ansible-roles/ansible-role-samba
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
812643507e
ansible-role-samba/molecule/default/files/samba.bats
Robin Ophalvens 812643507e
Replace Docker tests with Molecule. Fix acceptance tests. (#57) 
* [NEW]: added Molecule support
* [UPDATE]: fix linting errors
* [UPDATE]: Fixed missing smbclient dependency in travis config file
* Changed container name; added nmblookup version check
* [UPDATE]: Added samba-testsuite package in travis.yml
2020-06-20 10:18:05 +02:00

209 lines
5.8 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#! /usr/bin/env bats
#
# Author: Bert Van Vreckem <bert.vanvreckem@gmail.com>
#
# Test a Samba server
sut_wins_name=SAMBA_TEST # NetBIOS name
workgroup=TESTGROUP # Workgroup
# The name of a directory and file that will be created to test for
# write access (= random string)
test_dir=peghawJaup
test_file=Nocideicye
# {{{Helper functions
# Checks if a user has shell access to the system
# Usage: assert_can_login USER PASSWD
assert_can_login() {
echo $2 | su -c 'ls ${HOME}' - $1
}
# Checks that a user has NO shell access to the system
# Usage: assert_cannot_login USER
assert_cannot_login() {
run sudo su -c 'ls' - $1
[ "0" -ne "${status}" ]
}
# Check that the guest account has read access
# Usage: assert_guest_read SHARE
assert_guest_read() {
local share="${1}"
run smbclient "//${SUT_IP}/${share}" \
--user=% \
--command='ls'
echo "${output}"
[ "${status}" -eq "0" ]
}
# Check that a user has read acces to a share
# Usage: read_access SHARE USER PASSWORD
assert_read_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command='ls'
echo "${output}"
[ "${status}" -eq "0" ]
}
# Check that a user has NO read access to a share
# Usage: no_read_access SHARE USER PASSWORD
assert_no_read_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command='ls'
echo "${output}"
[ "${status}" -eq "1" ]
}
# Check that a user has write access to a share
# Usage: write_access SHARE USER PASSWORD
assert_write_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command="mkdir ${test_dir};rmdir ${test_dir}"
echo "${output}"
# Output should NOT contain any error message. Checking on exit status is
# not reliable, it can be 0 when the command failed...
[ -z "$(echo ${output} | grep NT_STATUS_)" ]
}
# Check that a user has NO write access to a share
# Usage: no_write_access SHARE USER PASSWORD
assert_no_write_access() {
local share="${1}"
local user="${2}"
local password="${3}"
run smbclient "//${SUT_IP}/${share}" \
--user=${user}%${password} \
--command="mkdir ${test_dir};rmdir ${test_dir}"
echo "${output}"
# Output should contain an error message (beginning with NT_STATUS, usually
# NT_STATUS_MEDIA_WRITE_PROTECTED
[ -n "$(echo ${output} | grep NT_STATUS_)" ]
}
# Check that users from the same group can write to each others files
# Usage: assert_group_write_file SHARE USER1 PASSWD1 USER2 PASSWD2
assert_group_write_file() {
local share="${1}"
local user1="${2}"
local passwd1="${3}"
local user2="${4}"
local passwd2="${5}"
echo "Hello world!" > ${test_file}
smbclient "//${SUT_IP}/${share}" --user=${user1}%${passwd1} \
--command="put ${test_file}"
# In order to overwrite the file, write access is needed. This will fail
# if user2 doesnt have write access.
smbclient "//${SUT_IP}/${share}" --user=${user2}%${passwd2} \
--command="put ${test_file}"
}
# Check that users from the same group can write to each others directories
# Usage: assert_group_write_dir SHARE USER1 PASSWD1 USER2 PASSWD2
assert_group_write_dir() {
local share="${1}"
local user1="${2}"
local passwd1="${3}"
local user2="${4}"
local passwd2="${5}"
smbclient "//${SUT_IP}/${share}" --user=${user1}%${passwd1} \
--command="mkdir ${test_dir}; mkdir ${test_dir}/tst"
run smbclient "//${SUT_IP}/${share}" --user=${user2}%${passwd2} \
--command="rmdir ${test_dir}/tst"
[ -z $(echo "${output}" | grep NT_STATUS_ACCESS_DENIED) ]
}
#}}}
@test 'NetBIOS name resolution should work' {
#skip
# Look up the Samba servers NetBIOS name under the specified workgroup
# The result should contain the IP followed by NetBIOS name
nmblookup -U ${SUT_IP} --workgroup ${workgroup} ${sut_wins_name} | grep "^${SUT_IP} ${sut_wins_name}"
}
# Read / write access to shares
@test 'read access for share restrictedshare' {
# Share User Password
assert_read_access restrictedshare usr1 usr1
assert_read_access restrictedshare usr2 usr2
}
@test 'write access for share restrictedshare' {
# Share User Password
assert_no_write_access restrictedshare usr1 usr1
assert_no_write_access restrictedshare usr2 usr2
}
@test 'read access for share privateshare' {
# Share User Password
assert_read_access privateshare usr1 usr1
assert_no_read_access privateshare usr2 usr2
}
@test 'write access for share privateshare' {
# Share User Password
assert_write_access privateshare usr1 usr1
assert_no_write_access privateshare usr2 usr2
}
@test 'read access for share protectedshare' {
# Share User Password
assert_read_access protectedshare usr1 usr1
assert_read_access protectedshare usr2 usr2
}
@test 'write access for share protectedshare' {
# Share User Password
assert_no_write_access protectedshare usr1 usr1
assert_write_access protectedshare usr2 usr2
}
@test 'read access for share publicshare' {
# Share User Password
assert_read_access publicshare usr1 usr1
assert_read_access publicshare usr2 usr2
}
@test 'write access for share publicshare' {
# Share User Password
assert_write_access publicshare usr1 usr1
assert_write_access publicshare usr2 usr2
}
@test 'Guest access in share guestshare' {
assert_guest_read guestshare
}
Reference in New Issue View Git Blame Copy Permalink