diff options
author | David Mulder <dmulder@suse.com> | 2020-11-09 08:34:28 -0700 |
---|---|---|
committer | David Mulder <dmulder@samba.org> | 2020-12-09 17:38:28 +0000 |
commit | 6f1374844c3bced28ac59633d12f2125a74376db (patch) | |
tree | 38b092b4e663b774f2f6c377c5fb907119930031 /python | |
parent | cc9ff79d86c64cc25c5618866c95f308204716dd (diff) | |
download | samba-6f1374844c3bced28ac59633d12f2125a74376db.tar.gz |
samba-tool: Test gpo Sudoers list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/gpo.py | 33 | ||||
-rw-r--r-- | python/samba/tests/samba_tool/gpo.py | 34 |
2 files changed, 67 insertions, 0 deletions
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index ca479207d6e..0b0740729a4 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1664,6 +1664,38 @@ class cmd_admxload(Command): raise CommandError("The authenticated user does " "not have sufficient privileges") +class cmd_list_sudoers(Command): + """List Samba Sudoers Group Policy from the sysvol + """ + + synopsis = "%prog <gpo> [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["gpo"] + + def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None): + pass + +class cmd_sudoers(SuperCommand): + """Manage Sudoers Group Policy Objects""" + subcommands = {} + subcommands["list"] = cmd_list_sudoers() + +class cmd_manage(SuperCommand): + """Manage Group Policy Objects""" + subcommands = {} + subcommands["sudoers"] = cmd_sudoers() + class cmd_gpo(SuperCommand): """Group Policy Object (GPO) management.""" @@ -1684,3 +1716,4 @@ class cmd_gpo(SuperCommand): subcommands["backup"] = cmd_backup() subcommands["restore"] = cmd_restore() subcommands["admxload"] = cmd_admxload() + subcommands["manage"] = cmd_manage() diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py index 3e6d4e8fd27..480f314e66a 100644 --- a/python/samba/tests/samba_tool/gpo.py +++ b/python/samba/tests/samba_tool/gpo.py @@ -25,6 +25,9 @@ from samba.tests.samba_tool.base import SambaToolCmdTest import shutil from samba.netcmd.gpo import get_gpo_dn, get_gpo_info from samba.param import LoadParm +from samba.tests.gpo import stage_file, unstage_file +from samba.dcerpc import preg +from samba.ndr import ndr_pack source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../..")) @@ -542,6 +545,37 @@ class GpoCmdTestCase(SambaToolCmdTest): 'Filling PolicyDefinitions failed') shutil.rmtree(admx_path) + def test_sudoers_list(self): + lp = LoadParm() + lp.load(os.environ['SERVERCONFFILE']) + local_path = lp.get('path', 'sysvol') + reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies', + self.gpo_guid, 'Machine/Registry.pol') + + # Stage the Registry.pol file with test data + stage = preg.file() + e = preg.entry() + e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights' + e.valuename = b'Software\\Policies\\Samba\\Unix Settings' + e.type = 1 + e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL' + stage.num_entries = 1 + stage.entries = [e] + ret = stage_file(reg_pol, ndr_pack(stage)) + self.assertTrue(ret, 'Could not create the target %s' % reg_pol) + + (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers", + "list"), self.gpo_guid, + "-H", "ldap://%s" % + os.environ["SERVER"], + "-U%s%%%s" % + (os.environ["USERNAME"], + os.environ["PASSWORD"])) + self.assertIn(e.data, out, 'The test entry was not found!') + + # Unstage the Registry.pol file + unstage_file(reg_pol) + def setUp(self): """set up a temporary GPO to work with""" super(GpoCmdTestCase, self).setUp() |