdir}); + + print "PROVISIONING file server ...\n"; + + my @dirs = (); + + mkdir($prefix_abs, 0777); + + my $usershare_dir="$prefix_abs/lib/usershare"; + + mkdir("$prefix_abs/lib", 0755); + remove_tree($usershare_dir); + mkdir($usershare_dir, 01770); + + my $share_dir="$prefix_abs/share"; + + # Create share directory structure + my $lower_case_share_dir="$share_dir/lower-case"; + push(@dirs, $lower_case_share_dir); + + my $lower_case_share_dir_30000="$share_dir/lower-case-30000"; + push(@dirs, $lower_case_share_dir_30000); + + my $dfree_share_dir="$share_dir/dfree"; + push(@dirs, $dfree_share_dir); + push(@dirs, "$dfree_share_dir/subdir1"); + push(@dirs, "$dfree_share_dir/subdir2"); + push(@dirs, "$dfree_share_dir/subdir3"); + + my $quotadir_dir="$share_dir/quota"; + push(@dirs, $quotadir_dir); + + my $valid_users_sharedir="$share_dir/valid_users"; + push(@dirs,$valid_users_sharedir); + + my $offline_sharedir="$share_dir/offline"; + push(@dirs,$offline_sharedir); + + my $force_user_valid_users_dir = "$share_dir/force_user_valid_users"; + push(@dirs, $force_user_valid_users_dir); + + my $tarmode_sharedir="$share_dir/tarmode"; + push(@dirs,$tarmode_sharedir); + + my $tarmode2_sharedir="$share_dir/tarmode2"; + push(@dirs,$tarmode2_sharedir); + + my $smbcacls_sharedir="$share_dir/smbcacls"; + push(@dirs,$smbcacls_sharedir); + + my $usershare_sharedir="$share_dir/usershares"; + push(@dirs,$usershare_sharedir); + + my $dropbox_sharedir="$share_dir/dropbox"; + push(@dirs,$dropbox_sharedir); + + my $bad_iconv_sharedir="$share_dir/bad_iconv"; + push(@dirs, $bad_iconv_sharedir); + + my $veto_sharedir="$share_dir/veto"; + push(@dirs,$veto_sharedir); + + my $virusfilter_sharedir="$share_dir/virusfilter"; + push(@dirs,$virusfilter_sharedir); + + my $delete_unwrite_sharedir="$share_dir/delete_unwrite"; + push(@dirs,$delete_unwrite_sharedir); + push(@dirs, "$delete_unwrite_sharedir/delete_veto_yes"); + push(@dirs, "$delete_unwrite_sharedir/delete_veto_no"); + + my $volume_serial_number_sharedir="$share_dir/volume_serial_number"; + push(@dirs, $volume_serial_number_sharedir); + + my $ip4 = Samba::get_ipv4_addr("FILESERVER"); + my $fileserver_options = " + smb3 unix extensions = yes + kernel change notify = yes + spotlight backend = elasticsearch + elasticsearch:address = $ip4 + elasticsearch:port = 8080 + elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json + + usershare path = $usershare_dir + usershare max shares = 10 + usershare allow guests = yes + usershare prefix allow list = $usershare_sharedir + + get quota command = $prefix_abs/getset_quota.py + set quota command = $prefix_abs/getset_quota.py +[tarmode] + path = $tarmode_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode-xattr.tdb +[tarmode2] + path = $tarmode2_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode2-xattr.tdb +[spotlight] + path = $share_dir + spotlight = yes + read only = no +[no_spotlight] + path = $share_dir + spotlight = no + read only = no +[lowercase] + path = $lower_case_share_dir + comment = smb username is [%U] + case sensitive = True + default case = lower + preserve case = no + short preserve case = no +[lowercase-30000] + path = $lower_case_share_dir_30000 + comment = smb username is [%U] + case sensitive = True + default case = lower + preserve case = no + short preserve case = no +[dfree] + path = $dfree_share_dir + comment = smb username is [%U] + dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh +[valid-users-access] + path = $valid_users_sharedir + valid users = +userdup +[offline] + path = $offline_sharedir + vfs objects = offline + +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878 +# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651 +[force_user_valid_users] + path = $force_user_valid_users_dir + comment = force user with valid users combination test share + valid users = +force_user + force user = force_user + force group = everyone + write list = force_user + +[ign_sysacls] + path = $share_dir + comment = ignore system acls + acl_xattr:ignore system acls = yes +[inherit_owner] + path = $share_dir + comment = inherit owner + inherit owner = yes +[inherit_owner_u] + path = $share_dir + comment = inherit only unix owner + inherit owner = unix only + acl_xattr:ignore system acls = yes +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 +[force_group_test] + path = $share_dir + comment = force group test +# force group = everyone + +[create_mode_664] + path = $share_dir + comment = smb username is [%U] + create mask = 0644 + force create mode = 0664 + vfs objects = dirsort + +[dropbox] + path = $dropbox_sharedir + comment = smb username is [%U] + writeable = yes + vfs objects = + +[bad_iconv] + path = $bad_iconv_sharedir + comment = smb username is [%U] + vfs objects = + +[veto_files_nodelete] + path = $veto_sharedir + read only = no + msdfs root = yes + veto files = /veto_name*/ + delete veto files = no + +[veto_files_delete] + path = $veto_sharedir + msdfs root = yes + veto files = /veto_name*/ + delete veto files = yes + +[delete_veto_files_only] + path = $veto_sharedir + delete veto files = yes + +[veto_files_nohidden] + path = $veto_sharedir + veto files = /.*/ + +[veto_files] + path = $veto_sharedir + veto files = /veto_name*/ + +[delete_yes_unwrite] + read only = no + path = $delete_unwrite_sharedir + hide unwriteable files = yes + delete veto files = yes + +[delete_no_unwrite] + read only = no + path = $delete_unwrite_sharedir + hide unwriteable files = yes + delete veto files = no + +[virusfilter] + path = $virusfilter_sharedir + vfs objects = acl_xattr virusfilter + virusfilter:scanner = dummy + virusfilter:min file size = 0 + virusfilter:infected files = *infected* + virusfilter:infected file action = rename + virusfilter:scan on close = yes + vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no + +[volumeserialnumber] + path = $volume_serial_number_sharedir + volume serial number = 0xdeadbeef + +[ea_acl_xattr] + path = $share_dir + vfs objects = acl_xattr + acl_xattr:security_acl_name = user.hackme + read only = no + +[io_uring] + path = $share_dir + vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit io_uring + read only = no + +[homes] + comment = Home directories + browseable = No + read only = No +"; + + if (defined($more_conf)) { + $fileserver_options = $fileserver_options . $more_conf; + } + if (!defined($server)) { + $server = "FILESERVER"; + } + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => $server, + password => "fileserver", + extra_options => $fileserver_options, + no_delete_prefix => 1); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + smbd => "yes")) { + return undef; + } + + + mkdir($_, 0777) foreach(@dirs); + + ## Create case sensitive lower case share dir + foreach my $file ('a'..'z') { + my $full_path = $lower_case_share_dir . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + for (my $file = 1; $file < 51; ++$file) { + my $full_path = $lower_case_share_dir . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + # Create content for 30000 share + foreach my $file ('a'..'z') { + my $full_path = $lower_case_share_dir_30000 . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + for (my $file = 1; $file < 30001; ++$file) { + my $full_path = $lower_case_share_dir_30000 . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + ## + ## create a listable file in valid_users_share + ## + create_file_chmod("$valid_users_sharedir/foo", 0644) or return undef; + + ## + ## create a valid utf8 filename which is invalid as a CP850 conversion + ## + create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef; + + ## + ## create unwritable files inside inside the delete unwrite veto share dirs. + ## + unlink("$delete_unwrite_sharedir/delete_veto_yes/file_444"); + create_file_chmod("$delete_unwrite_sharedir/delete_veto_yes/file_444", 0444) or return undef; + unlink("$delete_unwrite_sharedir/delete_veto_no/file_444"); + create_file_chmod("$delete_unwrite_sharedir/delete_veto_no/file_444", 0444) or return undef; + + return $vars; +} + +sub setup_fileserver_smb1 +{ + my ($self, $path) = @_; + my $prefix_abs = abs_path($path); + my $conf = " +[global] + client min protocol = CORE + server min protocol = LANMAN1 + check parent directory delete on close = yes + +[hidenewfiles] + path = $prefix_abs/share + hide new files timeout = 5 +[vfs_aio_pthread] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + aio_pthread:aio open = yes + smbd async dosmode = no + +[vfs_aio_pthread_async_dosmode_default1] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_pthread_async_dosmode_default2] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread xattr_tdb + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_fork] + path = $prefix_abs/share + vfs objects = aio_fork + read only = no + vfs_aio_fork:erratic_testing_mode=yes +"; + return $self->setup_fileserver($path, $conf, "FILESERVERSMB1"); +} + +sub setup_fileserver_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env); +} + +sub setup_ktest +{ + my ($self, $prefix) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING server with security=ads..."; + + my $ktest_options = " + workgroup = KTEST + realm = ktest.samba.example.com + security = ads + server signing = required + server min protocol = SMB3_00 + client max protocol = SMB3 + + # This disables NTLM auth against the local SAM, which + # we use can then test this setting by. + ntlm auth = disabled + + idmap config * : backend = autorid + idmap config * : range = 1000000-1999999 + idmap config * : rangesize = 100000 +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => "KTEST", + server => "LOCALKTEST6", + password => "localktest6pass", + extra_options => $ktest_options); + + $ret or return undef; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = "KTEST"; + $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM"; + $ctx->{dnsname} = lc($ctx->{realm}); + $ctx->{kdc_ipv4} = "0.0.0.0"; + $ctx->{kdc_ipv6} = "::"; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + +#This is the secrets.tdb created by 'net ads join' from Samba3 to a +#Samba4 DC with the same parameters as are being used here. The +#domain SID is S-1-5-21-1071277805-689288055-3486227160 + $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297"; + $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160"; + + system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); + chmod 0600, "$prefix/private/secrets.tdb"; + +#Make sure there's no old ntdb file. + system("rm -f $prefix/private/secrets.ntdb"); + +#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: +# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232" +# +#and having in krb5.conf: +# ticket_lifetime = 799718400 +# renew_lifetime = 799718400 +# +# The commands for the -2 keytab where were: +# kinit administrator@KTEST.SAMBA.EXAMPLE.COM +# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# +# and then for the -3 keytab, I did +# +# net changetrustpw; kdestroy and the same again. +# +# This creates a credential cache with a very long lifetime (2036 at +# at 2011-04), and shows that running 'net changetrustpw' does not +# break existing logins (for the secrets.tdb method at least). +# + + $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); + chmod 0600, "$prefix/krb5_ccache-2"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); + chmod 0600, "$prefix/krb5_ccache-3"; + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by ktest can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "offline", + smbd => "yes")) { + return undef; + } + return $ret; +} + +sub setup_maptoguest +{ + my ($self, $path) = @_; + my $prefix_abs = abs_path($path); + my $libdir="$prefix_abs/lib"; + my $share_dir="$prefix_abs/share"; + my $errorinjectconf="$libdir/error_inject.conf"; + + print "PROVISIONING maptoguest..."; + + my $options = " +domain logons = yes +map to guest = bad user +ntlm auth = yes +server min protocol = LANMAN1 + +[force_user_error_inject] + path = $share_dir + vfs objects = acl_xattr fake_acls xattr_tdb error_inject + force user = user1 + include = $errorinjectconf +"; + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => "maptoguest", + password => "maptoguestpass", + extra_options => $options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + return $vars; +} + +sub stop_sig_term($$) { + my ($self, $pid) = @_; + kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); +} + +sub stop_sig_kill($$) { + my ($self, $pid) = @_; + kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); +} + +sub write_pid($$$) +{ + my ($env_vars, $app, $pid) = @_; + + open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid"); + print PID $pid; + close(PID); +} + +sub read_pid($$) +{ + my ($env_vars, $app) = @_; + + open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid"); + my $pid = <PID>; + close(PID); + return $pid; +} + +# builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc) +sub make_bin_cmd +{ + my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_; + + my @optargs = (); + if (defined($options)) { + @optargs = split(/ /, $options); + } + my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); + + if (defined($valgrind)) { + @preargs = split(/ /, $valgrind); + } + my @args = ("-F", "--no-process-group", + "--configfile=$env_vars->{SERVERCONFFILE}", + "-l", $env_vars->{LOGDIR}); + + if (not defined($dont_log_stdout)) { + push(@args, "--debug-stdout"); + } + return (@preargs, $binary, @args, @optargs); +} + +sub check_or_start($$) { + my ($self, %args) = @_; + my $env_vars = $args{env_vars}; + my $nmbd = $args{nmbd} // "no"; + my $winbindd = $args{winbindd} // "no"; + my $smbd = $args{smbd} // "no"; + my $samba_dcerpcd = $args{samba_dcerpcd} // "no"; + my $child_cleanup = $args{child_cleanup}; + + my $STDIN_READER; + + # use a pipe for stdin in the child processes. This allows + # those processes to monitor the pipe for EOF to ensure they + # exit when the test script exits + pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); + + my $binary = Samba::bindir_path($self, "samba-dcerpcd"); + my @full_cmd = $self->make_bin_cmd( + $binary, + $env_vars, + $ENV{SAMBA_DCERPCD_OPTIONS}, + $ENV{SAMBA_DCERPCD_VALGRIND}, + $ENV{SAMBA_DCERPCD_DONT_LOG_STDOUT}); + push(@full_cmd, '--libexec-rpcds'); + + my $samba_dcerpcd_envs = Samba::get_env_for_process( + "samba_dcerpcd", $env_vars); + + # fork and exec() samba_dcerpcd in the child process + my $daemon_ctx = { + NAME => "samba_dcerpcd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{SAMBA_DCERPCD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-samba_dcerpcd", + ENV_VARS => $samba_dcerpcd_envs, + }; + if ($samba_dcerpcd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + my $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{SAMBA_DCERPCD_TL_PID} = $pid; + write_pid($env_vars, "samba_dcerpcd", $pid); + + $binary = Samba::bindir_path($self, "nmbd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND}, + $ENV{NMBD_DONT_LOG_STDOUT}); + my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars); + delete $nmbd_envs->{RESOLV_WRAPPER_CONF}; + delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS}; + + # fork and exec() nmbd in the child process + $daemon_ctx = { + NAME => "nmbd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{NMBD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-nmbd", + ENV_VARS => $nmbd_envs, + }; + if ($nmbd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{NMBD_TL_PID} = $pid; + write_pid($env_vars, "nmbd", $pid); + + $binary = Samba::bindir_path($self, "winbindd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{WINBINDD_OPTIONS}, + $ENV{WINBINDD_VALGRIND}, + $ENV{WINBINDD_DONT_LOG_STDOUT}); + + # fork and exec() winbindd in the child process + $daemon_ctx = { + NAME => "winbindd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{WINBINDD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-winbindd", + }; + if ($winbindd ne "yes" and $winbindd ne "offline") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{WINBINDD_TL_PID} = $pid; + write_pid($env_vars, "winbindd", $pid); + + $binary = Samba::bindir_path($self, "smbd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND}, + $ENV{SMBD_DONT_LOG_STDOUT}); + + # fork and exec() smbd in the child process + $daemon_ctx = { + NAME => "smbd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{SMBD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-smbd", + }; + if ($smbd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{SMBD_TL_PID} = $pid; + write_pid($env_vars, "smbd", $pid); + + # close the parent's read-end of the pipe + close($STDIN_READER); + + return $self->wait_for_start($env_vars, + $nmbd, + $winbindd, + $smbd, + $samba_dcerpcd); +} + +sub createuser($$$$$) +{ + my ($self, $username, $password, $conffile, $env) = @_; + my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null"; + + keys %$env; + while(my($var, $val) = each %$env) { + $cmd = "$var=\"$val\" $cmd"; + } + + unless (open(PWD, "|$cmd")) { + warn("Unable to set password for $username account\n$cmd"); + return undef; + } + print PWD "$password\n$password\n"; + unless (close(PWD)) { + warn("Unable to set password for $username account\n$cmd"); + return undef; + } +} + +sub provision($$) +{ + my ($self, %args) = @_; + + my $prefix = $args{prefix}; + my $domain = $args{domain}; + my $realm = $args{realm}; + my $server = $args{server}; + my $password = $args{password}; + my $extra_options = $args{extra_options}; + my $resolv_conf = $args{resolv_conf}; + my $no_delete_prefix= $args{no_delete_prefix}; + my $netbios_name = $args{netbios_name} // $server; + my $server_log_level = $ENV{SERVER_LOG_LEVEL} || 1; + + ## + ## setup the various environment variables we need + ## + + my $samsid = Samba::random_domain_sid(); + my $swiface = Samba::get_interface($server); + my %ret = (); + my %createuser_env = (); + my $server_ip = Samba::get_ipv4_addr($server); + my $server_ipv6 = Samba::get_ipv6_addr($server); + my $dns_domain; + if (defined($realm)) { + $dns_domain = lc($realm); + } else { + $dns_domain = "samba.example.com"; + } + + my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`); + chomp $unix_name; + my $unix_uid = $>; + my $unix_gids_str = $); + my @unix_gids = split(" ", $unix_gids_str); + + my $prefix_abs = abs_path($prefix); + my $bindir_abs = abs_path($self->{bindir}); + + my @dirs = (); + + my $shrdir=$args{share_dir} // "$prefix_abs/share"; + push(@dirs,$shrdir); + + my $libdir="$prefix_abs/lib"; + push(@dirs,$libdir); + + my $piddir="$prefix_abs/pid"; + push(@dirs,$piddir); + + my $privatedir="$prefix_abs/private"; + push(@dirs,$privatedir); + + my $cachedir = "$prefix_abs/cachedir"; + push(@dirs, $cachedir); + + my $binddnsdir = "$prefix_abs/bind-dns"; + push(@dirs, $binddnsdir); + + my $lockdir="$prefix_abs/lockdir"; + push(@dirs,$lockdir); + + my $eventlogdir="$prefix_abs/lockdir/eventlog"; + push(@dirs,$eventlogdir); + + my $logdir="$prefix_abs/logs"; + push(@dirs,$logdir); + + my $driver32dir="$shrdir/W32X86"; + push(@dirs,$driver32dir); + + my $driver64dir="$shrdir/x64"; + push(@dirs,$driver64dir); + + my $driver40dir="$shrdir/WIN40"; + push(@dirs,$driver40dir); + + my $ro_shrdir="$shrdir/root-tmp"; + push(@dirs,$ro_shrdir); + + my $noperm_shrdir="$shrdir/noperm-tmp"; + push(@dirs,$noperm_shrdir); + + my $msdfs_shrdir="$shrdir/msdfsshare"; + push(@dirs,$msdfs_shrdir); + + my $msdfs_shrdir2="$shrdir/msdfsshare2"; + push(@dirs,$msdfs_shrdir2); + + my $msdfs_pathname_share="$shrdir/msdfs_pathname_share"; + push(@dirs,$msdfs_pathname_share); + + my $non_msdfs_pathname_share="$shrdir/non_msdfs_pathname_share"; + push(@dirs,$non_msdfs_pathname_share); + + my $msdfs_deeppath="$msdfs_shrdir/deeppath"; + push(@dirs,$msdfs_deeppath); + + my $smbcacls_sharedir_dfs="$shrdir/smbcacls_sharedir_dfs"; + push(@dirs,$smbcacls_sharedir_dfs); + + my $smbcacls_share="$shrdir/smbcacls_share"; + push(@dirs,$smbcacls_share); + + my $smbcacls_share_testdir="$shrdir/smbcacls_share/smbcacls"; + push(@dirs,$smbcacls_share_testdir); + + my $badnames_shrdir="$shrdir/badnames"; + push(@dirs,$badnames_shrdir); + + my $lease1_shrdir="$shrdir/dynamic"; + push(@dirs,$lease1_shrdir); + + my $manglenames_shrdir="$shrdir/manglenames"; + push(@dirs,$manglenames_shrdir); + + my $widelinks_shrdir="$shrdir/widelinks"; + push(@dirs,$widelinks_shrdir); + + my $widelinks_linkdir="$shrdir/widelinks_foo"; + push(@dirs,$widelinks_linkdir); + + my $fsrvp_shrdir="$shrdir/fsrvp"; + push(@dirs,$fsrvp_shrdir); + + my $shadow_tstdir="$shrdir/shadow"; + push(@dirs,$shadow_tstdir); + my $shadow_mntdir="$shadow_tstdir/mount"; + push(@dirs,$shadow_mntdir); + my $shadow_basedir="$shadow_mntdir/base"; + push(@dirs,$shadow_basedir); + my $shadow_shrdir="$shadow_basedir/share"; + push(@dirs,$shadow_shrdir); + + my $nosymlinks_shrdir="$shrdir/nosymlinks"; + push(@dirs,$nosymlinks_shrdir); + + my $local_symlinks_shrdir="$shrdir/local_symlinks"; + push(@dirs,$local_symlinks_shrdir); + + my $worm_shrdir="$shrdir/worm"; + push(@dirs,$worm_shrdir); + + my $fruit_resource_stream_shrdir="$shrdir/fruit_resource_stream"; + push(@dirs,$fruit_resource_stream_shrdir); + + my $smbget_sharedir="$shrdir/smbget"; + push(@dirs, $smbget_sharedir); + + my $recycle_shrdir="$shrdir/recycle"; + push(@dirs,$recycle_shrdir); + + my $fakedircreatetimes_shrdir="$shrdir/fakedircreatetimes"; + push(@dirs,$fakedircreatetimes_shrdir); + + # this gets autocreated by winbindd + my $wbsockdir="$prefix_abs/wbsock"; + + my $nmbdsockdir="$prefix_abs/nmbd"; + unlink($nmbdsockdir); + + ## + ## create the test directory layout + ## + die ("prefix_abs = ''") if $prefix_abs eq ""; + die ("prefix_abs = '/'") if $prefix_abs eq "/"; + + mkdir($prefix_abs, 0777); + print "CREATE TEST ENVIRONMENT IN '$prefix'..."; + if (not defined($no_delete_prefix) or not $no_delete_prefix) { + system("rm -rf $prefix_abs/*"); + } + mkdir($_, 0777) foreach(@dirs); + + my $fs_specific_conf = $self->get_fs_specific_conf($shrdir); + + ## + ## lockdir and piddir must be 0755 + ## + chmod 0755, $lockdir; + chmod 0755, $piddir; + + + ## + ## Create a directory without permissions to enter + ## + chmod 0000, $noperm_shrdir; + + ## + ## create ro and msdfs share layout + ## + + chmod 0755, $ro_shrdir; + + create_file_chmod("$ro_shrdir/readable_file", 0644) or return undef; + create_file_chmod("$ro_shrdir/unreadable_file", 0600) or return undef; + + create_file_chmod("$ro_shrdir/msdfs-target", 0600) or return undef; + symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp", + "$msdfs_shrdir/msdfs-src1"; + symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; + symlink "msdfs:$server_ip\\smbcacls_sharedir_dfs,$server_ipv6\\smbcacls_sharedir_dfs", + "$msdfs_shrdir/smbcacls_sharedir_dfs"; + + symlink "msdfs:$server_ip\\msdfs-share2,$server_ipv6\\msdfs-share2", "$msdfs_shrdir/dfshop1"; + symlink "msdfs:$server_ip\\tmp,$server_ipv6\\tmp", "$msdfs_shrdir2/dfshop2"; + ## + ## create bad names in $badnames_shrdir + ## + ## (An invalid name, would be mangled to 8.3). + create_file_chmod("$badnames_shrdir/\340|\231\216\377\177", + 0600) or return undef; + + ## (A bad name, would not be mangled to 8.3). + create_file_chmod("$badnames_shrdir/\240\276\346\327\377\177", + 0666) or return undef; + + ## (A bad good name). + create_file_chmod("$badnames_shrdir/blank.txt", + 0666) or return undef; + + ## + ## create mangleable directory names in $manglenames_shrdir + ## + my $manglename_target = "$manglenames_shrdir/foo:bar"; + mkdir($manglename_target, 0777); + + ## + ## create symlinks for widelinks tests. + ## + my $widelinks_target = "$widelinks_linkdir/target"; + create_file_chmod("$widelinks_target", 0666) or return undef; + + ## + ## This link should get an error + ## + symlink "$widelinks_target", "$widelinks_shrdir/source"; + ## + ## This link should be allowed + ## + symlink "$widelinks_shrdir", "$widelinks_shrdir/dot"; + + my $conffile="$libdir/server.conf"; + my $dfqconffile="$libdir/dfq.conf"; + my $errorinjectconf="$libdir/error_inject.conf"; + my $delayinjectconf="$libdir/delay_inject.conf"; + my $globalinjectconf="$libdir/global_inject.conf"; + my $aliceconfdir="$libdir"; + my $aliceconffile="$libdir/alice.conf"; + + my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl"; + my $nss_wrapper_passwd = "$privatedir/passwd"; + my $nss_wrapper_group = "$privatedir/group"; + my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts"; + my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file"; + + my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl"; + + my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl"; + + my @eventlog_list = ("dns server", "application"); + + ## + ## calculate uids and gids + ## + + my ($max_uid, $max_gid); + my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup); + my ($uid_pdbtest_wkn); + my ($uid_smbget); + my ($uid_force_user); + my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins); + my ($gid_userdup, $gid_everyone); + my ($gid_force_user); + my ($gid_jackthemapper); + my ($gid_jacknomapper); + my ($uid_user1); + my ($uid_user2); + my ($uid_gooduser); + my ($uid_eviluser); + my ($uid_slashuser); + my ($uid_localbob); + my ($uid_localjane); + my ($uid_localjackthemapper); + my ($uid_localjacknomapper); + + if ($unix_uid < 0xffff - 13) { + $max_uid = 0xffff; + } else { + $max_uid = $unix_uid; + } + + $uid_root = $max_uid - 1; + $uid_nobody = $max_uid - 2; + $uid_pdbtest = $max_uid - 3; + $uid_pdbtest2 = $max_uid - 4; + $uid_userdup = $max_uid - 5; + $uid_pdbtest_wkn = $max_uid - 6; + $uid_force_user = $max_uid - 7; + $uid_smbget = $max_uid - 8; + $uid_user1 = $max_uid - 9; + $uid_user2 = $max_uid - 10; + $uid_gooduser = $max_uid - 11; + $uid_eviluser = $max_uid - 12; + $uid_slashuser = $max_uid - 13; + $uid_localbob = $max_uid - 14; + $uid_localjane = $max_uid - 15; + $uid_localjackthemapper = $max_uid - 16; + $uid_localjacknomapper = $max_uid - 17; + + if ($unix_gids[0] < 0xffff - 8) { + $max_gid = 0xffff; + } else { + $max_gid = $unix_gids[0]; + } + + $gid_nobody = $max_gid - 1; + $gid_nogroup = $max_gid - 2; + $gid_root = $max_gid - 3; + $gid_domusers = $max_gid - 4; + $gid_domadmins = $max_gid - 5; + $gid_userdup = $max_gid - 6; + $gid_everyone = $max_gid - 7; + $gid_force_user = $max_gid - 8; + $gid_jackthemapper = $max_gid - 9; + $gid_jacknomapper = $max_gid - 10; + + ## + ## create conffile + ## + + unless (open(CONF, ">$conffile")) { + warn("Unable to open $conffile"); + return undef; + } + + my $interfaces = Samba::get_interfaces_config($server); + + print CONF " +[global] + dcesrv:fuzz directory = $cachedir/fuzz + netbios name = $netbios_name + interfaces = $interfaces + bind interfaces only = yes + panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + smbd:suicide mode = yes + smbd:FSCTL_SMBTORTURE = yes + smbd:validate_oplock_types = yes + + client min protocol = SMB2_02 + server min protocol = SMB2_02 + + server multi channel support = yes + + workgroup = $domain + + private dir = $privatedir + binddns dir = $binddnsdir + pid directory = $piddir + lock directory = $lockdir + log file = $logdir/log.\%m + log level = $server_log_level + winbind debug traceid = yes + debug pid = yes + max log size = 0 + + debug syslog format = always + debug hires timestamp = yes + + state directory = $lockdir + cache directory = $lockdir + + passdb backend = tdbsam + + time server = yes + + add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup + add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g + add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup + add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group + delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u + delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g + delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group + + addprinter command = $mod_printer_pl -a -s $conffile -- + deleteprinter command = $mod_printer_pl -d -s $conffile -- + + eventlog list = application \"dns server\" + + kernel oplocks = no + kernel change notify = no + + logging = file + printing = bsd + printcap name = /dev/null + + winbindd socket directory = $wbsockdir + nmbd:socket dir = $nmbdsockdir + idmap config * : range = 100000-200000 + winbind enum users = yes + winbind enum groups = yes + winbind separator = / + include system krb5 conf = no + +# min receivefile size = 4000 + + read only = no + + smbd:sharedelay = 100000 + smbd:writetimeupdatedelay = 500000 + map hidden = no + map system = no + map readonly = no + store dos attributes = yes + create mask = 755 + dos filemode = yes + strict rename = yes + strict sync = yes + mangled names = yes + vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit + + full_audit:syslog = no + full_audit:success = none + full_audit:failure = none + + printing = vlp + print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s + lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p + lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j + lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j + lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j + queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p + queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p + lpq cache time = 0 + print notify backchannel = yes + + ncalrpc dir = $prefix_abs/ncalrpc + + # The samba3.blackbox.smbclient_s3 test uses this to test that + # sending messages works, and that the %m sub works. + message command = mv %s $shrdir/message.%m + + # fsrvp server requires registry shares + registry shares = yes + + # Used by RPC SRVSVC tests + add share command = $bindir_abs/smbaddshare + change share command = $bindir_abs/smbchangeshare + delete share command = $bindir_abs/smbdeleteshare + + # fruit:copyfile is a global option + fruit:copyfile = yes + + #this does not mean that we use non-secure test env, + #it just means we ALLOW one to be configured. + allow insecure wide links = yes + + include = $globalinjectconf + + # Begin extra options + $extra_options + # End extra options + + #Include user defined custom parameters if set +"; + + if (defined($ENV{INCLUDE_CUSTOM_CONF})) { + print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n"; + } + + print CONF " +[smbcacls_share] + path = $smbcacls_share + comment = smb username is [%U] + msdfs root = yes + +[smbcacls_sharedir_dfs] + path = $smbcacls_sharedir_dfs + comment = smb username is [%U] +[tmp] + path = $shrdir + comment = smb username is [%U] +[tmpsort] + path = $shrdir + comment = Load dirsort module + vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot +[tmpenc] + path = $shrdir + comment = encrypt smb username is [%U] + server smb encrypt = required + vfs objects = dirsort +[tmpguest] + path = $shrdir + guest ok = yes +[guestonly] + path = $shrdir + guest only = yes + guest ok = yes +[forceuser] + path = $shrdir + force user = $unix_name + guest ok = yes +[forceuser_unixonly] + comment = force a user with unix user SID and group SID + path = $shrdir + force user = pdbtest + guest ok = yes +[forceuser_wkngroup] + comment = force a user with well-known group SID + path = $shrdir + force user = pdbtest_wkn + guest ok = yes +[forcegroup] + path = $shrdir + force group = nogroup + guest ok = yes +[ro-tmp] + path = $ro_shrdir + guest ok = yes +[noperm] + path = $noperm_shrdir + wide links = yes + guest ok = yes +[write-list-tmp] + path = $shrdir + read only = yes + write list = $unix_name +[valid-users-tmp] + path = $shrdir + valid users = $unix_name + access based share enum = yes +[msdfs-share] + path = $msdfs_shrdir + msdfs root = yes + msdfs shuffle referrals = yes + guest ok = yes +[msdfs-share-wl] + path = $msdfs_shrdir + msdfs root = yes + wide links = yes + guest ok = yes +[msdfs-share2] + path = $msdfs_shrdir2 + msdfs root = yes + guest ok = yes +[msdfs-pathname-share] + path = $msdfs_pathname_share + msdfs root = yes + guest ok = yes +[non-msdfs-pathname-share] + path = $non_msdfs_pathname_share + msdfs root = no + guest ok = yes +[hideunread] + copy = tmp + hide unreadable = yes +[tmpcase] + copy = tmp + case sensitive = yes +[hideunwrite] + copy = tmp + hide unwriteable files = yes +[durable] + copy = tmp + kernel share modes = no + kernel oplocks = no + posix locking = no +[fs_specific] + copy = tmp + $fs_specific_conf +[print1] + copy = tmp + printable = yes + +[print2] + copy = print1 +[print3] + copy = print1 + default devmode = no + +[print_var_exp] + copy = print1 + print command = $self->{srcdir}/source3/script/tests/printing/printing_var_exp_lpr_cmd.sh \"Windows user: %U\" \"UNIX user: %u\" \"Domain: %D\" + +[lp] + copy = print1 + +[nfs4acl_simple_40] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = simple + nfs4acl_xattr:version = 40 + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_special_40] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = special + nfs4acl_xattr:version = 40 + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_simple_41] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = simple + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_xdr_40] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = xdr + nfs4acl_xattr:version = 40 + +[nfs4acl_xdr_41] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = xdr + nfs4acl_xattr:version = 41 + +[nfs4acl_nfs_40] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = nfs + nfs4acl_xattr:version = 40 + nfs4acl_xattr:xattr_name = security.nfs4acl_xdr + +[nfs4acl_nfs_41] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = nfs + nfs4acl_xattr:version = 41 + nfs4acl_xattr:xattr_name = security.nfs4acl_xdr + +[xcopy_share] + path = $shrdir + comment = smb username is [%U] + create mask = 777 + force create mode = 777 +[posix_share] + path = $shrdir + comment = smb username is [%U] + create mask = 0777 + force create mode = 0 + directory mask = 0777 + force directory mode = 0 + vfs objects = xattr_tdb streams_depot +[smb3_posix_share] + vfs objects = fake_acls xattr_tdb streams_depot time_audit full_audit + create mask = 07777 + directory mask = 07777 + mangled names = no + path = $shrdir + read only = no + guest ok = yes +[aio] + copy = durable + aio read size = 1 + aio write size = 1 + +[print\$] + copy = tmp + +[vfs_fruit] + path = $shrdir + vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + fruit:veto_appledouble = no + +[vfs_fruit_xattr] + path = $shrdir + # This is used by vfs.fruit tests that require real fs xattr + vfs objects = catia fruit streams_xattr acl_xattr + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + fruit:veto_appledouble = no + +[vfs_fruit_metadata_stream] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:veto_appledouble = no + +[vfs_fruit_stream_depot] + path = $shrdir + vfs objects = fruit streams_depot acl_xattr xattr_tdb + fruit:resource = stream + fruit:metadata = stream + fruit:veto_appledouble = no + +[vfs_wo_fruit] + path = $shrdir + vfs objects = streams_xattr acl_xattr xattr_tdb + +[vfs_wo_fruit_stream_depot] + path = $shrdir + vfs objects = streams_depot acl_xattr xattr_tdb + +[vfs_fruit_timemachine] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:time machine = yes + fruit:time machine max size = 32K + +[vfs_fruit_wipe_intentionally_left_blank_rfork] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:wipe_intentionally_left_blank_rfork = true + fruit:delete_empty_adfiles = false + fruit:veto_appledouble = no + +[vfs_fruit_delete_empty_adfiles] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:wipe_intentionally_left_blank_rfork = true + fruit:delete_empty_adfiles = true + fruit:veto_appledouble = no + +[vfs_fruit_zero_fileid] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:zero_file_id=yes + fruit:validate_afpinfo = no + +[fruit_resource_stream] + path = $fruit_resource_stream_shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = stream + fruit:metadata = stream + +[badname-tmp] + path = $badnames_shrdir + guest ok = yes + +[manglenames_share] + path = $manglenames_shrdir + guest ok = yes + +[dynamic_share] + path = $shrdir/dynamic/%t + guest ok = yes + root preexec = mkdir %P + +[widelinks_share] + path = $widelinks_shrdir + wide links = no + guest ok = yes + +[fsrvp_share] + path = $fsrvp_shrdir + comment = fake snapshots using rsync + vfs objects = shell_snap shadow_copy2 + shell_snap:check path command = $fake_snap_pl --check + shell_snap:create command = $fake_snap_pl --create + shell_snap:delete command = $fake_snap_pl --delete + # a relative path here fails, the snapshot dir is no longer found + shadow:snapdir = $fsrvp_shrdir/.snapshots + +[shadow1] + path = $shadow_shrdir + comment = previous versions snapshots under mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + +[shadow2] + path = $shadow_shrdir + comment = previous versions snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow3] + path = $shadow_shrdir + comment = previous versions with subvolume snapshots, snapshots under base dir + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + +[shadow4] + path = $shadow_shrdir + comment = previous versions with subvolume snapshots, snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow5] + path = $shadow_shrdir + comment = previous versions at volume root snapshots under mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_shrdir + +[shadow6] + path = $shadow_shrdir + comment = previous versions at volume root snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_shrdir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow7] + path = $shadow_shrdir + comment = previous versions snapshots everywhere + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdirseverywhere = yes + +[shadow8] + path = $shadow_shrdir + comment = previous versions using snapsharepath + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdir = $shadow_tstdir/.snapshots + shadow:snapsharepath = share + +[shadow_fmt0] + comment = Testing shadow:format with default option + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt1] + comment = Testing shadow:format with only date component + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y-%m-%d + +[shadow_fmt2] + comment = Testing shadow:format with some hardcoded prefix + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt3] + comment = Testing shadow:format with modified format + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap + +[shadow_fmt4] + comment = Testing shadow:snapprefix regex + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:snapprefix = \^s[a-z]*p\$ + shadow:format = _GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt5] + comment = Testing shadow:snapprefix with delim regex + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:delimiter = \@GMT + shadow:snapprefix = [a-z]* + shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_wl] + path = $shadow_shrdir + comment = previous versions with wide links allowed + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + wide links = yes + +[shadow_write] + path = $shadow_tstdir + comment = previous versions snapshots under mount point + vfs objects = shadow_copy2 streams_xattr + shadow:mountpoint = $shadow_tstdir + shadow:fixinodes = yes + smbd async dosmode = yes + +[shadow_depot] + path = $shadow_shrdir + comment = previous versions with streams_depot + vfs objects = streams_depot shadow_copy2 + +[dfq] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + admin users = $unix_name + include = $dfqconffile +[dfq_cache] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + admin users = $unix_name + include = $dfqconffile + dfree cache time = 60 +[dfq_owner] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + inherit owner = yes + include = $dfqconffile +[quotadir] + path = $shrdir/quota + admin users = $unix_name + +[acl_xattr_ign_sysacl_posix] + copy = tmp + acl_xattr:ignore system acls = yes + acl_xattr:default acl style = posix +[acl_xattr_ign_sysacl_windows] + copy = tmp + acl_xattr:ignore system acls = yes + acl_xattr:default acl style = windows + +[mangle_illegal] + copy = tmp + mangled names = illegal + +[nosymlinks] + copy = tmp + path = $nosymlinks_shrdir + follow symlinks = no +[nosymlinks_smb1allow] + copy=nosymlinks + follow symlinks = yes + +[local_symlinks] + copy = tmp + path = $local_symlinks_shrdir + follow symlinks = yes + +[worm] + copy = tmp + path = $worm_shrdir + vfs objects = worm + worm:grace_period = 1 + comment = vfs_worm with 1s grace_period + +[kernel_oplocks] + copy = tmp + kernel oplocks = yes + vfs objects = streams_xattr xattr_tdb + +[streams_xattr] + copy = tmp + vfs objects = streams_xattr xattr_tdb + +[streams_xattr_nostrict] + copy = tmp + strict rename = no + vfs objects = streams_xattr xattr_tdb + +[acl_streams_xattr] + copy = tmp + vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb + acl_xattr:ignore system acls = yes + acl_xattr:security_acl_name = user.acl + xattr_tdb:ignore_user_xattr = yes + +[compound_find] + copy = tmp + smbd:find async delay usec = 10000 +[error_inject] + copy = tmp + vfs objects = error_inject + include = $errorinjectconf + +[delay_inject] + copy = tmp + vfs objects = delay_inject + kernel share modes = no + kernel oplocks = no + posix locking = no + include = $delayinjectconf + +[aio_delay_inject] + copy = tmp + vfs objects = delay_inject + delay_inject:pread_send = 2000 + delay_inject:pwrite_send = 2000 + +[brl_delay_inject1] + copy = tmp + vfs objects = delay_inject + delay_inject:brl_lock_windows = 90 + delay_inject:brl_lock_windows_use_timer = yes + +[brl_delay_inject2] + copy = tmp + vfs objects = delay_inject + delay_inject:brl_lock_windows = 90 + delay_inject:brl_lock_windows_use_timer = no + +[delete_readonly] + path = $prefix_abs/share + delete readonly = yes + +[enc_desired] + path = $prefix_abs/share + vfs objects = + server smb encrypt = desired + +[enc_off] + path = $prefix_abs/share + vfs objects = + server smb encrypt = off + +[notify_priv] + copy = tmp + honor change notify privilege = yes + +[acls_non_canonical] + copy = tmp + acl flag inherited canonicalization = no + +[full_audit_success_bad_name] + copy = tmp + full_audit:success = badname + +[full_audit_fail_bad_name] + copy = tmp + full_audit:failure = badname + +[only_ipv6] + copy = tmpguest + server addresses = $server_ipv6 + +[smbget] + path = $smbget_sharedir + comment = smb username is [%U] + +[recycle] + copy = tmp + path = $recycle_shrdir + vfs objects = recycle + recycle : repository = .trash + recycle : exclude = *.tmp + recycle : directory_mode = 755 + +[fakedircreatetimes] + copy = tmp + path = $fakedircreatetimes_shrdir + fake directory create times = yes + +[smbget_guest] + path = $smbget_sharedir + comment = smb username is [%U] + guest ok = yes + +include = $aliceconfdir/%U.conf + "; + + close(CONF); + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "SMB_CONF_PATH=\"$conffile\" "; + $cmd .= "$net setlocalsid $samsid"; + + my $net_ret = system($cmd); + if ($net_ret != 0) { + warn("net setlocalsid failed: $net_ret\n$cmd"); + return undef; + } + + unless (open(ERRORCONF, ">$errorinjectconf")) { + warn("Unable to open $errorinjectconf"); + return undef; + } + close(ERRORCONF); + + unless (open(DELAYCONF, ">$delayinjectconf")) { + warn("Unable to open $delayinjectconf"); + return undef; + } + close(DELAYCONF); + + unless (open(DFQCONF, ">$dfqconffile")) { + warn("Unable to open $dfqconffile"); + return undef; + } + close(DFQCONF); + + unless (open(DELAYCONF, ">$globalinjectconf")) { + warn("Unable to open $globalinjectconf"); + return undef; + } + close(DELAYCONF); + + unless (open(ALICECONF, ">$aliceconffile")) { + warn("Unable to open $aliceconffile"); + return undef; + } + + print ALICECONF " +[alice_share] + path = $shrdir + comment = smb username is [%U] + "; + + close(ALICECONF); + + ## + ## create a test account + ## + + unless (open(PASSWD, ">$nss_wrapper_passwd")) { + warn("Unable to open $nss_wrapper_passwd"); + return undef; + } + print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false +$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false +pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false +pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false +userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false +pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false +force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false +smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false +user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false +user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false +gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false +eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false +slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false +bob:x:$uid_localbob:$gid_domusers:localbob gecos:/:/bin/false +jane:x:$uid_localjane:$gid_domusers:localjane gecos:/:/bin/false +jackthemapper:x:$uid_localjackthemapper:$gid_domusers:localjackthemaper gecos:/:/bin/false +jacknomapper:x:$uid_localjacknomapper:$gid_domusers:localjacknomaper gecos:/:/bin/false +"; + if ($unix_uid != 0) { + print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false +"; + } + close(PASSWD); + + unless (open(GROUP, ">$nss_wrapper_group")) { + warn("Unable to open $nss_wrapper_group"); + return undef; + } + print GROUP "nobody:x:$gid_nobody: +nogroup:x:$gid_nogroup:nobody +$unix_name-group:x:$unix_gids[0]: +domusers:X:$gid_domusers: +domadmins:X:$gid_domadmins: +userdup:x:$gid_userdup:$unix_name +everyone:x:$gid_everyone: +force_user:x:$gid_force_user: +jackthemappergroup:x:$gid_jackthemapper:jackthemapper +jacknomappergroup:x:$gid_jacknomapper:jacknomapper +"; + if ($unix_gids[0] != 0) { + print GROUP "root:x:$gid_root: +"; + } + + close(GROUP); + + ## hosts + my $hostname = lc($server); + unless (open(HOSTS, ">>$nss_wrapper_hosts")) { + warn("Unable to open $nss_wrapper_hosts"); + return undef; + } + print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n"; + print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n"; + close(HOSTS); + + $resolv_conf = "$privatedir/no_resolv.conf" unless defined($resolv_conf); + + foreach my $evlog (@eventlog_list) { + my $evlogtdb = "$eventlogdir/$evlog.tdb"; + open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb"); + close(EVENTLOG); + } + + $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; + $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group; + $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; + $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}"; + if ($ENV{SAMBA_DNS_FAKING}) { + $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file; + } else { + $createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf; + } + $createuser_env{RESOLV_CONF} = $resolv_conf; + + createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user"); + createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user"); + createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user"); + createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1"); + createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2"); + createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser"); + createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser"); + createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser"); + createuser($self, "jackthemapper", "mApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jackthemapper"); + createuser($self, "jacknomapper", "nOmApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jacknomapper"); + + open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); + print DNS_UPDATE_LIST "A $server. $server_ip\n"; + print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; + close(DNS_UPDATE_LIST); + + print "DONE\n"; + + $ret{SERVER_IP} = $server_ip; + $ret{SERVER_IPV6} = $server_ipv6; + $ret{SAMBA_DCERPCD_TEST_LOG} = "$prefix/samba_dcerpcd_test.log"; + $ret{SAMBA_DCERPCD_LOG_POS} = 0; + $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; + $ret{NMBD_TEST_LOG_POS} = 0; + $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log"; + $ret{WINBINDD_TEST_LOG_POS} = 0; + $ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log"; + $ret{SMBD_TEST_LOG_POS} = 0; + $ret{SERVERCONFFILE} = $conffile; + $ret{TESTENV_DIR} = $prefix_abs; + $ret{CONFIGURATION} ="--configfile=$conffile"; + $ret{LOCK_DIR} = $lockdir; + $ret{SERVER} = $server; + $ret{USERNAME} = $unix_name; + $ret{USERID} = $unix_uid; + $ret{DOMAIN} = $domain; + $ret{SAMSID} = $samsid; + $ret{NETBIOSNAME} = $netbios_name; + $ret{PASSWORD} = $password; + $ret{PIDDIR} = $piddir; + $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir; + $ret{NMBD_SOCKET_DIR} = $nmbdsockdir; + $ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface; + $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; + $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; + $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; + $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}"; + $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self); + $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind"; + if ($ENV{SAMBA_DNS_FAKING}) { + $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file; + } else { + $ret{RESOLV_WRAPPER_CONF} = $resolv_conf; + } + $ret{RESOLV_CONF} = $resolv_conf; + $ret{LOCAL_PATH} = "$shrdir"; + $ret{LOGDIR} = $logdir; + + # + # Avoid hitting system krb5.conf - + # An env that needs Kerberos will reset this to the real + # value. + # + $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf"; + + # Define KRB5CCNAME for each environment we set up + $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache"; + $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE}; + + return \%ret; +} + +sub wait_for_start($$$$$) +{ + my ($self, $envvars, $nmbd, $winbindd, $smbd, $samba_dcerpcd) = @_; + my $cmd; + my $netcmd; + my $ret; + + if ($samba_dcerpcd eq "yes") { + my $count = 0; + my $rpcclient = Samba::bindir_path($self, "rpcclient"); + + print "checking for samba_dcerpcd\n"; + + do { + $ret = system("UID_WRAPPER_ROOT=1 $rpcclient $envvars->{CONFIGURATION} ncalrpc: -c epmmap"); + + if ($ret != 0) { + sleep(1); + } + $count++ + } while ($ret != 0 && $count < 10); + + if ($count == 10) { + print "samba_dcerpcd not reachable after 10 retries\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($nmbd eq "yes") { + my $count = 0; + + # give time for nbt server to register its names + print "checking for nmbd\n"; + + # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + + do { + $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}"); + if ($ret != 0) { + sleep(1); + } else { + system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} -U 10.255.255.255 __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); + } + $count++; + } while ($ret != 0 && $count < 10); + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($winbindd eq "yes" or $winbindd eq "offline") { + print "checking for winbindd\n"; + my $count = 0; + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + if ($winbindd eq "yes") { + $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc"; + } elsif ($winbindd eq "offline") { + $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping"; + } + + do { + $ret = system($cmd); + if ($ret != 0) { + sleep(1); + } + $count++; + } while ($ret != 0 && $count < 20); + if ($count == 20) { + print "WINBINDD not reachable after 20 seconds\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($smbd eq "yes") { + # make sure smbd is also up set + print "wait for smbd\n"; + + my $count = 0; + do { + if (defined($envvars->{GNUTLS_FORCE_FIPS_MODE})) { + # We don't have NTLM in FIPS mode, so lets use + # smbcontrol instead of smbclient. + $cmd = Samba::bindir_path($self, "smbcontrol"); + $cmd .= " $envvars->{CONFIGURATION}"; + $cmd .= " smbd ping"; + } else { + # This uses NTLM which is not available in FIPS + $cmd = Samba::bindir_path($self, "smbclient"); + $cmd .= " $envvars->{CONFIGURATION}"; + $cmd .= " -L $envvars->{SERVER}"; + $cmd .= " -U%"; + $cmd .= " -I $envvars->{SERVER_IP}"; + $cmd .= " -p 139"; + } + + $ret = system($cmd); + if ($ret != 0) { + sleep(1); + } + $count++ + } while ($ret != 0 && $count < 20); + if ($count == 20) { + print "SMBD failed to start up in a reasonable time (20sec)\n"; + teardown_env($self, $envvars); + return 0; + } + } + + # Ensure we have domain users mapped. + $netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $netcmd .= "UID_WRAPPER_ROOT='1' "; + $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} "; + + $cmd = $netcmd . "groupmap delete ntgroup=domusers"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + $cmd = $netcmd . "groupmap delete ntgroup=domadmins"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + $cmd = $netcmd . "groupmap delete ntgroup=everyone"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + # note: creating builtin groups requires winbindd for the + # unix id allocator + my $create_builtin_users = "no"; + if ($winbindd eq "yes") { + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; + my $wbinfo_out = qx($cmd 2>&1); + if ($? != 0) { + # wbinfo doesn't give us a better error code then + # WBC_ERR_DOMAIN_NOT_FOUND, but at least that's + # different then WBC_ERR_WINBIND_NOT_AVAILABLE + if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) { + print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out"); + teardown_env($self, $envvars); + return 0; + } + $create_builtin_users = "yes"; + } + } + if ($create_builtin_users eq "yes") { + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; + $cmd .= "sam createbuiltingroup Users"; + $ret = system($cmd); + if ($ret != 0) { + print "Failed to create BUILTIN\\Users group\n"; + teardown_env($self, $envvars); + return 0; + } + + $cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; + $cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545"; + system($cmd); + + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; + $ret = system($cmd); + if ($ret != 0) { + print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n"; + teardown_env($self, $envvars); + return 0; + } + } + + print $self->getlog_env($envvars); + + return 1; +} + +## +## provision and start of ctdb +## +sub setup_ctdb($$) +{ + my ($self, $prefix) = @_; + my $num_nodes = 3; + + my $data = $self->provision_ctdb($prefix, $num_nodes); + $data or return undef; + + my $rc = $self->check_or_start_ctdb($data); + if (not $rc) { + print("check_or_start_ctdb() failed\n"); + return undef; + } + + $rc = $self->wait_for_start_ctdb($data); + if (not $rc) { + print "Cluster startup failed\n"; + return undef; + } + + return $data; +} + +sub provision_ctdb($$$$) +{ + my ($self, $prefix, $num_nodes, $no_delete_prefix) = @_; + my $rc; + + print "PROVISIONING CTDB...\n"; + + my $prefix_abs = abs_path($prefix); + + # + # check / create directories: + # + die ("prefix_abs = ''") if $prefix_abs eq ""; + die ("prefix_abs = '/'") if $prefix_abs eq "/"; + + mkdir ($prefix_abs, 0777); + + print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n"; + + if (not defined($no_delete_prefix) or not $no_delete_prefix) { + system("rm -rf $prefix_abs/*"); + } + + # + # Per-node data + # + my @nodes = (); + for (my $i = 0; $i < $num_nodes; $i++) { + my %node = (); + my $server_name = "ctdb${i}"; + my $pub_iface = Samba::get_interface($server_name); + my $ip = Samba::get_ipv4_addr($server_name); + + $node{NODE_NUMBER} = "$i"; + $node{SERVER_NAME} = "$server_name"; + $node{SOCKET_WRAPPER_DEFAULT_IFACE} = "$pub_iface"; + $node{IP} = "$ip"; + + push(@nodes, \%node); + } + + # + # nodes + # + my $nodes_file = "$prefix/nodes.in"; + unless (open(NODES, ">$nodes_file")) { + warn("Unable to open nodesfile '$nodes_file'"); + return undef; + } + for (my $i = 0; $i < $num_nodes; $i++) { + my $ip = $nodes[$i]->{IP}; + print NODES "${ip}\n"; + } + close(NODES); + + # + # local_daemons.sh setup + # + # Socket wrapper setup is done by selftest.pl, so don't use + # the CTDB-specific setup + # + my $cmd; + $cmd .= "ctdb/tests/local_daemons.sh " . $prefix_abs . " setup"; + $cmd .= " -n " . $num_nodes; + $cmd .= " -N " . $nodes_file; + # CTDB should not attempt to manage public addresses - + # clients should just connect to CTDB private addresses + $cmd .= " -P " . "/dev/null"; + + my $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + + # + # Unix domain socket and node directory for each daemon + # + for (my $i = 0; $i < $num_nodes; $i++) { + my ($cmd, $ret, $out); + + my $cmd_prefix = "ctdb/tests/local_daemons.sh ${prefix_abs}"; + + # + # socket + # + + $cmd = "${cmd_prefix} print-socket ${i}"; + + $out = `$cmd`; + $ret = $?; + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + chomp $out; + $nodes[$i]->{SOCKET_FILE} = "$out"; + + # + # node directory + # + + $cmd = "${cmd_prefix} onnode ${i} 'echo \$CTDB_BASE'"; + + $out = `$cmd`; + $ret = $?; + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + chomp $out; + $nodes[$i]->{NODE_PREFIX} = "$out"; + } + + my %ret = (); + + $ret{CTDB_PREFIX} = "$prefix"; + $ret{NUM_NODES} = $num_nodes; + $ret{CTDB_NODES} = \@nodes; + $ret{CTDB_NODES_FILE} = $nodes_file; + + for (my $i = 0; $i < $num_nodes; $i++) { + my $node = $nodes[$i]; + my $socket = $node->{SOCKET_FILE}; + my $server_name = $node->{SERVER_NAME}; + my $node_prefix = $node->{NODE_PREFIX}; + my $ip = $node->{IP}; + + $ret{"CTDB_BASE_NODE${i}"} = $node_prefix; + $ret{"CTDB_SOCKET_NODE${i}"} = $socket; + $ret{"CTDB_SERVER_NAME_NODE${i}"} = $server_name; + $ret{"CTDB_IFACE_IP_NODE${i}"} = $ip; + } + + $ret{CTDB_BASE} = $ret{CTDB_BASE_NODE0}; + $ret{CTDB_SOCKET} = $ret{CTDB_SOCKET_NODE0}; + $ret{CTDB_SERVER_NAME} = $ret{CTDB_SERVER_NAME_NODE0}; + $ret{CTDB_IFACE_IP} = $ret{CTDB_IFACE_IP_NODE0}; + + return \%ret; +} + +sub check_or_start_ctdb($$) { + my ($self, $data) = @_; + + my $prefix = $data->{CTDB_PREFIX}; + my $num_nodes = $data->{NUM_NODES}; + my $nodes = $data->{CTDB_NODES}; + my $STDIN_READER; + + # Share a single stdin pipe for all nodes + pipe($STDIN_READER, $data->{CTDB_STDIN_PIPE}); + + for (my $i = 0; $i < $num_nodes; $i++) { + my $node = $nodes->[$i]; + + $node->{STDIN_PIPE} = $data->{CTDB_STDIN_PIPE}; + + my $cmd = "ctdb/tests/local_daemons.sh"; + my @full_cmd = ("$cmd", "$prefix", "start", "$i"); + my $daemon_ctx = { + NAME => "ctdbd", + BINARY_PATH => $cmd, + FULL_CMD => [ @full_cmd ], + TEE_STDOUT => 1, + LOG_FILE => "/dev/null", + ENV_VARS => {}, + }; + + print "STARTING CTDBD (node ${i})\n"; + + # This does magic with $STDIN_READER, so use it + my $ret = Samba::fork_and_exec($self, + $node, + $daemon_ctx, + $STDIN_READER); + + if ($ret == 0) { + print("\"$cmd\" failed\n"); + teardown_env_ctdb($self, $data); + return 0; + } + } + + close($STDIN_READER); + + return 1; +} + +sub wait_for_start_ctdb($$) +{ + my ($self, $data) = @_; + + my $prefix = $data->{CTDB_PREFIX}; + + print "Wait for ctdbd...\n"; + + my $ctdb = Samba::bindir_path($self, "ctdb"); + my $cmd; + $cmd .= "ctdb/tests/local_daemons.sh ${prefix} onnode all"; + $cmd .= " ${ctdb} nodestatus all 2>&1"; + + my $count = 0; + my $wait_seconds = 60; + my $out; + + until ($count > $wait_seconds) { + $out = `$cmd`; + my $ret = $?; + if ($ret == 0) { + print "\ncluster became healthy\n"; + last; + } + print "Waiting for CTDB...\n"; + sleep(1); + $count++; + } + + if ($count > $wait_seconds) { + print "\nGiving up to wait for CTDB...\n"; + print "${out}\n\n"; + print "CTDB log:\n"; + $cmd = "ctdb/tests/local_daemons.sh ${prefix} print-log all >&2"; + system($cmd); + teardown_env_ctdb($self, $data); + return 0; + } + + print "\nCTDB initialized\n"; + + return 1; +} + +1; |