diff options
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/README | 11 | ||||
-rwxr-xr-x | selftest/selftest.pl | 47 | ||||
-rw-r--r-- | selftest/target/Samba.pm | 83 | ||||
-rw-r--r-- | selftest/target/Samba3.pm | 244 | ||||
-rw-r--r-- | selftest/target/Samba4.pm | 162 | ||||
-rw-r--r-- | selftest/wscript | 40 |
6 files changed, 437 insertions, 150 deletions
diff --git a/selftest/README b/selftest/README index 752b07bf64..206f864ab9 100644 --- a/selftest/README +++ b/selftest/README @@ -15,7 +15,7 @@ format-subunit, which is used by default as part of "make test". Available testsuites ==================== The available testsuites are obtained from a script, usually -source{3,4}/selftest/tests.sh. This script should for each testsuite output +source{3,4}/selftest/tests.py. This script should for each testsuite output the name of the test, the command to run and the environment that should be provided. Use the included "plantest" function to generate the required output. @@ -77,10 +77,10 @@ Tests often need to run against a server with particular things set up, a "environment". This environment is provided by the test "target": Samba 3, Samba 4 or Windows. -The following environments are currently available: +The environments are currently available include - none: No server set up, no variables set. - - dc: Domain controller set up. The following environment variables will + - dc,s3dc: Domain controller set up. The following environment variables will be set: * USERNAME: Administrator user name @@ -92,7 +92,7 @@ The following environments are currently available: * NETBIOSNAME: DC NetBIOS name * NETIOSALIAS: DC NetBIOS alias - - member: Domain controller and member server that is joined to it set up. The + - member,s4member,s3member: Domain controller and member server that is joined to it set up. The following environment variables will be set: * USERNAME: Domain administrator user name @@ -101,6 +101,7 @@ The following environments are currently available: * REALM: Realm name * SERVER: Name of the member server +See Samba.pm, Samba3.pm and Samba4.pm for the full list. Running tests ============= @@ -109,7 +110,7 @@ To run all the tests use:: make test -To run a quick subset (aiming for about 1 minute of testing) run:: +To run a quicker subset run:: make quicktest diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 9f937f1655..23434fc86c 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -399,8 +399,14 @@ $prefix =~ s+/$++; die("using an empty prefix isn't allowed") unless $prefix ne ""; -#Ensure we have the test prefix around -mkdir($prefix, 0777) unless -d $prefix; +# Ensure we have the test prefix around. +# +# We need restrictive +# permissions on this as some subdirectories in this tree will have +# wider permissions (ie 0777) and this would allow other users on the +# host to subvert the test process. +mkdir($prefix, 0700) unless -d $prefix; +chmod 0700, $prefix; my $prefix_abs = abs_path($prefix); my $tmpdir_abs = abs_path("$prefix/tmp"); @@ -468,19 +474,6 @@ if ($opt_binary_mapping) { $ENV{BINARY_MAPPING} = $opt_binary_mapping; -sub bindir_path($$) { - my ($self, $path) = @_; - - if (defined($self->{binary_mapping}->{$path})) { - $path = $self->{binary_mapping}->{$path}; - } - - my $valpath = "$self->{bindir}/$path$self->{exeext}"; - - return $valpath if (-f $valpath); - return $path; -} - # After this many seconds, the server will self-terminate. All tests # must terminate in this time, and testenv will only stay alive this # long @@ -496,18 +489,18 @@ if ($opt_target eq "samba") { } $testenv_default = "all"; require target::Samba; - $target = new Samba($bindir, \%binary_mapping, \&bindir_path, $ldap, $srcdir, $exeext, $server_maxtime); + $target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime); } elsif ($opt_target eq "samba4") { $testenv_default = "all"; require target::Samba4; - $target = new Samba4($bindir, \%binary_mapping, \&bindir_path, $ldap, $srcdir, $exeext, $server_maxtime); + $target = new Samba4($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime); } elsif ($opt_target eq "samba3") { if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq "") { die("You must include --enable-socket-wrapper when compiling Samba in order to execute 'make test'. Exiting...."); } $testenv_default = "member"; require target::Samba3; - $target = new Samba3($bindir, \%binary_mapping, \&bindir_path, $srcdir_abs, $exeext, $server_maxtime); + $target = new Samba3($bindir, \%binary_mapping, $srcdir_abs, $exeext, $server_maxtime); } elsif ($opt_target eq "win") { die("Windows tests will not run with socket wrapper enabled.") if ($opt_socket_wrapper); @@ -604,19 +597,23 @@ sub write_clientconf($$$) mkdir("$clientdir/lockdir", 0777); } + # this is ugly, but the ncalrpcdir needs exactly 0755 + # otherwise tests fail. + my $mask = umask; + umask 0022; + if ( -d "$clientdir/ncalrpcdir/np" ) { + unlink <$clientdir/ncalrpcdir/np/*>; + rmdir <$clientdir/ncalrpcdir/np>; + } if ( -d "$clientdir/ncalrpcdir" ) { unlink <$clientdir/ncalrpcdir/*>; - } else { - mkdir("$clientdir/ncalrpcdir", 0777); + rmdir <$clientdir/ncalrpcdir>; } + mkdir("$clientdir/ncalrpcdir", 0755); + umask $mask; open(CF, ">$conffile"); print CF "[global]\n"; - if (defined($ENV{VALGRIND})) { - print CF "\ticonv:native = true\n"; - } else { - print CF "\ticonv:native = false\n"; - } print CF "\tnetbios name = client\n"; if (defined($vars->{DOMAIN})) { print CF "\tworkgroup = $vars->{DOMAIN}\n"; diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index fc7e68dfde..1b1eb53933 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -10,11 +10,11 @@ use target::Samba3; use target::Samba4; sub new($$$$$) { - my ($classname, $bindir, $binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime) = @_; + my ($classname, $bindir, $binary_mapping,$ldap, $srcdir, $exeext, $server_maxtime) = @_; my $self = { - samba3 => new Samba3($bindir,$binary_mapping, $bindir_path, $srcdir, $exeext, $server_maxtime), - samba4 => new Samba4($bindir,$binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime), + samba3 => new Samba3($bindir,$binary_mapping, $srcdir, $exeext, $server_maxtime), + samba4 => new Samba4($bindir,$binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime), }; bless $self; return $self; @@ -28,11 +28,15 @@ sub setup_env($$$) my $env = $self->{samba4}->setup_env($envname, $path); if (defined($env)) { - $env->{target} = $self->{samba4}; + if (not defined($env->{target})) { + $env->{target} = $self->{samba4}; + } } else { $env = $self->{samba3}->setup_env($envname, $path); if (defined($env)) { - $env->{target} = $self->{samba3}; + if (not defined($env->{target})) { + $env->{target} = $self->{samba3}; + } } } if (not defined $env) { @@ -42,4 +46,73 @@ sub setup_env($$$) return $env; } +sub bindir_path($$) { + my ($object, $path) = @_; + + if (defined($object->{binary_mapping}->{$path})) { + $path = $object->{binary_mapping}->{$path}; + } + + my $valpath = "$object->{bindir}/$path$object->{exeext}"; + + return $valpath if (-f $valpath); + return $path; +} + +sub mk_krb5_conf($) +{ + my ($ctx) = @_; + + unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { + warn("can't open $ctx->{krb5_conf}$?"); + return undef; + } + print KRB5CONF " +#Generated krb5.conf for $ctx->{realm} + +[libdefaults] + default_realm = $ctx->{realm} + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + allow_weak_crypto = yes + +[realms] + $ctx->{realm} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + $ctx->{dnsname} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + $ctx->{domain} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + +[domain_realm] + .$ctx->{dnsname} = $ctx->{realm} +"; + + if (defined($ctx->{tlsdir})) { + print KRB5CONF " + +[appdefaults] + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +[kdc] + enable-pkinit = true + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +"; + } + close(KRB5CONF); +} + 1; diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 3c0dd0918a..505130f596 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -9,14 +9,14 @@ use strict; use Cwd qw(abs_path); use FindBin qw($RealBin); use POSIX; +use target::Samba; sub new($$) { - my ($classname, $bindir, $binary_mapping, $bindir_path, $srcdir, $exeext, $server_maxtime) = @_; + my ($classname, $bindir, $binary_mapping, $srcdir, $exeext, $server_maxtime) = @_; $exeext = "" unless defined($exeext); my $self = { vars => {}, bindir => $bindir, binary_mapping => $binary_mapping, - bindir_path => $bindir_path, srcdir => $srcdir, exeext => $exeext, server_maxtime => $server_maxtime @@ -172,13 +172,16 @@ sub setup_member($$$) $ret or return undef; - my $net = $self->{bindir_path}->($self, "net"); + my $net = Samba::bindir_path($self, "net"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; $cmd .= "$net join $ret->{CONFIGURATION} $s3dcvars->{DOMAIN} member"; $cmd .= " -U$s3dcvars->{USERNAME}\%$s3dcvars->{PASSWORD}"; - system($cmd) == 0 or die("Join failed\n$cmd"); + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } $self->check_or_start($ret, "yes", "yes", "yes"); @@ -195,6 +198,125 @@ sub setup_member($$$) return $ret; } +sub setup_admember($$$$) +{ + my ($self, $prefix, $dcvars, $iface) = @_; + + print "PROVISIONING S3 AD MEMBER$iface..."; + + my $member_options = " + security = ads + server signing = on + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} +"; + + my $ret = $self->provision($prefix, + "LOCALADMEMBER$iface", + $iface, + "loCalMember${iface}Pass", + $member_options); + + $ret or return undef; + + close(USERMAP); + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + Samba::mk_krb5_conf($ctx); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + $self->check_or_start($ret, + "yes", "yes", "yes"); + + $self->wait_for_start($ret); + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env + $ret->{target} = $self; + + return $ret; +} + +sub setup_plugin_s4_dc($$$$) +{ + my ($self, $prefix, $dcvars, $iface) = @_; + + print "PROVISIONING S4 PLUGIN AD DC$iface..."; + + my $plugin_s4_dc_options = " + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + security=ads + passdb backend = samba4 + auth methods = guest samba4 + domain logons = yes + rpc_server:lsarpc = external + rpc_server:netlogon = external + rpc_server:samr = external + server signing = on +"; + + my $ret = $self->provision($prefix, + "plugindc", + $iface, + "pluGin${iface}Pass", + $plugin_s4_dc_options, 1); + + $ret or return undef; + + close(USERMAP); + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG}; + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + $self->check_or_start($ret, + "no", "yes", "yes"); + + $self->wait_for_start($ret); + + # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env + $ret->{target} = $self; + + return $ret; +} + sub setup_secshare($$) { my ($self, $path) = @_; @@ -261,7 +383,7 @@ sub setup_secserver($$$) sub setup_ktest($$$) { - my ($self, $prefix, $s3dcvars) = @_; + my ($self, $prefix) = @_; print "PROVISIONING server with security=ads..."; @@ -280,6 +402,18 @@ sub setup_ktest($$$) $ret or return undef; + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = "KTEST"; + $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM"; + $ctx->{dnsname} = lc($ctx->{realm}); + $ctx->{kdc_ipv4} = "0.0.0.0"; + Samba::mk_krb5_conf($ctx); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); print USERMAP " $ret->{USERNAME} = KTEST\\Administrator @@ -290,7 +424,11 @@ $ret->{USERNAME} = KTEST\\Administrator #Samba4 DC with the same parameters as are being used here. The #domain SID is S-1-5-21-1071277805-689288055-3486227160 - system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); + if (defined($ENV{BUILD_TDB2})) { + system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb2 $prefix/private/secrets.tdb"); + } else { + system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); + } chmod 0600, "$prefix/private/secrets.tdb"; #This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: @@ -373,6 +511,7 @@ sub check_or_start($$$$) { SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); + $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; @@ -395,14 +534,14 @@ sub check_or_start($$$$) { @optargs = split(/ /, $ENV{NMBD_OPTIONS}); } - $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "nmbd"); + $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "nmbd"); - my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime}); + my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); if(defined($ENV{NMBD_VALGRIND})) { @preargs = split(/ /, $ENV{NMBD_VALGRIND}); } - exec(@preargs, $self->{bindir_path}->($self, "nmbd"), "-F", "--no-process-group", "-S", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start nmbd: $!"); + exec(@preargs, Samba::bindir_path($self, "nmbd"), "-F", "--no-process-group", "--log-stdout", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start nmbd: $!"); } write_pid($env_vars, "nmbd", $pid); print "DONE\n"; @@ -416,6 +555,7 @@ sub check_or_start($$$$) { SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); + $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; @@ -438,14 +578,16 @@ sub check_or_start($$$$) { @optargs = split(/ /, $ENV{WINBINDD_OPTIONS}); } - $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "winbindd"); + $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "winbindd"); - my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime}); + my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); if(defined($ENV{WINBINDD_VALGRIND})) { @preargs = split(/ /, $ENV{WINBINDD_VALGRIND}); } - exec(@preargs, $self->{bindir_path}->($self, "winbindd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start winbindd: $!"); + print "Starting winbindd with config $env_vars->{SERVERCONFFILE})\n"; + + exec(@preargs, Samba::bindir_path($self, "winbindd"), "-F", "--no-process-group", "--stdout", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start winbindd: $!"); } write_pid($env_vars, "winbindd", $pid); print "DONE\n"; @@ -459,6 +601,7 @@ sub check_or_start($$$$) { SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); + $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; @@ -476,16 +619,16 @@ sub check_or_start($$$$) { exit 0; } - $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "smbd"); + $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "smbd"); my @optargs = ("-d0"); if (defined($ENV{SMBD_OPTIONS})) { @optargs = split(/ /, $ENV{SMBD_OPTIONS}); } - my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime}); + my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); if(defined($ENV{SMBD_VALGRIND})) { @preargs = split(/ /,$ENV{SMBD_VALGRIND}); } - exec(@preargs, $self->{bindir_path}->($self, "smbd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start smbd: $!"); + exec(@preargs, Samba::bindir_path($self, "smbd"), "-F", "--no-process-group", "--log-stdout", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start smbd: $!"); } write_pid($env_vars, "smbd", $pid); print "DONE\n"; @@ -493,9 +636,9 @@ sub check_or_start($$$$) { return 0; } -sub provision($$$$$$) +sub provision($$$$$$$) { - my ($self, $prefix, $server, $swiface, $password, $extra_options) = @_; + my ($self, $prefix, $server, $swiface, $password, $extra_options, $no_delete_prefix) = @_; ## ## setup the various environment variables we need @@ -515,6 +658,8 @@ sub provision($$$$$$) my $bindir_abs = abs_path($self->{bindir}); my $vfs_modulesdir_abs = ($ENV{VFSLIBDIR} or $bindir_abs); + my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file"; + my @dirs = (); my $shrdir="$prefix_abs/share"; @@ -571,7 +716,9 @@ sub provision($$$$$$) mkdir($prefix_abs, 0777); print "CREATE TEST ENVIRONMENT IN '$prefix'..."; - system("rm -rf $prefix_abs/*"); + if (not defined($no_delete_prefix) or not $no_delete_prefix) { + system("rm -rf $prefix_abs/*"); + } mkdir($_, 0777) foreach(@dirs); ## @@ -580,12 +727,18 @@ sub provision($$$$$$) chmod 0755, $ro_shrdir; my $unreadable_file = "$ro_shrdir/unreadable_file"; - open(UNREADABLE_FILE, ">$unreadable_file") or die("Unable to open $unreadable_file"); + unless (open(UNREADABLE_FILE, ">$unreadable_file")) { + warn("Unable to open $unreadable_file"); + return undef; + } close(UNREADABLE_FILE); chmod 0600, $unreadable_file; my $msdfs_target = "$ro_shrdir/msdfs-target"; - open(MSDFS_TARGET, ">$msdfs_target") or die("Unable to open $msdfs_target"); + unless (open(MSDFS_TARGET, ">$msdfs_target")) { + warn("Unable to open $msdfs_target"); + return undef; + } close(MSDFS_TARGET); chmod 0666, $msdfs_target; symlink "msdfs:$server_ip\\ro-tmp", "$msdfs_shrdir/msdfs-src1"; @@ -633,7 +786,10 @@ sub provision($$$$$$) ## create conffile ## - open(CONF, ">$conffile") or die("Unable to open $conffile"); + unless (open(CONF, ">$conffile")) { + warn("Unable to open $conffile"); + return undef; + } print CONF " [global] netbios name = $server @@ -651,8 +807,6 @@ sub provision($$$$$$) debug pid = yes max log size = 0 - name resolve order = bcast - state directory = $lockdir cache directory = $lockdir @@ -711,9 +865,13 @@ sub provision($$$$$$) queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p lpq cache time = 0 - ncalrpc dir = $lockdir/ncalrpc + ncalrpc dir = $prefix_abs/ncalrpc rpc_server:epmapper = embedded + resolv:host file = $dns_host_file + + message command = mv %s $shrdir/message.%m + # Begin extra options $extra_options # End extra options @@ -778,7 +936,10 @@ sub provision($$$$$$) ## create a test account ## - open(PASSWD, ">$nss_wrapper_passwd") or die("Unable to open $nss_wrapper_passwd"); + unless (open(PASSWD, ">$nss_wrapper_passwd")) { + warn("Unable to open $nss_wrapper_passwd"); + return undef; + } print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false "; @@ -787,7 +948,10 @@ $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false } close(PASSWD); - open(GROUP, ">$nss_wrapper_group") or die("Unable to open $nss_wrapper_group"); + unless (open(GROUP, ">$nss_wrapper_group")) { + warn("Unable to open $nss_wrapper_group"); + return undef; + } print GROUP "nobody:x:$gid_nobody: nogroup:x:$gid_nogroup:nobody $unix_name-group:x:$unix_gids[0]: @@ -808,10 +972,16 @@ domusers:X:$gid_domusers: $ENV{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; $ENV{NSS_WRAPPER_GROUP} = $nss_wrapper_group; - open(PWD, "|".$self->{bindir_path}->($self, "smbpasswd")." -c $conffile -L -s -a $unix_name >/dev/null"); + my $cmd = Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $unix_name > /dev/null"; + unless (open(PWD, "|$cmd")) { + warn("Unable to set password for test account\n$cmd"); + return undef; + } print PWD "$password\n$password\n"; - close(PWD) or die("Unable to set password for test account"); - + unless (close(PWD)) { + warn("Unable to set password for test account\n$cmd"); + return undef; + } print "DONE\n"; open(HOSTS, ">>$ENV{SELFTEST_PREFIX}/dns_host_file") or die("Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file"); @@ -843,7 +1013,7 @@ domusers:X:$gid_domusers: $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; $ret{NSS_WRAPPER_WINBIND_SO_PATH} = $ENV{NSS_WRAPPER_WINBIND_SO_PATH}; if (not defined($ret{NSS_WRAPPER_WINBIND_SO_PATH})) { - $ret{NSS_WRAPPER_WINBIND_SO_PATH} = $self->{bindir_path}->($self, "default/nsswitch/libnss-winbind.so"); + $ret{NSS_WRAPPER_WINBIND_SO_PATH} = Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so"); } $ret{LOCAL_PATH} = "$shrdir"; @@ -858,11 +1028,11 @@ sub wait_for_start($$) print "delaying for nbt name registration\n"; sleep(10); # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init - system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); - system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} __SAMBA__"); - system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__"); - system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); - system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} $envvars->{SERVER}"); + system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); + system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} __SAMBA__"); + system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__"); + system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); + system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} $envvars->{SERVER}"); # make sure smbd is also up set print "wait for smbd\n"; @@ -870,7 +1040,7 @@ sub wait_for_start($$) my $count = 0; my $ret; do { - $ret = system($self->{bindir_path}->($self, "smbclient3") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139"); + $ret = system(Samba::bindir_path($self, "smbclient3") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139"); if ($ret != 0) { sleep(2); } @@ -882,7 +1052,7 @@ sub wait_for_start($$) return 0; } # Ensure we have domain users mapped. - $ret = system($self->{bindir_path}->($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain"); + $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain"); if ($ret != 0) { return 1; } diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 69d5c3bc68..49bab371fc 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -10,9 +10,11 @@ use Cwd qw(abs_path); use FindBin qw($RealBin); use POSIX; use SocketWrapper; +use target::Samba; +use target::Samba3; sub new($$$$$) { - my ($classname, $bindir, $binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime) = @_; + my ($classname, $bindir, $binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime) = @_; $exeext = "" unless defined($exeext); my $self = { @@ -20,10 +22,10 @@ sub new($$$$$) { ldap => $ldap, bindir => $bindir, binary_mapping => $binary_mapping, - bindir_path => $bindir_path, srcdir => $srcdir, exeext => $exeext, - server_maxtime => $server_maxtime + server_maxtime => $server_maxtime, + target3 => new Samba3($bindir, $binary_mapping, $srcdir, $exeext, $server_maxtime) }; bless $self; return $self; @@ -41,7 +43,7 @@ sub slapd_start($$) { my $count = 0; my ($self, $env_vars) = @_; - my $ldbsearch = $self->bindir_path($self, "ldbsearch"); + my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); my $uri = $env_vars->{LDAP_URI}; @@ -131,7 +133,7 @@ sub check_or_start($$) if (defined($ENV{SAMBA_OPTIONS})) { $optarg.= " $ENV{SAMBA_OPTIONS}"; } - my $samba = $self->{bindir_path}->($self, "samba"); + my $samba = Samba::bindir_path($self, "samba"); # allow selection of the process model using # the environment varibale SAMBA_PROCESS_MODEL @@ -179,7 +181,7 @@ sub wait_for_start($$) # This will return quickly when things are up, but be slow if we # need to wait for (eg) SSL init - my $nmblookup = $self->{bindir_path}->($self, "nmblookup"); + my $nmblookup = Samba::bindir_path($self, "nmblookup"); system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); @@ -200,7 +202,7 @@ sub write_ldb_file($$$) { my ($self, $file, $ldif) = @_; - my $ldbadd = $self->{bindir_path}->($self, "ldbadd"); + my $ldbadd = Samba::bindir_path($self, "ldbadd"); open(LDIF, "|$ldbadd -H $file >/dev/null"); print LDIF $ldif; return(close(LDIF)); @@ -452,56 +454,6 @@ Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ== EOF } -sub mk_krb5_conf($$) -{ - my ($self, $ctx) = @_; - - unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { - warn("can't open $ctx->{krb5_conf}$?"); - return undef; - } - print KRB5CONF " -#Generated krb5.conf for $ctx->{realm} - -[libdefaults] - default_realm = $ctx->{realm} - dns_lookup_realm = false - dns_lookup_kdc = false - ticket_lifetime = 24h - forwardable = yes - allow_weak_crypto = yes - -[realms] - $ctx->{realm} = { - kdc = $ctx->{kdc_ipv4}:88 - admin_server = $ctx->{kdc_ipv4}:88 - default_domain = $ctx->{dnsname} - } - $ctx->{dnsname} = { - kdc = $ctx->{kdc_ipv4}:88 - admin_server = $ctx->{kdc_ipv4}:88 - default_domain = $ctx->{dnsname} - } - $ctx->{domain} = { - kdc = $ctx->{kdc_ipv4}:88 - admin_server = $ctx->{kdc_ipv4}:88 - default_domain = $ctx->{dnsname} - } - -[appdefaults] - pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem - -[kdc] - enable-pkinit = true - pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem - pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem - -[domain_realm] - .$ctx->{dnsname} = $ctx->{realm} -"; - close(KRB5CONF); -} - sub provision_raw_prepare($$$$$$$$$$) { my ($self, $prefix, $server_role, $netbiosname, @@ -570,7 +522,6 @@ sub provision_raw_prepare($$$$$$$$$$) push(@{$ctx->{directories}}, $ctx->{privatedir}); push(@{$ctx->{directories}}, $ctx->{etcdir}); push(@{$ctx->{directories}}, $ctx->{piddir}); - push(@{$ctx->{directories}}, $ctx->{ncalrpcdir}); push(@{$ctx->{directories}}, $ctx->{lockdir}); $ctx->{smb_conf_extra_options} = ""; @@ -627,8 +578,11 @@ sub provision_raw_step1($$) warn("can't open $ctx->{smb_conf}$?"); return undef; } + my $acl = "false"; + $acl = "true" if (defined $ENV{WITH_ACL}); print CONFFILE " [global] + acl:search = $acl netbios name = $ctx->{netbiosname} posix:eadb = $ctx->{lockdir}/eadb.tdb workgroup = $ctx->{domain} @@ -681,7 +635,7 @@ sub provision_raw_step1($$) $ctx->{kdc_ipv4} = $ctx->{ipv4}; } - $self->mk_krb5_conf($ctx); + Samba::mk_krb5_conf($ctx); open(PWD, ">$ctx->{nsswrap_passwd}"); print PWD " @@ -704,7 +658,7 @@ nogroup:x:65534:nobody my $configuration = "--configfile=$ctx->{smb_conf}"; #Ensure the config file is valid before we start - my $testparm = $self->scriptdir_path("bin/testparm"); + my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm"; if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) { system("$testparm -v --suppress-prompt $configuration >&2"); warn("Failed to create a valid smb.conf configuration $testparm!"); @@ -889,7 +843,7 @@ sub provision_member($$$) return undef; } - my $samba_tool = $self->{bindir_path}->($self, "samba-tool"); + my $samba_tool = Samba::bindir_path($self, "samba-tool"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; @@ -921,7 +875,7 @@ sub provision_rpc_proxy($$$) my ($self, $prefix, $dcvars) = @_; print "PROVISIONING RPC PROXY..."; - my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc + my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER} dcerpc endpoint servers = epmapper, remote dcerpc_remote:interfaces = rpcecho "; @@ -941,7 +895,7 @@ sub provision_rpc_proxy($$$) return undef; } - my $samba_tool = $self->{bindir_path}->($self, "samba-tool"); + my $samba_tool = Samba::bindir_path($self, "samba-tool"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; @@ -1001,7 +955,7 @@ sub provision_vampire_dc($$$) return undef; } - my $samba_tool = $self->{bindir_path}->($self, "samba-tool"); + my $samba_tool = Samba::bindir_path($self, "samba-tool"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; @@ -1173,7 +1127,7 @@ sub provision_rodc($$$) return undef; } - my $samba_tool = $self->{bindir_path}->($self, "samba-tool"); + my $samba_tool = Samba::bindir_path($self, "samba-tool"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; @@ -1190,7 +1144,7 @@ sub provision_rodc($$$) # so that use the RODC as kdc and test # the proxy code $ctx->{kdc_ipv4} = $ret->{SERVER_IP}; - $self->mk_krb5_conf($ctx); + Samba::mk_krb5_conf($ctx); $ret->{RODC_DC_SERVER} = $ret->{SERVER}; $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP}; @@ -1205,6 +1159,40 @@ sub provision_rodc($$$) return $ret; } +sub provision_plugin_s4_dc($$) +{ + my ($self, $prefix) = @_; + + my $extra_smbconf_options = " +server services = -winbind, -smb +"; + + print "PROVISIONING PLUGIN S4 DC..."; + my $ret = $self->provision($prefix, + "domain controller", + "plugindc", + "PLUGINDOMAIN", + "plugin.samba.example.com", + "2008", + 30, + "locDCpass1", + undef, $extra_smbconf_options); + + return undef unless(defined $ret); + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + + $ret->{DC_SERVER} = $ret->{SERVER}; + $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $ret->{USERNAME}; + $ret->{DC_PASSWORD} = $ret->{PASSWORD}; + + return $ret; +} + sub teardown_env($$) { my ($self, $envvars) = @_; @@ -1272,6 +1260,7 @@ sub check_env($$) sub setup_env($$$) { my ($self, $envname, $path) = @_; + my $target3 = $self->{target3}; $ENV{ENVNAME} = $envname; @@ -1303,6 +1292,13 @@ sub setup_env($$$) $self->setup_dc("$path/dc"); } return $self->setup_rodc("$path/rodc", $self->{vars}->{dc}); + } elsif ($envname eq "s3member") { + if (not defined($self->{vars}->{dc})) { + $self->setup_dc("$path/dc"); + } + return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29); + } elsif ($envname eq "plugin_s4_dc") { + return $self->setup_plugin_s4_dc("$path/plugin_s4_dc"); } elsif ($envname eq "all") { if (not defined($self->{vars}->{dc})) { $ENV{ENVNAME} = "dc"; @@ -1349,6 +1345,18 @@ sub setup_env($$$) $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME}; $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD}; } + if (not defined($self->{vars}->{s3member})) { + $ENV{ENVNAME} = "s3member"; + my $s3member_ret = $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29); + $self->{vars}->{s3member} = $s3member_ret; + + $ret->{S3MEMBER_SERVER} = $s3member_ret->{SERVER}; + $ret->{S3MEMBER_SERVER_IP} = $s3member_ret->{SERVER_IP}; + $ret->{S3MEMBER_NETBIOSNAME} = $s3member_ret->{NETBIOSNAME}; + $ret->{S3MEMBER_NETBIOSALIAS} = $s3member_ret->{NETBIOSALIAS}; + $ret->{S3MEMBER_USERNAME} = $s3member_ret->{USERNAME}; + $ret->{S3MEMBER_PASSWORD} = $s3member_ret->{PASSWORD}; + } return $ret; } else { return undef; @@ -1467,7 +1475,7 @@ sub setup_vampire_dc($$$) # force replicated DC to update repsTo/repsFrom # for vampired partitions - my $samba_tool = $self->{bindir_path}->($self, "samba-tool"); + my $samba_tool = Samba::bindir_path($self, "samba-tool"); my $cmd = ""; $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; @@ -1521,4 +1529,24 @@ sub setup_rodc($$$) return $env; } +sub setup_plugin_s4_dc($$) +{ + my ($self, $path) = @_; + + my $env = $self->provision_plugin_s4_dc($path); + if (defined $env) { + $self->check_or_start($env); + + $self->wait_for_start($env); + + my $s3_part_env = $self->{target3}->setup_plugin_s4_dc($path, $env, 30); + if (not defined($s3_part_env)) { + return undef; + } + + $self->{vars}->{plugin_s4_dc} = $s3_part_env; + } + return $env; +} + 1; diff --git a/selftest/wscript b/selftest/wscript index 25ea823ff7..558cb2abd2 100644 --- a/selftest/wscript +++ b/selftest/wscript @@ -73,6 +73,19 @@ def set_options(opt): def configure(conf): conf.env.SELFTEST_PREFIX = Options.options.SELFTEST_PREFIX +def combine_files(file1, file2, outfile): + + f1 = open(file1) + f2 = open(file2) + of = open(outfile, mode='w') + for line in f1: + of.write(line) + for line in f2: + of.write(line) + f1.close() + f2.close() + of.close() + def cmd_testonly(opt): '''run tests without doing a build first''' env = LOAD_ENVIRONMENT() @@ -161,6 +174,9 @@ def cmd_testonly(opt): if env.USING_SYSTEM_LDB: os.environ['LDB_MODULES_PATH'] = 'bin/modules/ldb' + if env.BUILD_TDB2: + os.environ['BUILD_TDB2'] = '1' + # tell build system where to find config.h os.environ['VFSLIBDIR'] = os.path.abspath('bin/modules/vfs') os.environ['CONFIG_H'] = 'bin/default/include/config.h' @@ -175,7 +191,7 @@ def cmd_testonly(opt): if Options.options.TARGET: env.SELFTEST_TARGET = Options.options.TARGET else: - env.SELFTEST_TARGET = "samba4" + env.SELFTEST_TARGET = "samba" if env.SELFTEST_TARGET == "samba4": env.SELFTEST_DIR = "${srcdir}/source4/selftest" @@ -183,17 +199,19 @@ def cmd_testonly(opt): env.SELFTEST_DIR = "${srcdir}/source3/selftest" if env.SELFTEST_TARGET == "samba": - env.SELFTEST_DIR = "${srcdir}/source3/selftest" - xfail = "" - xfail += EXPAND_VARIABLES(opt, env.FILTER_XFAIL) - xfail += " | " - env.SELFTEST_DIR = "${srcdir}/source4/selftest" - xfail += EXPAND_VARIABLES(opt, env.FILTER_XFAIL) - env.FILTER_XFAIL = xfail; - cmd = '(${PERL} ${srcdir}/selftest/selftest.pl --target=${SELFTEST_TARGET} --prefix=${SELFTEST_PREFIX} --srcdir=${srcdir} --exclude="${srcdir}/source4/selftest/skip" --exclude="${srcdir}/source3/selftest/skip" --testlist="${PYTHON} ${srcdir}/source3/selftest/tests.py|" --testlist="${PYTHON} ${srcdir}/source4/selftest/tests.py|" ${OPTIONS} --socket-wrapper ${TESTS} && touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS} | tee ${SELFTEST_PREFIX}/subunit' + for f in ["knownfail", "slow", "quick", "skip" ]: + combine_files(env.srcdir + "/source4/selftest/" + f, + env.srcdir + "/source3/selftest/" + f, + env.SELFTEST_PREFIX + "/" + f) + + env.SELFTEST_DIR = env.SELFTEST_PREFIX + env.TESTLISTS = ('--testlist="${PYTHON} ${srcdir}/source3/selftest/tests.py|" ' + + '--testlist="${PYTHON} ${srcdir}/source4/selftest/tests.py|"') else: - # We use the full path rather than relative path because it cause problems on some plateforms (ie. solaris 8). - cmd = '(${PERL} ${srcdir}/selftest/selftest.pl --target=${SELFTEST_TARGET} --prefix=${SELFTEST_PREFIX} --srcdir=${srcdir} --exclude=${SELFTEST_DIR}/skip --testlist="${PYTHON} ${SELFTEST_DIR}/tests.py|" ${OPTIONS} --socket-wrapper ${TESTS} && touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS} | tee ${SELFTEST_PREFIX}/subunit' + env.TESTLISTS = '--testlist="${SELFTEST_DIR}/tests.py|"' + + # We use the full path rather than relative path because it cause problems on some plateforms (ie. solaris 8). + cmd = '(${PERL} ${srcdir}/selftest/selftest.pl --target=${SELFTEST_TARGET} --prefix=${SELFTEST_PREFIX} --srcdir=${srcdir} --exclude=${SELFTEST_DIR}/skip ${TESTLISTS} ${OPTIONS} --socket-wrapper ${TESTS} && touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS} | tee ${SELFTEST_PREFIX}/subunit' if os.environ.get('RUN_FROM_BUILD_FARM') is None and not Options.options.FILTERED_SUBUNIT: cmd += ' | ${FORMAT_TEST_OUTPUT}' |