From bc38d3afe380c0892e6d5b791cbb19624b43d612 Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@suse.com>
Date: Thu, 6 Aug 2020 12:44:41 -0600
Subject: [PATCH] gpo: Add rsop output for Sudoers policy

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 python/samba/gp_sudoers_ext.py | 16 ++++++++++++++++
 selftest/knownfail.d/gpo       |  1 -
 2 files changed, 16 insertions(+), 1 deletion(-)
 delete mode 100644 selftest/knownfail.d/gpo

diff --git a/python/samba/gp_sudoers_ext.py b/python/samba/gp_sudoers_ext.py
index cbebc8f06e3..6eb033a67c0 100644
--- a/python/samba/gp_sudoers_ext.py
+++ b/python/samba/gp_sudoers_ext.py
@@ -83,3 +83,19 @@ class gp_sudoers_ext(gp_pol_ext):
                                 self.logger.warn('Sudoers apply "%s" failed'
                                         % e.data)
                         self.gp_db.commit()
+
+    def rsop(self, gpo):
+        output = {}
+        pol_file = 'MACHINE/Registry.pol'
+        if gpo.file_sys_path:
+            path = os.path.join(gpo.file_sys_path, pol_file)
+            pol_conf = self.parse(path)
+            if not pol_conf:
+                return output
+            for e in pol_conf.entries:
+                key = e.keyname.split('\\')[-1]
+                if key.endswith('Sudo Rights') and e.data.strip():
+                    if key not in output.keys():
+                        output[key] = []
+                    output[key].append(e.data)
+        return output
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
deleted file mode 100644
index b1c8285117f..00000000000
--- a/selftest/knownfail.d/gpo
+++ /dev/null
@@ -1 +0,0 @@
-samba.tests.gpo.samba.tests.gpo.GPOTests.test_rsop