mirror of
https://github.com/saltstack/salt.git
synced 2025-04-17 10:10:20 +00:00
Merge pull request #51613 from twangboy/fix_51566
Handle explicit lists properly
This commit is contained in:
Daniel Wozniak
GitHub
commit
7ed5189a48
2 changed files with 49 additions and 20 deletions
|
|
@ -5605,7 +5605,7 @@ def _getDataFromRegPolData(search_string, policy_data, return_value_name=False):
|
|||
)
|
||||
].split(encoded_semicolon)
|
||||
if len(pol_entry) >= 2:
|
||||
valueName = pol_entry[1]
|
||||
valueName = pol_entry[1].decode('utf-16-le').rstrip(chr(0))
|
||||
if len(pol_entry) >= 5:
|
||||
value = pol_entry[4]
|
||||
if vtype == 'REG_DWORD' or vtype == 'REG_QWORD':
|
||||
|
|
@ -5923,18 +5923,18 @@ def _processValueItem(element, reg_key, reg_valuename, policy, parent_element,
|
|||
']'.encode('utf-16-le')])
|
||||
if 'expandable' in element.attrib:
|
||||
this_vtype = 'REG_EXPAND_SZ'
|
||||
if 'explicitValue' in element.attrib and element.attrib['explicitValue'].lower() == 'true':
|
||||
if element.attrib.get('explicitValue', 'false').lower() == 'true':
|
||||
if this_element_value is not None:
|
||||
element_valuenames = this_element_value.keys()
|
||||
element_values = this_element_value.values()
|
||||
if 'valuePrefix' in element.attrib:
|
||||
element_valuenames = [str(k) for k in this_element_value.keys()]
|
||||
element_values = [str(v) for v in this_element_value.values()]
|
||||
elif 'valuePrefix' in element.attrib:
|
||||
# if the valuePrefix attribute exists, the valuenames are <prefix><number>
|
||||
# most prefixes attributes are empty in the admx files, so the valuenames
|
||||
# end up being just numbers
|
||||
if element.attrib['valuePrefix'] != '':
|
||||
if this_element_value is not None:
|
||||
element_valuenames = ['{0}{1}'.format(element.attrib['valuePrefix'],
|
||||
k) for k in element_valuenames]
|
||||
element_valuenames = ['{0}{1}'.format(
|
||||
element.attrib['valuePrefix'], k) for k in element_valuenames]
|
||||
else:
|
||||
# if there is no valuePrefix attribute, the valuename is the value
|
||||
if element_values is not None:
|
||||
|
|
|
|||
|
|
@ -123,25 +123,25 @@ class WinLgpoTest(ModuleCase):
|
|||
ret = self.run_function('lgpo.set_computer_policy',
|
||||
(policy_name, policy_config))
|
||||
log.debug('lgpo set_computer_policy ret == %s', ret)
|
||||
cmd = ['lgpo.exe',
|
||||
'/parse',
|
||||
'/m',
|
||||
r'c:\Windows\System32\GroupPolicy\Machine\Registry.pol']
|
||||
if assert_true:
|
||||
self.assertTrue(ret)
|
||||
lgpo_output = self.run_function(
|
||||
'cmd.run',
|
||||
(),
|
||||
cmd='lgpo.exe /parse /m c:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol')
|
||||
lgpo_output = self.run_function('cmd.run', (), cmd=' '.join(cmd))
|
||||
# validate that the lgpo output doesn't say the format is invalid
|
||||
self.assertIsNone(
|
||||
re.search(
|
||||
r'Invalid file format\.',
|
||||
lgpo_output,
|
||||
re.IGNORECASE), 'Failed validating Registry.pol file format')
|
||||
re.search(r'Invalid file format\.', lgpo_output, re.IGNORECASE),
|
||||
msg='Failed validating Registry.pol file format')
|
||||
# validate that the regexes we expect are in the output
|
||||
for expected_regex in expected_regexes:
|
||||
match = re.search(
|
||||
expected_regex,
|
||||
lgpo_output,
|
||||
re.IGNORECASE)
|
||||
self.assertIsNotNone(match, 'Failed validating policy "{0}" configuration, regex "{1}" not found in lgpo output'.format(policy_name, expected_regex))
|
||||
match = re.search(expected_regex, lgpo_output, re.IGNORECASE)
|
||||
self.assertIsNotNone(
|
||||
match,
|
||||
msg='Failed validating policy "{0}" configuration, regex '
|
||||
'"{1}" not found in lgpo output:\n{2}'
|
||||
''.format(policy_name, expected_regex, lgpo_output))
|
||||
else:
|
||||
# expecting it to fail
|
||||
self.assertNotEqual(ret, True)
|
||||
|
|
@ -255,6 +255,35 @@ class WinLgpoTest(ModuleCase):
|
|||
'Not Configured',
|
||||
[r'; Source file: c:\\windows\\system32\\grouppolicy\\machine\\registry.pol[\s]*; PARSING COMPLETED.'])
|
||||
|
||||
@destructiveTest
|
||||
def test_set_computer_policy_Pol_HardenedPaths(self):
|
||||
# Disable Pol_HardenedPaths
|
||||
log.debug('Attempting to disable Pol_HardenedPaths')
|
||||
self._testComputerAdmxPolicy(
|
||||
'Pol_HardenedPaths',
|
||||
'Disabled',
|
||||
[r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\*[\s]*DELETEALLVALUES'])
|
||||
# Configure Pol_HardenedPaths
|
||||
log.debug('Attempting to configure Pol_HardenedPaths')
|
||||
self._testComputerAdmxPolicy(
|
||||
'Pol_HardenedPaths',
|
||||
{
|
||||
'Hardened UNC Paths': {
|
||||
r'\\*\NETLOGON': 'RequireMutualAuthentication=1, RequireIntegrity=1',
|
||||
r'\\*\SYSVOL': 'RequireMutualAuthentication=1, RequireIntegrity=1'
|
||||
}
|
||||
},
|
||||
[
|
||||
r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\\\\\*\\NETLOGON[\s]*SZ:RequireMutualAuthentication=1, RequireIntegrity=1[\s]*',
|
||||
r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\\\\\*\\SYSVOL[\s]*SZ:RequireMutualAuthentication=1, RequireIntegrity=1[\s]*',
|
||||
])
|
||||
# Not Configure Pol_HardenedPaths
|
||||
log.debug('Attempting to set Pol_HardenedPaths to Not Configured')
|
||||
self._testComputerAdmxPolicy(
|
||||
'Pol_HardenedPaths',
|
||||
'Not Configured',
|
||||
[r'; Source file: c:\\windows\\system32\\grouppolicy\\machine\\registry.pol[\s]*; PARSING COMPLETED.'])
|
||||
|
||||
@destructiveTest
|
||||
def test_set_computer_policy_WindowsUpdate(self):
|
||||
'''
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue