mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
gp: Test modifying centrify crontab user policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
70d3601fc6
commit
7db3b63e76
@ -7638,8 +7638,11 @@ class GPOTests(tests.TestCase):
|
|||||||
|
|
||||||
def test_gp_user_centrify_crontab_ext(self):
|
def test_gp_user_centrify_crontab_ext(self):
|
||||||
local_path = self.lp.cache_path('gpo_cache')
|
local_path = self.lp.cache_path('gpo_cache')
|
||||||
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
|
guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
|
||||||
reg_pol = os.path.join(local_path, policies, guid,
|
'{6AC1786C-016F-11D2-945F-00C04FB984F9}']
|
||||||
|
reg_pol = os.path.join(local_path, policies, guids[0],
|
||||||
|
'USER/REGISTRY.POL')
|
||||||
|
reg_pol2 = os.path.join(local_path, policies, guids[1],
|
||||||
'USER/REGISTRY.POL')
|
'USER/REGISTRY.POL')
|
||||||
cache_dir = self.lp.get('cache directory')
|
cache_dir = self.lp.get('cache directory')
|
||||||
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
|
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
|
||||||
@ -7669,6 +7672,19 @@ class GPOTests(tests.TestCase):
|
|||||||
ret = stage_file(reg_pol, ndr_pack(stage))
|
ret = stage_file(reg_pol, ndr_pack(stage))
|
||||||
self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
|
self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
|
||||||
|
|
||||||
|
# Stage the other Registry.pol
|
||||||
|
stage = preg.file()
|
||||||
|
e2 = preg.entry()
|
||||||
|
e2.keyname = \
|
||||||
|
b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
|
||||||
|
e2.valuename = b'Command1'
|
||||||
|
e2.type = 1
|
||||||
|
e2.data = b'17 * * * * echo this is a second policy'
|
||||||
|
stage.num_entries = 1
|
||||||
|
stage.entries = [e2]
|
||||||
|
ret = stage_file(reg_pol2, ndr_pack(stage))
|
||||||
|
self.assertTrue(ret, 'Could not create the target %s' % reg_pol2)
|
||||||
|
|
||||||
# Process all gpos, intentionally skipping the privilege drop
|
# Process all gpos, intentionally skipping the privilege drop
|
||||||
ext.process_group_policy([], gpos)
|
ext.process_group_policy([], gpos)
|
||||||
# Dump the fake crontab setup for testing
|
# Dump the fake crontab setup for testing
|
||||||
@ -7676,13 +7692,30 @@ class GPOTests(tests.TestCase):
|
|||||||
crontab, _ = p.communicate()
|
crontab, _ = p.communicate()
|
||||||
self.assertIn(get_bytes(e.data), crontab,
|
self.assertIn(get_bytes(e.data), crontab,
|
||||||
'The crontab entry was not installed')
|
'The crontab entry was not installed')
|
||||||
|
self.assertIn(get_bytes(e2.data), crontab,
|
||||||
|
'The crontab entry was not installed')
|
||||||
|
|
||||||
|
# Force apply with removal of second GPO
|
||||||
|
gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
|
||||||
|
del_gpos = gp_db.get_applied_settings([guids[1]])
|
||||||
|
gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
|
||||||
|
ext.process_group_policy(del_gpos, gpos)
|
||||||
|
|
||||||
|
# Dump the fake crontab setup for testing
|
||||||
|
p = Popen(['crontab', '-l'], stdout=PIPE)
|
||||||
|
crontab, _ = p.communicate()
|
||||||
|
|
||||||
|
# Ensure the first entry remains, and the second entry is removed
|
||||||
|
self.assertIn(get_bytes(e.data), crontab,
|
||||||
|
'The first crontab entry was not found')
|
||||||
|
self.assertNotIn(get_bytes(e2.data), crontab,
|
||||||
|
'The second crontab entry was still present')
|
||||||
|
|
||||||
# Check that a call to gpupdate --rsop also succeeds
|
# Check that a call to gpupdate --rsop also succeeds
|
||||||
ret = rsop(self.lp)
|
ret = rsop(self.lp)
|
||||||
self.assertEquals(ret, 0, 'gpupdate --rsop failed!')
|
self.assertEquals(ret, 0, 'gpupdate --rsop failed!')
|
||||||
|
|
||||||
# Remove policy
|
# Remove policy
|
||||||
gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
|
|
||||||
del_gpos = get_deleted_gpos_list(gp_db, [])
|
del_gpos = get_deleted_gpos_list(gp_db, [])
|
||||||
ext.process_group_policy(del_gpos, [])
|
ext.process_group_policy(del_gpos, [])
|
||||||
# Dump the fake crontab setup for testing
|
# Dump the fake crontab setup for testing
|
||||||
@ -7691,5 +7724,6 @@ class GPOTests(tests.TestCase):
|
|||||||
self.assertNotIn(get_bytes(e.data), crontab,
|
self.assertNotIn(get_bytes(e.data), crontab,
|
||||||
'Unapply failed to cleanup crontab entry')
|
'Unapply failed to cleanup crontab entry')
|
||||||
|
|
||||||
# Unstage the Registry.pol file
|
# Unstage the Registry.pol files
|
||||||
unstage_file(reg_pol)
|
unstage_file(reg_pol)
|
||||||
|
unstage_file(reg_pol2)
|
||||||
|
@ -5,3 +5,4 @@
|
|||||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_issue
|
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_issue
|
||||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_smb_conf_ext
|
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_smb_conf_ext
|
||||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_scripts_ext
|
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_scripts_ext
|
||||||
|
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_centrify_crontab_ext
|
||||||
|
Loading…
x
Reference in New Issue
Block a user