[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Feb 8 23:37:01 UTC 2021
The branch, master has been updated
via d6f9172c929 samba-tool: Add a gpo command for removing VGP Files Group Policy
via c1d67b27429 samba-tool: Test gpo manage files remove command
via 6334307ae70 samba-tool: Add a gpo command for adding VGP Files Group Policy
via a974cd94af8 samba-tool: Test gpo manage files add command
via a786e30fdae samba-tool: Add a gpo command for listing VGP Files Group Policy
via 926cdeb10f5 samba-tool: Test gpo manage files list command
via 0b66bf6512f gpo: Apply Group Policy Files Policy from VGP
via f7ef066f7f5 gpo: Test Group Policy VGP Files Policy
via 6a81f431774 ctdb-tests: Actually wait for record to migrate to lmaster node
from 1b3d70e9ae9 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d6f9172c9298889846725787727488235d368f24
Author: David Mulder <dmulder at suse.com>
Date: Thu Jan 28 09:21:42 2021 -0700
samba-tool: Add a gpo command for removing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 8 23:36:57 UTC 2021 on sn-devel-184
commit c1d67b27429837861c7eac0ed55a4aa69fbffb35
Author: David Mulder <dmulder at suse.com>
Date: Wed Jan 27 14:05:29 2021 -0700
samba-tool: Test gpo manage files remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6334307ae70ac51499ae0ed2a04eb646fd362f83
Author: David Mulder <dmulder at suse.com>
Date: Wed Jan 27 13:21:32 2021 -0700
samba-tool: Add a gpo command for adding VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a974cd94af8c2855ca8fa55968d5528333bfe620
Author: David Mulder <dmulder at suse.com>
Date: Tue Jan 26 13:43:43 2021 -0700
samba-tool: Test gpo manage files add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a786e30fdae7d96bccfcb2a0f44036b5e231bdc7
Author: David Mulder <dmulder at suse.com>
Date: Tue Jan 26 10:46:27 2021 -0700
samba-tool: Add a gpo command for listing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 926cdeb10f5d6af61f1836a90471a17b37d1fd13
Author: David Mulder <dmulder at suse.com>
Date: Tue Jan 26 10:07:18 2021 -0700
samba-tool: Test gpo manage files list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0b66bf6512f49e199f08485de84ca2177a191be3
Author: David Mulder <dmulder at suse.com>
Date: Mon Jan 25 08:13:18 2021 -0700
gpo: Apply Group Policy Files Policy from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f7ef066f7f51040eee2e1a43f5f218c25bc54761
Author: David Mulder <dmulder at suse.com>
Date: Fri Jan 22 10:09:55 2021 -0700
gpo: Test Group Policy VGP Files Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6a81f4317744c5ca82e9291ac172d1fb5b224442
Author: Martin Schwenke <martin at meltin.net>
Date: Tue Feb 2 12:45:04 2021 +1100
ctdb-tests: Actually wait for record to migrate to lmaster node
This test has been failing with:
Wait until record is migrated to lmaster node 0
<30|BAD: node 0 is not dmaster
dmaster: 1
rsn: 8
flags: 0x00010000 MIGRATED_WITH_DATA
data(6) = "value1"
*** TEST COMPLETED (RC=1) AT 2021-02-02 06:18:48, CLEANING UP...
This should never happen. If this really fails then the wait should
time out.
The problem is that wait_until() does:
"$@" || _rc=$?
and vacuum_test_key_dmaster() currently calls ctdb_test_fail() on
failure, which causes the shell to exit. Instead, pass a variant to
wait_until() that simply returns the correct status instead of
exiting.
An alternative would be to change the statement in wait_until() to do:
("$@") || _rc=$?
so it captures the exit. However, this is a global change and
requires more thought.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/tests/INTEGRATION/database/scripts/local.bash | 42 +++-
.../INTEGRATION/database/vacuum.031.locked.sh | 2 +-
docs-xml/manpages/samba-tool.8.xml | 15 ++
python/samba/netcmd/gpo.py | 276 +++++++++++++++++++++
python/samba/tests/gpo.py | 91 ++++++-
python/samba/tests/samba_tool/gpo.py | 129 +++++++++-
python/samba/vgp_files_ext.py | 140 +++++++++++
source4/scripting/bin/samba-gpupdate | 2 +
8 files changed, 689 insertions(+), 8 deletions(-)
create mode 100644 python/samba/vgp_files_ext.py
Changeset truncated at 500 lines:
diff --git a/ctdb/tests/INTEGRATION/database/scripts/local.bash b/ctdb/tests/INTEGRATION/database/scripts/local.bash
index 5334b1cb7d8..ae2e0d58de5 100644
--- a/ctdb/tests/INTEGRATION/database/scripts/local.bash
+++ b/ctdb/tests/INTEGRATION/database/scripts/local.bash
@@ -30,7 +30,7 @@ check_cattdb_num_records ()
return $ret
}
-vacuum_test_key_dmaster ()
+_key_dmaster_check ()
{
local node="$1"
local db="$2"
@@ -41,10 +41,42 @@ vacuum_test_key_dmaster ()
# shellcheck disable=SC2154
# $outfile is set above by try_command_on_node()
- if ! grep -Fqx "dmaster: ${dmaster}" "$outfile" ; then
- echo "BAD: node ${dmaster} is not dmaster"
- cat "$outfile"
- ctdb_test_fail
+ grep -Fqx "dmaster: ${dmaster}" "$outfile"
+}
+
+_key_dmaster_fail ()
+{
+ local dmaster="$1"
+
+ echo "BAD: node ${dmaster} is not dmaster"
+ # shellcheck disable=SC2154
+ # $outfile is set by the caller via _key_dmaster_check()
+ cat "$outfile"
+ ctdb_test_fail
+}
+
+vacuum_test_key_dmaster ()
+{
+ local node="$1"
+ local db="$2"
+ local key="$3"
+ local dmaster="${4:-${node}}"
+
+ if ! _key_dmaster_check "$node" "$db" "$key" "$dmaster" ; then
+ _key_dmaster_fail "$dmaster"
+ fi
+}
+
+vacuum_test_wait_key_dmaster ()
+{
+ local node="$1"
+ local db="$2"
+ local key="$3"
+ local dmaster="${4:-${node}}"
+
+ if ! wait_until 30 \
+ _key_dmaster_check "$node" "$db" "$key" "$dmaster" ; then
+ _key_dmaster_fail "$dmaster"
fi
}
diff --git a/ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh b/ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh
index b6adbf73c87..d16482e2e63 100755
--- a/ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh
+++ b/ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh
@@ -100,7 +100,7 @@ try_command_on_node "$non_lmaster" "kill ${pid}"
ctdb_test_cleanup_pid_clear
echo "Wait until record is migrated to lmaster node ${lmaster}"
-wait_until 30 vacuum_test_key_dmaster "$lmaster" "$db" "$key"
+vacuum_test_wait_key_dmaster "$lmaster" "$db" "$key"
echo
echo "Confirm that all nodes still have the record"
diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index 83511b4ddf6..4de7602570b 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -899,6 +899,21 @@
<para>Removes a VGP Symbolic Link Group Policy from the sysvol</para>
</refsect3>
+<refsect3>
+ <title>gpo manage files list</title>
+ <para>List VGP Files Group Policy from the sysvol</para>
+</refsect3>
+
+<refsect3>
+ <title>gpo manage files add</title>
+ <para>Add VGP Files Group Policy to the sysvol</para>
+</refsect3>
+
+<refsect3>
+ <title>gpo manage files remove</title>
+ <para>Remove VGP Files Group Policy from the sysvol</para>
+</refsect3>
+
<refsect2>
<title>group</title>
<para>Manage groups.</para>
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index 2a3ffdfe557..8decbe0a8af 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -68,6 +68,7 @@ from samba.netcmd.common import attr_default
from samba.common import get_bytes, get_string
from configparser import ConfigParser
from io import StringIO, BytesIO
+from samba.vgp_files_ext import calc_mode, stat_from_mode
def gpo_flags_string(value):
@@ -2488,6 +2489,280 @@ class cmd_symlink(SuperCommand):
subcommands["add"] = cmd_add_symlink()
subcommands["remove"] = cmd_remove_symlink()
+class cmd_list_files(Command):
+ """List VGP Files Group Policy from the sysvol
+
+This command lists files which will be copied from the sysvol and applied to winbind clients.
+
+Example:
+samba-tool gpo manage files list {31B2F340-016D-11D2-945F-00C04FB984F9}
+ """
+
+ synopsis = "%prog <gpo> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+ metavar="URL", dest="H"),
+ ]
+
+ takes_args = ["gpo"]
+
+ def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+ # We need to know writable DC to setup SMB connection
+ if H and H.startswith('ldap://'):
+ dc_hostname = H[7:]
+ self.url = H
+ else:
+ dc_hostname = netcmd_finddc(self.lp, self.creds)
+ self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+ # SMB connect to DC
+ conn = smb_connection(dc_hostname,
+ 'sysvol',
+ lp=self.lp,
+ creds=self.creds)
+
+ realm = self.lp.get('realm')
+ vgp_xml = '\\'.join([realm.lower(), 'Policies', gpo,
+ 'MACHINE\\VGP\\VTLA\\Unix',
+ 'Files\\manifest.xml'])
+ try:
+ xml_data = ET.fromstring(conn.loadfile(vgp_xml))
+ except NTSTATUSError as e:
+ # STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_NOT_FOUND,
+ # STATUS_OBJECT_PATH_NOT_FOUND
+ if e.args[0] in [0xC0000033, 0xC0000034, 0xC000003A]:
+ return # The file doesn't exist, so there is nothing to list
+ if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ raise
+
+ policy = xml_data.find('policysetting')
+ data = policy.find('data')
+ for entry in data.findall('file_properties'):
+ source = entry.find('source').text
+ target = entry.find('target').text
+ user = entry.find('user').text
+ group = entry.find('group').text
+ mode = calc_mode(entry)
+ p = '%s\t%s\t%s\t%s -> %s' % \
+ (stat_from_mode(mode), user, group, target, source)
+ self.outf.write('%s\n' % p)
+
+class cmd_add_files(Command):
+ """Add VGP Files Group Policy to the sysvol
+
+This command adds files which will be copied from the sysvol and applied to winbind clients.
+
+Example:
+samba-tool gpo manage files add {31B2F340-016D-11D2-945F-00C04FB984F9} ./source.txt /usr/share/doc/target.txt root root 600
+ """
+
+ synopsis = "%prog <gpo> <source> <target> <user> <group> <mode> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+ metavar="URL", dest="H"),
+ ]
+
+ takes_args = ["gpo", "source", "target", "user", "group", "mode"]
+
+ def run(self, gpo, source, target, user, group, mode, H=None,
+ sambaopts=None, credopts=None, versionopts=None):
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+ if not os.path.exists(source):
+ raise CommandError("Source '%s' does not exist" % source)
+
+ # We need to know writable DC to setup SMB connection
+ if H and H.startswith('ldap://'):
+ dc_hostname = H[7:]
+ self.url = H
+ else:
+ dc_hostname = netcmd_finddc(self.lp, self.creds)
+ self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+ # SMB connect to DC
+ conn = smb_connection(dc_hostname,
+ 'sysvol',
+ lp=self.lp,
+ creds=self.creds)
+
+ realm = self.lp.get('realm')
+ vgp_dir = '\\'.join([realm.lower(), 'Policies', gpo,
+ 'MACHINE\\VGP\\VTLA\\Unix\\Files'])
+ vgp_xml = '\\'.join([vgp_dir, 'manifest.xml'])
+ try:
+ xml_data = ET.ElementTree(ET.fromstring(conn.loadfile(vgp_xml)))
+ policy = xml_data.getroot().find('policysetting')
+ data = policy.find('data')
+ except NTSTATUSError as e:
+ # STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_NOT_FOUND,
+ # STATUS_OBJECT_PATH_NOT_FOUND
+ if e.args[0] in [0xC0000033, 0xC0000034, 0xC000003A]:
+ # The file doesn't exist, so create the xml structure
+ xml_data = ET.ElementTree(ET.Element('vgppolicy'))
+ policysetting = ET.SubElement(xml_data.getroot(),
+ 'policysetting')
+ pv = ET.SubElement(policysetting, 'version')
+ pv.text = '1'
+ name = ET.SubElement(policysetting, 'name')
+ name.text = 'Files'
+ description = ET.SubElement(policysetting, 'description')
+ description.text = 'Represents file data to set/copy on clients'
+ data = ET.SubElement(policysetting, 'data')
+ elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ else:
+ raise
+
+ file_properties = ET.SubElement(data, 'file_properties')
+ source_elm = ET.SubElement(file_properties, 'source')
+ source_elm.text = os.path.basename(source)
+ target_elm = ET.SubElement(file_properties, 'target')
+ target_elm.text = target
+ user_elm = ET.SubElement(file_properties, 'user')
+ user_elm.text = user
+ group_elm = ET.SubElement(file_properties, 'group')
+ group_elm.text = group
+ for ptype, shift in [('user', 6), ('group', 3), ('other', 0)]:
+ permissions = ET.SubElement(file_properties, 'permissions')
+ permissions.set('type', ptype)
+ if int(mode, 8) & (0o4 << shift):
+ ET.SubElement(permissions, 'read')
+ if int(mode, 8) & (0o2 << shift):
+ ET.SubElement(permissions, 'write')
+ if int(mode, 8) & (0o1 << shift):
+ ET.SubElement(permissions, 'execute')
+
+ out = BytesIO()
+ xml_data.write(out, encoding='UTF-8', xml_declaration=True)
+ out.seek(0)
+ source_data = open(source, 'rb').read()
+ sysvol_source = '\\'.join([vgp_dir, os.path.basename(source)])
+ try:
+ create_directory_hier(conn, vgp_dir)
+ conn.savefile(vgp_xml, out.read())
+ conn.savefile(sysvol_source, source_data)
+ except NTSTATUSError as e:
+ if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ raise
+
+class cmd_remove_files(Command):
+ """Remove VGP Files Group Policy from the sysvol
+
+This command removes files which would be copied from the sysvol and applied to winbind clients.
+
+Example:
+samba-tool gpo manage files remove {31B2F340-016D-11D2-945F-00C04FB984F9} /usr/share/doc/target.txt
+ """
+
+ synopsis = "%prog <gpo> <target> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+ metavar="URL", dest="H"),
+ ]
+
+ takes_args = ["gpo", "target"]
+
+ def run(self, gpo, target, H=None, sambaopts=None, credopts=None,
+ versionopts=None):
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+ # We need to know writable DC to setup SMB connection
+ if H and H.startswith('ldap://'):
+ dc_hostname = H[7:]
+ self.url = H
+ else:
+ dc_hostname = netcmd_finddc(self.lp, self.creds)
+ self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+ # SMB connect to DC
+ conn = smb_connection(dc_hostname,
+ 'sysvol',
+ lp=self.lp,
+ creds=self.creds)
+
+ realm = self.lp.get('realm')
+ vgp_dir = '\\'.join([realm.lower(), 'Policies', gpo,
+ 'MACHINE\\VGP\\VTLA\\Unix\\Files'])
+ vgp_xml = '\\'.join([vgp_dir, 'manifest.xml'])
+ try:
+ xml_data = ET.ElementTree(ET.fromstring(conn.loadfile(vgp_xml)))
+ policy = xml_data.getroot().find('policysetting')
+ data = policy.find('data')
+ except NTSTATUSError as e:
+ # STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_NOT_FOUND,
+ # STATUS_OBJECT_PATH_NOT_FOUND
+ if e.args[0] in [0xC0000033, 0xC0000034, 0xC000003A]:
+ raise CommandError("Cannot remove file '%s' "
+ "because it does not exist" % target)
+ elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ else:
+ raise
+
+ for file_properties in data.findall('file_properties'):
+ source_elm = file_properties.find('source')
+ target_elm = file_properties.find('target')
+ if target_elm.text == target:
+ source = '\\'.join([vgp_dir, source_elm.text])
+ conn.unlink(source)
+ data.remove(file_properties)
+ break
+ else:
+ raise CommandError("Cannot remove file '%s' "
+ "because it does not exist" % target)
+
+
+ out = BytesIO()
+ xml_data.write(out, encoding='UTF-8', xml_declaration=True)
+ out.seek(0)
+ try:
+ create_directory_hier(conn, vgp_dir)
+ conn.savefile(vgp_xml, out.read())
+ except NTSTATUSError as e:
+ if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ raise
+
+class cmd_files(SuperCommand):
+ """Manage Files Group Policy Objects"""
+ subcommands = {}
+ subcommands["list"] = cmd_list_files()
+ subcommands["add"] = cmd_add_files()
+ subcommands["remove"] = cmd_remove_files()
+
class cmd_manage(SuperCommand):
"""Manage Group Policy Objects"""
subcommands = {}
@@ -2495,6 +2770,7 @@ class cmd_manage(SuperCommand):
subcommands["security"] = cmd_security()
subcommands["smb_conf"] = cmd_smb_conf()
subcommands["symlink"] = cmd_symlink()
+ subcommands["files"] = cmd_files()
class cmd_gpo(SuperCommand):
"""Group Policy Object (GPO) management."""
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index de9ee70344d..a3fdc920907 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import os
+import os, grp, pwd
import errno
from samba import gpo, tests
from samba.gpclass import register_gp_extension, list_gp_extensions, \
@@ -31,6 +31,7 @@ from samba.vgp_sudoers_ext import vgp_sudoers_ext
from samba.vgp_symlink_ext import vgp_symlink_ext
from samba.gpclass import gp_inf_ext
from samba.gp_smb_conf_ext import gp_smb_conf_ext
+from samba.vgp_files_ext import vgp_files_ext
import logging
from samba.credentials import Credentials
from samba.gp_msgs_ext import gp_msgs_ext
@@ -945,3 +946,91 @@ class GPOTests(tests.TestCase):
# Unstage the manifest.xml file
unstage_file(manifest)
+
+ def test_vgp_files(self):
+ local_path = self.lp.cache_path('gpo_cache')
+ guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
+ manifest = os.path.join(local_path, policies, guid, 'MACHINE',
+ 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
+ source_file = os.path.join(os.path.dirname(manifest), 'TEST.SOURCE')
+ source_data = '#!/bin/sh\necho hello world'
+ ret = stage_file(source_file, source_data)
+ self.assertTrue(ret, 'Could not create the target %s' % source_file)
+ logger = logging.getLogger('gpo_tests')
+ cache_dir = self.lp.get('cache directory')
+ store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
+
+ machine_creds = Credentials()
+ machine_creds.guess(self.lp)
+ machine_creds.set_machine_account()
+
+ # Initialize the group policy extension
+ ext = vgp_files_ext(logger, self.lp, machine_creds, store)
+
+ ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
+ if ads.connect():
+ gpos = ads.get_gpo_list(machine_creds.get_username())
+
+ # Stage the manifest.xml file with test data
+ with TemporaryDirectory() as dname:
+ stage = etree.Element('vgppolicy')
+ policysetting = etree.Element('policysetting')
+ stage.append(policysetting)
+ version = etree.Element('version')
+ version.text = '1'
+ policysetting.append(version)
+ data = etree.Element('data')
+ file_properties = etree.SubElement(data, 'file_properties')
+ source = etree.SubElement(file_properties, 'source')
+ source.text = os.path.basename(source_file).lower()
+ target = etree.SubElement(file_properties, 'target')
+ target.text = os.path.join(dname, 'test.target')
+ user = etree.SubElement(file_properties, 'user')
+ user.text = pwd.getpwuid(os.getuid()).pw_name
+ group = etree.SubElement(file_properties, 'group')
+ group.text = grp.getgrgid(os.getgid()).gr_name
+ # Request permissions of 755
+ permissions = etree.SubElement(file_properties, 'permissions')
+ permissions.set('type', 'user')
+ etree.SubElement(permissions, 'read')
+ etree.SubElement(permissions, 'write')
+ etree.SubElement(permissions, 'execute')
+ permissions = etree.SubElement(file_properties, 'permissions')
+ permissions.set('type', 'group')
+ etree.SubElement(permissions, 'read')
+ etree.SubElement(permissions, 'execute')
+ permissions = etree.SubElement(file_properties, 'permissions')
+ permissions.set('type', 'other')
+ etree.SubElement(permissions, 'read')
+ etree.SubElement(permissions, 'execute')
+ policysetting.append(data)
+ ret = stage_file(manifest, etree.tostring(stage))
+ self.assertTrue(ret, 'Could not create the target %s' % manifest)
+
+ # Process all gpos, with temp output directory
+ ext.process_group_policy([], gpos)
+ self.assertTrue(os.path.exists(target.text),
+ 'The target file does not exist')
+ self.assertEquals(os.stat(target.text).st_mode & 0o777, 0o755,
+ 'The target file permissions are incorrect')
+ self.assertEquals(open(target.text).read(), source_data,
+ 'The target file contents are incorrect')
+
+ # Remove policy
+ gp_db = store.get_gplog(machine_creds.get_username())
+ del_gpos = get_deleted_gpos_list(gp_db, [])
+ ext.process_group_policy(del_gpos, [])
+ self.assertFalse(os.path.exists(target.text),
--
Samba Shared Repository
More information about the samba-cvs
mailing list