From bba91c462e697d91496e7d7f31d85b46422db6fa Mon Sep 17 00:00:00 2001 From: David Mulder Date: Tue, 9 Mar 2021 14:14:24 -0700 Subject: [PATCH] samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: David Mulder Reviewed-by: Björn Baumbach --- python/samba/tests/samba_tool/gpo.py | 59 ++++++++++++++++++++++++++++ selftest/knownfail.d/gpo | 1 + 2 files changed, 60 insertions(+) create mode 100644 selftest/knownfail.d/gpo diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index 851a76b9885..d60e5b96c34 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -802,10 +802,32 @@ class GpoCmdTestCase(SambaToolCmdTest): principal = etree.SubElement(listelement, 'principal') principal.text = 'fakeu' principal.attrib['type'] = 'user' + # Ensure an empty principal doesn't cause a crash + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + # Ensure having dispersed principals still works + sudoers_entry = etree.SubElement(data, 'sudoers_entry') + command = etree.SubElement(sudoers_entry, 'command') + command.text = 'ALL' + user = etree.SubElement(sudoers_entry, 'user') + user.text = 'ALL' + listelement = etree.SubElement(sudoers_entry, 'listelement') + principal = etree.SubElement(listelement, 'principal') + principal.text = 'fakeu2' + principal.attrib['type'] = 'user' + listelement = etree.SubElement(sudoers_entry, 'listelement') + group = etree.SubElement(listelement, 'principal') + group.text = 'fakeg2' + group.attrib['type'] = 'group' ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8')) self.assertTrue(ret, 'Could not create the target %s' % vgp_xml) sudoer = 'fakeu ALL=(ALL) NOPASSWD: ALL' + sudoer2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL' + sudoer_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL' (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers", "list"), self.gpo_guid, "-H", @@ -814,7 +836,44 @@ class GpoCmdTestCase(SambaToolCmdTest): "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers list failed') self.assertIn(sudoer, out, 'The test entry was not found!') + self.assertIn(sudoer2, out, 'The test entry was not found!') + self.assertIn(sudoer_no_principal, out, + 'The test entry was not found!') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "remove"), + self.gpo_guid, sudoer2, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers remove failed') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "remove"), + self.gpo_guid, + sudoer_no_principal, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers remove failed') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", + "sudoers", "list"), + self.gpo_guid, "-H", + "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertNotIn(sudoer2, out, 'The test entry was still found!') + self.assertNotIn(sudoer_no_principal, out, + 'The test entry was still found!') # Unstage the manifest.xml file unstage_file(vgp_xml) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..1c578f3bc2c --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_list -- 2.47.3