sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3:tests: Reformat test_symlink_traversal_smb1.sh

Browse Source 
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2022-04-22 15:34:11 +02:00 committed by Andrew Bartlett
parent 8722450d09
commit 0714a6b435
1 changed files with 138 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

277
source3/script/tests/test_symlink_traversal_smb1.sh
View File

@ -1,10 +1,10 @@
#!/bin/sh
if [ $# -lt 7 ]; then
cat <<EOF
cat <<EOF
Usage: test_symlink_traversal_smb1.sh SERVER SERVER_IP USERNAME PASSWORD LOCAL_PATH PREFIX SMBCLIENT
EOF
exit 1;
exit 1
fi
SERVER="${1}"
@ -26,7 +26,6 @@ failed=0
SAMBA_DEPRECATED_SUPPRESS=1
export SAMBA_DEPRECATED_SUPPRESS
# Define the test environment/filenames.
#
share_test_dir="$LOCAL_PATH"
@ -48,29 +47,29 @@ dir_outside_share_noexist="/tmp/symlink_traverse_test_dir_noexist.$$"
#
do_cleanup()
{
(
#subshell.
cd "$share_test_dir" || return
rm -f "file_exists"
rm -f "symlink_noexist"
rm -f "symlink_file_outside_share"
rm -f "symlink_file_outside_share_noexist"
rm -f "symlink_dir_outside_share"
rm -f "symlink_dir_outside_share_noexist"
rm -f "symlink_file_outside_share_noperms"
rm -f "symlink_dir_outside_share_noperms"
rm -rf "emptydir"
# Links inside share.
rm -f "symlink_file_inside_share_noperms"
rm -f "file_inside_share_noperms"
rm -f "symlink_dir_inside_share_noperms"
chmod 755 "dir_inside_share_noperms"
rm -rf "dir_inside_share_noperms"
)
rm -f "$file_outside_share"
rm -rf "$dir_outside_share"
rm -f "$file_outside_share_noperms"
rm -rf "$dir_outside_share_noperms"
(
#subshell.
cd "$share_test_dir" || return
rm -f "file_exists"
rm -f "symlink_noexist"
rm -f "symlink_file_outside_share"
rm -f "symlink_file_outside_share_noexist"
rm -f "symlink_dir_outside_share"
rm -f "symlink_dir_outside_share_noexist"
rm -f "symlink_file_outside_share_noperms"
rm -f "symlink_dir_outside_share_noperms"
rm -rf "emptydir"
# Links inside share.
rm -f "symlink_file_inside_share_noperms"
rm -f "file_inside_share_noperms"
rm -f "symlink_dir_inside_share_noperms"
chmod 755 "dir_inside_share_noperms"
rm -rf "dir_inside_share_noperms"
)
rm -f "$file_outside_share"
rm -rf "$dir_outside_share"
rm -f "$file_outside_share_noperms"
rm -rf "$dir_outside_share_noperms"
}
#
@ -92,41 +91,41 @@ chmod 0 "$dir_outside_share_noperms"
#
# Create links to these objects inside the share definition.
(
#subshell.
cd "$share_test_dir" || return
touch "file_exists"
ln -s "noexist" "symlink_noexist"
ln -s "$file_outside_share" "symlink_file_outside_share"
ln -s "$file_outside_share_noexist" "symlink_file_outside_share_noexist"
ln -s "$dir_outside_share" "symlink_dir_outside_share"
ln -s "$dir_outside_share_noexist" "symlink_dir_outside_share_noexist"
ln -s "$file_outside_share_noperms" "symlink_file_outside_share_noperms"
ln -s "$dir_outside_share_noperms" "symlink_dir_outside_share_noperms"
#
# Create the identical symlink set underneath "emptydir"
mkdir "emptydir"
(
#subshell
cd "emptydir" || return
touch "file_exists"
ln -s "noexist" "symlink_noexist"
ln -s "$file_outside_share" "symlink_file_outside_share"
ln -s "$file_outside_share_noexist" "symlink_file_outside_share_noexist"
ln -s "$dir_outside_share" "symlink_dir_outside_share"
ln -s "$dir_outside_share_noexist" "symlink_dir_outside_share_noexist"
ln -s "$file_outside_share_noperms" "symlink_file_outside_share_noperms"
ln -s "$dir_outside_share_noperms" "symlink_dir_outside_share_noperms"
)
#
# Create symlinks to access denied file and directory
# objects within the share
touch "file_inside_share_noperms"
chmod 0 "file_inside_share_noperms"
ln -s "file_inside_share_noperms" "symlink_file_inside_share_noperms"
mkdir "dir_inside_share_noperms"
touch "dir_inside_share_noperms/noperm_file_exists"
chmod 0 "dir_inside_share_noperms"
ln -s "dir_inside_share_noperms" "symlink_dir_inside_share_noperms"
#subshell.
cd "$share_test_dir" || return
touch "file_exists"
ln -s "noexist" "symlink_noexist"
ln -s "$file_outside_share" "symlink_file_outside_share"
ln -s "$file_outside_share_noexist" "symlink_file_outside_share_noexist"
ln -s "$dir_outside_share" "symlink_dir_outside_share"
ln -s "$dir_outside_share_noexist" "symlink_dir_outside_share_noexist"
ln -s "$file_outside_share_noperms" "symlink_file_outside_share_noperms"
ln -s "$dir_outside_share_noperms" "symlink_dir_outside_share_noperms"
#
# Create the identical symlink set underneath "emptydir"
mkdir "emptydir"
(
#subshell
cd "emptydir" || return
touch "file_exists"
ln -s "noexist" "symlink_noexist"
ln -s "$file_outside_share" "symlink_file_outside_share"
ln -s "$file_outside_share_noexist" "symlink_file_outside_share_noexist"
ln -s "$dir_outside_share" "symlink_dir_outside_share"
ln -s "$dir_outside_share_noexist" "symlink_dir_outside_share_noexist"
ln -s "$file_outside_share_noperms" "symlink_file_outside_share_noperms"
ln -s "$dir_outside_share_noperms" "symlink_dir_outside_share_noperms"
)
#
# Create symlinks to access denied file and directory
# objects within the share
touch "file_inside_share_noperms"
chmod 0 "file_inside_share_noperms"
ln -s "file_inside_share_noperms" "symlink_file_inside_share_noperms"
mkdir "dir_inside_share_noperms"
touch "dir_inside_share_noperms/noperm_file_exists"
chmod 0 "dir_inside_share_noperms"
ln -s "dir_inside_share_noperms" "symlink_dir_inside_share_noperms"
)
#
@ -134,38 +133,38 @@ ln -s "dir_inside_share_noperms" "symlink_dir_inside_share_noperms"
#
smbclient_expect_error()
{
filecmd="$1"
filename1="$2"
filename2="$3"
expected_error="$4"
tmpfile=$PREFIX/smbclient_interactive_prompt_commands
cat > "$tmpfile" <<EOF
filecmd="$1"
filename1="$2"
filename2="$3"
expected_error="$4"
tmpfile=$PREFIX/smbclient_interactive_prompt_commands
cat >"$tmpfile" <<EOF
$filecmd $filename1 $filename2
quit
EOF
cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/local_symlinks -I$SERVER_IP -mNT1 < $tmpfile 2>&1'
eval echo "$cmd"
out=$(eval "$cmd")
ret=$?
rm -f "$tmpfile"
cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/local_symlinks -I$SERVER_IP -mNT1 < $tmpfile 2>&1'
eval echo "$cmd"
out=$(eval "$cmd")
ret=$?
rm -f "$tmpfile"
if [ $ret != 0 ] ; then
printf "%s\n" "$out"
printf "failed accessing local_symlinks with error %s\n" "$ret"
return 1
fi
if [ $ret != 0 ]; then
printf "%s\n" "$out"
printf "failed accessing local_symlinks with error %s\n" "$ret"
return 1
fi
if [ "$expected_error" = "NT_STATUS_OK" ] ; then
printf "%s" "$out" | grep -v "NT_STATUS_"
else
printf "%s" "$out" | grep "$expected_error"
fi
ret=$?
if [ $ret != 0 ] ; then
printf "%s\n" "$out"
printf "failed - should get %s doing \"%s %s %s\"\n" "$expected_error" "$filecmd" "$filename1" "$filename2"
return 1
fi
if [ "$expected_error" = "NT_STATUS_OK" ]; then
printf "%s" "$out" | grep -v "NT_STATUS_"
else
printf "%s" "$out" | grep "$expected_error"
fi
ret=$?
if [ $ret != 0 ]; then
printf "%s\n" "$out"
printf "failed - should get %s doing \"%s %s %s\"\n" "$expected_error" "$filecmd" "$filename1" "$filename2"
return 1
fi
}
#
@ -173,54 +172,54 @@ EOF
#
test_symlink_traversal_SMB1_onename()
{
name="$1"
do_rename="$2"
#
# get commands.
#
smbclient_expect_error "get" "$name" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "get" "$name/noexist" "" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
smbclient_expect_error "get" "$name/*" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
smbclient_expect_error "get" "$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "get" "emptydir/$name" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "get" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
smbclient_expect_error "get" "emptydir/$name/*" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
smbclient_expect_error "get" "emptydir/$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
#
# ls commands.
#
smbclient_expect_error "ls" "$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "ls" "$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "$name/*" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "ls" "emptydir/$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "ls" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "emptydir/$name/*" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "emptydir/$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
name="$1"
do_rename="$2"
#
# get commands.
#
smbclient_expect_error "get" "$name" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "get" "$name/noexist" "" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
smbclient_expect_error "get" "$name/*" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
smbclient_expect_error "get" "$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "get" "emptydir/$name" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "get" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
smbclient_expect_error "get" "emptydir/$name/*" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
smbclient_expect_error "get" "emptydir/$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
#
# ls commands.
#
smbclient_expect_error "ls" "$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "ls" "$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "$name/*" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "ls" "emptydir/$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "ls" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "emptydir/$name/*" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "ls" "emptydir/$name/*/noexist" "" "NT_STATUS_OBJECT_NAME_INVALID" || return 1
#
# del commands.
# smbclient internally does a cli_list, so we expect similar errors.
#
smbclient_expect_error "del" "$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "del" "$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "del" "emptydir/$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "del" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
#
# del commands.
# smbclient internally does a cli_list, so we expect similar errors.
#
smbclient_expect_error "del" "$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "del" "$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
# Now in subdirectory emptydir
smbclient_expect_error "del" "emptydir/$name" "" "NT_STATUS_NO_SUCH_FILE" || return 1
smbclient_expect_error "del" "emptydir/$name/noexist" "" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
if [ "$do_rename" = "do rename" ] ; then
#
# rename commands.
#
if [ "$do_rename" = "do rename" ]; then
#
# rename commands.
#
smbclient_expect_error "rename" "file_exists" "$name" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "rename" "file_exists" "$name/noexist" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
# Now in subdirectory emptydir
# Now in subdirectory emptydir
smbclient_expect_error "rename" "file_exists" "emptydir/$name" "NT_STATUS_OBJECT_NAME_NOT_FOUND" || return 1
smbclient_expect_error "rename" "file_exists" "emptydir/$name/noexist" "NT_STATUS_OBJECT_PATH_NOT_FOUND" || return 1
fi
return 0
fi
return 0
}
#
@ -235,26 +234,26 @@ test_symlink_traversal_SMB1()
test_symlink_traversal_SMB1_onename "symlink_dir_outside_share_noexist" "no rename" || return 1
test_symlink_traversal_SMB1_onename "symlink_file_outside_share_noperms" "do rename" || return 1
test_symlink_traversal_SMB1_onename "symlink_dir_outside_share_noperms" "do rename" || return 1
#
# Test paths within share with no permissions.
#
# Can't 'get' file with no perms or a symlink to it.
#
# Test paths within share with no permissions.
#
# Can't 'get' file with no perms or a symlink to it.
smbclient_expect_error "get" "file_inside_share_noperms" "" "NT_STATUS_ACCESS_DENIED" || return 1
smbclient_expect_error "get" "symlink_file_inside_share_noperms" "" "NT_STATUS_ACCESS_DENIED" || return 1
# But can list it and the symlink to it.
# But can list it and the symlink to it.
smbclient_expect_error "ls" "file_inside_share_noperms" "" "NT_STATUS_OK" || return 1
smbclient_expect_error "ls" "symlink_file_inside_share_noperms" "" "NT_STATUS_OK" || return 1
# Can't 'get' file inside a directory with no perms or a symlink to it.
# Can't 'get' file inside a directory with no perms or a symlink to it.
smbclient_expect_error "get" "dir_inside_share_noperms/noperm_file_exists" "" "NT_STATUS_ACCESS_DENIED" || return 1
smbclient_expect_error "get" "symlink_dir_inside_share_noperms/noperm_file_exists" "" "NT_STATUS_ACCESS_DENIED" || return 1
# But can list the directory with no perms and the symlink to it.
# But can list the directory with no perms and the symlink to it.
smbclient_expect_error "ls" "dir_inside_share_noperms" "" "NT_STATUS_OK" || return 1
smbclient_expect_error "ls" "symlink_dir_inside_share_noperms" "" "NT_STATUS_OK" || return 1
}
testit "symlink_traversal_SMB1" \
test_symlink_traversal_SMB1 || \
failed=$((failed+1))
test_symlink_traversal_SMB1 ||
failed=$((failed + 1))
#
# Cleanup.