max xmit = 32K
server max protocol = SMB2
- $extra_smbconf_options
host msdfs = $msdfs
lanman auth = yes
+ $extra_smbconf_options
+
[tmp]
path = $ctx->{tmpdir}
read only = no
ntvfs handler = cifs
cifs:server = $ctx->{netbiosname}
cifs:share = tmp
-#There is no username specified here, instead the client is expected
-#to log in with kerberos, and the serverwill use delegated credentials.
+ cifs:use-s4u2proxy = yes
+ # There is no username specified here, instead the client is expected
+ # to log in with kerberos, and the serverwill use delegated credentials.
+ # Or the server tries s4u2self/s4u2proxy to impersonate the client
[simple]
path = $ctx->{tmpdir}
my ($self, $prefix, $dcvars) = @_;
print "PROVISIONING RPC PROXY...";
- my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
- dcerpc endpoint servers = epmapper, remote
- dcerpc_remote:interfaces = rpcecho
+ my $extra_smbconf_options = "
+
+ # rpc_proxy
+ dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
+ dcerpc endpoint servers = epmapper, remote
+ dcerpc_remote:interfaces = rpcecho
+
+[cifs_to_dc]
+ read only = no
+ ntvfs handler = cifs
+ cifs:server = $dcvars->{SERVER}
+ cifs:share = cifs
+ cifs:use-s4u2proxy = yes
+ # There is no username specified here, instead the client is expected
+ # to log in with kerberos, and the serverwill use delegated credentials.
+ # Or the server tries s4u2self/s4u2proxy to impersonate the client
+
";
my $ret = $self->provision($prefix,
}
my $samba_tool = Samba::bindir_path($self, "samba-tool");
+
+ # The joind runs in the context of the rpc_proxy/member for now
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
return undef;
}
+ # Setting up delegation runs in the context of the DC for now
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
+ $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
+
+ unless (system($cmd) == 0) {
+ warn("Delegation failed\n$cmd");
+ return undef;
+ }
+
+ # Setting up delegation runs in the context of the DC for now
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
+ $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
+
+ unless (system($cmd) == 0) {
+ warn("Delegation failed\n$cmd");
+ return undef;
+ }
+
$ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
$ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
$ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
# Tests against the NTVFS CIFS backend
for t in base + raw:
- plantestsuite_loadlist("samba4.ntvfs.cifs.%s" % t, "dc", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD'] + ntvfsargs + [t])
+ plantestsuite_loadlist("samba4.ntvfs.cifs.krb5.%s" % t, "dc", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs + [t])
+
+# Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
+t = "base.unlink"
+plantestsuite_loadlist("samba4.ntvfs.cifs.ntlm.%s" % t, "dc", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs + [t])
+plantestsuite_loadlist("samba4.ntvfs.cifs.krb5.%s" % t, "rpc_proxy", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs + [t])
+plantestsuite_loadlist("samba4.ntvfs.cifs.ntlm.%s" % t, "rpc_proxy", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs + [t])
plansmbtorturetestsuite('echo.udp', 'dc:local', '//$SERVER/whatever')
git.samba.org / metze / samba / wip.git / commitdiff