s3:selftest: Add test for virus scanner

author Pavel Filipenský <pfilipen@redhat.com>

Tue, 8 Feb 2022 14:35:48 +0000 (15:35 +0100)

committer Jule Anger <janger@samba.org>

Fri, 25 Feb 2022 10:31:13 +0000 (10:31 +0000)
author Pavel Filipenský <pfilipen@redhat.com>
Tue, 8 Feb 2022 14:35:48 +0000 (15:35 +0100)
committer Jule Anger <janger@samba.org>
Fri, 25 Feb 2022 10:31:13 +0000 (10:31 +0000)
diff --git a/selftest/knownfail.d/virus_scanner b/selftest/knownfail.d/virus_scanner

new file mode 100644 (file)

index 0000000..6df3fd2
--- /dev/null
+++ b/selftest/knownfail.d/virus_scanner
@@ -0,0 +1,2 @@
+^samba3.blackbox.virus_scanner.check_infected_read  # test download infected file ('vfs objects = virusfilter')
+^samba3.blackbox.virus_scanner.check_infected_write # test upload infected file ('vfs objects = virusfilter')
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm

index 306783931e03a78f99e021e338b1dac02b7daa7a..baec3347c7d90caa9cae6a2af57b087c4199a211 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1463,6 +1463,9 @@ sub setup_fileserver
         my $veto_sharedir="$share_dir/veto";
         push(@dirs,$veto_sharedir);
  
+       my $virusfilter_sharedir="$share_dir/virusfilter";
+       push(@dirs,$virusfilter_sharedir);
+
         my $ip4 = Samba::get_ipv4_addr("FILESERVER");
         my $fileserver_options = "
         kernel change notify = yes
@@ -1588,6 +1591,15 @@ sub setup_fileserver
         path = $veto_sharedir
         delete veto files = yes
  
+[virusfilter]
+       path = $virusfilter_sharedir
+       vfs objects = acl_xattr virusfilter
+       virusfilter:scanner = dummy
+       virusfilter:min file size = 0
+       virusfilter:infected files = *infected*
+       virusfilter:infected file action = rename
+       virusfilter:scan on close = yes
+
  [homes]
         comment = Home directories
         browseable = No
diff --git a/source3/script/tests/test_virus_scanner.sh b/source3/script/tests/test_virus_scanner.sh

new file mode 100755 (executable)

index 0000000..2234ea6
--- /dev/null
+++ b/source3/script/tests/test_virus_scanner.sh
@@ -0,0 +1,124 @@
+#!/bin/sh
+# Copyright (c) 2022      Pavel Filipenský <pfilipen@redhat.com>
+# shellcheck disable=1091
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: $0 SERVER_IP SHARE LOCAL_PATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER_IP=${1}
+SHARE=${2}
+LOCAL_PATH=${3}
+SMBCLIENT=${4}
+
+SMBCLIENT="${VALGRIND} ${SMBCLIENT}"
+
+failed=0
+sharedir="${LOCAL_PATH}/${SHARE}"
+
+incdir="$(dirname "$0")/../../../testprogs/blackbox"
+. "${incdir}/subunit.sh"
+
+check_infected_read()
+{
+    rm -rf "${sharedir:?}"/*
+
+    if ! touch "${sharedir}/infected.txt"; then
+        echo "ERROR: Cannot create ${sharedir}/infected.txt"
+        return 1
+    fi
+
+    ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get infected.txt ${sharedir}/infected.download.txt"
+
+    # check that virusfilter:rename prefix/suffix was added
+    if [ ! -f "${sharedir}/virusfilter.infected.txt.infected" ]; then
+        echo "ERROR: ${sharedir}/virusfilter.infected.txt.infected is missing."
+        return 1
+    fi
+
+    # check that file was not downloaded
+    if [ -f "${sharedir}/infected.download.txt" ]; then
+        echo "ERROR: {sharedir}/infected.download.txt should not exist."
+        return 1
+    fi
+
+    return 0
+}
+
+check_infected_write()
+{
+    rm -rf "${sharedir:?}"/*
+    smbfile=infected.upload.txt
+    smbfilerenamed="virusfilter.${smbfile}.infected"
+
+    # non empty file is needed
+    # vsf_virusfilter performs a scan only if fsp->fsp_flags.modified
+    if ! echo "Hello Virus!" > "${sharedir}/infected.txt"; then
+        echo "ERROR: Cannot create ${sharedir}/infected.txt"
+        return 1
+    fi
+
+    ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "put ${sharedir}/infected.txt ${smbfile}"
+
+    # check that virusfilter:rename prefix/suffix was added
+    if [ ! -f "${sharedir}/${smbfilerenamed}" ]; then
+        echo "ERROR: ${sharedir}/${smbfilerenamed} is missing."
+        return 1
+    fi
+
+    # check that file was not uploaded
+    if [ -f "${sharedir}/infected.upload.txt" ]; then
+        echo "ERROR: {sharedir}/${smbfile} should not exist."
+        return 1
+    fi
+
+    return 0
+}
+
+check_healthy_read()
+{
+    rm -rf "${sharedir:?}"/*
+
+    if ! echo "Hello Samba!" > "${sharedir}/healthy.txt"; then
+        echo "ERROR: Cannot create ${sharedir}/healthy.txt"
+        return 1
+    fi
+
+    ${SMBCLIENT} //"${SERVER_IP}"/"${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get healthy.txt ${sharedir}/healthy.download.txt"
+
+    if ! cmp "${sharedir}/healthy.txt" "${sharedir}/healthy.download.txt"; then
+        echo "ERROR: cmp ${sharedir}/healthy.txt ${sharedir}/healthy.download.txt FAILED"
+        return 1
+    fi
+
+    return 0
+}
+
+check_healthy_write()
+{
+    rm -rf "${sharedir:?}"/*
+
+    if ! echo "Hello Samba!" > "${sharedir}/healthy.txt"; then
+        echo "ERROR: Cannot create ${sharedir}/healthy.txt"
+        return 1
+    fi
+
+    ${SMBCLIENT} //"${SERVER_IP}"/"${SHARE}" -U"${USER}"%"${PASSWORD}" -c "put ${sharedir}/healthy.txt healthy.upload.txt"
+
+    if ! cmp "${sharedir}/healthy.txt" "${sharedir}/healthy.upload.txt"; then
+        echo "ERROR: cmp ${sharedir}/healthy.txt ${sharedir}/healthy.upload.txt FAILED"
+        return 1
+    fi
+
+    return 0
+}
+
+testit "check_infected_read"  check_infected_read  || failed=$((failed + 1))
+testit "check_infected_write" check_infected_write || failed=$((failed + 1))
+testit "check_healthy_read"   check_healthy_read   || failed=$((failed + 1))
+testit "check_healthy_write"  check_healthy_write  || failed=$((failed + 1))
+
+testok "$0" "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py

index c78c9ea4ab8cd6df560171db3e012f1bd60d3993..3c8976874e658f395f2da7a09ffe4342ca312963 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1113,6 +1113,15 @@ plantestsuite("samba3.blackbox.smbclient.encryption_off", "simpleserver",
                 "$USERNAME", "$PASSWORD", "$SERVER",
                 smbclient3])
  
+env = 'fileserver'
+plantestsuite("samba3.blackbox.virus_scanner", "%s:local" % (env),
+              [os.path.join(samba3srcdir,
+                            "script/tests/test_virus_scanner.sh"),
+               '$SERVER_IP',
+               "virusfilter",
+               '$LOCAL_PATH',
+               smbclient3])
+
  for env in ['fileserver', 'simpleserver']:
      plantestsuite("samba3.blackbox.smbclient.encryption", env,
                    [os.path.join(samba3srcdir, "script/tests/test_smbclient_encryption.sh"),
author	Pavel Filipenský <pfilipen@redhat.com>
	Tue, 8 Feb 2022 14:35:48 +0000 (15:35 +0100)
committer	Jule Anger <janger@samba.org>
	Fri, 25 Feb 2022 10:31:13 +0000 (10:31 +0000)
selftest/knownfail.d/virus_scanner	[new file with mode: 0644]	patch \| blob
selftest/target/Samba3.pm		patch \| blob \| history
source3/script/tests/test_virus_scanner.sh	[new file with mode: 0755]	patch \| blob
source3/selftest/tests.py		patch \| blob \| history