selftest: Designate one testenv as having SMBv1 disabled

We recommend users disable SMBv1 to avoid potential security holes.
However, none of the AD DC testenvs have SMBv1 disabled.

This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc).

I chose restoredc as we'll want to run the backup tool tests against
this target, and it might be useful to check we can backup a DC if it's
already been restored once.

Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does),
which is why we haven't just disabled SMBv1 on *all* testenvs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/selftest/target/README b/selftest/target/README
index 3fd283ed266daf6ff613d655b40105b8fefa17b5..b25dbab97da82e5429679c2a4f0fb93bacda76a7 100644 (file)
--- a/selftest/target/README
+++ b/selftest/target/README
@@ -67,6 +67,7 @@ are separate testenvs for each one.
     exist.
 - restoredc: tests the 'backup online' option. Online backups are similar to
     doing a DC join.
+    Restoredc's other unique feature is that is has SMBv1 disabled.
 - offlinebackupdc: tests the 'backup offline' option. Offline backups capture
     the raw DB files on disk (safely).
 - renamedc: tests the 'backup rename' option, where the domain and realm are

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7fa323451cd02deea9b0416d8675518c86dd1342..0a6c85d1ba7ba6ac60d5b7df1d91f192a29af401 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2816,7 +2816,8 @@ sub restore_backup_file
 # (without actually doing a 'domain join')
 sub prepare_dc_testenv
 {
-       my ($self, $prefix, $dcname, $domain, $realm, $password) = @_;
+       my ($self, $prefix, $dcname, $domain, $realm,
+               $password, $conf_options) = @_;
 
        my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
                                               $dcname,
@@ -2837,6 +2838,7 @@ sub prepare_dc_testenv
        push(@{$ctx->{directories}}, "$ctx->{share}");
 
        $ctx->{smb_conf_extra_options} = "
+       $conf_options
        max xmit = 32K
        server max protocol = SMB2
 
@@ -2879,10 +2881,16 @@ sub setup_restoredc
        my ($self, $prefix, $dcvars) = @_;
        print "Preparing RESTORE DC...\n";
 
+       # we arbitrarily designate the restored DC as having SMBv1 disabled
+       my $extra_conf = "
+       server min protocol = SMB2
+       client min protocol = SMB2";
+
        my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "restoredc",
                                                    $dcvars->{DOMAIN},
                                                    $dcvars->{REALM},
-                                                   $dcvars->{PASSWORD});
+                                                   $dcvars->{PASSWORD},
+                                                   $extra_conf);
 
        # create a backup of the 'backupfromdc'
        my $backupdir = File::Temp->newdir();
@@ -2923,7 +2931,7 @@ sub setup_renamedc
        my $realm = "renamedom.samba.example.com";
        my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "renamedc",
                                                    "RENAMEDOMAIN", $realm,
-                                                   $dcvars->{PASSWORD});
+                                                   $dcvars->{PASSWORD}, "");
 
        # create a backup of the 'backupfromdc' which renames the domain
        my $backupdir = File::Temp->newdir();
@@ -2970,7 +2978,7 @@ sub setup_offlinebackupdc
        my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "offlinebackupdc",
                                                    $dcvars->{DOMAIN},
                                                    $dcvars->{REALM},
-                                                   $dcvars->{PASSWORD});
+                                                   $dcvars->{PASSWORD}, "");
 
        # create an offline backup of the 'backupfromdc' target
        my $backupdir = File::Temp->newdir();
@@ -3014,7 +3022,7 @@ sub setup_labdc
        my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "labdc",
                                                    "LABDOMAIN",
                                                    "labdom.samba.example.com",
-                                                   $dcvars->{PASSWORD});
+                                                   $dcvars->{PASSWORD}, "");
 
        # create a backup of the 'backupfromdc' which renames the domain and uses
        # the --no-secrets option to scrub any sensitive info
@@ -3120,7 +3128,7 @@ sub setup_customdc
 
        # create a placeholder directory and smb.conf, as well as the env vars.
        my ($env, $ctx) = $self->prepare_dc_testenv($prefix, $dc_name,
-                                                   $domain, $realm, $password);
+                                                   $domain, $realm, $password, "");
 
        # restore the specified backup file to populate the testenv
        my $restore_dir = abs_path($prefix);