my $manglenames_shrdir="$shrdir/manglenames";
push(@dirs,$manglenames_shrdir);
+ my $widelinks_shrdir="$shrdir/widelinks";
+ push(@dirs,$widelinks_shrdir);
+
+ my $widelinks_linkdir="$shrdir/widelinks_foo";
+ push(@dirs,$widelinks_linkdir);
+
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
my $wbsockprivdir="$lockdir/winbindd_privileged";
my $manglename_target = "$manglenames_shrdir/foo:bar";
mkdir($manglename_target, 0777);
+ ##
+ ## create symlinks for widelinks tests.
+ ##
+ my $widelinks_target = "$widelinks_linkdir/target";
+ unless (open(WIDELINKS_TARGET, ">$widelinks_target")) {
+ warn("Unable to open $widelinks_target");
+ return undef;
+ }
+ close(WIDELINKS_TARGET);
+ chmod 0666, $widelinks_target;
+ ##
+ ## This link should get ACCESS_DENIED
+ ##
+ symlink "$widelinks_target", "$widelinks_shrdir/source";
+ ##
+ ## This link should be allowed
+ ##
+ symlink "$widelinks_shrdir", "$widelinks_shrdir/dot";
+
my $conffile="$libdir/server.conf";
my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/lib/nss_wrapper/nss_wrapper.pl";
path = $shrdir/%R
guest ok = yes
+[widelinks_share]
+ path = $widelinks_shrdir
+ wide links = no
+ guest ok = yes
+
[fsrvp_share]
path = $shrdir
comment = fake shapshots using rsync
fi
}
+# Test wide links are restricted.
+test_widelinks()
+{
+ tmpfile=$PREFIX/smbclient_interactive_prompt_commands
+ cat > $tmpfile <<EOF
+cd dot
+ls
+quit
+EOF
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/widelinks_share -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret != 0 ] ; then
+ echo "$out"
+ echo "failed accessing widelinks_share with error $ret"
+ false
+ return
+ fi
+
+ echo "$out" | grep 'NT_STATUS'
+ ret=$?
+ if [ $ret == 0 ] ; then
+ echo "$out"
+ echo "failed - NT_STATUS_XXXX listing \\widelinks_share\\dot"
+ false
+ fi
+
+ cat > $tmpfile <<EOF
+allinfo source
+quit
+EOF
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/widelinks_share -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret != 0 ] ; then
+ echo "$out"
+ echo "failed accessing widelinks_share with error $ret"
+ false
+ return
+ fi
+
+# This should fail with NT_STATUS_ACCESS_DENIED
+ echo "$out" | grep 'NT_STATUS_ACCESS_DENIED'
+ ret=$?
+ if [ $ret != 0 ] ; then
+ echo "$out"
+ echo "failed - should get NT_STATUS_ACCESS_DENIED listing \\widelinks_share\\source"
+ false
+ fi
+}
LOGDIR_PREFIX=test_smbclient_s3
test_toplevel_stream || \
failed=`expr $failed + 1`
+testit "Ensure widelinks are restricted" \
+ test_widelinks || \
+ failed=`expr $failed + 1`
+
testit "rm -rf $LOGDIR" \
rm -rf $LOGDIR || \
failed=`expr $failed + 1`
git.samba.org / gd / samba-autobuild / .git / commitdiff