mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
samba-tool: Test gpo manage vgp sudoers remove command
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
30e0ba2ed8
commit
430e065fa9
@ -1888,51 +1888,7 @@ samba-tool gpo manage sudoers remove {31B2F340-016D-11D2-945F-00C04FB984F9} 'fak
|
||||
takes_args = ["gpo", "entry"]
|
||||
|
||||
def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None):
|
||||
self.lp = sambaopts.get_loadparm()
|
||||
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
|
||||
|
||||
# We need to know writable DC to setup SMB connection
|
||||
if H and H.startswith('ldap://'):
|
||||
dc_hostname = H[7:]
|
||||
self.url = H
|
||||
else:
|
||||
dc_hostname = netcmd_finddc(self.lp, self.creds)
|
||||
self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
|
||||
|
||||
# SMB connect to DC
|
||||
conn = smb_connection(dc_hostname,
|
||||
'sysvol',
|
||||
lp=self.lp,
|
||||
creds=self.creds)
|
||||
|
||||
realm = self.lp.get('realm')
|
||||
pol_file = '\\'.join([realm.lower(), 'Policies', gpo,
|
||||
'MACHINE\\Registry.pol'])
|
||||
try:
|
||||
pol_data = ndr_unpack(preg.file, conn.loadfile(pol_file))
|
||||
except NTSTATUSError as e:
|
||||
if e.args[0] == 0xC0000033: # STATUS_OBJECT_NAME_INVALID
|
||||
raise CommandError("The specified entry does not exist")
|
||||
elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
|
||||
raise CommandError("The authenticated user does "
|
||||
"not have sufficient privileges")
|
||||
raise
|
||||
|
||||
if entry not in [e.data for e in pol_data.entries]:
|
||||
raise CommandError("Cannot remove '%s' because it does not exist" %
|
||||
entry)
|
||||
|
||||
entries = [e for e in pol_data.entries if e.data != entry]
|
||||
pol_data.num_entries = len(entries)
|
||||
pol_data.entries = entries
|
||||
|
||||
try:
|
||||
conn.savefile(pol_file, ndr_pack(pol_data))
|
||||
except NTSTATUSError as e:
|
||||
if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
|
||||
raise CommandError("The authenticated user does "
|
||||
"not have sufficient privileges")
|
||||
raise
|
||||
pass
|
||||
|
||||
class cmd_sudoers(SuperCommand):
|
||||
"""Manage Sudoers Group Policy Objects"""
|
||||
|
@ -727,35 +727,6 @@ class GpoCmdTestCase(SambaToolCmdTest):
|
||||
|
||||
self.assertFalse(inf_data.has_section('Kerberos Policy'))
|
||||
|
||||
def test_sudoers_remove(self):
|
||||
lp = LoadParm()
|
||||
lp.load(os.environ['SERVERCONFFILE'])
|
||||
local_path = lp.get('path', 'sysvol')
|
||||
reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
|
||||
self.gpo_guid, 'Machine/Registry.pol')
|
||||
|
||||
# Stage the Registry.pol file with test data
|
||||
stage = preg.file()
|
||||
e = preg.entry()
|
||||
e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
|
||||
e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
|
||||
e.type = 1
|
||||
e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
|
||||
stage.num_entries = 1
|
||||
stage.entries = [e]
|
||||
ret = stage_file(reg_pol, ndr_pack(stage))
|
||||
self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
|
||||
|
||||
(result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
|
||||
"remove"), self.gpo_guid,
|
||||
get_string(e.data),
|
||||
"-H", "ldap://%s" %
|
||||
os.environ["SERVER"],
|
||||
"-U%s%%%s" %
|
||||
(os.environ["USERNAME"],
|
||||
os.environ["PASSWORD"]))
|
||||
self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
|
||||
|
||||
def test_sudoers_add(self):
|
||||
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
|
||||
"sudoers", "add"),
|
||||
@ -779,6 +750,26 @@ class GpoCmdTestCase(SambaToolCmdTest):
|
||||
os.environ["PASSWORD"]))
|
||||
self.assertIn(sudoer, out, 'The test entry was not found!')
|
||||
|
||||
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
|
||||
"sudoers", "remove"),
|
||||
self.gpo_guid, sudoer,
|
||||
"-H", "ldap://%s" %
|
||||
os.environ["SERVER"],
|
||||
"-U%s%%%s" %
|
||||
(os.environ["USERNAME"],
|
||||
os.environ["PASSWORD"]))
|
||||
self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
|
||||
|
||||
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
|
||||
"sudoers", "list"),
|
||||
self.gpo_guid, "-H",
|
||||
"ldap://%s" %
|
||||
os.environ["SERVER"],
|
||||
"-U%s%%%s" %
|
||||
(os.environ["USERNAME"],
|
||||
os.environ["PASSWORD"]))
|
||||
self.assertNotIn(sudoer, out, 'The test entry was still found!')
|
||||
|
||||
def test_sudoers_list(self):
|
||||
lp = LoadParm()
|
||||
lp.load(os.environ['SERVERCONFFILE'])
|
||||
|
1
selftest/knownfail.d/gpo
Normal file
1
selftest/knownfail.d/gpo
Normal file
@ -0,0 +1 @@
|
||||
samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_vgp_sudoers_add
|
Loading…
Reference in New Issue
Block a user