[PATCH] Add regression test for bug #9329 - Directory listing with SeBackup can crash smbd.

Andrew Bartlett abartlet at samba.org
Mon Oct 29 16:41:46 MDT 2012 

On Mon, 2012-10-29 at 14:49 -0700, Jeremy Allison wrote:
> Ensure we exercise the SeBackup code path on directory listings.

Looks good.  Thanks for adding the test, this will be most helpful in
ensuring we don't regress here again.

> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
>  source3/script/tests/test_smbclient_s3.sh |   62 +++++++++++++++++++++++++++-
>  source3/selftest/tests.py                 |   10 ++--
>  2 files changed, 64 insertions(+), 8 deletions(-)
> 
> diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
> index 3341c62..e78612a 100755
> --- a/source3/script/tests/test_smbclient_s3.sh
> +++ b/source3/script/tests/test_smbclient_s3.sh
> @@ -2,9 +2,9 @@
>  
>  # this runs the file serving tests that are expected to pass with samba3
>  
> -if [ $# -lt 7 ]; then
> +if [ $# -lt 11 ]; then
>  cat <<EOF
> -Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO
> +Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET
>  EOF
>  exit 1;
>  fi
> @@ -19,9 +19,10 @@ LOCAL_PATH="${7}"
>  PREFIX="${8}"
>  SMBCLIENT="${9}"
>  WBINFO="${10}"
> +NET="${11}"
>  SMBCLIENT="$VALGRIND ${SMBCLIENT}"
>  WBINFO="$VALGRIND ${WBINFO}"
> -shift 10
> +shift 11
>  ADDARGS="$*"
>  
>  incdir=`dirname $0`/../../../testprogs/blackbox
> @@ -489,6 +490,57 @@ EOF
>      fi
>  }
>  
> +# Test doing a directory listing with backup privilege.
> +test_backup_privilege_list()
> +{
> +    tmpfile=$PREFIX/smbclient_backup_privilege_list
> +
> +    # If we don't have a DOMAIN component to the username, add it.
> +    echo "$USERNAME" | grep '\\' 2>&1
> +    ret=$?
> +    if [ $ret != 0 ] ; then
> +	priv_username="$DOMAIN\\$USERNAME"
> +    else
> +	priv_username=$USERNAME
> +    fi
> +
> +    $NET sam rights grant $priv_username SeBackupPrivilege $ADDARGS 2>&1
> +    ret=$?
> +    if [ $ret != 0 ] ; then
> +	echo "Failed to add SeBackupPrivilege to user $priv_username - $ret"
> +	false
> +	return
> +    fi
> +
> +    cat > $tmpfile <<EOF
> +backup
> +ls
> +quit
> +EOF
> +
> +    cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
> +    eval echo "$cmd"
> +    out=`eval $cmd`
> +    ret=$?
> +    rm -f $tmpfile
> +
> +    if [ $ret != 0 ] ; then
> +	echo "$out"
> +	echo "failed backup privilege list $ret"
> +	false
> +	return
> +    fi
> +
> +# Now remove all privileges from this SID.
> +    $NET sam rights revoke $priv_username SeBackupPrivilege $ADDARGS 2>&1
> +    ret=$?
> +    if [ $ret != 0 ] ; then
> +	echo "failed to remove SeBackupPrivilege from user $priv_username - $ret"
> +	false
> +	return
> +    fi
> +}
> +
>  LOGDIR_PREFIX=test_smbclient_s3
>  
>  # possibly remove old logdirs:
> @@ -552,6 +604,10 @@ testit "using an authentication file" \
>      test_auth_file || \
>      failed=`expr $failed + 1`
>  
> +testit "list with backup privilege" \
> +    test_backup_privilege_list || \
> +    failed=`expr $failed + 1`
> +
>  testit "rm -rf $LOGDIR" \
>      rm -rf $LOGDIR || \
>      failed=`expr $failed + 1`
> diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
> index 9b0527c..def4d83 100755
> --- a/source3/selftest/tests.py
> +++ b/source3/selftest/tests.py
> @@ -180,20 +180,20 @@ plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) bad username" % env, en
>  
>  # plain
>  for env in ["s3dc"]:
> -    plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
> +    plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
>  
>  for env in ["member", "s3member"]:
> -    plantestsuite("samba3.blackbox.smbclient_s3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
> +    plantestsuite("samba3.blackbox.smbclient_s3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
>  
>  for env in ["s3dc"]:
> -    plantestsuite("samba3.blackbox.smbclient_s3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "--signing=required"])
> +    plantestsuite("samba3.blackbox.smbclient_s3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
>  
>  for env in ["member", "s3member"]:
> -    plantestsuite("samba3.blackbox.smbclient_s3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "--signing=required"])
> +    plantestsuite("samba3.blackbox.smbclient_s3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
>  
>  for env in ["s3dc"]:
>      # encrypted
> -    plantestsuite("samba3.blackbox.smbclient_s3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "-e"])
> +    plantestsuite("samba3.blackbox.smbclient_s3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "-e"])
>  
>      # Test smbclient/tarmode
>      plantestsuite("samba3.blackbox.smbclient_tarmode (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', '$PREFIX', smbclient3, configuration])

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list