mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipatests: test Samba mount with NTLM authentication
Related to https://pagure.io/freeipa/issue/8636 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
8c2c6f8253
commit
0b60408dab
@ -28,12 +28,14 @@ import os
|
||||
import tempfile
|
||||
import shutil
|
||||
import re
|
||||
import functools
|
||||
|
||||
import pytest
|
||||
from pytest_multihost import make_multihost_fixture
|
||||
|
||||
from ipapython import ipautil
|
||||
from ipaplatform.paths import paths
|
||||
from . import fips
|
||||
from .config import Config
|
||||
from .env_config import get_global_config
|
||||
from . import tasks
|
||||
@ -478,3 +480,18 @@ def del_compat_attrs(cls):
|
||||
del cls.ad_subdomains
|
||||
del cls.ad_treedomains
|
||||
del cls.ad_domains
|
||||
|
||||
|
||||
def skip_if_fips(reason='Not supported in FIPS mode', host='master'):
|
||||
if callable(reason):
|
||||
raise TypeError('Invalid decorator usage, add "()"')
|
||||
|
||||
def decorator(test_method):
|
||||
@functools.wraps(test_method)
|
||||
def wrapper(instance, *args, **kwargs):
|
||||
if fips.is_fips_enabled(getattr(instance, host)):
|
||||
pytest.skip(reason)
|
||||
else:
|
||||
test_method(instance, *args, **kwargs)
|
||||
return wrapper
|
||||
return decorator
|
||||
|
@ -19,6 +19,7 @@ from ipatests.test_integration.base import IntegrationTest
|
||||
from ipatests.pytest_ipa.integration import tasks
|
||||
from ipaplatform.osinfo import osinfo
|
||||
from ipaplatform.paths import paths
|
||||
from ipatests.pytest_ipa.integration import skip_if_fips
|
||||
|
||||
|
||||
def wait_smbd_functional(host):
|
||||
@ -378,6 +379,68 @@ class TestSMB(IntegrationTest):
|
||||
finally:
|
||||
self.cleanup_mount(mountpoint)
|
||||
|
||||
def check_repeated_smb_mount(self, options):
|
||||
mountpoint = '/mnt/smb'
|
||||
unc = '//{}/homes'.format(self.smbserver.hostname)
|
||||
test_file = 'ntlm_test'
|
||||
test_file_server_path = '/home/{}/{}'.format(self.ipa_user1, test_file)
|
||||
test_file_client_path = '{}/{}'.format(mountpoint, test_file)
|
||||
|
||||
self.smbclient.run_command(['mkdir', '-p', mountpoint])
|
||||
self.smbserver.put_file_contents(test_file_server_path, '')
|
||||
try:
|
||||
for i in [1, 2]:
|
||||
res = self.smbclient.run_command([
|
||||
'mount', '-t', 'cifs', unc, mountpoint, '-o', options],
|
||||
raiseonerr=False)
|
||||
assert res.returncode == 0, (
|
||||
'Mount failed at iteration {}. Output: {}'
|
||||
.format(i, res.stdout_text + res.stderr_text))
|
||||
assert self.smbclient.transport.file_exists(
|
||||
test_file_client_path)
|
||||
self.smbclient.run_command(['umount', mountpoint])
|
||||
finally:
|
||||
self.cleanup_mount(mountpoint)
|
||||
self.smbserver.run_command(['rm', '-f', test_file_server_path])
|
||||
|
||||
@skip_if_fips()
|
||||
def test_ntlm_authentication_with_auto_domain(self):
|
||||
"""Repeatedly try to authenticate with username and password with
|
||||
automatic domain discovery.
|
||||
|
||||
This is a regression test for https://pagure.io/freeipa/issue/8636
|
||||
"""
|
||||
tasks.kdestroy_all(self.smbclient)
|
||||
|
||||
mount_options = 'user={user},pass={password},domainauto'.format(
|
||||
user=self.ipa_user1,
|
||||
password=self.ipa_user1_password
|
||||
)
|
||||
|
||||
self.check_repeated_smb_mount(mount_options)
|
||||
|
||||
@skip_if_fips()
|
||||
def test_ntlm_authentication_with_upn_with_lowercase_domain(self):
|
||||
tasks.kdestroy_all(self.smbclient)
|
||||
|
||||
mount_options = 'user={user}@{domain},pass={password}'.format(
|
||||
user=self.ipa_user1,
|
||||
password=self.ipa_user1_password,
|
||||
domain=self.master.domain.name.lower()
|
||||
)
|
||||
self.check_repeated_smb_mount(mount_options)
|
||||
|
||||
@skip_if_fips()
|
||||
def test_ntlm_authentication_with_upn_with_uppercase_domain(self):
|
||||
tasks.kdestroy_all(self.smbclient)
|
||||
|
||||
mount_options = 'user={user}@{domain},pass={password}'.format(
|
||||
user=self.ipa_user1,
|
||||
password=self.ipa_user1_password,
|
||||
domain=self.master.domain.name.upper()
|
||||
)
|
||||
self.check_repeated_smb_mount(mount_options)
|
||||
|
||||
def test_uninstall_samba(self):
|
||||
self.smbserver.run_command(['ipa-client-samba', '--uninstall', '-U'])
|
||||
res = self.smbserver.run_command(
|
||||
|
Loading…
Reference in New Issue
Block a user