diff options
-rw-r--r-- | source4/script/tests/mk-fedora-ds.sh | 73 | ||||
-rw-r--r-- | source4/script/tests/mk-keyblobs.sh | 155 | ||||
-rw-r--r-- | source4/script/tests/mk-openldap.sh | 122 | ||||
-rwxr-xr-x | source4/script/tests/mktestsetup.sh | 341 | ||||
-rwxr-xr-x | source4/script/tests/test_functions.sh | 2 |
5 files changed, 356 insertions, 337 deletions
diff --git a/source4/script/tests/mk-fedora-ds.sh b/source4/script/tests/mk-fedora-ds.sh new file mode 100644 index 0000000000..b10d46881c --- /dev/null +++ b/source4/script/tests/mk-fedora-ds.sh @@ -0,0 +1,73 @@ +FEDORA_DS_INF=$LDAPDIR/fedorads.inf +export FEDORA_DS_INF +FEDORA_DS_INITIAL_LDIF=$LDAPDIR/fedorads-initial-ldif.inf +FEDORA_DS_LDAP_PORT=3389 + +LDAP_URI="ldap://127.0.0.1:$FEDORA_DS_LDAP_PORT" + +$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $LDAPDIR/99_ad.ldif >&2 + +cat >$FEDORA_DS_INF <<EOF + +[General] +SuiteSpotUserID = $ROOT +FullMachineName= localhost +ServerRoot= $LDAPDIR +ConfigDirectoryLdapURL= $FEDORA_DS_LDAP_URI/o=NetscapeRoot +ConfigDirectoryAdminID= $USERNAME +AdminDomain= localdomain +ConfigDirectoryAdminPwd= $PASSWORD + +Components= svrcore,base,slapd + +[slapd] +ServerPort= $FEDORA_DS_LDAP_PORT +Suffix= $BASEDN +RootDN= cn=Manager,$BASEDN +RootDNPwd= $PASSWORD +Components= slapd +ServerIdentifier= samba4 +InstallLdifFile=$FEDORA_DS_INITIAL_LDIF + +inst_dir= $LDAPDIR/slapd-samba4 +config_dir= $LDAPDIR/slapd-samba4 +schema_dir= $LDAPDIR/slapd-samba4/schema +lock_dir= $LDAPDIR/slapd-samba4/lock +log_dir= $LDAPDIR/slapd-samba4/logs +run_dir= $LDAPDIR/slapd-samba4/logs +db_dir= $LDAPDIR/slapd-samba4/db +bak_dir= $LDAPDIR/slapd-samba4/bak +tmp_dir= $LDAPDIR/slapd-samba4/tmp +ldif_dir= $LDAPDIR/slapd-samba4/ldif +cert_dir= $LDAPDIR/slapd-samba4 + +[base] +Components= base + +EOF + +cat >$FEDORA_DS_INITIAL_LDIF<<EOF +# These entries need to be added to get the container for the +# provision to be aimed at. + +dn: cn="dc=$BASEDN",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: UserData +cn: $BASEDN + +dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: $BASEDN + +EOF + +LDAP_URI_ESCAPE=$LDAP_URI; +PROVISION_OPTIONS="$PROVISION_OPTIONS --ldap-module=nsuniqueid" +#it is easier to base64 encode this than correctly escape it: +# (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");) +PROVISION_ACI="--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK" + diff --git a/source4/script/tests/mk-keyblobs.sh b/source4/script/tests/mk-keyblobs.sh new file mode 100644 index 0000000000..8988fd1801 --- /dev/null +++ b/source4/script/tests/mk-keyblobs.sh @@ -0,0 +1,155 @@ +#TLS and PKINIT crypto blobs +TLSDIR=$PRIVATEDIR/tls +DHFILE=$TLSDIR/dhparms.pem +CAFILE=$TLSDIR/ca.pem +CERTFILE=$TLSDIR/cert.pem +REQKDC=$TLSDIR/req-kdc.der +KDCCERTFILE=$TLSDIR/kdc.pem +KEYFILE=$TLSDIR/key.pem +ADMINKEYFILE=$TLSDIR/adminkey.pem +REQADMIN=$TLSDIR/req-admin.der +ADMINKEYFILE=$TLSDIR/adminkey.pem +ADMINCERTFILE=$TLSDIR/admincert.pem + +#This is specified here to avoid draining entropy on every run +cat >$DHFILE<<EOF +-----BEGIN DH PARAMETERS----- +MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO +svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv +YX70obsCAQI= +-----END DH PARAMETERS----- + +EOF + +#Likewise, we pregenerate the key material. This allows the +#other certificates to be pre-generated +cat >$KEYFILE<<EOF +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc +ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H +6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB +AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6 +HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq +szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p +9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X +8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ +vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC +kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu +jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz +Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki +cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG +-----END RSA PRIVATE KEY----- + +EOF + +cat >$ADMINKEYFILE<<EOF +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF +5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM +XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB +AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB +cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L +osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN +u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4 +eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz +I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4 +ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2 +OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE +yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG ++cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko +-----END RSA PRIVATE KEY----- + +EOF + +#generated with +#hxtool issue-certificate --self-signed --issue-ca --ca-private-key=FILE:$KEYFILE \ +# --subject="CN=CA,$BASEDN" --certificate="FILE:$CAFILE" + +cat >$CAFILE<<EOF +-----BEGIN CERTIFICATE----- +MIIChTCCAe6gAwIBAgIUFZoF6jt0R+hQBdF7cWPy0tT3fGwwCwYJKoZIhvcNAQEFMFIxEzAR +BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy +LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDU1MzA5WhgPMjAwODAxMjQw +NTUzMDlaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl +MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6 +I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm +ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo1YwVDAOBgNVHQ8BAf8EBAMC +AqQwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIw +DwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQBgzh5uLDmESGYv60iUdEfuk/T9 +VCpzb1z3VJVWt3uJoQYbcpR00SKeyMdlfTTLzO6tSPMmlk4hwqfvLkPzGCSObR4DRRYa0BtY +2laBVlg9X59bGpMUvpFQfpvxjvFWNJDL+377ELCVpLNdoR23I9TKXlalj0bY5Ks46CVIrm6W +EA== +-----END CERTIFICATE----- + +EOF + +#generated with GNUTLS internally in Samba. + +cat >$CERTFILE<<EOF +-----BEGIN CERTIFICATE----- +MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft +YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1 +dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw +NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p +c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0 +ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB +jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+ +S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p +PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw +IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB +BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG +LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz +nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA== +-----END CERTIFICATE----- + +EOF + +#KDC certificate +# hxtool request-create --subject="CN=krbtgt,cn=users,$basedn" --key=FILE:$KEYFILE $KDCREQ + +# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-kdc" --pk-init-principal="krbtgt/$RELAM@$REALM" --req="$KDCREQ" --certificate="FILE:$KDCCERTFILE" + +cat >$KDCCERTFILE<<EOF +-----BEGIN CERTIFICATE----- +MIIDDDCCAnWgAwIBAgIUDEhjaOT1ZjHjHHEn+l5eYO05oK8wCwYJKoZIhvcNAQEFMFIxEzAR +BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy +LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcwNzA4WhgPMjAwODAxMjQw +NzA3MDhaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl +MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0 +Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF +yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5 +PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB +AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w +S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji +dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK +MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOBgQCMSgLkIv9RobE0a95H2ECA+5YABBwKXIt4AyN/HpV7iJdRx7B9PE6vM+nboVKY +E7i7ECUc3bu6NgrLu7CKHelNclHWWMiZzSUwhkXyvG/LE9qtr/onNu9NfLt1OV+dwQwyLdEP +n63FxSmsKg3dfi3ryQI/DIKeisvipwDtLqOn9g== +-----END CERTIFICATE----- + +EOF + +#hxtool request-create --subject="CN=Administrator,cn=users,$basedn" --key=FILE:$ADMINKEYFILE $ADMINREQFILE +#hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-client" --pk-init-principal="administrator@$REALM" --req="$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" + +cat >$ADMINCERTFILE<<EOF +-----BEGIN CERTIFICATE----- +MIICwjCCAiugAwIBAgIUXyECoq4im33ByZDWZMGhtpvHYWEwCwYJKoZIhvcNAQEFMFIxEzAR +BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy +LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcyMzE2WhgPMjAwODAxMjQw +NzIzMTZaMCgxDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1pbmlzdHJhdG9yMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHE +si5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM +XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQABo4G8MIG5 +MA4GA1UdDwEB/wQEAwIFoDASBgNVHSUECzAJBgcrBgEFAgMEMEgGA1UdEQRBMD+gPQYGKwYB +BQICoDMwMaATGxFTQU1CQS5FWEFNUExFLkNPTaEaMBigAwIBAaERMA8bDWFkbWluaXN0cmF0 +b3IwHwYDVR0jBBgwFoAUwtm596AMotmzRU7IVdgrUvozyjIwHQYDVR0OBBYEFCDzVsvJ8IDz +wLYH8EONeUa5oVrGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbTCnaPTieVZPV3bH +UmAMbnF9+YN1mCbe2xZJ0xzve+Yw1XO82iv/9kZaZkcRkaQt2qcwsBK/aSPOgfqGx+mJ7hXQ +AGWvAJhnWi25PawNaRysCN8WC6+nWKR4d2O2m5rpj3T9kH5WE7QbG0bCu92dGaS29FvWDCP3 +q9pRtDOoAZc= +-----END CERTIFICATE----- + +EOF diff --git a/source4/script/tests/mk-openldap.sh b/source4/script/tests/mk-openldap.sh new file mode 100644 index 0000000000..0759532d3f --- /dev/null +++ b/source4/script/tests/mk-openldap.sh @@ -0,0 +1,122 @@ +SLAPD_CONF=$LDAPDIR/slapd.conf +export SLAPD_CONF + +cat >$SLAPD_CONF <<EOF +loglevel 0 + +include $LDAPDIR/ad.schema + +pidfile $PIDDIR/slapd.pid +argsfile $LDAPDIR/slapd.args +sasl-realm $DNSNAME +access to * by * write + +allow update_anon + +authz-regexp + uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth + ldap:///$BASEDN??sub?(samAccountName=\$1) + +authz-regexp + uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth + ldap:///$BASEDN??sub?(samAccountName=\$1) + +include $LDAPDIR/modules.conf + +defaultsearchbase "$BASEDN" + +backend bdb +database bdb +suffix "$BASEDN" +rootdn "cn=Manager,$BASEDN" +rootpw $PASSWORD +directory $LDAPDIR/db +index objectClass eq +index samAccountName eq +index name eq +index objectSid eq +index objectCategory eq +index member eq +index uidNumber eq +index gidNumber eq +index unixName eq +index privilege eq +index nCName eq pres +index lDAPDisplayName eq +index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres + +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + +EOF + +cat > $LDAPDIR/db/DB_CONFIG <<EOF +# + # Set the database in memory cache size. + # + set_cachesize 0 524288 0 + + + # + # Set database flags (this is a test environment, we don't need to fsync()). + # + set_flags DB_TXN_NOSYNC + + # + # Set log values. + # + set_lg_regionmax 104857 + set_lg_max 1048576 + set_lg_bsize 209715 + set_lg_dir $LDAPDIR/db/bdb-logs + + + # + # Set temporary file creation directory. + # + set_tmp_dir $LDAPDIR/db/tmp +EOF + +LDAP_URI="ldapi://$LDAPDIR/ldapi" +LDAP_URI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'` +export LDAP_URI +export LDAP_URI_ESCAPE + +#This uses the provision we just did, to read out the schema +$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2 + +#Now create an LDAP baseDN +$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-base >&2 + +OLDPATH=$PATH +PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH +export PATH + +MODCONF=$LDAPDIR/modules.conf +rm -f $MODCONF +touch $MODCONF + +slaptest -u -f $SLAPD_CONF >&2 || { + echo "enabling slapd modules" >&2 + cat > $MODCONF <<EOF +modulepath /usr/lib/ldap +moduleload back_bdb +EOF +} + +if slaptest -u -f $SLAPD_CONF; then + slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || { + echo "slapadd failed" >&2 + } + + slaptest -f $SLAPD_CONF >/dev/null || { + echo "slaptest after database load failed" >&2 + } +fi + +PATH=$OLDPATH +export PATH + diff --git a/source4/script/tests/mktestsetup.sh b/source4/script/tests/mktestsetup.sh index 7dd35672dc..2e6c6537a2 100755 --- a/source4/script/tests/mktestsetup.sh +++ b/source4/script/tests/mktestsetup.sh @@ -74,14 +74,9 @@ ADMINCERTFILE=$TLSDIR/admincert.pem WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket CONFIGURATION="--configfile=$CONFFILE" LDAPDIR=$PREFIX_ABS/ldap -SLAPD_CONF=$LDAPDIR/slapd.conf -FEDORA_DS_INF=$LDAPDIR/fedorads.inf -FEDORA_DS_INITIAL_LDIF=$LDAPDIR/fedorads-initial-ldif.inf -FEDORA_DS_LDAP_PORT=3389 export CONFIGURATION export CONFFILE -export SLAPD_CONF export PIDDIR export AUTH export SERVER @@ -158,7 +153,7 @@ cat >$CONFFILE<<EOF path = $TMPDIR EOF -## Override default srahes_config.ldb file +## Override default share.ldb file rm -f $PRIVATEDIR/share.ldb cat >$PRIVATEDIR/share.ldif<<EOF ### Shares basedn @@ -265,287 +260,7 @@ cat >$KRB5_CONFIG<<EOF EOF export KRB5_CONFIG -#This is specified here to avoid draining entropy on every run -cat >$DHFILE<<EOF ------BEGIN DH PARAMETERS----- -MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO -svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv -YX70obsCAQI= ------END DH PARAMETERS----- - -EOF - -#Likewise, we pregenerate the key material. This allows the -#other certificates to be pre-generated -cat >$KEYFILE<<EOF ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc -ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H -6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB -AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6 -HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq -szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p -9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X -8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ -vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC -kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu -jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz -Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki -cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG ------END RSA PRIVATE KEY----- - -EOF - -cat >$ADMINKEYFILE<<EOF ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF -5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM -XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB -AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB -cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L -osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN -u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4 -eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz -I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4 -ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2 -OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE -yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG -+cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko ------END RSA PRIVATE KEY----- - -EOF - -#generated with -#hxtool issue-certificate --self-signed --issue-ca --ca-private-key=FILE:$KEYFILE \ -# --subject="CN=CA,$BASEDN" --certificate="FILE:$CAFILE" - -cat >$CAFILE<<EOF ------BEGIN CERTIFICATE----- -MIIChTCCAe6gAwIBAgIUFZoF6jt0R+hQBdF7cWPy0tT3fGwwCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDU1MzA5WhgPMjAwODAxMjQw -NTUzMDlaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl -MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6 -I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm -ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo1YwVDAOBgNVHQ8BAf8EBAMC -AqQwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIw -DwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQBgzh5uLDmESGYv60iUdEfuk/T9 -VCpzb1z3VJVWt3uJoQYbcpR00SKeyMdlfTTLzO6tSPMmlk4hwqfvLkPzGCSObR4DRRYa0BtY -2laBVlg9X59bGpMUvpFQfpvxjvFWNJDL+377ELCVpLNdoR23I9TKXlalj0bY5Ks46CVIrm6W -EA== ------END CERTIFICATE----- - -EOF - -#generated with GNUTLS internally in Samba. - -cat >$CERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft -YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1 -dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw -NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p -c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0 -ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB -jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+ -S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p -PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw -IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB -BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG -LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz -nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA== ------END CERTIFICATE----- - -EOF - -#KDC certificate -# hxtool request-create --subject="CN=krbtgt,cn=users,$basedn" --key=FILE:$KEYFILE $KDCREQ - -# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-kdc" --pk-init-principal="krbtgt/$RELAM@$REALM" --req="$KDCREQ" --certificate="FILE:$KDCCERTFILE" - -cat >$KDCCERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIIDDDCCAnWgAwIBAgIUDEhjaOT1ZjHjHHEn+l5eYO05oK8wCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcwNzA4WhgPMjAwODAxMjQw -NzA3MDhaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl -MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0 -Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF -yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5 -PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB -AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w -S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji -dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK -MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B -AQUFAAOBgQCMSgLkIv9RobE0a95H2ECA+5YABBwKXIt4AyN/HpV7iJdRx7B9PE6vM+nboVKY -E7i7ECUc3bu6NgrLu7CKHelNclHWWMiZzSUwhkXyvG/LE9qtr/onNu9NfLt1OV+dwQwyLdEP -n63FxSmsKg3dfi3ryQI/DIKeisvipwDtLqOn9g== ------END CERTIFICATE----- - -EOF - -#hxtool request-create --subject="CN=Administrator,cn=users,$basedn" --key=FILE:$ADMINKEYFILE $ADMINREQFILE -#hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-client" --pk-init-principal="administrator@$REALM" --req="$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" - -cat >$ADMINCERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIICwjCCAiugAwIBAgIUXyECoq4im33ByZDWZMGhtpvHYWEwCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcyMzE2WhgPMjAwODAxMjQw -NzIzMTZaMCgxDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1pbmlzdHJhdG9yMIGfMA0G -CSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHE -si5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM -XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQABo4G8MIG5 -MA4GA1UdDwEB/wQEAwIFoDASBgNVHSUECzAJBgcrBgEFAgMEMEgGA1UdEQRBMD+gPQYGKwYB -BQICoDMwMaATGxFTQU1CQS5FWEFNUExFLkNPTaEaMBigAwIBAaERMA8bDWFkbWluaXN0cmF0 -b3IwHwYDVR0jBBgwFoAUwtm596AMotmzRU7IVdgrUvozyjIwHQYDVR0OBBYEFCDzVsvJ8IDz -wLYH8EONeUa5oVrGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbTCnaPTieVZPV3bH -UmAMbnF9+YN1mCbe2xZJ0xzve+Yw1XO82iv/9kZaZkcRkaQt2qcwsBK/aSPOgfqGx+mJ7hXQ -AGWvAJhnWi25PawNaRysCN8WC6+nWKR4d2O2m5rpj3T9kH5WE7QbG0bCu92dGaS29FvWDCP3 -q9pRtDOoAZc= ------END CERTIFICATE----- - -EOF - -cat >$SLAPD_CONF <<EOF -loglevel 0 - -include $LDAPDIR/ad.schema - -pidfile $PIDDIR/slapd.pid -argsfile $LDAPDIR/slapd.args -sasl-realm $DNSNAME -access to * by * write - -allow update_anon - -authz-regexp - uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth - ldap:///$BASEDN??sub?(samAccountName=\$1) - -authz-regexp - uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth - ldap:///$BASEDN??sub?(samAccountName=\$1) - -include $LDAPDIR/modules.conf - -defaultsearchbase "$BASEDN" - -backend bdb -database bdb -suffix "$BASEDN" -rootdn "cn=Manager,$BASEDN" -rootpw $PASSWORD -directory $LDAPDIR/db -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index member eq -index uidNumber eq -index gidNumber eq -index unixName eq -index privilege eq -index nCName eq pres -index lDAPDisplayName eq -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq pres - -overlay syncprov -syncprov-checkpoint 100 10 -syncprov-sessionlog 100 - -EOF - -cat > $LDAPDIR/db/DB_CONFIG <<EOF -# - # Set the database in memory cache size. - # - set_cachesize 0 524288 0 - - - # - # Set database flags (this is a test environment, we don't need to fsync()). - # - set_flags DB_TXN_NOSYNC - - # - # Set log values. - # - set_lg_regionmax 104857 - set_lg_max 1048576 - set_lg_bsize 209715 - set_lg_dir $LDAPDIR/db/bdb-logs - - - # - # Set temporary file creation directory. - # - set_tmp_dir $LDAPDIR/db/tmp -EOF - -FEDORA_DS_LDAP_URI="ldap://127.0.0.1:$FEDORA_DS_LDAP_PORT" - -cat >$FEDORA_DS_INF <<EOF - -[General] -SuiteSpotUserID = $ROOT -FullMachineName= localhost -ServerRoot= $LDAPDIR -ConfigDirectoryLdapURL= $FEDORA_DS_LDAP_URI/o=NetscapeRoot -ConfigDirectoryAdminID= $USERNAME -AdminDomain= localdomain -ConfigDirectoryAdminPwd= $PASSWORD - -Components= svrcore,base,slapd - -[slapd] -ServerPort= $FEDORA_DS_LDAP_PORT -Suffix= $BASEDN -RootDN= cn=Manager,$BASEDN -RootDNPwd= $PASSWORD -Components= slapd -ServerIdentifier= samba4 -InstallLdifFile=$FEDORA_DS_INITIAL_LDIF - -inst_dir= $LDAPDIR/slapd-samba4 -config_dir= $LDAPDIR/slapd-samba4 -schema_dir= $LDAPDIR/slapd-samba4/schema -lock_dir= $LDAPDIR/slapd-samba4/lock -log_dir= $LDAPDIR/slapd-samba4/logs -run_dir= $LDAPDIR/slapd-samba4/logs -db_dir= $LDAPDIR/slapd-samba4/db -bak_dir= $LDAPDIR/slapd-samba4/bak -tmp_dir= $LDAPDIR/slapd-samba4/tmp -ldif_dir= $LDAPDIR/slapd-samba4/ldif -cert_dir= $LDAPDIR/slapd-samba4 - -[base] -Components= base - -EOF - -cat >$FEDORA_DS_INITIAL_LDIF<<EOF -# These entries need to be added to get the container for the -# provision to be aimed at. - -dn: cn="dc=$BASEDN",cn=mapping tree,cn=config -objectclass: top -objectclass: extensibleObject -objectclass: nsMappingTree -nsslapd-state: backend -nsslapd-backend: UserData -cn: $BASEDN - -dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config -objectclass: extensibleObject -objectclass: nsBackendInstance -nsslapd-suffix: $BASEDN - -EOF +. `dirname $0`/mk-keyblobs.sh PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1" PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM" @@ -553,57 +268,12 @@ PROVISION_OPTIONS="$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT" PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT" $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS >&2 -if test -z "$FEDORA_DS_PREFIX"; then - LDAP_URI="ldapi://$LDAPDIR/ldapi" - LDAP_URI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'` -export LDAPI -export LDAPI_ESCAPE -else - LDAP_URI=$FEDORA_DS_LDAP_URI; - LDAP_URI_ESCAPE=$FEDORA_DS_LDAP_URI; - PROVISION_OPTIONS="$PROVISION_OPTIONS --ldap-module=nsuniqueid" - #it is easier to base64 encode this than correctly escape it: - # (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");) - PROVISION_ACI="--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK" -fi - - -#This uses the provision we just did, to read out the schema -$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2 -$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $LDAPDIR/99_ad.ldif >&2 - -#Now create an LDAP baseDN -$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS "$PROVISION_ACI" --ldap-base >&2 - -OLDPATH=$PATH -PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH -export PATH +. `dirname $0`/mk-openldap.sh -MODCONF=$LDAPDIR/modules.conf -rm -f $MODCONF -touch $MODCONF - -slaptest -u -f $SLAPD_CONF >&2 || { - echo "enabling slapd modules" >&2 - cat > $MODCONF <<EOF -modulepath /usr/lib/ldap -moduleload back_bdb -EOF +test -z "$FEDORA_DS_PREFIX" || { + . `dirname $0`/mk-fedora-ds.sh } -if slaptest -u -f $SLAPD_CONF; then - slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || { - echo "slapadd failed" >&2 - } - - slaptest -f $SLAPD_CONF >/dev/null || { - echo "slaptest after database load failed" >&2 - } -fi - -PATH=$OLDPATH -export PATH - cat >$PRIVATEDIR/wins_config.ldif<<EOF dn: name=TORTURE_6,CN=PARTNERS objectClass: wreplPartner @@ -629,7 +299,6 @@ echo "NETBIOSNAME=$NETBIOSNAME" echo "LDAP_URI=$LDAP_URI" echo "LDAP_URI_ESCAPE=$LDAP_URI_ESCAPE" echo "FEDORA_DS_INF=$FEDORA_DS_INF" -echo "FEDORA_DS_LDAP_URI=$FEDORA_DS_LDAP_URI" echo "DOMAIN=$DOMAIN" echo "USERNAME=$USERNAME" echo "REALM=$REALM" diff --git a/source4/script/tests/test_functions.sh b/source4/script/tests/test_functions.sh index 7e24f2e0b6..42c7d614d3 100755 --- a/source4/script/tests/test_functions.sh +++ b/source4/script/tests/test_functions.sh @@ -71,7 +71,7 @@ slapd_start() { export PATH # running slapd in the background means it stays in the same process group, so it can be # killed by timelimit - slapd -d0 -f $SLAPD_CONF -h $LDAPI_ESCAPE & + slapd -d0 -f $SLAPD_CONF -h $LDAP_URI_ESCAPE & PATH=$OLDPATH export PATH return $?; |