diff options
| author | Jeremy Allison <jra@samba.org> | 2010-03-09 16:36:48 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-03-09 16:36:48 -0800 |
| commit | 3855c948c029490c616f4b4aa81b47e6df8c12a0 (patch) | |
| tree | d8de146356be8e8c645e9da2351dcd141afa15c9 /source3/script/tests/test_smbclient_s3.sh | |
| parent | ae79d8ce02921e9a5c82433527909c7f707051e3 (diff) | |
| download | samba-3855c948c029490c616f4b4aa81b47e6df8c12a0.tar.gz samba-3855c948c029490c616f4b4aa81b47e6df8c12a0.tar.bz2 samba-3855c948c029490c616f4b4aa81b47e6df8c12a0.zip | |
Add tests which, when run as root, will ensure we can't write
into a read-only directory, or read a owner-read-only file.
Jeremy.
Diffstat (limited to 'source3/script/tests/test_smbclient_s3.sh')
| -rwxr-xr-x | source3/script/tests/test_smbclient_s3.sh | 128 |
1 files changed, 125 insertions, 3 deletions
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index ff5022015f..84a3999f90 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -2,9 +2,9 @@ # this runs the file serving tests that are expected to pass with samba3 -if [ $# -lt 4 ]; then +if [ $# -lt 5 ]; then cat <<EOF -Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD +Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD USERID EOF exit 1; fi @@ -13,8 +13,9 @@ SERVER="$1" SERVER_IP="$2" USERNAME="$3" PASSWORD="$4" +USERID="$5" SMBCLIENT="$VALGRIND ${SMBCLIENT:-$BINDIR/smbclient} $CONFIGURATION" -shift 4 +shift 5 ADDARGS="$*" test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && { @@ -126,6 +127,119 @@ EOF fi } +# Test writing into a read-only directory (logon as guest) fails. +test_read_only_dir() +{ + prompt="NT_STATUS_ACCESS_DENIED making remote directory" + tmpfile=/tmp/smbclient.in.$$ + +## +## We can't do this as non-root. We always have rights to +## create the directory. +## + if [ "$USERID" != 0 ]; then + echo "skipping test_read_only_dir as non-root" + true + return + fi + +## +## We can't do this with an encrypted connection. No credentials +## to set up the channel. +## + if [ "$ADDARGS" == "-e" ]; then + echo "skipping test_read_only_dir with encrypted connection" + true + return + fi + + cat > $tmpfile <<EOF +mkdir a_test_dir +quit +EOF + + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $CONFIGURATION "$@" -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret != 0 ] ; then + echo "$out" + echo "failed writing into read-only directory with error $ret" + false + return + fi + + echo "$out" | grep "$prompt" >/dev/null 2>&1 + + ret=$? + if [ $ret = 0 ] ; then + # got the correct prompt .. succeed + true + else + echo "$out" + echo "failed writing into read-only directory - grep failed with $ret" + false + fi +} + +# Test reading an owner-only file (logon as guest) fails. +test_owner_only_file() +{ + prompt="NT_STATUS_ACCESS_DENIED opening remote file" + tmpfile=/tmp/smbclient.in.$$ + +## +## We can't do this as non-root. We always have rights to +## read the file. +## + if [ "$USERID" != 0 ]; then + echo "skipping test_owner_only_file as non-root" + true + return + fi + +## +## We can't do this with an encrypted connection. No credentials +## to set up the channel. +## + if [ "$ADDARGS" == "-e" ]; then + echo "skipping test_owner_only_file with encrypted connection" + true + return + fi + + cat > $tmpfile <<EOF +get unreadable_file +quit +EOF + + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $CONFIGURATION "$@" -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret != 0 ] ; then + echo "$out" + echo "failed reading owner-only file with error $ret" + false + return + fi + + echo "$out" | grep "$prompt" >/dev/null 2>&1 + + ret=$? + if [ $ret = 0 ] ; then + # got the correct prompt .. succeed + true + else + echo "$out" + echo "failed reading owner-only file - grep failed with $ret" + false + fi +} testit "smbclient -L $SERVER_IP" $SMBCLIENT $CONFIGURATION -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1` testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT $CONFIGURATION -L $SERVER -I $SERVER_IP -N -p 139 || failed=`expr $failed + 1` @@ -150,4 +264,12 @@ testit "creating a bad symlink and deleting it" \ test_bad_symlink || \ failed=`expr $failed + 1` +testit "writing into a read-only directory fails" \ + test_read_only_dir || \ + failed=`expr $failed + 1` + +testit "Reading a owner-only file fails" \ + test_owner_only_file || \ + failed=`expr $failed + 1` + testok $0 $failed |