From f67a3644f413dd4c902af6970cd18cf17f469cd2 Mon Sep 17 00:00:00 2001 From: David Mulder Date: Mon, 9 Nov 2020 16:08:59 -0700 Subject: [PATCH] samba-tool: Test gpo Sudoers remove command Signed-off-by: David Mulder Reviewed-by: Douglas Bagnall --- python/samba/netcmd/gpo.py | 23 ++++++++++++++++++++++ python/samba/tests/samba_tool/gpo.py | 29 ++++++++++++++++++++++++++++ selftest/knownfail.d/gpo | 1 + 3 files changed, 53 insertions(+) create mode 100644 selftest/knownfail.d/gpo diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 28887081bda..f1cbbc04e1b 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1802,11 +1802,34 @@ samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9} if get_bytes(entry.keyname) == keyname: self.outf.write('%s\n' % entry.data) +class cmd_remove_sudoers(Command): + """Removes a Samba Sudoers Group Policy from the sysvol + """ + + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo", "entry"] + + def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None): + pass + class cmd_sudoers(SuperCommand): """Manage Sudoers Group Policy Objects""" subcommands = {} subcommands["add"] = cmd_add_sudoers() subcommands["list"] = cmd_list_sudoers() + subcommands["remove"] = cmd_remove_sudoers() class cmd_manage(SuperCommand): """Manage Group Policy Objects""" diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index ca3f237f76d..c170602454a 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -546,6 +546,35 @@ class GpoCmdTestCase(SambaToolCmdTest): 'Filling PolicyDefinitions failed') shutil.rmtree(admx_path) + def test_sudoers_remove(self): + lp = LoadParm() + lp.load(os.environ['SERVERCONFFILE']) + local_path = lp.get('path', 'sysvol') + reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies', + self.gpo_guid, 'Machine/Registry.pol') + + # Stage the Registry.pol file with test data + stage = preg.file() + e = preg.entry() + e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights' + e.valuename = b'Software\\Policies\\Samba\\Unix Settings' + e.type = 1 + e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL' + stage.num_entries = 1 + stage.entries = [e] + ret = stage_file(reg_pol, ndr_pack(stage)) + self.assertTrue(ret, 'Could not create the target %s' % reg_pol) + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers", + "remove"), self.gpo_guid, + get_string(e.data), + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, 'Sudoers remove failed') + def test_sudoers_add(self): lp = LoadParm() lp.load(os.environ['SERVERCONFFILE']) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..d6c5890bac3 --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_sudoers_remove -- 2.47.3