diff options
Diffstat (limited to 'source4/script/tests/mktestsetup.sh')
-rwxr-xr-x | source4/script/tests/mktestsetup.sh | 341 |
1 files changed, 5 insertions, 336 deletions
diff --git a/source4/script/tests/mktestsetup.sh b/source4/script/tests/mktestsetup.sh index 7dd35672dc..2e6c6537a2 100755 --- a/source4/script/tests/mktestsetup.sh +++ b/source4/script/tests/mktestsetup.sh @@ -74,14 +74,9 @@ ADMINCERTFILE=$TLSDIR/admincert.pem WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket CONFIGURATION="--configfile=$CONFFILE" LDAPDIR=$PREFIX_ABS/ldap -SLAPD_CONF=$LDAPDIR/slapd.conf -FEDORA_DS_INF=$LDAPDIR/fedorads.inf -FEDORA_DS_INITIAL_LDIF=$LDAPDIR/fedorads-initial-ldif.inf -FEDORA_DS_LDAP_PORT=3389 export CONFIGURATION export CONFFILE -export SLAPD_CONF export PIDDIR export AUTH export SERVER @@ -158,7 +153,7 @@ cat >$CONFFILE<<EOF path = $TMPDIR EOF -## Override default srahes_config.ldb file +## Override default share.ldb file rm -f $PRIVATEDIR/share.ldb cat >$PRIVATEDIR/share.ldif<<EOF ### Shares basedn @@ -265,287 +260,7 @@ cat >$KRB5_CONFIG<<EOF EOF export KRB5_CONFIG -#This is specified here to avoid draining entropy on every run -cat >$DHFILE<<EOF ------BEGIN DH PARAMETERS----- -MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO -svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv -YX70obsCAQI= ------END DH PARAMETERS----- - -EOF - -#Likewise, we pregenerate the key material. This allows the -#other certificates to be pre-generated -cat >$KEYFILE<<EOF ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc -ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H -6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB -AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6 -HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq -szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p -9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X -8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ -vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC -kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu -jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz -Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki -cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG ------END RSA PRIVATE KEY----- - -EOF - -cat >$ADMINKEYFILE<<EOF ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF -5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM -XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB -AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB -cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L -osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN -u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4 -eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz -I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4 -ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2 -OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE -yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG -+cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko ------END RSA PRIVATE KEY----- - -EOF - -#generated with -#hxtool issue-certificate --self-signed --issue-ca --ca-private-key=FILE:$KEYFILE \ -# --subject="CN=CA,$BASEDN" --certificate="FILE:$CAFILE" - -cat >$CAFILE<<EOF ------BEGIN CERTIFICATE----- -MIIChTCCAe6gAwIBAgIUFZoF6jt0R+hQBdF7cWPy0tT3fGwwCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDU1MzA5WhgPMjAwODAxMjQw -NTUzMDlaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl -MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6 -I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm -ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo1YwVDAOBgNVHQ8BAf8EBAMC -AqQwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIw -DwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQBgzh5uLDmESGYv60iUdEfuk/T9 -VCpzb1z3VJVWt3uJoQYbcpR00SKeyMdlfTTLzO6tSPMmlk4hwqfvLkPzGCSObR4DRRYa0BtY -2laBVlg9X59bGpMUvpFQfpvxjvFWNJDL+377ELCVpLNdoR23I9TKXlalj0bY5Ks46CVIrm6W -EA== ------END CERTIFICATE----- - -EOF - -#generated with GNUTLS internally in Samba. - -cat >$CERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft -YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1 -dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw -NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p -c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0 -ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB -jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+ -S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p -PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw -IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB -BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG -LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz -nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA== ------END CERTIFICATE----- - -EOF - -#KDC certificate -# hxtool request-create --subject="CN=krbtgt,cn=users,$basedn" --key=FILE:$KEYFILE $KDCREQ - -# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-kdc" --pk-init-principal="krbtgt/$RELAM@$REALM" --req="$KDCREQ" --certificate="FILE:$KDCCERTFILE" - -cat >$KDCCERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIIDDDCCAnWgAwIBAgIUDEhjaOT1ZjHjHHEn+l5eYO05oK8wCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcwNzA4WhgPMjAwODAxMjQw -NzA3MDhaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl -MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0 -Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF -yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5 -PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB -AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w -S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji -dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK -MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B -AQUFAAOBgQCMSgLkIv9RobE0a95H2ECA+5YABBwKXIt4AyN/HpV7iJdRx7B9PE6vM+nboVKY -E7i7ECUc3bu6NgrLu7CKHelNclHWWMiZzSUwhkXyvG/LE9qtr/onNu9NfLt1OV+dwQwyLdEP -n63FxSmsKg3dfi3ryQI/DIKeisvipwDtLqOn9g== ------END CERTIFICATE----- - -EOF - -#hxtool request-create --subject="CN=Administrator,cn=users,$basedn" --key=FILE:$ADMINKEYFILE $ADMINREQFILE -#hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-client" --pk-init-principal="administrator@$REALM" --req="$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" - -cat >$ADMINCERTFILE<<EOF ------BEGIN CERTIFICATE----- -MIICwjCCAiugAwIBAgIUXyECoq4im33ByZDWZMGhtpvHYWEwCwYJKoZIhvcNAQEFMFIxEzAR -BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy -LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcyMzE2WhgPMjAwODAxMjQw -NzIzMTZaMCgxDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1pbmlzdHJhdG9yMIGfMA0G -CSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHE -si5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM -XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQABo4G8MIG5 -MA4GA1UdDwEB/wQEAwIFoDASBgNVHSUECzAJBgcrBgEFAgMEMEgGA1UdEQRBMD+gPQYGKwYB -BQICoDMwMaATGxFTQU1CQS5FWEFNUExFLkNPTaEaMBigAwIBAaERMA8bDWFkbWluaXN0cmF0 -b3IwHwYDVR0jBBgwFoAUwtm596AMotmzRU7IVdgrUvozyjIwHQYDVR0OBBYEFCDzVsvJ8IDz -wLYH8EONeUa5oVrGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbTCnaPTieVZPV3bH -UmAMbnF9+YN1mCbe2xZJ0xzve+Yw1XO82iv/9kZaZkcRkaQt2qcwsBK/aSPOgfqGx+mJ7hXQ -AGWvAJhnWi25PawNaRysCN8WC6+nWKR4d2O2m5rpj3T9kH5WE7QbG0bCu92dGaS29FvWDCP3 -q9pRtDOoAZc= ------END CERTIFICATE----- - -EOF - -cat >$SLAPD_CONF <<EOF -loglevel 0 - -include $LDAPDIR/ad.schema - -pidfile $PIDDIR/slapd.pid -argsfile $LDAPDIR/slapd.args -sasl-realm $DNSNAME -access to * by * write - -allow update_anon - -authz-regexp - uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth - ldap:///$BASEDN??sub?(samAccountName=\$1) - -authz-regexp - uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth - ldap:///$BASEDN??sub?(samAccountName=\$1) - -include $LDAPDIR/modules.conf - -defaultsearchbase "$BASEDN" - -backend bdb -database bdb -suffix "$BASEDN" -rootdn "cn=Manager,$BASEDN" -rootpw $PASSWORD -directory $LDAPDIR/db -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index member eq -index uidNumber eq -index gidNumber eq -index unixName eq -index privilege eq -index nCName eq pres -index lDAPDisplayName eq -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq pres - -overlay syncprov -syncprov-checkpoint 100 10 -syncprov-sessionlog 100 - -EOF - -cat > $LDAPDIR/db/DB_CONFIG <<EOF -# - # Set the database in memory cache size. - # - set_cachesize 0 524288 0 - - - # - # Set database flags (this is a test environment, we don't need to fsync()). - # - set_flags DB_TXN_NOSYNC - - # - # Set log values. - # - set_lg_regionmax 104857 - set_lg_max 1048576 - set_lg_bsize 209715 - set_lg_dir $LDAPDIR/db/bdb-logs - - - # - # Set temporary file creation directory. - # - set_tmp_dir $LDAPDIR/db/tmp -EOF - -FEDORA_DS_LDAP_URI="ldap://127.0.0.1:$FEDORA_DS_LDAP_PORT" - -cat >$FEDORA_DS_INF <<EOF - -[General] -SuiteSpotUserID = $ROOT -FullMachineName= localhost -ServerRoot= $LDAPDIR -ConfigDirectoryLdapURL= $FEDORA_DS_LDAP_URI/o=NetscapeRoot -ConfigDirectoryAdminID= $USERNAME -AdminDomain= localdomain -ConfigDirectoryAdminPwd= $PASSWORD - -Components= svrcore,base,slapd - -[slapd] -ServerPort= $FEDORA_DS_LDAP_PORT -Suffix= $BASEDN -RootDN= cn=Manager,$BASEDN -RootDNPwd= $PASSWORD -Components= slapd -ServerIdentifier= samba4 -InstallLdifFile=$FEDORA_DS_INITIAL_LDIF - -inst_dir= $LDAPDIR/slapd-samba4 -config_dir= $LDAPDIR/slapd-samba4 -schema_dir= $LDAPDIR/slapd-samba4/schema -lock_dir= $LDAPDIR/slapd-samba4/lock -log_dir= $LDAPDIR/slapd-samba4/logs -run_dir= $LDAPDIR/slapd-samba4/logs -db_dir= $LDAPDIR/slapd-samba4/db -bak_dir= $LDAPDIR/slapd-samba4/bak -tmp_dir= $LDAPDIR/slapd-samba4/tmp -ldif_dir= $LDAPDIR/slapd-samba4/ldif -cert_dir= $LDAPDIR/slapd-samba4 - -[base] -Components= base - -EOF - -cat >$FEDORA_DS_INITIAL_LDIF<<EOF -# These entries need to be added to get the container for the -# provision to be aimed at. - -dn: cn="dc=$BASEDN",cn=mapping tree,cn=config -objectclass: top -objectclass: extensibleObject -objectclass: nsMappingTree -nsslapd-state: backend -nsslapd-backend: UserData -cn: $BASEDN - -dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config -objectclass: extensibleObject -objectclass: nsBackendInstance -nsslapd-suffix: $BASEDN - -EOF +. `dirname $0`/mk-keyblobs.sh PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1" PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM" @@ -553,57 +268,12 @@ PROVISION_OPTIONS="$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT" PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT" $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS >&2 -if test -z "$FEDORA_DS_PREFIX"; then - LDAP_URI="ldapi://$LDAPDIR/ldapi" - LDAP_URI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'` -export LDAPI -export LDAPI_ESCAPE -else - LDAP_URI=$FEDORA_DS_LDAP_URI; - LDAP_URI_ESCAPE=$FEDORA_DS_LDAP_URI; - PROVISION_OPTIONS="$PROVISION_OPTIONS --ldap-module=nsuniqueid" - #it is easier to base64 encode this than correctly escape it: - # (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");) - PROVISION_ACI="--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK" -fi - - -#This uses the provision we just did, to read out the schema -$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2 -$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $LDAPDIR/99_ad.ldif >&2 - -#Now create an LDAP baseDN -$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS "$PROVISION_ACI" --ldap-base >&2 - -OLDPATH=$PATH -PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH -export PATH +. `dirname $0`/mk-openldap.sh -MODCONF=$LDAPDIR/modules.conf -rm -f $MODCONF -touch $MODCONF - -slaptest -u -f $SLAPD_CONF >&2 || { - echo "enabling slapd modules" >&2 - cat > $MODCONF <<EOF -modulepath /usr/lib/ldap -moduleload back_bdb -EOF +test -z "$FEDORA_DS_PREFIX" || { + . `dirname $0`/mk-fedora-ds.sh } -if slaptest -u -f $SLAPD_CONF; then - slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || { - echo "slapadd failed" >&2 - } - - slaptest -f $SLAPD_CONF >/dev/null || { - echo "slaptest after database load failed" >&2 - } -fi - -PATH=$OLDPATH -export PATH - cat >$PRIVATEDIR/wins_config.ldif<<EOF dn: name=TORTURE_6,CN=PARTNERS objectClass: wreplPartner @@ -629,7 +299,6 @@ echo "NETBIOSNAME=$NETBIOSNAME" echo "LDAP_URI=$LDAP_URI" echo "LDAP_URI_ESCAPE=$LDAP_URI_ESCAPE" echo "FEDORA_DS_INF=$FEDORA_DS_INF" -echo "FEDORA_DS_LDAP_URI=$FEDORA_DS_LDAP_URI" echo "DOMAIN=$DOMAIN" echo "USERNAME=$USERNAME" echo "REALM=$REALM" |