diff options
| author | David Mulder <dmulder@suse.com> | 2020-11-10 08:05:37 -0700 |
|---|---|---|
| committer | David Mulder <dmulder@samba.org> | 2020-12-09 17:38:28 +0000 |
| commit | 5b49e0ac71c2e10b73c8c67f0cb9547b70b8d021 (patch) | |
| tree | 9aaf0d38b131be7019d65cbfd95ffd26767e3949 /python | |
| parent | f509550f872424a67d4fbc9473c8959e53dffb70 (diff) | |
| download | samba-5b49e0ac71c2e10b73c8c67f0cb9547b70b8d021.tar.gz | |
samba-tool: Test gpo Security set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/netcmd/gpo.py | 28 | ||||
| -rw-r--r-- | python/samba/tests/samba_tool/gpo.py | 38 |
2 files changed, 66 insertions, 0 deletions
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 8ec8adb37ae..dcf81c80b19 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1880,6 +1880,34 @@ class cmd_sudoers(SuperCommand): subcommands["list"] = cmd_list_sudoers() subcommands["remove"] = cmd_remove_sudoers() +class cmd_set_security(Command): + """Set Samba Security Group Policy to the sysvol + """ + + synopsis = "%prog <gpo> [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo", "policy", "value?"] + + def run(self, gpo, policy, value=None, H=None, sambaopts=None, + credopts=None, versionopts=None): + pass + +class cmd_security(SuperCommand): + """Manage Security Group Policy Objects""" + subcommands = {} + subcommands["set"] = cmd_set_security() + class cmd_manage(SuperCommand): """Manage Group Policy Objects""" subcommands = {} diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index c170602454a..dcf66f76e1d 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -546,6 +546,44 @@ class GpoCmdTestCase(SambaToolCmdTest): 'Filling PolicyDefinitions failed') shutil.rmtree(admx_path) + def test_security_set(self): + lp = LoadParm() + lp.load(os.environ['SERVERCONFFILE']) + local_path = lp.get('path', 'sysvol') + inf_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies', + self.gpo_guid, 'Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf') + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security", + "set"), self.gpo_guid, + 'MaxTicketAge', '10', + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, + 'Failed to set MaxTicketAge') + self.assertTrue(os.path.exists(inf_pol), + '%s was not created' % inf_pol) + inf_pol_contents = open(inf_pol, 'r').read() + self.assertIn('MaxTicketAge = 10', inf_pol_contents, + 'The test entry was not found!') + + # Ensure an empty set command deletes the entry + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security", + "set"), self.gpo_guid, + 'MaxTicketAge', + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertCmdSuccess(result, out, err, + 'Failed to unset MaxTicketAge') + inf_pol_contents = open(inf_pol, 'r').read() + self.assertNotIn('MaxTicketAge = 10', inf_pol_contents, + 'The test entry was still found!') + def test_sudoers_remove(self): lp = LoadParm() lp.load(os.environ['SERVERCONFFILE']) |