source3/script/tests/test_smbclient_s3.sh

   1 #!/bin/sh
   2
   3 # this runs the file serving tests that are expected to pass with samba3
   4
   5 if [ $# -lt 11 ]; then
   6 cat <<EOF
   7 Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET
   8 EOF
   9 exit 1;
  10 fi
  11
  12 SERVER="${1}"
  13 SERVER_IP="${2}"
  14 DOMAIN="${3}"
  15 USERNAME="${4}"
  16 PASSWORD="${5}"
  17 USERID="${6}"
  18 LOCAL_PATH="${7}"
  19 PREFIX="${8}"
  20 SMBCLIENT="${9}"
  21 WBINFO="${10}"
  22 NET="${11}"
  23 SMBCLIENT="$VALGRIND ${SMBCLIENT}"
  24 WBINFO="$VALGRIND ${WBINFO}"
  25 shift 11
  26 ADDARGS="$*"
  27
  28 incdir=`dirname $0`/../../../testprogs/blackbox
  29 . $incdir/subunit.sh
  30
  31 failed=0
  32
  33 # Test that a noninteractive smbclient does not prompt
  34 test_noninteractive_no_prompt()
  35 {
  36     prompt="smb"
  37
  38     cmd='echo du | $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS 2>&1'
  39     eval echo "$cmd"
  40     out=`eval $cmd`
  41
  42     if [ $? != 0 ] ; then
  43         echo "$out"
  44         echo "command failed"
  45         false
  46         return
  47     fi
  48
  49     echo "$out" | grep $prompt >/dev/null 2>&1
  50
  51     if [ $? = 0 ] ; then
  52         # got a prompt .. fail
  53         echo matched interactive prompt in non-interactive mode
  54         false
  55     else
  56         true
  57     fi
  58 }
  59
  60 # Test that an interactive smbclient prompts to stdout
  61 test_interactive_prompt_stdout()
  62 {
  63     prompt="smb"
  64     tmpfile=$PREFIX/smbclient_interactive_prompt_commands
  65
  66     cat > $tmpfile <<EOF
  67 du
  68 quit
  69 EOF
  70
  71     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
  72     eval echo "$cmd"
  73     out=`eval $cmd`
  74     ret=$?
  75     rm -f $tmpfile
  76
  77     if [ $ret != 0 ] ; then
  78         echo "$out"
  79         echo "command failed"
  80         false
  81         return
  82     fi
  83
  84     echo "$out" | grep $prompt >/dev/null 2>&1
  85
  86     if [ $? = 0 ] ; then
  87         # got a prompt .. succeed
  88         true
  89     else
  90         echo failed to match interactive prompt on stdout
  91         false
  92     fi
  93 }
  94
  95 # Test creating a bad symlink and deleting it.
  96 test_bad_symlink()
  97 {
  98     prompt="posix_unlink deleted file /newname"
  99     tmpfile=$PREFIX/smbclient_bad_symlinks_commands
 100
 101     cat > $tmpfile <<EOF
 102 posix
 103 posix_unlink newname
 104 symlink badname newname
 105 posix_unlink newname
 106 quit
 107 EOF
 108
 109     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 110     eval echo "$cmd"
 111     out=`eval $cmd`
 112     ret=$?
 113     rm -f $tmpfile
 114
 115     if [ $ret != 0 ] ; then
 116         echo "$out"
 117         echo "failed create then delete bad symlink with error $ret"
 118         false
 119         return
 120     fi
 121
 122     echo "$out" | grep "$prompt" >/dev/null 2>&1
 123
 124     ret=$?
 125     if [ $ret = 0 ] ; then
 126         # got the correct prompt .. succeed
 127         true
 128     else
 129         echo "$out"
 130         echo "failed create then delete bad symlink - grep failed with $ret"
 131         false
 132     fi
 133 }
 134
 135 # Test creating a good symlink and deleting it by path.
 136 test_good_symlink()
 137 {
 138     tmpfile=$PREFIX/smbclient.in.$$
 139     slink_name="$LOCAL_PATH/slink"
 140     slink_target="$LOCAL_PATH/slink_target"
 141
 142     touch $slink_target
 143     ln -s $slink_target $slink_name
 144     cat > $tmpfile <<EOF
 145 del slink
 146 quit
 147 EOF
 148
 149     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 150     eval echo "$cmd"
 151     out=`eval $cmd`
 152     ret=$?
 153     rm -f $tmpfile
 154
 155     if [ $ret != 0 ] ; then
 156         echo "$out"
 157         echo "failed delete good symlink with error $ret"
 158         rm $slink_target
 159         rm $slink_name
 160         false
 161         return
 162     fi
 163
 164     if [ ! -e $slink_target ] ; then
 165         echo "failed delete good symlink - symlink target deleted !"
 166         rm $slink_target
 167         rm $slink_name
 168         false
 169         return
 170     fi
 171
 172     if [ -e $slink_name ] ; then
 173         echo "failed delete good symlink - symlink still exists"
 174         rm $slink_target
 175         rm $slink_name
 176         false
 177     else
 178         # got the correct prompt .. succeed
 179         rm $slink_target
 180         true
 181     fi
 182 }
 183
 184 # Test writing into a read-only directory (logon as guest) fails.
 185 test_read_only_dir()
 186 {
 187     prompt="NT_STATUS_ACCESS_DENIED making remote directory"
 188     tmpfile=$PREFIX/smbclient.in.$$
 189
 190 ##
 191 ## We can't do this as non-root. We always have rights to
 192 ## create the directory.
 193 ##
 194     if [ "$USERID" != 0 ] ; then
 195         echo "skipping test_read_only_dir as non-root"
 196         true
 197         return
 198     fi
 199
 200 ##
 201 ## We can't do this with an encrypted connection. No credentials
 202 ## to set up the channel.
 203 ##
 204     if [ "$ADDARGS" = "-e" ] ; then
 205         echo "skipping test_read_only_dir with encrypted connection"
 206         true
 207         return
 208     fi
 209
 210     cat > $tmpfile <<EOF
 211 mkdir a_test_dir
 212 quit
 213 EOF
 214
 215     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U% //$SERVER/$1" -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 216     eval echo "$cmd"
 217     out=`eval $cmd`
 218     ret=$?
 219     rm -f $tmpfile
 220
 221     if [ $ret != 0 ] ; then
 222         echo "$out"
 223         echo "failed writing into read-only directory with error $ret"
 224
 225         false
 226         return
 227     fi
 228
 229     echo "$out" | grep "$prompt" >/dev/null 2>&1
 230
 231     ret=$?
 232     if [ $ret = 0 ] ; then
 233         # got the correct prompt .. succeed
 234         true
 235     else
 236         echo "$out"
 237         echo "failed writing into read-only directory - grep failed with $ret"
 238         false
 239     fi
 240 }
 241
 242
 243 # Test sending a message
 244 test_message()
 245 {
 246     tmpfile=$PREFIX/message_in.$$
 247
 248     cat > $tmpfile <<EOF
 249 Test message from pid $$
 250 EOF
 251
 252     cmd='$SMBCLIENT "$@" -U$USERNAME%$PASSWORD -M $SERVER -p 139 $ADDARGS -n msgtest < $tmpfile 2>&1'
 253     eval echo "$cmd"
 254     out=`eval $cmd`
 255     ret=$?
 256
 257     if [ $ret != 0 ] ; then
 258         echo "$out"
 259         echo "failed sending message to $SERVER with error $ret"
 260         false
 261         rm -f $tmpfile
 262         return
 263     fi
 264
 265     # The server writes this into a file message.msgtest, via message.%m to test the % sub code
 266     cmd='$SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmpguest -p 139 $ADDARGS -c "get message.msgtest $PREFIX/message_out.$$" 2>&1'
 267     eval echo "$cmd"
 268     out=`eval $cmd`
 269     ret=$?
 270
 271     if [ $ret != 0 ] ; then
 272         echo "$out"
 273         echo "failed getting sent message from $SERVER with error $ret"
 274         false
 275         return
 276     fi
 277
 278     if [ cmp $PREFIX/message_out.$$ $tmpfile != 0 ] ; then
 279         echo "failed comparison of message from $SERVER"
 280         false
 281         return
 282     fi
 283     true
 284 }
 285
 286 # Test reading an owner-only file (logon as guest) fails.
 287 test_owner_only_file()
 288 {
 289     prompt="NT_STATUS_ACCESS_DENIED opening remote file"
 290     tmpfile=$PREFIX/smbclient.in.$$
 291
 292 ##
 293 ## We can't do this as non-root. We always have rights to
 294 ## read the file.
 295 ##
 296     if [ "$USERID" != 0 ] ; then
 297         echo "skipping test_owner_only_file as non-root"
 298         true
 299         return
 300     fi
 301
 302 ##
 303 ## We can't do this with an encrypted connection. No credentials
 304 ## to set up the channel.
 305 ##
 306     if [ "$ADDARGS" = "-e" ] ; then
 307         echo "skipping test_owner_only_file with encrypted connection"
 308         true
 309         return
 310     fi
 311
 312     cat > $tmpfile <<EOF
 313 get unreadable_file
 314 quit
 315 EOF
 316
 317     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 318     eval echo "$cmd"
 319     out=`eval $cmd`
 320     ret=$?
 321     rm -f $tmpfile
 322
 323     if [ $ret != 0 ] ; then
 324         echo "$out"
 325         echo "failed reading owner-only file with error $ret"
 326         false
 327         return
 328     fi
 329
 330     echo "$out" | grep "$prompt" >/dev/null 2>&1
 331
 332     ret=$?
 333     if [ $ret = 0 ] ; then
 334         # got the correct prompt .. succeed
 335         true
 336     else
 337         echo "$out"
 338         echo "failed reading owner-only file - grep failed with $ret"
 339         false
 340     fi
 341 }
 342
 343 # Test accessing an msdfs path.
 344 test_msdfs_link()
 345 {
 346     tmpfile=$PREFIX/smbclient.in.$$
 347     prompt="  msdfs-target  "
 348
 349     cat > $tmpfile <<EOF
 350 ls
 351 cd \\msdfs-src1
 352 ls msdfs-target
 353 quit
 354 EOF
 355
 356     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/msdfs-share -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 357     eval echo "$cmd"
 358     out=`eval $cmd`
 359     ret=$?
 360     rm -f $tmpfile
 361
 362     if [ $ret != 0 ] ; then
 363         echo "$out"
 364         echo "failed accessing \\msdfs-src1 link with error $ret"
 365         false
 366         return
 367     fi
 368
 369     echo "$out" | grep "$prompt" >/dev/null 2>&1
 370
 371     ret=$?
 372     if [ $ret != 0 ] ; then
 373         echo "$out"
 374         echo "failed listing \\msdfs-src1 - grep failed with $ret"
 375         false
 376     fi
 377
 378     cat > $tmpfile <<EOF
 379 ls
 380 cd \\deeppath\\msdfs-src2
 381 ls msdfs-target
 382 quit
 383 EOF
 384
 385     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/msdfs-share -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 386     eval echo "$cmd"
 387     out=`eval $cmd`
 388     ret=$?
 389     rm -f $tmpfile
 390
 391     if [ $ret != 0 ] ; then
 392         echo "$out"
 393         echo "failed accessing \\deeppath\\msdfs-src2 link with error $ret"
 394         false
 395         return
 396     fi
 397
 398     echo "$out" | grep "$prompt" >/dev/null 2>&1
 399
 400     ret=$?
 401     if [ $ret != 0 ] ; then
 402         echo "$out"
 403         echo "failed listing \\deeppath\\msdfs-src2 - grep failed with $ret"
 404         false
 405         return
 406     else
 407         true
 408         return
 409     fi
 410 }
 411
 412 # Test authenticating using the winbind ccache
 413 test_ccache_access()
 414 {
 415     $WBINFO --ccache-save="${USERNAME}%${PASSWORD}"
 416     ret=$?
 417
 418     if [ $ret != 0 ] ; then
 419         echo "wbinfo failed to store creds in cache (user='${USERNAME}', pass='${PASSWORD}')"
 420         false
 421         return
 422     fi
 423
 424     $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}%" \
 425         -c quit 2>&1
 426     ret=$?
 427
 428     if [ $ret != 0 ] ; then
 429         echo "smbclient failed to use cached credentials"
 430         false
 431         return
 432     fi
 433
 434     $WBINFO --ccache-save="${USERNAME}%GarBage"
 435     ret=$?
 436
 437     if [ $ret != 0 ] ; then
 438         echo "wbinfo failed to store creds in cache (user='${USERNAME}', pass='GarBage')"
 439         false
 440         return
 441     fi
 442
 443     $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}%" \
 444         -c quit 2>&1
 445     ret=$?
 446
 447     if [ $ret -eq 0 ] ; then
 448         echo "smbclient succeeded with wrong cached credentials"
 449         false
 450         return
 451     fi
 452
 453     $WBINFO --logoff
 454 }
 455
 456 # Test authenticating using the winbind ccache
 457 test_auth_file()
 458 {
 459     tmpfile=$PREFIX/smbclient.in.$$
 460     cat > $tmpfile <<EOF
 461 username=${USERNAME}
 462 password=${PASSWORD}
 463 domain=${DOMAIN}
 464 EOF
 465     $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile \
 466         -c quit 2>&1
 467     ret=$?
 468     rm $tmpfile
 469
 470     if [ $ret != 0 ] ; then
 471         echo "smbclient failed to use auth file"
 472         false
 473         return
 474     fi
 475
 476     cat > $tmpfile <<EOF
 477 username=${USERNAME}
 478 password=xxxx
 479 domain=${DOMAIN}
 480 EOF
 481     $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile\
 482         -c quit 2>&1
 483     ret=$?
 484     rm $tmpfile
 485
 486     if [ $ret -eq 0 ] ; then
 487         echo "smbclient succeeded with wrong auth file credentials"
 488         false
 489         return
 490     fi
 491 }
 492
 493 # Test doing a directory listing with backup privilege.
 494 test_backup_privilege_list()
 495 {
 496     tmpfile=$PREFIX/smbclient_backup_privilege_list
 497
 498     # If we don't have a DOMAIN component to the username, add it.
 499     echo "$USERNAME" | grep '\\' 2>&1
 500     ret=$?
 501     if [ $ret != 0 ] ; then
 502         priv_username="$DOMAIN\\$USERNAME"
 503     else
 504         priv_username=$USERNAME
 505     fi
 506
 507     $NET sam rights grant $priv_username SeBackupPrivilege 2>&1
 508     ret=$?
 509     if [ $ret != 0 ] ; then
 510         echo "Failed to add SeBackupPrivilege to user $priv_username - $ret"
 511         false
 512         return
 513     fi
 514
 515     cat > $tmpfile <<EOF
 516 backup
 517 ls
 518 quit
 519 EOF
 520
 521     cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
 522     eval echo "$cmd"
 523     out=`eval $cmd`
 524     ret=$?
 525     rm -f $tmpfile
 526
 527     if [ $ret != 0 ] ; then
 528         echo "$out"
 529         echo "failed backup privilege list $ret"
 530         false
 531         return
 532     fi
 533
 534 # Now remove all privileges from this SID.
 535     $NET sam rights revoke $priv_username SeBackupPrivilege 2>&1
 536     ret=$?
 537     if [ $ret != 0 ] ; then
 538         echo "failed to remove SeBackupPrivilege from user $priv_username - $ret"
 539         false
 540         return
 541     fi
 542 }
 543
 544 LOGDIR_PREFIX=test_smbclient_s3
 545
 546 # possibly remove old logdirs:
 547
 548 for OLDDIR in $(find ${PREFIX} -type d -name "${LOGDIR_PREFIX}_*") ;  do
 549         echo "removing old directory ${OLDDIR}"
 550         rm -rf ${OLDDIR}
 551 done
 552
 553 LOGDIR=$(mktemp -d ${PREFIX}/${LOGDIR_PREFIX}_XXXXXX)
 554
 555
 556 testit "smbclient -L $SERVER_IP" $SMBCLIENT -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1`
 557 testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT -L $SERVER -I $SERVER_IP -N -p 139 -c quit || failed=`expr $failed + 1`
 558
 559 testit "noninteractive smbclient does not prompt" \
 560     test_noninteractive_no_prompt || \
 561     failed=`expr $failed + 1`
 562
 563 testit "noninteractive smbclient -l does not prompt" \
 564    test_noninteractive_no_prompt -l $LOGDIR || \
 565     failed=`expr $failed + 1`
 566
 567 testit "interactive smbclient prompts on stdout" \
 568    test_interactive_prompt_stdout || \
 569     failed=`expr $failed + 1`
 570
 571 testit "interactive smbclient -l prompts on stdout" \
 572    test_interactive_prompt_stdout -l $LOGDIR || \
 573     failed=`expr $failed + 1`
 574
 575 testit "creating a bad symlink and deleting it" \
 576    test_bad_symlink || \
 577    failed=`expr $failed + 1`
 578
 579 testit "creating a good symlink and deleting it by path" \
 580    test_good_symlink || \
 581    failed=`expr $failed + 1`
 582
 583 testit "writing into a read-only directory fails" \
 584    test_read_only_dir ro-tmp || \
 585    failed=`expr $failed + 1`
 586
 587 testit "writing into a read-only share fails" \
 588    test_read_only_dir valid-users-tmp || \
 589    failed=`expr $failed + 1`
 590
 591 testit "Reading a owner-only file fails" \
 592    test_owner_only_file || \
 593    failed=`expr $failed + 1`
 594
 595 testit "Accessing an MS-DFS link" \
 596    test_msdfs_link || \
 597    failed=`expr $failed + 1`
 598
 599 testit "ccache access works for smbclient" \
 600     test_ccache_access || \
 601     failed=`expr $failed + 1`
 602
 603 testit "sending a message to the remote server" \
 604     test_message || \
 605     failed=`expr $failed + 1`
 606
 607 testit "using an authentication file" \
 608     test_auth_file || \
 609     failed=`expr $failed + 1`
 610
 611 testit "list with backup privilege" \
 612     test_backup_privilege_list || \
 613     failed=`expr $failed + 1`
 614
 615 testit "rm -rf $LOGDIR" \
 616     rm -rf $LOGDIR || \
 617     failed=`expr $failed + 1`
 618
 619 testok $0 $failed