+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /samba/domain-join

+ #   Description: test basic functionality as a domain member

+ #   Author: Ales Zelinka <azelinka@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2009 Red Hat, Inc.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/samba/domain-join

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh win-config-*.sh Makefile PURPOSE expect-script

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	chmod a+x ./runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ 

+ include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           Ales Zelinka <azelinka@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     test basic functionality as a domain member" >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        35m" >> $(METADATA)

+ 	@echo "RunFor:          samba" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 	@echo "Requires:        samba samba-devel expect samba-client samba-winbind samba-winbind-clients pam_krb5 ntp ntpdate krb5-workstation authconfig" >> $(METADATA)

+ 	@echo "RhtsRequires:    library(samba/samba-bits)" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

+ PURPOSE of /samba/domain-join

+ Description: test basic functionality as a domain member

+ Author: Ales Zelinka <azelinka@redhat.com>

+ 

+ This test need a preconfigured windows PDC machine running 

+ and its credentials stored in a samba-bits way.

+ 

+ Contact azelinka@redhat.com (or maybe other samba testers/winland admins)

+ for details

+ #!/usr/bin/expect

+ 

+ set username     [lrange $argv 0 0 ]

+ set password [lrange $argv 1 1 ]

+ log_user 1

+ spawn ssh "$username@127.0.0.1" -o StrictHostKeyChecking=no "whoami ; pwd ; exit"

+ expect "*?assword:*" 

+ send -- "$password\r"

+ send -- "\r"

+ expect eof

+ #!/bin/bash

+ # vim: set dictionary=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k:

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /samba/domain-join

+ #   Description: test basic functionality as a domain member

+ #   Author: Ales Zelinka <azelinka@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2009 Red Hat, Inc.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include rhts environment

+ . /usr/bin/rhts-environment.sh

+ . /usr/share/rhts-library/rhtslib.sh

+ 

+ PACKAGE="samba"

+ rpm -q samba3x && PACKAGE="samba3x"

+ TEST=/samba/domain-join

+ 

+ rlJournalStart

+ rlPhaseStartSetup Setup

+     rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"

+     rlRun "cp expect-script $TmpDir/"

+     # if empty, use default win-config

+     [ -z $WINCONFIG ] && WINCONFIG="domain-join"

+     rlRun "cp ./win-config-${WINCONFIG}.sh $TmpDir/win-config.sh" 0 "Copy determined win-config into Tmp directory"

+     rlRun "pushd $TmpDir"

+     rlCheckRpm samba-winbind || rlAssertRpm $PACKAGE

+     rlRun "rlImport samba/samba-bits"

+     rlServiceStop smb smbd nmb nmbd winbindd winbind cups chronyd

+ 

+     rlLogInfo "samba-bits included"

+ 

+     rlRun "sb_get_config"

+     sb_config_join

+     #expect can't handle slash (defautl separator) in variable (it quotes it with curly braces)

+     sb_config_add "global" "winbind enum users = yes"

+     sb_config_add "global" "winbind separator = +"

+     sb_config_add "global" "log level = 10"

+     sb_config_add "global" "winbind request timeout = 120"

+     # BZ#748407

+     sb_config_add "global" "kerberos method = secrets and keytab"

+     sb_share_add "zelshare" "${TmpDir}"

+     rlRun "sb_useradd zelda zelda"

+ 

+     rlFileBackup /etc/pam.d/ /var/log/samba/ /root/.ssh/known_hosts

+     rlFileBackup /var/lib/samba/browse.dat

+ 

+     rlAssertRpm "expect"

+     rlRun "rm -rf /var/log/samba/log.*" 0 "removing samba logs"

+     rlRun "sb_join"

+ 

+     #sleep 30

+     #BZ#866570

+     #rlIsRHEL 5 || rlRun "grep 'Joined.* dns domain' $JLOG" 0 "we talk about domain instead of realm in log (because realm can't be in lowercase)"

+     rlServiceStart winbind nmb smb

+     sb_wait_all

+ rlPhaseEnd

+ 

+ rlGetTestState && {

+ rlPhaseStartTest "Testing-DomainIntegration-${WINCONFIG}"

+    rlRun "authconfig --enablewinbindauth --enablemkhomedir --winbindtemplateshell=/bin/bash --enablewinbindoffline  --update" 0 "authconfig-uring pam"

+    sleep 20

+    #service winbind start performed by authconfig yet

+ #   sb_tries "getent passwd $WORKGROUP+$PDC_LOGIN" 10 10

+    sb_join_verify

+ 

+    rlRun "smbclient -L $PDC_NBNAME.$REALM -U $PDC_LOGIN%$PDC_PASSWORD" 0 "smbclient to PDC works"

+ 

+    rlRun "su \"$WORKGROUP+administrator\" -c whoami |grep administrator" 0 "winbind to pam integration works (online)"

+    rlRun "expect expect-script $WORKGROUP+$PDC_LOGIN $PDC_PASSWORD | grep -i \"/home/$WORKGROUP/$PDC_LOGIN\"" 0 "windows user can ssh in"

+    rlGetPhaseState || rlBundleLogs logs /var/log/samba/*

+    #megaverbose desperation debugging disabled

+    set +x

+ rlPhaseEnd

+ 

+ rlPhaseStartTest Testing-OfflineMode

+    rlRun "rm -rf /var/log/samba/log.*" 0 "removing samba logs"

+    rlRun "iptables -I OUTPUT -p udp ! --dport 53 -d $PDC_IP -j DROP" 0 "disabling all connections to PDC except for dns"

+    rlRun "su \"$WORKGROUP+administrator\" -c whoami |grep administrator" 0 "winbind to pam integration works (offline)"

+    rlGetPhaseState || rlBundleLogs logs /var/log/samba/*

+ rlPhaseEnd

+ 

+ rlPhaseStartTest Testing-OfflineMode-BZ#626407

+    rlRun "rm -rf /var/log/samba/log.*" 0 "removing samba logs"

+    rlRun "service winbind restart" 0 "restarting winbind to verify BZ#626407 fix"

+    sb_wait_winbind

+    rlRun "su \"$WORKGROUP+administrator\" -c whoami |grep administrator" 0 "still works even after winbind restart (didn't wipe out caches)"

+    rlRun "iptables -D OUTPUT -p udp ! --dport 53 -d $PDC_IP -j DROP" 0 "enabling connections to PDC"

+    rlGetPhaseState || rlBundleLogs logs /var/log/samba/*

+    sb_leave

+    rlServiceStop smb nmb winbind

+    sleep 10

+ rlPhaseEnd

+ 

+ if rlIsRHEL ">=6.8"; then

+ rlPhaseStartTest "Test net join not update dns"

+     rlRun "net ads join -U${PDC_LOGIN}%${PDC_PASSWORD} --no-dns-updates"

+     sleep 20

+     rlRun "net ads leave -U${WORKGROUP}\\\\${PDC_LOGIN}%${PDC_PASSWORD}"

+ rlPhaseEnd

+ fi

+ 

+ if ! rlIsRHEL 5; then

+ rlPhaseStartTest keytab-AES-BZ#748407

+    klist  -ke /etc/krb5.keytab

+    rlRun "klist  -ke /etc/krb5.keytab |grep -q '(aes.*)'" 0 "AES keys found in the keytab"

+ rlPhaseEnd

+ 

+    rlPhaseStartTest Testing-Join-Using-Kerberos-BZ#737808

+       rlRun "REALM_UPPER=$(echo $REALM | tr '[:lower:]' '[:upper:]')"

+       rlRun "kdestroy"

+ cat > expect-script-kinit <<EOF2

+ #!/usr/bin/expect

+ spawn kinit $PDC_LOGIN@$REALM_UPPER

+ expect "*?assword:*"

+ send -- "$PDC_PASSWORD\r"

+ expect eof

+ EOF2

+       rlRun "chmod +x expect-script-kinit"

+       rlRun "./expect-script-kinit 2>&1 | tee expect-script-kinit.log"

+       rlRun "klist"

+       sleep 60

+       rlRun "net ads join -k"

+       rlRun "net ads testjoin -k"

+       rlRun "net ads leave -k"

+       rlRun "kdestroy"

+       rlGetPhaseState || rlBundleLogs logs /var/log/samba/* expect-script-kinit.log

+    rlPhaseEnd

+ fi

+ }

+ 

+ rlPhaseStartCleanup Cleanup

+     rlFileRestore

+     rlRun "[ \"$WORKGROUP/$PDC_LOGIN\" != '/' ] && rm -rf \"/home/$WORKGROUP/$PDC_LOGIN\"" 0 "removing administrator's homedir"

+     rlServiceRestore cups chronyd

+ 

+     userdel -f zelda

+     rm -rf /home/ZELGROUP

+     rlRun "popd"

+     rlRun "rm -r $TmpDir" 0 "Removing tmp directory"

+ rlPhaseEnd

+ 

+ rlJournalPrintText

+ rlJournalEnd

+ 

+ WORKGROUP="CHILDREN3"

+ REALM="CHILDREN3.ZELTRUST.ZEL"

+ PDC_NBNAME="x64-win-2008-child3"

+ PDC_IP="10.37.152.188"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="crappyP0licies"

+ SECURITY="ADS"

+ WORKGROUP="ZELTRUST"

+ REALM="ZELTRUST.ZEL"

+ PDC_NBNAME="x64-win-2008-PDC"

+ PDC_IP="10.37.152.196"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="crappyP0licies"

+ SECURITY="ADS"

+ WORKGROUP="ZELGROUP"

+ REALM="ZELGROUP.ZEL"

+ PDC_NBNAME="i386-win-2003"

+ PDC_IP="10.37.152.192"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="crappyP0licies"

+ SECURITY="ADS"

+ WORKGROUP="ZELGROUP"

+ REALM="ZELGROUP.ZEL"

+ PDC_NBNAME="BDC"

+ PDC_IP="10.37.152.195"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="crappyP0licies"

+ SECURITY="ADS"

+ WORKGROUP="WIN14"

+ REALM="WIN14.ENGLAB.BRQ.REDHAT.COM"

+ #PDC_NBNAME="x64-win-2008datacenter"

+ PDC_NBNAME="x64-win-2008-r2"

+ PDC_IP="10.34.33.24"

+ PDC_LOGIN="Administrator"

+ PDC_PASSWORD="vEl0cip0d1"

+ SECURITY="ADS"

+ 

+ WORKGROUP="STRICTLAND"

+ REALM="STRICTLAND.ZEL"

+ PDC_NBNAME="policajt"

+ PDC_IP="10.34.33.19"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="MSBlessYou!"

+ SECURITY="ADS"

+ WORKGROUP="ZELGROUP"

+ REALM="ZELGROUP.ZEL"

+ PDC_NBNAME="i386-win-2003"

+ PDC_IP="10.37.152.192"

+ PDC_LOGIN="administrator"

+ PDC_PASSWORD="crappyP0licies"

+ SECURITY="ADS"

+ ---

+ # Tests that run in classic context

+ - hosts: localhost

+   roles:

+   - role: standard-test-rhts

+     use_beakerlib_libraries: yes

+     tags:

+     - classic

+     tests:

+     - domain-join

+     required_packages:

+     - beakerlib-libraries

+     - findutils             # beakerlib needs find command

+     - authconfig            # domain-join needs it

+     - expect                # domain-join needs it

+     - krb5-workstation      # domain-join needs it

+     - ntp                   # domain-join needs it

+     - ntpdate               # domain-join needs it

+     - pam_krb5              # domain-join needs it

+     - samba                 # domain-join needs it

+     - samba-devel           # domain-join needs it

+     - samba-client          # domain-join needs it

+     - samba-winbind         # domain-join needs it

+     - samba-winbind-clients # domain-join needs it