[SCM] Samba Shared Repository - branch master updated
Tim Beale
timbeale at samba.org
Tue Nov 27 05:58:02 UTC 2018
The branch, master has been updated
via 0d15c2be6a2 tests: Rework backup test inheritance to make LP constraints clearer
via cbcd8eec6ea tests: Work out DOMSID via samdb rather than environs
via 738418ea3ee tests: Run backup tests against restoredc (SMBv1 disabled)
via 2e235bda9f7 python/samba/test: PY3 port samba.tests.domain_backup
via 70dee4c1c14 tests: Handle backup command exceptions as test failures, not errors
via 93c2a952235 tests: Rework backup test_backup_invalid_args test-case
via 160031f7b7e selftest: Designate one testenv as having SMBv1 disabled
via 88ccd418fde tests: Use s3 smbclient for testenv smoketests
via bfb138e9be6 selftest: Make testenv NTVFS usage match --use-ntvfs
via da933b7664c selftest: Make chgdcpass's NTVFS usage more obvious
via 632b3ab7d49 selftest: Be explicit about which testenvs use ntvfs
from baacc703940 libads: Align integer types
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0d15c2be6a2b8b70b9898326e8c5176cbcdb1ca6
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Nov 22 16:56:22 2018 +1300
tests: Rework backup test inheritance to make LP constraints clearer
The backup tests have a special constraint where we always want to use
check_output() over runcmd(). The reason is we need the samba-tool
backup/restore commands executed in a separate process. Otherwise the
global underlying LoadParm can accumulate settings from earlier test
case runs.
We can avoid someone in future inadvertently running runcmd() by
mistake, by simply changing the inheritance so we no longer inherit from
SambaToolCmdTest (so the runcmd functions are no longer present).
The comment explaining this has been moved to the top of the file.
Note that the TestCaseInTempDir inheritance was redundant.
BlackboxTestCase inherits from TestCaseInTempDir (and SambaToolCmdTest
was inheriting from BlackboxTestCase).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Tue Nov 27 06:57:03 CET 2018 on sn-devel-144
commit cbcd8eec6ea7eb32d4860eefdec5009ff274e967
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Nov 23 09:46:38 2018 +1300
tests: Work out DOMSID via samdb rather than environs
Not all testenvs have the DOMSID set as an environment variable.
However, it's easy enough to work out from querying the samdb.
This is a slight change in that we use a source4-generated loadparm
to connect to the DB (self.lp is source3-generated, presumably for
some SMB connection dependency).
This change is so we can run the ntacls_backup tests against a DC with
SMBv1 disabled (the restoredc). Note that currently the tests fail in
the smb.SMB() connection in the setUp(), so we can't run them as part
of autobuild just yet (because we can't known-fail test errors).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 738418ea3ee669b1b917f4b8a6da1f69fa3558f1
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Nov 22 14:05:01 2018 +1300
tests: Run backup tests against restoredc (SMBv1 disabled)
Running the backup tests against the restoredc highlights that the
backup online/rename commands don't work if SMBv1 is disabled. Note that
the offline commands still work because they don't rely on an SMB
connection to the server.
(Note that running the backup tests against the restoredc is probably a
good idea anyway, to prove that there's no limit to the number of times
you can restore a domain from backup, i.e. we support more than just a
one-off restore).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2e235bda9f7e0aa8bce4846264eecd2e051a6c57
Author: Noel Power <noel.power at suse.com>
Date: Mon Nov 5 19:00:20 2018 +0000
python/samba/test: PY3 port samba.tests.domain_backup
The restoredc already runs under python3, so before we can run the
domain_backup tests against the restoredc, we need to make sure they
work under python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Noel Power <noel.power at suse.com>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 70dee4c1c14ea3eb5c8c81887c6caaa6dc288807
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Nov 22 14:35:58 2018 +1300
tests: Handle backup command exceptions as test failures, not errors
If the backup command fails (i.e. throws an exception), we want the test
to fail. This makes it easier to mark tests as 'knownfail' (because we
can't knownfail test errors).
In theory, this should just involve updating run_cmd() to catch any
exceptions from the command and then call self.fail().
However, if the backup command fails, it can leave behind files in the
targetdir. Partly this is intentional, as these files may provide clues
to users as to why the command failed. However, in selftest, it causes
the TestCaseInTempDir._remove_tempdir() assertion to fire. Because this
assert actually gets run as part of the teardown, the assertion gets
treated as an error rather than a failure (and so we can't knownfail the
backup tests). To get around this, we remove any files in the tempdir
prior to calling self.fail().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 93c2a9522357e7d70d028cbd6bbeda103f40c69e
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Nov 22 14:35:58 2018 +1300
tests: Rework backup test_backup_invalid_args test-case
self.create_backup() uses self.run_cmd(), which is a wrapper around
self.check_output(). Rework the code to call the underlying
check_output() function directly instead.
The reason we're doing this is we want run_cmd() to catch exceptions and
fail the test (i.e. in the next patch). However, we can't do that because
this test case relies on receiving the exceptions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 160031f7b7e4e14a1b9ff9316b166fd52b7d401d
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Nov 22 13:22:19 2018 +1300
selftest: Designate one testenv as having SMBv1 disabled
We recommend users disable SMBv1 to avoid potential security holes.
However, none of the AD DC testenvs have SMBv1 disabled.
This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc).
I chose restoredc as we'll want to run the backup tool tests against
this target, and it might be useful to check we can backup a DC if it's
already been restored once.
Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does),
which is why we haven't just disabled SMBv1 on *all* testenvs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 88ccd418fdee67ef8f2e4c06acc1488a875c641e
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Nov 26 11:58:31 2018 +1300
tests: Use s3 smbclient for testenv smoketests
smbclient4 doesn't support SMBv2 connections, i.e. it won't work against
a DC with SMBv1 disabled. The smoke-test here is that the DC accepts
the connection, so we don't really care what SMB tool we use to connect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bfb138e9be6e28cce88c4ef2221cc5712e0593a1
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Nov 26 14:28:59 2018 +1300
selftest: Make testenv NTVFS usage match --use-ntvfs
Regardless of whether the testenv uses --use-ntvfs as part of its
provision options, the s4 testenvs all default to using the NTVFS file
server.
It's not particularly obvious that this is happening. The new restore
DCS (restoredc, renamedc, labdc) were all using NTVFS unintentionally.
The problem is the s4 testenvs default to using services '-s3fs +smb".
provision_ad_dc() explicitly overrides this to use s3fs again
(technically it ends up with both in its smb.conf and just uses whatever
comes last).
This patch changes the testenv setup to check for the presence of the
'--use-ntvfs' option and to set the 'server services' config option
appropriately. This way, the provision command and the smb.conf options
should always line up, with respect to NTVFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit da933b7664c5ae6afa81993d9dcd7127567992de
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Nov 26 14:59:06 2018 +1300
selftest: Make chgdcpass's NTVFS usage more obvious
The chgdcpass testenv was not passing --use-ntvfs to the provision
command, but it was still actually using NTVFS.
The reason is the smb.conf generated by provision_raw_step1() would
always try to use the s4/NTVFS file server. Because the smb.conf already
existed, this trumped what was passed to the provision command.
This patch doesn't change the chgdcpass file server. It just makes it
more obvious that chgdcpass is using NTVFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 632b3ab7d492b9ed0b2f9709a91397104e227d4a
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Nov 26 13:32:03 2018 +1300
selftest: Be explicit about which testenvs use ntvfs
If a testenv didn't specify any other provision arguments, then it
defaulted to using the NTVFS file server.
This patch makes it explicit, so we just pass through "--use-ntvfs" as
extra provision args in the cases we want.
(Whether all these testenvs really need to use NTVFS or not is another
question, but at least now it's easy to see which testenvs use it).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/__init__.py | 1 +
python/samba/tests/domain_backup.py | 59 +++++++++++++++++----------
python/samba/tests/domain_backup_offline.py | 12 ++++--
python/samba/tests/ntacls_backup.py | 16 ++++----
selftest/knownfail.d/domain_backup | 12 ++++++
selftest/target/README | 1 +
selftest/target/Samba4.pm | 63 +++++++++++++++++++++--------
source4/selftest/tests.py | 13 ++++--
8 files changed, 123 insertions(+), 54 deletions(-)
create mode 100644 selftest/knownfail.d/domain_backup
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index d79fcfbb997..9b30d2efa1e 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -294,6 +294,7 @@ class TestCaseInTempDir(TestCase):
self.addCleanup(self._remove_tempdir)
def _remove_tempdir(self):
+ # Note asserting here is treated as an error rather than a test failure
self.assertEquals([], os.listdir(self.tempdir))
os.rmdir(self.tempdir)
self.tempdir = None
diff --git a/python/samba/tests/domain_backup.py b/python/samba/tests/domain_backup.py
index e9fcd31fb25..2a5df739d2c 100644
--- a/python/samba/tests/domain_backup.py
+++ b/python/samba/tests/domain_backup.py
@@ -18,9 +18,8 @@ from samba import provision, param
import tarfile
import os
import shutil
-from samba.tests.samba_tool.base import SambaToolCmdTest
-from samba.tests import (TestCaseInTempDir, env_loadparm, create_test_ou,
- BlackboxProcessError)
+from samba.tests import (env_loadparm, create_test_ou, BlackboxProcessError,
+ BlackboxTestCase, connect_samdb)
import ldb
from samba.samdb import SamDB
from samba.auth import system_session
@@ -39,8 +38,14 @@ def get_prim_dom(secrets_path, lp):
scope=ldb.SCOPE_SUBTREE,
expression="(objectClass=kerberosSecret)")
-
-class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
+# The backup tests require that a completely clean LoadParm object gets used
+# for the restore. Otherwise the same global LP gets re-used, and the LP
+# settings can bleed from one test case to another.
+# To do this, these tests should use check_output(), which executes the command
+# in a separate process (as opposed to runcmd(), runsubcmd()).
+# So although this is a samba-tool test, we don't inherit from SambaToolCmdTest
+# so that we never inadvertently use .runcmd() by accident.
+class DomainBackupBase(BlackboxTestCase):
def setUp(self):
super(DomainBackupBase, self).setUp()
@@ -50,8 +55,7 @@ class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
os.environ["DC_PASSWORD"])
# LDB connection to the original server being backed up
- self.ldb = self.getSamDB("-H", "ldap://%s" % server,
- self.user_auth)
+ self.ldb = connect_samdb("ldap://%s" % server)
self.new_server = "BACKUPSERV"
self.server = server.upper()
self.base_cmd = None
@@ -271,7 +275,7 @@ class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
self.assertEqual(len(bkp_pd), 1)
acn = bkp_pd[0].get('samAccountName')
self.assertIsNotNone(acn)
- self.assertEqual(acn[0].replace('$', ''), self.new_server)
+ self.assertEqual(str(acn[0]), self.new_server + '$')
self.assertIsNotNone(bkp_pd[0].get('secret'))
samdb = SamDB(url=paths.samdb, session_info=system_session(),
@@ -360,16 +364,25 @@ class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
not in owner.extended_str(),
"%s found as FSMO %s role owner" % (server, role))
+ def cleanup_tempdir(self):
+ for filename in os.listdir(self.tempdir):
+ filepath = os.path.join(self.tempdir, filename)
+ shutil.rmtree(filepath)
+
def run_cmd(self, args):
"""Executes a samba-tool backup/restore command"""
- # we use check_output() here to execute the command because we want the
- # command run in a separate process. This means a completely clean
- # LoadParm object gets used for the restore (otherwise the global LP
- # settings can bleed from one test case to another).
cmd = " ".join(args)
print("Executing: samba-tool %s" % cmd)
- out = self.check_output("samba-tool " + cmd)
+ try:
+ # note: it's important we run the cmd in a separate process here
+ out = self.check_output("samba-tool " + cmd)
+ except BlackboxProcessError as e:
+ # if the command failed, it may have left behind temporary files.
+ # We're going to fail the test, but first cleanup any temp files so
+ # that we skip the TestCaseInTempDir._remove_tempdir() assertions
+ self.cleanup_tempdir()
+ self.fail("Error calling samba-tool: %s" % e)
print(out)
def create_backup(self, extra_args=None):
@@ -479,14 +492,17 @@ class DomainBackupRename(DomainBackupBase):
"""Checks that rename commands with invalid args are rejected"""
# try a "rename" using the same realm as the DC currently has
- self.base_cmd = ["domain", "backup", "rename", self.restore_domain,
- os.environ["REALM"]]
- self.assertRaises(BlackboxProcessError, self.create_backup)
+ rename_cmd = "samba-tool domain backup rename "
+ bad_cmd = "{cmd} {domain} {realm}".format(cmd=rename_cmd,
+ domain=self.restore_domain,
+ realm=os.environ["REALM"])
+ self.assertRaises(BlackboxProcessError, self.check_output, bad_cmd)
# try a "rename" using the same domain as the DC currently has
- self.base_cmd = ["domain", "backup", "rename", os.environ["DOMAIN"],
- self.restore_realm]
- self.assertRaises(BlackboxProcessError, self.create_backup)
+ bad_cmd = "{cmd} {domain} {realm}".format(cmd=rename_cmd,
+ domain=os.environ["DOMAIN"],
+ realm=self.restore_realm)
+ self.assertRaises(BlackboxProcessError, self.check_output, bad_cmd)
def add_link(self, attr, source, target):
m = ldb.Message()
@@ -537,8 +553,9 @@ class DomainBackupRename(DomainBackupBase):
self.assertEqual(len(res), 1,
"Failed to find renamed link source object")
self.assertTrue(link_attr in res[0], "Missing link attribute")
- self.assertTrue(new_target_dn in res[0][link_attr])
- self.assertTrue(new_server_dn in res[0][link_attr])
+ link_values = [str(x) for x in res[0][link_attr]]
+ self.assertTrue(new_target_dn in link_values)
+ self.assertTrue(new_server_dn in link_values)
# extra checks we run on the restored DB in the rename case
def check_restored_database(self, lp, expect_secrets=True):
diff --git a/python/samba/tests/domain_backup_offline.py b/python/samba/tests/domain_backup_offline.py
index f5fa1561de2..8b7209ec24d 100644
--- a/python/samba/tests/domain_backup_offline.py
+++ b/python/samba/tests/domain_backup_offline.py
@@ -19,11 +19,17 @@ import tarfile
import os
import shutil
import tempfile
-from samba.tests.samba_tool.base import SambaToolCmdTest
-from samba.tests import TestCaseInTempDir
+from samba.tests import BlackboxTestCase
from samba.netcmd import CommandError
-class DomainBackupOfflineCmp(SambaToolCmdTest, TestCaseInTempDir):
+# The backup tests require that a completely clean LoadParm object gets used
+# for the restore. Otherwise the same global LP gets re-used, and the LP
+# settings can bleed from one test case to another.
+# To do this, these tests should use check_output(), which executes the command
+# in a separate process (as opposed to runcmd(), runsubcmd()).
+# So although this is a samba-tool test, we don't inherit from SambaToolCmdTest
+# so that we never inadvertently use .runcmd() by accident.
+class DomainBackupOfflineCmp(BlackboxTestCase):
def test_domain_backup_offline_untar_tdb(self):
self.untar_testcase('tdb')
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index bb1bc97ef43..0ee044f1336 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -25,9 +25,8 @@ from samba import samdb
from samba import ntacls
from samba.auth import system_session
-from samba.param import LoadParm
from samba.dcerpc import security
-from samba.tests import TestCaseInTempDir
+from samba.tests import TestCaseInTempDir, env_loadparm
class NtaclsBackupRestoreTests(TestCaseInTempDir):
@@ -47,21 +46,20 @@ class NtaclsBackupRestoreTests(TestCaseInTempDir):
os.environ["LOCAL_PATH"], self.service)
self.smb_conf_path = os.environ['SMB_CONF_PATH']
- self.dom_sid = security.dom_sid(os.environ['DOMSID'])
-
self.creds = self.insta_creds(template=self.get_credentials())
+ self.samdb_conn = samdb.SamDB(
+ url=samdb_url, session_info=system_session(),
+ credentials=self.creds, lp=env_loadparm())
+
+ self.dom_sid = security.dom_sid(self.samdb_conn.get_domain_sid())
+
# helper will load conf into lp, that's how smbd can find services.
self.ntacls_helper = ntacls.NtaclsHelper(self.service,
self.smb_conf_path,
self.dom_sid)
-
self.lp = self.ntacls_helper.lp
- self.samdb_conn = samdb.SamDB(
- url=samdb_url, session_info=system_session(),
- credentials=self.creds, lp=self.lp)
-
self.smb_conn = smb.SMB(
self.server, self.service, lp=self.lp, creds=self.creds)
diff --git a/selftest/knownfail.d/domain_backup b/selftest/knownfail.d/domain_backup
new file mode 100644
index 00000000000..24f4d87981c
--- /dev/null
+++ b/selftest/knownfail.d/domain_backup
@@ -0,0 +1,12 @@
+# these tests only work with SMBv1, which is disabled on the restoredc
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_one_way_links\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_untar\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_with_conf\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_no_secrets\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_into_site\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_untar\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_with_conf\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_no_secrets\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_into_site\(restoredc:local\)
+samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore\(restoredc:local\)
diff --git a/selftest/target/README b/selftest/target/README
index 3fd283ed266..b25dbab97da 100644
--- a/selftest/target/README
+++ b/selftest/target/README
@@ -67,6 +67,7 @@ are separate testenvs for each one.
exist.
- restoredc: tests the 'backup online' option. Online backups are similar to
doing a DC join.
+ Restoredc's other unique feature is that is has SMBv1 disabled.
- offlinebackupdc: tests the 'backup offline' option. Offline backups capture
the raw DB files on disk (safely).
- renamedc: tests the 'backup rename' option, where the domain and realm are
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c2e9fdb8276..0a6c85d1ba7 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -592,6 +592,16 @@ sub provision_raw_prepare($$$$$$$$$$$$)
return $ctx;
}
+sub has_option
+{
+ my ($self, $keyword, @options_list) = @_;
+
+ # convert the options-list to a hash-map for easy keyword lookup
+ my %options_dict = map { $_ => 1 } @options_list;
+
+ return exists $options_dict{$keyword};
+}
+
#
# Step1 creates the basic configuration
#
@@ -616,6 +626,13 @@ sub provision_raw_step1($$)
my $crlfile = "$ctx->{tlsdir}/crl.pem";
$crlfile = "" unless -e ${crlfile};
+ # work out which file server to use. Default to source3 smbd (s3fs),
+ # unless the source4 NTVFS (smb) file server has been specified
+ my $services = "-smb +s3fs";
+ if ($self->has_option("--use-ntvfs", @{$ctx->{provision_options}})) {
+ $services = "+smb -s3fs";
+ }
+
print CONFFILE "
[global]
netbios name = $ctx->{netbiosname}
@@ -639,7 +656,7 @@ sub provision_raw_step1($$)
panic action = $RealBin/gdb_backtrace \%d
wins support = yes
server role = $ctx->{server_role}
- server services = +echo +smb -s3fs
+ server services = +echo $services
dcerpc endpoint servers = +winreg +srvsvc
notify:inotify = false
ldb:nosync = true
@@ -966,8 +983,6 @@ sub provision($$$$$$$$$$)
if (defined($extra_provision_options)) {
push (@{$ctx->{provision_options}}, @{$extra_provision_options});
- } else {
- push (@{$ctx->{provision_options}}, "--use-ntvfs");
}
$ctx->{share} = "$ctx->{prefix_abs}/share";
@@ -1133,6 +1148,7 @@ rpc_server:tcpip = no
if ($more_conf) {
$extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
}
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"member server",
$hostname,
@@ -1142,7 +1158,8 @@ rpc_server:tcpip = no
"locMEMpass3",
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6},
- $extra_smb_conf, "", undef);
+ $extra_smb_conf, "",
+ $extra_provision_options);
unless ($ret) {
return undef;
}
@@ -1210,6 +1227,7 @@ sub provision_rpc_proxy($$$)
";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"member server",
"localrpcproxy",
@@ -1219,7 +1237,8 @@ sub provision_rpc_proxy($$$)
"locRPCproxypass4",
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6},
- $extra_smbconf_options, "", undef);
+ $extra_smbconf_options, "",
+ $extra_provision_options);
unless ($ret) {
return undef;
}
@@ -1570,6 +1589,7 @@ sub provision_ad_dc_ntvfs($$)
dsdb group change notification = true
server schannel = auto
";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"localdc",
@@ -1581,7 +1601,7 @@ sub provision_ad_dc_ntvfs($$)
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless ($ret) {
return undef;
}
@@ -1611,7 +1631,7 @@ sub provision_fl2000dc($$)
spnego:simulate_w2k=yes
ntlmssp_server:force_old_spnego=yes
";
- my $extra_provision_options = undef;
+ my $extra_provision_options = ["--use-ntvfs"];
# This environment uses plain text secrets
# i.e. secret attributes are not encrypted on disk.
# This allows testing of the --plaintext-secrets option for
@@ -1658,6 +1678,7 @@ sub provision_fl2003dc($$$)
my $extra_conf_options = "allow dns updates = nonsecure and secure
dcesrv:header signing = no
dns forwarder = 127.0.0.$swiface1 127.0.0.$swiface2";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"dc6",
@@ -1669,7 +1690,7 @@ sub provision_fl2003dc($$$)
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless (defined $ret) {
return undef;
}
@@ -1713,6 +1734,7 @@ sub provision_fl2008r2dc($$$)
print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n";
my $extra_conf_options = "ldap server require strong auth = no";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"dc7",
@@ -1724,7 +1746,7 @@ sub provision_fl2008r2dc($$$)
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless (defined $ret) {
return undef;
}
@@ -1896,7 +1918,6 @@ sub provision_ad_dc($$$$$$)
$password_hash_gpg_key_ids = "" unless defined($config_h->{HAVE_GPGME});
my $extra_smbconf_options = "
- server services = -smb +s3fs
xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
dbwrap_tdb_mutexes:* = yes
@@ -2024,7 +2045,7 @@ sub provision_chgdcpass($$)
my ($self, $prefix) = @_;
print "PROVISIONING CHGDCPASS...\n";
- my $extra_provision_options = undef;
+ my $extra_provision_options = ["--use-ntvfs"];
# This environment disallows the use of this password
# (and also removes the default AD complexity checks)
my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
@@ -2795,7 +2816,8 @@ sub restore_backup_file
# (without actually doing a 'domain join')
sub prepare_dc_testenv
{
- my ($self, $prefix, $dcname, $domain, $realm, $password) = @_;
+ my ($self, $prefix, $dcname, $domain, $realm,
+ $password, $conf_options) = @_;
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$dcname,
@@ -2816,6 +2838,7 @@ sub prepare_dc_testenv
push(@{$ctx->{directories}}, "$ctx->{share}");
$ctx->{smb_conf_extra_options} = "
+ $conf_options
max xmit = 32K
server max protocol = SMB2
@@ -2858,10 +2881,16 @@ sub setup_restoredc
my ($self, $prefix, $dcvars) = @_;
print "Preparing RESTORE DC...\n";
+ # we arbitrarily designate the restored DC as having SMBv1 disabled
+ my $extra_conf = "
+ server min protocol = SMB2
+ client min protocol = SMB2";
+
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "restoredc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD},
+ $extra_conf);
# create a backup of the 'backupfromdc'
my $backupdir = File::Temp->newdir();
@@ -2902,7 +2931,7 @@ sub setup_renamedc
my $realm = "renamedom.samba.example.com";
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "renamedc",
"RENAMEDOMAIN", $realm,
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create a backup of the 'backupfromdc' which renames the domain
my $backupdir = File::Temp->newdir();
@@ -2949,7 +2978,7 @@ sub setup_offlinebackupdc
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "offlinebackupdc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create an offline backup of the 'backupfromdc' target
my $backupdir = File::Temp->newdir();
@@ -2993,7 +3022,7 @@ sub setup_labdc
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "labdc",
"LABDOMAIN",
"labdom.samba.example.com",
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create a backup of the 'backupfromdc' which renames the domain and uses
# the --no-secrets option to scrub any sensitive info
@@ -3099,7 +3128,7 @@ sub setup_customdc
# create a placeholder directory and smb.conf, as well as the env vars.
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, $dc_name,
- $domain, $realm, $password);
+ $domain, $realm, $password, "");
# restore the specified backup file to populate the testenv
my $restore_dir = abs_path($prefix);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 6a1e1448ef9..dc5807247ab 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -53,6 +53,9 @@ smbclient4 = binpath('smbclient4')
bbdir = os.path.join(srcdir(), "testprogs/blackbox")
+# alias to highlight what tests we want to run against a DC with SMBv1 disabled
+smbv1_disabled_testenv = "restoredc"
+
# Simple tests for LDAP and CLDAP
for auth_type in ['', '-k no', '-k yes']:
for auth_level in ['--option=clientldapsaslwrapping=plain', '--sign', '--encrypt']:
@@ -779,9 +782,11 @@ planoldpythontestsuite("fl2003dc:local",
planoldpythontestsuite("ad_dc",
"samba.tests.password_hash_ldap",
extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
-planoldpythontestsuite("ad_dc:local",
- "samba.tests.domain_backup",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+for env in ["ad_dc", smbv1_disabled_testenv]:
+ planoldpythontestsuite(env + ":local", "samba.tests.domain_backup",
+ extra_args=['-U"$USERNAME%$PASSWORD"'])
+
planoldpythontestsuite("none",
"samba.tests.domain_backup_offline")
# Encrypted secrets
@@ -971,7 +976,7 @@ for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
--
Samba Shared Repository
More information about the samba-cvs
mailing list