From a92f0ccce606be12e851a4100fbb44b069c5fe87 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 3 Dec 2018 11:05:46 +0100
Subject: [PATCH] s3:tests: Add test for checking that root is not allowed as
 home dir
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec  5 05:22:43 CET 2018 on sn-devel-144
---
 selftest/target/Samba3.pm          |  6 ++++-
 source3/script/tests/test_homes.sh | 37 ++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d90945c3830..2234c11c795 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1672,8 +1672,9 @@ sub provision($$$$$$$$$)
 	my ($uid_user2);
 	my ($uid_gooduser);
 	my ($uid_eviluser);
+	my ($uid_slashuser);
 
-	if ($unix_uid < 0xffff - 12) {
+	if ($unix_uid < 0xffff - 13) {
 		$max_uid = 0xffff;
 	} else {
 		$max_uid = $unix_uid;
@@ -1691,6 +1692,7 @@ sub provision($$$$$$$$$)
 	$uid_user2 = $max_uid - 10;
 	$uid_gooduser = $max_uid - 11;
 	$uid_eviluser = $max_uid - 12;
+	$uid_slashuser = $max_uid - 13;
 
 	if ($unix_gids[0] < 0xffff - 8) {
 		$max_gid = 0xffff;
@@ -2323,6 +2325,7 @@ user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
 user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
 gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false
 eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
+slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
 ";
 	if ($unix_uid != 0) {
 		print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -2401,6 +2404,7 @@ force_user:x:$gid_force_user:
 	createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2");
 	createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
 	createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
+	createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
 
 	open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
 	print DNS_UPDATE_LIST "A $server. $server_ip\n";
diff --git a/source3/script/tests/test_homes.sh b/source3/script/tests/test_homes.sh
index 06de0a0c301..90e84550dbc 100755
--- a/source3/script/tests/test_homes.sh
+++ b/source3/script/tests/test_homes.sh
@@ -88,6 +88,39 @@ EOF
     return 0
 }
 
+test_slashuser_home()
+{
+    tmpfile=$PREFIX/smbclient_homes_slashuser_commands
+    cat > $tmpfile <<EOF
+ls
+quit
+EOF
+
+    USERNAME=slashuser
+
+    cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/$USERNAME $CONFIGURATION < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval $cmd)
+    ret=$?
+    rm -f $tmpfile
+
+    if [ $ret -ne 1 ] ; then
+       echo "$out"
+       echo "The server should reject connecting ret=$ret"
+       return 1
+    fi
+
+    echo "$out" | grep 'NT_STATUS_BAD_NETWORK_NAME'
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "$out"
+       echo 'failed - should get: NT_STATUS_BAD_NETWORK_NAME.'
+       return 1
+    fi
+
+    return 0
+}
+
 testit "test gooduser home" \
     test_gooduser_home || \
     failed=`expr $failed + 1`
@@ -96,4 +129,8 @@ testit "test eviluser home reject" \
     test_eviluser_home || \
     failed=`expr $failed + 1`
 
+testit "test slashuser home reject" \
+    test_slashuser_home || \
+    failed=`expr $failed + 1`
+
 testok $0 $failed