diff options
author | David Mulder <dmulder@suse.com> | 2020-08-06 15:41:13 -0600 |
---|---|---|
committer | David Mulder <dmulder@samba.org> | 2020-08-27 15:59:33 +0000 |
commit | 7e507dd8865a5108c31782fb8e603fc4dca627d9 (patch) | |
tree | 62c35bf31fb1432236f4732d838f2725c0490714 | |
parent | 8626910c0eaaac57d95d2b2f8583ee0c732d98c6 (diff) | |
download | samba-7e507dd8865a5108c31782fb8e603fc4dca627d9.tar.gz |
gpo: Test multiple extention unapply
Verify that an unapply of multiple extentions
deletes the script files and policy settings.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-rw-r--r-- | python/samba/tests/gpo.py | 81 | ||||
-rw-r--r-- | selftest/knownfail.d/gpo | 2 |
2 files changed, 83 insertions, 0 deletions
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index e65ce387358..76030fa389e 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -542,3 +542,84 @@ class GPOTests(tests.TestCase): 'Sudoers policy not created') unstage_file(gpofile % g.name) unstage_file(reg_pol % g.name) + + def test_gp_unapply(self): + logger = logging.getLogger('gpo_tests') + cache_dir = self.lp.get('cache directory') + local_path = self.lp.cache_path('gpo_cache') + guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}' + store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb')) + + machine_creds = Credentials() + machine_creds.guess(self.lp) + machine_creds.set_machine_account() + + ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) + if ads.connect(): + gpos = ads.get_gpo_list(machine_creds.get_username()) + + gp_extensions = [] + gp_extensions.append(gp_krb_ext(logger, self.lp, machine_creds, store)) + gp_extensions.append(gp_scripts_ext(logger, self.lp, machine_creds, + store)) + gp_extensions.append(gp_sudoers_ext(logger, self.lp, machine_creds, + store)) + + # Create registry stage data + reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL') + reg_stage = preg.file() + e = preg.entry() + e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts' + e.valuename = b'Software\\Policies\\Samba\\Unix Settings' + e.type = 1 + e.data = b'echo hello world' + e2 = preg.entry() + e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights' + e2.valuename = b'Software\\Policies\\Samba\\Unix Settings' + e2.type = 1 + e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL' + reg_stage.num_entries = 2 + reg_stage.entries = [e, e2] + + # Create krb stage date + gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \ + 'WINDOWS NT/SECEDIT/GPTTMPL.INF') + krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n' + + ret = stage_file(gpofile % guid, krb_stage) + self.assertTrue(ret, 'Could not create the target %s' % + (gpofile % guid)) + ret = stage_file(reg_pol % guid, ndr_pack(reg_stage)) + self.assertTrue(ret, 'Could not create the target %s' % + (reg_pol % guid)) + + # Process all gpos, with temp output directory + remove = [] + with TemporaryDirectory() as dname: + for ext in gp_extensions: + if type(ext) == gp_krb_ext: + ext.process_group_policy([], gpos) + ret = store.get_int('kdc:user_ticket_lifetime') + self.assertEqual(ret, 99, 'Kerberos policy was not set') + elif type(ext) in [gp_scripts_ext, gp_sudoers_ext]: + ext.process_group_policy([], gpos, dname) + gp_db = store.get_gplog(machine_creds.get_username()) + applied_settings = gp_db.get_applied_settings([guid]) + for _, fname in applied_settings[-1][-1][str(ext)].items(): + self.assertIn(dname, fname, + 'Test file not created in tmp dir') + self.assertTrue(os.path.exists(fname), + 'Test file not created') + remove.append(fname) + + # Unapply policy, and ensure policies are removed + gpupdate_unapply(self.lp) + + for fname in remove: + self.assertFalse(os.path.exists(fname), + 'Unapply did not remove test file') + ret = store.get_int('kdc:user_ticket_lifetime') + self.assertNotEqual(ret, 99, 'Kerberos policy was not unapplied') + + unstage_file(gpofile % guid) + unstage_file(reg_pol % guid) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..a1ebedf76ad --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1,2 @@ +samba.tests.gpo.samba.tests.gpo.GPOTests.test_process_group_policy +samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_unapply |