search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / samba_tool / gpo.py
blob851c70efecf827478b34f5c41858837006d48491
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Andrew Bartlett 2012
3 #
4 # based on time.py:
5 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
6 #
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #
20
21 import os, pwd, grp
22 import ldb
23 import samba
24 from samba.tests.samba_tool.base import SambaToolCmdTest
25 import shutil
26 from samba.netcmd.gpo import get_gpo_dn, get_gpo_info
27 from samba.param import LoadParm
28 from samba.tests.gpo import stage_file, unstage_file
29 from samba.dcerpc import preg
30 from samba.ndr import ndr_pack, ndr_unpack
31 from samba.common import get_string
32 from configparser import ConfigParser
33 import xml.etree.ElementTree as etree
34 from tempfile import NamedTemporaryFile
35 import re
36 from samba.gp.gpclass import check_guid
37 from samba.gp_parse.gp_ini import GPTIniParser
38
39 gpo_load_json = \
40 b"""
41 [
42 {
43 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox\\\\Homepage",
44 "valuename": "StartPage",
45 "class": "USER",
46 "type": "REG_SZ",
47 "data": "homepage"
48 },
49 {
50 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox\\\\Homepage",
51 "valuename": "URL",
52 "class": "USER",
53 "type": 1,
54 "data": "samba.org"
55 },
56 {
57 "keyname": "Software\\\\Microsoft\\\\Internet Explorer\\\\Toolbar",
58 "valuename": "IEToolbar",
59 "class": "USER",
60 "type": "REG_BINARY",
61 "data": [0]
62 },
63 {
64 "keyname": "Software\\\\Policies\\\\Microsoft\\\\InputPersonalization",
65 "valuename": "RestrictImplicitTextCollection",
66 "class": "USER",
67 "type": "REG_DWORD",
68 "data": 1
69 },
70 {
71 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox",
72 "valuename": "ExtensionSettings",
73 "class": "MACHINE",
74 "type": "REG_MULTI_SZ",
75 "data": [
76 "{",
77 " \\"key\\": \\"value\\"",
78 "}"
79 ]
80 }
81 ]
82 """
83
84 gpo_remove_json = \
85 b"""
86 [
87 {
88 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox\\\\Homepage",
89 "valuename": "StartPage",
90 "class": "USER"
91 },
92 {
93 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox\\\\Homepage",
94 "valuename": "URL",
95 "class": "USER"
96 },
97 {
98 "keyname": "Software\\\\Microsoft\\\\Internet Explorer\\\\Toolbar",
99 "valuename": "IEToolbar",
100 "class": "USER"
101 },
102 {
103 "keyname": "Software\\\\Policies\\\\Microsoft\\\\InputPersonalization",
104 "valuename": "RestrictImplicitTextCollection",
105 "class": "USER"
106 },
107 {
108 "keyname": "Software\\\\Policies\\\\Mozilla\\\\Firefox",
109 "valuename": "ExtensionSettings",
110 "class": "MACHINE"
111 }
112 ]
113 """
114
115 def gpt_ini_version(gpo_guid):
116 lp = LoadParm()
117 lp.load(os.environ['SERVERCONFFILE'])
118 local_path = lp.get('path', 'sysvol')
119 GPT_INI = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
120 gpo_guid, 'GPT.INI')
121 if os.path.exists(GPT_INI):
122 with open(GPT_INI, 'rb') as f:
123 data = f.read()
124 parser = GPTIniParser()
125 parser.parse(data)
126 if parser.ini_conf.has_option('General', 'Version'):
127 version = int(parser.ini_conf.get('General',
128 'Version').encode('utf-8'))
129 else:
130 version = 0
131 else:
132 version = 0
133 return version
134
135 # These are new GUIDs, not used elsewhere, made up for the use of testing the
136 # adding of extension GUIDs in `samba-tool gpo load`.
137 ext_guids = ['{123d2b56-7b14-4516-bbc4-763d29d57654}',
138 '{d000e91b-e70f-481b-9549-58de7929bcee}']
139
140 source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../.."))
141 provision_path = os.path.join(source_path, "source4/selftest/provisions/")
142
143 def has_difference(path1, path2, binary=True, xml=True, sortlines=False):
144 """Use this function to determine if the GPO backup differs from another.
145
146 xml=True checks whether any xml files are equal
147 binary=True checks whether any .SAMBABACKUP files are equal
148 """
149 if os.path.isfile(path1):
150 if sortlines:
151 file1 = open(path1).readlines()
152 file1.sort()
153 file2 = open(path1).readlines()
154 file2.sort()
155 if file1 != file2:
156 return path1
157
158 elif open(path1).read() != open(path2).read():
159 return path1
160
161 return None
162
163 l_dirs = [ path1 ]
164 r_dirs = [ path2 ]
165 while l_dirs:
166 l_dir = l_dirs.pop()
167 r_dir = r_dirs.pop()
168
169 dirlist = os.listdir(l_dir)
170 dirlist_other = os.listdir(r_dir)
171
172 dirlist.sort()
173 dirlist_other.sort()
174 if dirlist != dirlist_other:
175 return dirlist
176
177 for e in dirlist:
178 l_name = os.path.join(l_dir, e)
179 r_name = os.path.join(r_dir, e)
180
181 if os.path.isdir(l_name):
182 l_dirs.append(l_name)
183 r_dirs.append(r_name)
184 else:
185 if (l_name.endswith('.xml') and xml or
186 l_name.endswith('.SAMBABACKUP') and binary):
187 if open(l_name, "rb").read() != open(r_name, "rb").read():
188 return l_name
189
190 return None
191
192
193 class GpoCmdTestCase(SambaToolCmdTest):
194 """Tests for samba-tool time subcommands"""
195
196 gpo_name = "testgpo"
197
198 # This exists in the source tree to be restored
199 backup_gpo_guid = "{1E1DC8EA-390C-4800-B327-98B56A0AEA5D}"
200
201 def test_gpo_list(self):
202 """Run gpo list against the server and make sure it looks accurate"""
203 (result, out, err) = self.runsubcmd("gpo", "listall", "-H", "ldap://%s" % os.environ["SERVER"])
204 self.assertCmdSuccess(result, out, err, "Ensuring gpo listall ran successfully")
205
206 def test_fetchfail(self):
207 """Run against a non-existent GPO, and make sure it fails (this hard-coded UUID is very unlikely to exist"""
208 (result, out, err) = self.runsubcmd("gpo", "fetch", "c25cac17-a02a-4151-835d-fae17446ee43", "-H", "ldap://%s" % os.environ["SERVER"])
209 self.assertCmdFail(result, "check for result code")
210
211 def test_fetch(self):
212 """Run against a real GPO, and make sure it passes"""
213 (result, out, err) = self.runsubcmd("gpo", "fetch", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "--tmpdir", self.tempdir)
214 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
215 shutil.rmtree(os.path.join(self.tempdir, "policy"))
216
217 def test_show(self):
218 """Show a real GPO, and make sure it passes"""
219 (result, out, err) = self.runsubcmd("gpo", "show", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"])
220 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
221
222 def test_show_as_admin(self):
223 """Show a real GPO, and make sure it passes"""
224 (result, out, err) = self.runsubcmd("gpo", "show", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
225 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
226
227 def test_aclcheck(self):
228 """Check all the GPOs on the remote server have correct ACLs"""
229 (result, out, err) = self.runsubcmd("gpo", "aclcheck", "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
230 self.assertCmdSuccess(result, out, err, "Ensuring gpo checked successfully")
231
232 def test_getlink_empty(self):
233 self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
234 "-U%s%%%s" % (os.environ["DC_USERNAME"],
235 os.environ["DC_PASSWORD"]))
236
237 container_dn = 'OU=gpo_test_link,%s' % self.samdb.get_default_basedn()
238
239 self.samdb.add({
240 'dn': container_dn,
241 'objectClass': 'organizationalUnit'
242 })
243
244 (result, out, err) = self.runsubcmd("gpo", "getlink", container_dn,
245 "-H", "ldap://%s" % os.environ["SERVER"],
246 "-U%s%%%s" % (os.environ["USERNAME"],
247 os.environ["PASSWORD"]))
248 self.assertCmdSuccess(result, out, err, "Ensuring gpo link fetched successfully")
249
250 # Microsoft appears to allow an empty space character after deletion of
251 # a GPO. We should be able to handle this.
252 m = ldb.Message()
253 m.dn = ldb.Dn(self.samdb, container_dn)
254 m['gPLink'] = ldb.MessageElement(' ', ldb.FLAG_MOD_REPLACE, 'gPLink')
255 self.samdb.modify(m)
256
257 (result, out, err) = self.runsubcmd("gpo", "getlink", container_dn,
258 "-H", "ldap://%s" % os.environ["SERVER"],
259 "-U%s%%%s" % (os.environ["USERNAME"],
260 os.environ["PASSWORD"]))
261 self.assertCmdSuccess(result, out, err, "Ensuring gpo link fetched successfully")
262
263 self.samdb.delete(container_dn)
264
265 def test_backup_restore_compare_binary(self):
266 """Restore from a static backup and compare the binary contents"""
267
268 if not os.path.exists(provision_path):
269 self.skipTest('Test requires provision data not available in '
270 + 'release tarball')
271
272 static_path = os.path.join(self.backup_path, 'policy',
273 self.backup_gpo_guid)
274
275 temp_path = os.path.join(self.tempdir, 'temp')
276 os.mkdir(temp_path)
277
278 new_path = os.path.join(self.tempdir, 'new')
279 os.mkdir(new_path)
280
281 gpo_guid = None
282 try:
283 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE1",
284 static_path,
285 "-H", "ldap://%s" %
286 os.environ["SERVER"], "--tmpdir",
287 temp_path, "--entities",
288 self.entity_file, "-U%s%%%s" %
289 (os.environ["USERNAME"],
290 os.environ["PASSWORD"]),
291 "--restore-metadata")
292
293 self.assertCmdSuccess(result, out, err,
294 "Ensure gpo restore successful")
295
296 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
297
298 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
299 "-H", "ldap://%s" %
300 os.environ["SERVER"],
301 "--tmpdir", new_path)
302
303 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
304
305 # Compare the directories
306 self.assertIsNone(has_difference(os.path.join(new_path, 'policy',
307 gpo_guid),
308 static_path, binary=True,
309 xml=False))
310 finally:
311 if gpo_guid:
312 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid,
313 "-H", "ldap://%s" %
314 os.environ["SERVER"],
315 "-U%s%%%s" %
316 (os.environ["USERNAME"],
317 os.environ["PASSWORD"]))
318 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
319
320 shutil.rmtree(temp_path)
321 shutil.rmtree(new_path)
322
323 def test_backup_restore_no_entities_compare_binary(self):
324 """Restore from a static backup (and use no entity file, resulting in
325 copy-restore fallback), and compare the binary contents"""
326
327 if not os.path.exists(provision_path):
328 self.skipTest('Test requires provision data not available in '
329 + 'release tarball')
330
331 static_path = os.path.join(self.backup_path, 'policy',
332 self.backup_gpo_guid)
333
334 temp_path = os.path.join(self.tempdir, 'temp')
335 os.mkdir(temp_path)
336
337 new_path = os.path.join(self.tempdir, 'new')
338 os.mkdir(new_path)
339
340 gpo_guid = None
341 gpo_guid1 = None
342 gpo_guid2 = None
343 try:
344 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE1",
345 static_path,
346 "-H", "ldap://%s" %
347 os.environ["SERVER"], "--tmpdir",
348 temp_path, "--entities",
349 self.entity_file, "-U%s%%%s" %
350 (os.environ["USERNAME"],
351 os.environ["PASSWORD"]),
352 "--restore-metadata")
353
354 self.assertCmdSuccess(result, out, err,
355 "Ensure gpo restore successful")
356
357 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
358 gpo_guid1 = gpo_guid
359
360 # Do not output entities file
361 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
362 "-H", "ldap://%s" %
363 os.environ["SERVER"],
364 "--tmpdir", new_path,
365 "--generalize")
366
367 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
368
369 # Do not use an entities file
370 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE2",
371 os.path.join(new_path, 'policy', gpo_guid1),
372 "-H", "ldap://%s" %
373 os.environ["SERVER"], "--tmpdir",
374 temp_path, "-U%s%%%s" %
375 (os.environ["USERNAME"],
376 os.environ["PASSWORD"]),
377 "--restore-metadata")
378
379 self.assertCmdSuccess(result, out, err,
380 "Ensure gpo restore successful")
381
382 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
383 gpo_guid2 = gpo_guid
384
385 self.assertCmdSuccess(result, out, err, "Ensuring gpo restored successfully")
386
387 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
388 "-H", "ldap://%s" %
389 os.environ["SERVER"],
390 "--tmpdir", new_path)
391
392 # Compare the directories
393 self.assertIsNone(has_difference(os.path.join(new_path, 'policy',
394 gpo_guid1),
395 os.path.join(new_path, 'policy',
396 gpo_guid2),
397 binary=True, xml=False))
398 finally:
399 if gpo_guid1:
400 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid1,
401 "-H", "ldap://%s" %
402 os.environ["SERVER"],
403 "-U%s%%%s" %
404 (os.environ["USERNAME"],
405 os.environ["PASSWORD"]))
406 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
407
408 if gpo_guid2:
409 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid2,
410 "-H", "ldap://%s" %
411 os.environ["SERVER"],
412 "-U%s%%%s" %
413 (os.environ["USERNAME"],
414 os.environ["PASSWORD"]))
415 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
416
417 shutil.rmtree(temp_path)
418 shutil.rmtree(new_path)
419
420 def test_backup_restore_backup_compare_XML(self):
421 """Restore from a static backup and backup to compare XML"""
422
423 if not os.path.exists(provision_path):
424 self.skipTest('Test requires provision data not available in '
425 + 'release tarball')
426
427 static_path = os.path.join(self.backup_path, 'policy',
428 self.backup_gpo_guid)
429
430 temp_path = os.path.join(self.tempdir, 'temp')
431 os.mkdir(temp_path)
432
433 new_path = os.path.join(self.tempdir, 'new')
434 os.mkdir(new_path)
435
436 gpo_guid = None
437 gpo_guid1 = None
438 gpo_guid2 = None
439 try:
440 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE1",
441 static_path,
442 "-H", "ldap://%s" %
443 os.environ["SERVER"], "--tmpdir",
444 temp_path, "--entities",
445 self.entity_file, "-U%s%%%s" %
446 (os.environ["USERNAME"],
447 os.environ["PASSWORD"]),
448 "--restore-metadata")
449
450 self.assertCmdSuccess(result, out, err,
451 "Ensure gpo restore successful")
452
453 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
454 gpo_guid1 = gpo_guid
455
456 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
457 "-H", "ldap://%s" %
458 os.environ["SERVER"],
459 "--tmpdir", new_path)
460
461 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
462
463 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE2",
464 os.path.join(new_path, 'policy', gpo_guid1),
465 "-H", "ldap://%s" %
466 os.environ["SERVER"], "--tmpdir",
467 temp_path, "--entities",
468 self.entity_file, "-U%s%%%s" %
469 (os.environ["USERNAME"],
470 os.environ["PASSWORD"]),
471 "--restore-metadata")
472
473 self.assertCmdSuccess(result, out, err,
474 "Ensure gpo restore successful")
475
476 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
477 gpo_guid2 = gpo_guid
478
479 self.assertCmdSuccess(result, out, err, "Ensuring gpo restored successfully")
480
481 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
482 "-H", "ldap://%s" %
483 os.environ["SERVER"],
484 "--tmpdir", new_path)
485
486 # Compare the directories
487 self.assertIsNone(has_difference(os.path.join(new_path, 'policy',
488 gpo_guid1),
489 os.path.join(new_path, 'policy',
490 gpo_guid2),
491 binary=True, xml=True))
492 finally:
493 if gpo_guid1:
494 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid1,
495 "-H", "ldap://%s" %
496 os.environ["SERVER"],
497 "-U%s%%%s" %
498 (os.environ["USERNAME"],
499 os.environ["PASSWORD"]))
500 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
501
502 if gpo_guid2:
503 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid2,
504 "-H", "ldap://%s" %
505 os.environ["SERVER"],
506 "-U%s%%%s" %
507 (os.environ["USERNAME"],
508 os.environ["PASSWORD"]))
509 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
510
511 shutil.rmtree(temp_path)
512 shutil.rmtree(new_path)
513
514 def test_backup_restore_generalize(self):
515 """Restore from a static backup with different entities, generalize it
516 again, and compare the XML"""
517
518 if not os.path.exists(provision_path):
519 self.skipTest('Test requires provision data not available in '
520 + 'release tarball')
521
522 static_path = os.path.join(self.backup_path, 'policy',
523 self.backup_gpo_guid)
524
525 temp_path = os.path.join(self.tempdir, 'temp')
526 os.mkdir(temp_path)
527
528 new_path = os.path.join(self.tempdir, 'new')
529 os.mkdir(new_path)
530
531 alt_entity_file = os.path.join(new_path, 'entities')
532 with open(alt_entity_file, 'wb') as f:
533 f.write(b'''<!ENTITY SAMBA__NETWORK_PATH__82419dafed126a07d6b96c66fc943735__ "\\\\samdom.example.com">
534 <!ENTITY SAMBA__NETWORK_PATH__0484cd41ded45a0728333a9c5e5ef619__ "\\\\samdom">
535 <!ENTITY SAMBA____SDDL_ACL____4ce8277be3f630300cbcf80a80e21cf4__ "D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;S-1-16-0)">
536 <!ENTITY SAMBA____USER_ID_____d0970f5a1e19cb803f916c203d5c39c4__ "*S-1-5-113">
537 <!ENTITY SAMBA____USER_ID_____7b7bc2512ee1fedcd76bdc68926d4f7b__ "Administrator">
538 <!ENTITY SAMBA____USER_ID_____a3069f5a7a6530293ad8df6abd32af3d__ "Foobaz">
539 <!ENTITY SAMBA____USER_ID_____fdf60b2473b319c8c341de5f62479a7d__ "*S-1-5-32-545">
540 <!ENTITY SAMBA____USER_ID_____adb831a7fdd83dd1e2a309ce7591dff8__ "Guest">
541 <!ENTITY SAMBA____USER_ID_____9fa835214b4fc8b6102c991f7d97c2f8__ "*S-1-5-32-547">
542 <!ENTITY SAMBA____USER_ID_____bf8caafa94a19a6262bad2e8b6d4bce6__ "*S-1-5-32-546">
543 <!ENTITY SAMBA____USER_ID_____a45da96d0bf6575970f2d27af22be28a__ "System">
544 <!ENTITY SAMBA____USER_ID_____171d33a63ebd67f856552940ed491ad3__ "s-1-5-32-545">
545 <!ENTITY SAMBA____USER_ID_____7140932fff16ce85cc64d3caab588d0d__ "s-1-1-0">
546 ''')
547
548 gen_entity_file = os.path.join(temp_path, 'entities')
549
550 gpo_guid = None
551 try:
552 (result, out, err) = self.runsubcmd("gpo", "restore", "BACKUP_RESTORE1",
553 static_path,
554 "-H", "ldap://%s" %
555 os.environ["SERVER"], "--tmpdir",
556 temp_path, "--entities",
557 alt_entity_file, "-U%s%%%s" %
558 (os.environ["USERNAME"],
559 os.environ["PASSWORD"]),
560 "--restore-metadata")
561
562 self.assertCmdSuccess(result, out, err, "Ensuring gpo restored successfully")
563
564 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
565
566 (result, out, err) = self.runsubcmd("gpo", "backup", gpo_guid,
567 "-H", "ldap://%s" %
568 os.environ["SERVER"],
569 "--tmpdir", new_path,
570 "--generalize", "--entities",
571 gen_entity_file)
572
573 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
574
575 # Assert entity files are identical (except for line order)
576 self.assertIsNone(has_difference(alt_entity_file,
577 gen_entity_file,
578 sortlines=True))
579
580 # Compare the directories (XML)
581 self.assertIsNone(has_difference(os.path.join(new_path, 'policy',
582 gpo_guid),
583 static_path, binary=False,
584 xml=True))
585 finally:
586 if gpo_guid:
587 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid,
588 "-H", "ldap://%s" %
589 os.environ["SERVER"],
590 "-U%s%%%s" %
591 (os.environ["USERNAME"],
592 os.environ["PASSWORD"]))
593 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
594
595 shutil.rmtree(temp_path)
596 shutil.rmtree(new_path)
597
598 def test_backup_with_extension_attributes(self):
599 self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
600 "-U%s%%%s" % (os.environ["DC_USERNAME"],
601 os.environ["DC_PASSWORD"]))
602
603 temp_path = os.path.join(self.tempdir, 'temp')
604 os.mkdir(temp_path)
605
606 extensions = {
607 # Taken from "source4/setup/provision_group_policy.ldif" on domain
608 'gPCMachineExtensionNames': '[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]',
609 'gPCUserExtensionNames': '[{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]'
610 }
611
612 gpo_dn = get_gpo_dn(self.samdb, self.gpo_guid)
613 for ext in extensions:
614 data = extensions[ext]
615
616 m = ldb.Message()
617 m.dn = gpo_dn
618 m[ext] = ldb.MessageElement(data, ldb.FLAG_MOD_REPLACE, ext)
619
620 self.samdb.modify(m)
621
622 try:
623 (result, out, err) = self.runsubcmd("gpo", "backup", self.gpo_guid,
624 "-H", "ldap://%s" %
625 os.environ["SERVER"],
626 "--tmpdir", temp_path)
627
628 self.assertCmdSuccess(result, out, err, "Ensuring gpo fetched successfully")
629
630 guid = "{%s}" % out.split("{")[1].split("}")[0]
631
632 temp_path = os.path.join(temp_path, 'policy', guid)
633
634 (result, out, err) = self.runsubcmd("gpo", "restore", "RESTORE_EXT",
635 temp_path,
636 "-H", "ldap://%s" %
637 os.environ["SERVER"], "--tmpdir",
638 self.tempdir, "-U%s%%%s" %
639 (os.environ["USERNAME"],
640 os.environ["PASSWORD"]),
641 "--restore-metadata")
642
643 self.assertCmdSuccess(result, out, err, "Ensuring gpo restored successfully")
644
645 gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
646
647 msg = get_gpo_info(self.samdb, gpo_guid)
648 self.assertEqual(len(msg), 1)
649
650 for ext in extensions:
651 self.assertTrue(ext in msg[0])
652 self.assertEqual(extensions[ext], str(msg[0][ext][0]))
653
654 finally:
655 if gpo_guid:
656 (result, out, err) = self.runsubcmd("gpo", "del", gpo_guid,
657 "-H", "ldap://%s" %
658 os.environ["SERVER"],
659 "-U%s%%%s" %
660 (os.environ["USERNAME"],
661 os.environ["PASSWORD"]))
662 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
663
664 shutil.rmtree(os.path.join(self.tempdir, "policy"))
665 shutil.rmtree(os.path.join(self.tempdir, 'temp'))
666
667 def test_admx_load(self):
668 lp = LoadParm()
669 lp.load(os.environ['SERVERCONFFILE'])
670 local_path = lp.get('path', 'sysvol')
671 admx_path = os.path.join(local_path, os.environ['REALM'].lower(),
672 'Policies', 'PolicyDefinitions')
673 (result, out, err) = self.runsubcmd("gpo", "admxload",
674 "-H", "ldap://%s" %
675 os.environ["SERVER"],
676 "--admx-dir=%s" %
677 os.path.join(source_path,
678 'libgpo/admx'),
679 "-U%s%%%s" %
680 (os.environ["USERNAME"],
681 os.environ["PASSWORD"]))
682 self.assertCmdSuccess(result, out, err,
683 'Filling PolicyDefinitions failed')
684 self.assertTrue(os.path.exists(admx_path),
685 'PolicyDefinitions was not created')
686 self.assertTrue(os.path.exists(os.path.join(admx_path, 'samba.admx')),
687 'Filling PolicyDefinitions failed')
688 shutil.rmtree(admx_path)
689
690 def test_smb_conf_set(self):
691 lp = LoadParm()
692 lp.load(os.environ['SERVERCONFFILE'])
693 local_path = lp.get('path', 'sysvol')
694 reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
695 self.gpo_guid, 'Machine/Registry.pol')
696
697 policy = 'apply group policies'
698 before_vers = gpt_ini_version(self.gpo_guid)
699 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "smb_conf",
700 "set"), self.gpo_guid,
701 policy, "yes",
702 "-H", "ldap://%s" %
703 os.environ["SERVER"],
704 "-U%s%%%s" %
705 (os.environ["USERNAME"],
706 os.environ["PASSWORD"]))
707 self.assertCmdSuccess(result, out, err,
708 'Failed to set apply group policies')
709 after_vers = gpt_ini_version(self.gpo_guid)
710 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
711
712 self.assertTrue(os.path.exists(reg_pol),
713 'The Registry.pol does not exist')
714 reg_data = ndr_unpack(preg.file, open(reg_pol, 'rb').read())
715 ret = any([get_string(e.valuename) == policy and e.data == 1
716 for e in reg_data.entries])
717 self.assertTrue(ret, 'The sudoers entry was not added')
718
719 before_vers = after_vers
720 # Ensure an empty set command deletes the entry
721 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "smb_conf",
722 "set"), self.gpo_guid,
723 policy, "-H", "ldap://%s" %
724 os.environ["SERVER"],
725 "-U%s%%%s" %
726 (os.environ["USERNAME"],
727 os.environ["PASSWORD"]))
728 self.assertCmdSuccess(result, out, err,
729 'Failed to unset apply group policies')
730 after_vers = gpt_ini_version(self.gpo_guid)
731 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
732
733 reg_data = ndr_unpack(preg.file, open(reg_pol, 'rb').read())
734 ret = not any([get_string(e.valuename) == policy and e.data == 1
735 for e in reg_data.entries])
736 self.assertTrue(ret, 'The sudoers entry was not removed')
737
738 def test_smb_conf_list(self):
739 lp = LoadParm()
740 lp.load(os.environ['SERVERCONFFILE'])
741 local_path = lp.get('path', 'sysvol')
742 reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
743 self.gpo_guid, 'Machine/Registry.pol')
744
745 # Stage the Registry.pol file with test data
746 stage = preg.file()
747 e = preg.entry()
748 e.keyname = b'Software\\Policies\\Samba\\smb_conf'
749 e.valuename = b'apply group policies'
750 e.type = 4
751 e.data = 1
752 stage.num_entries = 1
753 stage.entries = [e]
754 ret = stage_file(reg_pol, ndr_pack(stage))
755 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
756
757 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "smb_conf",
758 "list"), self.gpo_guid,
759 "-H", "ldap://%s" %
760 os.environ["SERVER"],
761 "-U%s%%%s" %
762 (os.environ["USERNAME"],
763 os.environ["PASSWORD"]))
764 self.assertIn('%s = True' % e.valuename, out, 'The test entry was not found!')
765
766 # Unstage the Registry.pol file
767 unstage_file(reg_pol)
768
769 def test_security_set(self):
770 lp = LoadParm()
771 lp.load(os.environ['SERVERCONFFILE'])
772 local_path = lp.get('path', 'sysvol')
773 inf_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
774 self.gpo_guid, 'Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf')
775
776 before_vers = gpt_ini_version(self.gpo_guid)
777 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
778 "set"), self.gpo_guid,
779 'MaxTicketAge', '10',
780 "-H", "ldap://%s" %
781 os.environ["SERVER"],
782 "-U%s%%%s" %
783 (os.environ["USERNAME"],
784 os.environ["PASSWORD"]))
785 self.assertCmdSuccess(result, out, err,
786 'Failed to set MaxTicketAge')
787 self.assertTrue(os.path.exists(inf_pol),
788 '%s was not created' % inf_pol)
789 inf_pol_contents = open(inf_pol, 'r').read()
790 self.assertIn('MaxTicketAge = 10', inf_pol_contents,
791 'The test entry was not found!')
792 after_vers = gpt_ini_version(self.gpo_guid)
793 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
794
795 before_vers = after_vers
796 # Ensure an empty set command deletes the entry
797 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
798 "set"), self.gpo_guid,
799 'MaxTicketAge',
800 "-H", "ldap://%s" %
801 os.environ["SERVER"],
802 "-U%s%%%s" %
803 (os.environ["USERNAME"],
804 os.environ["PASSWORD"]))
805 self.assertCmdSuccess(result, out, err,
806 'Failed to unset MaxTicketAge')
807 inf_pol_contents = open(inf_pol, 'r').read()
808 self.assertNotIn('MaxTicketAge = 10', inf_pol_contents,
809 'The test entry was still found!')
810 after_vers = gpt_ini_version(self.gpo_guid)
811 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
812
813 def test_security_list(self):
814 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
815 "set"), self.gpo_guid,
816 'MaxTicketAge', '10',
817 "-H", "ldap://%s" %
818 os.environ["SERVER"],
819 "-U%s%%%s" %
820 (os.environ["USERNAME"],
821 os.environ["PASSWORD"]))
822 self.assertCmdSuccess(result, out, err,
823 'Failed to set MaxTicketAge')
824
825 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
826 "list"), self.gpo_guid,
827 "-H", "ldap://%s" %
828 os.environ["SERVER"],
829 "-U%s%%%s" %
830 (os.environ["USERNAME"],
831 os.environ["PASSWORD"]))
832 self.assertIn('MaxTicketAge = 10', out, 'The test entry was not found!')
833
834 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
835 "set"), self.gpo_guid,
836 'MaxTicketAge',
837 "-H", "ldap://%s" %
838 os.environ["SERVER"],
839 "-U%s%%%s" %
840 (os.environ["USERNAME"],
841 os.environ["PASSWORD"]))
842 self.assertCmdSuccess(result, out, err,
843 'Failed to unset MaxTicketAge')
844
845 def test_security_nonempty_sections(self):
846 lp = LoadParm()
847 lp.load(os.environ['SERVERCONFFILE'])
848 local_path = lp.get('path', 'sysvol')
849 gpt_inf = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
850 self.gpo_guid, 'Machine/Microsoft/Windows NT',
851 'SecEdit/GptTmpl.inf')
852
853 before_vers = gpt_ini_version(self.gpo_guid)
854 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
855 "set"), self.gpo_guid,
856 'MaxTicketAge', '10',
857 "-H", "ldap://%s" %
858 os.environ["SERVER"],
859 "-U%s%%%s" %
860 (os.environ["USERNAME"],
861 os.environ["PASSWORD"]))
862 self.assertCmdSuccess(result, out, err,
863 'Failed to set MaxTicketAge')
864 after_vers = gpt_ini_version(self.gpo_guid)
865 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
866
867 before_vers = after_vers
868 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
869 "set"), self.gpo_guid,
870 'MaxTicketAge',
871 "-H", "ldap://%s" %
872 os.environ["SERVER"],
873 "-U%s%%%s" %
874 (os.environ["USERNAME"],
875 os.environ["PASSWORD"]))
876 self.assertCmdSuccess(result, out, err,
877 'Failed to unset MaxTicketAge')
878 after_vers = gpt_ini_version(self.gpo_guid)
879 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
880
881 inf_data = ConfigParser(interpolation=None)
882 inf_data.read(gpt_inf)
883
884 self.assertFalse(inf_data.has_section('Kerberos Policy'))
885
886 def test_sudoers_add(self):
887 lp = LoadParm()
888 lp.load(os.environ['SERVERCONFFILE'])
889 local_path = lp.get('path', 'sysvol')
890 reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
891 self.gpo_guid, 'Machine/Registry.pol')
892
893 # Stage the Registry.pol file with test data
894 stage = preg.file()
895 e = preg.entry()
896 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
897 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
898 e.type = 1
899 e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
900 stage.num_entries = 1
901 stage.entries = [e]
902 ret = stage_file(reg_pol, ndr_pack(stage))
903 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
904
905 before_vers = gpt_ini_version(self.gpo_guid)
906 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
907 "sudoers", "add"),
908 self.gpo_guid, 'ALL', 'ALL',
909 'fakeu', 'fakeg', "-H",
910 "ldap://%s" %
911 os.environ["SERVER"],
912 "-U%s%%%s" %
913 (os.environ["USERNAME"],
914 os.environ["PASSWORD"]))
915 self.assertCmdSuccess(result, out, err, 'Sudoers add failed')
916 after_vers = gpt_ini_version(self.gpo_guid)
917 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
918
919 sudoer = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
920 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
921 "sudoers", "list"),
922 self.gpo_guid, "-H",
923 "ldap://%s" %
924 os.environ["SERVER"],
925 "-U%s%%%s" %
926 (os.environ["USERNAME"],
927 os.environ["PASSWORD"]))
928 self.assertIn(sudoer, out, 'The test entry was not found!')
929 self.assertIn(get_string(e.data), out, 'The test entry was not found!')
930
931 before_vers = after_vers
932 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
933 "sudoers", "remove"),
934 self.gpo_guid, sudoer,
935 "-H", "ldap://%s" %
936 os.environ["SERVER"],
937 "-U%s%%%s" %
938 (os.environ["USERNAME"],
939 os.environ["PASSWORD"]))
940 self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
941 after_vers = gpt_ini_version(self.gpo_guid)
942 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
943
944 before_vers = after_vers
945 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
946 "sudoers", "remove"),
947 self.gpo_guid,
948 get_string(e.data),
949 "-H", "ldap://%s" %
950 os.environ["SERVER"],
951 "-U%s%%%s" %
952 (os.environ["USERNAME"],
953 os.environ["PASSWORD"]))
954 self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
955 after_vers = gpt_ini_version(self.gpo_guid)
956 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
957
958 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
959 "sudoers", "list"),
960 self.gpo_guid, "-H",
961 "ldap://%s" %
962 os.environ["SERVER"],
963 "-U%s%%%s" %
964 (os.environ["USERNAME"],
965 os.environ["PASSWORD"]))
966 self.assertNotIn(sudoer, out, 'The test entry was still found!')
967 self.assertNotIn(get_string(e.data), out,
968 'The test entry was still found!')
969
970 # Unstage the Registry.pol file
971 unstage_file(reg_pol)
972
973 def test_sudoers_list(self):
974 lp = LoadParm()
975 lp.load(os.environ['SERVERCONFFILE'])
976 local_path = lp.get('path', 'sysvol')
977 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
978 self.gpo_guid, 'Machine/VGP/VTLA/Sudo',
979 'SudoersConfiguration/manifest.xml')
980
981 stage = etree.Element('vgppolicy')
982 policysetting = etree.SubElement(stage, 'policysetting')
983 pv = etree.SubElement(policysetting, 'version')
984 pv.text = '1'
985 name = etree.SubElement(policysetting, 'name')
986 name.text = 'Sudo Policy'
987 description = etree.SubElement(policysetting, 'description')
988 description.text = 'Sudoers File Configuration Policy'
989 apply_mode = etree.SubElement(policysetting, 'apply_mode')
990 apply_mode.text = 'merge'
991 data = etree.SubElement(policysetting, 'data')
992 load_plugin = etree.SubElement(data, 'load_plugin')
993 load_plugin.text = 'true'
994 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
995 command = etree.SubElement(sudoers_entry, 'command')
996 command.text = 'ALL'
997 user = etree.SubElement(sudoers_entry, 'user')
998 user.text = 'ALL'
999 listelement = etree.SubElement(sudoers_entry, 'listelement')
1000 principal = etree.SubElement(listelement, 'principal')
1001 principal.text = 'fakeu'
1002 principal.attrib['type'] = 'user'
1003 # Ensure an empty principal doesn't cause a crash
1004 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
1005 command = etree.SubElement(sudoers_entry, 'command')
1006 command.text = 'ALL'
1007 user = etree.SubElement(sudoers_entry, 'user')
1008 user.text = 'ALL'
1009 # Ensure having dispersed principals still works
1010 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
1011 command = etree.SubElement(sudoers_entry, 'command')
1012 command.text = 'ALL'
1013 user = etree.SubElement(sudoers_entry, 'user')
1014 user.text = 'ALL'
1015 listelement = etree.SubElement(sudoers_entry, 'listelement')
1016 principal = etree.SubElement(listelement, 'principal')
1017 principal.text = 'fakeu2'
1018 principal.attrib['type'] = 'user'
1019 listelement = etree.SubElement(sudoers_entry, 'listelement')
1020 group = etree.SubElement(listelement, 'principal')
1021 group.text = 'fakeg2'
1022 group.attrib['type'] = 'group'
1023 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1024 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1025
1026 reg_pol = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1027 self.gpo_guid, 'Machine/Registry.pol')
1028
1029 # Stage the Registry.pol file with test data
1030 stage = preg.file()
1031 e = preg.entry()
1032 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
1033 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
1034 e.type = 1
1035 e.data = b'fakeu3 ALL=(ALL) NOPASSWD: ALL'
1036 stage.num_entries = 1
1037 stage.entries = [e]
1038 ret = stage_file(reg_pol, ndr_pack(stage))
1039 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
1040
1041 sudoer = 'fakeu ALL=(ALL) NOPASSWD: ALL'
1042 sudoer2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
1043 sudoer_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
1044 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1045 "sudoers", "list"),
1046 self.gpo_guid, "-H",
1047 "ldap://%s" %
1048 os.environ["SERVER"],
1049 "-U%s%%%s" %
1050 (os.environ["USERNAME"],
1051 os.environ["PASSWORD"]))
1052 self.assertCmdSuccess(result, out, err, 'Sudoers list failed')
1053 self.assertIn(sudoer, out, 'The test entry was not found!')
1054 self.assertIn(sudoer2, out, 'The test entry was not found!')
1055 self.assertIn(get_string(e.data), out, 'The test entry was not found!')
1056 self.assertIn(sudoer_no_principal, out,
1057 'The test entry was not found!')
1058
1059 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1060 "sudoers", "remove"),
1061 self.gpo_guid, sudoer2,
1062 "-H", "ldap://%s" %
1063 os.environ["SERVER"],
1064 "-U%s%%%s" %
1065 (os.environ["USERNAME"],
1066 os.environ["PASSWORD"]))
1067 self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
1068
1069 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1070 "sudoers", "remove"),
1071 self.gpo_guid,
1072 sudoer_no_principal,
1073 "-H", "ldap://%s" %
1074 os.environ["SERVER"],
1075 "-U%s%%%s" %
1076 (os.environ["USERNAME"],
1077 os.environ["PASSWORD"]))
1078 self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
1079
1080 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1081 "sudoers", "list"),
1082 self.gpo_guid, "-H",
1083 "ldap://%s" %
1084 os.environ["SERVER"],
1085 "-U%s%%%s" %
1086 (os.environ["USERNAME"],
1087 os.environ["PASSWORD"]))
1088 self.assertNotIn(sudoer2, out, 'The test entry was still found!')
1089 self.assertNotIn(sudoer_no_principal, out,
1090 'The test entry was still found!')
1091
1092 # Unstage the manifest.xml file
1093 unstage_file(vgp_xml)
1094 # Unstage the Registry.pol file
1095 unstage_file(reg_pol)
1096
1097 def test_symlink_list(self):
1098 lp = LoadParm()
1099 lp.load(os.environ['SERVERCONFFILE'])
1100 local_path = lp.get('path', 'sysvol')
1101 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1102 self.gpo_guid, 'Machine/VGP/VTLA/Unix',
1103 'Symlink/manifest.xml')
1104 stage = etree.Element('vgppolicy')
1105 policysetting = etree.SubElement(stage, 'policysetting')
1106 pv = etree.SubElement(policysetting, 'version')
1107 pv.text = '1'
1108 name = etree.SubElement(policysetting, 'name')
1109 name.text = 'Symlink Policy'
1110 description = etree.SubElement(policysetting, 'description')
1111 description.text = 'Specifies symbolic link data'
1112 apply_mode = etree.SubElement(policysetting, 'apply_mode')
1113 apply_mode.text = 'merge'
1114 data = etree.SubElement(policysetting, 'data')
1115 file_properties = etree.SubElement(data, 'file_properties')
1116 source = etree.SubElement(file_properties, 'source')
1117 source.text = os.path.join(self.tempdir, 'test.source')
1118 target = etree.SubElement(file_properties, 'target')
1119 target.text = os.path.join(self.tempdir, 'test.target')
1120 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1121 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1122
1123 symlink = 'ln -s %s %s' % (source.text, target.text)
1124 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1125 "symlink", "list"),
1126 self.gpo_guid, "-H",
1127 "ldap://%s" %
1128 os.environ["SERVER"],
1129 "-U%s%%%s" %
1130 (os.environ["USERNAME"],
1131 os.environ["PASSWORD"]))
1132 self.assertIn(symlink, out, 'The test entry was not found!')
1133
1134 # Unstage the manifest.xml file
1135 unstage_file(vgp_xml)
1136
1137 def test_symlink_add(self):
1138 source_text = os.path.join(self.tempdir, 'test.source')
1139 target_text = os.path.join(self.tempdir, 'test.target')
1140 symlink = 'ln -s %s %s' % (source_text, target_text)
1141 before_vers = gpt_ini_version(self.gpo_guid)
1142 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1143 "symlink", "add"),
1144 self.gpo_guid,
1145 source_text, target_text,
1146 "-H", "ldap://%s" %
1147 os.environ["SERVER"],
1148 "-U%s%%%s" %
1149 (os.environ["USERNAME"],
1150 os.environ["PASSWORD"]))
1151 self.assertCmdSuccess(result, out, err, 'Symlink add failed')
1152 after_vers = gpt_ini_version(self.gpo_guid)
1153 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1154
1155 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1156 "symlink", "list"),
1157 self.gpo_guid, "-H",
1158 "ldap://%s" %
1159 os.environ["SERVER"],
1160 "-U%s%%%s" %
1161 (os.environ["USERNAME"],
1162 os.environ["PASSWORD"]))
1163 self.assertIn(symlink, out, 'The test entry was not found!')
1164
1165 before_vers = after_vers
1166 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1167 "symlink", "remove"),
1168 self.gpo_guid,
1169 source_text, target_text,
1170 "-H", "ldap://%s" %
1171 os.environ["SERVER"],
1172 "-U%s%%%s" %
1173 (os.environ["USERNAME"],
1174 os.environ["PASSWORD"]))
1175 self.assertCmdSuccess(result, out, err, 'Symlink remove failed')
1176 after_vers = gpt_ini_version(self.gpo_guid)
1177 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1178
1179 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1180 "symlink", "list"),
1181 self.gpo_guid, "-H",
1182 "ldap://%s" %
1183 os.environ["SERVER"],
1184 "-U%s%%%s" %
1185 (os.environ["USERNAME"],
1186 os.environ["PASSWORD"]))
1187 self.assertNotIn(symlink, out, 'The test entry was not removed!')
1188
1189 def test_files_list(self):
1190 lp = LoadParm()
1191 lp.load(os.environ['SERVERCONFFILE'])
1192 local_path = lp.get('path', 'sysvol')
1193 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1194 self.gpo_guid, 'Machine/VGP/VTLA/Unix',
1195 'Files/manifest.xml')
1196 source_file = os.path.join(local_path, lp.get('realm').lower(),
1197 'Policies', self.gpo_guid, 'Machine/VGP',
1198 'VTLA/Unix/Files/test.source')
1199 stage = etree.Element('vgppolicy')
1200 policysetting = etree.SubElement(stage, 'policysetting')
1201 pv = etree.SubElement(policysetting, 'version')
1202 pv.text = '1'
1203 name = etree.SubElement(policysetting, 'name')
1204 name.text = 'Files'
1205 description = etree.SubElement(policysetting, 'description')
1206 description.text = 'Represents file data to set/copy on clients'
1207 data = etree.SubElement(policysetting, 'data')
1208 file_properties = etree.SubElement(data, 'file_properties')
1209 source = etree.SubElement(file_properties, 'source')
1210 source.text = source_file
1211 target = etree.SubElement(file_properties, 'target')
1212 target.text = os.path.join(self.tempdir, 'test.target')
1213 user = etree.SubElement(file_properties, 'user')
1214 user.text = pwd.getpwuid(os.getuid()).pw_name
1215 group = etree.SubElement(file_properties, 'group')
1216 group.text = grp.getgrgid(os.getgid()).gr_name
1217
1218 # Request permissions of 755
1219 permissions = etree.SubElement(file_properties, 'permissions')
1220 permissions.set('type', 'user')
1221 etree.SubElement(permissions, 'read')
1222 etree.SubElement(permissions, 'write')
1223 etree.SubElement(permissions, 'execute')
1224 permissions = etree.SubElement(file_properties, 'permissions')
1225 permissions.set('type', 'group')
1226 etree.SubElement(permissions, 'read')
1227 etree.SubElement(permissions, 'execute')
1228 permissions = etree.SubElement(file_properties, 'permissions')
1229 permissions.set('type', 'other')
1230 etree.SubElement(permissions, 'read')
1231 etree.SubElement(permissions, 'execute')
1232
1233 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1234 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1235
1236 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1237 "files", "list"),
1238 self.gpo_guid, "-H",
1239 "ldap://%s" %
1240 os.environ["SERVER"],
1241 "-U%s%%%s" %
1242 (os.environ["USERNAME"],
1243 os.environ["PASSWORD"]))
1244 self.assertIn(target.text, out, 'The test entry was not found!')
1245 self.assertIn('-rwxr-xr-x', out,
1246 'The test entry permissions were not found')
1247
1248 # Unstage the manifest.xml file
1249 unstage_file(vgp_xml)
1250
1251 def test_files_add(self):
1252 lp = LoadParm()
1253 lp.load(os.environ['SERVERCONFFILE'])
1254 local_path = lp.get('path', 'sysvol')
1255 sysvol_source = os.path.join(local_path, lp.get('realm').lower(),
1256 'Policies', self.gpo_guid, 'Machine/VGP',
1257 'VTLA/Unix/Files/test.source')
1258 source_file = os.path.join(self.tempdir, 'test.source')
1259 source_data = '#!/bin/sh\necho hello world'
1260 with open(source_file, 'w') as w:
1261 w.write(source_data)
1262 target_file = os.path.join(self.tempdir, 'test.target')
1263 user = pwd.getpwuid(os.getuid()).pw_name
1264 group = grp.getgrgid(os.getgid()).gr_name
1265 before_vers = gpt_ini_version(self.gpo_guid)
1266 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1267 "files", "add"),
1268 self.gpo_guid,
1269 source_file,
1270 target_file,
1271 user, group,
1272 '755', "-H",
1273 "ldap://%s" %
1274 os.environ["SERVER"],
1275 "-U%s%%%s" %
1276 (os.environ["USERNAME"],
1277 os.environ["PASSWORD"]))
1278 self.assertCmdSuccess(result, out, err, 'File add failed')
1279 self.assertIn(source_data, open(sysvol_source, 'r').read(),
1280 'Failed to find the source file on the sysvol')
1281 after_vers = gpt_ini_version(self.gpo_guid)
1282 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1283
1284 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1285 "files", "list"),
1286 self.gpo_guid, "-H",
1287 "ldap://%s" %
1288 os.environ["SERVER"],
1289 "-U%s%%%s" %
1290 (os.environ["USERNAME"],
1291 os.environ["PASSWORD"]))
1292 self.assertIn(target_file, out, 'The test entry was not found!')
1293 self.assertIn('-rwxr-xr-x', out,
1294 'The test entry permissions were not found')
1295
1296 os.unlink(source_file)
1297
1298 before_vers = after_vers
1299 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1300 "files", "remove"),
1301 self.gpo_guid,
1302 target_file, "-H",
1303 "ldap://%s" %
1304 os.environ["SERVER"],
1305 "-U%s%%%s" %
1306 (os.environ["USERNAME"],
1307 os.environ["PASSWORD"]))
1308 self.assertCmdSuccess(result, out, err, 'File remove failed')
1309 after_vers = gpt_ini_version(self.gpo_guid)
1310 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1311
1312 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1313 "files", "list"),
1314 self.gpo_guid, "-H",
1315 "ldap://%s" %
1316 os.environ["SERVER"],
1317 "-U%s%%%s" %
1318 (os.environ["USERNAME"],
1319 os.environ["PASSWORD"]))
1320 self.assertNotIn(target_file, out, 'The test entry was still found!')
1321
1322 def test_vgp_openssh_list(self):
1323 lp = LoadParm()
1324 lp.load(os.environ['SERVERCONFFILE'])
1325 local_path = lp.get('path', 'sysvol')
1326 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1327 self.gpo_guid, 'Machine/VGP/VTLA/SshCfg',
1328 'SshD/manifest.xml')
1329
1330 stage = etree.Element('vgppolicy')
1331 policysetting = etree.SubElement(stage, 'policysetting')
1332 pv = etree.SubElement(policysetting, 'version')
1333 pv.text = '1'
1334 name = etree.SubElement(policysetting, 'name')
1335 name.text = 'Configuration File'
1336 description = etree.SubElement(policysetting, 'description')
1337 description.text = 'Represents Unix configuration file settings'
1338 apply_mode = etree.SubElement(policysetting, 'apply_mode')
1339 apply_mode.text = 'merge'
1340 data = etree.SubElement(policysetting, 'data')
1341 configfile = etree.SubElement(data, 'configfile')
1342 etree.SubElement(configfile, 'filename')
1343 configsection = etree.SubElement(configfile, 'configsection')
1344 etree.SubElement(configsection, 'sectionname')
1345 opt = etree.SubElement(configsection, 'keyvaluepair')
1346 key = etree.SubElement(opt, 'key')
1347 key.text = 'KerberosAuthentication'
1348 value = etree.SubElement(opt, 'value')
1349 value.text = 'Yes'
1350 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1351 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1352
1353 openssh = 'KerberosAuthentication Yes'
1354 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1355 "openssh", "list"),
1356 self.gpo_guid, "-H",
1357 "ldap://%s" %
1358 os.environ["SERVER"],
1359 "-U%s%%%s" %
1360 (os.environ["USERNAME"],
1361 os.environ["PASSWORD"]))
1362 self.assertIn(openssh, out, 'The test entry was not found!')
1363
1364 # Unstage the manifest.xml file
1365 unstage_file(vgp_xml)
1366
1367 def test_vgp_openssh_set(self):
1368 before_vers = gpt_ini_version(self.gpo_guid)
1369 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1370 "openssh", "set"),
1371 self.gpo_guid,
1372 "KerberosAuthentication",
1373 "Yes", "-H",
1374 "ldap://%s" %
1375 os.environ["SERVER"],
1376 "-U%s%%%s" %
1377 (os.environ["USERNAME"],
1378 os.environ["PASSWORD"]))
1379 self.assertCmdSuccess(result, out, err, 'OpenSSH set failed')
1380 after_vers = gpt_ini_version(self.gpo_guid)
1381 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1382
1383 openssh = 'KerberosAuthentication Yes'
1384 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1385 "openssh", "list"),
1386 self.gpo_guid, "-H",
1387 "ldap://%s" %
1388 os.environ["SERVER"],
1389 "-U%s%%%s" %
1390 (os.environ["USERNAME"],
1391 os.environ["PASSWORD"]))
1392 self.assertIn(openssh, out, 'The test entry was not found!')
1393
1394 before_vers = after_vers
1395 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1396 "openssh", "set"),
1397 self.gpo_guid,
1398 "KerberosAuthentication", "-H",
1399 "ldap://%s" %
1400 os.environ["SERVER"],
1401 "-U%s%%%s" %
1402 (os.environ["USERNAME"],
1403 os.environ["PASSWORD"]))
1404 self.assertCmdSuccess(result, out, err, 'OpenSSH unset failed')
1405 after_vers = gpt_ini_version(self.gpo_guid)
1406 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1407
1408 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1409 "openssh", "list"),
1410 self.gpo_guid, "-H",
1411 "ldap://%s" %
1412 os.environ["SERVER"],
1413 "-U%s%%%s" %
1414 (os.environ["USERNAME"],
1415 os.environ["PASSWORD"]))
1416 self.assertNotIn(openssh, out, 'The test entry was still found!')
1417
1418 def test_startup_script_add(self):
1419 lp = LoadParm()
1420 fname = None
1421 before_vers = gpt_ini_version(self.gpo_guid)
1422 with NamedTemporaryFile() as f:
1423 fname = os.path.basename(f.name)
1424 f.write(b'#!/bin/sh\necho $@ hello world')
1425 f.flush()
1426 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1427 "scripts", "startup",
1428 "add"), self.gpo_guid,
1429 f.name, "'-n'", "-H",
1430 "ldap://%s" %
1431 os.environ["SERVER"],
1432 "-U%s%%%s" %
1433 (os.environ["USERNAME"],
1434 os.environ["PASSWORD"]))
1435 self.assertCmdSuccess(result, out, err, 'Script add failed')
1436 after_vers = gpt_ini_version(self.gpo_guid)
1437 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1438
1439 script_path = '\\'.join(['\\', lp.get('realm').lower(), 'Policies',
1440 self.gpo_guid, 'MACHINE\\VGP\\VTLA\\Unix',
1441 'Scripts\\Startup', fname])
1442 entry = '@reboot root %s -n' % script_path
1443 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "scripts",
1444 "startup", "list"),
1445 self.gpo_guid, "-H",
1446 "ldap://%s" %
1447 os.environ["SERVER"],
1448 "-U%s%%%s" %
1449 (os.environ["USERNAME"],
1450 os.environ["PASSWORD"]))
1451 self.assertIn(entry, out, 'The test entry was not found!')
1452 local_path = lp.get('path', 'sysvol')
1453 local_script_path = os.path.join(local_path, lp.get('realm').lower(),
1454 'Policies', self.gpo_guid,
1455 'Machine/VGP/VTLA/Unix',
1456 'Scripts/Startup', fname)
1457 self.assertTrue(os.path.exists(local_script_path),
1458 'The test script was not uploaded to the sysvol')
1459
1460 before_vers = after_vers
1461 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1462 "scripts", "startup",
1463 "remove"), self.gpo_guid,
1464 f.name, "-H",
1465 "ldap://%s" %
1466 os.environ["SERVER"],
1467 "-U%s%%%s" %
1468 (os.environ["USERNAME"],
1469 os.environ["PASSWORD"]))
1470 self.assertCmdSuccess(result, out, err, 'Script remove failed')
1471 after_vers = gpt_ini_version(self.gpo_guid)
1472 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1473
1474 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "scripts",
1475 "startup", "list"),
1476 self.gpo_guid, "-H",
1477 "ldap://%s" %
1478 os.environ["SERVER"],
1479 "-U%s%%%s" %
1480 (os.environ["USERNAME"],
1481 os.environ["PASSWORD"]))
1482 self.assertNotIn(entry, out, 'The test entry was still found!')
1483
1484 def test_startup_script_list(self):
1485 lp = LoadParm()
1486 lp.load(os.environ['SERVERCONFFILE'])
1487 local_path = lp.get('path', 'sysvol')
1488 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1489 self.gpo_guid, 'Machine/VGP/VTLA/Unix',
1490 'Scripts/Startup/manifest.xml')
1491 stage = etree.Element('vgppolicy')
1492 policysetting = etree.SubElement(stage, 'policysetting')
1493 pv = etree.SubElement(policysetting, 'version')
1494 pv.text = '1'
1495 name = etree.SubElement(policysetting, 'name')
1496 name.text = 'Unix Scripts'
1497 description = etree.SubElement(policysetting, 'description')
1498 description.text = 'Represents Unix scripts to run on Group Policy clients'
1499 data = etree.SubElement(policysetting, 'data')
1500 listelement = etree.SubElement(data, 'listelement')
1501 script = etree.SubElement(listelement, 'script')
1502 script.text = 'test.sh'
1503 parameters = etree.SubElement(listelement, 'parameters')
1504 parameters.text = '-e'
1505 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1506 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1507
1508 script_path = '\\'.join(['\\', lp.get('realm').lower(), 'Policies',
1509 self.gpo_guid, 'MACHINE\\VGP\\VTLA\\Unix',
1510 'Scripts\\Startup', script.text])
1511 entry = '@reboot root %s %s' % (script_path, parameters.text)
1512 (result, out, err) = self.runsublevelcmd("gpo", ("manage", "scripts",
1513 "startup", "list"),
1514 self.gpo_guid, "-H",
1515 "ldap://%s" %
1516 os.environ["SERVER"],
1517 "-U%s%%%s" %
1518 (os.environ["USERNAME"],
1519 os.environ["PASSWORD"]))
1520 self.assertIn(entry, out, 'The test entry was not found!')
1521
1522 # Unstage the manifest.xml file
1523 unstage_file(vgp_xml)
1524
1525 def test_vgp_motd_set(self):
1526 text = 'This is the message of the day'
1527 msg = '"%s\n"' % text
1528 before_vers = gpt_ini_version(self.gpo_guid)
1529 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1530 "motd", "set"),
1531 self.gpo_guid,
1532 msg, "-H",
1533 "ldap://%s" %
1534 os.environ["SERVER"],
1535 "-U%s%%%s" %
1536 (os.environ["USERNAME"],
1537 os.environ["PASSWORD"]))
1538 self.assertCmdSuccess(result, out, err, 'MOTD set failed')
1539 after_vers = gpt_ini_version(self.gpo_guid)
1540 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1541
1542 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1543 "motd", "list"),
1544 self.gpo_guid, "-H",
1545 "ldap://%s" %
1546 os.environ["SERVER"],
1547 "-U%s%%%s" %
1548 (os.environ["USERNAME"],
1549 os.environ["PASSWORD"]))
1550 self.assertIn(text, out, 'The test entry was not found!')
1551
1552 before_vers = after_vers
1553 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1554 "motd", "set"),
1555 self.gpo_guid, "-H",
1556 "ldap://%s" %
1557 os.environ["SERVER"],
1558 "-U%s%%%s" %
1559 (os.environ["USERNAME"],
1560 os.environ["PASSWORD"]))
1561 self.assertCmdSuccess(result, out, err, 'MOTD unset failed')
1562 after_vers = gpt_ini_version(self.gpo_guid)
1563 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1564
1565 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1566 "motd", "list"),
1567 self.gpo_guid, "-H",
1568 "ldap://%s" %
1569 os.environ["SERVER"],
1570 "-U%s%%%s" %
1571 (os.environ["USERNAME"],
1572 os.environ["PASSWORD"]))
1573 self.assertNotIn(text, out, 'The test entry was still found!')
1574
1575 def test_vgp_motd(self):
1576 lp = LoadParm()
1577 lp.load(os.environ['SERVERCONFFILE'])
1578 local_path = lp.get('path', 'sysvol')
1579 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1580 self.gpo_guid, 'Machine/VGP/VTLA/Unix',
1581 'MOTD/manifest.xml')
1582
1583 stage = etree.Element('vgppolicy')
1584 policysetting = etree.SubElement(stage, 'policysetting')
1585 pv = etree.SubElement(policysetting, 'version')
1586 pv.text = '1'
1587 name = etree.SubElement(policysetting, 'name')
1588 name.text = 'Text File'
1589 description = etree.SubElement(policysetting, 'description')
1590 description.text = 'Represents a Generic Text File'
1591 apply_mode = etree.SubElement(policysetting, 'apply_mode')
1592 apply_mode.text = 'replace'
1593 data = etree.SubElement(policysetting, 'data')
1594 filename = etree.SubElement(data, 'filename')
1595 filename.text = 'motd'
1596 text = etree.SubElement(data, 'text')
1597 text.text = 'This is a message of the day'
1598 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1599 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1600
1601 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1602 "motd", "list"),
1603 self.gpo_guid, "-H",
1604 "ldap://%s" %
1605 os.environ["SERVER"],
1606 "-U%s%%%s" %
1607 (os.environ["USERNAME"],
1608 os.environ["PASSWORD"]))
1609 self.assertIn(text.text, out, 'The test entry was not found!')
1610
1611 # Unstage the manifest.xml file
1612 unstage_file(vgp_xml)
1613
1614 def test_vgp_issue_list(self):
1615 lp = LoadParm()
1616 lp.load(os.environ['SERVERCONFFILE'])
1617 local_path = lp.get('path', 'sysvol')
1618 vgp_xml = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
1619 self.gpo_guid, 'Machine/VGP/VTLA/Unix',
1620 'Issue/manifest.xml')
1621
1622 stage = etree.Element('vgppolicy')
1623 policysetting = etree.SubElement(stage, 'policysetting')
1624 pv = etree.SubElement(policysetting, 'version')
1625 pv.text = '1'
1626 name = etree.SubElement(policysetting, 'name')
1627 name.text = 'Text File'
1628 description = etree.SubElement(policysetting, 'description')
1629 description.text = 'Represents a Generic Text File'
1630 apply_mode = etree.SubElement(policysetting, 'apply_mode')
1631 apply_mode.text = 'replace'
1632 data = etree.SubElement(policysetting, 'data')
1633 filename = etree.SubElement(data, 'filename')
1634 filename.text = 'issue'
1635 text = etree.SubElement(data, 'text')
1636 text.text = 'Welcome to Samba!'
1637 ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
1638 self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
1639
1640 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1641 "issue", "list"),
1642 self.gpo_guid, "-H",
1643 "ldap://%s" %
1644 os.environ["SERVER"],
1645 "-U%s%%%s" %
1646 (os.environ["USERNAME"],
1647 os.environ["PASSWORD"]))
1648 self.assertIn(text.text, out, 'The test entry was not found!')
1649
1650 # Unstage the manifest.xml file
1651 unstage_file(vgp_xml)
1652
1653 def test_vgp_issue_set(self):
1654 text = 'Welcome to Samba!'
1655 msg = '"%s\n"' % text
1656 before_vers = gpt_ini_version(self.gpo_guid)
1657 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1658 "issue", "set"),
1659 self.gpo_guid,
1660 msg, "-H",
1661 "ldap://%s" %
1662 os.environ["SERVER"],
1663 "-U%s%%%s" %
1664 (os.environ["USERNAME"],
1665 os.environ["PASSWORD"]))
1666 self.assertCmdSuccess(result, out, err, 'Issue set failed')
1667 after_vers = gpt_ini_version(self.gpo_guid)
1668 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1669
1670 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1671 "issue", "list"),
1672 self.gpo_guid, "-H",
1673 "ldap://%s" %
1674 os.environ["SERVER"],
1675 "-U%s%%%s" %
1676 (os.environ["USERNAME"],
1677 os.environ["PASSWORD"]))
1678 self.assertIn(text, out, 'The test entry was not found!')
1679
1680 before_vers = after_vers
1681 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1682 "issue", "set"),
1683 self.gpo_guid, "-H",
1684 "ldap://%s" %
1685 os.environ["SERVER"],
1686 "-U%s%%%s" %
1687 (os.environ["USERNAME"],
1688 os.environ["PASSWORD"]))
1689 self.assertCmdSuccess(result, out, err, 'Issue unset failed')
1690 after_vers = gpt_ini_version(self.gpo_guid)
1691 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1692
1693 (result, out, err) = self.runsublevelcmd("gpo", ("manage",
1694 "issue", "list"),
1695 self.gpo_guid, "-H",
1696 "ldap://%s" %
1697 os.environ["SERVER"],
1698 "-U%s%%%s" %
1699 (os.environ["USERNAME"],
1700 os.environ["PASSWORD"]))
1701 self.assertNotIn(text, out, 'The test entry was still found!')
1702
1703 def test_load_show_remove(self):
1704 before_vers = gpt_ini_version(self.gpo_guid)
1705 with NamedTemporaryFile() as f:
1706 f.write(gpo_load_json)
1707 f.flush()
1708 (result, out, err) = self.runsubcmd("gpo", "load",
1709 self.gpo_guid,
1710 "--content=%s" % f.name,
1711 "--machine-ext-name=%s" %
1712 ext_guids[0],
1713 "--user-ext-name=%s" %
1714 ext_guids[1],
1715 "-H", "ldap://%s" %
1716 os.environ["SERVER"],
1717 "-U%s%%%s" %
1718 (os.environ["USERNAME"],
1719 os.environ["PASSWORD"]))
1720 self.assertCmdSuccess(result, out, err, 'Loading policy failed')
1721 after_vers = gpt_ini_version(self.gpo_guid)
1722 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1723
1724 before_vers = after_vers
1725 # Write the default registry extension
1726 with NamedTemporaryFile() as f:
1727 f.write(b'[]') # Intentionally empty policy
1728 f.flush()
1729 # Load an empty policy, taking the default client extension
1730 (result, out, err) = self.runsubcmd("gpo", "load",
1731 self.gpo_guid,
1732 "--content=%s" % f.name,
1733 "-H", "ldap://%s" %
1734 os.environ["SERVER"],
1735 "-U%s%%%s" %
1736 (os.environ["USERNAME"],
1737 os.environ["PASSWORD"]))
1738 self.assertCmdSuccess(result, out, err, 'Loading policy failed')
1739 after_vers = gpt_ini_version(self.gpo_guid)
1740 self.assertEqual(after_vers, before_vers,
1741 'GPT.INI changed on empty merge')
1742
1743 (result, out, err) = self.runsubcmd("gpo", "show", self.gpo_guid, "-H",
1744 "ldap://%s" % os.environ["SERVER"])
1745 self.assertCmdSuccess(result, out, err, 'Failed to fetch gpos')
1746 self.assertIn('homepage', out, 'Homepage policy not loaded')
1747 self.assertIn('samba.org', out, 'Homepage policy not loaded')
1748 self.assertIn(ext_guids[0], out, 'Machine extension not loaded')
1749 self.assertIn(ext_guids[1], out, 'User extension not loaded')
1750 self.assertIn('{35378eac-683f-11d2-a89a-00c04fbbcfa2}', out,
1751 'Default extension not loaded')
1752 toolbar_data = '"valuename": "IEToolbar",\n "class": "USER",' + \
1753 '\n "type": "REG_BINARY",' + \
1754 '\n "data": [\n 0\n ]'
1755 self.assertIn(toolbar_data, out, 'Toolbar policy not loaded')
1756 restrict_data = '"valuename": "RestrictImplicitTextCollection",' + \
1757 '\n "class": "USER",' + \
1758 '\n "type": "REG_DWORD",\n "data": 1\n'
1759 self.assertIn(restrict_data, out, 'Restrict policy not loaded')
1760 ext_data = '" \\"key\\": \\"value\\"",'
1761 self.assertIn(ext_data, out, 'Extension policy not loaded')
1762
1763 before_vers = after_vers
1764 with NamedTemporaryFile() as f:
1765 f.write(gpo_remove_json)
1766 f.flush()
1767 (result, out, err) = self.runsubcmd("gpo", "remove",
1768 self.gpo_guid,
1769 "--content=%s" % f.name,
1770 "--machine-ext-name=%s" %
1771 ext_guids[0],
1772 "--user-ext-name=%s" %
1773 ext_guids[1],
1774 "-H", "ldap://%s" %
1775 os.environ["SERVER"],
1776 "-U%s%%%s" %
1777 (os.environ["USERNAME"],
1778 os.environ["PASSWORD"]))
1779 self.assertCmdSuccess(result, out, err, 'Removing policy failed')
1780 after_vers = gpt_ini_version(self.gpo_guid)
1781 self.assertGreater(after_vers, before_vers, 'GPT.INI was not updated')
1782
1783 (result, out, err) = self.runsubcmd("gpo", "show", self.gpo_guid, "-H",
1784 "ldap://%s" % os.environ["SERVER"])
1785 self.assertCmdSuccess(result, out, err, 'Failed to fetch gpos')
1786 self.assertNotIn('samba.org', out, 'Homepage policy not removed')
1787 self.assertNotIn(ext_guids[0], out, 'Machine extension not unloaded')
1788 self.assertNotIn(ext_guids[1], out, 'User extension not unloaded')
1789
1790 def test_cse_register_unregister_list(self):
1791 with NamedTemporaryFile() as f:
1792 (result, out, err) = self.runsublevelcmd("gpo", ("cse",
1793 "register"),
1794 f.name, 'gp_test_ext',
1795 '--machine')
1796 self.assertCmdSuccess(result, out, err, 'CSE register failed')
1797
1798 (result, out, err) = self.runsublevelcmd("gpo", ("cse",
1799 "list"))
1800 self.assertIn(f.name, out, 'The test cse was not found')
1801 self.assertIn('ProcessGroupPolicy : gp_test_ext', out,
1802 'The test cse was not found')
1803 self.assertIn('MachinePolicy : True', out,
1804 'The test cse was not enabled')
1805 self.assertIn('UserPolicy : False', out,
1806 'The test cse should not have User policy enabled')
1807 cse_ext = re.findall(r'^UniqueGUID\s+:\s+(.*)', out)
1808 self.assertEqual(len(cse_ext), 1,
1809 'The test cse GUID was not found')
1810 cse_ext = cse_ext[0]
1811 self.assertTrue(check_guid(cse_ext),
1812 'The test cse GUID was not formatted correctly')
1813
1814 (result, out, err) = self.runsublevelcmd("gpo", ("cse",
1815 "unregister"),
1816 cse_ext)
1817 self.assertCmdSuccess(result, out, err, 'CSE unregister failed')
1818
1819 (result, out, err) = self.runsublevelcmd("gpo", ("cse",
1820 "list"))
1821 self.assertNotIn(f.name, out, 'The test cse was still found')
1822
1823 def setUp(self):
1824 """set up a temporary GPO to work with"""
1825 super().setUp()
1826 (result, out, err) = self.runsubcmd("gpo", "create", self.gpo_name,
1827 "-H", "ldap://%s" % os.environ["SERVER"],
1828 "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]),
1829 "--tmpdir", self.tempdir)
1830 self.assertCmdSuccess(result, out, err, "Ensuring gpo created successfully")
1831 shutil.rmtree(os.path.join(self.tempdir, "policy"))
1832 try:
1833 self.gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
1834 except IndexError:
1835 self.fail("Failed to find GUID in output: %s" % out)
1836
1837 self.backup_path = os.path.join(samba.source_tree_topdir(), 'source4',
1838 'selftest', 'provisions',
1839 'generalized-gpo-backup')
1840
1841 self.entity_file = os.path.join(self.backup_path, 'entities')
1842
1843 def tearDown(self):
1844 """remove the temporary GPO to work with"""
1845 (result, out, err) = self.runsubcmd("gpo", "del", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
1846 self.assertCmdSuccess(result, out, err, "Ensuring gpo deleted successfully")
1847 super().tearDown()
GSS-enabled samba4