gpo: Test that empty Security sections are removed

author David Mulder <dmulder@suse.com>

Tue, 9 Feb 2021 18:06:40 +0000 (11:06 -0700)

committer Jeremy Allison <jra@samba.org>

Thu, 11 Feb 2021 17:21:33 +0000 (17:21 +0000)
author David Mulder <dmulder@suse.com>
Tue, 9 Feb 2021 18:06:40 +0000 (11:06 -0700)
committer Jeremy Allison <jra@samba.org>
Thu, 11 Feb 2021 17:21:33 +0000 (17:21 +0000)
diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py

index d678a96352b602af883e851bb7b4db31c6ebf6e0..588c63a703c9accc673cf51133490130a1c8eccd 100644 (file)
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -692,6 +692,41 @@ class GpoCmdTestCase(SambaToolCmdTest):
          self.assertCmdSuccess(result, out, err,
                                'Failed to unset MaxTicketAge')
  
+    def test_security_nonempty_sections(self):
+        lp = LoadParm()
+        lp.load(os.environ['SERVERCONFFILE'])
+        local_path = lp.get('path', 'sysvol')
+        gpt_inf = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+                               self.gpo_guid, 'Machine/Microsoft/Windows NT',
+                               'SecEdit/GptTmpl.inf')
+
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
+                                                 "set"), self.gpo_guid,
+                                                 'MaxTicketAge', '10',
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err,
+                              'Failed to set MaxTicketAge')
+
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
+                                                 "set"), self.gpo_guid,
+                                                 'MaxTicketAge',
+                                                 "-H", "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertCmdSuccess(result, out, err,
+                              'Failed to unset MaxTicketAge')
+
+        inf_data = ConfigParser(interpolation=None)
+        inf_data.read(gpt_inf)
+
+        self.assertFalse(inf_data.has_section('Kerberos Policy'))
+
      def test_sudoers_remove(self):
          lp = LoadParm()
          lp.load(os.environ['SERVERCONFFILE'])
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo

new file mode 100644 (file)

index 0000000..f01f38d
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1 @@
+^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_security_nonempty_sections
author	David Mulder <dmulder@suse.com>
	Tue, 9 Feb 2021 18:06:40 +0000 (11:06 -0700)
committer	Jeremy Allison <jra@samba.org>
	Thu, 11 Feb 2021 17:21:33 +0000 (17:21 +0000)
python/samba/tests/samba_tool/gpo.py		patch \| blob \| blame \| history
selftest/knownfail.d/gpo	[new file with mode: 0644]	patch \| blob