]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names
authorDavid Mulder <dmulder@suse.com>
Fri, 26 Feb 2021 21:01:48 +0000 (14:01 -0700)
committerJeremy Allison <jra@samba.org>
Mon, 8 Mar 2021 17:58:37 +0000 (17:58 +0000)
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
python/samba/tests/gpo.py
selftest/knownfail.d/gpo [new file with mode: 0644]

index 2ff3e5e593e7f32f6a7db6fe6a6c77fb1be43229..f849ff2c03147b70837871eee34b85ce82175a96 100644 (file)
@@ -493,18 +493,46 @@ class GPOTests(tests.TestCase):
         principal_list.append(group)
         sudoers_entry.append(principal_list)
         data.append(sudoers_entry)
+        # Ensure an empty principal doesn't cause a crash
+        sudoers_entry = etree.SubElement(data, 'sudoers_entry')
+        command = etree.SubElement(sudoers_entry, 'command')
+        command.text = 'ALL'
+        user = etree.SubElement(sudoers_entry, 'user')
+        user.text = 'ALL'
+        # Ensure having dispersed principals still works
+        sudoers_entry = etree.SubElement(data, 'sudoers_entry')
+        command = etree.SubElement(sudoers_entry, 'command')
+        command.text = 'ALL'
+        user = etree.SubElement(sudoers_entry, 'user')
+        user.text = 'ALL'
+        listelement = etree.SubElement(sudoers_entry, 'listelement')
+        principal = etree.SubElement(listelement, 'principal')
+        principal.text = 'fakeu2'
+        principal.attrib['type'] = 'user'
+        listelement = etree.SubElement(sudoers_entry, 'listelement')
+        group = etree.SubElement(listelement, 'principal')
+        group.text = 'fakeg2'
+        group.attrib['type'] = 'group'
         policysetting.append(data)
         ret = stage_file(manifest, etree.tostring(stage))
         self.assertTrue(ret, 'Could not create the target %s' % manifest)
 
         # Process all gpos, with temp output directory
         data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
+        data2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
+        data_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
         with TemporaryDirectory() as dname:
             ext.process_group_policy([], gpos, dname)
             sudoers = os.listdir(dname)
-            self.assertEquals(len(sudoers), 1, 'The sudoer file was not created')
-            self.assertIn(data,
-                    open(os.path.join(dname, sudoers[0]), 'r').read(),
+            self.assertEquals(len(sudoers), 3, 'The sudoer file was not created')
+            output = open(os.path.join(dname, sudoers[0]), 'r').read() + \
+                     open(os.path.join(dname, sudoers[1]), 'r').read() + \
+                     open(os.path.join(dname, sudoers[2]), 'r').read()
+            self.assertIn(data, output,
+                    'The sudoers entry was not applied')
+            self.assertIn(data2, output,
+                    'The sudoers entry was not applied')
+            self.assertIn(data_no_principal, output,
                     'The sudoers entry was not applied')
 
             # Remove policy
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644 (file)
index 0000000..4be23fb
--- /dev/null
@@ -0,0 +1 @@
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers