2025-01-26 10:04:02 +03:00 · 2020-11-09 15:48:28 -07:00 · 2020-11-09 15:48:28 -07:00 · b0ccebd3ee
commit b0ccebd3ee
parent b402c7642c
3 changed files with 49 additions and 1 deletions
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@ -1665,6 +1665,28 @@ class cmd_admxload(Command):
                            raise CommandError("The authenticated user does "
                                               "not have sufficient privileges")

+class cmd_add_sudoers(Command):
+    """Adds a Samba Sudoers Group Policy to the sysvol
+    """
+
+    synopsis = "%prog <gpo> <entry> [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+                metavar="URL", dest="H"),
+    ]
+
+    takes_args = ["gpo", "entry"]
+
+    def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None):
+        pass
+
 class cmd_list_sudoers(Command):
    """List Samba Sudoers Group Policy from the sysvol

@ -1728,6 +1750,7 @@ samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9}
 class cmd_sudoers(SuperCommand):
    """Manage Sudoers Group Policy Objects"""
    subcommands = {}
+    subcommands["add"] = cmd_add_sudoers()
    subcommands["list"] = cmd_list_sudoers()

 class cmd_manage(SuperCommand):
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@ -27,7 +27,8 @@ from samba.netcmd.gpo import get_gpo_dn, get_gpo_info
 from samba.param import LoadParm
 from samba.tests.gpo import stage_file, unstage_file
 from samba.dcerpc import preg
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.common import get_string

 source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../.."))

@ -545,6 +546,29 @@ class GpoCmdTestCase(SambaToolCmdTest):
                        'Filling PolicyDefinitions failed')
        shutil.rmtree(admx_path)

+    def test_sudoers_add(self):
+        lp = LoadParm()
+        lp.load(os.environ['SERVERCONFFILE'])
+        local_path = lp.get('path', 'sysvol')
+        reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+                               self.gpo_guid, 'Machine/Registry.pol')
+
+        entry = 'fakeu  ALL=(ALL) NOPASSWD: ALL'
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
+                                                 "add"), self.gpo_guid, entry,
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err, 'Sudoers add failed')
+
+        self.assertTrue(os.path.exists(reg_pol),
+                        'The Registry.pol does not exist')
+        reg_data = ndr_unpack(preg.file, open(reg_pol, 'rb').read())
+        self.assertTrue(any([get_string(e.data) == entry for e in reg_data.entries]),
+                        'The sudoers entry was not added')
+
    def test_sudoers_list(self):
        lp = LoadParm()
        lp.load(os.environ['SERVERCONFFILE'])
--- a/selftest/knownfail.d/gpo
+++ b/selftest/knownfail.d/gpo
@ -0,0 +1 @@
+^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_add
				`@ -0,0 +1 @@`
				`^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_add`