mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
160031f7b7
We recommend users disable SMBv1 to avoid potential security holes. However, none of the AD DC testenvs have SMBv1 disabled. This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc). I chose restoredc as we'll want to run the backup tool tests against this target, and it might be useful to check we can backup a DC if it's already been restored once. Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does), which is why we haven't just disabled SMBv1 on *all* testenvs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
111 lines
5.2 KiB
Plaintext
111 lines
5.2 KiB
Plaintext
Selftest target environments (testenvs)
|
|
=======================================
|
|
Samba's integration testing heavily relies on the automatic creation of a Samba
|
|
network. This specialized test environment is generally referred to as a Samba
|
|
'testenv'.
|
|
|
|
A testenv involves starting the Samba server listening on a fake network, which
|
|
is established using the socket_wrapper library from cwrap (https://cwrap.org).
|
|
All testing is also done as a non-root user using the uid_wrapper library, also
|
|
from cwrap.
|
|
|
|
Samba's test framework uses many different types of testenv. Each testenv is
|
|
customized to test a particular Samba feature or configuration. Using cwrap
|
|
allows multiple different Samba servers to run at the same time, without
|
|
interference.
|
|
|
|
Some of the different testenvs are described in more detail below.
|
|
|
|
Important notes if adding a new testenv
|
|
---------------------------------------
|
|
- When adding a new testenv, in the Perl code it is recommended to always
|
|
explicitly specify the --configfile option in the samba-tool command, i.e. add
|
|
"env->{CONFIGURATION}" to the samba-tool command. Otherwise, the samba-tool
|
|
can try to load smb.conf from the default install location (i.e.
|
|
/usr/local/samba/etc/smb.conf). Loading a host-specific smb.conf that's outside
|
|
of the testenv is obviously not ideal and something we want to avoid in a
|
|
reliable test framework.
|
|
|
|
'local' disambiguation
|
|
----------------------
|
|
You may notice some variation in the target testenv that test suites are run
|
|
against, for example "ad_dc" and "ad_dc:local". The main difference is the
|
|
":local" changes the smb.conf that the testenv uses. By default, the testenvs
|
|
use the st/client/client.conf config-file, so that they simulate a client
|
|
talking to the Samba server. However, some tests may want to simulate running
|
|
a command on the Samba server itself. In these cases, the ":local" is used,
|
|
which means the testenv uses the Samba server's smb.conf instead (i.e.
|
|
st/ad_dc/etc/smb.conf).
|
|
|
|
Note that several of the testenvs also use local in their name, e.g.
|
|
'localvampiredc'. In particular, there's the 'localdc', which is the NetBIOS
|
|
name of the DC in the 'ad_dc_ntvfs' testenv.
|
|
|
|
Vampire DC
|
|
----------
|
|
Vampire DC gets its name for historic reasons. It's one of the few testenvs
|
|
where 2 DCs are joined together, so it's used for a lot of DRS replication
|
|
testing. Basically its main job is to 'suck' the database changes out of
|
|
another DC (the 'ad_dc_ntfvs' DC).
|
|
|
|
There's also a 'vampire_2000_dc' that joins the 'fl2000dc' DC, although that's
|
|
not used very much.
|
|
|
|
Backup/restore testenvs
|
|
-----------------------
|
|
Several testenvs are created to test the domain backup/restore commands. These
|
|
testenvs verify that we can backup and restore a domain's database, start
|
|
Samba against it, and the restored database is actually functional. There are
|
|
several different flavours of backups (to cover different use-cases), so there
|
|
are separate testenvs for each one.
|
|
|
|
- backupfromdc: A fairly plain AD DC used as the base to generate the
|
|
backup-files. These backup-files will then seed the domain database
|
|
for the separate testenvs below.
|
|
Backupfromdc's other unique feature is that it's the only testenv that gets
|
|
provisioned with a non-default site, i.e. Default-First-Site-Name doesn't
|
|
exist.
|
|
- restoredc: tests the 'backup online' option. Online backups are similar to
|
|
doing a DC join.
|
|
Restoredc's other unique feature is that is has SMBv1 disabled.
|
|
- offlinebackupdc: tests the 'backup offline' option. Offline backups capture
|
|
the raw DB files on disk (safely).
|
|
- renamedc: tests the 'backup rename' option, where the domain and realm are
|
|
renamed.
|
|
- labdc: one of the use-cases for the backup tool is to create a realistic
|
|
pre-production testbed, based off a production DC. This testenv simulates
|
|
that process. It uses the 'backup rename --no-secrets' option.
|
|
|
|
customdc testenv
|
|
----------------
|
|
The customdc is a special testenv that's only used for manual testing, rather
|
|
than the automated tests most testenvs are primarily used for.
|
|
|
|
The customdc testenv also uses the backup/restore tool, however, it is quite
|
|
special. Instead of the backup-file being automatically generated from a
|
|
vanilla AD DC (i.e. backupfromdc), you can specify any backup-file you like.
|
|
|
|
To run the testenv, you need to specify a 'BACKUP_FILE' shell variable, e.g.
|
|
|
|
BACKUP_FILE=/tmp/samba-backup-50k-dc-0-mdb-50k-offline.tar.bz2 \
|
|
SELFTEST_TESTENV=customdc make testenv
|
|
|
|
The main use-case for the customdc is testing changes against a large
|
|
database. Adding users is very time-consuming, so it's much quicker to populate
|
|
a domain with users once, take a backup, and then you can spin up a testenv
|
|
based on the backup multiple times.
|
|
|
|
Another use-case is that if you get a database that's corrupted or in a bad
|
|
state, then you could save a backup and be able to easily get the database back
|
|
into the bad state. This allows you to try different commands to diagnose/fix
|
|
the issue, without fear of never seeing the problem again.
|
|
|
|
You could even spin up a 'lab DC' inside a testenv, by taking a backup of a
|
|
real network DC.
|
|
|
|
preforkrestartdc testenv
|
|
------------------------
|
|
Used to test killing and restarting processes under the pre-fork model. Due to
|
|
the destructive nature of the tests, it's not recommended to use this testenv
|
|
for anything else.
|