[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Mar 9 17:37:58 MST 2010 

The branch, master has been updated
       via  3855c94... Add tests which, when run as root, will ensure we can't write into a read-only directory, or read a owner-read-only file.
      from  ae79d8c... s4-smbtorture: on HKLM hive test the well known CurrentVersion value.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3855c948c029490c616f4b4aa81b47e6df8c12a0
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Mar 9 16:36:48 2010 -0800

    Add tests which, when run as root, will ensure we can't write
    into a read-only directory, or read a owner-read-only file.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/script/tests/selftest.sh          |   33 ++++++--
 source3/script/tests/test_smbclient_s3.sh |  128 ++++++++++++++++++++++++++++-
 source3/script/tests/tests_all.sh         |    4 +-
 3 files changed, 154 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh
index 9994e47..e49bca8 100755
--- a/source3/script/tests/selftest.sh
+++ b/source3/script/tests/selftest.sh
@@ -36,9 +36,22 @@ if [ $CUSTOM_CONF_ARG ]; then
 fi
 
 ##
-## create the test directory
+## create the test directory layout
 ##
 PREFIX=`echo $DIRECTORY | sed s+//+/+`
+printf "%s" "CREATE TEST ENVIRONMENT IN '$PREFIX'"...
+/bin/rm -rf $PREFIX
+if [ -e "$PREFIX" ]; then
+	echo "***"
+	echo "*** Failed to delete test environment $PREFIX"
+	echo "*** Was a previous run done as root ?"
+	echo "***"
+	exit 1
+fi
+
+##
+## create the test directory
+##
 mkdir -p $PREFIX || exit $?
 OLD_PWD=`pwd`
 cd $PREFIX || exit $?
@@ -145,11 +158,6 @@ if test "x`smbd -b | grep NSS_WRAPPER`" = "x"; then
 fi
 
 
-## 
-## create the test directory layout
-##
-printf "%s" "CREATE TEST ENVIRONMENT IN '$PREFIX'"...
-/bin/rm -rf $PREFIX/*
 mkdir -p $PRIVATEDIR $NCALRPCDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR
 mkdir -p $SOCKET_WRAPPER_DIR
 mkdir -p $WINBINDD_SOCKET_DIR
@@ -173,6 +181,16 @@ fi
 chmod 777 $SHRDIR
 
 ##
+## Create a read-only directory.
+##
+RO_SHRDIR=`echo $SHRDIR | sed -e 's:/[^/]*$::'`
+RO_SHRDIR=$RO_SHRDIR/root-tmp
+mkdir -p $RO_SHRDIR
+chmod 755 $RO_SHRDIR
+touch $RO_SHRDIR/unreadable_file
+chmod 600 $RO_SHRDIR/unreadable_file
+
+##
 ## Create the common config include file with the basic settings
 ##
 
@@ -269,6 +287,9 @@ cat >$SERVERCONFFILE<<EOF
 
 [tmp]
 	path = $SHRDIR
+[ro-tmp]
+	path = $RO_SHRDIR
+	guest ok = yes
 [hideunread]
 	copy = tmp
 	hide unreadable = yes
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index ff50220..84a3999 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -2,9 +2,9 @@
 
 # this runs the file serving tests that are expected to pass with samba3
 
-if [ $# -lt 4 ]; then
+if [ $# -lt 5 ]; then
 cat <<EOF
-Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD
+Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD USERID
 EOF
 exit 1;
 fi
@@ -13,8 +13,9 @@ SERVER="$1"
 SERVER_IP="$2"
 USERNAME="$3"
 PASSWORD="$4"
+USERID="$5"
 SMBCLIENT="$VALGRIND ${SMBCLIENT:-$BINDIR/smbclient} $CONFIGURATION"
-shift 4
+shift 5
 ADDARGS="$*"
 
 test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
@@ -126,6 +127,119 @@ EOF
     fi
 }
 
+# Test writing into a read-only directory (logon as guest) fails.
+test_read_only_dir()
+{
+    prompt="NT_STATUS_ACCESS_DENIED making remote directory"
+    tmpfile=/tmp/smbclient.in.$$
+
+##
+## We can't do this as non-root. We always have rights to
+## create the directory.
+##
+    if [ "$USERID" != 0 ]; then
+	echo "skipping test_read_only_dir as non-root"
+	true
+	return
+    fi
+
+##
+## We can't do this with an encrypted connection. No credentials
+## to set up the channel.
+##
+    if [ "$ADDARGS" == "-e" ]; then
+	echo "skipping test_read_only_dir with encrypted connection"
+	true
+	return
+    fi
+
+    cat > $tmpfile <<EOF
+mkdir a_test_dir
+quit
+EOF
+
+    cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $CONFIGURATION "$@" -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=`eval $cmd`
+    ret=$?
+    rm -f $tmpfile
+
+    if [ $ret != 0 ] ; then
+	echo "$out"
+	echo "failed writing into read-only directory with error $ret"
+	false
+	return
+    fi
+
+    echo "$out" | grep "$prompt" >/dev/null 2>&1
+
+    ret=$?
+    if [ $ret = 0 ] ; then
+	# got the correct prompt .. succeed
+	true
+    else
+	echo "$out"
+	echo "failed writing into read-only directory - grep failed with $ret"
+	false
+    fi
+}
+
+# Test reading an owner-only file (logon as guest) fails.
+test_owner_only_file()
+{
+    prompt="NT_STATUS_ACCESS_DENIED opening remote file"
+    tmpfile=/tmp/smbclient.in.$$
+
+##
+## We can't do this as non-root. We always have rights to
+## read the file.
+##
+    if [ "$USERID" != 0 ]; then
+	echo "skipping test_owner_only_file as non-root"
+	true
+	return
+    fi
+
+##
+## We can't do this with an encrypted connection. No credentials
+## to set up the channel.
+##
+    if [ "$ADDARGS" == "-e" ]; then
+	echo "skipping test_owner_only_file with encrypted connection"
+	true
+	return
+    fi
+
+    cat > $tmpfile <<EOF
+get unreadable_file
+quit
+EOF
+
+    cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $CONFIGURATION "$@" -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=`eval $cmd`
+    ret=$?
+    rm -f $tmpfile
+
+    if [ $ret != 0 ] ; then
+	echo "$out"
+	echo "failed reading owner-only file with error $ret"
+	false
+	return
+    fi
+
+    echo "$out" | grep "$prompt" >/dev/null 2>&1
+
+    ret=$?
+    if [ $ret = 0 ] ; then
+	# got the correct prompt .. succeed
+	true
+    else
+	echo "$out"
+	echo "failed reading owner-only file - grep failed with $ret"
+	false
+    fi
+}
 
 testit "smbclient -L $SERVER_IP" $SMBCLIENT $CONFIGURATION -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1`
 testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT $CONFIGURATION -L $SERVER -I $SERVER_IP -N -p 139 || failed=`expr $failed + 1`
@@ -150,4 +264,12 @@ testit "creating a bad symlink and deleting it" \
    test_bad_symlink || \
    failed=`expr $failed + 1`
 
+testit "writing into a read-only directory fails" \
+   test_read_only_dir || \
+   failed=`expr $failed + 1`
+
+testit "Reading a owner-only file fails" \
+   test_owner_only_file || \
+   failed=`expr $failed + 1`
+
 testok $0 $failed
diff --git a/source3/script/tests/tests_all.sh b/source3/script/tests/tests_all.sh
index 11d315b..153f8ea 100755
--- a/source3/script/tests/tests_all.sh
+++ b/source3/script/tests/tests_all.sh
@@ -20,13 +20,13 @@ smbtorture_s3_encrypted() {
 
 smbclient_s3() {
 	echo "RUNNING TESTS smbclient_s3"
-	$SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP $USERNAME $PASSWORD \
+	$SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP $USERNAME $PASSWORD $USERID \
 	|| failed=`expr $failed + $?`
 }
 
 smbclient_s3_encrypted() {
 	echo "RUNNING TESTS smbclient_s3_encrypted"
-	$SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP $USERNAME $PASSWORD "-e" \
+	$SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP $USERNAME $PASSWORD $USERID "-e" \
 	|| failed=`expr $failed + $?`
 }
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list