return $ctx;
}
+sub has_option
+{
+ my ($self, $keyword, @options_list) = @_;
+
+ # convert the options-list to a hash-map for easy keyword lookup
+ my %options_dict = map { $_ => 1 } @options_list;
+
+ return exists $options_dict{$keyword};
+}
+
#
# Step1 creates the basic configuration
#
my $crlfile = "$ctx->{tlsdir}/crl.pem";
$crlfile = "" unless -e ${crlfile};
+ # work out which file server to use. Default to source3 smbd (s3fs),
+ # unless the source4 NTVFS (smb) file server has been specified
+ my $services = "-smb +s3fs";
+ if ($self->has_option("--use-ntvfs", @{$ctx->{provision_options}})) {
+ $services = "+smb -s3fs";
+ }
+
print CONFFILE "
[global]
netbios name = $ctx->{netbiosname}
panic action = $RealBin/gdb_backtrace \%d
wins support = yes
server role = $ctx->{server_role}
- server services = +echo +smb -s3fs
+ server services = +echo $services
dcerpc endpoint servers = +winreg +srvsvc
notify:inotify = false
ldb:nosync = true
if (defined($extra_provision_options)) {
push (@{$ctx->{provision_options}}, @{$extra_provision_options});
- } else {
- push (@{$ctx->{provision_options}}, "--use-ntvfs");
}
$ctx->{share} = "$ctx->{prefix_abs}/share";
if ($more_conf) {
$extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
}
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"member server",
$hostname,
"locMEMpass3",
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6},
- $extra_smb_conf, "", undef);
+ $extra_smb_conf, "",
+ $extra_provision_options);
unless ($ret) {
return undef;
}
";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"member server",
"localrpcproxy",
"locRPCproxypass4",
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6},
- $extra_smbconf_options, "", undef);
+ $extra_smbconf_options, "",
+ $extra_provision_options);
unless ($ret) {
return undef;
}
dsdb group change notification = true
server schannel = auto
";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"localdc",
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless ($ret) {
return undef;
}
spnego:simulate_w2k=yes
ntlmssp_server:force_old_spnego=yes
";
- my $extra_provision_options = undef;
+ my $extra_provision_options = ["--use-ntvfs"];
# This environment uses plain text secrets
# i.e. secret attributes are not encrypted on disk.
# This allows testing of the --plaintext-secrets option for
my $extra_conf_options = "allow dns updates = nonsecure and secure
dcesrv:header signing = no
dns forwarder = 127.0.0.$swiface1 127.0.0.$swiface2";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"dc6",
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless (defined $ret) {
return undef;
}
print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n";
my $extra_conf_options = "ldap server require strong auth = no";
+ my $extra_provision_options = ["--use-ntvfs"];
my $ret = $self->provision($prefix,
"domain controller",
"dc7",
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless (defined $ret) {
return undef;
}
$password_hash_gpg_key_ids = "" unless defined($config_h->{HAVE_GPGME});
my $extra_smbconf_options = "
- server services = -smb +s3fs
xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
dbwrap_tdb_mutexes:* = yes
my ($self, $prefix) = @_;
print "PROVISIONING CHGDCPASS...\n";
- my $extra_provision_options = undef;
+ my $extra_provision_options = ["--use-ntvfs"];
# This environment disallows the use of this password
# (and also removes the default AD complexity checks)
my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
renamedc => ["backupfromdc"],
offlinebackupdc => ["backupfromdc"],
labdc => ["backupfromdc"],
+ proclimitdc => [],
none => [],
);
return $env;
}
+#
+# ad_dc test environment used solely to test standard process model connection
+# process limits. As the limit is set artificially low it should not be used
+# for other tests.
+sub setup_proclimitdc
+{
+ my ($self, $path) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->{target3}->have_ads()) {
+ return "UNKNOWN";
+ }
+
+ my $env = $self->provision_ad_dc(
+ $path,
+ "proclimitdc",
+ "PROCLIMITDOM",
+ "proclimit.samba.example.com",
+ "max smbd processes = 20");
+ unless ($env) {
+ return undef;
+ }
+
+ $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
+ $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
+
+ if (not defined($self->check_or_start($env, "standard"))) {
+ return undef;
+ }
+
+ my $upn_array = ["$env->{REALM}.upn"];
+ my $spn_array = ["$env->{REALM}.spn"];
+
+ $self->setup_namespaces($env, $upn_array, $spn_array);
+
+ return $env;
+}
+
# Sets up a DC that's solely used to do a domain backup from. We then use the
# backupfrom-DC to create the restore-DC - this proves that the backup/restore
# process will create a Samba DC that will actually start up.
# (without actually doing a 'domain join')
sub prepare_dc_testenv
{
- my ($self, $prefix, $dcname, $domain, $realm, $password) = @_;
+ my ($self, $prefix, $dcname, $domain, $realm,
+ $password, $conf_options) = @_;
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$dcname,
push(@{$ctx->{directories}}, "$ctx->{share}");
$ctx->{smb_conf_extra_options} = "
+ $conf_options
max xmit = 32K
server max protocol = SMB2
my ($self, $prefix, $dcvars) = @_;
print "Preparing RESTORE DC...\n";
+ # we arbitrarily designate the restored DC as having SMBv1 disabled
+ my $extra_conf = "
+ server min protocol = SMB2
+ client min protocol = SMB2";
+
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "restoredc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD},
+ $extra_conf);
# create a backup of the 'backupfromdc'
my $backupdir = File::Temp->newdir();
my $realm = "renamedom.samba.example.com";
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "renamedc",
"RENAMEDOMAIN", $realm,
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create a backup of the 'backupfromdc' which renames the domain
my $backupdir = File::Temp->newdir();
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "offlinebackupdc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create an offline backup of the 'backupfromdc' target
my $backupdir = File::Temp->newdir();
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "labdc",
"LABDOMAIN",
"labdom.samba.example.com",
- $dcvars->{PASSWORD});
+ $dcvars->{PASSWORD}, "");
# create a backup of the 'backupfromdc' which renames the domain and uses
# the --no-secrets option to scrub any sensitive info
# create a placeholder directory and smb.conf, as well as the env vars.
my ($env, $ctx) = $self->prepare_dc_testenv($prefix, $dc_name,
- $domain, $realm, $password);
+ $domain, $realm, $password, "");
# restore the specified backup file to populate the testenv
my $restore_dir = abs_path($prefix);