nee2c
/
salt
kopia lustrzana https://github.com/nee2c/salt.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584
							# -*- coding: utf-8 -*-

# Import Python Libs
from __future__ import absolute_import, print_function, unicode_literals

# Import Salt Libs
import salt.utils.platform
import salt.utils.win_lgpo_netsh as win_lgpo_netsh
from salt.exceptions import CommandExecutionError

# Import Salt Testing Libs
from tests.support.helpers import destructiveTest
from tests.support.mock import patch
from tests.support.unit import TestCase, skipIf


@skipIf(not salt.utils.platform.is_windows(), "System is not Windows")
class WinLgpoNetshTestCase(TestCase):
    def test_get_settings_firewallpolicy_local(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="local"
        )
        self.assertIn("Inbound", ret)
        self.assertIn("Outbound", ret)

    def test_get_settings_firewallpolicy_lgpo(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="lgpo"
        )
        self.assertIn("Inbound", ret)
        self.assertIn("Outbound", ret)

    def test_get_settings_firewallpolicy_lgpo_issue_57591(self):
        """
        Should not stacktrace when the hostname contains unicode characters
        """
        with patch.object(win_lgpo_netsh, "__hostname__", return_value="kомпьютер"):
            ret = win_lgpo_netsh.get_settings(
                profile="domain", section="firewallpolicy", store="lgpo"
            )
        self.assertIn("Inbound", ret)
        self.assertIn("Outbound", ret)

    def test_get_settings_logging_local(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )
        self.assertIn("FileName", ret)
        self.assertIn("LogAllowedConnections", ret)
        self.assertIn("LogDroppedConnections", ret)
        self.assertIn("MaxFileSize", ret)

    def test_get_settings_logging_lgpo(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="lgpo"
        )
        self.assertIn("FileName", ret)
        self.assertIn("LogAllowedConnections", ret)
        self.assertIn("LogDroppedConnections", ret)
        self.assertIn("MaxFileSize", ret)

    def test_get_settings_settings_local(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="local"
        )
        self.assertIn("InboundUserNotification", ret)
        self.assertIn("LocalConSecRules", ret)
        self.assertIn("LocalFirewallRules", ret)
        self.assertIn("RemoteManagement", ret)
        self.assertIn("UnicastResponseToMulticast", ret)

    def test_get_settings_settings_lgpo(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="lgpo"
        )
        self.assertIn("InboundUserNotification", ret)
        self.assertIn("LocalConSecRules", ret)
        self.assertIn("LocalFirewallRules", ret)
        self.assertIn("RemoteManagement", ret)
        self.assertIn("UnicastResponseToMulticast", ret)

    def test_get_settings_state_local(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="state", store="local"
        )
        self.assertIn("State", ret)

    def test_get_settings_state_lgpo(self):
        ret = win_lgpo_netsh.get_settings(
            profile="domain", section="state", store="lgpo"
        )
        self.assertIn("State", ret)

    def test_get_all_settings_local(self):
        ret = win_lgpo_netsh.get_all_settings(profile="domain", store="local")

        self.assertIn("Inbound", ret)
        self.assertIn("Outbound", ret)
        self.assertIn("FileName", ret)
        self.assertIn("LogAllowedConnections", ret)
        self.assertIn("LogDroppedConnections", ret)
        self.assertIn("MaxFileSize", ret)
        self.assertIn("InboundUserNotification", ret)
        self.assertIn("LocalConSecRules", ret)
        self.assertIn("LocalFirewallRules", ret)
        self.assertIn("RemoteManagement", ret)
        self.assertIn("UnicastResponseToMulticast", ret)
        self.assertIn("State", ret)

    def test_get_all_settings_lgpo(self):
        ret = win_lgpo_netsh.get_all_settings(profile="domain", store="local")

        self.assertIn("Inbound", ret)
        self.assertIn("Outbound", ret)
        self.assertIn("FileName", ret)
        self.assertIn("LogAllowedConnections", ret)
        self.assertIn("LogDroppedConnections", ret)
        self.assertIn("MaxFileSize", ret)
        self.assertIn("InboundUserNotification", ret)
        self.assertIn("LocalConSecRules", ret)
        self.assertIn("LocalFirewallRules", ret)
        self.assertIn("RemoteManagement", ret)
        self.assertIn("UnicastResponseToMulticast", ret)
        self.assertIn("State", ret)

    def test_get_all_profiles_local(self):
        ret = win_lgpo_netsh.get_all_profiles(store="local")
        self.assertIn("Domain Profile", ret)
        self.assertIn("Private Profile", ret)
        self.assertIn("Public Profile", ret)

    def test_get_all_profiles_lgpo(self):
        ret = win_lgpo_netsh.get_all_profiles(store="lgpo")
        self.assertIn("Domain Profile", ret)
        self.assertIn("Private Profile", ret)
        self.assertIn("Public Profile", ret)

    @destructiveTest
    def test_set_firewall_settings_inbound_local(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="local"
        )["Inbound"]
        try:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", inbound="allowinbound", store="local"
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="firewallpolicy", store="local"
            )["Inbound"]
            self.assertEqual("AllowInbound", new)
        finally:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", inbound=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_inbound_local_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="local"
        )["Inbound"]
        try:
            self.assertRaises(
                CommandExecutionError,
                win_lgpo_netsh.set_firewall_settings,
                profile="domain",
                inbound="notconfigured",
                store="local",
            )
        finally:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", inbound=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_inbound_lgpo_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="lgpo"
        )["Inbound"]
        try:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", inbound="notconfigured", store="lgpo"
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="firewallpolicy", store="lgpo"
            )["Inbound"]
            self.assertEqual("NotConfigured", new)
        finally:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", inbound=current, store="lgpo"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_outbound_local(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="firewallpolicy", store="local"
        )["Outbound"]
        try:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", outbound="allowoutbound", store="local"
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="firewallpolicy", store="local"
            )["Outbound"]
            self.assertEqual("AllowOutbound", new)
        finally:
            ret = win_lgpo_netsh.set_firewall_settings(
                profile="domain", outbound=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_logging_allowed_local_enable(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )["LogAllowedConnections"]
        try:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="allowedconnections",
                value="enable",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="logging", store="local"
            )["LogAllowedConnections"]
            self.assertEqual("Enable", new)
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="allowedconnections",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_logging_allowed_local_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )["LogAllowedConnections"]
        try:
            self.assertRaises(
                CommandExecutionError,
                win_lgpo_netsh.set_logging_settings,
                profile="domain",
                setting="allowedconnections",
                value="notconfigured",
                store="local",
            )
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="allowedconnections",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_logging_allowed_lgpo_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="lgpo"
        )["LogAllowedConnections"]
        try:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="allowedconnections",
                value="notconfigured",
                store="lgpo",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="logging", store="lgpo"
            )["LogAllowedConnections"]
            self.assertEqual("NotConfigured", new)
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="allowedconnections",
                value=current,
                store="lgpo",
            )
            self.assertTrue(ret)

    def test_set_firewall_logging_dropped_local_enable(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )["LogDroppedConnections"]
        try:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="droppedconnections",
                value="enable",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="logging", store="local"
            )["LogDroppedConnections"]
            self.assertEqual("Enable", new)
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="droppedconnections",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    def test_set_firewall_logging_filename_local(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )["FileName"]
        try:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain",
                setting="filename",
                value="C:\\Temp\\test.log",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="logging", store="local"
            )["FileName"]
            self.assertEqual("C:\\Temp\\test.log", new)
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain", setting="filename", value=current, store="local"
            )
            self.assertTrue(ret)

    def test_set_firewall_logging_maxfilesize_local(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="logging", store="local"
        )["MaxFileSize"]
        try:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain", setting="maxfilesize", value="16384", store="local"
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="logging", store="local"
            )["MaxFileSize"]
            self.assertEqual("16384", new)
        finally:
            ret = win_lgpo_netsh.set_logging_settings(
                profile="domain", setting="maxfilesize", value=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_fwrules_local_enable(self):
        self.assertRaises(
            CommandExecutionError,
            win_lgpo_netsh.set_settings,
            profile="domain",
            setting="localfirewallrules",
            value="enable",
            store="local",
        )

    @destructiveTest
    def test_set_firewall_settings_fwrules_lgpo_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="lgpo"
        )["LocalFirewallRules"]
        try:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="localfirewallrules",
                value="notconfigured",
                store="lgpo",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="settings", store="lgpo"
            )["LocalFirewallRules"]
            self.assertEqual("NotConfigured", new)
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="localfirewallrules",
                value=current,
                store="lgpo",
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_consecrules_local_enable(self):
        self.assertRaises(
            CommandExecutionError,
            win_lgpo_netsh.set_settings,
            profile="domain",
            setting="localconsecrules",
            value="enable",
            store="local",
        )

    def test_set_firewall_settings_notification_local_enable(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="local"
        )["InboundUserNotification"]
        try:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="inboundusernotification",
                value="enable",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="settings", store="local"
            )["InboundUserNotification"]
            self.assertEqual("Enable", new)
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="inboundusernotification",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_settings_notification_local_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="local"
        )["InboundUserNotification"]
        try:
            self.assertRaises(
                CommandExecutionError,
                win_lgpo_netsh.set_settings,
                profile="domain",
                setting="inboundusernotification",
                value="notconfigured",
                store="local",
            )
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="inboundusernotification",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    def test_set_firewall_settings_notification_lgpo_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="lgpo"
        )["InboundUserNotification"]
        try:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="inboundusernotification",
                value="notconfigured",
                store="lgpo",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="settings", store="lgpo"
            )["InboundUserNotification"]
            self.assertEqual("NotConfigured", new)
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="inboundusernotification",
                value=current,
                store="lgpo",
            )
            self.assertTrue(ret)

    def test_set_firewall_settings_remotemgmt_local_enable(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="local"
        )["RemoteManagement"]
        try:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="remotemanagement",
                value="enable",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="settings", store="local"
            )["RemoteManagement"]
            self.assertEqual("Enable", new)
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="remotemanagement",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    def test_set_firewall_settings_unicast_local_disable(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="settings", store="local"
        )["UnicastResponseToMulticast"]
        try:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="unicastresponsetomulticast",
                value="disable",
                store="local",
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="settings", store="local"
            )["UnicastResponseToMulticast"]
            self.assertEqual("Disable", new)
        finally:
            ret = win_lgpo_netsh.set_settings(
                profile="domain",
                setting="unicastresponsetomulticast",
                value=current,
                store="local",
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_state_local_on(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="state", store="local"
        )["State"]
        try:
            ret = win_lgpo_netsh.set_state(profile="domain", state="off", store="local")
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="state", store="local"
            )["State"]
            self.assertEqual("OFF", new)
        finally:
            ret = win_lgpo_netsh.set_state(
                profile="domain", state=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_state_local_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="state", store="local"
        )["State"]
        try:
            self.assertRaises(
                CommandExecutionError,
                win_lgpo_netsh.set_state,
                profile="domain",
                state="notconfigured",
                store="local",
            )
        finally:
            ret = win_lgpo_netsh.set_state(
                profile="domain", state=current, store="local"
            )
            self.assertTrue(ret)

    @destructiveTest
    def test_set_firewall_state_lgpo_notconfigured(self):
        current = win_lgpo_netsh.get_settings(
            profile="domain", section="state", store="local"
        )["State"]
        try:
            ret = win_lgpo_netsh.set_state(
                profile="domain", state="notconfigured", store="lgpo"
            )
            self.assertTrue(ret)
            new = win_lgpo_netsh.get_settings(
                profile="domain", section="state", store="lgpo"
            )["State"]
            self.assertEqual("NotConfigured", new)
        finally:
            ret = win_lgpo_netsh.set_state(
                profile="domain", state=current, store="lgpo"
            )
            self.assertTrue(ret)