From: David Mulder <dmulder@samba.org>
Date: Wed, 16 Nov 2022 22:03:18 +0000 (-0700)
Subject: gp: Test that samba-tool gpo manage removes gpme sudoers
X-Git-Tag: talloc-2.4.0~529
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0c4aebb0eff59716cfc51d86eec26a52f6913c5;p=thirdparty%2Fsamba.git

gp: Test that samba-tool gpo manage removes gpme sudoers

The file format for storing the sudo rules
changed in samba-tool, but these can still be
added via the GPME. We should still include them
here.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py
index f1a9a14ea16..78ed5d493af 100644
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -730,6 +730,24 @@ class GpoCmdTestCase(SambaToolCmdTest):
         self.assertFalse(inf_data.has_section('Kerberos Policy'))
 
     def test_sudoers_add(self):
+        lp = LoadParm()
+        lp.load(os.environ['SERVERCONFFILE'])
+        local_path = lp.get('path', 'sysvol')
+        reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+                               self.gpo_guid, 'Machine/Registry.pol')
+
+        # Stage the Registry.pol file with test data
+        stage = preg.file()
+        e = preg.entry()
+        e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
+        e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
+        e.type = 1
+        e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
+        stage.num_entries = 1
+        stage.entries = [e]
+        ret = stage_file(reg_pol, ndr_pack(stage))
+        self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
+
         (result, out, err) = self.runsublevelcmd("gpo", ("manage",
                                                  "sudoers", "add"),
                                                  self.gpo_guid, 'ALL', 'ALL',
@@ -751,6 +769,7 @@ class GpoCmdTestCase(SambaToolCmdTest):
                                                  (os.environ["USERNAME"],
                                                  os.environ["PASSWORD"]))
         self.assertIn(sudoer, out, 'The test entry was not found!')
+        self.assertIn(get_string(e.data), out, 'The test entry was not found!')
 
         (result, out, err) = self.runsublevelcmd("gpo", ("manage",
                                                  "sudoers", "remove"),
@@ -762,6 +781,17 @@ class GpoCmdTestCase(SambaToolCmdTest):
                                                  os.environ["PASSWORD"]))
         self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
 
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+                                                 "sudoers", "remove"),
+                                                 self.gpo_guid,
+                                                 get_string(e.data),
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
+
         (result, out, err) = self.runsublevelcmd("gpo", ("manage",
                                                  "sudoers", "list"),
                                                  self.gpo_guid, "-H",
@@ -771,6 +801,11 @@ class GpoCmdTestCase(SambaToolCmdTest):
                                                  (os.environ["USERNAME"],
                                                  os.environ["PASSWORD"]))
         self.assertNotIn(sudoer, out, 'The test entry was still found!')
+        self.assertNotIn(get_string(e.data), out,
+                         'The test entry was still found!')
+
+        # Unstage the Registry.pol file
+        unstage_file(reg_pol)
 
     def test_sudoers_list(self):
         lp = LoadParm()
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644
index 00000000000..05e3d4ea8e8
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1 @@
+^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_add