subcommands["list"] = cmd_list_issue()
subcommands["set"] = cmd_set_issue()
+class cmd_list_access(Command):
+ """List VGP Host Access Group Policy from the sysvol
+
+This command lists host access rules from the sysvol that will be applied to winbind clients.
+
+Example:
+samba-tool gpo manage access list {31B2F340-016D-11D2-945F-00C04FB984F9}
+ """
+
+ synopsis = "%prog <gpo> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+ metavar="URL", dest="H"),
+ ]
+
+ takes_args = ["gpo"]
+
+ def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
+ pass
+
+class cmd_access(SuperCommand):
+ """Manage Host Access Group Policy Objects"""
+ subcommands = {}
+ subcommands["list"] = cmd_list_access()
+
class cmd_manage(SuperCommand):
"""Manage Group Policy Objects"""
subcommands = {}
subcommands["scripts"] = cmd_scripts()
subcommands["motd"] = cmd_motd()
subcommands["issue"] = cmd_issue()
+ subcommands["access"] = cmd_access()
class cmd_gpo(SuperCommand):
"""Group Policy Object (GPO) management."""
--- /dev/null
+# Unix SMB/CIFS implementation.
+# Copyright (C) David Mulder 2021
+#
+# based on gpo.py:
+# Copyright (C) Andrew Bartlett 2012
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+from samba.tests.samba_tool.base import SambaToolCmdTest
+import shutil
+from samba.param import LoadParm
+from samba.tests.gpo import stage_file, unstage_file
+import xml.etree.ElementTree as etree
+
+class GpoCmdTestCase(SambaToolCmdTest):
+ """Tests for samba-tool time subcommands"""
+
+ gpo_name = "testgpo"
+
+ def test_vgp_access_list(self):
+ lp = LoadParm()
+ lp.load(os.environ['SERVERCONFFILE'])
+ local_path = lp.get('path', 'sysvol')
+ vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+ self.gpo_guid, 'Machine/VGP/VTLA/VAS'
+ 'HostAccessControl/Allow/manifest.xml')
+
+ stage = etree.Element('vgppolicy')
+ policysetting = etree.SubElement(stage, 'policysetting')
+ pv = etree.SubElement(policysetting, 'version')
+ pv.text = '1'
+ name = etree.SubElement(policysetting, 'name')
+ name.text = 'Host Access Control'
+ description = etree.SubElement(policysetting, 'description')
+ description.text = 'Represents host access control data (pam_access)'
+ apply_mode = etree.SubElement(policysetting, 'apply_mode')
+ apply_mode.text = 'merge'
+ data = etree.SubElement(policysetting, 'data')
+ listelement = etree.SubElement(data, 'listelement')
+ etype = etree.SubElement(listelement, 'type')
+ etype.text = 'USER'
+ entry = etree.SubElement(listelement, 'entry')
+ entry.text = 'goodguy@%s' % lp.get('realm').lower()
+ adobject = etree.SubElement(listelement, 'adobject')
+ name = etree.SubElement(adobject, 'name')
+ name.text = 'goodguy'
+ domain = etree.SubElement(adobject, 'domain')
+ domain.text = lp.get('realm').lower()
+ etype = etree.SubElement(adobject, 'type')
+ etype.text = 'user'
+ groupattr = etree.SubElement(data, 'groupattr')
+ groupattr.text = 'samAccountName'
+ listelement = etree.SubElement(data, 'listelement')
+ etype = etree.SubElement(listelement, 'type')
+ etype.text = 'GROUP'
+ entry = etree.SubElement(listelement, 'entry')
+ entry.text = '%s\\goodguys' % lp.get('realm').lower()
+ adobject = etree.SubElement(listelement, 'adobject')
+ name = etree.SubElement(adobject, 'name')
+ name.text = 'goodguys'
+ domain = etree.SubElement(adobject, 'domain')
+ domain.text = lp.get('realm').lower()
+ etype = etree.SubElement(adobject, 'type')
+ etype.text = 'group'
+ ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
+ self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
+
+ uentry = '+:%s\\goodguy:ALL' % domain.text
+ gentry = '+:%s\\goodguys:ALL' % domain.text
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "access", "list"),
+ self.gpo_guid, "-H",
+ "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertIn(uentry, out, 'The test entry was not found!')
+ self.assertIn(gentry, out, 'The test entry was not found!')
+
+ # Unstage the manifest.xml file
+ unstage_file(vgp_xml)
+
+ def setUp(self):
+ """set up a temporary GPO to work with"""
+ super(GpoCmdTestCase, self).setUp()
+ (result, out, err) = self.runsubcmd("gpo", "create", self.gpo_name,
+ "-H", "ldap://%s" % os.environ["SERVER"],
+ "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]),
+ "--tmpdir", self.tempdir)
+ self.assertCmdSuccess(result, out, err, "Ensuring gpo created successfully")
+ shutil.rmtree(os.path.join(self.tempdir, "policy"))
+ try:
+ self.gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
+ except IndexError:
+ self.fail("Failed to find GUID in output: %s" % out)
+
+ def tearDown(self):
+ """remove the temporary GPO to work with"""
+ (result, out, err) = self.runsubcmd("gpo", "del", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
+ super(GpoCmdTestCase, self).tearDown()
git.samba.org / samba.git / commitdiff