gpo: Test that VGP Sudoers policy handles group principals

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index ba0e91bde79cd6a80e50b09978a9e5e1d7fc3f34..e3b500868ecc5c6abfa8db7c7a651bd62ddb403f 100644 (file)
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -484,7 +484,11 @@ class GPOTests(tests.TestCase):
         principal = etree.Element('principal')
         principal.text = 'fakeu'
         principal.attrib['type'] = 'user'
+        group = etree.Element('principal')
+        group.text = 'fakeg'
+        group.attrib['type'] = 'group'
         principal_list.append(principal)
+        principal_list.append(group)
         sudoers_entry.append(principal_list)
         data.append(sudoers_entry)
         policysetting.append(data)
@@ -492,7 +496,7 @@ class GPOTests(tests.TestCase):
         self.assertTrue(ret, 'Could not create the target %s' % manifest)
 
         # Process all gpos, with temp output directory
-        data = 'fakeu ALL=(ALL) NOPASSWD: ALL'
+        data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
         with TemporaryDirectory() as dname:
             ext.process_group_policy([], gpos, dname)
             sudoers = os.listdir(dname)

diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644 (file)
index 0000000..4be23fb
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1 @@
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers