From: David Mulder Date: Fri, 26 Feb 2021 21:01:48 +0000 (-0700) Subject: gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names X-Git-Tag: tevent-0.11.0~1660 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d771314ee0de75d9e436d2d20290faae95e37160;p=thirdparty%2Fsamba.git gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names Signed-off-by: David Mulder Reviewed-by: Jeremy Allison --- diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index 2ff3e5e593e..f849ff2c031 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -493,18 +493,46 @@ class GPOTests(tests.TestCase): principal_list.append(group) sudoers_entry.append(principal_list) data.append(sudoers_entry) + # Ensure an empty principal doesn't cause a crash + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + # Ensure having dispersed principals still works + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + listelement = etree.SubElement(sudoers_entry, 'listelement') + principal = etree.SubElement(listelement, 'principal') + principal.text = 'fakeu2' + principal.attrib['type'] = 'user' + listelement = etree.SubElement(sudoers_entry, 'listelement') + group = etree.SubElement(listelement, 'principal') + group.text = 'fakeg2' + group.attrib['type'] = 'group' policysetting.append(data) ret = stage_file(manifest, etree.tostring(stage)) self.assertTrue(ret, 'Could not create the target %s' % manifest) # Process all gpos, with temp output directory data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL' + data2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL' + data_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL' with TemporaryDirectory() as dname: ext.process_group_policy([], gpos, dname) sudoers = os.listdir(dname) - self.assertEquals(len(sudoers), 1, 'The sudoer file was not created') - self.assertIn(data, - open(os.path.join(dname, sudoers[0]), 'r').read(), + self.assertEquals(len(sudoers), 3, 'The sudoer file was not created') + output = open(os.path.join(dname, sudoers[0]), 'r').read() + \ + open(os.path.join(dname, sudoers[1]), 'r').read() + \ + open(os.path.join(dname, sudoers[2]), 'r').read() + self.assertIn(data, output, + 'The sudoers entry was not applied') + self.assertIn(data2, output, + 'The sudoers entry was not applied') + self.assertIn(data_no_principal, output, 'The sudoers entry was not applied') # Remove policy diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..4be23fb2004 --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers