From: David Mulder Date: Tue, 9 Mar 2021 21:14:24 +0000 (-0700) Subject: samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names X-Git-Tag: tevent-0.11.0~1568 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bba91c462e697d91496e7d7f31d85b46422db6fa;p=thirdparty%2Fsamba.git samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names Signed-off-by: David Mulder Reviewed-by: Björn Baumbach --- diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index 851a76b9885..d60e5b96c34 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -802,10 +802,32 @@ class GpoCmdTestCase(SambaToolCmdTest): principal = etree.SubElement(listelement, 'principal') principal.text = 'fakeu' principal.attrib['type'] = 'user' + # Ensure an empty principal doesn't cause a crash + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + # Ensure having dispersed principals still works + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + listelement = etree.SubElement(sudoers_entry, 'listelement') + principal = etree.SubElement(listelement, 'principal') + principal.text = 'fakeu2' + principal.attrib['type'] = 'user' + listelement = etree.SubElement(sudoers_entry, 'listelement') + group = etree.SubElement(listelement, 'principal') + group.text = 'fakeg2' + group.attrib['type'] = 'group' ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8')) self.assertTrue(ret, 'Could not create the target %s' % vgp_xml) sudoer = 'fakeu ALL=(ALL) NOPASSWD: ALL' + sudoer2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL' + sudoer_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL' (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers", "list"), self.gpo_guid, "-H", @@ -814,7 +836,44 @@ class GpoCmdTestCase(SambaToolCmdTest): "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers list failed') self.assertIn(sudoer, out, 'The test entry was not found!') + self.assertIn(sudoer2, out, 'The test entry was not found!') + self.assertIn(sudoer_no_principal, out, + 'The test entry was not found!') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "remove"), + self.gpo_guid, sudoer2, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers remove failed') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "remove"), + self.gpo_guid, + sudoer_no_principal, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers remove failed') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "list"), + self.gpo_guid, "-H", + "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertNotIn(sudoer2, out, 'The test entry was still found!') + self.assertNotIn(sudoer_no_principal, out, + 'The test entry was still found!') # Unstage the manifest.xml file unstage_file(vgp_xml) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..1c578f3bc2c --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_list