From: David Mulder Date: Mon, 9 Nov 2020 23:28:11 +0000 (-0700) Subject: samba-tool: Test gpo Security list X-Git-Tag: samba-4.14.0rc1~457 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aba8ece11d21aafbb3b42a3c24b18c5f9c5559f7;p=thirdparty%2Fsamba.git samba-tool: Test gpo Security list Signed-off-by: David Mulder Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 80e20e66718..0958bd090b4 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -66,6 +66,7 @@ from samba import param from samba.credentials import SMB_SIGNING_REQUIRED from samba.netcmd.common import attr_default from samba.common import get_bytes +from configparser import ConfigParser def gpo_flags_string(value): @@ -1996,15 +1997,39 @@ PasswordComplexity Password must meet complexity requirements else: raise +class cmd_list_security(Command): + """List Samba Security Group Policy from the sysvol + """ + + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo"] + + def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None): + pass + class cmd_security(SuperCommand): """Manage Security Group Policy Objects""" subcommands = {} subcommands["set"] = cmd_set_security() + subcommands["list"] = cmd_list_security() class cmd_manage(SuperCommand): """Manage Group Policy Objects""" subcommands = {} subcommands["sudoers"] = cmd_sudoers() + subcommands["security"] = cmd_security() class cmd_gpo(SuperCommand): """Group Policy Object (GPO) management.""" diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index dcf66f76e1d..b1a1a70aba2 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -29,6 +29,8 @@ from samba.tests.gpo import stage_file, unstage_file from samba.dcerpc import preg from samba.ndr import ndr_pack, ndr_unpack from samba.common import get_string +from configparser import ConfigParser +from io import StringIO source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../..")) @@ -584,6 +586,38 @@ class GpoCmdTestCase(SambaToolCmdTest): self.assertNotIn('MaxTicketAge = 10', inf_pol_contents, 'The test entry was still found!') + def test_security_list(self): + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security", + "set"), self.gpo_guid, + 'MaxTicketAge', '10', + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, + 'Failed to set MaxTicketAge') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security", + "list"), self.gpo_guid, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertIn('MaxTicketAge = 10', out, 'The test entry was not found!') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security", + "set"), self.gpo_guid, + 'MaxTicketAge', + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, + 'Failed to unset MaxTicketAge') + def test_sudoers_remove(self): lp = LoadParm() lp.load(os.environ['SERVERCONFFILE']) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..e959220472b --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_security_list