From: David Mulder Date: Mon, 9 Nov 2020 22:48:28 +0000 (-0700) Subject: samba-tool: Test gpo Sudoers add command X-Git-Tag: samba-4.14.0rc1~463 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b0ccebd3ee65b8a9e4d09e1ef9121fc8c6a336b4;p=thirdparty%2Fsamba.git samba-tool: Test gpo Sudoers add command Signed-off-by: David Mulder Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 6a3f62299b5..cf763af1c23 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1665,6 +1665,28 @@ class cmd_admxload(Command): raise CommandError("The authenticated user does " "not have sufficient privileges") +class cmd_add_sudoers(Command): + """Adds a Samba Sudoers Group Policy to the sysvol + """ + + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo", "entry"] + + def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None): + pass + class cmd_list_sudoers(Command): """List Samba Sudoers Group Policy from the sysvol @@ -1728,6 +1750,7 @@ samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9} class cmd_sudoers(SuperCommand): """Manage Sudoers Group Policy Objects""" subcommands = {} + subcommands["add"] = cmd_add_sudoers() subcommands["list"] = cmd_list_sudoers() class cmd_manage(SuperCommand): diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index 480f314e66a..ca3f237f76d 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -27,7 +27,8 @@ from samba.netcmd.gpo import get_gpo_dn, get_gpo_info from samba.param import LoadParm from samba.tests.gpo import stage_file, unstage_file from samba.dcerpc import preg -from samba.ndr import ndr_pack +from samba.ndr import ndr_pack, ndr_unpack +from samba.common import get_string source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../..")) @@ -545,6 +546,29 @@ class GpoCmdTestCase(SambaToolCmdTest): 'Filling PolicyDefinitions failed') shutil.rmtree(admx_path) + def test_sudoers_add(self): + lp = LoadParm() + lp.load(os.environ['SERVERCONFFILE']) + local_path = lp.get('path', 'sysvol') + reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies', + self.gpo_guid, 'Machine/Registry.pol') + + entry = 'fakeu ALL=(ALL) NOPASSWD: ALL' + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers", + "add"), self.gpo_guid, entry, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers add failed') + + self.assertTrue(os.path.exists(reg_pol), + 'The Registry.pol does not exist') + reg_data = ndr_unpack(preg.file, open(reg_pol, 'rb').read()) + self.assertTrue(any([get_string(e.data) == entry for e in reg_data.entries]), + 'The sudoers entry was not added') + def test_sudoers_list(self): lp = LoadParm() lp.load(os.environ['SERVERCONFFILE']) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..05e3d4ea8e8 --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_add