1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

samba-tool: Test gpo manage vgp sudoers remove command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
David Mulder 2020-12-22 15:36:59 -07:00 committed by Jeremy Allison
parent 30e0ba2ed8
commit 430e065fa9
3 changed files with 22 additions and 74 deletions

View File

@ -1888,51 +1888,7 @@ samba-tool gpo manage sudoers remove {31B2F340-016D-11D2-945F-00C04FB984F9} 'fak
takes_args = ["gpo", "entry"]
def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
# We need to know writable DC to setup SMB connection
if H and H.startswith('ldap://'):
dc_hostname = H[7:]
self.url = H
else:
dc_hostname = netcmd_finddc(self.lp, self.creds)
self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
# SMB connect to DC
conn = smb_connection(dc_hostname,
'sysvol',
lp=self.lp,
creds=self.creds)
realm = self.lp.get('realm')
pol_file = '\\'.join([realm.lower(), 'Policies', gpo,
'MACHINE\\Registry.pol'])
try:
pol_data = ndr_unpack(preg.file, conn.loadfile(pol_file))
except NTSTATUSError as e:
if e.args[0] == 0xC0000033: # STATUS_OBJECT_NAME_INVALID
raise CommandError("The specified entry does not exist")
elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
raise CommandError("The authenticated user does "
"not have sufficient privileges")
raise
if entry not in [e.data for e in pol_data.entries]:
raise CommandError("Cannot remove '%s' because it does not exist" %
entry)
entries = [e for e in pol_data.entries if e.data != entry]
pol_data.num_entries = len(entries)
pol_data.entries = entries
try:
conn.savefile(pol_file, ndr_pack(pol_data))
except NTSTATUSError as e:
if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
raise CommandError("The authenticated user does "
"not have sufficient privileges")
raise
pass
class cmd_sudoers(SuperCommand):
"""Manage Sudoers Group Policy Objects"""

View File

@ -727,35 +727,6 @@ class GpoCmdTestCase(SambaToolCmdTest):
self.assertFalse(inf_data.has_section('Kerberos Policy'))
def test_sudoers_remove(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
local_path = lp.get('path', 'sysvol')
reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
self.gpo_guid, 'Machine/Registry.pol')
# Stage the Registry.pol file with test data
stage = preg.file()
e = preg.entry()
e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
e.type = 1
e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
stage.num_entries = 1
stage.entries = [e]
ret = stage_file(reg_pol, ndr_pack(stage))
self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
(result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
"remove"), self.gpo_guid,
get_string(e.data),
"-H", "ldap://%s" %
os.environ["SERVER"],
"-U%s%%%s" %
(os.environ["USERNAME"],
os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
def test_sudoers_add(self):
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
"sudoers", "add"),
@ -779,6 +750,26 @@ class GpoCmdTestCase(SambaToolCmdTest):
os.environ["PASSWORD"]))
self.assertIn(sudoer, out, 'The test entry was not found!')
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
"sudoers", "remove"),
self.gpo_guid, sudoer,
"-H", "ldap://%s" %
os.environ["SERVER"],
"-U%s%%%s" %
(os.environ["USERNAME"],
os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
"sudoers", "list"),
self.gpo_guid, "-H",
"ldap://%s" %
os.environ["SERVER"],
"-U%s%%%s" %
(os.environ["USERNAME"],
os.environ["PASSWORD"]))
self.assertNotIn(sudoer, out, 'The test entry was still found!')
def test_sudoers_list(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])

1
selftest/knownfail.d/gpo Normal file
View File

@ -0,0 +1 @@
samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_vgp_sudoers_add