From: David Mulder <dmulder@suse.com>
Date: Wed, 23 Dec 2020 19:25:11 +0000 (-0700)
Subject: samba-tool: Test gpo manage openssh list command
X-Git-Tag: tevent-0.11.0~1778
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61394e5dd10112190c4af875eed6fcc071ca3920;p=thirdparty%2Fsamba.git

samba-tool: Test gpo manage openssh list command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index 4de7602570b..2a599e222fa 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -914,6 +914,11 @@
 	<para>Remove VGP Files Group Policy from the sysvol</para>
 </refsect3>
 
+<refsect3>
+	<title>gpo manage openssh list</title>
+	<para>List VGP OpenSSH Group Policy from the sysvol</para>
+</refsect3>
+
 <refsect2>
 	<title>group</title>
 	<para>Manage groups.</para>
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index 8decbe0a8af..1b2629a5496 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -2763,6 +2763,38 @@ class cmd_files(SuperCommand):
     subcommands["add"] = cmd_add_files()
     subcommands["remove"] = cmd_remove_files()
 
+class cmd_list_openssh(Command):
+    """List VGP OpenSSH Group Policy from the sysvol
+
+This command lists openssh options from the sysvol that will be applied to winbind clients.
+
+Example:
+samba-tool gpo manage openssh list {31B2F340-016D-11D2-945F-00C04FB984F9}
+    """
+
+    synopsis = "%prog <gpo> [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+                metavar="URL", dest="H"),
+    ]
+
+    takes_args = ["gpo"]
+
+    def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
+        pass
+
+class cmd_openssh(SuperCommand):
+    """Manage OpenSSH Group Policy Objects"""
+    subcommands = {}
+    subcommands["list"] = cmd_list_openssh()
+
 class cmd_manage(SuperCommand):
     """Manage Group Policy Objects"""
     subcommands = {}
@@ -2771,6 +2803,7 @@ class cmd_manage(SuperCommand):
     subcommands["smb_conf"] = cmd_smb_conf()
     subcommands["symlink"] = cmd_symlink()
     subcommands["files"] = cmd_files()
+    subcommands["openssh"] = cmd_openssh()
 
 class cmd_gpo(SuperCommand):
     """Group Policy Object (GPO) management."""
diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py
index 05c7f30f0a8..8c6f2592986 100644
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -988,6 +988,51 @@ class GpoCmdTestCase(SambaToolCmdTest):
                                                  os.environ["PASSWORD"]))
         self.assertNotIn(target_file, out, 'The test entry was still found!')
 
+    def test_vgp_openssh_list(self):
+        lp = LoadParm()
+        lp.load(os.environ['SERVERCONFFILE'])
+        local_path = lp.get('path', 'sysvol')
+        vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+                               self.gpo_guid, 'Machine/VGP/VTLA/SshCfg',
+                               'SshD/manifest.xml')
+
+        stage = etree.Element('vgppolicy')
+        policysetting = etree.SubElement(stage, 'policysetting')
+        pv = etree.SubElement(policysetting, 'version')
+        pv.text = '1'
+        name = etree.SubElement(policysetting, 'name')
+        name.text = 'Configuration File'
+        description = etree.SubElement(policysetting, 'description')
+        description.text = 'Represents Unix configuration file settings'
+        apply_mode = etree.SubElement(policysetting, 'apply_mode')
+        apply_mode.text = 'merge'
+        data = etree.SubElement(policysetting, 'data')
+        configfile = etree.SubElement(data, 'configfile')
+        etree.SubElement(configfile, 'filename')
+        configsection = etree.SubElement(configfile, 'configsection')
+        etree.SubElement(configsection, 'sectionname')
+        opt = etree.SubElement(configsection, 'keyvaluepair')
+        key = etree.SubElement(opt, 'key')
+        key.text = 'KerberosAuthentication'
+        value = etree.SubElement(opt, 'value')
+        value.text = 'Yes'
+        ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
+        self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
+
+        openssh = 'KerberosAuthentication Yes'
+        (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+                                                 "openssh", "list"),
+                                                 self.gpo_guid, "-H",
+                                                 "ldap://%s" %
+                                                 os.environ["SERVER"],
+                                                 "-U%s%%%s" %
+                                                 (os.environ["USERNAME"],
+                                                 os.environ["PASSWORD"]))
+        self.assertIn(openssh, out, 'The test entry was not found!')
+
+        # Unstage the manifest.xml file
+        unstage_file(vgp_xml)
+
     def setUp(self):
         """set up a temporary GPO to work with"""
         super(GpoCmdTestCase, self).setUp()
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644
index 00000000000..d4b825c63a7
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1 @@
+^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_vgp_openssh_list