[SCM] Samba Shared Repository - branch master updated
Uri Simchoni
uri at samba.org
Wed Mar 2 22:52:03 UTC 2016
The branch, master has been updated
via 9c67ff4 selftest: test access based share enum parameter
via 5036a09 access based share enum: handle permission set in configuration files
from f24567e torture:smb2: skip replay4 if server does not support multi-channel
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9c67ff461d73305530ea257820215cf1ba97f703
Author: Uri Simchoni <uri at samba.org>
Date: Mon Feb 29 22:09:57 2016 +0200
selftest: test access based share enum parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Wed Mar 2 23:51:56 CET 2016 on sn-devel-144
commit 5036a0922b7890005bcc8b77368a6635c8ebeb4b
Author: Alberto Maria Fiaschi <alberto.fiaschi at estar.toscana.it>
Date: Tue Feb 23 18:22:10 2016 +0100
access based share enum: handle permission set in configuration files
change function is_enumeration_allowed to check permissions set by
fields: valid users, invalid users, only user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093
Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi at estar.toscana.it>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/selftesthelpers.py | 1 +
selftest/target/Samba3.pm | 1 +
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++-----
source3/script/tests/test_shareenum.sh | 30 ++++++++++++++++++++++++++++++
source3/selftest/tests.py | 1 +
5 files changed, 45 insertions(+), 5 deletions(-)
create mode 100755 source3/script/tests/test_shareenum.sh
Changeset truncated at 500 lines:
diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py
index 42499b0..f26484b 100644
--- a/selftest/selftesthelpers.py
+++ b/selftest/selftesthelpers.py
@@ -185,3 +185,4 @@ dbwrap_tool = binpath('dbwrap_tool')
vfstest = binpath('vfstest')
smbcquotas = binpath('smbcquotas')
smbget = binpath('smbget')
+rpcclient = binpath('rpcclient')
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 2dde4ca..5dc4b17 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1512,6 +1512,7 @@ sub provision($$$$$$$$)
[valid-users-tmp]
path = $shrdir
valid users = $unix_name
+ access based share enum = yes
[msdfs-share]
path = $msdfs_shrdir
msdfs root = yes
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index b1e9d13..279cd9e 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -477,12 +477,19 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
- if (!lp_access_based_share_enum(snum))
- return true;
+ if (!lp_access_based_share_enum(snum)) {
+ return true;
+ }
+
+ if (!user_ok_token(p->session_info->unix_info->unix_name,
+ p->session_info->info->domain_name,
+ p->session_info->security_token, snum)) {
+ return false;
+ }
- return share_access_check(p->session_info->security_token,
- lp_servicename(talloc_tos(), snum),
- FILE_READ_DATA, NULL);
+ return share_access_check(p->session_info->security_token,
+ lp_servicename(talloc_tos(), snum),
+ FILE_READ_DATA, NULL);
}
/****************************************************************************
diff --git a/source3/script/tests/test_shareenum.sh b/source3/script/tests/test_shareenum.sh
new file mode 100755
index 0000000..3904b51
--- /dev/null
+++ b/source3/script/tests/test_shareenum.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# this tests share enumeration with "access based share enum"
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: $0 SERVER USERNAME PASSWORD RPCCLIENT
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+USERNAME="$2"
+PASSWORD="$3"
+RPCCLIENT="$4"
+RPCCLIENT="$VALGRIND ${RPCCLIENT}"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+user_see_share() {
+ local user=$1
+ local share=$2
+ $RPCCLIENT //$SERVER -U$user%$PASSWORD -c "netshareenumall" | grep $share > /dev/null 2>&1
+}
+
+testit "$USERNAME sees tmp" user_see_share $USERNAME tmp
+testit "$USERNAME sees valid-users-tmp" user_see_share $USERNAME valid-users-tmp
+testit "force_user sees tmp" user_see_share force_user tmp
+testit_expect_failure "force_user does not see valid-users-tmp" user_see_share force_user valid-users-tmp
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 48e082f..5851110 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -183,6 +183,7 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.shadow_copy2 (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shadow_copy.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/shadow', smbclient3])
plantestsuite("samba3.blackbox.smbclient.forceuser_validusers (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_forceuser_validusers.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
plantestsuite("samba3.blackbox.smbget (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbget.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', 'smbget_user', '$PASSWORD', '$LOCAL_PATH/smbget', smbget])
+ plantestsuite("samba3.blackbox.netshareenum (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shareenum.sh"), '$SERVER', '$USERNAME', '$PASSWORD', rpcclient])
#
# tar command tests
--
Samba Shared Repository
More information about the samba-cvs
mailing list