From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- wintest/README | 5 + wintest/conf/abartlet-jesse.conf | 104 ++++ wintest/conf/abartlet.conf | 104 ++++ wintest/conf/bbaumbach.conf | 97 ++++ wintest/conf/tridge.conf | 95 ++++ wintest/conf/zahari-esxi.conf | 46 ++ wintest/test-s3.py | 293 ++++++++++++ wintest/test-s4-howto.py | 728 ++++++++++++++++++++++++++++ wintest/wintest.py | 992 +++++++++++++++++++++++++++++++++++++++ 9 files changed, 2464 insertions(+) create mode 100644 wintest/README create mode 100644 wintest/conf/abartlet-jesse.conf create mode 100644 wintest/conf/abartlet.conf create mode 100644 wintest/conf/bbaumbach.conf create mode 100644 wintest/conf/tridge.conf create mode 100644 wintest/conf/zahari-esxi.conf create mode 100755 wintest/test-s3.py create mode 100755 wintest/test-s4-howto.py create mode 100644 wintest/wintest.py (limited to 'wintest') diff --git a/wintest/README b/wintest/README new file mode 100644 index 0000000..b35e625 --- /dev/null +++ b/wintest/README @@ -0,0 +1,5 @@ +Please see the wiki page at: + + http://wiki.samba.org/index.php/WinTest + +for details on configuring and running wintest diff --git a/wintest/conf/abartlet-jesse.conf b/wintest/conf/abartlet-jesse.conf new file mode 100644 index 0000000..64a5f43 --- /dev/null +++ b/wintest/conf/abartlet-jesse.conf @@ -0,0 +1,104 @@ +# config file for test-howto.py for abartlet's KVM based setup (using libvirt) + +# where the git checkout is +SOURCETREE : /data/samba/howto/git + +# where to install Samba to +PREFIX : /data/samba/howto/prefix + +# debug level which will be put in smb.conf +DEBUGLEVEL : 1 + +# commands to control VMs +VM_POWEROFF : virsh destroy ${VMNAME} +VM_RESTORE : virsh snapshot-revert ${VMNAME} ${SNAPSHOT} +VM_RESET : virsh reboot ${VMNAME} + +# interfaces to create +INTERFACE : virbr0:0 +NAMED_INTERFACE : virbr0:1 + +# this is an additional IP that will be used for named to listen +# on. It should not be the primary IP of the interface. We need one +# for BIND (which redirects to the other hosts) and one for Samba, +# which might be running our own DNS + +INTERFACE_IP : 192.168.122.3 +INTERFACE_NET : 192.168.122.3/24 +NAMED_INTERFACE_IP : 192.168.122.2 +NAMED_INTERFACE_NET : 192.168.122.2/24 + +# how to run bind9 +BIND9 : /usr/sbin/named +NAMED_CHECKCONF : /usr/sbin/named-checkconf +RNDC : /usr/sbin/rndc +BIND_USER : named + +# provision information +REALM : S4.HOWTO.ABARTLET.NET +LCREALM : s4.howto.abartlet.net +DOMAIN : s4-howto +BASEDN : DC=s4,DC=howto,DC=abartlet,DC=net +PASSWORD1 : p@ssw0rd +PASSWORD2 : p@ssw0rd2 +PASSWORD3 : p@ssw0rd3 + +# a Windows7 VM +WINDOWS7_HOSTNAME : Windows7-3 +WINDOWS7_VM : Windows7-3 +WINDOWS7_SNAPSHOT : 1346650132 +WINDOWS7_USER : administrator +WINDOWS7_PASS : penguin + +# a winxp VM - needs Windows XP Service Pack 2 Support Tools +#WINXP_HOSTNAME : WinXP-1 +#WINXP_VM : WinXP-1 +#WINXP_SNAPSHOT : 1329361864 +#WINXP_USER : administrator +#WINXP_PASS : penguin + +# Samba will join this w2k8r2 VM as a DC and then as a RODC +W2K8R2A_HOSTNAME : Win2008R2-3 +W2K8R2A_VM : Win2008R2-3 +W2K8R2A_REALM : 2008R2.HOWTO.ABARTLET.NET +W2K8R2A_DOMAIN : 2008R2HOWTO +W2K8R2A_PASS : penguin12# +W2K8R2A_SNAPSHOT : 1349167901 +W2K8R2A_IP : 192.168.122.24 + +# this w2k8r2 VM will become a DC in the samba domain +W2K8R2B_HOSTNAME : Win2008R2-7 +W2K8R2B_VM : Win2008R2-7 +W2K8R2B_PASS : penguin12# +W2K8R2B_SNAPSHOT : 1347439285 + +# this w2k8r2 VM will become a RODC in the samba domain +W2K8R2C_HOSTNAME : Win2008R2-6 +W2K8R2C_VM : Win2008R2-6 +W2K8R2C_PASS : penguin12# +W2K8R2C_SNAPSHOT : 1347437454 + +# Samba will join this w2k3 VM as a DC +#W2K3A_HOSTNAME : Win2003R2-2 +#W2K3A_VM : Win2003R2-2 +#W2K3A_REALM : 2003.HOWTO.ABARTLET.NET +#W2K3A_DOMAIN : 2003HOWTO +#W2K3A_PASS : penguin +#W2K3A_SNAPSHOT : 1314652035 +#W2K3A_IP : 192.168.122.91 + +# this w2k3 VM will become a DC in the samba domain +W2K3B_HOSTNAME : Win2003R2-4 +W2K3B_VM : Win2003R2-4 +W2K3B_PASS : penguin +W2K3B_SNAPSHOT : 1347424723 +W2K3B_IP : 192.168.122.164 + +# this w2k3 VM will become a member in the samba domain +W2K3C_HOSTNAME : Win2003R2-3 +W2K3C_VM : Win2003R2-3 +W2K3C_PASS : penguin +W2K3C_SNAPSHOT : 1347423953 +W2K3C_IP : 192.168.122.162 + + diff --git a/wintest/conf/abartlet.conf b/wintest/conf/abartlet.conf new file mode 100644 index 0000000..78c0287 --- /dev/null +++ b/wintest/conf/abartlet.conf @@ -0,0 +1,104 @@ +# config file for test-howto.py for abartlet's KVM based setup (using libvirt) + +# where the git checkout is +SOURCETREE : /data/samba/howto/git + +# where to install Samba to +PREFIX : /data/samba/howto/prefix + +# debug level which will be put in smb.conf +DEBUGLEVEL : 1 + +# commands to control VMs +VM_POWEROFF : virsh destroy ${VMNAME} +VM_RESTORE : virsh snapshot-revert ${VMNAME} ${SNAPSHOT} +VM_RESET : virsh reboot ${VMNAME} + +# interfaces to create +INTERFACE : virbr0:0 +NAMED_INTERFACE : virbr0:1 + +# this is an additional IP that will be used for named to listen +# on. It should not be the primary IP of the interface. We need one +# for BIND (which redirects to the other hosts) and one for Samba, +# which might be running our own DNS + +INTERFACE_IP : 192.168.122.3 +INTERFACE_NET : 192.168.122.3/24 +NAMED_INTERFACE_IP : 192.168.122.2 +NAMED_INTERFACE_NET : 192.168.122.2/24 + +# how to run bind9 +BIND9 : /usr/sbin/named +NAMED_CHECKCONF : /usr/sbin/named-checkconf +RNDC : /usr/sbin/rndc +BIND_USER : named + +# provision information +REALM : S4.HOWTO.ABARTLET.NET +LCREALM : s4.howto.abartlet.net +DOMAIN : s4-howto +BASEDN : DC=s4,DC=howto,DC=abartlet,DC=net +PASSWORD1 : p@ssw0rd +PASSWORD2 : p@ssw0rd2 +PASSWORD3 : p@ssw0rd3 + +# a Windows7 VM +WINDOWS7_HOSTNAME : Windows7-3 +WINDOWS7_VM : Windows7-3 +WINDOWS7_SNAPSHOT : 1329351855 +WINDOWS7_USER : administrator +WINDOWS7_PASS : penguin + +# a winxp VM - needs Windows XP Service Pack 2 Support Tools +WINXP_HOSTNAME : WinXP-1 +WINXP_VM : WinXP-1 +WINXP_SNAPSHOT : 1329361864 +WINXP_USER : administrator +WINXP_PASS : penguin + +# Samba will join this w2k8r2 VM as a DC and then as a RODC +W2K8R2A_HOSTNAME : Win2008R2-3 +W2K8R2A_VM : Win2008R2-3 +W2K8R2A_REALM : 2008R2.HOWTO.ABARTLET.NET +W2K8R2A_DOMAIN : 2008R2HOWTO +W2K8R2A_PASS : penguin12# +W2K8R2A_SNAPSHOT : 1329218595 +W2K8R2A_IP : 192.168.122.57 + +# this w2k8r2 VM will become a DC in the samba domain +W2K8R2B_HOSTNAME : Win2008R2-7 +W2K8R2B_VM : Win2008R2-7 +W2K8R2B_PASS : penguin12# +W2K8R2B_SNAPSHOT : 1329964204 + +# this w2k8r2 VM will become a RODC in the samba domain +W2K8R2C_HOSTNAME : Win2008R2-6 +W2K8R2C_VM : Win2008R2-6 +W2K8R2C_PASS : penguin12# +W2K8R2C_SNAPSHOT : 1329785556 + +# Samba will join this w2k3 VM as a DC +W2K3A_HOSTNAME : Win2003R2-2 +W2K3A_VM : Win2003R2-2 +W2K3A_REALM : 2003.HOWTO.ABARTLET.NET +W2K3A_DOMAIN : 2003HOWTO +W2K3A_PASS : penguin +W2K3A_SNAPSHOT : 1314652035 +W2K3A_IP : 192.168.122.91 + +# this w2k3 VM will become a DC in the samba domain +W2K3B_HOSTNAME : Win2003R2-4 +W2K3B_VM : Win2003R2-4 +W2K3B_PASS : penguin +W2K3B_SNAPSHOT : 1331186260 +W2K3B_IP : 192.168.122.164 + +# this w2k3 VM will become a member in the samba domain +W2K3C_HOSTNAME : Win2003R2-3 +W2K3C_VM : Win2003R2-3 +W2K3C_PASS : penguin +W2K3C_SNAPSHOT : 1329451062 +W2K3C_IP : 192.168.122.162 + + diff --git a/wintest/conf/bbaumbach.conf b/wintest/conf/bbaumbach.conf new file mode 100644 index 0000000..aaacd32 --- /dev/null +++ b/wintest/conf/bbaumbach.conf @@ -0,0 +1,97 @@ +# Björn Baumbachs wintest config file +# Using VirtualBox in headless mode. Since it's not possible to +# startup VMs in gui mode. + +# where the git checkout is +SOURCETREE : /home/bbaumba/src/git/samba + +# where to install Samba to +PREFIX : /smbTest/wintest + +# debug level which will be put in smb.conf +DEBUGLEVEL : 1 + +# commands to control VMs +VM_POWEROFF : su bbaumba -c "VBoxManage controlvm ${VMNAME} poweroff" +VM_RESTORE : su bbaumba -c "VBoxManage snapshot ${VMNAME} restore ${SNAPSHOT} && VBoxManage startvm ${VMNAME} --type headless" +VM_RESET : su bbaumba -c "VBoxManage controlvm ${VMNAME} reset" + +# interfaces to listen on +INTERFACE : wintest + +# this is an additional IP that will be used for named to listen +# on. It should not be the primary IP of the interface +INTERFACE_IP : 192.168.4.77 +INTERFACE_NET : 192.168.4.77/24 + +# how to run bind9 +BIND9 : /usr/sbin/named +NAMED_CHECKCONF : /usr/sbin/named-checkconf +RNDC : /usr/sbin/rndc +BIND_USER : named + +# provision information +REALM : WINTEST.EXAMPLE.ORG +LCREALM : wintest.example.org +DOMAIN : wintest +BASEDN : DC=wintest,DC=example,DC=org +PASSWORD1 : p@ssw0rd +PASSWORD2 : p@ssw0rd2 +PASSWORD3 : p@ssw0rd3 + +## a Windows7 VM +#WINDOWS7_HOSTNAME : wintest7 +#WINDOWS7_VM : wintest7 +#WINDOWS7_SNAPSHOT : ready +#WINDOWS7_USER : Administrator +#WINDOWS7_PASS : Passw0rd + +# a winxp VM - needs Windows XP Service Pack 2 Support Tools +WINXP_HOSTNAME : wintestxp +WINXP_VM : wintestxp +WINXP_SNAPSHOT : ready +WINXP_USER : Administrator +WINXP_PASS : geheim + +# Samba will join this w2k8r2 VM as a DC and then as a RODC +#W2K8R2A_HOSTNAME : wintest2k8r2 +#W2K8R2A_VM : wintest2k8r2 +#W2K8R2A_REALM : v2.tridgell.net +#W2K8R2A_DOMAIN : v2 +#W2K8R2A_PASS : Passw0rd +#W2K8R2A_SNAPSHOT : ready2 +#W2K8R2A_IP : 192.168.4.103 + + +## this w2k8r2 VM will become a DC in the samba domain +#W2K8R2B_HOSTNAME : w2k8r2b +#W2K8R2B_VM : w2k8r2b +#W2K8R2B_PASS : p@ssw0rd +#W2K8R2B_SNAPSHOT : howto-test2 +# +## this w2k8r2 VM will become a RODC in the samba domain +#W2K8R2C_HOSTNAME : w2k8r2c +#W2K8R2C_VM : w2k8r2c +#W2K8R2C_PASS : p@ssw0rd +#W2K8R2C_SNAPSHOT : howto-test2 + +# Samba will join this w2k3 VM as a DC +W2K3A_HOSTNAME : wintest2k3 +W2K3A_VM : wintest2k3 +W2K3A_REALM : vsofs3.com +W2K3A_DOMAIN : vsofs3 +W2K3A_PASS : Passw0rd +W2K3A_SNAPSHOT : ready +W2K3A_IP : 192.168.4.102 + +## this w2k3 VM will become a DC in the samba domain +#W2K3B_HOSTNAME : w2k3b +#W2K3B_VM : w2k3b +#W2K3B_PASS : penguin +#W2K3B_SNAPSHOT : howto-test +# +## this w2k8 VM will become a DC in the samba domain +#W2K8B_HOSTNAME : w2k8c +#W2K8B_VM : w2k8 +#W2K8B_PASS : p@ssw0rd +#W2K8B_SNAPSHOT : howto-test diff --git a/wintest/conf/tridge.conf b/wintest/conf/tridge.conf new file mode 100644 index 0000000..e6d6910 --- /dev/null +++ b/wintest/conf/tridge.conf @@ -0,0 +1,95 @@ +# config file for test-howto.py for tridge + +# where the git checkout is +SOURCETREE : /home/tridge/samba/git/howto + +# where to install Samba to +PREFIX : /home/tridge/samba/git/prefix.howto + +# debug level which will be put in smb.conf +DEBUGLEVEL : 1 + +# commands to control VMs +VM_POWEROFF : su tridge -c "VBoxManage controlvm ${VMNAME} poweroff" +VM_RESTORE : su tridge -c "VBoxManage snapshot ${VMNAME} restore ${SNAPSHOT} && VBoxManage startvm ${VMNAME}" +VM_RESET : su tridge -c "VBoxManage controlvm ${VMNAME} reset" + +# interfaces to listen on +INTERFACE : virbr0:0 + +# this is an additional IP that will be used for named to listen +# on. It should not be the primary IP of the interface +INTERFACE_IP : 10.0.0.2 +INTERFACE_NET : 10.0.0.2/24 + +# how to run bind9 +BIND9 : /usr/sbin/named +NAMED_CHECKCONF : /usr/sbin/named-checkconf +RNDC : /usr/sbin/rndc +BIND_USER : bind + +# provision information +REALM : HOWTO.TRIDGELL.NET +LCREALM : howto.tridgell.net +DOMAIN : howto +BASEDN : DC=howto,DC=tridgell,DC=net +PASSWORD1 : p@ssw0rd +PASSWORD2 : p@ssw0rd2 +PASSWORD3 : p@ssw0rd3 + +# a Windows7 VM +WINDOWS7_HOSTNAME : win7 +WINDOWS7_VM : Win7 +WINDOWS7_SNAPSHOT : howto-test2 +WINDOWS7_USER : administrator +WINDOWS7_PASS : p@ssw0rd + +# a winxp VM - needs Windows XP Service Pack 2 Support Tools +WINXP_HOSTNAME : winxptest +WINXP_VM : winXP-test +WINXP_SNAPSHOT : howto-test +WINXP_USER : tridge +WINXP_PASS : penguin + +# Samba will join this w2k8r2 VM as a DC and then as a RODC +W2K8R2A_HOSTNAME : w2k8 +W2K8R2A_VM : w2k8r2 +W2K8R2A_REALM : v2.tridgell.net +W2K8R2A_DOMAIN : v2 +W2K8R2A_PASS : p@ssw0rd5 +W2K8R2A_SNAPSHOT : howto-test +W2K8R2A_IP : 10.0.0.4 + + +# this w2k8r2 VM will become a DC in the samba domain +W2K8R2B_HOSTNAME : w2k8r2b +W2K8R2B_VM : w2k8r2b +W2K8R2B_PASS : p@ssw0rd +W2K8R2B_SNAPSHOT : howto-test2 + +# this w2k8r2 VM will become a RODC in the samba domain +W2K8R2C_HOSTNAME : w2k8r2c +W2K8R2C_VM : w2k8r2c +W2K8R2C_PASS : p@ssw0rd +W2K8R2C_SNAPSHOT : howto-test2 + +# Samba will join this w2k3 VM as a DC +W2K3A_HOSTNAME : w2k3 +W2K3A_VM : w2003 +W2K3A_REALM : vsofs3.com +W2K3A_DOMAIN : vsofs3 +W2K3A_PASS : penguin +W2K3A_SNAPSHOT : howto-test +W2K3A_IP : 10.0.0.3 + +# this w2k3 VM will become a DC in the samba domain +W2K3B_HOSTNAME : w2k3b +W2K3B_VM : w2k3b +W2K3B_PASS : penguin +W2K3B_SNAPSHOT : howto-test + +# this w2k8 VM will become a DC in the samba domain +W2K8B_HOSTNAME : w2k8c +W2K8B_VM : w2k8 +W2K8B_PASS : p@ssw0rd +W2K8B_SNAPSHOT : howto-test diff --git a/wintest/conf/zahari-esxi.conf b/wintest/conf/zahari-esxi.conf new file mode 100644 index 0000000..bed6326 --- /dev/null +++ b/wintest/conf/zahari-esxi.conf @@ -0,0 +1,46 @@ +# config file for test-howto.py for zahari + +# where the git checkout is +SOURCETREE : /root/samba-master + +# where to install Samba to +PREFIX : /usr/local/samba + +# VMware ESX server + +# debug level which will be put in smb.conf +DEBUGLEVEL : 1 + +# commands to control VMs +VM_POWEROFF : su zahari -c "sshpass -p p@ssw0rd ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/power.off ${VMNAME} 2>&1; sleep 5" +VM_RESTORE : su zahari -c "sshpass -p p@ssw0rd ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/snapshot.revert ${VMNAME} ${SNAPSHOT} 2>&1; sleep 5" +VM_RESET : su zahari -c "sshpass -p p@ssword ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/power.reboot ${VMNAME} 2>&1; sleep 5" + +# interfaces to listen on +INTERFACE : eth0 + +# this is an additional IP that will be used for named to listen +# on. It should not be the primary IP of the interface +INTERFACE_IP : 10.191.10.90 +INTERFACE_NET : 10.191.10.90/16 + +# how to run bind9 +BIND9 : /usr/sbin/named +NAMED_CHECKCONF : /usr/sbin/named-checkconf +RNDC : /usr/sbin/rndc +BIND_USER : bind + +# provision information +REALM : HOWTO.SAMBA90.TEST +LCREALM : howto.samba90.test +DOMAIN : howto-0 +BASEDN : DC=howto,DC=samba90,DC=test +PASSWORD1 : p@r0l@123! +PASSWORD2 : p@r0l@1234! +PASSWORD3 : p@r0l@12345! + +# this w2k8r2 VM will become a DC in the samba domain +W2K8R2B_HOSTNAME : WIN-SVD8RSRCPSS +W2K8R2B_VM : 128 +W2K8R2B_PASS : P@r0l@ +W2K8R2B_SNAPSHOT : 0 1 diff --git a/wintest/test-s3.py b/wintest/test-s3.py new file mode 100755 index 0000000..1c5142b --- /dev/null +++ b/wintest/test-s3.py @@ -0,0 +1,293 @@ +#!/usr/bin/env python3 + +'''automated testing of Samba3 against windows''' + +import wintest + + +def set_libpath(t): + t.putenv("LD_LIBRARY_PATH", "${PREFIX}/lib") + + +def set_krb5_conf(t): + t.run_cmd("mkdir -p ${PREFIX}/etc") + t.write_file("${PREFIX}/etc/krb5.conf", + '''[libdefaults] + dns_lookup_realm = false + dns_lookup_kdc = true''') + + t.putenv("KRB5_CONFIG", '${PREFIX}/etc/krb5.conf') + + +def build_s3(t): + '''build samba3''' + t.info('Building s3') + t.chdir('${SOURCETREE}/source3') + t.putenv('CC', 'ccache gcc') + t.run_cmd("./autogen.sh") + t.run_cmd("./configure -C --prefix=${PREFIX} --enable-developer") + t.run_cmd('make basics') + t.run_cmd('make -j4') + t.run_cmd('rm -rf ${PREFIX}') + t.run_cmd('make install') + + +def start_s3(t): + t.info('Starting Samba3') + t.chdir("${PREFIX}") + t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False) + t.run_cmd("rm -f var/locks/*.pid") + t.run_cmd(['sbin/nmbd', "-D"]) + t.run_cmd(['sbin/winbindd', "-D"]) + t.run_cmd(['sbin/smbd', "-D"]) + t.port_wait("${INTERFACE_IP}", 139) + + +def test_wbinfo(t): + t.info('Testing wbinfo') + t.chdir('${PREFIX}') + t.cmd_contains("bin/wbinfo --version", ["Version 4."]) + t.cmd_contains("bin/wbinfo -p", ["Ping to winbindd succeeded"]) + t.retry_cmd("bin/wbinfo --online-status", + ["BUILTIN : online", + "${HOSTNAME} : online", + "${WIN_DOMAIN} : online"], + casefold=True) + t.cmd_contains("bin/wbinfo -u", + ["${WIN_DOMAIN}/administrator", + "${WIN_DOMAIN}/krbtgt"], + casefold=True) + t.cmd_contains("bin/wbinfo -g", + ["${WIN_DOMAIN}/domain users", + "${WIN_DOMAIN}/domain guests", + "${WIN_DOMAIN}/domain admins"], + casefold=True) + t.cmd_contains("bin/wbinfo --name-to-sid administrator", + "S-1-5-.*-500 SID_USER .1", + regex=True) + t.cmd_contains("bin/wbinfo --name-to-sid 'domain users'", + "S-1-5-.*-513 SID_DOM_GROUP .2", + regex=True) + + t.retry_cmd("bin/wbinfo --authenticate=${WIN_DOMAIN}/administrator%${WIN_PASS}", + ["plaintext password authentication succeeded", + "challenge/response password authentication succeeded"]) + + t.retry_cmd("bin/wbinfo --krb5auth=${WIN_DOMAIN}/administrator%${WIN_PASS}", + ["succeeded"]) + + +def test_smbclient(t): + t.info('Testing smbclient') + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.cmd_contains("%s --version" % (smbclient), ["Version 4."]) + t.cmd_contains('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["Domain=[${WIN_DOMAIN}]", "test", "IPC$", "Samba 4."], + casefold=True) + child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2}' % (smbclient)) + child.expect("smb:") + child.sendline("dir") + child.expect("blocks available") + child.sendline("mkdir testdir") + child.expect("smb:") + child.sendline("cd testdir") + child.expect('testdir') + child.sendline("cd ..") + child.sendline("rmdir testdir") + + child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2} -k' % (smbclient)) + child.expect("smb:") + child.sendline("dir") + child.expect("blocks available") + child.sendline("mkdir testdir") + child.expect("smb:") + child.sendline("cd testdir") + child.expect('testdir') + child.sendline("cd ..") + child.sendline("rmdir testdir") + + +def create_shares(t): + t.info("Adding test shares") + t.chdir('${PREFIX}') + t.write_file("etc/smb.conf", ''' +[test] + path = ${PREFIX}/test + read only = no + ''', + mode='a') + t.run_cmd("mkdir -p test") + + +def prep_join_as_member(t, vm): + '''prepare to join a windows domain as a member server''' + t.setwinvars(vm) + t.info("Starting VMs for joining ${WIN_VM} as a member using net ads join") + t.chdir('${PREFIX}') + t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False) + t.vm_poweroff("${WIN_VM}", checkfail=False) + t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}") + child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True) + t.get_ipconfig(child) + t.del_files(["var", "private"]) + t.write_file("etc/smb.conf", ''' +[global] + netbios name = ${HOSTNAME} + log level = ${DEBUGLEVEL} + realm = ${WIN_REALM} + workgroup = ${WIN_DOMAIN} + security = ADS + bind interfaces only = yes + interfaces = ${INTERFACE} + winbind separator = / + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + winbind enum users = yes + winbind enum groups = yes + max protocol = SMB2 + map hidden = no + map system = no + ea support = yes + panic action = xterm -e gdb --pid %d + ''') + + +def join_as_member(t, vm): + '''join a windows domain as a member server''' + t.setwinvars(vm) + t.info("Joining ${WIN_VM} as a member using net ads join") + t.port_wait("${WIN_IP}", 389) + t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record']) + t.cmd_contains("bin/net ads join -Uadministrator%${WIN_PASS}", ["Joined"]) + t.cmd_contains("bin/net ads testjoin", ["Join is OK"]) + t.cmd_contains("bin/net ads dns register ${HOSTNAME}.${WIN_REALM} -P", ["Successfully registered hostname with DNS"]) + t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}", + ['${HOSTNAME}.${WIN_REALM} has address']) + + +def create_root_account(t, vm): + t.setwinvars(vm) + t.info("Creating 'root' account for testing Samba3 member server") + t.chdir('${PREFIX}') + t.run_cmd('bin/net ads user add root -Uadministrator%${WIN_PASS}') + child = t.pexpect_spawn('bin/net ads password root -Uadministrator%${WIN_PASS}') + child.expect("Enter new password for root") + child.sendline("${PASSWORD2}") + child.expect("Password change for ") + child.expect(" completed") + child = t.pexpect_spawn('bin/net rpc shell -S ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}') + child.expect("net rpc>") + child.sendline("user edit disabled root no") + child.expect("Set root's disabled flag") + + +def test_join_as_member(t, vm): + '''test the domain join''' + t.setwinvars(vm) + t.info('Testing join as member') + t.chdir('${PREFIX}') + test_wbinfo(t) + test_smbclient(t) + + +def test_s3(t): + '''basic s3 testing''' + + t.setvar("SAMBA_VERSION", "Version 4") + t.setvar("smbclient", "bin/smbclient") + t.check_prerequesites() + set_libpath(t) + + if not t.skip("configure_bind"): + t.configure_bind() + if not t.skip("stop_bind"): + t.stop_bind() + if not t.skip("stop_vms"): + t.stop_vms() + + if not t.skip("build"): + build_s3(t) + + set_krb5_conf(t) + if not t.skip("configure_bind2"): + t.configure_bind() + if not t.skip("start_bind"): + t.start_bind() + + dc_started = False + if t.have_var('W2K8R2A_VM') and not t.skip("join_w2k8r2"): + t.start_winvm('W2K8R2A') + dc_started = True + prep_join_as_member(t, "W2K8R2A") + t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2') + join_as_member(t, "W2K8R2A") + create_shares(t) + start_s3(t) + create_root_account(t, "W2K8R2A") + test_join_as_member(t, "W2K8R2A") + + if t.have_var('WINDOWS7_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_windows7_2008r2"): + if not dc_started: + t.start_winvm('W2K8R2A') + t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2') + dc_started = True + else: + t.setwinvars('W2K8R2A') + realm = t.getvar("WIN_REALM") + dom_username = t.getvar("WIN_USER") + dom_password = t.getvar("WIN_PASS") + dom_realm = t.getvar("WIN_REALM") + t.start_winvm('WINDOWS7') + t.test_remote_smbclient("WINDOWS7") + t.run_winjoin('WINDOWS7', realm, username=dom_username, password=dom_password) + t.test_remote_smbclient("WINDOWS7", dom_username, dom_password) + t.test_remote_smbclient('WINDOWS7', dom_username, dom_password, args='--option=clientntlmv2auth=no') + t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k") + t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --option=clientusespnegoprincipal=yes") + t.test_net_use('WINDOWS7', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}') + + if t.have_var('WINXP_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_winxp_2008r2"): + if not dc_started: + t.start_winvm('W2K8R2A') + t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2') + dc_started = True + else: + t.setwinvars('W2K8R2A') + realm = t.getvar("WIN_REALM") + dom_username = t.getvar("WIN_USER") + dom_password = t.getvar("WIN_PASS") + dom_realm = t.getvar("WIN_REALM") + t.start_winvm('WINXP') + t.run_winjoin('WINXP', realm, username=dom_username, password=dom_password) + t.test_remote_smbclient('WINXP', dom_username, dom_password) + t.test_remote_smbclient('WINXP', dom_username, dom_password, args='--option=clientntlmv2auth=no') + t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k") + t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --clientusespnegoprincipal=yes") + t.test_net_use('WINXP', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}') + + t.info("S3 test: All OK") + + +def test_cleanup(t): + '''cleanup after tests''' + t.info("Cleaning up ...") + t.restore_resolv_conf() + if getattr(t, 'bind_child', False): + t.bind_child.kill() + + +if __name__ == '__main__': + t = wintest.wintest() + + t.setup("test-s3.py", "source3") + + try: + test_s3(t) + except: + if not t.opts.nocleanup: + test_cleanup(t) + raise + + if not t.opts.nocleanup: + test_cleanup(t) + t.info("S3 test: All OK") diff --git a/wintest/test-s4-howto.py b/wintest/test-s4-howto.py new file mode 100755 index 0000000..e52711f --- /dev/null +++ b/wintest/test-s4-howto.py @@ -0,0 +1,728 @@ +#!/usr/bin/env python3 + +'''automated testing of the steps of the Samba4 HOWTO''' + +import sys +import os +import wintest +import pexpect +import time +import subprocess + + +def set_krb5_conf(t): + t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf') + + +def build_s4(t): + '''build samba4''' + t.info('Building s4') + t.chdir('${SOURCETREE}') + t.putenv('CC', 'ccache gcc') + t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C') + t.run_cmd('make -j') + t.run_cmd('rm -rf ${PREFIX}') + t.run_cmd('make -j install') + + +def provision_s4(t, func_level="2008"): + '''provision s4 as a DC''' + t.info('Provisioning s4') + t.chdir('${PREFIX}') + t.del_files(["var", "private"]) + t.run_cmd("rm -f etc/smb.conf") + provision = ['bin/samba-tool', + 'domain', + 'provision', + '--realm=${LCREALM}', + '--domain=${DOMAIN}', + '--adminpass=${PASSWORD1}', + '--server-role=domain controller', + '--function-level=%s' % func_level, + '-d${DEBUGLEVEL}', + '--option=interfaces=${INTERFACE}', + '--host-ip=${INTERFACE_IP}', + '--option=bind interfaces only=yes', + '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf', + '--dns-backend=${NAMESERVER_BACKEND}', + '${DNS_FORWARDER}'] + if t.getvar('USE_NTVFS'): + provision.append('${USE_NTVFS}') + + if t.getvar('INTERFACE_IPV6'): + provision.append('--host-ip6=${INTERFACE_IPV6}') + t.run_cmd(provision) + t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}') + t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}') + t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed') + + +def start_s4(t): + '''startup samba4''' + t.info('Starting Samba4') + t.chdir("${PREFIX}") + t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False) + t.run_cmd(['sbin/samba', + '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1']) + t.port_wait("${INTERFACE_IP}", 139) + + +def test_smbclient(t): + '''test smbclient against localhost''' + t.info('Testing smbclient') + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"]) + t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"]) + child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient)) + child.expect("smb:") + child.sendline("dir") + child.expect("blocks available") + child.sendline("mkdir testdir") + child.expect("smb:") + child.sendline("cd testdir") + child.expect('testdir') + child.sendline("cd ..") + child.sendline("rmdir testdir") + + +def create_shares(t): + '''create some test shares''' + t.info("Adding test shares") + t.chdir('${PREFIX}') + t.write_file("etc/smb.conf", ''' +[test] + path = ${PREFIX}/test + read only = no +[profiles] + path = ${PREFIX}/var/profiles + read only = no + ''', + mode='a') + t.run_cmd("mkdir -p test") + t.run_cmd("mkdir -p var/profiles") + + +def test_dns(t): + '''test that DNS is OK''' + t.info("Testing DNS") + t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.", + ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}']) + t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.", + ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}']) + t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}", + ['${HOSTNAME}.${LCREALM} has address']) + + +def test_kerberos(t): + '''test that kerberos is OK''' + t.info("Testing kerberos") + t.run_cmd("kdestroy") + t.kinit("administrator@${REALM}", "${PASSWORD1}") + # this copes with the differences between MIT and Heimdal klist + t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"]) + + +def test_dyndns(t): + '''test that dynamic DNS is working''' + t.chdir('${PREFIX}') + t.run_cmd("sbin/samba_dnsupdate --fail-immediately") + if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL': + t.rndc_cmd("flush") + + +def run_winjoin(t, vm): + '''join a windows box to our domain''' + t.setwinvars(vm) + + t.run_winjoin(t, "${LCREALM}") + + +def test_winjoin(t, vm): + t.info("Checking the windows join is OK") + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.port_wait("${WIN_IP}", 139) + t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100) + t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address']) + t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}") + child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test") + child.expect("The command completed successfully") + + +def run_dcpromo(t, vm): + '''run a dcpromo on windows''' + t.setwinvars(vm) + + t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo") + child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True) + child.sendline("copy /Y con answers.txt") + child.sendline(br''' +[DCINSTALL] +RebootOnSuccess=Yes +RebootOnCompletion=Yes +ReplicaOrNewDomain=Replica +ReplicaDomainDNSName=${LCREALM} +SiteName=Default-First-Site-Name +InstallDNS=No +ConfirmGc=Yes +CreateDNSDelegation=No +UserDomain=${LCREALM} +UserName=${LCREALM}\administrator +Password=${PASSWORD1} +DatabasePath="C:\Windows\NTDS" +LogPath="C:\Windows\NTDS" +SYSVOLPath="C:\Windows\SYSVOL" +SafeModeAdminPassword=${PASSWORD1} + +''') + child.expect("copied.") + child.expect("C:") + child.expect("C:") + child.sendline("dcpromo /answer:answers.txt") + i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240) + if i == 1 or i == 2: + child.sendline("echo off") + child.sendline("echo START DCPROMO log") + child.sendline(r"more c:\windows\debug\dcpromoui.log") + child.sendline("echo END DCPROMO log") + child.expect("END DCPROMO") + raise Exception("dcpromo failed") + t.wait_reboot() + + +def test_dcpromo(t, vm): + '''test that dcpromo worked''' + t.info("Checking the dcpromo join is OK") + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.port_wait("${WIN_IP}", 139) + t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}", + ['${WIN_HOSTNAME}.${LCREALM} has address'], + retries=30, delay=10, casefold=True) + t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address']) + t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + + t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful']) + t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful']) + + t.kinit("administrator@${REALM}", "${PASSWORD1}") + + # the first replication will transfer the dnsHostname attribute + t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"]) + + for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']: + t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"]) + t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"]) + + t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes", + ["INBOUND NEIGHBORS", + "${BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${BASEDN}", # cope with either order + "Last attempt .* was successful", + "OUTBOUND NEIGHBORS", + "${BASEDN}", + "Last success", + "CN=Configuration,${BASEDN}", + "Last success", + "CN=Configuration,${BASEDN}", + "Last success"], + ordered=True, + regex=True) + + t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes", + ["INBOUND NEIGHBORS", + "${BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${BASEDN}", + "Last attempt .* was successful", + "OUTBOUND NEIGHBORS", + "${BASEDN}", + "Last success", + "CN=Configuration,${BASEDN}", + "Last success", + "CN=Configuration,${BASEDN}", + "Last success"], + ordered=True, + regex=True) + + child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True) + child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test") + + retries = 10 + i = child.expect(["The command completed successfully", "The network path was not found"]) + while i == 1 and retries > 0: + child.expect("C:") + time.sleep(2) + child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test") + i = child.expect(["The command completed successfully", "The network path was not found"]) + retries -= 1 + + t.run_net_time(child) + + t.info("Checking if showrepl is happy") + child.sendline("repadmin /showrepl") + child.expect("${BASEDN}") + child.expect("was successful") + child.expect("CN=Configuration,${BASEDN}") + child.expect("was successful") + child.expect("CN=Schema,CN=Configuration,${BASEDN}") + child.expect("was successful") + + t.info("Checking if new users propagate to windows") + t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"]) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC']) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC']) + + t.info("Checking if new users on windows propagate to samba") + child.sendline("net user test3 ${PASSWORD3} /add") + while True: + i = child.expect(["The command completed successfully", + "The directory service was unable to allocate a relative identifier"]) + if i == 0: + break + time.sleep(2) + + t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC']) + t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC']) + + t.info("Checking propagation of user deletion") + t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}') + child.sendline("net user test3 /del") + child.expect("The command completed successfully") + + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE']) + t.vm_poweroff("${WIN_VM}") + + +def run_dcpromo_rodc(t, vm): + '''run a RODC dcpromo to join a windows DC to the samba domain''' + t.setwinvars(vm) + t.info("Joining a w2k8 box to the domain as a RODC") + t.vm_poweroff("${WIN_VM}", checkfail=False) + t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}") + child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True) + child.sendline("copy /Y con answers.txt") + child.sendline(br''' +[DCInstall] +ReplicaOrNewDomain=ReadOnlyReplica +ReplicaDomainDNSName=${LCREALM} +PasswordReplicationDenied="BUILTIN\Administrators" +PasswordReplicationDenied="BUILTIN\Server Operators" +PasswordReplicationDenied="BUILTIN\Backup Operators" +PasswordReplicationDenied="BUILTIN\Account Operators" +PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group" +PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group" +DelegatedAdmin="${DOMAIN}\Administrator" +SiteName=Default-First-Site-Name +InstallDNS=No +ConfirmGc=Yes +CreateDNSDelegation=No +UserDomain=${LCREALM} +UserName=${LCREALM}\administrator +Password=${PASSWORD1} +DatabasePath="C:\Windows\NTDS" +LogPath="C:\Windows\NTDS" +SYSVOLPath="C:\Windows\SYSVOL" +SafeModeAdminPassword=${PASSWORD1} +RebootOnCompletion=No + +''') + child.expect("copied.") + child.sendline("dcpromo /answer:answers.txt") + i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120) + if i != 0: + child.sendline("echo off") + child.sendline("echo START DCPROMO log") + child.sendline(r"more c:\windows\debug\dcpromoui.log") + child.sendline("echo END DCPROMO log") + child.expect("END DCPROMO") + raise Exception("dcpromo failed") + child.sendline("shutdown -r -t 0") + t.wait_reboot() + + +def test_dcpromo_rodc(t, vm): + '''test the RODC dcpromo worked''' + t.info("Checking the w2k8 RODC join is OK") + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.port_wait("${WIN_IP}", 139) + child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True) + child.sendline("ipconfig /registerdns") + t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address']) + t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"]) + child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test") + child.expect("The command completed successfully") + + t.info("Checking if showrepl is happy") + child.sendline("repadmin /showrepl") + child.expect("${BASEDN}") + child.expect("was successful") + child.expect("CN=Configuration,${BASEDN}") + child.expect("was successful") + child.expect("CN=Configuration,${BASEDN}") + child.expect("was successful") + + for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']: + t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"]) + + t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}", + ["INBOUND NEIGHBORS", + "OUTBOUND NEIGHBORS", + "${BASEDN}", + "Last attempt.*was successful", + "CN=Configuration,${BASEDN}", + "Last attempt.*was successful", + "CN=Configuration,${BASEDN}", + "Last attempt.*was successful"], + ordered=True, + regex=True) + + t.info("Checking if new users are available on windows") + t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}') + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC']) + t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"]) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC']) + t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}') + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE']) + t.vm_poweroff("${WIN_VM}") + + +def prep_join_as_dc(t, vm): + '''start VM and shutdown Samba in preparation to join a windows domain as a DC''' + t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC") + t.chdir('${PREFIX}') + t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False) + if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL': + t.rndc_cmd('flush') + t.run_cmd("rm -rf etc/smb.conf private") + child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True) + t.get_ipconfig(child) + + +def join_as_dc(t, vm): + '''join a windows domain as a DC''' + t.setwinvars(vm) + t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC") + t.port_wait("${WIN_IP}", 389) + t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record']) + + t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS']) + t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}') + t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + + +def test_join_as_dc(t, vm): + '''test the join of a windows domain as a DC''' + t.info("Checking the DC join is OK") + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address']) + child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True) + + t.info("Forcing kcc runs, and replication") + t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + + t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}") + for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']: + t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"]) + t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"]) + + child.sendline("ipconfig /flushdns") + child.expect("Successfully flushed") + + retries = 10 + i = 1 + while i == 1 and retries > 0: + child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test") + i = child.expect(["The command completed successfully", "The network path was not found"]) + child.expect("C:") + if i == 1: + time.sleep(2) + retries -= 1 + + t.info("Checking if showrepl is happy") + child.sendline("repadmin /showrepl") + child.expect("${WIN_BASEDN}") + child.expect("was successful") + child.expect("CN=Configuration,${WIN_BASEDN}") + child.expect("was successful") + child.expect("CN=Configuration,${WIN_BASEDN}") + child.expect("was successful") + + t.info("Checking if new users propagate to windows") + t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"]) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC']) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC']) + + t.info("Checking if new users on windows propagate to samba") + child.sendline("net user test3 ${PASSWORD3} /add") + child.expect("The command completed successfully") + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC']) + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC']) + + t.info("Checking propagation of user deletion") + t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}') + child.sendline("net user test3 /del") + child.expect("The command completed successfully") + + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE']) + + t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}') + + t.vm_poweroff("${WIN_VM}") + + +def join_as_rodc(t, vm): + '''join a windows domain as a RODC''' + t.setwinvars(vm) + t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC") + t.port_wait("${WIN_IP}", 389) + t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record']) + t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS']) + t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}') + t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + + +def test_join_as_rodc(t, vm): + '''test a windows domain RODC join''' + t.info("Checking the RODC join is OK") + smbclient = t.getvar("smbclient") + t.chdir('${PREFIX}') + t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"]) + t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address']) + child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True) + + t.info("Forcing kcc runs, and replication") + t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}') + + t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}") + for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']: + t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"]) + + retries = 10 + i = 1 + while i == 1 and retries > 0: + child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test") + i = child.expect(["The command completed successfully", "The network path was not found"]) + child.expect("C:") + if i == 1: + time.sleep(2) + retries -= 1 + + t.info("Checking if showrepl is happy") + child.sendline("repadmin /showrepl") + child.expect("DSA invocationID") + + t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes", + ["INBOUND NEIGHBORS", + "OUTBOUND NEIGHBORS", + "${WIN_BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${WIN_BASEDN}", + "Last attempt .* was successful", + "CN=Configuration,${WIN_BASEDN}", + "Last attempt .* was successful"], + ordered=True, + regex=True) + + t.info("Checking if new users on windows propagate to samba") + child.sendline("net user test3 ${PASSWORD3} /add") + child.expect("The command completed successfully") + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC']) + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC']) + + # should this work? + t.info("Checking if new users propagate to windows") + t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN']) + + t.info("Checking propagation of user deletion") + child.sendline("net user test3 /del") + child.expect("The command completed successfully") + + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE']) + t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE']) + t.vm_poweroff("${WIN_VM}") + + +def test_howto(t): + '''test the Samba4 howto''' + + t.setvar("SAMBA_VERSION", "Version 4") + t.setvar("smbclient", "bin/smbclient4") + t.check_prerequesites() + + # we don't need fsync safety in these tests + t.putenv('TDB_NO_FSYNC', '1') + + if not t.skip("configure_bind"): + t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf') + if not t.skip("stop_bind"): + t.stop_bind() + + if not t.skip("stop_vms"): + t.stop_vms() + + if not t.skip("build"): + build_s4(t) + + if not t.skip("provision"): + provision_s4(t) + + set_krb5_conf(t) + + if not t.skip("create-shares"): + create_shares(t) + + if not t.skip("starts4"): + start_s4(t) + if not t.skip("smbclient"): + test_smbclient(t) + + if not t.skip("configure_bind2"): + t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf') + if not t.skip("start_bind"): + t.start_bind() + + if not t.skip("dns"): + test_dns(t) + if not t.skip("kerberos"): + test_kerberos(t) + if not t.skip("dyndns"): + test_dyndns(t) + + if t.have_vm('WINDOWS7') and not t.skip("windows7"): + t.start_winvm("WINDOWS7") + t.test_remote_smbclient("WINDOWS7") + run_winjoin(t, "WINDOWS7") + test_winjoin(t, "WINDOWS7") + t.vm_poweroff("${WIN_VM}") + + if t.have_vm('WINXP') and not t.skip("winxp"): + t.start_winvm("WINXP") + run_winjoin(t, "WINXP") + test_winjoin(t, "WINXP") + t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}") + t.vm_poweroff("${WIN_VM}") + + if t.have_vm('W2K3C') and not t.skip("win2k3_member"): + t.start_winvm("W2K3C") + run_winjoin(t, "W2K3C") + test_winjoin(t, "W2K3C") + t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}") + t.vm_poweroff("${WIN_VM}") + + if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"): + t.info("Testing w2k8r2 RODC dcpromo") + t.start_winvm("W2K8R2C") + t.test_remote_smbclient('W2K8R2C') + run_dcpromo_rodc(t, "W2K8R2C") + test_dcpromo_rodc(t, "W2K8R2C") + + if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"): + t.info("Testing w2k8r2 dcpromo") + t.start_winvm("W2K8R2B") + t.test_remote_smbclient('W2K8R2B') + run_dcpromo(t, "W2K8R2B") + test_dcpromo(t, "W2K8R2B") + + if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"): + t.info("Testing w2k8 dcpromo") + t.start_winvm("W2K8B") + t.test_remote_smbclient('W2K8B') + run_dcpromo(t, "W2K8B") + test_dcpromo(t, "W2K8B") + + if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"): + t.info("Testing w2k3 dcpromo") + t.info("Changing to 2003 functional level") + provision_s4(t, func_level='2003') + create_shares(t) + start_s4(t) + test_smbclient(t) + t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf') + test_dns(t) + test_kerberos(t) + test_dyndns(t) + t.start_winvm("W2K3B") + t.test_remote_smbclient('W2K3B') + run_dcpromo(t, "W2K3B") + test_dcpromo(t, "W2K3B") + + if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"): + t.start_winvm("W2K8R2A") + prep_join_as_dc(t, "W2K8R2A") + t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2') + join_as_dc(t, "W2K8R2A") + create_shares(t) + start_s4(t) + test_dyndns(t) + test_join_as_dc(t, "W2K8R2A") + + if t.have_vm('W2K8R2A') and not t.skip("join_rodc"): + t.start_winvm("W2K8R2A") + prep_join_as_dc(t, "W2K8R2A") + t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2') + join_as_rodc(t, "W2K8R2A") + create_shares(t) + start_s4(t) + test_dyndns(t) + test_join_as_rodc(t, "W2K8R2A") + + if t.have_vm('W2K3A') and not t.skip("join_w2k3"): + t.start_winvm("W2K3A") + prep_join_as_dc(t, "W2K3A") + t.run_dcpromo_as_first_dc("W2K3A", func_level='2003') + join_as_dc(t, "W2K3A") + create_shares(t) + start_s4(t) + test_dyndns(t) + test_join_as_dc(t, "W2K3A") + + t.info("Howto test: All OK") + + +def test_cleanup(t): + '''cleanup after tests''' + t.info("Cleaning up ...") + t.restore_resolv_conf() + if getattr(t, 'bind_child', False): + t.bind_child.kill() + + +if __name__ == '__main__': + t = wintest.wintest() + + t.setup("test-s4-howto.py", "source4") + + try: + test_howto(t) + except: + if not t.opts.nocleanup: + test_cleanup(t) + raise + + if not t.opts.nocleanup: + test_cleanup(t) + t.info("S4 howto test: All OK") diff --git a/wintest/wintest.py b/wintest/wintest.py new file mode 100644 index 0000000..7d59e7a --- /dev/null +++ b/wintest/wintest.py @@ -0,0 +1,992 @@ +#!/usr/bin/env python3 + +'''automated testing library for testing Samba against windows''' + +import pexpect +import subprocess +import optparse +import sys +import os +import time +import re + + +class wintest(): + '''testing of Samba against windows VMs''' + + def __init__(self): + self.vars = {} + self.list_mode = False + self.vms = None + os.environ['PYTHONUNBUFFERED'] = '1' + self.parser = optparse.OptionParser("wintest") + + def check_prerequesites(self): + self.info("Checking prerequisites") + self.setvar('HOSTNAME', self.cmd_output("hostname -s").strip()) + if os.getuid() != 0: + raise Exception("You must run this script as root") + self.run_cmd('ifconfig ${INTERFACE} ${INTERFACE_NET} up') + if self.getvar('INTERFACE_IPV6'): + self.run_cmd('ifconfig ${INTERFACE} inet6 del ${INTERFACE_IPV6}/64', checkfail=False) + self.run_cmd('ifconfig ${INTERFACE} inet6 add ${INTERFACE_IPV6}/64 up') + + self.run_cmd('ifconfig ${NAMED_INTERFACE} ${NAMED_INTERFACE_NET} up') + if self.getvar('NAMED_INTERFACE_IPV6'): + self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 del ${NAMED_INTERFACE_IPV6}/64', checkfail=False) + self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 add ${NAMED_INTERFACE_IPV6}/64 up') + + def stop_vms(self): + '''Shut down any existing alive VMs, so they do not collide with what we are doing''' + self.info('Shutting down any of our VMs already running') + vms = self.get_vms() + for v in vms: + self.vm_poweroff(v, checkfail=False) + + def setvar(self, varname, value): + '''set a substitution variable''' + self.vars[varname] = value + + def getvar(self, varname): + '''return a substitution variable''' + if varname not in self.vars: + return None + return self.vars[varname] + + def setwinvars(self, vm, prefix='WIN'): + '''setup WIN_XX vars based on a vm name''' + for v in ['VM', 'HOSTNAME', 'USER', 'PASS', 'SNAPSHOT', 'REALM', 'DOMAIN', 'IP']: + vname = '%s_%s' % (vm, v) + if vname in self.vars: + self.setvar("%s_%s" % (prefix, v), self.substitute("${%s}" % vname)) + else: + self.vars.pop("%s_%s" % (prefix, v), None) + + if self.getvar("WIN_REALM"): + self.setvar("WIN_REALM", self.getvar("WIN_REALM").upper()) + self.setvar("WIN_LCREALM", self.getvar("WIN_REALM").lower()) + dnsdomain = self.getvar("WIN_REALM") + self.setvar("WIN_BASEDN", "DC=" + dnsdomain.replace(".", ",DC=")) + if self.getvar("WIN_USER") is None: + self.setvar("WIN_USER", "administrator") + + def info(self, msg): + '''print some information''' + if not self.list_mode: + print(self.substitute(msg)) + + def load_config(self, fname): + '''load the config file''' + f = open(fname) + for line in f: + line = line.strip() + if len(line) == 0 or line[0] == '#': + continue + colon = line.find(':') + if colon == -1: + raise RuntimeError("Invalid config line '%s'" % line) + varname = line[0:colon].strip() + value = line[colon + 1:].strip() + self.setvar(varname, value) + + def list_steps_mode(self): + '''put wintest in step listing mode''' + self.list_mode = True + + def set_skip(self, skiplist): + '''set a list of tests to skip''' + self.skiplist = skiplist.split(',') + + def set_vms(self, vms): + '''set a list of VMs to test''' + if vms is not None: + self.vms = [] + for vm in vms.split(','): + vm = vm.upper() + self.vms.append(vm) + + def skip(self, step): + '''return True if we should skip a step''' + if self.list_mode: + print("\t%s" % step) + return True + return step in self.skiplist + + def substitute(self, text): + """Substitute strings of the form ${NAME} in text, replacing + with substitutions from vars. + """ + if isinstance(text, list): + ret = text[:] + for i in range(len(ret)): + ret[i] = self.substitute(ret[i]) + return ret + + """We may have objects such as pexpect.EOF that are not strings""" + if not isinstance(text, str): + return text + while True: + var_start = text.find("${") + if var_start == -1: + return text + var_end = text.find("}", var_start) + if var_end == -1: + return text + var_name = text[var_start + 2:var_end] + if var_name not in self.vars: + raise RuntimeError("Unknown substitution variable ${%s}" % var_name) + text = text.replace("${%s}" % var_name, self.vars[var_name]) + + def have_var(self, varname): + '''see if a variable has been set''' + return varname in self.vars + + def have_vm(self, vmname): + '''see if a VM should be used''' + if not self.have_var(vmname + '_VM'): + return False + if self.vms is None: + return True + return vmname in self.vms + + def putenv(self, key, value): + '''putenv with substitution''' + os.environ[key] = self.substitute(value) + + def chdir(self, dir): + '''chdir with substitution''' + os.chdir(self.substitute(dir)) + + def del_files(self, dirs): + '''delete all files in the given directory''' + for d in dirs: + self.run_cmd("find %s -type f | xargs rm -f" % d) + + def write_file(self, filename, text, mode='w'): + '''write to a file''' + f = open(self.substitute(filename), mode=mode) + f.write(self.substitute(text)) + f.close() + + def run_cmd(self, cmd, dir=".", show=None, output=False, checkfail=True): + '''run a command''' + cmd = self.substitute(cmd) + if isinstance(cmd, list): + self.info('$ ' + " ".join(cmd)) + else: + self.info('$ ' + cmd) + if output: + return subprocess.Popen([cmd], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=dir).communicate()[0] + if isinstance(cmd, list): + shell = False + else: + shell = True + if checkfail: + return subprocess.check_call(cmd, shell=shell, cwd=dir) + else: + return subprocess.call(cmd, shell=shell, cwd=dir) + + def run_child(self, cmd, dir="."): + '''create a child and return the Popen handle to it''' + cwd = os.getcwd() + cmd = self.substitute(cmd) + if isinstance(cmd, list): + self.info('$ ' + " ".join(cmd)) + else: + self.info('$ ' + cmd) + if isinstance(cmd, list): + shell = False + else: + shell = True + os.chdir(dir) + ret = subprocess.Popen(cmd, shell=shell, stderr=subprocess.STDOUT) + os.chdir(cwd) + return ret + + def cmd_output(self, cmd): + '''return output from and command''' + cmd = self.substitute(cmd) + return self.run_cmd(cmd, output=True) + + def cmd_contains(self, cmd, contains, nomatch=False, ordered=False, regex=False, + casefold=True): + '''check that command output contains the listed strings''' + + if isinstance(contains, str): + contains = [contains] + + out = self.cmd_output(cmd) + self.info(out) + for c in self.substitute(contains): + if regex: + if casefold: + c = c.upper() + out = out.upper() + m = re.search(c, out) + if m is None: + start = -1 + end = -1 + else: + start = m.start() + end = m.end() + elif casefold: + start = out.upper().find(c.upper()) + end = start + len(c) + else: + start = out.find(c) + end = start + len(c) + if nomatch: + if start != -1: + raise RuntimeError("Expected to not see %s in %s" % (c, cmd)) + else: + if start == -1: + raise RuntimeError("Expected to see %s in %s" % (c, cmd)) + if ordered and start != -1: + out = out[end:] + + def retry_cmd(self, cmd, contains, retries=30, delay=2, wait_for_fail=False, + ordered=False, regex=False, casefold=True): + '''retry a command a number of times''' + while retries > 0: + try: + self.cmd_contains(cmd, contains, nomatch=wait_for_fail, + ordered=ordered, regex=regex, casefold=casefold) + return + except: + time.sleep(delay) + retries -= 1 + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + raise RuntimeError("Failed to find %s" % contains) + + def pexpect_spawn(self, cmd, timeout=60, crlf=True, casefold=True): + '''wrapper around pexpect spawn''' + cmd = self.substitute(cmd) + self.info("$ " + cmd) + ret = pexpect.spawn(cmd, logfile=sys.stdout, timeout=timeout) + + def sendline_sub(line): + line = self.substitute(line) + if crlf: + line = line.replace('\n', '\r\n') + '\r' + return ret.old_sendline(line) + + def expect_sub(line, timeout=ret.timeout, casefold=casefold): + line = self.substitute(line) + if casefold: + if isinstance(line, list): + for i in range(len(line)): + if isinstance(line[i], str): + line[i] = '(?i)' + line[i] + elif isinstance(line, str): + line = '(?i)' + line + return ret.old_expect(line, timeout=timeout) + + ret.old_sendline = ret.sendline + ret.sendline = sendline_sub + ret.old_expect = ret.expect + ret.expect = expect_sub + + return ret + + def get_nameserver(self): + '''Get the current nameserver from /etc/resolv.conf''' + child = self.pexpect_spawn('cat /etc/resolv.conf', crlf=False) + i = child.expect(['Generated by wintest', 'nameserver']) + if i == 0: + child.expect('your original resolv.conf') + child.expect('nameserver') + child.expect(r'\d+.\d+.\d+.\d+') + return child.after + + def rndc_cmd(self, cmd, checkfail=True): + '''run a rndc command''' + self.run_cmd("${RNDC} -c ${PREFIX}/etc/rndc.conf %s" % cmd, checkfail=checkfail) + + def named_supports_gssapi_keytab(self): + '''see if named supports tkey-gssapi-keytab''' + self.write_file("${PREFIX}/named.conf.test", + 'options { tkey-gssapi-keytab "test"; };') + try: + self.run_cmd("${NAMED_CHECKCONF} ${PREFIX}/named.conf.test") + except subprocess.CalledProcessError: + return False + return True + + def set_nameserver(self, nameserver): + '''set the nameserver in resolv.conf''' + self.write_file("/etc/resolv.conf.wintest", ''' +# Generated by wintest, the Samba v Windows automated testing system +nameserver %s + +# your original resolv.conf appears below: +''' % self.substitute(nameserver)) + child = self.pexpect_spawn("cat /etc/resolv.conf", crlf=False) + i = child.expect(['your original resolv.conf appears below:', pexpect.EOF]) + if i == 0: + child.expect(pexpect.EOF) + contents = child.before.lstrip().replace('\r', '') + self.write_file('/etc/resolv.conf.wintest', contents, mode='a') + self.write_file('/etc/resolv.conf.wintest-bak', contents) + self.run_cmd("mv -f /etc/resolv.conf.wintest /etc/resolv.conf") + self.resolv_conf_backup = '/etc/resolv.conf.wintest-bak' + + def configure_bind(self, kerberos_support=False, include=None): + self.chdir('${PREFIX}') + + if self.getvar('NAMED_INTERFACE_IPV6'): + ipv6_listen = 'listen-on-v6 port 53 { ${NAMED_INTERFACE_IPV6}; };' + else: + ipv6_listen = '' + self.setvar('BIND_LISTEN_IPV6', ipv6_listen) + + if not kerberos_support: + self.setvar("NAMED_TKEY_OPTION", "") + elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL': + if self.named_supports_gssapi_keytab(): + self.setvar("NAMED_TKEY_OPTION", + 'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";') + else: + self.info("LCREALM=${LCREALM}") + self.setvar("NAMED_TKEY_OPTION", + '''tkey-gssapi-credential "DNS/${LCREALM}"; + tkey-domain "${LCREALM}"; + ''') + self.putenv('KEYTAB_FILE', '${PREFIX}/bind-dns/dns.keytab') + self.putenv('KRB5_KTNAME', '${PREFIX}/bind-dns/dns.keytab') + else: + self.setvar("NAMED_TKEY_OPTION", "") + + if include and self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL': + self.setvar("NAMED_INCLUDE", 'include "%s";' % include) + else: + self.setvar("NAMED_INCLUDE", '') + + self.run_cmd("mkdir -p ${PREFIX}/etc") + + self.write_file("etc/named.conf", ''' +options { + listen-on port 53 { ${NAMED_INTERFACE_IP}; }; + ${BIND_LISTEN_IPV6} + directory "${PREFIX}/var/named"; + dump-file "${PREFIX}/var/named/data/cache_dump.db"; + pid-file "${PREFIX}/var/named/named.pid"; + statistics-file "${PREFIX}/var/named/data/named_stats.txt"; + memstatistics-file "${PREFIX}/var/named/data/named_mem_stats.txt"; + allow-query { any; }; + recursion yes; + ${NAMED_TKEY_OPTION} + max-cache-ttl 10; + max-ncache-ttl 10; + + forward only; + forwarders { + ${DNSSERVER}; + }; + +}; + +key "rndc-key" { + algorithm hmac-md5; + secret "lA/cTrno03mt5Ju17ybEYw=="; +}; + +controls { + inet ${NAMED_INTERFACE_IP} port 953 + allow { any; } keys { "rndc-key"; }; +}; + +${NAMED_INCLUDE} +''') + + if self.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL': + self.write_file('etc/named.conf', + ''' +zone "%s" IN { + type forward; + forward only; + forwarders { + %s; + }; +}; +''' % (self.getvar('LCREALM'), self.getvar('INTERFACE_IP')), + mode='a') + + # add forwarding for the windows domains + domains = self.get_domains() + + for d in domains: + self.write_file('etc/named.conf', + ''' +zone "%s" IN { + type forward; + forward only; + forwarders { + %s; + }; +}; +''' % (d, domains[d]), + mode='a') + + self.write_file("etc/rndc.conf", ''' +# Start of rndc.conf +key "rndc-key" { + algorithm hmac-md5; + secret "lA/cTrno03mt5Ju17ybEYw=="; +}; + +options { + default-key "rndc-key"; + default-server ${NAMED_INTERFACE_IP}; + default-port 953; +}; +''') + + def stop_bind(self): + '''Stop our private BIND from listening and operating''' + self.rndc_cmd("stop", checkfail=False) + self.port_wait("${NAMED_INTERFACE_IP}", 53, wait_for_fail=True) + + self.run_cmd("rm -rf var/named") + + def start_bind(self): + '''restart the test environment version of bind''' + self.info("Restarting bind9") + self.chdir('${PREFIX}') + + self.set_nameserver(self.getvar('NAMED_INTERFACE_IP')) + + self.run_cmd("mkdir -p var/named/data") + self.run_cmd("chown -R ${BIND_USER} var/named") + + self.bind_child = self.run_child("${BIND9} -u ${BIND_USER} -n 1 -c ${PREFIX}/etc/named.conf -g") + + self.port_wait("${NAMED_INTERFACE_IP}", 53) + self.rndc_cmd("flush") + + def restart_bind(self, kerberos_support=False, include=None): + self.configure_bind(kerberos_support=kerberos_support, include=include) + self.stop_bind() + self.start_bind() + + def restore_resolv_conf(self): + '''restore the /etc/resolv.conf after testing is complete''' + if getattr(self, 'resolv_conf_backup', False): + self.info("restoring /etc/resolv.conf") + self.run_cmd("mv -f %s /etc/resolv.conf" % self.resolv_conf_backup) + + def vm_poweroff(self, vmname, checkfail=True): + '''power off a VM''' + self.setvar('VMNAME', vmname) + self.run_cmd("${VM_POWEROFF}", checkfail=checkfail) + + def vm_reset(self, vmname): + '''reset a VM''' + self.setvar('VMNAME', vmname) + self.run_cmd("${VM_RESET}") + + def vm_restore(self, vmname, snapshot): + '''restore a VM''' + self.setvar('VMNAME', vmname) + self.setvar('SNAPSHOT', snapshot) + self.run_cmd("${VM_RESTORE}") + + def ping_wait(self, hostname): + '''wait for a hostname to come up on the network''' + hostname = self.substitute(hostname) + loops = 10 + while loops > 0: + try: + self.run_cmd("ping -c 1 -w 10 %s" % hostname) + break + except: + loops = loops - 1 + if loops == 0: + raise RuntimeError("Failed to ping %s" % hostname) + self.info("Host %s is up" % hostname) + + def port_wait(self, hostname, port, retries=200, delay=3, wait_for_fail=False): + '''wait for a host to come up on the network''' + + while retries > 0: + child = self.pexpect_spawn("nc -v -z -w 1 %s %u" % (hostname, port), crlf=False, timeout=1) + child.expect([pexpect.EOF, pexpect.TIMEOUT]) + child.close() + i = child.exitstatus + if wait_for_fail: + # wait for timeout or fail + if i is None or i > 0: + return + else: + if i == 0: + return + + time.sleep(delay) + retries -= 1 + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + + raise RuntimeError("gave up waiting for %s:%d" % (hostname, port)) + + def run_net_time(self, child): + '''run net time on windows''' + child.sendline("net time \\\\${HOSTNAME} /set") + child.expect("Do you want to set the local computer") + child.sendline("Y") + child.expect("The command completed successfully") + + def run_date_time(self, child, time_tuple=None): + '''run date and time on windows''' + if time_tuple is None: + time_tuple = time.localtime() + child.sendline("date") + child.expect("Enter the new date:") + i = child.expect(["dd-mm-yy", "mm-dd-yy"]) + if i == 0: + child.sendline(time.strftime("%d-%m-%y", time_tuple)) + else: + child.sendline(time.strftime("%m-%d-%y", time_tuple)) + child.expect("C:") + child.sendline("time") + child.expect("Enter the new time:") + child.sendline(time.strftime("%H:%M:%S", time_tuple)) + child.expect("C:") + + def get_ipconfig(self, child): + '''get the IP configuration of the child''' + child.sendline("ipconfig /all") + child.expect('Ethernet adapter ') + child.expect(r"[\w\s]+") + self.setvar("WIN_NIC", child.after) + child.expect(['IPv4 Address', 'IP Address']) + child.expect(r'\d+.\d+.\d+.\d+') + self.setvar('WIN_IPV4_ADDRESS', child.after) + child.expect('Subnet Mask') + child.expect(r'\d+.\d+.\d+.\d+') + self.setvar('WIN_SUBNET_MASK', child.after) + child.expect('Default Gateway') + i = child.expect([r'\d+.\d+.\d+.\d+', "C:"]) + if i == 0: + self.setvar('WIN_DEFAULT_GATEWAY', child.after) + child.expect("C:") + + def get_is_dc(self, child): + '''check if a windows machine is a domain controller''' + child.sendline("dcdiag") + i = child.expect(["is not a [Directory Server|DC]", + "is not recognized as an internal or external command", + "Home Server = ", + "passed test Replications"]) + if i == 0: + return False + if i == 1 or i == 3: + child.expect("C:") + child.sendline("net config Workstation") + child.expect("Workstation domain") + child.expect(r'[\S]+') + domain = child.after + i = child.expect(["Workstation Domain DNS Name", "Logon domain"]) + '''If we get the Logon domain first, we are not in an AD domain''' + if i == 1: + return False + if domain.upper() == self.getvar("WIN_DOMAIN").upper(): + return True + + child.expect(r'[\S]+') + hostname = child.after + if hostname.upper() == self.getvar("WIN_HOSTNAME").upper(): + return True + + def set_noexpire(self, child, username): + """Ensure this user's password does not expire""" + child.sendline('wmic useraccount where name="%s" set PasswordExpires=FALSE' % username) + child.expect("update successful") + child.expect("C:") + + def run_tlntadmn(self, child): + '''remove the annoying telnet restrictions''' + child.sendline('tlntadmn config maxconn=1024') + child.expect(["The settings were successfully updated", "Access is denied"]) + child.expect("C:") + + def disable_firewall(self, child): + '''remove the annoying firewall''' + child.sendline('netsh advfirewall set allprofiles state off') + i = child.expect(["Ok", "The following command was not found: advfirewall set allprofiles state off", "The requested operation requires elevation", "Access is denied"]) + child.expect("C:") + if i == 1: + child.sendline('netsh firewall set opmode mode = DISABLE profile = ALL') + i = child.expect(["Ok", "The following command was not found", "Access is denied"]) + if i != 0: + self.info("Firewall disable failed - ignoring") + child.expect("C:") + + def set_dns(self, child): + child.sendline('netsh interface ip set dns "${WIN_NIC}" static ${NAMED_INTERFACE_IP} primary') + i = child.expect(['C:', pexpect.EOF, pexpect.TIMEOUT], timeout=5) + if i > 0: + return True + else: + return False + + def set_ip(self, child): + """fix the IP address to the same value it had when we + connected, but don't use DHCP, and force the DNS server to our + DNS server. This allows DNS updates to run""" + self.get_ipconfig(child) + if self.getvar("WIN_IPV4_ADDRESS") != self.getvar("WIN_IP"): + raise RuntimeError("ipconfig address %s != nmblookup address %s" % (self.getvar("WIN_IPV4_ADDRESS"), + self.getvar("WIN_IP"))) + child.sendline('netsh') + child.expect('netsh>') + child.sendline('offline') + child.expect('netsh>') + child.sendline('routing ip add persistentroute dest=0.0.0.0 mask=0.0.0.0 name="${WIN_NIC}" nhop=${WIN_DEFAULT_GATEWAY}') + child.expect('netsh>') + child.sendline('interface ip set address "${WIN_NIC}" static ${WIN_IPV4_ADDRESS} ${WIN_SUBNET_MASK} ${WIN_DEFAULT_GATEWAY} 1 store=persistent') + i = child.expect(['The syntax supplied for this command is not valid. Check help for the correct syntax', 'netsh>', pexpect.EOF, pexpect.TIMEOUT], timeout=5) + if i == 0: + child.sendline('interface ip set address "${WIN_NIC}" static ${WIN_IPV4_ADDRESS} ${WIN_SUBNET_MASK} ${WIN_DEFAULT_GATEWAY} 1') + child.expect('netsh>') + child.sendline('commit') + child.sendline('online') + child.sendline('exit') + + child.expect([pexpect.EOF, pexpect.TIMEOUT], timeout=5) + return True + + def resolve_ip(self, hostname, retries=60, delay=5): + '''resolve an IP given a hostname, assuming NBT''' + while retries > 0: + child = self.pexpect_spawn("bin/nmblookup %s" % hostname) + i = 0 + while i == 0: + i = child.expect(["querying", r'\d+.\d+.\d+.\d+', hostname, "Lookup failed"]) + if i == 0: + child.expect("\r") + if i == 1: + return child.after + retries -= 1 + time.sleep(delay) + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + raise RuntimeError("Failed to resolve IP of %s" % hostname) + + def open_telnet(self, hostname, username, password, retries=60, delay=5, set_time=False, set_ip=False, + disable_firewall=True, run_tlntadmn=True, set_noexpire=False): + '''open a telnet connection to a windows server, return the pexpect child''' + set_route = False + set_dns = False + set_telnetclients = True + start_telnet = True + if self.getvar('WIN_IP'): + ip = self.getvar('WIN_IP') + else: + ip = self.resolve_ip(hostname) + self.setvar('WIN_IP', ip) + while retries > 0: + child = self.pexpect_spawn("telnet " + ip + " -l '" + username + "'") + i = child.expect(["Welcome to Microsoft Telnet Service", + "Denying new connections due to the limit on number of connections", + "No more connections are allowed to telnet server", + "Unable to connect to remote host", + "No route to host", + "Connection refused", + pexpect.EOF]) + if i != 0: + child.close() + time.sleep(delay) + retries -= 1 + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + continue + child.expect("password:") + child.sendline(password) + i = child.expect(["C:", + "TelnetClients", + "Denying new connections due to the limit on number of connections", + "No more connections are allowed to telnet server", + "Unable to connect to remote host", + "No route to host", + "Connection refused", + pexpect.EOF]) + if i == 1: + if set_telnetclients: + self.run_cmd('bin/net rpc group add TelnetClients -S $WIN_IP -U$WIN_USER%$WIN_PASS') + self.run_cmd('bin/net rpc group addmem TelnetClients "authenticated users" -S $WIN_IP -U$WIN_USER%$WIN_PASS') + child.close() + retries -= 1 + set_telnetclients = False + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + continue + else: + raise RuntimeError("Failed to connect with telnet due to missing TelnetClients membership") + + if i == 6: + # This only works if it is installed and enabled, but not started. Not entirely likely, but possible + self.run_cmd('bin/net rpc service start TlntSvr -S $WIN_IP -U$WIN_USER%$WIN_PASS') + child.close() + start_telnet = False + retries -= 1 + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + continue + + if i != 0: + child.close() + time.sleep(delay) + retries -= 1 + self.info("retrying (retries=%u delay=%u)" % (retries, delay)) + continue + if set_dns: + set_dns = False + if self.set_dns(child): + continue + if set_route: + child.sendline('route add 0.0.0.0 mask 0.0.0.0 ${WIN_DEFAULT_GATEWAY}') + child.expect("C:") + set_route = False + if set_time: + self.run_date_time(child, None) + set_time = False + if run_tlntadmn: + self.run_tlntadmn(child) + run_tlntadmn = False + if set_noexpire: + self.set_noexpire(child, username) + set_noexpire = False + if disable_firewall: + self.disable_firewall(child) + disable_firewall = False + if set_ip: + set_ip = False + if self.set_ip(child): + set_route = True + set_dns = True + continue + return child + raise RuntimeError("Failed to connect with telnet") + + def kinit(self, username, password): + '''use kinit to setup a credentials cache''' + self.run_cmd("kdestroy") + self.putenv('KRB5CCNAME', "${PREFIX}/ccache.test") + username = self.substitute(username) + s = username.split('@') + if len(s) > 0: + s[1] = s[1].upper() + username = '@'.join(s) + child = self.pexpect_spawn('kinit ' + username) + child.expect("Password") + child.sendline(password) + child.expect(pexpect.EOF) + child.close() + if child.exitstatus != 0: + raise RuntimeError("kinit failed with status %d" % child.exitstatus) + + def get_domains(self): + '''return a dictionary of DNS domains and IPs for named.conf''' + ret = {} + for v in self.vars: + if v[-6:] == "_REALM": + base = v[:-6] + if base + '_IP' in self.vars: + ret[self.vars[base + '_REALM']] = self.vars[base + '_IP'] + return ret + + def wait_reboot(self, retries=3): + '''wait for a VM to reboot''' + + # first wait for it to shutdown + self.port_wait("${WIN_IP}", 139, wait_for_fail=True, delay=6) + + # now wait for it to come back. If it fails to come back + # then try resetting it + while retries > 0: + try: + self.port_wait("${WIN_IP}", 139) + return + except: + retries -= 1 + self.vm_reset("${WIN_VM}") + self.info("retrying reboot (retries=%u)" % retries) + raise RuntimeError(self.substitute("VM ${WIN_VM} failed to reboot")) + + def get_vms(self): + '''return a dictionary of all the configured VM names''' + ret = [] + for v in self.vars: + if v[-3:] == "_VM": + ret.append(self.vars[v]) + return ret + + def run_dcpromo_as_first_dc(self, vm, func_level=None): + self.setwinvars(vm) + self.info("Configuring a windows VM ${WIN_VM} at the first DC in the domain using dcpromo") + child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True) + if self.get_is_dc(child): + return + + if func_level == '2008r2': + self.setvar("FUNCTION_LEVEL_INT", str(4)) + elif func_level == '2003': + self.setvar("FUNCTION_LEVEL_INT", str(1)) + else: + self.setvar("FUNCTION_LEVEL_INT", str(0)) + + child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True) + + """This server must therefore not yet be a directory server, so we must promote it""" + child.sendline("copy /Y con answers.txt") + child.sendline(br''' +[DCInstall] +; New forest promotion +ReplicaOrNewDomain=Domain +NewDomain=Forest +NewDomainDNSName=${WIN_REALM} +ForestLevel=${FUNCTION_LEVEL_INT} +DomainNetbiosName=${WIN_DOMAIN} +DomainLevel=${FUNCTION_LEVEL_INT} +InstallDNS=Yes +ConfirmGc=Yes +CreateDNSDelegation=No +DatabasePath="C:\Windows\NTDS" +LogPath="C:\Windows\NTDS" +SYSVOLPath="C:\Windows\SYSVOL" +; Set SafeModeAdminPassword to the correct value prior to using the unattend file +SafeModeAdminPassword=${WIN_PASS} +; Run-time flags (optional) +RebootOnCompletion=No + +''') + child.expect("copied.") + child.expect("C:") + child.expect("C:") + child.sendline("dcpromo /answer:answers.txt") + i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:", pexpect.TIMEOUT], timeout=240) + if i == 1 or i == 2: + raise Exception("dcpromo failed") + if i == 4: # timeout + child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}") + + child.sendline("shutdown -r -t 0") + self.port_wait("${WIN_IP}", 139, wait_for_fail=True) + self.port_wait("${WIN_IP}", 139) + + child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}") + # Check if we became a DC by now + if not self.get_is_dc(child): + raise Exception("dcpromo failed (and wasn't a DC even after rebooting)") + # Give DNS registration a kick + child.sendline("ipconfig /registerdns") + + self.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'], retries=60, delay=5) + + def start_winvm(self, vm): + '''start a Windows VM''' + self.setwinvars(vm) + + self.info("Joining a windows box to the domain") + self.vm_poweroff("${WIN_VM}", checkfail=False) + self.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}") + + def run_winjoin(self, vm, domain, username="administrator", password="${PASSWORD1}"): + '''join a windows box to a domain''' + child = self.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True, set_noexpire=True) + retries = 5 + while retries > 0: + child.sendline("ipconfig /flushdns") + child.expect("C:") + child.sendline("netdom join ${WIN_HOSTNAME} /Domain:%s /UserD:%s /PasswordD:%s" % (domain, username, password)) + i = child.expect(["The command completed successfully", + "The specified domain either does not exist or could not be contacted."], timeout=120) + if i == 0: + break + time.sleep(10) + retries -= 1 + + child.expect("C:") + child.sendline("shutdown /r -t 0") + self.wait_reboot() + child = self.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True) + child.sendline("ipconfig /registerdns") + child.expect("Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer") + child.expect("C:") + + def test_remote_smbclient(self, vm, username="${WIN_USER}", password="${WIN_PASS}", args=""): + '''test smbclient against remote server''' + self.setwinvars(vm) + self.info('Testing smbclient') + self.chdir('${PREFIX}') + smbclient = self.getvar("smbclient") + self.cmd_contains("%s --version" % (smbclient), ["${SAMBA_VERSION}"]) + self.retry_cmd('%s -L ${WIN_HOSTNAME} -U%s%%%s %s' % (smbclient, username, password, args), ["IPC"], retries=60, delay=5) + + def test_net_use(self, vm, realm, domain, username, password): + self.setwinvars(vm) + self.info('Testing net use against Samba3 member') + child = self.open_telnet("${WIN_HOSTNAME}", "%s\\%s" % (domain, username), password) + child.sendline("net use t: \\\\${HOSTNAME}.%s\\test" % realm) + child.expect("The command completed successfully") + + def setup(self, testname, subdir): + '''setup for main tests, parsing command line''' + self.parser.add_option("--conf", type='string', default='', help='config file') + self.parser.add_option("--skip", type='string', default='', help='list of steps to skip (comma separated)') + self.parser.add_option("--vms", type='string', default=None, help='list of VMs to use (comma separated)') + self.parser.add_option("--list", action='store_true', default=False, help='list the available steps') + self.parser.add_option("--rebase", action='store_true', default=False, help='do a git pull --rebase') + self.parser.add_option("--clean", action='store_true', default=False, help='clean the tree') + self.parser.add_option("--prefix", type='string', default=None, help='override install prefix') + self.parser.add_option("--sourcetree", type='string', default=None, help='override sourcetree location') + self.parser.add_option("--nocleanup", action='store_true', default=False, help='disable cleanup code') + self.parser.add_option("--use-ntvfs", action='store_true', default=False, help='use NTVFS for the fileserver') + self.parser.add_option("--dns-backend", type="choice", + choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"], + help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " + "BIND9_FLATFILE uses bind9 text database to store zone information, " + "BIND9_DLZ uses samba4 AD to store zone information, " + "NONE skips the DNS setup entirely (not recommended)", + default="SAMBA_INTERNAL") + + self.opts, self.args = self.parser.parse_args() + + if not self.opts.conf: + print("Please specify a config file with --conf") + sys.exit(1) + + # we don't need fsync safety in these tests + self.putenv('TDB_NO_FSYNC', '1') + + self.load_config(self.opts.conf) + + nameserver = self.get_nameserver() + if nameserver == self.getvar('NAMED_INTERFACE_IP'): + raise RuntimeError("old /etc/resolv.conf must not contain %s as a nameserver, this will create loops with the generated dns configuration" % nameserver) + self.setvar('DNSSERVER', nameserver) + + self.set_skip(self.opts.skip) + self.set_vms(self.opts.vms) + + if self.opts.list: + self.list_steps_mode() + + if self.opts.prefix: + self.setvar('PREFIX', self.opts.prefix) + + if self.opts.sourcetree: + self.setvar('SOURCETREE', self.opts.sourcetree) + + if self.opts.rebase: + self.info('rebasing') + self.chdir('${SOURCETREE}') + self.run_cmd('git pull --rebase') + + if self.opts.clean: + self.info('cleaning') + self.chdir('${SOURCETREE}/' + subdir) + self.run_cmd('make clean') + + if self.opts.use_ntvfs: + self.setvar('USE_NTVFS', "--use-ntvfs") + else: + self.setvar('USE_NTVFS', "") + + self.setvar('NAMESERVER_BACKEND', self.opts.dns_backend) + + self.setvar('DNS_FORWARDER', "--option=dns forwarder=%s" % nameserver) -- cgit v1.2.3