def policy_clear():
# Make sure policy is not set to begin with, unsets it after test
try:
computer_policy = {"Point and Print Restrictions": "Not Configured"}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="test_state", computer_policy=computer_policy)
yield
finally:
computer_policy = {"Point and Print Restrictions": "Not Configured"}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="test_state", computer_policy=computer_policy)
def _test_adv_auditing(setting, expected):
"""
Helper function to set an audit setting and assert that it was successful
"""
win_lgpo_state.set_(name="Audit User Account Management",
setting=setting,
policy_class="machine")
# Clear the context so we're getting the actual settings from the machine
result = win_lgpo_module._get_advaudit_value(
"Audit User Account Management", refresh=True)
assert result == expected
def _test_auditing(setting):
"""
Helper function to set an audit setting and assert that it was successful
"""
computer_policy = {"Audit Account Management": setting}
win_lgpo_state.set_(name="junk", computer_policy=computer_policy)
# Clear the context so we're getting the actual settings from the machine
win_lgpo_module._get_secedit_data(refresh=True)
result = win_lgpo_module.get_policy(policy_name="Audit Account Management",
policy_class="machine")
assert result == setting
def test_cumulative_rights_assignments(stage_single):
expected = ["BUILTIN\\Administrators", "BUILTIN\\Backup Operators"]
win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["BUILTIN\\Backup Operators"],
policy_class="machine",
cumulative_rights_assignments=True,
)
result = win_lgpo_module.get_policy(
policy_name="SeTakeOwnershipPrivilege", policy_class="machine",
)
assert sorted(result) == sorted(expected)
def test_non_cumulative_rights_assignments_resolve_name(stage_multiple):
expected = ["BUILTIN\\Administrators"]
win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["Administrators"],
policy_class="machine",
cumulative_rights_assignments=False,
)
result = win_lgpo_module.get_policy(
policy_name="SeTakeOwnershipPrivilege", policy_class="machine",
)
assert sorted(result) == sorted(expected)
def test_old_element_naming_style(self):
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers":
True,
"Enter fully qualified server names separated by "
"semicolons":
"fakeserver1;fakeserver2",
"Users can only point and print to machines in their "
"forest":
True,
# Here's the old one
"Security Prompts: When installing drivers for a new connection":
"Show warning and elevation prompt",
"When updating drivers for an existing connection":
"Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state",
computer_policy=computer_policy)
expected = {
"changes": {},
"comment":
"The LGPO module changed the way it gets policy element names.\n"
'"Security Prompts: When installing drivers for a new connection" is no longer valid.\n'
'Please use "When installing drivers for a new connection" instead.\n'
"All specified policies are properly configured",
}
self.assertDictEqual(result["changes"], expected["changes"])
self.assertTrue(result["result"])
self.assertEqual(result["comment"], expected["comment"])
def test_current_element_naming_style(self):
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by "
"semicolons": "fakeserver1;fakeserver2",
"Users can only point and print to machines in their " "forest": True,
"When installing drivers for a new connection": "Show warning and elevation prompt",
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": False}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
result = win_lgpo._convert_to_unicode(result)
expected = {
"Point and Print Restrictions": {
"Enter fully qualified server names separated by "
"semicolons": "fakeserver1;fakeserver2",
"When installing drivers for a new connection": "Show warning and elevation prompt",
"Users can only point and print to machines in " "their forest": True,
"Users can only point and print to these servers": True,
"When updating drivers for an existing connection": "Show warning only",
}
}
self.assertDictEqual(
result["changes"]["new"]["Computer Configuration"], expected
)
def test_old_element_naming_style(self):
computer_policy = {
'Point and Print Restrictions': {
'Users can only point and print to these servers':
True,
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'Users can only point and print to machines in their '
'forest':
True,
# Here's the old one
'Security Prompts: When installing drivers for a new connection':
'Show warning and elevation prompt',
'When updating drivers for an existing connection':
'Show warning only',
}
}
with patch.dict(win_lgpo.__opts__, {'test': True}):
result = win_lgpo.set_(name='test_state',
computer_policy=computer_policy)
expected = {
'changes': {},
'comment':
'The LGPO module changed the way it gets policy element names.\n'
'"Security Prompts: When installing drivers for a new connection" is no longer valid.\n'
'Please use "When installing drivers for a new connection" instead.\n'
'All specified policies are properly configured'
}
self.assertDictEqual(result['changes'], expected['changes'])
self.assertTrue(result['result'])
self.assertEqual(result['comment'], expected['comment'])
def setUp(self):
if not self.configured:
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by "
"semicolons": "fakeserver1;fakeserver2",
"Users can only point and print to machines in their "
"forest": True,
"When installing drivers for a new connection": "Show warning and elevation prompt",
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="nc_state", computer_policy=computer_policy)
self.configured = True
def test_current_element_naming_style(self):
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers":
True,
"Enter fully qualified server names separated by "
"semicolons":
"fakeserver1;fakeserver2",
"Users can only point and print to machines in their "
"forest":
True,
"When installing drivers for a new connection":
"Show warning and elevation prompt",
"When updating drivers for an existing connection":
"Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state",
computer_policy=computer_policy)
expected = {
"changes": {},
"comment": "All specified policies are properly configured",
}
self.assertDictEqual(result["changes"], expected["changes"])
self.assertTrue(result["result"])
self.assertEqual(result["comment"], expected["comment"])
def test_current_element_naming_style(policy_clear):
"""
Ensure that current naming style works properly.
"""
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by semicolons": (
"fakeserver1;fakeserver2"
),
"Users can only point and print to machines in their forest": True,
"When installing drivers for a new connection": (
"Show warning and elevation prompt"
),
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": False}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
result = win_lgpo._convert_to_unicode(result)
expected = {
"Point and Print Restrictions": {
"Enter fully qualified server names separated by semicolons": (
"fakeserver1;fakeserver2"
),
"When installing drivers for a new connection": (
"Show warning and elevation prompt"
),
"Users can only point and print to machines in their forest": True,
"Users can only point and print to these servers": True,
"When updating drivers for an existing connection": "Show warning only",
}
}
assert result["changes"]["new"]["Computer Configuration"] == expected
def test_current_element_naming_style(self):
computer_policy = {
'Point and Print Restrictions': {
'Users can only point and print to these servers':
True,
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'Users can only point and print to machines in their '
'forest':
True,
'When installing drivers for a new connection':
'Show warning and elevation prompt',
'When updating drivers for an existing connection':
'Show warning only',
}
}
with patch.dict(win_lgpo.__opts__, {'test': True}):
result = win_lgpo.set_(name='test_state',
computer_policy=computer_policy)
expected = {
'changes': {},
'comment': 'All specified policies are properly configured'
}
self.assertDictEqual(result['changes'], expected['changes'])
self.assertTrue(result['result'])
self.assertEqual(result['comment'], expected['comment'])
def test_current_element_naming_style_true(policy_set):
"""
Test current naming style with test=True
"""
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by semicolons": (
"fakeserver1;fakeserver2"
),
"Users can only point and print to machines in their forest": True,
"When installing drivers for a new connection": (
"Show warning and elevation prompt"
),
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
expected = {
"changes": {},
"comment": "All specified policies are properly configured",
}
assert result["changes"] == expected["changes"]
assert result["result"]
assert result["comment"] == expected["comment"]
def test_old_element_naming_style_true(policy_set):
"""
Test old naming style with test=True. Should not make changes but return a
warning
"""
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by semicolons": (
"fakeserver1;fakeserver2"
),
"Users can only point and print to machines in their forest": True,
# Here's the old one
"Security Prompts: When installing drivers for a new connection": (
"Show warning and elevation prompt"
),
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
expected = {
"changes": {},
"comment": (
"The LGPO module changed the way it gets policy element names.\n"
'"Security Prompts: When installing drivers for a new connection" is no longer valid.\n'
'Please use "When installing drivers for a new connection" instead.'
),
}
assert result["changes"] == expected["changes"]
assert not result["result"]
assert result["comment"] == expected["comment"]
def setUp(self):
if not self.configured:
computer_policy = {
'Point and Print Restrictions': {
'Users can only point and print to these servers':
True,
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'Users can only point and print to machines in their '
'forest':
True,
'When installing drivers for a new connection':
'Show warning and elevation prompt',
'When updating drivers for an existing connection':
'Show warning only',
}}
with patch.dict(win_lgpo.__opts__, {'test': False}):
win_lgpo.set_(name='nc_state', computer_policy=computer_policy)
self.configured = True
def policy_set():
# Make sure policy is set to begin with, unsets it after test
try:
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers": True,
"Enter fully qualified server names separated by "
"semicolons": "fakeserver1;fakeserver2",
"Users can only point and print to machines in their forest": True,
"When installing drivers for a new connection": "Show warning and elevation prompt",
"When updating drivers for an existing connection": "Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="test_state", computer_policy=computer_policy)
yield
finally:
computer_policy = {"Point and Print Restrictions": "Not Configured"}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="test_state", computer_policy=computer_policy)
def test_cumulative_rights_assignments_exists(stage_multiple):
expected = {
"name": "SeTakeOwnershipPrivilege",
"result": True,
"changes": {},
"comment": "All specified policies are properly configured",
}
result = win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["BUILTIN\\Backup Operators"],
policy_class="machine",
cumulative_rights_assignments=True,
)
assert result == expected
def test_non_cumulative_rights_assignments_resolve_name_exists(stage_single):
expected = {
"name": "SeTakeOwnershipPrivilege",
"result": True,
"changes": {},
"comment": "All specified policies are properly configured",
}
result = win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["Administrators"],
policy_class="machine",
cumulative_rights_assignments=False,
)
assert result == expected
def test_cumulative_rights_assignments_resolve_name_exists_test_true(stage_multiple):
expected = {
"name": "SeTakeOwnershipPrivilege",
"result": True,
"changes": {},
"comment": "All specified policies are properly configured",
}
with patch.dict(win_lgpo_state.__opts__, {"test": True}):
result = win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["Backup Operators"],
policy_class="machine",
cumulative_rights_assignments=True,
)
assert result == expected
def test_old_element_naming_style(self):
computer_policy = {
'Point and Print Restrictions': {
'Users can only point and print to these servers':
True,
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'Users can only point and print to machines in their '
'forest':
True,
# Here's the old one
'Security Prompts: When installing drivers for a new connection':
'Show warning and elevation prompt',
'When updating drivers for an existing connection':
'Show warning only',
}
}
with patch.dict(win_lgpo.__opts__, {'test': False}):
result = win_lgpo.set_(name='test_state',
computer_policy=computer_policy)
if six.PY2:
result = win_lgpo._convert_to_unicode(result)
expected = {
'Point and Print Restrictions': {
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'When installing drivers for a new connection':
'Show warning and elevation prompt',
'Users can only point and print to machines in '
'their forest':
True,
'Users can only point and print to these servers':
True,
'When updating drivers for an existing connection':
'Show warning only'
}
}
self.assertDictEqual(
result['changes']['new']['Computer Configuration'], expected)
expected = 'The LGPO module changed the way it gets policy element names.\n' \
'"Security Prompts: When installing drivers for a new connection" is no longer valid.\n' \
'Please use "When installing drivers for a new connection" instead.\n' \
'The following policies changed:\n' \
'Point and Print Restrictions'
self.assertEqual(result['comment'], expected)
def test_non_cumulative_rights_assignments_resolve_name_test_true(stage_multiple):
expected = {
"name": "SeTakeOwnershipPrivilege",
"result": None,
"changes": {},
"comment": "The following policies are set to change:\n"
"SeTakeOwnershipPrivilege",
}
with patch.dict(win_lgpo_state.__opts__, {"test": True}):
result = win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["Administrators"],
policy_class="machine",
cumulative_rights_assignments=False,
)
assert result == expected
def test_cumulative_rights_assignments_test_true(stage_single):
expected = {
"name": "SeTakeOwnershipPrivilege",
"result": None,
"changes": {},
"comment": "The following policies are set to change:\n"
"SeTakeOwnershipPrivilege",
}
with patch.dict(win_lgpo_state.__opts__, {"test": True}):
result = win_lgpo_state.set_(
name="SeTakeOwnershipPrivilege",
setting=["BUILTIN\\Backup Operators"],
policy_class="machine",
cumulative_rights_assignments=True,
)
assert result == expected
def test_old_element_naming_style(policy_clear):
"""
Ensure that the old naming style is converted to new and a warning is
returned
"""
computer_policy = {
"Point and Print Restrictions": {
"Users can only point and print to these servers":
True,
"Enter fully qualified server names separated by semicolons":
("fakeserver1;fakeserver2"),
"Users can only point and print to machines in their forest":
True,
# Here's the old one
"Security Prompts: When installing drivers for a new connection":
("Show warning and elevation prompt"),
"When updating drivers for an existing connection":
"Show warning only",
}
}
with patch.dict(win_lgpo.__opts__, {"test": False}):
result = win_lgpo.set_(name="test_state",
computer_policy=computer_policy)
expected = {
"Point and Print Restrictions": {
"Enter fully qualified server names separated by semicolons":
("fakeserver1;fakeserver2"),
"When installing drivers for a new connection":
("Show warning and elevation prompt"),
"Users can only point and print to machines in their forest":
True,
"Users can only point and print to these servers":
True,
"When updating drivers for an existing connection":
"Show warning only",
}
}
assert result["changes"]["new"]["Computer Configuration"] == expected
expected = (
'The LGPO module changed the way it gets policy element names.\n"Security'
' Prompts: When installing drivers for a new connection" is no longer'
' valid.\nPlease use "When installing drivers for a new connection"'
" instead.\nThe following policies changed:\nPoint and Print Restrictions"
)
assert result["comment"] == expected
def test_invalid_elements(self):
computer_policy = {
'Point and Print Restrictions': {
'Invalid element spongebob': True,
'Invalid element squidward': False}}
with patch.dict(win_lgpo.__opts__, {'test': True}):
result = win_lgpo.set_(name='test_state',
computer_policy=computer_policy)
expected = {
'changes': {},
'comment': 'Invalid element name: Invalid element squidward\n'
'Invalid element name: Invalid element spongebob',
'name': 'test_state',
'result': False}
self.assertDictEqual(result['changes'], expected['changes'])
self.assertIn('Invalid element squidward', result['comment'])
self.assertIn('Invalid element spongebob', result['comment'])
self.assertFalse(expected['result'])
def test_invalid_elements(self):
computer_policy = {
"Point and Print Restrictions": {
"Invalid element spongebob": True,
"Invalid element squidward": False,
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
expected = {
"changes": {},
"comment": "Invalid element name: Invalid element squidward\n"
"Invalid element name: Invalid element spongebob",
"name": "test_state",
"result": False,
}
self.assertDictEqual(result["changes"], expected["changes"])
self.assertIn("Invalid element squidward", result["comment"])
self.assertIn("Invalid element spongebob", result["comment"])
self.assertFalse(expected["result"])
def test_invalid_elements_true():
computer_policy = {
"Point and Print Restrictions": {
"Invalid element spongebob": True,
"Invalid element squidward": False,
}
}
with patch.dict(win_lgpo.__opts__, {"test": True}):
result = win_lgpo.set_(name="test_state", computer_policy=computer_policy)
expected = {
"changes": {},
"comment": "Invalid element name: Invalid element squidward\n"
"Invalid element name: Invalid element spongebob",
"name": "test_state",
"result": False,
}
assert result["changes"] == expected["changes"]
assert "Invalid element squidward" in result["comment"]
assert "Invalid element spongebob" in result["comment"]
assert not expected["result"]
def test_current_element_naming_style(self):
computer_policy = {
'Point and Print Restrictions': {
'Users can only point and print to these servers':
True,
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'Users can only point and print to machines in their '
'forest':
True,
'When installing drivers for a new connection':
'Show warning and elevation prompt',
'When updating drivers for an existing connection':
'Show warning only',
}
}
with patch.dict(win_lgpo.__opts__, {'test': False}):
result = win_lgpo.set_(name='test_state',
computer_policy=computer_policy)
result = win_lgpo._convert_to_unicode(result)
expected = {
'Point and Print Restrictions': {
'Enter fully qualified server names separated by '
'semicolons':
'fakeserver1;fakeserver2',
'When installing drivers for a new connection':
'Show warning and elevation prompt',
'Users can only point and print to machines in '
'their forest':
True,
'Users can only point and print to these servers':
True,
'When updating drivers for an existing connection':
'Show warning only'
}
}
self.assertDictEqual(
result['changes']['new']['Computer Configuration'], expected)
def setUp(self):
computer_policy = {'Point and Print Restrictions': 'Not Configured'}
with patch.dict(win_lgpo.__opts__, {'test': False}):
win_lgpo.set_(name='nc_state', computer_policy=computer_policy)
def setUp(self):
computer_policy = {"Point and Print Restrictions": "Not Configured"}
with patch.dict(win_lgpo.__opts__, {"test": False}):
win_lgpo.set_(name="nc_state", computer_policy=computer_policy)
