Add integration tests and refresh golden files

cmd/adsysd/integration_tests/adsys_test.go

@@ -196,8 +196,9 @@ client_timeout: %d`, socket, tc.timeout)), 0600)
 type confOption func(*confOptions)
 
 type confOptions struct {
-	adsysDir string
-	backend  string
+	adsysDir           string
+	backend            string
+	detectCachedTicket bool
 }
 
 func confWithAdsysDir(adsysDir string) confOption {
@@ -212,6 +213,12 @@ func confWithBackend(backend string) confOption {
 	}
 }
 
+func confDetectCachedTicket(detectCachedTicket bool) confOption {
+	return func(o *confOptions) {
+		o.detectCachedTicket = detectCachedTicket
+	}
+}
+
 // createConf generates an adsys configuration in a temporary directory
 // It will use adsysDir for socket, cache and run dir if provided.
 func createConf(t *testing.T, opts ...confOption) (conf string) {
@@ -257,7 +264,9 @@ apparmor_dir: %s/apparmor.d/adsys
 apparmorfs_dir: %s/apparmorfs
 systemunit_dir: %s/systemd/system
 global_trust_dir: %s/share/ca-certificates
-`, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.backend, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir))
+
+detect_cached_ticket: %t
+`, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.backend, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.adsysDir, args.detectCachedTicket))
 
 	testutils.WriteFile(t, confFile, confData, os.ModePerm)
 	require.NoError(t, os.MkdirAll(filepath.Join(args.adsysDir, "dconf"), 0750), "Setup: should create dconf dir")

cmd/adsysd/integration_tests/adsysctl_policy_test.go

@@ -215,8 +215,11 @@ func TestPolicyUpdate(t *testing.T) {
 		addPaths            []string
 		readOnlyDirs        []string
 		winbindMockBehavior string
+		krb5MockBehavior    string
 		purge               bool
 		missingCertmonger   bool
+		noExportKrb5cc      bool
+		detectCachedTicket  bool
 
 		wantErr bool
 	}{
@@ -228,6 +231,33 @@ func TestPolicyUpdate(t *testing.T) {
 			backend:   "winbind",
 			initState: "localhost-uptodate",
 		},
+		"Current user, KRB5CCNAME is not exported but present": {
+			initState:          "localhost-uptodate",
+			noExportKrb5cc:     true,
+			detectCachedTicket: true,
+			krb5MockBehavior:   "return_ccache:%s",
+		},
+		"Current user, libkrb5 not used if KRB5CCNAME is present": {
+			initState:          "localhost-uptodate",
+			detectCachedTicket: true,
+			krb5MockBehavior:   "return_ccache:%s/maybebadvalue",
+		},
+		"Current user, libkrb5 not used if setting not enabled": {
+			initState:        "localhost-uptodate",
+			krb5MockBehavior: "return_ccache:%s/maybebadvalue",
+		},
+		"Current user, librkb5 returns error but symlink is present": {
+			initState:          "localhost-uptodate",
+			detectCachedTicket: true,
+			noExportKrb5cc:     true,
+			krb5MockBehavior:   "return_empty_ccache",
+			krb5ccNamesState: []krb5ccNamesWithState{
+				{
+					src:          currentUser + ".krb5",
+					adsysSymlink: currentUser,
+				},
+			},
+		},
 		"Other user, first time": {
 			args:       []string{"[email protected]", "[email protected]"},
 			initState:  "localhost-uptodate",
@@ -871,6 +901,27 @@ func TestPolicyUpdate(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		// Krb5 library error cases
+		"Error when libkrb5 ccache not present on disk": {
+			initState:          "localhost-uptodate",
+			noExportKrb5cc:     true,
+			detectCachedTicket: true,
+			krb5MockBehavior:   "return_ccache:%s/not_present",
+			wantErr:            true,
+		},
+		"Error when libkrb5 returns null value": {
+			initState:          "localhost-uptodate",
+			noExportKrb5cc:     true,
+			detectCachedTicket: true,
+			krb5MockBehavior:   "return_null_ccache",
+			wantErr:            true,
+		},
+		"Error when cached ticket setting not enabled": {
+			initState:        "localhost-uptodate",
+			noExportKrb5cc:   true,
+			krb5MockBehavior: "return_ccache:%s",
+			wantErr:          true,
+		},
 		// Incompatible options
 		"Error on all and specific user requested": {
 			args:       []string{"--all", "[email protected]", "[email protected]"},
@@ -1078,10 +1129,19 @@ func TestPolicyUpdate(t *testing.T) {
 				} else {
 					tc.krb5ccname = fmt.Sprintf("FILE:%s/%s", krb5dir, tc.krb5ccname)
 				}
-				t.Setenv("KRB5CCNAME", tc.krb5ccname)
+				if !tc.noExportKrb5cc {
+					t.Setenv("KRB5CCNAME", tc.krb5ccname)
+				}
+			}
+
+			if tc.krb5MockBehavior != "" {
+				if strings.Contains(tc.krb5MockBehavior, "return_ccache") {
+					tc.krb5MockBehavior = fmt.Sprintf(tc.krb5MockBehavior, tc.krb5ccname)
+				}
+				t.Setenv("ADSYS_KRB5_BEHAVIOR", tc.krb5MockBehavior)
 			}
 
-			conf := createConf(t, confWithAdsysDir(adsysDir), confWithBackend(tc.backend))
+			conf := createConf(t, confWithAdsysDir(adsysDir), confWithBackend(tc.backend), confDetectCachedTicket(tc.detectCachedTicket))
 			if tc.sssdConf != "" {
 				content, err := os.ReadFile(conf)
 				require.NoError(t, err, "Setup: can’t read configuration file")
@@ -1243,6 +1303,7 @@ func setupSubprocessForTest(t *testing.T, currentUser string, otherUsers ...stri
 	require.NoError(t, err, "libnss-wrapper is not installed on disk, either skip integration tests or install it")
 
 	mockWinbindLibPath := testutils.BuildWinbindMock(t, filepath.Join(rootProjectDir, "internal/ad/backends/winbind"))
+	mockKrb5LibPath := testutils.BuildKrb5Mock(t, filepath.Join(rootProjectDir, "internal/ad"))
 
 	var subArgs []string
 	// We are going to only reexec ourself: only take options (without -run)
@@ -1288,7 +1349,7 @@ func setupSubprocessForTest(t *testing.T, currentUser string, otherUsers ...stri
 		fmt.Sprintf("PYTHONPATH=%s", admock),
 
 		// override user and host database
-		fmt.Sprintf("LD_PRELOAD=libnss_wrapper.so:%s", mockWinbindLibPath),
+		fmt.Sprintf("LD_PRELOAD=libnss_wrapper.so:%s:%s", mockWinbindLibPath, mockKrb5LibPath),
 		fmt.Sprintf("NSS_WRAPPER_PASSWD=%s", passwd),
 		"NSS_WRAPPER_GROUP=/etc/group",
 	)

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/apparmor.d/adsys/machine/nested/usr.bin.baz

@@ -0,0 +1 @@
+/usr/bin/baz {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/apparmor.d/adsys/machine/usr.bin.bar

@@ -0,0 +1 @@
+/usr/bin/bar {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/apparmor.d/adsys/machine/usr.bin.foo

@@ -0,0 +1 @@
+/usr/bin/foo {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/apparmor.d/adsys/users/adsystestuser@example.com

@@ -0,0 +1,6 @@
+^[email protected] {
+/etc/environment r,
+@{HOMEDIRS}/.xauth* w,
+/usr/bin/{,b,d,rb}ash Ux,
+/usr/bin/{c,k,tc}sh Ux,
+}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/adsystestuser@example.com.d/adsys

@@ -0,0 +1,5 @@
+[org/gnome/desktop/background]
+picture-options='stretched'
+picture-uri='file:///usr/share/backgrounds/canonical.png'
+[org/gnome/shell]
+favorite-apps=['\'libreoffice-writer.desktop\'', '\'snap-store_ubuntu-software.desktop\'', '\'yelp.desktop']

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/adsystestuser@example.com.d/locks/adsys

@@ -0,0 +1,4 @@
+/org/gnome/desktop/background/picture-options
+/org/gnome/desktop/background/picture-uri
+/org/gnome/desktop/media-handling/automount
+/org/gnome/shell/favorite-apps

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/gdm.d/adsys

@@ -0,0 +1,4 @@
+[org/gnome/desktop/interface]
+clock-format='24h'
+clock-show-date=false
+clock-show-weekday=true

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/gdm.d/locks/adsys

@@ -0,0 +1,3 @@
+/org/gnome/desktop/interface/clock-format
+/org/gnome/desktop/interface/clock-show-date
+/org/gnome/desktop/interface/clock-show-weekday

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/machine.d/adsys

@@ -0,0 +1 @@
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/db/machine.d/locks/adsys

@@ -0,0 +1 @@
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/profile/adsystestuser@example.com

@@ -0,0 +1,3 @@
+user-db:user
+system-db:[email protected]
+system-db:machine

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/dconf/profile/gdm

@@ -0,0 +1,3 @@
+user-db:user
+system-db:gdm
+system-db:machine

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/lib/samba/cert_gpo_state_HOST.tdb

@@ -0,0 +1 @@
+TDB file

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf

@@ -0,0 +1,10 @@
+# This file is managed by adsys.
+# Do not edit this file manually.
+# Any changes will be overwritten.
+
+[Configuration]
+AdminIdentities=unix-group:sudo;unix-group:admin
+
+[Configuration]
+AdminIdentities=unix-user:[email protected];unix-group:[email protected]
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/final-machine-script.sh

@@ -0,0 +1 @@
+final machine script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/otherfolder/script-user-logoff

@@ -0,0 +1 @@
+script user logoff

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/script-machine-shutdown

@@ -0,0 +1 @@
+script machine shutdown

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/script-machine-startup

@@ -0,0 +1 @@
+script machine startup

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/subfolder/other-script

@@ -0,0 +1 @@
+subfolder other script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/unreferenced-data

@@ -0,0 +1 @@
+unreferenced data

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/scripts/unreferenced-script

@@ -0,0 +1 @@
+unreferenced script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/machine/scripts/startup

@@ -0,0 +1,2 @@
+scripts/script-machine-startup
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/mounts

@@ -0,0 +1,4 @@
+protocol://example.com/it/mount/path
+protocol://example.com/all/other/mount/path
+protocol://example.com/all/another/path
+protocol://example.com/rnd/mount/path

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/logoff

@@ -0,0 +1,2 @@
+scripts/otherfolder/script-user-logoff
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/logon

@@ -0,0 +1,4 @@
+scripts/script-user-logon
+scripts/other-script-user-logon
+scripts/script-user-logon
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/final-machine-script.sh

@@ -0,0 +1 @@
+final machine script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/other-script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/otherfolder/script-user-logoff

@@ -0,0 +1 @@
+script user logoff

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/script-machine-shutdown

@@ -0,0 +1 @@
+script machine shutdown

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/script-machine-startup

@@ -0,0 +1 @@
+script machine startup

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/subfolder/other-script

@@ -0,0 +1 @@
+subfolder other script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/unreferenced-data

@@ -0,0 +1 @@
+unreferenced data

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/run/users/CURRENT_UID/scripts/scripts/unreferenced-script

@@ -0,0 +1 @@
+unreferenced script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_krb5ccname_is_not_exported_but_present/sudoers.d/99-adsys-privilege-enforcement

@@ -0,0 +1,10 @@
+# This file is managed by adsys.
+# Do not edit this file manually.
+# Any changes will be overwritten.
+
+%admin	ALL=(ALL) !ALL
+%sudo	ALL=(ALL:ALL) !ALL
+
+"[email protected]"	ALL=(ALL:ALL) ALL
+"%[email protected]"	ALL=(ALL:ALL) ALL
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/apparmor.d/adsys/machine/nested/usr.bin.baz

@@ -0,0 +1 @@
+/usr/bin/baz {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/apparmor.d/adsys/machine/usr.bin.bar

@@ -0,0 +1 @@
+/usr/bin/bar {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/apparmor.d/adsys/machine/usr.bin.foo

@@ -0,0 +1 @@
+/usr/bin/foo {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/apparmor.d/adsys/users/adsystestuser@example.com

@@ -0,0 +1,6 @@
+^[email protected] {
+/etc/environment r,
+@{HOMEDIRS}/.xauth* w,
+/usr/bin/{,b,d,rb}ash Ux,
+/usr/bin/{c,k,tc}sh Ux,
+}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/adsystestuser@example.com.d/adsys

@@ -0,0 +1,5 @@
+[org/gnome/desktop/background]
+picture-options='stretched'
+picture-uri='file:///usr/share/backgrounds/canonical.png'
+[org/gnome/shell]
+favorite-apps=['\'libreoffice-writer.desktop\'', '\'snap-store_ubuntu-software.desktop\'', '\'yelp.desktop']

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/adsystestuser@example.com.d/locks/adsys

@@ -0,0 +1,4 @@
+/org/gnome/desktop/background/picture-options
+/org/gnome/desktop/background/picture-uri
+/org/gnome/desktop/media-handling/automount
+/org/gnome/shell/favorite-apps

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/gdm.d/adsys

@@ -0,0 +1,4 @@
+[org/gnome/desktop/interface]
+clock-format='24h'
+clock-show-date=false
+clock-show-weekday=true

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/gdm.d/locks/adsys

@@ -0,0 +1,3 @@
+/org/gnome/desktop/interface/clock-format
+/org/gnome/desktop/interface/clock-show-date
+/org/gnome/desktop/interface/clock-show-weekday

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/machine.d/adsys

@@ -0,0 +1 @@
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/db/machine.d/locks/adsys

@@ -0,0 +1 @@
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/profile/adsystestuser@example.com

@@ -0,0 +1,3 @@
+user-db:user
+system-db:[email protected]
+system-db:machine

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/dconf/profile/gdm

@@ -0,0 +1,3 @@
+user-db:user
+system-db:gdm
+system-db:machine

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/lib/samba/cert_gpo_state_HOST.tdb

@@ -0,0 +1 @@
+TDB file

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf

@@ -0,0 +1,10 @@
+# This file is managed by adsys.
+# Do not edit this file manually.
+# Any changes will be overwritten.
+
+[Configuration]
+AdminIdentities=unix-group:sudo;unix-group:admin
+
+[Configuration]
+AdminIdentities=unix-user:[email protected];unix-group:[email protected]
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/final-machine-script.sh

@@ -0,0 +1 @@
+final machine script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/otherfolder/script-user-logoff

@@ -0,0 +1 @@
+script user logoff

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/script-machine-shutdown

@@ -0,0 +1 @@
+script machine shutdown

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/script-machine-startup

@@ -0,0 +1 @@
+script machine startup

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/subfolder/other-script

@@ -0,0 +1 @@
+subfolder other script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/unreferenced-data

@@ -0,0 +1 @@
+unreferenced data

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/scripts/unreferenced-script

@@ -0,0 +1 @@
+unreferenced script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/machine/scripts/startup

@@ -0,0 +1,2 @@
+scripts/script-machine-startup
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/mounts

@@ -0,0 +1,4 @@
+protocol://example.com/it/mount/path
+protocol://example.com/all/other/mount/path
+protocol://example.com/all/another/path
+protocol://example.com/rnd/mount/path

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/logoff

@@ -0,0 +1,2 @@
+scripts/otherfolder/script-user-logoff
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/logon

@@ -0,0 +1,4 @@
+scripts/script-user-logon
+scripts/other-script-user-logon
+scripts/script-user-logon
+scripts/subfolder/other-script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/final-machine-script.sh

@@ -0,0 +1 @@
+final machine script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/other-script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/otherfolder/script-user-logoff

@@ -0,0 +1 @@
+script user logoff

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/script-machine-shutdown

@@ -0,0 +1 @@
+script machine shutdown

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/script-machine-startup

@@ -0,0 +1 @@
+script machine startup

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/script-user-logon

@@ -0,0 +1 @@
+script user logon

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/subfolder/other-script

@@ -0,0 +1 @@
+subfolder other script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/unreferenced-data

@@ -0,0 +1 @@
+unreferenced data

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/run/users/CURRENT_UID/scripts/scripts/unreferenced-script

@@ -0,0 +1 @@
+unreferenced script

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_krb5ccname_is_present/sudoers.d/99-adsys-privilege-enforcement

@@ -0,0 +1,10 @@
+# This file is managed by adsys.
+# Do not edit this file manually.
+# Any changes will be overwritten.
+
+%admin	ALL=(ALL) !ALL
+%sudo	ALL=(ALL:ALL) !ALL
+
+"[email protected]"	ALL=(ALL:ALL) ALL
+"%[email protected]"	ALL=(ALL:ALL) ALL
+

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_setting_not_enabled/apparmor.d/adsys/machine/nested/usr.bin.baz

@@ -0,0 +1 @@
+/usr/bin/baz {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_setting_not_enabled/apparmor.d/adsys/machine/usr.bin.bar

@@ -0,0 +1 @@
+/usr/bin/bar {}

cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/current_user,_libkrb5_not_used_if_setting_not_enabled/apparmor.d/adsys/machine/usr.bin.foo

@@ -0,0 +1 @@
+/usr/bin/foo {}