PageRenderTime 51ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/samba-4.0.0beta4/selftest/target/Samba4.pm

#
Perl | 1905 lines | 1568 code | 276 blank | 61 comment | 75 complexity | 4317e488157f0c3e257779f123ab5ecb MD5 | raw file
Possible License(s): LGPL-2.1, LGPL-3.0, Apache-2.0, BSD-3-Clause, LGPL-2.0, GPL-3.0

Large files files are truncated, but you can click here to view the full file

    

  1. #!/usr/bin/perl
    2. 

  2. # Bootstrap Samba and run a number of tests against it.
    3. 

  3. # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
    4. 

  4. # Published under the GNU GPL, v3 or later.
    5. 

  5. 

  6. package Samba4;
    7. 

  7. 

  8. use strict;
    9. 

  9. use Cwd qw(abs_path);
    10. 

  10. use FindBin qw($RealBin);
    11. 

  11. use POSIX;
    12. 

  12. use SocketWrapper;
    13. 

  13. use target::Samba;
    14. 

  14. use target::Samba3;
    15. 

  15. 

  16. sub new($$$$$) {
    17. 

  17. 	my ($classname, $bindir, $binary_mapping, $ldap, $srcdir, $server_maxtime) = @_;
    18. 

  18. 

  19. 	my $self = {
    20. 

  20. 		vars => {},
    21. 

  21. 		ldap => $ldap,
    22. 

  22. 		bindir => $bindir,
    23. 

  23. 		binary_mapping => $binary_mapping,
    24. 

  24. 		srcdir => $srcdir,
    25. 

  25. 		server_maxtime => $server_maxtime,
    26. 

  26. 		target3 => new Samba3($bindir, $binary_mapping, $srcdir, $server_maxtime)
    27. 

  27. 	};
    28. 

  28. 	bless $self;
    29. 

  29. 	return $self;
    30. 

  30. }
    31. 

  31. 

  32. sub scriptdir_path($$) {
    33. 

  33. 	my ($self, $path) = @_;
    34. 

  34. 	return "$self->{srcdir}/source4/scripting/$path";
    35. 

  35. }
    36. 

  36. 

  37. sub openldap_start($$$) {
    38. 

  38. }
    39. 

  39. 

  40. sub slapd_start($$)
    41. 

  41. {
    42. 

  42. 	my $count = 0;
    43. 

  43. 	my ($self, $env_vars) = @_;
    44. 

  44. 	my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
    45. 

  45. 

  46. 	my $uri = $env_vars->{LDAP_URI};
    47. 

  47. 

  48. 	if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
    49. 

  49. 	    print "A SLAPD is still listening to $uri before we started the LDAP backend.  Aborting!";
    50. 

  50. 	    return 1;
    51. 

  51. 	}
    52. 

  52. 	# running slapd in the background means it stays in the same process group, so it can be
    53. 

  53. 	# killed by timelimit
    54. 

  54. 	if ($self->{ldap} eq "fedora-ds") {
    55. 

  55. 	        system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
    56. 

  56. 	} elsif ($self->{ldap} eq "openldap") {
    57. 

  57. 	        system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
    58. 

  58. 	}
    59. 

  59. 	while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
    60. 

  60. 		$count++;
    61. 

  61. 		if ($count > 40) {
    62. 

  62. 			$self->slapd_stop($env_vars);
    63. 

  63. 			return 0;
    64. 

  64. 		}
    65. 

  65. 		sleep(1);
    66. 

  66. 	}
    67. 

  67. 	return 1;
    68. 

  68. }
    69. 

  69. 

  70. sub slapd_stop($$)
    71. 

  71. {
    72. 

  72. 	my ($self, $envvars) = @_;
    73. 

  73. 	if ($self->{ldap} eq "fedora-ds") {
    74. 

  74. 		system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
    75. 

  75. 	} elsif ($self->{ldap} eq "openldap") {
    76. 

  76. 		unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) {
    77. 

  77. 			warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}");
    78. 

  78. 			return 0;
    79. 

  79. 		}
    80. 

  80. 		kill 9, <IN>;
    81. 

  81. 		close(IN);
    82. 

  82. 	}
    83. 

  83. 	return 1;
    84. 

  84. }
    85. 

  85. 

  86. sub check_or_start($$$)
    87. 

  87. {
    88. 

  88.         my ($self, $env_vars, $process_model) = @_;
    89. 

  89. 

  90. 	return 0 if $self->check_env($env_vars);
    91. 

  91. 

  92. 	# use a pipe for stdin in the child processes. This allows
    93. 

  93. 	# those processes to monitor the pipe for EOF to ensure they
    94. 

  94. 	# exit when the test script exits
    95. 

  95. 	pipe(STDIN_READER, $env_vars->{STDIN_PIPE});
    96. 

  96. 

  97. 	print "STARTING SAMBA...";
    98. 

  98. 	my $pid = fork();
    99. 

  99. 	if ($pid == 0) {
    100. 

  100. 		# we want out from samba to go to the log file, but also
    101. 

  101. 		# to the users terminal when running 'make test' on the command
    102. 

  102. 		# line. This puts it on stderr on the terminal
    103. 

  103. 		open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
    104. 

  104. 		open STDERR, '>&STDOUT';
    105. 

  105. 

  106. 		SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
    107. 

  107. 

  108. 		$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
    109. 

  109. 		$ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
    110. 

  110. 		$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
    111. 

  111. 

  112. 		$ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
    113. 

  113. 		$ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
    114. 

  114. 		$ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH};
    115. 

  115. 

  116. 		$ENV{UID_WRAPPER} = "1";
    117. 

  117. 

  118. 		$ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba");
    119. 

  119. 		my @preargs = ();
    120. 

  120. 		my @optargs = ();
    121. 

  121. 		if (defined($ENV{SAMBA_OPTIONS})) {
    122. 

  122. 			@optargs = split(/ /, $ENV{SAMBA_OPTIONS});
    123. 

  123. 		}
    124. 

  124. 		if(defined($ENV{SAMBA_VALGRIND})) {
    125. 

  125. 			@preargs = split(/ /,$ENV{SAMBA_VALGRIND});
    126. 

  126. 		}
    127. 

  127. 

  128. 		close($env_vars->{STDIN_PIPE});
    129. 

  129. 		open STDIN, ">&", \*STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
    130. 

  130. 

  131. 		exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
    132. 

  132. 	}
    133. 

  133. 	$env_vars->{SAMBA_PID} = $pid;
    134. 

  134. 	print "DONE\n";
    135. 

  135. 

  136. 	close(STDIN_READER);
    137. 

  137. 

  138. 	return $pid;
    139. 

  139. }
    140. 

  140. 

  141. sub wait_for_start($$)
    142. 

  142. {
    143. 

  143. 	my ($self, $testenv_vars) = @_;
    144. 

  144. 	# give time for nbt server to register its names
    145. 

  145. 	print "delaying for nbt name registration\n";
    146. 

  146. 	sleep 2;
    147. 

  147. 

  148. 	# This will return quickly when things are up, but be slow if we
    149. 

  149. 	# need to wait for (eg) SSL init
    150. 

  150. 	my $nmblookup =  Samba::bindir_path($self, "nmblookup4");
    151. 

  151. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
    152. 

  152. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
    153. 

  153. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
    154. 

  154. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
    155. 

  155. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
    156. 

  156. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
    157. 

  157. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
    158. 

  158. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
    159. 

  159. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
    160. 

  160. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
    161. 

  161. 	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
    162. 

  162. 	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
    163. 

  163. 

  164. 	print $self->getlog_env($testenv_vars);
    165. 

  165. }
    166. 

  166. 

  167. sub write_ldb_file($$$)
    168. 

  168. {
    169. 

  169. 	my ($self, $file, $ldif) = @_;
    170. 

  170. 

  171. 	my $ldbadd =  Samba::bindir_path($self, "ldbadd");
    172. 

  172. 	open(LDIF, "|$ldbadd -H $file >/dev/null");
    173. 

  173. 	print LDIF $ldif;
    174. 

  174. 	return(close(LDIF));
    175. 

  175. }
    176. 

  176. 

  177. sub add_wins_config($$)
    178. 

  178. {
    179. 

  179. 	my ($self, $privatedir) = @_;
    180. 

  180. 

  181. 	return $self->write_ldb_file("$privatedir/wins_config.ldb", "
    182. 

  182. dn: name=TORTURE_11,CN=PARTNERS
    183. 

  183. objectClass: wreplPartner
    184. 

  184. name: TORTURE_11
    185. 

  185. address: 127.0.0.11
    186. 

  186. pullInterval: 0
    187. 

  187. pushChangeCount: 0
    188. 

  188. type: 0x3
    189. 

  189. ");
    190. 

  190. }
    191. 

  191. 

  192. sub mk_fedora_ds($$)
    193. 

  193. {
    194. 

  194. 	my ($self, $ctx) = @_;
    195. 

  195. 

  196. 	#Make the subdirectory be as fedora DS would expect
    197. 

  197. 	my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
    198. 

  198. 

  199. 	my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
    200. 

  200. 

  201. 	return ($fedora_ds_dir, $pidfile);
    202. 

  202. }
    203. 

  203. 

  204. sub mk_openldap($$)
    205. 

  205. {
    206. 

  206. 	my ($self, $ctx) = @_;
    207. 

  207. 

  208. 	my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
    209. 

  209. 	my $pidfile = "$ctx->{ldapdir}/slapd.pid";
    210. 

  210. 

  211. 	return ($slapd_conf_d, $pidfile);
    212. 

  212. }
    213. 

  213. 

  214. sub mk_keyblobs($$)
    215. 

  215. {
    216. 

  216. 	my ($self, $tlsdir) = @_;
    217. 

  217. 

  218. 	#TLS and PKINIT crypto blobs
    219. 

  219. 	my $dhfile = "$tlsdir/dhparms.pem";
    220. 

  220. 	my $cafile = "$tlsdir/ca.pem";
    221. 

  221. 	my $certfile = "$tlsdir/cert.pem";
    222. 

  222. 	my $reqkdc = "$tlsdir/req-kdc.der";
    223. 

  223. 	my $kdccertfile = "$tlsdir/kdc.pem";
    224. 

  224. 	my $keyfile = "$tlsdir/key.pem";
    225. 

  225. 	my $adminkeyfile = "$tlsdir/adminkey.pem";
    226. 

  226. 	my $reqadmin = "$tlsdir/req-admin.der";
    227. 

  227. 	my $admincertfile = "$tlsdir/admincert.pem";
    228. 

  228. 	my $admincertupnfile = "$tlsdir/admincertupn.pem";
    229. 

  229. 

  230. 	mkdir($tlsdir, 0777);
    231. 

  231. 

  232. 	#This is specified here to avoid draining entropy on every run
    233. 

  233. 	open(DHFILE, ">$dhfile");
    234. 

  234. 	print DHFILE <<EOF;
    235. 

  235. -----BEGIN DH PARAMETERS-----
    236. 

  236. MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
    237. 

  237. svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
    238. 

  238. YX70obsCAQI=
    239. 

  239. -----END DH PARAMETERS-----
    240. 

  240. EOF
    241. 

  241. 	close(DHFILE);
    242. 

  242. 

  243. 	#Likewise, we pregenerate the key material.  This allows the
    244. 

  244. 	#other certificates to be pre-generated
    245. 

  245. 	open(KEYFILE, ">$keyfile");
    246. 

  246. 	print KEYFILE <<EOF;
    247. 

  247. -----BEGIN RSA PRIVATE KEY-----
    248. 

  248. MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
    249. 

  249. ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
    250. 

  250. 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
    251. 

  251. AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
    252. 

  252. HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
    253. 

  253. szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
    254. 

  254. 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
    255. 

  255. 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
    256. 

  256. vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
    257. 

  257. kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
    258. 

  258. jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
    259. 

  259. Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
    260. 

  260. cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
    261. 

  261. -----END RSA PRIVATE KEY-----
    262. 

  262. EOF
    263. 

  263. 	close(KEYFILE);
    264. 

  264. 

  265. 	open(ADMINKEYFILE, ">$adminkeyfile");
    266. 

  266. 

  267. 	print ADMINKEYFILE <<EOF;
    268. 

  268. -----BEGIN RSA PRIVATE KEY-----
    269. 

  269. MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
    270. 

  270. 5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
    271. 

  271. XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
    272. 

  272. AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
    273. 

  273. cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
    274. 

  274. osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
    275. 

  275. u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
    276. 

  276. eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
    277. 

  277. I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
    278. 

  278. ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
    279. 

  279. OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
    280. 

  280. yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
    281. 

  281. +cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
    282. 

  282. -----END RSA PRIVATE KEY-----
    283. 

  283. EOF
    284. 

  284. 

  285. 	#generated with
    286. 

  286. 	# hxtool issue-certificate --self-signed --issue-ca \
    287. 

  287. 	# --ca-private-key="FILE:$KEYFILE" \
    288. 

  288. 	# --subject="CN=CA,DC=samba,DC=example,DC=com" \
    289. 

  289. 	# --certificate="FILE:$CAFILE" --lifetime="25 years"
    290. 

  290. 

  291. 	open(CAFILE, ">$cafile");
    292. 

  292. 	print CAFILE <<EOF;
    293. 

  293. -----BEGIN CERTIFICATE-----
    294. 

  294. MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
    295. 

  295. BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
    296. 

  296. LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
    297. 

  297. MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
    298. 

  298. MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
    299. 

  299. A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
    300. 

  300. I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
    301. 

  301. ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
    302. 

  302. AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
    303. 

  303. KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
    304. 

  304. yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR
    305. 

  305. HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g=
    306. 

  306. -----END CERTIFICATE-----
    307. 

  307. EOF
    308. 

  308. 

  309. 	#generated with GNUTLS internally in Samba.
    310. 

  310. 

  311. 	open(CERTFILE, ">$certfile");
    312. 

  312. 	print CERTFILE <<EOF;
    313. 

  313. -----BEGIN CERTIFICATE-----
    314. 

  314. MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
    315. 

  315. YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
    316. 

  316. dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
    317. 

  317. NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
    318. 

  318. c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
    319. 

  319. ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
    320. 

  320. jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
    321. 

  321. S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
    322. 

  322. PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
    323. 

  323. IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
    324. 

  324. BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
    325. 

  325. LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
    326. 

  326. nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
    327. 

  327. -----END CERTIFICATE-----
    328. 

  328. EOF
    329. 

  329. 	close(CERTFILE);
    330. 

  330. 

  331. 	#KDC certificate
    332. 

  332. 	# hxtool request-create \
    333. 

  333. 	# --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
    334. 

  334. 	# --key="FILE:$KEYFILE" $KDCREQ
    335. 

  335. 

  336. 	# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
    337. 

  337. 	# --type="pkinit-kdc" \
    338. 

  338. 	# --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
    339. 

  339. 	# --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
    340. 

  340. 	# --lifetime="25 years"
    341. 

  341. 

  342. 	open(KDCCERTFILE, ">$kdccertfile");
    343. 

  343. 	print KDCCERTFILE <<EOF;
    344. 

  344. -----BEGIN CERTIFICATE-----
    345. 

  345. MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
    346. 

  346. BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
    347. 

  347. LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
    348. 

  348. MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
    349. 

  349. MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
    350. 

  350. Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
    351. 

  351. yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
    352. 

  352. PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
    353. 

  353. AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
    354. 

  354. S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
    355. 

  355. dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
    356. 

  356. MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
    357. 

  357. AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
    358. 

  358. ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv
    359. 

  359. KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg==
    360. 

  360. -----END CERTIFICATE-----
    361. 

  361. EOF
    362. 

  362. 

  363. 	# hxtool request-create \
    364. 

  364. 	# --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
    365. 

  365. 	# --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
    366. 

  366. 

  367. 	# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
    368. 

  368. 	# --type="pkinit-client" \
    369. 

  369. 	# --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
    370. 

  370. 	# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
    371. 

  371. 	# --lifetime="25 years"
    372. 

  372. 	
    373. 

  373. 	open(ADMINCERTFILE, ">$admincertfile");
    374. 

  374. 	print ADMINCERTFILE <<EOF;
    375. 

  375. -----BEGIN CERTIFICATE-----
    376. 

  376. MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
    377. 

  377. BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
    378. 

  378. LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
    379. 

  379. MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
    380. 

  380. MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
    381. 

  381. bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
    382. 

  382. eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
    383. 

  383. xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
    384. 

  384. l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
    385. 

  385. BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
    386. 

  386. RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
    387. 

  387. ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV
    388. 

  388. HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
    389. 

  389. 7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma
    390. 

  390. nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
    391. 

  391. -----END CERTIFICATE-----
    392. 

  392. EOF
    393. 

  393. 	close(ADMINCERTFILE);
    394. 

  394. 

  395. 	# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
    396. 

  396. 	# --type="pkinit-client" \
    397. 

  397. 	# --ms-upn="administrator@samba.example.com" \
    398. 

  398. 	# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
    399. 

  399. 	# --lifetime="25 years"
    400. 

  400. 	
    401. 

  401. 	open(ADMINCERTUPNFILE, ">$admincertupnfile");
    402. 

  402. 	print ADMINCERTUPNFILE <<EOF;
    403. 

  403. -----BEGIN CERTIFICATE-----
    404. 

  404. MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
    405. 

  405. BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
    406. 

  406. LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
    407. 

  407. MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
    408. 

  408. MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
    409. 

  409. bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
    410. 

  410. eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
    411. 

  411. xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
    412. 

  412. l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
    413. 

  413. BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
    414. 

  414. c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
    415. 

  415. +jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
    416. 

  416. 9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS
    417. 

  417. Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
    418. 

  418. Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
    419. 

  419. -----END CERTIFICATE-----
    420. 

  420. EOF
    421. 

  421. }
    422. 

  422. 

  423. sub provision_raw_prepare($$$$$$$$$)
    424. 

  424. {
    425. 

  425. 	my ($self, $prefix, $server_role, $hostname,
    426. 

  426. 	    $domain, $realm, $functional_level,
    427. 

  427. 	    $password, $kdc_ipv4) = @_;
    428. 

  428. 	my $ctx;
    429. 

  429. 	my $netbiosname = uc($hostname);
    430. 

  430. 

  431. 	unless(-d $prefix or mkdir($prefix, 0777)) {
    432. 

  432. 		warn("Unable to create $prefix");
    433. 

  433. 		return undef;
    434. 

  434. 	}
    435. 

  435. 	my $prefix_abs = abs_path($prefix);
    436. 

  436. 

  437. 	die ("prefix=''") if $prefix_abs eq "";
    438. 

  438. 	die ("prefix='/'") if $prefix_abs eq "/";
    439. 

  439. 

  440. 	unless (system("rm -rf $prefix_abs/*") == 0) {
    441. 

  441. 		warn("Unable to clean up");
    442. 

  442. 	}
    443. 

  443. 

  444. 	
    445. 

  445. 	my $swiface = Samba::get_interface($hostname);
    446. 

  446. 

  447. 	$ctx->{prefix} = $prefix;
    448. 

  448. 	$ctx->{prefix_abs} = $prefix_abs;
    449. 

  449. 	
    450. 

  450. 	$ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
    451. 

  451. 

  452. 	$ctx->{server_role} = $server_role;
    453. 

  453. 	$ctx->{hostname} = $hostname;
    454. 

  454. 	$ctx->{netbiosname} = $netbiosname;
    455. 

  455. 	$ctx->{swiface} = $swiface;
    456. 

  456. 	$ctx->{password} = $password;
    457. 

  457. 	$ctx->{kdc_ipv4} = $kdc_ipv4;
    458. 

  458. 

  459. 	$ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
    460. 

  460. 	$ctx->{username} = "Administrator";
    461. 

  461. 	$ctx->{domain} = $domain;
    462. 

  462. 	$ctx->{realm} = uc($realm);
    463. 

  463. 	$ctx->{dnsname} = lc($realm);
    464. 

  464. 

  465. 	$ctx->{functional_level} = $functional_level;
    466. 

  466. 

  467. 	my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
    468. 

  468. 	chomp $unix_name;
    469. 

  469. 	$ctx->{unix_name} = $unix_name;
    470. 

  470. 	$ctx->{unix_uid} = $>;
    471. 

  471. 	$ctx->{unix_gids_str} = $);
    472. 

  472. 	@{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
    473. 

  473. 

  474. 	$ctx->{etcdir} = "$prefix_abs/etc";
    475. 

  475. 	$ctx->{piddir} = "$prefix_abs/pid";
    476. 

  476. 	$ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
    477. 

  477. 	$ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
    478. 

  478. 	$ctx->{privatedir} = "$prefix_abs/private";
    479. 

  479. 	$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
    480. 

  480. 	$ctx->{lockdir} = "$prefix_abs/lockdir";
    481. 

  481. 	$ctx->{statedir} = "$prefix_abs/statedir";
    482. 

  482. 	$ctx->{cachedir} = "$prefix_abs/cachedir";
    483. 

  483. 	$ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
    484. 

  484. 	$ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
    485. 

  485. 	$ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
    486. 

  486. 	$ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
    487. 

  487. 	$ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
    488. 

  488. 

  489. 	$ctx->{tlsdir} = "$ctx->{privatedir}/tls";
    490. 

  490. 

  491. 	$ctx->{ipv4} = "127.0.0.$swiface";
    492. 

  492. 	$ctx->{interfaces} = "$ctx->{ipv4}/8";
    493. 

  493. 

  494. 	push(@{$ctx->{directories}}, $ctx->{privatedir});
    495. 

  495. 	push(@{$ctx->{directories}}, $ctx->{etcdir});
    496. 

  496. 	push(@{$ctx->{directories}}, $ctx->{piddir});
    497. 

  497. 	push(@{$ctx->{directories}}, $ctx->{lockdir});
    498. 

  498. 	push(@{$ctx->{directories}}, $ctx->{statedir});
    499. 

  499. 	push(@{$ctx->{directories}}, $ctx->{cachedir});
    500. 

  500. 

  501. 	$ctx->{smb_conf_extra_options} = "";
    502. 

  502. 

  503. 	my @provision_options = ();
    504. 

  504. 	push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
    505. 

  505. 	push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
    506. 

  506. 	if (defined($ENV{GDB_PROVISION})) {
    507. 

  507. 		push (@provision_options, "gdb --args");
    508. 

  508. 		if (!defined($ENV{PYTHON})) {
    509. 

  509. 		    push (@provision_options, "env");
    510. 

  510. 		    push (@provision_options, "python");
    511. 

  511. 		}
    512. 

  512. 	}
    513. 

  513. 	if (defined($ENV{VALGRIND_PROVISION})) {
    514. 

  514. 		push (@provision_options, "valgrind");
    515. 

  515. 		if (!defined($ENV{PYTHON})) {
    516. 

  516. 		    push (@provision_options, "env");
    517. 

  517. 		    push (@provision_options, "python");
    518. 

  518. 		}
    519. 

  519. 	}
    520. 

  520. 	if (defined($ENV{PYTHON})) {
    521. 

  521. 		push (@provision_options, $ENV{PYTHON});
    522. 

  522. 	}
    523. 

  523. 	push (@provision_options, "$self->{srcdir}/source4/setup/provision");
    524. 

  524. 	push (@provision_options, "--configfile=$ctx->{smb_conf}");
    525. 

  525. 	push (@provision_options, "--host-name=$ctx->{hostname}");
    526. 

  526. 	push (@provision_options, "--host-ip=$ctx->{ipv4}");
    527. 

  527. 	push (@provision_options, "--quiet");
    528. 

  528. 	push (@provision_options, "--domain=$ctx->{domain}");
    529. 

  529. 	push (@provision_options, "--realm=$ctx->{realm}");
    530. 

  530. 	push (@provision_options, "--adminpass=$ctx->{password}");
    531. 

  531. 	push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
    532. 

  532. 	push (@provision_options, "--machinepass=machine$ctx->{password}");
    533. 

  533. 	push (@provision_options, "--root=$ctx->{unix_name}");
    534. 

  534. 	push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
    535. 

  535. 	push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
    536. 

  536. 	push (@provision_options, "--dns-backend=BIND9_DLZ");
    537. 

  537. 	push (@provision_options, "--use-ntvfs");
    538. 

  538. 

  539. 	@{$ctx->{provision_options}} = @provision_options;
    540. 

  540. 

  541. 	return $ctx;
    542. 

  542. }
    543. 

  543. 

  544. #
    545. 

  545. # Step1 creates the basic configuration
    546. 

  546. #
    547. 

  547. sub provision_raw_step1($$)
    548. 

  548. {
    549. 

  549. 	my ($self, $ctx) = @_;
    550. 

  550. 

  551. 	mkdir($_, 0777) foreach (@{$ctx->{directories}});
    552. 

  552. 

  553. 	unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
    554. 

  554. 		warn("can't open $ctx->{smb_conf}$?");
    555. 

  555. 		return undef;
    556. 

  556. 	}
    557. 

  557. 	my $acl = "false";
    558. 

  558. 	$acl = "true" if (defined $ENV{WITH_ACL});
    559. 

  559. 	print CONFFILE "
    560. 

  560. [global]
    561. 

  561. 	acl:search = $acl
    562. 

  562. 	netbios name = $ctx->{netbiosname}
    563. 

  563. 	posix:eadb = $ctx->{statedir}/eadb.tdb
    564. 

  564. 	workgroup = $ctx->{domain}
    565. 

  565. 	realm = $ctx->{realm}
    566. 

  566. 	private dir = $ctx->{privatedir}
    567. 

  567. 	pid directory = $ctx->{piddir}
    568. 

  568. 	ncalrpc dir = $ctx->{ncalrpcdir}
    569. 

  569. 	lock dir = $ctx->{lockdir}
    570. 

  570. 	state directory = $ctx->{statedir}
    571. 

  571. 	cache directory = $ctx->{cachedir}
    572. 

  572. 	winbindd socket directory = $ctx->{winbindd_socket_dir}
    573. 

  573. 	winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
    574. 

  574. 	ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
    575. 

  575. 	winbind separator = /
    576. 

  576. 	name resolve order = file bcast
    577. 

  577. 	interfaces = $ctx->{interfaces}
    578. 

  578. 	tls dh params file = $ctx->{tlsdir}/dhparms.pem
    579. 

  579. 	panic action = $RealBin/gdb_backtrace \%d
    580. 

  580. 	wins support = yes
    581. 

  581. 	server role = $ctx->{server_role}
    582. 

  582. 	server services = +echo +dns +smb -s3fs
    583. 

  583.         dcerpc endpoint servers = +winreg +srvsvc
    584. 

  584. 	notify:inotify = false
    585. 

  585. 	ldb:nosync = true
    586. 

  586. #We don't want to pass our self-tests if the PAC code is wrong
    587. 

  587. 	gensec:require_pac = true
    588. 

  588. 	log level = $ctx->{server_loglevel}
    589. 

  589. 	lanman auth = Yes
    590. 

  590. 	rndc command = true
    591. 

  591. 	dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file} -s $ctx->{smb_conf}
    592. 

  592. 	spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
    593. 

  593. 	resolv:host file = $ctx->{dns_host_file}
    594. 

  594. 	dreplsrv:periodic_startup_interval = 0
    595. 

  595. 	dsdb:schema update allowed = yes
    596. 

  596. 

  597. 	passdb backend = samba4
    598. 

  598. 

  599. 	# remove this again, when our smb2 client library
    600. 

  600. 	# supports signin on compound related requests
    601. 

  601. 	server signing = on
    602. 

  602. ";
    603. 

    604. 

  604. 	print CONFFILE "
    605. 

    606. 

  606. 	# Begin extra options
    607. 

  607. 	$ctx->{smb_conf_extra_options}
    608. 

  608. 	# End extra options
    609. 

  609. ";
    610. 

  610. 	close(CONFFILE);
    611. 

  611. 

  612. 	$self->mk_keyblobs($ctx->{tlsdir});
    613. 

  613. 

  614.         #Default the KDC IP to the server's IP
    615. 

  615. 	if (not defined($ctx->{kdc_ipv4})) {
    616. 

  616.              $ctx->{kdc_ipv4} = $ctx->{ipv4};
    617. 

  617.         }
    618. 

  618. 

  619. 	Samba::mk_krb5_conf($ctx, "");
    620. 

  620. 

  621. 	open(PWD, ">$ctx->{nsswrap_passwd}");
    622. 

  622. 	print PWD "
    623. 

  623. root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
    624. 

  624. nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
    625. 

  625. pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
    626. 

  626. ";
    627. 

  627. 	close(PWD);
    628. 

  628. 

  629. 	open(GRP, ">$ctx->{nsswrap_group}");
    630. 

  630. 	print GRP "
    631. 

  631. root:x:0:
    632. 

  632. wheel:x:10:
    633. 

  633. users:x:100:
    634. 

  634. nobody:x:65533:
    635. 

  635. nogroup:x:65534:nobody
    636. 

  636. ";
    637. 

  637. 	close(GRP);
    638. 

  638. 

  639. 	my $configuration = "--configfile=$ctx->{smb_conf}";
    640. 

  640. 

  641. #Ensure the config file is valid before we start
    642. 

  642. 	my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm";
    643. 

  643. 	if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
    644. 

  644. 		system("$testparm -v --suppress-prompt $configuration >&2");
    645. 

  645. 		warn("Failed to create a valid smb.conf configuration $testparm!");
    646. 

  646. 		return undef;
    647. 

  647. 	}
    648. 

  648. 	unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
    649. 

  649. 		warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
    650. 

  650. 		return undef;
    651. 

  651. 	}
    652. 

  652. 

  653. 	my $ret = {
    654. 

  654. 		KRB5_CONFIG => $ctx->{krb5_conf},
    655. 

  655. 		PIDDIR => $ctx->{piddir},
    656. 

  656. 		SERVER => $ctx->{hostname},
    657. 

  657. 		SERVER_IP => $ctx->{ipv4},
    658. 

  658. 		NETBIOSNAME => $ctx->{netbiosname},
    659. 

  659. 		DOMAIN => $ctx->{domain},
    660. 

  660. 		USERNAME => $ctx->{username},
    661. 

  661. 		REALM => $ctx->{realm},
    662. 

  662. 		PASSWORD => $ctx->{password},
    663. 

  663. 		LDAPDIR => $ctx->{ldapdir},
    664. 

  664. 		LDAP_INSTANCE => $ctx->{ldap_instance},
    665. 

  665. 		WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
    666. 

  666. 		NCALRPCDIR => $ctx->{ncalrpcdir},
    667. 

  667. 		LOCKDIR => $ctx->{lockdir},
    668. 

  668. 		STATEDIR => $ctx->{statedir},
    669. 

  669. 		CACHEDIR => $ctx->{cachedir},
    670. 

  670. 		SERVERCONFFILE => $ctx->{smb_conf},
    671. 

  671. 		CONFIGURATION => $configuration,
    672. 

  672. 		SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
    673. 

  673. 		NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
    674. 

  674. 		NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
    675. 

  675. 		SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
    676. 

  676. 		SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
    677. 

  677. 		SAMBA_TEST_LOG_POS => 0,
    678. 

  678. 	        NSS_WRAPPER_WINBIND_SO_PATH => Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so"),
    679. 

  679.                 LOCAL_PATH => $ctx->{share}
    680. 

  680. 	};
    681. 

  681. 

  682. 	return $ret;
    683. 

  683. }
    684. 

  684. 

  685. #
    686. 

  686. # Step2 runs the provision script
    687. 

  687. #
    688. 

  688. sub provision_raw_step2($$$)
    689. 

  689. {
    690. 

  690. 	my ($self, $ctx, $ret) = @_;
    691. 

  691. 

  692. 	my $provision_cmd = join(" ", @{$ctx->{provision_options}});
    693. 

  693. 	unless (system($provision_cmd) == 0) {
    694. 

  694. 		warn("Unable to provision: \n$provision_cmd\n");
    695. 

  695. 		return undef;
    696. 

  696. 	}
    697. 

  697. 

  698. 	return $ret;
    699. 

  699. }
    700. 

  700. 

  701. sub provision($$$$$$$$)
    702. 

  702. {
    703. 

  703. 	my ($self, $prefix, $server_role, $hostname,
    704. 

  704. 	    $domain, $realm, $functional_level,
    705. 

  705. 	    $password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares) = @_;
    706. 

  706. 

  707. 	my $ctx = $self->provision_raw_prepare($prefix, $server_role,
    708. 

  708. 					       $hostname,
    709. 

  709. 					       $domain, $realm, $functional_level,
    710. 

  710. 					       $password, $kdc_ipv4);
    711. 

  711. 

  712. 	$ctx->{share} = "$ctx->{prefix_abs}/share";
    713. 

  713. 	push(@{$ctx->{directories}}, "$ctx->{share}");
    714. 

  714. 	push(@{$ctx->{directories}}, "$ctx->{share}/test1");
    715. 

  715. 	push(@{$ctx->{directories}}, "$ctx->{share}/test2");
    716. 

  716. 	my $msdfs = "no";
    717. 

  717. 	$msdfs = "yes" if ($server_role eq "domain controller");
    718. 

  718. 	$ctx->{smb_conf_extra_options} = "
    719. 

    720. 

  720. 	max xmit = 32K
    721. 

  721. 	server max protocol = SMB2
    722. 

  722. 	host msdfs = $msdfs
    723. 

  723. 	lanman auth = yes
    724. 

  724. 

  725. 	$extra_smbconf_options
    726. 

  726. 

  727. [tmp]
    728. 

  728. 	path = $ctx->{share}
    729. 

  729. 	read only = no
    730. 

  730. 	posix:sharedelay = 10000
    731. 

  731. 	posix:oplocktimeout = 3
    732. 

  732. 	posix:writetimeupdatedelay = 50000
    733. 

  733. 

  734. [xcopy_share]
    735. 

  735. 	path = $ctx->{share}
    736. 

  736. 	read only = no
    737. 

  737. 	posix:sharedelay = 10000
    738. 

  738. 	posix:oplocktimeout = 3
    739. 

  739. 	posix:writetimeupdatedelay = 50000
    740. 

  740. 	create mask = 777
    741. 

  741. 	force create mode = 777
    742. 

  742. 

  743. [posix_share]
    744. 

  744. 	path = $ctx->{share}
    745. 

  745. 	read only = no
    746. 

  746. 	create mask = 0777
    747. 

  747. 	force create mode = 0
    748. 

  748. 	directory mask = 0777
    749. 

  749. 	force directory mode = 0
    750. 

  750. 

  751. [test1]
    752. 

  752. 	path = $ctx->{share}/test1
    753. 

  753. 	read only = no
    754. 

  754. 	posix:sharedelay = 10000
    755. 

  755. 	posix:oplocktimeout = 3
    756. 

  756. 	posix:writetimeupdatedelay = 50000
    757. 

  757. 

  758. [test2]
    759. 

  759. 	path = $ctx->{share}/test2
    760. 

  760. 	read only = no
    761. 

  761. 	posix:sharedelay = 10000
    762. 

  762. 	posix:oplocktimeout = 3
    763. 

  763. 	posix:writetimeupdatedelay = 50000
    764. 

  764. 

  765. [cifs]
    766. 

  766. 	read only = no
    767. 

  767. 	ntvfs handler = cifs
    768. 

  768. 	cifs:server = $ctx->{netbiosname}
    769. 

  769. 	cifs:share = tmp
    770. 

  770. 	cifs:use-s4u2proxy = yes
    771. 

  771. 	# There is no username specified here, instead the client is expected
    772. 

  772. 	# to log in with kerberos, and the serverwill use delegated credentials.
    773. 

  773. 	# Or the server tries s4u2self/s4u2proxy to impersonate the client
    774. 

  774. 

  775. [simple]
    776. 

  776. 	path = $ctx->{share}
    777. 

  777. 	read only = no
    778. 

  778. 	ntvfs handler = simple
    779. 

  779. 

  780. [sysvol]
    781. 

  781. 	path = $ctx->{statedir}/sysvol
    782. 

  782. 	read only = yes
    783. 

  783. 

  784. [netlogon]
    785. 

  785. 	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
    786. 

  786. 	read only = no
    787. 

  787. 

  788. [cifsposix]
    789. 

  789. 	copy = simple
    790. 

  790. 	ntvfs handler = cifsposix
    791. 

  791. 

  792. $extra_smbconf_shares
    793. 

  793. ";
    794. 

    795. 

  795. 	if (defined($self->{ldap})) {
    796. 

  796. 		$ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
    797. 

  797. 		push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
    798. 

  798. 

  799. 		my $ldap_uri= "$ctx->{ldapdir}/ldapi";
    800. 

  800. 		$ldap_uri =~ s|/|%2F|g;
    801. 

  801. 		$ldap_uri = "ldapi://$ldap_uri";
    802. 

  802. 		$ctx->{ldap_uri} = $ldap_uri;
    803. 

  803. 

  804. 		$ctx->{ldap_instance} = lc($ctx->{netbiosname});
    805. 

  805. 	}
    806. 

  806. 

  807. 	my $ret = $self->provision_raw_step1($ctx);
    808. 

  808. 	unless (defined $ret) {
    809. 

  809. 		return undef;
    810. 

  810. 	}
    811. 

  811. 

  812. 	if (defined($self->{ldap})) {
    813. 

  813. 		$ret->{LDAP_URI} = $ctx->{ldap_uri};
    814. 

  814. 		push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
    815. 

  815. 		push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
    816. 

  816. 		if ($self->{ldap} eq "openldap") {
    817. 

  817. 			push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
    818. 

  818. 			($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
    819. 

  819. 

  820.                 } elsif ($self->{ldap} eq "fedora-ds") {
    821. 

  821.  		        push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
    822. 

  822.  		        push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
    823. 

  823. 			($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
    824. 

  824. 		}
    825. 

  825. 

  826. 	}
    827. 

  827. 

  828. 	return $self->provision_raw_step2($ctx, $ret);
    829. 

  829. }
    830. 

  830. 

  831. sub provision_member($$$)
    832. 

  832. {
    833. 

  833. 	my ($self, $prefix, $dcvars) = @_;
    834. 

  834. 	print "PROVISIONING MEMBER...";
    835. 

  835. 

  836. 	my $ret = $self->provision($prefix,
    837. 

  837. 				   "member server",
    838. 

  838. 				   "s4member",
    839. 

  839. 				   "SAMBADOMAIN",
    840. 

  840. 				   "samba.example.com",
    841. 

  841. 				   "2008",
    842. 

  842. 				   "locMEMpass3",
    843. 

  843. 				   $dcvars->{SERVER_IP},
    844. 

  844. 				   "", "");
    845. 

  845. 	unless ($ret) {
    846. 

  846. 		return undef;
    847. 

  847. 	}
    848. 

  848. 

  849. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    850. 

  850. 	my $cmd = "";
    851. 

  851. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    852. 

  852. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    853. 

  853. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
    854. 

  854. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
    855. 

  855. 	$cmd .= " --machinepass=machine$ret->{password}";
    856. 

  856. 

  857. 	unless (system($cmd) == 0) {
    858. 

  858. 		warn("Join failed\n$cmd");
    859. 

  859. 		return undef;
    860. 

  860. 	}
    861. 

  861. 

  862. 	$ret->{MEMBER_SERVER} = $ret->{SERVER};
    863. 

  863. 	$ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
    864. 

  864. 	$ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
    865. 

  865. 	$ret->{MEMBER_USERNAME} = $ret->{USERNAME};
    866. 

  866. 	$ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
    867. 

  867. 

  868. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    869. 

  869. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    870. 

  870. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    871. 

  871. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    872. 

  872. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    873. 

  873. 

  874. 	return $ret;
    875. 

  875. }
    876. 

  876. 

  877. sub provision_rpc_proxy($$$)
    878. 

  878. {
    879. 

  879. 	my ($self, $prefix, $dcvars) = @_;
    880. 

  880. 	print "PROVISIONING RPC PROXY...";
    881. 

  881. 

  882. 	my $extra_smbconf_options = "
    883. 

    884. 

  884. 	# rpc_proxy
    885. 

  885. 	dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
    886. 

  886. 	dcerpc endpoint servers = epmapper, remote
    887. 

  887. 	dcerpc_remote:interfaces = rpcecho
    888. 

  888. 

  889. [cifs_to_dc]
    890. 

  890. 	read only = no
    891. 

  891. 	ntvfs handler = cifs
    892. 

  892. 	cifs:server = $dcvars->{SERVER}
    893. 

  893. 	cifs:share = cifs
    894. 

  894. 	cifs:use-s4u2proxy = yes
    895. 

  895. 	# There is no username specified here, instead the client is expected
    896. 

  896. 	# to log in with kerberos, and the serverwill use delegated credentials.
    897. 

  897. 	# Or the server tries s4u2self/s4u2proxy to impersonate the client
    898. 

  898. 

  899. ";
    900. 

    901. 

  901. 	my $ret = $self->provision($prefix,
    902. 

  902. 				   "member server",
    903. 

  903. 				   "localrpcproxy",
    904. 

  904. 				   "SAMBADOMAIN",
    905. 

  905. 				   "samba.example.com",
    906. 

  906. 				   "2008",
    907. 

  907. 				   "locRPCproxypass4",
    908. 

  908. 				   $dcvars->{SERVER_IP},
    909. 

  909. 				   $extra_smbconf_options, "");
    910. 

  910. 

  911. 	unless ($ret) {
    912. 

  912. 		return undef;
    913. 

  913. 	}
    914. 

  914. 

  915. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    916. 

  916. 

  917. 	# The joind runs in the context of the rpc_proxy/member for now
    918. 

  918. 	my $cmd = "";
    919. 

  919. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    920. 

  920. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    921. 

  921. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
    922. 

  922. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
    923. 

  923. 	$cmd .= " --machinepass=machine$ret->{password}";
    924. 

  924. 

  925. 	unless (system($cmd) == 0) {
    926. 

  926. 		warn("Join failed\n$cmd");
    927. 

  927. 		return undef;
    928. 

  928. 	}
    929. 

  929. 

  930. 	# Setting up delegation runs in the context of the DC for now
    931. 

  931. 	$cmd = "";
    932. 

  932. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    933. 

  933. 	$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
    934. 

  934. 	$cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
    935. 

  935. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
    936. 

  936. 

  937. 	unless (system($cmd) == 0) {
    938. 

  938. 		warn("Delegation failed\n$cmd");
    939. 

  939. 		return undef;
    940. 

  940. 	}
    941. 

  941. 

  942. 	# Setting up delegation runs in the context of the DC for now
    943. 

  943. 	$cmd = "";
    944. 

  944. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    945. 

  945. 	$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
    946. 

  946. 	$cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
    947. 

  947. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
    948. 

  948. 

  949. 	unless (system($cmd) == 0) {
    950. 

  950. 		warn("Delegation failed\n$cmd");
    951. 

  951. 		return undef;
    952. 

  952. 	}
    953. 

  953. 

  954. 	$ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
    955. 

  955. 	$ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
    956. 

  956. 	$ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
    957. 

  957. 	$ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
    958. 

  958. 	$ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
    959. 

  959. 

  960. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    961. 

  961. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    962. 

  962. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    963. 

  963. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    964. 

  964. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    965. 

  965. 

  966. 	return $ret;
    967. 

  967. }
    968. 

  968. 

  969. sub provision_promoted_vampire_dc($$$)
    970. 

  970. {
    971. 

  971. 	my ($self, $prefix, $dcvars) = @_;
    972. 

  972. 	print "PROVISIONING VAMPIRE DC...";
    973. 

  973. 

  974. 	# We do this so that we don't run the provision.  That's the job of 'net vampire'.
    975. 

  975. 	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
    976. 

  976. 					       "promotedvdc",
    977. 

  977. 					       "SAMBADOMAIN",
    978. 

  978. 					       "samba.example.com",
    979. 

  979. 					       "2008",
    980. 

  980. 					       $dcvars->{PASSWORD},
    981. 

  981. 					       $dcvars->{SERVER_IP});
    982. 

  982. 

  983. 	$ctx->{smb_conf_extra_options} = "
    984. 

  984. 	max xmit = 32K
    985. 

  985. 	server max protocol = SMB2
    986. 

  986. 

  987. [sysvol]
    988. 

  988. 	path = $ctx->{statedir}/sysvol
    989. 

  989. 	read only = yes
    990. 

  990. 

  991. [netlogon]
    992. 

  992. 	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
    993. 

  993. 	read only = no
    994. 

  994. 

  995. ";
    996. 

    997. 

  997. 	my $ret = $self->provision_raw_step1($ctx);
    998. 

  998. 	unless ($ret) {
    999. 

  999. 		return undef;
    1000. 

  1000. 	}
    1001. 

  1001. 

  1002. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    1003. 

  1003. 	my $cmd = "";
    1004. 

  1004. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    1005. 

  1005. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    1006. 

  1006. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
    1007. 

  1007. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
    1008. 

  1008. 	$cmd .= " --machinepass=machine$ret->{password}";
    1009. 

  1009. 

  1010. 	unless (system($cmd) == 0) {
    1011. 

  1011. 		warn("Join failed\n$cmd");
    1012. 

  1012. 		return undef;
    1013. 

  1013. 	}
    1014. 

  1014. 

  1015. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    1016. 

  1016. 	my $cmd = "";
    1017. 

  1017. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    1018. 

  1018. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    1019. 

  1019. 	$cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
    1020. 

  1020. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
    1021. 

  1021. 	$cmd .= " --machinepass=machine$ret->{password}";
    1022. 

  1022. 

  1023. 	unless (system($cmd) == 0) {
    1024. 

  1024. 		warn("Join failed\n$cmd");
    1025. 

  1025. 		return undef;
    1026. 

  1026. 	}
    1027. 

  1027. 

  1028. 	$ret->{PROMOTED_VAMPIRE_DC_SERVER} = $ret->{SERVER};
    1029. 

  1029. 	$ret->{PROMOTED_VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
    1030. 

  1030. 	$ret->{PROMOTED_VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1031. 

  1031. 

  1032. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    1033. 

  1033. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    1034. 

  1034. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    1035. 

  1035. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    1036. 

  1036. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    1037. 

  1037. 

  1038. 	return $ret;
    1039. 

  1039. }
    1040. 

  1040. 

  1041. sub provision_vampire_dc($$$)
    1042. 

  1042. {
    1043. 

  1043. 	my ($self, $prefix, $dcvars) = @_;
    1044. 

  1044. 	print "PROVISIONING VAMPIRE DC...";
    1045. 

  1045. 

  1046. 	# We do this so that we don't run the provision.  That's the job of 'net vampire'.
    1047. 

  1047. 	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
    1048. 

  1048. 					       "localvampiredc",
    1049. 

  1049. 					       "SAMBADOMAIN",
    1050. 

  1050. 					       "samba.example.com",
    1051. 

  1051. 					       "2008",
    1052. 

  1052. 					       $dcvars->{PASSWORD},
    1053. 

  1053. 					       $dcvars->{SERVER_IP});
    1054. 

  1054. 

  1055. 	$ctx->{smb_conf_extra_options} = "
    1056. 

  1056. 	max xmit = 32K
    1057. 

  1057. 	server max protocol = SMB2
    1058. 

  1058. 

  1059. [sysvol]
    1060. 

  1060. 	path = $ctx->{statedir}/sysvol
    1061. 

  1061. 	read only = yes
    1062. 

  1062. 

  1063. [netlogon]
    1064. 

  1064. 	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
    1065. 

  1065. 	read only = no
    1066. 

  1066. 

  1067. ";
    1068. 

    1069. 

  1069. 	my $ret = $self->provision_raw_step1($ctx);
    1070. 

  1070. 	unless ($ret) {
    1071. 

  1071. 		return undef;
    1072. 

  1072. 	}
    1073. 

  1073. 

  1074. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    1075. 

  1075. 	my $cmd = "";
    1076. 

  1076. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    1077. 

  1077. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    1078. 

  1078. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
    1079. 

  1079. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
    1080. 

  1080. 	$cmd .= " --machinepass=machine$ret->{password}";
    1081. 

  1081. 

  1082. 	unless (system($cmd) == 0) {
    1083. 

  1083. 		warn("Join failed\n$cmd");
    1084. 

  1084. 		return undef;
    1085. 

  1085. 	}
    1086. 

  1086. 

  1087. 	$ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
    1088. 

  1088. 	$ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
    1089. 

  1089. 	$ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1090. 

  1090. 

  1091. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    1092. 

  1092. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    1093. 

  1093. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    1094. 

  1094. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    1095. 

  1095. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    1096. 

  1096. 

  1097. 	return $ret;
    1098. 

  1098. }
    1099. 

  1099. 

  1100. sub provision_subdom_dc($$$)
    1101. 

  1101. {
    1102. 

  1102. 	my ($self, $prefix, $dcvars) = @_;
    1103. 

  1103. 	print "PROVISIONING SUBDOMAIN DC...";
    1104. 

  1104. 

  1105. 	# We do this so that we don't run the provision.  That's the job of 'net vampire'.
    1106. 

  1106. 	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
    1107. 

  1107. 					       "localsubdc",
    1108. 

  1108. 					       "SAMBASUBDOM",
    1109. 

  1109. 					       "sub.samba.example.com",
    1110. 

  1110. 					       "2008",
    1111. 

  1111. 					       $dcvars->{PASSWORD},
    1112. 

  1112. 					       undef);
    1113. 

  1113. 

  1114. 	$ctx->{smb_conf_extra_options} = "
    1115. 

  1115. 	max xmit = 32K
    1116. 

  1116. 	server max protocol = SMB2
    1117. 

  1117. 

  1118. [sysvol]
    1119. 

  1119. 	path = $ctx->{statedir}/sysvol
    1120. 

  1120. 	read only = yes
    1121. 

  1121. 

  1122. [netlogon]
    1123. 

  1123. 	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
    1124. 

  1124. 	read only = no
    1125. 

  1125. 

  1126. ";
    1127. 

    1128. 

  1128. 	my $ret = $self->provision_raw_step1($ctx);
    1129. 

  1129. 	unless ($ret) {
    1130. 

  1130. 		return undef;
    1131. 

  1131. 	}
    1132. 

  1132. 

  1133.         my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
    1134. 

  1134.                                                 $dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
    1135. 

  1135. 	Samba::mk_krb5_conf($ctx, $dc_realms);
    1136. 

  1136. 

  1137. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    1138. 

  1138. 	my $cmd = "";
    1139. 

  1139. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    1140. 

  1140. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    1141. 

  1141. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
    1142. 

  1142. 	$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
    1143. 

  1143. 	$cmd .= " --machinepass=machine$ret->{password}";
    1144. 

  1144. 

  1145. 	unless (system($cmd) == 0) {
    1146. 

  1146. 		warn("Join failed\n$cmd");
    1147. 

  1147. 		return undef;
    1148. 

  1148. 	}
    1149. 

  1149. 

  1150. 	$ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
    1151. 

  1151. 	$ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
    1152. 

  1152. 	$ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1153. 

  1153. 

  1154. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    1155. 

  1155. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    1156. 

  1156. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    1157. 

  1157. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    1158. 

  1158. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    1159. 

  1159. 

  1160. 	return $ret;
    1161. 

  1161. }
    1162. 

  1162. 

  1163. sub provision_dc($$)
    1164. 

  1164. {
    1165. 

  1165. 	my ($self, $prefix) = @_;
    1166. 

  1166. 

  1167. 	print "PROVISIONING DC...";
    1168. 

  1168.         my $extra_conf_options = "netbios aliases = localDC1-a
    1169. 

  1169. allow dns updates = True";
    1170. 

  1170. 	my $ret = $self->provision($prefix,
    1171. 

  1171. 				   "domain controller",
    1172. 

  1172. 				   "localdc",
    1173. 

  1173. 				   "SAMBADOMAIN",
    1174. 

  1174. 				   "samba.example.com",
    1175. 

  1175. 				   "2008",
    1176. 

  1176. 				   "locDCpass1",
    1177. 

  1177. 				   undef, $extra_conf_options, "");
    1178. 

  1178. 

  1179. 	return undef unless(defined $ret);
    1180. 

  1180. 	unless($self->add_wins_config("$prefix/private")) {
    1181. 

  1181. 		warn("Unable to add wins configuration");
    1182. 

  1182. 		return undef;
    1183. 

  1183. 	}
    1184. 

  1184. 	$ret->{NETBIOSALIAS} = "localdc1-a";
    1185. 

  1185. 	$ret->{DC_SERVER} = $ret->{SERVER};
    1186. 

  1186. 	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
    1187. 

  1187. 	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1188. 

  1188. 	$ret->{DC_USERNAME} = $ret->{USERNAME};
    1189. 

  1189. 	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
    1190. 

  1190. 

  1191. 	return $ret;
    1192. 

  1192. }
    1193. 

  1193. 

  1194. sub provision_fl2000dc($$)
    1195. 

  1195. {
    1196. 

  1196. 	my ($self, $prefix) = @_;
    1197. 

  1197. 

  1198. 	print "PROVISIONING DC...";
    1199. 

  1199. 	my $ret = $self->provision($prefix,
    1200. 

  1200. 				   "domain controller",
    1201. 

  1201. 				   "dc5",
    1202. 

  1202. 				   "SAMBA2000",
    1203. 

  1203. 				   "samba2000.example.com",
    1204. 

  1204. 				   "2000",
    1205. 

  1205. 				   "locDCpass5",
    1206. 

  1206. 				   undef, "");
    1207. 

  1207. 

  1208. 	unless($self->add_wins_config("$prefix/private")) {
    1209. 

  1209. 		warn("Unable to add wins configuration");
    1210. 

  1210. 		return undef;
    1211. 

  1211. 	}
    1212. 

  1212. 

  1213. 	return $ret;
    1214. 

  1214. }
    1215. 

  1215. 

  1216. sub provision_fl2003dc($$)
    1217. 

  1217. {
    1218. 

  1218. 	my ($self, $prefix) = @_;
    1219. 

  1219. 

  1220. 	print "PROVISIONING DC...";
    1221. 

  1221. 	my $ret = $self->provision($prefix,
    1222. 

  1222. 				   "domain controller",
    1223. 

  1223. 				   "dc6",
    1224. 

  1224. 				   "SAMBA2003",
    1225. 

  1225. 				   "samba2003.example.com",
    1226. 

  1226. 				   "2003",
    1227. 

  1227. 				   "locDCpass6",
    1228. 

  1228. 				   undef, "", "");
    1229. 

  1229. 

  1230. 	unless($self->add_wins_config("$prefix/private")) {
    1231. 

  1231. 		warn("Unable to add wins configuration");
    1232. 

  1232. 		return undef;
    1233. 

  1233. 	}
    1234. 

  1234. 

  1235. 	return $ret;
    1236. 

  1236. }
    1237. 

  1237. 

  1238. sub provision_fl2008r2dc($$)
    1239. 

  1239. {
    1240. 

  1240. 	my ($self, $prefix) = @_;
    1241. 

  1241. 

  1242. 	print "PROVISIONING DC...";
    1243. 

  1243. 	my $ret = $self->provision($prefix,
    1244. 

  1244. 				   "domain controller",
    1245. 

  1245. 				   "dc7",
    1246. 

  1246. 				   "SAMBA2008R2",
    1247. 

  1247. 				   "samba2008R2.example.com",
    1248. 

  1248. 				   "2008_R2",
    1249. 

  1249. 				   "locDCpass7",
    1250. 

  1250. 				   undef, "", "");
    1251. 

  1251. 

  1252. 	unless ($self->add_wins_config("$prefix/private")) {
    1253. 

  1253. 		warn("Unable to add wins configuration");
    1254. 

  1254. 		return undef;
    1255. 

  1255. 	}
    1256. 

  1256. 

  1257. 	return $ret;
    1258. 

  1258. }
    1259. 

  1259. 

  1260. 

  1261. sub provision_rodc($$$)
    1262. 

  1262. {
    1263. 

  1263. 	my ($self, $prefix, $dcvars) = @_;
    1264. 

  1264. 	print "PROVISIONING RODC...";
    1265. 

  1265. 

  1266. 	# We do this so that we don't run the provision.  That's the job of 'net join RODC'.
    1267. 

  1267. 	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
    1268. 

  1268. 					       "rodc",
    1269. 

  1269. 					       "SAMBADOMAIN",
    1270. 

  1270. 					       "samba.example.com",
    1271. 

  1271. 					       "2008",
    1272. 

  1272. 					       $dcvars->{PASSWORD},
    1273. 

  1273. 					       $dcvars->{SERVER_IP});
    1274. 

  1274. 	unless ($ctx) {
    1275. 

  1275. 		return undef;
    1276. 

  1276. 	}
    1277. 

  1277. 

  1278. 	$ctx->{share} = "$ctx->{prefix_abs}/share";
    1279. 

  1279. 	push(@{$ctx->{directories}}, "$ctx->{share}");
    1280. 

  1280. 

  1281. 	$ctx->{smb_conf_extra_options} = "
    1282. 

  1282. 	max xmit = 32K
    1283. 

  1283. 	server max protocol = SMB2
    1284. 

  1284. 

  1285. [sysvol]
    1286. 

  1286. 	path = $ctx->{statedir}/sysvol
    1287. 

  1287. 	read only = yes
    1288. 

  1288. 

  1289. [netlogon]
    1290. 

  1290. 	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
    1291. 

  1291. 	read only = yes
    1292. 

  1292. 

  1293. [tmp]
    1294. 

  1294. 	path = $ctx->{share}
    1295. 

  1295. 	read only = no
    1296. 

  1296. 	posix:sharedelay = 10000
    1297. 

  1297. 	posix:oplocktimeout = 3
    1298. 

  1298. 	posix:writetimeupdatedelay = 50000
    1299. 

  1299. 

  1300. ";
    1301. 

    1302. 

  1302. 	my $ret = $self->provision_raw_step1($ctx);
    1303. 

  1303. 	unless ($ret) {
    1304. 

  1304. 		return undef;
    1305. 

  1305. 	}
    1306. 

  1306. 

  1307. 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
    1308. 

  1308. 	my $cmd = "";
    1309. 

  1309. 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
    1310. 

  1310. 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
    1311. 

  1311. 	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
    1312. 

  1312. 	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
    1313. 

  1313. 	$cmd .= " --server=$dcvars->{DC_SERVER}";
    1314. 

  1314. 

  1315. 	unless (system($cmd) == 0) {
    1316. 

  1316. 		warn("RODC join failed\n$cmd");
    1317. 

  1317. 		return undef;
    1318. 

  1318. 	}
    1319. 

  1319. 

  1320. 	# we overwrite the kdc after the RODC join
    1321. 

  1321. 	# so that use the RODC as kdc and test
    1322. 

  1322. 	# the proxy code
    1323. 

  1323. 	$ctx->{kdc_ipv4} = $ret->{SERVER_IP};
    1324. 

  1324. 	Samba::mk_krb5_conf($ctx);
    1325. 

  1325. 

  1326. 	$ret->{RODC_DC_SERVER} = $ret->{SERVER};
    1327. 

  1327. 	$ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
    1328. 

  1328. 	$ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1329. 

  1329. 

  1330. 	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
    1331. 

  1331. 	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
    1332. 

  1332. 	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
    1333. 

  1333. 	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
    1334. 

  1334. 	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
    1335. 

  1335. 

  1336. 	return $ret;
    1337. 

  1337. }
    1338. 

  1338. 

  1339. sub provision_plugin_s4_dc($$)
    1340. 

  1340. {
    1341. 

  1341. 	my ($self, $prefix) = @_;
    1342. 

  1342. 

  1343. 	my $prefix_abs = abs_path($prefix);
    1344. 

  1344. 

  1345. 	my $bindir_abs = abs_path($self->{bindir});
    1346. 

  1346. 	my $lockdir="$prefix_abs/lockdir";
    1347. 

  1347. 

  1348. 	my $extra_smbconf_options = "
    1349. 

  1349.         server services = -smb +s3fs
    1350. 

  1350.         xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
    1351. 

  1351. 

  1352. 	kernel oplocks = no
    1353. 

  1353. 	kernel change notify = no
    1354. 

  1354. 

  1355. 	syslog = no
    1356. 

  1356. 	printing = bsd
    1357. 

  1357. 	printcap name = /dev/null
    1358. 

  1358. 

  1359. 	max protocol = SMB2
    1360. 

  1360. 	read only = no
    1361. 

  1361. 	server signing = auto
    1362. 

  1362. 

  1363. 	smbd:sharedelay = 100000
    1364. 

  1364. 	smbd:writetimeupdatedelay = 500000
    1365. 

  1365. 	create mask = 755
    1366. 

  1366. 	dos filemode = yes
    1367. 

  1367. 

  1368.         vfs objects = acl_xattr xattr_tdb streams_depot
    1369. 

  1369. 

  1370.         dcerpc endpoint servers = -winreg -srvsvc
    1371. 

  1371. 

  1372. 	printcap name = /dev/null
    1373. 

  1373. 

  1374. 	printing = vlp
    1375. 

  1375. 	print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
    1376. 

  1376. 	lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
    1377. 

  1377. 	lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
    1378. 

  1378. 	lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
    1379. 

  1379. 	lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
    1380. 

  1380. 	queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
    1381. 

  1381. 	queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
    1382. 

  1382. 	lpq cache time = 0
    1383. 

  1383. 

  1384. ";
    1385. 

    1386. 

  1386. 	my $extra_smbconf_shares = "
    1387. 

    1388. 

  1388. [tmpcase]
    1389. 

  1389. 	copy = tmp
    1390. 

  1390. 	case sensitive = yes
    1391. 

  1391. 

  1392. [tmpguest]
    1393. 

  1393. 	copy = tmp
    1394. 

  1394.         guest ok = yes
    1395. 

  1395. 

  1396. [hideunread]
    1397. 

  1397. 	copy = tmp
    1398. 

  1398. 	hide unreadable = yes
    1399. 

  1399. ";
    1400. 

    1401. 

  1401. 	print "PROVISIONING PLUGIN S4 DC...";
    1402. 

  1402. 	my $ret = $self->provision($prefix,
    1403. 

  1403. 				   "domain controller",
    1404. 

  1404. 				   "plugindc",
    1405. 

  1405. 				   "PLUGINDOMAIN",
    1406. 

  1406. 				   "plugin.samba.example.com",
    1407. 

  1407. 				   "2008",
    1408. 

  1408. 				   "locDCpass1",
    1409. 

  1409. 				   undef, $extra_smbconf_options,
    1410. 

  1410.                                    $extra_smbconf_shares);
    1411. 

  1411. 

  1412. 	return undef unless(defined $ret);
    1413. 

  1413. 	unless($self->add_wins_config("$prefix/private")) {
    1414. 

  1414. 		warn("Unable to add wins configuration");
    1415. 

  1415. 		return undef;
    1416. 

  1416. 	}
    1417. 

  1417. 

  1418. 	$ret->{DC_SERVER} = $ret->{SERVER};
    1419. 

  1419. 	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
    1420. 

  1420. 	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1421. 

  1421. 	$ret->{DC_USERNAME} = $ret->{USERNAME};
    1422. 

  1422. 	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
    1423. 

  1423. 

  1424. 	return $ret;
    1425. 

  1425. }
    1426. 

  1426. 

  1427. sub provision_chgdcpass($$)
    1428. 

  1428. {
    1429. 

  1429. 	my ($self, $prefix) = @_;
    1430. 

  1430. 

  1431. 	print "PROVISIONING CHGDCPASS...";
    1432. 

  1432. 	my $ret = $self->provision($prefix,
    1433. 

  1433. 				   "domain controller",
    1434. 

  1434. 				   "chgdcpass",
    1435. 

  1435. 				   "CHDCDOMAIN",
    1436. 

  1436. 				   "chgdcpassword.samba.example.com",
    1437. 

  1437. 				   "2008",
    1438. 

  1438. 				   "chgDCpass1",
    1439. 

  1439. 				   undef);
    1440. 

  1440. 

  1441. 	return undef unless(defined $ret);
    1442. 

  1442. 	unless($self->add_wins_config("$prefix/private")) {
    1443. 

  1443. 		warn("Unable to add wins configuration");
    1444. 

  1444. 		return undef;
    1445. 

  1445. 	}
    1446. 

  1446. 	$ret->{DC_SERVER} = $ret->{SERVER};
    1447. 

  1447. 	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
    1448. 

  1448. 	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
    1449. 

  1449. 	$ret->{DC_USERNAME} = $ret->{USERNAME};
    1450. 

  1450. 	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
    1451. 

  1451. 

  1452. 	return $ret;
    1453. 

  1453. }
    1454. 

  1454. 

  1455. sub teardown_env($$)
    1456. 

  1456. {
    1457. 

  1457. 	my ($self, $envvars) = @_;
    1458. 

  1458. 	my $pid;
    1459. 

  1459. 

  1460. 	# This should cause samba to terminate gracefully
    1461. 

  1461. 	close($envvars->{STDIN_PIPE});
    1462. 

  1462. 

  1463. 	$pid = $envvars->{SAMBA_PID};
    1464. 

  1464. 	my $count = 0;
    1465. 

  1465. 	my $childpid;
    1466. 

  1466. 

  1467. 	# This should give it time to write out the gcov data
    1468. 

  1468. 	until ($count > 30) {
    1469. 

  1469. 	    if (Samba::cleanup_child($pid, "samba") == -1) {
    1470. 

  1470. 		last;
    1471. 

  1471. 	    }
    1472. 

  1472. 	    sleep(1);
    1473. 

  1473. 	    $count++;
    1474. 

  1474. 	}
    1475. 

  1475. 

  1476. 	if ($count <= 20 && kill(0, $pid) == 0) {
    1477. 

  1477. 	    return;
    1478. 

  1478. 	}
    1479. 

  1479. 

  1480. 	kill "TERM", $pid;
    1481. 

  1481. 

  1482. 	until ($count > 20) {
    1483. 

  1483. 	    if (Samba::cleanup_child($pid, "samba") == -1) {
    1484. 

  1484. 		last;
    1485. 

  1485. 	    }
    1486. 

  1486. 	    sleep(1);
    1487. 

  1487. 	    $count++;
    1488. 

  1488. 	}
    1489. 

  1489. 

  1490. 	# If it is still around, kill it
    1491. 

  1491. 	if ($count > 20 && kill(0, $pid) == 0) {
    1492. 

  1492. 	    warn "server process $pid took more than $count seconds to exit, killing\n";
    1493. 

  1493. 	    kill 9, $pid;
    1494. 

  1494. 	}
    1495. 

  1495. 

  1496. 	$self->slapd_stop($envvars) if ($self->{ldap});
    1497. 

  1497. 

  1498. 	print $self->getlog_env($envvars);
    1499. 

  1499. 

  1500. 	return;
    1501. 

  1501. }
    1502. 

  1502. 

  1503. sub getlog_env($$)
    1504. 

  1504. {
    1505. 

  1505. 	my ($self, $envvars) = @_;
    1506. 

  1506. 	my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
    1507. 

  1507. 	my $out = $title;
    1508. 

  1508. 

  1509. 	open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
    1510. 

  1510. 

  1511. 	seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
    1512. 

  1512. 	while (<LOG>) {
    1513. 

  1513. 		$out .= $_;
    1514. 

  1514. 	}
    1515. 

  1515. 	$envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
    1516. 

  1516. 	close(LOG);
    1517. 

  1517. 

  1518. 	return "" if $out eq $title;
    1519. 

  1519. 

  1520. 	return $out;
    1521. 

  1521. }
    1522. 

  1522. 

  1523. sub check_env($$)
    1524. 

  1524. {
    1525. 

  1525. 	my ($self, $envvars) = @_;
    1526. 

  1526. 

  1527. 	my $childpid = Samba::cleanup_child($envvars->{SAMBA_PID}, "samba");
    1528. 

  1528. 

  1529. 	return ($childpid == 0);
    1530. 

  1530. }
    1531. 

  1531. 

  1532. sub setup_env($$$)
    1533. 

  1533. {
    1534. 

  1534. 	my ($self, $envname, $path) = @_;
    1535. 

  1535. 	my $target3 = $self->{target3};
    1536. 

  1536. 

  1537. 	$ENV{ENVNAME} = $envname;
    1538. 

  1538. 

  1539. 	if (defined($self->{vars}->{$envname})) {
    1540. 

  1540. 	        return $self->{vars}->{$envname};
    1541. 

  1541. 	}
    1542. 

  1542. 

  1543. 	if ($envname eq "dc") {
    1544. 

  1544. 		return $self->setup_dc("$path/dc");
    1545. 

  1545. 	} elsif ($envname eq "fl2000dc") {
    1546. 

  1546. 		return $self->setup_fl2000dc("$path/fl2000dc");
    1547. 

  1547. 	} elsif ($envname eq "fl2003dc") {
    1548. 

  1548. 		return $self->setup_fl2003dc("$path/fl2003dc");
    1549. 

  1549. 	} elsif ($envname eq "fl2008r2dc") {
    1550. 

  1550. 		return $self->setup_fl2008r2dc("$path/fl2008r2dc");
    1551. 

  1551. 	} elsif ($envname eq "rpc_proxy") {
    1552. 

  1552. 		if (not defined($self->{vars}->{dc})) {
    1553. 

  1553. 			$self->setup_dc("$path/dc");
    1554. 

  1554. 		}
    1555. 

  1555. 		return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
    1556. 

  1556. 	} elsif ($envname eq "vampire_dc") {
    1557. 

  1557. 		if (not defined($self->{vars}->{dc})) {
    1558. 

  1558. 			$self->setup_dc("$path/dc");
    1559. 

  1559. 		}
    1560. 

  1560. 		return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
    1561. 

  1561. 	} elsif ($envname eq "promoted_vampire_dc") {
    1562. 

  1562. 		if (not defined($self->{vars}->{dc})) {
    1563. 

  1563. 			$self->setup_dc("$path/dc");
    1564. 

  1564. 		}
    1565. 

  1565. 		return $self->setup_promoted_vampire_dc("$path/promoted_vampire_dc", $self->{vars}->{dc});
    1566. 

  1566. 	} elsif ($envname eq "subdom_dc") {
    1567. 

  1567. 		if (not defined($self->{vars}->{dc})) {
    1568. 

  1568. 			$self->setup_dc("$path/dc");
    1569. 

  1569. 		}
    1570. 

  1570. 		return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{dc});
    1571. 

  1571. 	} elsif ($envname eq "s4member") {
    1572. 

  1572. 		if (not defined($self->{vars}->{dc})) {
    1573. 

  1573. 			$self->setup_dc("$path/dc");
    1574. 

  1574. 		}
    1575. 

  1575. 		return $self->setup_member("$path/s4member", $self->{vars}->{dc});
    1576. 

  1576. 	} elsif ($envname eq "rodc") {
    1577. 

  1577. 		if (not defined($self->{vars}->{dc})) {
    1578. 

  1578. 			$self->setup_dc("$path/dc");
    1579. 

  1579. 		}
    1580. 

  1580. 		return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
    1581. 

  1581. 	} elsif ($envname eq "chgdcpass") {
    1582. 

  1582. 		return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
    1583. 

  1583. 	} elsif ($envname eq "s3member") {
    1584. 

  1584. 		if (not defined($self->{vars}->{dc})) {
    1585. 

  1585. 			$self->setup_dc("$path/dc");
    1586. 

  1586. 		}
    1587. 

  1587. 		return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
    1588. 

  1588. 	} elsif ($envname eq "plugin_s4_dc") {
    1589. 

  1589. 		return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
    1590. 

  1590. 	} else {
    1591. 

  1591. 		return "UNKNOWN";
    1592. 

  1592. 	}
    1593. 

  1593. }
    1594. 

  1594. 

  1595. sub setup_member($$$)
    1596. 

  1596. {
    1597. 

  1597. 	my ($self, $path, $dc_vars) = @_;
    1598. 

  1598. 

  1599. 	my $env = $self->provision_member($path, $dc_vars);
    1600. 

  1600. 

  1601. 	if (defined $env) {
    1602. 

  1602. 		$self->check_or_start($env, "single");
    1603. 

  1603. 

  1604. 		$self->wait_for_start($env);
    1605. 

  1605. 

  1606. 		$self->{vars}->{member} = $env;
    1607. 

  1607. 	}
    1608. 

  1608. 

  1609. 	return $env;
    1610. 

  1610. }
    1611. 

  1611. 

  1612. sub setup_rpc_proxy($$$)
    1613. 

  1613. {
    1614. 

  1614. 	my ($self, $path, $dc_vars) = @_;
    1615. 

  1615. 

  1616. 	my $env = $self->provision_rpc_proxy($path, $dc_vars);
    1617. 

  1617. 

  1618. 	if (defined $env) {
    1619. 

  1619. 	        $self->check_or_start($env, "single");
    1620. 

  1620. 

  1621. 		$self->wait_for_start($env);
    1622. 

  1622. 

  1623. 		$self->{vars}->{rpc_proxy} = $env;
    1624. 

  1624. 	}
    1625. 

  1625. 	return $env;
    1626. 

  1626. }
    1627. 

  1627. 

  1628. sub setup_dc($$)
    1629. 

  1629. {
    1630. 

  1630. 	my ($self, $path) = @_;
    1631. 

  1631. 

  1632. 	my $env = $self->provision_dc($path);
    1633. 

  1633. 	if (defined $env) {
    1634. 

  1634. 		$self->check_or_start($env, "standard");
    1635. 

  1635. 

  1636. 		$self->wait_for_start($env);
    1637. 

  1637. 

  1638. 		$self->{vars}->{dc} = $env;
    1639. 

  1639. 	}
    1640. 

  1640. 	return $env;
    1641. 

  1641. }
    1642. 

  1642. 

  1643. sub setup_chgdcpass($$)
    1644. 

  1644. {
    1645. 

  1645. 	my ($self, $path) = @_;
    1646. 

  1646. 

  1647. 	my $env = $self->provision_chgdcpass($path);
    1648. 

  1648. 	if (defined $env) {
    1649. 

  1649. 		$self->check_or_start($env, "single");
    1650. 

  1650. 

  1651. 		$
    1652.

Large files files are truncated, but you can click here to view the full file