ansible-roles/ansible-role-samba
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
812643507e
ansible-role-samba/molecule/default/files/samba.bats

209 lines
5.8 KiB
Plaintext
Raw Normal View History

Replace Docker tests with Molecule. Fix acceptance tests. (#57) * [NEW]: added Molecule support * [UPDATE]: fix linting errors * [UPDATE]: Fixed missing smbclient dependency in travis config file * Changed container name; added nmblookup version check * [UPDATE]: Added samba-testsuite package in travis.yml
2020-06-20 08:18:05 +00:00
#! /usr/bin/env bats
#
# Author: Bert Van Vreckem <bert.vanvreckem@gmail.com>
#
# Test a Samba server
sut_wins_name=SAMBA_TEST # NetBIOS name
workgroup=TESTGROUP # Workgroup
# The name of a directory and file that will be created to test for
# write access (= random string)
test_dir=peghawJaup
test_file=Nocideicye
# {{{Helper functions
# Checks if a user has shell access to the system
# Usage: assert_can_login USER PASSWD
assert_can_login() {
echo $2 | su -c 'ls ${HOME}' - $1
}
# Checks that a user has NO shell access to the system
# Usage: assert_cannot_login USER
assert_cannot_login() {
run sudo su -c 'ls' - $1
[ "0" -ne "${status}" ]
}
# Check that the guest account has read access
# Usage: assert_guest_read SHARE
assert_guest_read() {
local share="${1}"
run smbclient "//${SUT_IP}/${share}" \
--user=% \
--command='ls'
echo "${output}"
[ "${status}" -eq "0" ]
}
# Check that a user has read acces to a share
# Usage: read_access SHARE USER PASSWORD
assert_read_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command='ls'
echo "${output}"
[ "${status}" -eq "0" ]
}
# Check that a user has NO read access to a share
# Usage: no_read_access SHARE USER PASSWORD
assert_no_read_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command='ls'
echo "${output}"
[ "${status}" -eq "1" ]
}
# Check that a user has write access to a share
# Usage: write_access SHARE USER PASSWORD
assert_write_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command="mkdir ${test_dir};rmdir ${test_dir}"
echo "${output}"
# Output should NOT contain any error message. Checking on exit status is
# not reliable, it can be 0 when the command failed...
[ -z "$(echo ${output} | grep NT_STATUS_)" ]
}
# Check that a user has NO write access to a share
# Usage: no_write_access SHARE USER PASSWORD
assert_no_write_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command="mkdir ${test_dir};rmdir ${test_dir}"
echo "${output}"
# Output should contain an error message (beginning with NT_STATUS, usually
# NT_STATUS_MEDIA_WRITE_PROTECTED
[ -n "$(echo ${output} | grep NT_STATUS_)" ]
}
# Check that users from the same group can write to each others files
# Usage: assert_group_write_file SHARE USER1 PASSWD1 USER2 PASSWD2
assert_group_write_file() {
local share="${1}"
local user1="${2}"
local passwd1="${3}"
local user2="${4}"
local passwd2="${5}"
echo "Hello world!" > ${test_file}
smbclient "//${SUT_IP}/${share}" --user=${user1}%${passwd1} \
--command="put ${test_file}"
# In order to overwrite the file, write access is needed. This will fail
# if user2 doesnt have write access.
smbclient "//${SUT_IP}/${share}" --user=${user2}%${passwd2} \
--command="put ${test_file}"
}
# Check that users from the same group can write to each others directories
# Usage: assert_group_write_dir SHARE USER1 PASSWD1 USER2 PASSWD2
assert_group_write_dir() {
local share="${1}"
local user1="${2}"
local passwd1="${3}"
local user2="${4}"
local passwd2="${5}"
smbclient "//${SUT_IP}/${share}" --user=${user1}%${passwd1} \
--command="mkdir ${test_dir}; mkdir ${test_dir}/tst"
run smbclient "//${SUT_IP}/${share}" --user=${user2}%${passwd2} \
--command="rmdir ${test_dir}/tst"
[ -z $(echo "${output}" | grep NT_STATUS_ACCESS_DENIED) ]
}
#}}}
@test 'NetBIOS name resolution should work' {
#skip
# Look up the Samba servers NetBIOS name under the specified workgroup
# The result should contain the IP followed by NetBIOS name
nmblookup -U ${SUT_IP} --workgroup ${workgroup} ${sut_wins_name} | grep "^${SUT_IP} ${sut_wins_name}"
}
# Read / write access to shares
@test 'read access for share restrictedshare' {
# Share User Password
assert_read_access restrictedshare usr1 usr1
assert_read_access restrictedshare usr2 usr2
}
@test 'write access for share restrictedshare' {
# Share User Password
assert_no_write_access restrictedshare usr1 usr1
assert_no_write_access restrictedshare usr2 usr2
}
@test 'read access for share privateshare' {
# Share User Password
assert_read_access privateshare usr1 usr1
assert_no_read_access privateshare usr2 usr2
}
@test 'write access for share privateshare' {
# Share User Password
assert_write_access privateshare usr1 usr1
assert_no_write_access privateshare usr2 usr2
}
@test 'read access for share protectedshare' {
# Share User Password
assert_read_access protectedshare usr1 usr1
assert_read_access protectedshare usr2 usr2
}
@test 'write access for share protectedshare' {
# Share User Password
assert_no_write_access protectedshare usr1 usr1
assert_write_access protectedshare usr2 usr2
}
@test 'read access for share publicshare' {
# Share User Password
assert_read_access publicshare usr1 usr1
assert_read_access publicshare usr2 usr2
}
@test 'write access for share publicshare' {
# Share User Password
assert_write_access publicshare usr1 usr1
assert_write_access publicshare usr2 usr2
}
@test 'Guest access in share guestshare' {
assert_guest_read guestshare
}
Reference in New Issue Copy Permalink