1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Tim Beale 160031f7b7 selftest: Designate one testenv as having SMBv1 disabled
We recommend users disable SMBv1 to avoid potential security holes.
However, none of the AD DC testenvs have SMBv1 disabled.

This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc).

I chose restoredc as we'll want to run the backup tool tests against
this target, and it might be useful to check we can backup a DC if it's
already been restored once.

Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does),
which is why we haven't just disabled SMBv1 on *all* testenvs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-27 03:43:17 +01:00

111 lines
5.2 KiB
Plaintext

Selftest target environments (testenvs)
=======================================
Samba's integration testing heavily relies on the automatic creation of a Samba
network. This specialized test environment is generally referred to as a Samba
'testenv'.
A testenv involves starting the Samba server listening on a fake network, which
is established using the socket_wrapper library from cwrap (https://cwrap.org).
All testing is also done as a non-root user using the uid_wrapper library, also
from cwrap.
Samba's test framework uses many different types of testenv. Each testenv is
customized to test a particular Samba feature or configuration. Using cwrap
allows multiple different Samba servers to run at the same time, without
interference.
Some of the different testenvs are described in more detail below.
Important notes if adding a new testenv
---------------------------------------
- When adding a new testenv, in the Perl code it is recommended to always
explicitly specify the --configfile option in the samba-tool command, i.e. add
"env->{CONFIGURATION}" to the samba-tool command. Otherwise, the samba-tool
can try to load smb.conf from the default install location (i.e.
/usr/local/samba/etc/smb.conf). Loading a host-specific smb.conf that's outside
of the testenv is obviously not ideal and something we want to avoid in a
reliable test framework.
'local' disambiguation
----------------------
You may notice some variation in the target testenv that test suites are run
against, for example "ad_dc" and "ad_dc:local". The main difference is the
":local" changes the smb.conf that the testenv uses. By default, the testenvs
use the st/client/client.conf config-file, so that they simulate a client
talking to the Samba server. However, some tests may want to simulate running
a command on the Samba server itself. In these cases, the ":local" is used,
which means the testenv uses the Samba server's smb.conf instead (i.e.
st/ad_dc/etc/smb.conf).
Note that several of the testenvs also use local in their name, e.g.
'localvampiredc'. In particular, there's the 'localdc', which is the NetBIOS
name of the DC in the 'ad_dc_ntvfs' testenv.
Vampire DC
----------
Vampire DC gets its name for historic reasons. It's one of the few testenvs
where 2 DCs are joined together, so it's used for a lot of DRS replication
testing. Basically its main job is to 'suck' the database changes out of
another DC (the 'ad_dc_ntfvs' DC).
There's also a 'vampire_2000_dc' that joins the 'fl2000dc' DC, although that's
not used very much.
Backup/restore testenvs
-----------------------
Several testenvs are created to test the domain backup/restore commands. These
testenvs verify that we can backup and restore a domain's database, start
Samba against it, and the restored database is actually functional. There are
several different flavours of backups (to cover different use-cases), so there
are separate testenvs for each one.
- backupfromdc: A fairly plain AD DC used as the base to generate the
backup-files. These backup-files will then seed the domain database
for the separate testenvs below.
Backupfromdc's other unique feature is that it's the only testenv that gets
provisioned with a non-default site, i.e. Default-First-Site-Name doesn't
exist.
- restoredc: tests the 'backup online' option. Online backups are similar to
doing a DC join.
Restoredc's other unique feature is that is has SMBv1 disabled.
- offlinebackupdc: tests the 'backup offline' option. Offline backups capture
the raw DB files on disk (safely).
- renamedc: tests the 'backup rename' option, where the domain and realm are
renamed.
- labdc: one of the use-cases for the backup tool is to create a realistic
pre-production testbed, based off a production DC. This testenv simulates
that process. It uses the 'backup rename --no-secrets' option.
customdc testenv
----------------
The customdc is a special testenv that's only used for manual testing, rather
than the automated tests most testenvs are primarily used for.
The customdc testenv also uses the backup/restore tool, however, it is quite
special. Instead of the backup-file being automatically generated from a
vanilla AD DC (i.e. backupfromdc), you can specify any backup-file you like.
To run the testenv, you need to specify a 'BACKUP_FILE' shell variable, e.g.
BACKUP_FILE=/tmp/samba-backup-50k-dc-0-mdb-50k-offline.tar.bz2 \
SELFTEST_TESTENV=customdc make testenv
The main use-case for the customdc is testing changes against a large
database. Adding users is very time-consuming, so it's much quicker to populate
a domain with users once, take a backup, and then you can spin up a testenv
based on the backup multiple times.
Another use-case is that if you get a database that's corrupted or in a bad
state, then you could save a backup and be able to easily get the database back
into the bad state. This allows you to try different commands to diagnose/fix
the issue, without fear of never seeing the problem again.
You could even spin up a 'lab DC' inside a testenv, by taking a backup of a
real network DC.
preforkrestartdc testenv
------------------------
Used to test killing and restarting processes under the pre-fork model. Due to
the destructive nature of the tests, it's not recommended to use this testenv
for anything else.