diff options
| author | Tim Beale <timbeale@catalyst.net.nz> | 2018-07-06 15:59:31 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-07-10 04:42:10 +0200 |
| commit | 7b70637e9ffab2a99e7d0d4df95409b1f411b93b (patch) | |
| tree | 64e67791c3edbc9641c585294f1d7fc6c325af58 /selftest | |
| parent | 6a154fc5328d1746490172e07dff497ae1ce8563 (diff) | |
| download | samba-7b70637e9ffab2a99e7d0d4df95409b1f411b93b.tar.gz | |
selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed
One of the use-cases for the domain rename tool is to produce a lab
domain that can be used for pre-production testing of Samba.
Basically this involves taking a backup rename with --no-secrets (which
scrubs any sensitive info), and then restoring it.
This patch adds a testenv that mimics how a user would go about creating
a lab-domain. We run the same tests that we run against the restore and
rename testenvs.
Note that the rpc.echo tests for the testallowed and testdenied users
fail, because we don't backup the secrets for these users. So these
tests failing proves that the lab-DC testenv is correct.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'selftest')
| -rw-r--r-- | selftest/knownfail.d/labdc | 5 | ||||
| -rw-r--r-- | selftest/target/Samba.pm | 1 | ||||
| -rwxr-xr-x | selftest/target/Samba4.pm | 56 |
3 files changed, 62 insertions, 0 deletions
diff --git a/selftest/knownfail.d/labdc b/selftest/knownfail.d/labdc new file mode 100644 index 00000000000..65eafd5cf19 --- /dev/null +++ b/selftest/knownfail.d/labdc @@ -0,0 +1,5 @@ +# Because the lab-DC testenv scrubs all user info (apart from the Admin), +# we expect tests relying on other users' credentials to fail. +# These tests fail because they use testallowed and testdenied users. +^samba4.rpc.echo.testallowed.*labdc.* +^samba4.rpc.echo.testdenied.*labdc.* diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 349856716b3..a6390a6db94 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -410,6 +410,7 @@ sub get_interface($) $interfaces{"backupfromdc"} = 40; $interfaces{"restoredc"} = 41; $interfaces{"renamedc"} = 42; + $interfaces{"labdc"} = 43; # update lib/socket_wrapper/socket_wrapper.c # #define MAX_WRAPPED_INTERFACES 64 diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 4c03ad2537d..00950893ef1 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2162,6 +2162,7 @@ sub check_env($$) restoredc => ["backupfromdc"], renamedc => ["backupfromdc"], + labdc => ["backupfromdc"], none => [], ); @@ -2835,6 +2836,61 @@ sub setup_renamedc return $env; } +# Set up a DC testenv solely by using the samba-tool 'domain backup rename' and +# restore commands, using the --no-secrets option. This proves that we can +# create a realistic lab environment from an online DC ('backupfromdc'). +sub setup_labdc +{ + # note: dcvars contains the env info for the dependent testenv ('backupfromdc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing LAB-DOMAIN DC...\n"; + + my $env = $self->prepare_dc_testenv($prefix, "labdc", "LABDOMAIN", + "labdom.samba.example.com", $dcvars->{PASSWORD}); + + # create a backup of the 'backupfromdc' which renames the domain and uses + # the --no-secrets option to scrub any sensitive info + my $backupdir = File::Temp->newdir(); + my $backup_args = "rename $env->{DOMAIN} $env->{REALM} --no-secrets"; + my $backup_file = $self->create_backup($env, $dcvars, $backupdir, + $backup_args); + unless($backup_file) { + return undef; + } + + # restore the backup file to populate the lab-DC testenv + my $restore_dir = abs_path($prefix); + my $restore_opts = "--newservername=$env->{SERVER} --host-ip=$env->{SERVER_IP}"; + my $ret = $self->restore_backup_file($backup_file, $restore_opts, + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # because we don't include any secrets in the backup, we need to reset the + # admin user's password back to what the testenv expects + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = "$samba_tool user setpassword $env->{USERNAME} "; + $cmd .= "--newpassword=$env->{PASSWORD} -H $restore_dir/private/sam.ldb"; + + unless(system($cmd) == 0) { + warn("Failed to reset admin's password: \n$cmd"); + return -1; + } + + # start samba for the restored DC + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + $self->setup_namespaces($env, $upn_array, $spn_array); + + return $env; +} + sub setup_none { my ($self, $path) = @_; |