raise CommandError("The authenticated user does "
"not have sufficient privileges")
+class cmd_add_sudoers(Command):
+ """Adds a Samba Sudoers Group Policy to the sysvol
+ """
+
+ synopsis = "%prog <gpo> <entry> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+ metavar="URL", dest="H"),
+ ]
+
+ takes_args = ["gpo", "entry"]
+
+ def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None):
+ pass
+
class cmd_list_sudoers(Command):
"""List Samba Sudoers Group Policy from the sysvol
class cmd_sudoers(SuperCommand):
"""Manage Sudoers Group Policy Objects"""
subcommands = {}
+ subcommands["add"] = cmd_add_sudoers()
subcommands["list"] = cmd_list_sudoers()
class cmd_manage(SuperCommand):
from samba.param import LoadParm
from samba.tests.gpo import stage_file, unstage_file
from samba.dcerpc import preg
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.common import get_string
source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../.."))
'Filling PolicyDefinitions failed')
shutil.rmtree(admx_path)
+ def test_sudoers_add(self):
+ lp = LoadParm()
+ lp.load(os.environ['SERVERCONFFILE'])
+ local_path = lp.get('path', 'sysvol')
+ reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+ self.gpo_guid, 'Machine/Registry.pol')
+
+ entry = 'fakeu ALL=(ALL) NOPASSWD: ALL'
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
+ "add"), self.gpo_guid, entry,
+ "-H", "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, 'Sudoers add failed')
+
+ self.assertTrue(os.path.exists(reg_pol),
+ 'The Registry.pol does not exist')
+ reg_data = ndr_unpack(preg.file, open(reg_pol, 'rb').read())
+ self.assertTrue(any([get_string(e.data) == entry for e in reg_data.entries]),
+ 'The sudoers entry was not added')
+
def test_sudoers_list(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
projects / thirdparty / samba.git / commitdiff
