[PATCH] Add regression test for bug #9329 - Directory listing with SeBackup can crash smbd.
Andrew Bartlett
abartlet at samba.org
Mon Oct 29 16:41:46 MDT 2012
On Mon, 2012-10-29 at 14:49 -0700, Jeremy Allison wrote:
> Ensure we exercise the SeBackup code path on directory listings.
Looks good. Thanks for adding the test, this will be most helpful in
ensuring we don't regress here again.
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
> source3/script/tests/test_smbclient_s3.sh | 62 +++++++++++++++++++++++++++-
> source3/selftest/tests.py | 10 ++--
> 2 files changed, 64 insertions(+), 8 deletions(-)
>
> diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
> index 3341c62..e78612a 100755
> --- a/source3/script/tests/test_smbclient_s3.sh
> +++ b/source3/script/tests/test_smbclient_s3.sh
> @@ -2,9 +2,9 @@
>
> # this runs the file serving tests that are expected to pass with samba3
>
> -if [ $# -lt 7 ]; then
> +if [ $# -lt 11 ]; then
> cat <<EOF
> -Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO
> +Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET
> EOF
> exit 1;
> fi
> @@ -19,9 +19,10 @@ LOCAL_PATH="${7}"
> PREFIX="${8}"
> SMBCLIENT="${9}"
> WBINFO="${10}"
> +NET="${11}"
> SMBCLIENT="$VALGRIND ${SMBCLIENT}"
> WBINFO="$VALGRIND ${WBINFO}"
> -shift 10
> +shift 11
> ADDARGS="$*"
>
> incdir=`dirname $0`/../../../testprogs/blackbox
> @@ -489,6 +490,57 @@ EOF
> fi
> }
>
> +# Test doing a directory listing with backup privilege.
> +test_backup_privilege_list()
> +{
> + tmpfile=$PREFIX/smbclient_backup_privilege_list
> +
> + # If we don't have a DOMAIN component to the username, add it.
> + echo "$USERNAME" | grep '\\' 2>&1
> + ret=$?
> + if [ $ret != 0 ] ; then
> + priv_username="$DOMAIN\\$USERNAME"
> + else
> + priv_username=$USERNAME
> + fi
> +
> + $NET sam rights grant $priv_username SeBackupPrivilege $ADDARGS 2>&1
> + ret=$?
> + if [ $ret != 0 ] ; then
> + echo "Failed to add SeBackupPrivilege to user $priv_username - $ret"
> + false
> + return
> + fi
> +
> + cat > $tmpfile <<EOF
> +backup
> +ls
> +quit
> +EOF
> +
> + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
> + eval echo "$cmd"
> + out=`eval $cmd`
> + ret=$?
> + rm -f $tmpfile
> +
> + if [ $ret != 0 ] ; then
> + echo "$out"
> + echo "failed backup privilege list $ret"
> + false
> + return
> + fi
> +
> +# Now remove all privileges from this SID.
> + $NET sam rights revoke $priv_username SeBackupPrivilege $ADDARGS 2>&1
> + ret=$?
> + if [ $ret != 0 ] ; then
> + echo "failed to remove SeBackupPrivilege from user $priv_username - $ret"
> + false
> + return
> + fi
> +}
> +
> LOGDIR_PREFIX=test_smbclient_s3
>
> # possibly remove old logdirs:
> @@ -552,6 +604,10 @@ testit "using an authentication file" \
> test_auth_file || \
> failed=`expr $failed + 1`
>
> +testit "list with backup privilege" \
> + test_backup_privilege_list || \
> + failed=`expr $failed + 1`
> +
> testit "rm -rf $LOGDIR" \
> rm -rf $LOGDIR || \
> failed=`expr $failed + 1`
> diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
> index 9b0527c..def4d83 100755
> --- a/source3/selftest/tests.py
> +++ b/source3/selftest/tests.py
> @@ -180,20 +180,20 @@ plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) bad username" % env, en
>
> # plain
> for env in ["s3dc"]:
> - plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
> + plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
>
> for env in ["member", "s3member"]:
> - plantestsuite("samba3.blackbox.smbclient_s3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
> + plantestsuite("samba3.blackbox.smbclient_s3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
>
> for env in ["s3dc"]:
> - plantestsuite("samba3.blackbox.smbclient_s3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "--signing=required"])
> + plantestsuite("samba3.blackbox.smbclient_s3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
>
> for env in ["member", "s3member"]:
> - plantestsuite("samba3.blackbox.smbclient_s3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "--signing=required"])
> + plantestsuite("samba3.blackbox.smbclient_s3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER\\\\$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
>
> for env in ["s3dc"]:
> # encrypted
> - plantestsuite("samba3.blackbox.smbclient_s3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration, "-e"])
> + plantestsuite("samba3.blackbox.smbclient_s3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "-e"])
>
> # Test smbclient/tarmode
> plantestsuite("samba3.blackbox.smbclient_tarmode (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', '$PREFIX', smbclient3, configuration])
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list