From: David Mulder Date: Mon, 1 Mar 2021 17:31:54 +0000 (-0700) Subject: samba-tool: Test gpo manage access add command X-Git-Tag: tevent-0.11.0~1455 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=996a0bd2e46fa9e164f390561c64dd5d954eb7e2;p=thirdparty%2Fsamba.git samba-tool: Test gpo manage access add command Signed-off-by: David Mulder Reviewed-by: Jeremy Allison --- diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 159aba8b788..cbb9b390da7 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -3752,10 +3752,40 @@ samba-tool gpo manage access list {31B2F340-016D-11D2-945F-00C04FB984F9} domain = adobject.find('domain') self.outf.write('-:%s\\%s:ALL\n' % (domain.text, name.text)) +class cmd_add_access(Command): + """Adds a VGP Host Access Group Policy to the sysvol + +This command adds a host access setting to the sysvol for applying to winbind +clients. + +Example: +samba-tool gpo manage access add {31B2F340-016D-11D2-945F-00C04FB984F9} allow goodguy example.com + """ + + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo", "etype", "cn", "domain"] + + def run(self, gpo, etype, cn, domain, H=None, sambaopts=None, + credopts=None, versionopts=None): + pass + class cmd_access(SuperCommand): """Manage Host Access Group Policy Objects""" subcommands = {} subcommands["list"] = cmd_list_access() + subcommands["add"] = cmd_add_access() class cmd_manage(SuperCommand): """Manage Group Policy Objects""" diff --git a/python/samba/tests/samba_tool/gpo_exts.py b/python/samba/tests/samba_tool/gpo_exts.py index 222973fbb72..e4cef47513f 100644 --- a/python/samba/tests/samba_tool/gpo_exts.py +++ b/python/samba/tests/samba_tool/gpo_exts.py @@ -94,6 +94,47 @@ class GpoCmdTestCase(SambaToolCmdTest): # Unstage the manifest.xml file unstage_file(vgp_xml) + def test_vgp_access_add(self): + lp = LoadParm() + lp.load(os.environ['SERVERCONFFILE']) + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "access", "add"), + self.gpo_guid, + "allow", self.test_user, + lp.get('realm').lower(), + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Access add failed') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "access", "add"), + self.gpo_guid, + "deny", self.test_group, + lp.get('realm').lower(), + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Access add failed') + + allow_entry = '+:%s\\%s:ALL' % (lp.get('realm').lower(), self.test_user) + deny_entry = '-:%s\\%s:ALL' % (lp.get('realm').lower(), self.test_group) + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "access", "list"), + self.gpo_guid, "-H", + "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertIn(allow_entry, out, 'The test entry was not found!') + self.assertIn(deny_entry, out, 'The test entry was not found!') + def setUp(self): """set up a temporary GPO to work with""" super(GpoCmdTestCase, self).setUp() @@ -108,8 +149,20 @@ class GpoCmdTestCase(SambaToolCmdTest): except IndexError: self.fail("Failed to find GUID in output: %s" % out) + self.test_user = 'testuser' + (result, out, err) = self.runsubcmd("user", "add", self.test_user, + "--random-password") + self.assertCmdSuccess(result, out, err, 'User creation failed') + self.test_group = 'testgroup' + (result, out, err) = self.runsubcmd("group", "add", self.test_group) + self.assertCmdSuccess(result, out, err, 'Group creation failed') + def tearDown(self): """remove the temporary GPO to work with""" (result, out, err) = self.runsubcmd("gpo", "del", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])) self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully") + (result, out, err) = self.runsubcmd("user", "delete", self.test_user) + self.assertCmdSuccess(result, out, err, 'User delete failed') + (result, out, err) = self.runsubcmd("group", "delete", self.test_group) + self.assertCmdSuccess(result, out, err, 'Group delete failed') super(GpoCmdTestCase, self).tearDown() diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..837f9c756f0 --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo_exts.samba.tests.samba_tool.gpo_exts.GpoCmdTestCase.test_vgp_access_list