[SCM] Samba Shared Repository - branch v4-14-test updated
Jule Anger
janger at samba.org
Fri Feb 25 11:37:02 UTC 2022
The branch, v4-14-test has been updated
via 3d90f070894 s3:modules: Fix virusfilter_vfs_openat
via babfb227954 s3:selftest: Add test for virus scanner
via ae703cd4bcb selftest: Fix trailing whitespace in Samba3.pm
via e7c419d8397 docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
via 043f4b274b3 s3:modules: Implement dummy virus scanner that uses filename matching
via 34ade9eab0a s3:winbind: Use the canonical principal name to renew the credentials
via 98915350151 s3:winbind: Store canonical principal and realm in ccache entry
via f5672ef042b s3:libads: Return canonical principal and realm from kerberos_return_pac()
via af7f4e294dc lib:krb5_wrap: Fix wrong debug message and use newer debug macro
via fc3fed64ae0 lib:krb5_wrap: Improve debug message and use newer debug macro
via b464cbc0358 s3:libads: Fix memory leak in kerberos_return_pac() error path
from 77fac5ed243 libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit 3d90f070894dda79f77f72b72c9310a6d5f8d8af
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Mon Feb 7 23:06:10 2022 +0100
s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184
(cherry picked from commit 3f1c958f6fa9d2991185f4e281a377a295d09f9c)
Autobuild-User(v4-14-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-14-test): Fri Feb 25 11:36:06 UTC 2022 on sn-devel-184
commit babfb2279544a0052a02898ab25eee19fee3566c
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Feb 8 15:35:48 2022 +0100
s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)
commit ae703cd4bcbab36c3b2c344405254f22b9c81e2c
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Feb 8 15:34:56 2022 +0100
selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 547b4c595a8513a4be99177edbaa39ce43840f7a)
commit e7c419d83971ed4c0bde3768a9f37b12f16234c3
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Feb 8 22:35:29 2022 +0100
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2fd518e5cc63221c162c9b3f8526b9b7c9e34969)
commit 043f4b274b35417a60e6a2d21d50adfe2fca68f2
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Feb 8 12:07:03 2022 +0100
s3:modules: Implement dummy virus scanner that uses filename matching
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9f34babec7c6aca3d91f226705d3b3996792e5f1)
commit 34ade9eab0a07cf2be3059b3b9c5ae9af7f878f2
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 14:28:44 2022 +0100
s3:winbind: Use the canonical principal name to renew the credentials
The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8246ccc23d064147412bb3475e6431a9fffc0d27)
commit 989153501516ad4c059103db8955259ae988b763
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 13:19:02 2022 +0100
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0f4f330773d272b4d28ff3ba5a41bdd4ba569c8b)
commit f5672ef042bdfbf0aa584f5a3f6f3df6e54b2017
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 13:08:56 2022 +0100
s3:libads: Return canonical principal and realm from kerberos_return_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 00b1f44a7e8f66976757535bcbc6bea97fb1c29f)
commit af7f4e294dc15d1c0ee07e5e25e884d3c6b79d16
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 14:28:28 2022 +0100
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1b5b4107a5081f15ba215f3025056d509fcfcf2a)
commit fc3fed64ae079e1044b665103ddd009db7552fe9
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 13:00:05 2022 +0100
lib:krb5_wrap: Improve debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ed14513be055cc56eb39785323df2c538a813865)
commit b464cbc0358bffffeb92c2fa3a95b6d32700788d
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Feb 22 12:59:44 2022 +0100
s3:libads: Fix memory leak in kerberos_return_pac() error path
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3dbcd20de98cd28683a9c248368e5082b6388111)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_virusfilter.8.xml | 12 +++
lib/krb5_wrap/krb5_samba.c | 7 +-
selftest/target/Samba3.pm | 18 ++++-
source3/libads/authdata.c | 33 +++++++-
source3/libads/kerberos_proto.h | 2 +
source3/modules/vfs_virusfilter.c | 18 ++++-
source3/modules/vfs_virusfilter_common.h | 4 +
source3/modules/vfs_virusfilter_dummy.c | 58 ++++++++++++++
source3/modules/wscript_build | 1 +
source3/script/tests/test_virus_scanner.sh | 124 +++++++++++++++++++++++++++++
source3/selftest/tests.py | 9 +++
source3/utils/net_ads.c | 2 +
source3/winbindd/winbindd.h | 2 +
source3/winbindd/winbindd_cred_cache.c | 18 ++++-
source3/winbindd/winbindd_pam.c | 12 ++-
source3/winbindd/winbindd_proto.h | 4 +-
16 files changed, 307 insertions(+), 17 deletions(-)
create mode 100644 source3/modules/vfs_virusfilter_dummy.c
create mode 100755 source3/script/tests/test_virus_scanner.sh
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_virusfilter.8.xml b/docs-xml/manpages/vfs_virusfilter.8.xml
index 329a35af68a..88f91d73a42 100644
--- a/docs-xml/manpages/vfs_virusfilter.8.xml
+++ b/docs-xml/manpages/vfs_virusfilter.8.xml
@@ -48,6 +48,10 @@
scanner</para></listitem>
<listitem><para><emphasis>clamav</emphasis>, the ClamAV
scanner</para></listitem>
+ <listitem><para><emphasis>dummy</emphasis>, dummy scanner used in
+ tests. Checks against the <emphasis>infected files</emphasis>
+ parameter and flags any name that matches as infected.
+ </para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
@@ -264,6 +268,14 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>virusfilter:infected files = empty</term>
+ <listitem>
+ <para>Files that virusfilter <emphasis>dummy</emphasis> flags as infected.</para>
+ <para>If this option is not set, the default is empty.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>virusfilter:block access on error = false</term>
<listitem>
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index fff5b4e2a22..76c2dcd2126 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1079,7 +1079,7 @@ krb5_error_code smb_krb5_renew_ticket(const char *ccache_string,
goto done;
}
- DEBUG(10,("smb_krb5_renew_ticket: using %s as ccache\n", ccache_string));
+ DBG_DEBUG("Using %s as ccache for '%s'\n", ccache_string, client_string);
/* FIXME: we should not fall back to defaults */
ret = krb5_cc_resolve(context, discard_const_p(char, ccache_string), &ccache);
@@ -1101,7 +1101,10 @@ krb5_error_code smb_krb5_renew_ticket(const char *ccache_string,
ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string));
if (ret) {
- DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
+ DBG_DEBUG("krb5_get_renewed_creds using ccache '%s' "
+ "for client '%s' and service '%s' failed: %s\n",
+ ccache_string, client_string, service_string,
+ error_message(ret));
goto done;
}
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 9a8c9ee2604..baec3347c7d 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -188,7 +188,7 @@ sub getlog_env_app($$$)
close(LOG);
return "" if $out eq $title;
-
+
return $out;
}
@@ -1463,6 +1463,9 @@ sub setup_fileserver
my $veto_sharedir="$share_dir/veto";
push(@dirs,$veto_sharedir);
+ my $virusfilter_sharedir="$share_dir/virusfilter";
+ push(@dirs,$virusfilter_sharedir);
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1588,6 +1591,15 @@ sub setup_fileserver
path = $veto_sharedir
delete veto files = yes
+[virusfilter]
+ path = $virusfilter_sharedir
+ vfs objects = acl_xattr virusfilter
+ virusfilter:scanner = dummy
+ virusfilter:min file size = 0
+ virusfilter:infected files = *infected*
+ virusfilter:infected file action = rename
+ virusfilter:scan on close = yes
+
[homes]
comment = Home directories
browseable = No
@@ -2205,7 +2217,7 @@ sub provision($$)
my $nmbdsockdir="$prefix_abs/nmbd";
unlink($nmbdsockdir);
- ##
+ ##
## create the test directory layout
##
die ("prefix_abs = ''") if $prefix_abs eq "";
@@ -3057,7 +3069,7 @@ sub provision($$)
unless (open(PASSWD, ">$nss_wrapper_passwd")) {
warn("Unable to open $nss_wrapper_passwd");
return undef;
- }
+ }
print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index dd21d895fc2..bf9a2335445 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -57,11 +57,16 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
+ char **_canon_principal,
+ char **_canon_realm,
struct PAC_DATA_CTR **_pac_data_ctr)
{
krb5_error_code ret;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
- DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1;
+ DATA_BLOB tkt = data_blob_null;
+ DATA_BLOB tkt_wrapped = data_blob_null;
+ DATA_BLOB ap_rep = data_blob_null;
+ DATA_BLOB sesskey1 = data_blob_null;
const char *auth_princ = NULL;
const char *cc = "MEMORY:kerberos_return_pac";
struct auth_session_info *session_info;
@@ -72,6 +77,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context;
struct loadparm_context *lp_ctx;
struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ char *canon_principal = NULL;
+ char *canon_realm = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -81,7 +88,16 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(sesskey1);
if (!name || !pass) {
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (_canon_principal != NULL) {
+ *_canon_principal = NULL;
+ }
+
+ if (_canon_realm != NULL) {
+ *_canon_realm = NULL;
}
if (cache_name) {
@@ -105,7 +121,9 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
request_pac,
add_netbios_addr,
renewable_time,
- NULL, NULL, NULL,
+ tmp_ctx,
+ &canon_principal,
+ &canon_realm,
&status);
if (ret) {
DEBUG(1,("kinit failed for '%s' with: %s (%d)\n",
@@ -131,7 +149,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
if (expire_time && renew_till_time &&
(*expire_time == 0) && (*renew_till_time == 0)) {
- return NT_STATUS_INVALID_LOGON_TYPE;
+ status = NT_STATUS_INVALID_LOGON_TYPE;
+ goto out;
}
ret = ads_krb5_cli_get_ticket(mem_ctx,
@@ -238,6 +257,12 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
}
*_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
+ if (_canon_principal != NULL) {
+ *_canon_principal = talloc_move(mem_ctx, &canon_principal);
+ }
+ if (_canon_realm != NULL) {
+ *_canon_realm = talloc_move(mem_ctx, &canon_realm);
+ }
out:
talloc_free(tmp_ctx);
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 3d7b5bc074b..807381248c8 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -78,6 +78,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
+ char **_canon_principal,
+ char **_canon_realm,
struct PAC_DATA_CTR **pac_data_ctr);
/* The following definitions come from libads/krb5_setpw.c */
diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c
index 524e7dfbad9..8c7e5323341 100644
--- a/source3/modules/vfs_virusfilter.c
+++ b/source3/modules/vfs_virusfilter.c
@@ -35,12 +35,14 @@
enum virusfilter_scanner_enum {
VIRUSFILTER_SCANNER_CLAMAV,
+ VIRUSFILTER_SCANNER_DUMMY,
VIRUSFILTER_SCANNER_FSAV,
VIRUSFILTER_SCANNER_SOPHOS
};
static const struct enum_list scanner_list[] = {
{ VIRUSFILTER_SCANNER_CLAMAV, "clamav" },
+ { VIRUSFILTER_SCANNER_DUMMY, "dummy" },
{ VIRUSFILTER_SCANNER_FSAV, "fsav" },
{ VIRUSFILTER_SCANNER_SOPHOS, "sophos" },
{ -1, NULL }
@@ -199,6 +201,7 @@ static int virusfilter_vfs_connect(
int snum = SNUM(handle->conn);
struct virusfilter_config *config = NULL;
const char *exclude_files = NULL;
+ const char *infected_files = NULL;
const char *temp_quarantine_dir_mode = NULL;
const char *infected_file_command = NULL;
const char *scan_error_command = NULL;
@@ -255,6 +258,12 @@ static int virusfilter_vfs_connect(
set_namearray(&config->exclude_files, exclude_files);
}
+ infected_files = lp_parm_const_string(
+ snum, "virusfilter", "infected files", NULL);
+ if (infected_files != NULL) {
+ set_namearray(&config->infected_files, infected_files);
+ }
+
config->cache_entry_limit = lp_parm_int(
snum, "virusfilter", "cache entry limit", 100);
@@ -532,6 +541,9 @@ static int virusfilter_vfs_connect(
case VIRUSFILTER_SCANNER_CLAMAV:
ret = virusfilter_clamav_init(config);
break;
+ case VIRUSFILTER_SCANNER_DUMMY:
+ ret = virusfilter_dummy_init(config);
+ break;
default:
DBG_ERR("Unhandled scanner %d\n", backend);
return -1;
@@ -1292,21 +1304,21 @@ static int virusfilter_vfs_openat(struct vfs_handle_struct *handle,
*/
goto virusfilter_vfs_open_next;
}
- ret = S_ISREG(smb_fname->st.st_ex_mode);
+ ret = S_ISREG(sbuf.st_ex_mode);
if (ret == 0) {
DBG_INFO("Not scanned: Directory or special file: %s/%s\n",
cwd_fname, fname);
goto virusfilter_vfs_open_next;
}
if (config->max_file_size > 0 &&
- smb_fname->st.st_ex_size > config->max_file_size)
+ sbuf.st_ex_size > config->max_file_size)
{
DBG_INFO("Not scanned: file size > max file size: %s/%s\n",
cwd_fname, fname);
goto virusfilter_vfs_open_next;
}
if (config->min_file_size > 0 &&
- smb_fname->st.st_ex_size < config->min_file_size)
+ sbuf.st_ex_size < config->min_file_size)
{
DBG_INFO("Not scanned: file size < min file size: %s/%s\n",
cwd_fname, fname);
diff --git a/source3/modules/vfs_virusfilter_common.h b/source3/modules/vfs_virusfilter_common.h
index f71b0b949a7..463a9d74e9c 100644
--- a/source3/modules/vfs_virusfilter_common.h
+++ b/source3/modules/vfs_virusfilter_common.h
@@ -83,6 +83,9 @@ struct virusfilter_config {
/* Exclude files */
name_compare_entry *exclude_files;
+ /* Infected files */
+ name_compare_entry *infected_files;
+
/* Scan result cache */
struct virusfilter_cache *cache;
int cache_entry_limit;
@@ -149,5 +152,6 @@ struct virusfilter_backend {
int virusfilter_sophos_init(struct virusfilter_config *config);
int virusfilter_fsav_init(struct virusfilter_config *config);
int virusfilter_clamav_init(struct virusfilter_config *config);
+int virusfilter_dummy_init(struct virusfilter_config *config);
#endif /* _VIRUSFILTER_COMMON_H */
diff --git a/source3/modules/vfs_virusfilter_dummy.c b/source3/modules/vfs_virusfilter_dummy.c
new file mode 100644
index 00000000000..03405cd6629
--- /dev/null
+++ b/source3/modules/vfs_virusfilter_dummy.c
@@ -0,0 +1,58 @@
+/*
+ Samba-VirusFilter VFS modules
+ Dummy scanner with infected files support.
+ Copyright (C) 2022 Pavel Filipenský <pfilipen at redhat.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "modules/vfs_virusfilter_utils.h"
+
+static virusfilter_result virusfilter_dummy_scan(
+ struct vfs_handle_struct *handle,
+ struct virusfilter_config *config,
+ const struct files_struct *fsp,
+ char **reportp)
+{
+ bool ok;
+
+ DBG_INFO("Scanning file: %s\n", fsp_str_dbg(fsp));
+ ok = is_in_path(fsp->fsp_name->base_name,
+ config->infected_files,
+ false);
+ return ok ? VIRUSFILTER_RESULT_INFECTED : VIRUSFILTER_RESULT_CLEAN;
+}
+
+static struct virusfilter_backend_fns virusfilter_backend_dummy = {
+ .connect = NULL,
+ .disconnect = NULL,
+ .scan_init = NULL,
+ .scan = virusfilter_dummy_scan,
+ .scan_end = NULL,
+};
+
+int virusfilter_dummy_init(struct virusfilter_config *config)
+{
+ struct virusfilter_backend *backend = NULL;
+
+ backend = talloc_zero(config, struct virusfilter_backend);
+ if (backend == NULL) {
+ return -1;
+ }
+
+ backend->fns = &virusfilter_backend_dummy;
+ backend->name = "dummy";
+ config->backend = backend;
+ return 0;
+}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 36b047ef79b..444a16f2cc0 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -598,6 +598,7 @@ bld.SAMBA3_MODULE('vfs_virusfilter',
vfs_virusfilter_sophos.c
vfs_virusfilter_fsav.c
vfs_virusfilter_clamav.c
+ vfs_virusfilter_dummy.c
''',
deps='samba-util VFS_VIRUSFILTER_UTILS',
init_function='',
diff --git a/source3/script/tests/test_virus_scanner.sh b/source3/script/tests/test_virus_scanner.sh
new file mode 100755
index 00000000000..2234ea6ca89
--- /dev/null
+++ b/source3/script/tests/test_virus_scanner.sh
@@ -0,0 +1,124 @@
+#!/bin/sh
+# Copyright (c) 2022 Pavel Filipenský <pfilipen at redhat.com>
+# shellcheck disable=1091
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: $0 SERVER_IP SHARE LOCAL_PATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER_IP=${1}
+SHARE=${2}
+LOCAL_PATH=${3}
+SMBCLIENT=${4}
+
+SMBCLIENT="${VALGRIND} ${SMBCLIENT}"
+
+failed=0
+sharedir="${LOCAL_PATH}/${SHARE}"
+
+incdir="$(dirname "$0")/../../../testprogs/blackbox"
+. "${incdir}/subunit.sh"
+
+check_infected_read()
+{
+ rm -rf "${sharedir:?}"/*
+
+ if ! touch "${sharedir}/infected.txt"; then
+ echo "ERROR: Cannot create ${sharedir}/infected.txt"
+ return 1
+ fi
+
+ ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get infected.txt ${sharedir}/infected.download.txt"
+
+ # check that virusfilter:rename prefix/suffix was added
+ if [ ! -f "${sharedir}/virusfilter.infected.txt.infected" ]; then
+ echo "ERROR: ${sharedir}/virusfilter.infected.txt.infected is missing."
+ return 1
+ fi
+
+ # check that file was not downloaded
+ if [ -f "${sharedir}/infected.download.txt" ]; then
+ echo "ERROR: {sharedir}/infected.download.txt should not exist."
+ return 1
+ fi
+
+ return 0
+}
+
+check_infected_write()
+{
+ rm -rf "${sharedir:?}"/*
+ smbfile=infected.upload.txt
+ smbfilerenamed="virusfilter.${smbfile}.infected"
+
+ # non empty file is needed
+ # vsf_virusfilter performs a scan only if fsp->fsp_flags.modified
+ if ! echo "Hello Virus!" > "${sharedir}/infected.txt"; then
+ echo "ERROR: Cannot create ${sharedir}/infected.txt"
+ return 1
+ fi
+
+ ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "put ${sharedir}/infected.txt ${smbfile}"
+
+ # check that virusfilter:rename prefix/suffix was added
+ if [ ! -f "${sharedir}/${smbfilerenamed}" ]; then
+ echo "ERROR: ${sharedir}/${smbfilerenamed} is missing."
+ return 1
+ fi
+
+ # check that file was not uploaded
+ if [ -f "${sharedir}/infected.upload.txt" ]; then
+ echo "ERROR: {sharedir}/${smbfile} should not exist."
+ return 1
+ fi
+
+ return 0
+}
+
+check_healthy_read()
+{
+ rm -rf "${sharedir:?}"/*
+
+ if ! echo "Hello Samba!" > "${sharedir}/healthy.txt"; then
+ echo "ERROR: Cannot create ${sharedir}/healthy.txt"
+ return 1
+ fi
+
+ ${SMBCLIENT} //"${SERVER_IP}"/"${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get healthy.txt ${sharedir}/healthy.download.txt"
+
+ if ! cmp "${sharedir}/healthy.txt" "${sharedir}/healthy.download.txt"; then
+ echo "ERROR: cmp ${sharedir}/healthy.txt ${sharedir}/healthy.download.txt FAILED"
+ return 1
+ fi
+
+ return 0
+}
+
+check_healthy_write()
+{
+ rm -rf "${sharedir:?}"/*
+
+ if ! echo "Hello Samba!" > "${sharedir}/healthy.txt"; then
+ echo "ERROR: Cannot create ${sharedir}/healthy.txt"
+ return 1
+ fi
+
+ ${SMBCLIENT} //"${SERVER_IP}"/"${SHARE}" -U"${USER}"%"${PASSWORD}" -c "put ${sharedir}/healthy.txt healthy.upload.txt"
+
+ if ! cmp "${sharedir}/healthy.txt" "${sharedir}/healthy.upload.txt"; then
+ echo "ERROR: cmp ${sharedir}/healthy.txt ${sharedir}/healthy.upload.txt FAILED"
+ return 1
+ fi
--
Samba Shared Repository
More information about the samba-cvs
mailing list