takes_args = ["gpo", "entry"]
def run(self, gpo, entry, H=None, sambaopts=None, credopts=None, versionopts=None):
- self.lp = sambaopts.get_loadparm()
- self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
-
- # We need to know writable DC to setup SMB connection
- if H and H.startswith('ldap://'):
- dc_hostname = H[7:]
- self.url = H
- else:
- dc_hostname = netcmd_finddc(self.lp, self.creds)
- self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
-
- # SMB connect to DC
- conn = smb_connection(dc_hostname,
- 'sysvol',
- lp=self.lp,
- creds=self.creds)
-
- realm = self.lp.get('realm')
- pol_file = '\\'.join([realm.lower(), 'Policies', gpo,
- 'MACHINE\\Registry.pol'])
- try:
- pol_data = ndr_unpack(preg.file, conn.loadfile(pol_file))
- except NTSTATUSError as e:
- if e.args[0] == 0xC0000033: # STATUS_OBJECT_NAME_INVALID
- raise CommandError("The specified entry does not exist")
- elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
- raise CommandError("The authenticated user does "
- "not have sufficient privileges")
- raise
-
- if entry not in [e.data for e in pol_data.entries]:
- raise CommandError("Cannot remove '%s' because it does not exist" %
- entry)
-
- entries = [e for e in pol_data.entries if e.data != entry]
- pol_data.num_entries = len(entries)
- pol_data.entries = entries
-
- try:
- conn.savefile(pol_file, ndr_pack(pol_data))
- except NTSTATUSError as e:
- if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
- raise CommandError("The authenticated user does "
- "not have sufficient privileges")
- raise
+ pass
class cmd_sudoers(SuperCommand):
"""Manage Sudoers Group Policy Objects"""
self.assertFalse(inf_data.has_section('Kerberos Policy'))
- def test_sudoers_remove(self):
- lp = LoadParm()
- lp.load(os.environ['SERVERCONFFILE'])
- local_path = lp.get('path', 'sysvol')
- reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
- self.gpo_guid, 'Machine/Registry.pol')
-
- # Stage the Registry.pol file with test data
- stage = preg.file()
- e = preg.entry()
- e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
- e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
- e.type = 1
- e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
- stage.num_entries = 1
- stage.entries = [e]
- ret = stage_file(reg_pol, ndr_pack(stage))
- self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
-
- (result, out, err) = self.runsublevelcmd("gpo", ("manage", "sudoers",
- "remove"), self.gpo_guid,
- get_string(e.data),
- "-H", "ldap://%s" %
- os.environ["SERVER"],
- "-U%s%%%s" %
- (os.environ["USERNAME"],
- os.environ["PASSWORD"]))
- self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
-
def test_sudoers_add(self):
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
"sudoers", "add"),
os.environ["PASSWORD"]))
self.assertIn(sudoer, out, 'The test entry was not found!')
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "remove"),
+ self.gpo_guid, sudoer,
+ "-H", "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "list"),
+ self.gpo_guid, "-H",
+ "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertNotIn(sudoer, out, 'The test entry was still found!')
+
def test_sudoers_list(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])