takes_args = ["gpo"]
def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
- self.lp = sambaopts.get_loadparm()
- self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
-
- # We need to know writable DC to setup SMB connection
- if H and H.startswith('ldap://'):
- dc_hostname = H[7:]
- self.url = H
- else:
- dc_hostname = netcmd_finddc(self.lp, self.creds)
- self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
-
- # SMB connect to DC
- conn = smb_connection(dc_hostname,
- 'sysvol',
- lp=self.lp,
- creds=self.creds)
-
- realm = self.lp.get('realm')
- pol_file = '\\'.join([realm.lower(), 'Policies', gpo,
- 'MACHINE\\Registry.pol'])
- try:
- pol_data = ndr_unpack(preg.file, conn.loadfile(pol_file))
- except NTSTATUSError as e:
- if e.args[0] == 0xC0000033: # STATUS_OBJECT_NAME_INVALID
- return # The file doesn't exist, so there is nothing to list
- if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
- raise CommandError("The authenticated user does "
- "not have sufficient privileges")
- raise
-
- keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
- for entry in pol_data.entries:
- if get_bytes(entry.keyname) == keyname:
- self.outf.write('%s\n' % entry.data)
+ pass
class cmd_remove_sudoers(Command):
"""Removes a Samba Sudoers Group Policy from the sysvol
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
local_path = lp.get('path', 'sysvol')
- reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
- self.gpo_guid, 'Machine/Registry.pol')
+ vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+ self.gpo_guid, 'Machine/VGP/VTLA/Sudo',
+ 'SudoersConfiguration/manifest.xml')
- # Stage the Registry.pol file with test data
- stage = preg.file()
- e = preg.entry()
- e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
- e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
- e.type = 1
- e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
- stage.num_entries = 1
- stage.entries = [e]
- ret = stage_file(reg_pol, ndr_pack(stage))
- self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
+ stage = etree.Element('vgppolicy')
+ policysetting = etree.SubElement(stage, 'policysetting')
+ pv = etree.SubElement(policysetting, 'version')
+ pv.text = '1'
+ name = etree.SubElement(policysetting, 'name')
+ name.text = 'Sudo Policy'
+ description = etree.SubElement(policysetting, 'description')
+ description.text = 'Sudoers File Configuration Policy'
+ apply_mode = etree.SubElement(policysetting, 'apply_mode')
+ apply_mode.text = 'merge'
+ data = etree.SubElement(policysetting, 'data')
+ load_plugin = etree.SubElement(data, 'load_plugin')
+ load_plugin.text = 'true'
+ sudoers_entry = etree.SubElement(data, 'sudoers_entry')
+ command = etree.SubElement(sudoers_entry, 'command')
+ command.text = 'ALL'
+ user = etree.SubElement(sudoers_entry, 'user')
+ user.text = 'ALL'
+ listelement = etree.SubElement(sudoers_entry, 'listelement')
+ principal = etree.SubElement(listelement, 'principal')
+ principal.text = 'fakeu'
+ principal.attrib['type'] = 'user'
+ ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
+ self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
- (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
- "list"), self.gpo_guid,
- "-H", "ldap://%s" %
+ sudoer = 'fakeu ALL=(ALL) NOPASSWD: ALL'
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "list"),
+ self.gpo_guid, "-H",
+ "ldap://%s" %
os.environ["SERVER"],
"-U%s%%%s" %
(os.environ["USERNAME"],
os.environ["PASSWORD"]))
- self.assertIn(e.data, out, 'The test entry was not found!')
+ self.assertIn(sudoer, out, 'The test entry was not found!')
- # Unstage the Registry.pol file
- unstage_file(reg_pol)
+ # Unstage the manifest.xml file
+ unstage_file(vgp_xml)
def test_symlink_list(self):
lp = LoadParm()
projects / thirdparty / samba.git / commitdiff
