s3:tests: Add test for checking that root is not allowed as home dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec  5 05:22:43 CET 2018 on sn-devel-144

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d90945c383001b5ce8908c67fc540e1a8370d0b8..2234c11c79588febe5604dc872662533bbee1afe 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1672,8 +1672,9 @@ sub provision($$$$$$$$$)
        my ($uid_user2);
        my ($uid_gooduser);
        my ($uid_eviluser);
+       my ($uid_slashuser);
 
-       if ($unix_uid < 0xffff - 12) {
+       if ($unix_uid < 0xffff - 13) {
                $max_uid = 0xffff;
        } else {
                $max_uid = $unix_uid;
@@ -1691,6 +1692,7 @@ sub provision($$$$$$$$$)
        $uid_user2 = $max_uid - 10;
        $uid_gooduser = $max_uid - 11;
        $uid_eviluser = $max_uid - 12;
+       $uid_slashuser = $max_uid - 13;
 
        if ($unix_gids[0] < 0xffff - 8) {
                $max_gid = 0xffff;
@@ -2323,6 +2325,7 @@ user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
 user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
 gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false
 eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
+slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
 ";
        if ($unix_uid != 0) {
                print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -2401,6 +2404,7 @@ force_user:x:$gid_force_user:
        createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2");
        createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
        createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
+       createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
 
        open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
        print DNS_UPDATE_LIST "A $server. $server_ip\n";

diff --git a/source3/script/tests/test_homes.sh b/source3/script/tests/test_homes.sh
index 06de0a0c3014478bcb0bf89c2b5b41035677b7f1..90e84550dbcfd538b940948c52d2a9c643fc0c95 100755 (executable)
--- a/source3/script/tests/test_homes.sh
+++ b/source3/script/tests/test_homes.sh
@@ -88,6 +88,39 @@ EOF
     return 0
 }
 
+test_slashuser_home()
+{
+    tmpfile=$PREFIX/smbclient_homes_slashuser_commands
+    cat > $tmpfile <<EOF
+ls
+quit
+EOF
+
+    USERNAME=slashuser
+
+    cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/$USERNAME $CONFIGURATION < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval $cmd)
+    ret=$?
+    rm -f $tmpfile
+
+    if [ $ret -ne 1 ] ; then
+       echo "$out"
+       echo "The server should reject connecting ret=$ret"
+       return 1
+    fi
+
+    echo "$out" | grep 'NT_STATUS_BAD_NETWORK_NAME'
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "$out"
+       echo 'failed - should get: NT_STATUS_BAD_NETWORK_NAME.'
+       return 1
+    fi
+
+    return 0
+}
+
 testit "test gooduser home" \
     test_gooduser_home || \
     failed=`expr $failed + 1`
@@ -96,4 +129,8 @@ testit "test eviluser home reject" \
     test_eviluser_home || \
     failed=`expr $failed + 1`
 
+testit "test slashuser home reject" \
+    test_slashuser_home || \
+    failed=`expr $failed + 1`
+
 testok $0 $failed