ipatests: test Samba mount with NTLM authentication

Related to https://pagure.io/freeipa/issue/8636

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Sergey Orlov 2021-02-17 16:48:33 +01:00
parent 8c2c6f8253
commit 0b60408dab
No known key found for this signature in database
GPG Key ID: ADF8C90EDD04503D
2 changed files with 80 additions and 0 deletions

View File

@ -28,12 +28,14 @@ import os
import tempfile
import shutil
import re
import functools
import pytest
from pytest_multihost import make_multihost_fixture
from ipapython import ipautil
from ipaplatform.paths import paths
from . import fips
from .config import Config
from .env_config import get_global_config
from . import tasks
@ -478,3 +480,18 @@ def del_compat_attrs(cls):
del cls.ad_subdomains
del cls.ad_treedomains
del cls.ad_domains
def skip_if_fips(reason='Not supported in FIPS mode', host='master'):
if callable(reason):
raise TypeError('Invalid decorator usage, add "()"')
def decorator(test_method):
@functools.wraps(test_method)
def wrapper(instance, *args, **kwargs):
if fips.is_fips_enabled(getattr(instance, host)):
pytest.skip(reason)
else:
test_method(instance, *args, **kwargs)
return wrapper
return decorator

View File

@ -19,6 +19,7 @@ from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks
from ipaplatform.osinfo import osinfo
from ipaplatform.paths import paths
from ipatests.pytest_ipa.integration import skip_if_fips
def wait_smbd_functional(host):
@ -378,6 +379,68 @@ class TestSMB(IntegrationTest):
finally:
self.cleanup_mount(mountpoint)
def check_repeated_smb_mount(self, options):
mountpoint = '/mnt/smb'
unc = '//{}/homes'.format(self.smbserver.hostname)
test_file = 'ntlm_test'
test_file_server_path = '/home/{}/{}'.format(self.ipa_user1, test_file)
test_file_client_path = '{}/{}'.format(mountpoint, test_file)
self.smbclient.run_command(['mkdir', '-p', mountpoint])
self.smbserver.put_file_contents(test_file_server_path, '')
try:
for i in [1, 2]:
res = self.smbclient.run_command([
'mount', '-t', 'cifs', unc, mountpoint, '-o', options],
raiseonerr=False)
assert res.returncode == 0, (
'Mount failed at iteration {}. Output: {}'
.format(i, res.stdout_text + res.stderr_text))
assert self.smbclient.transport.file_exists(
test_file_client_path)
self.smbclient.run_command(['umount', mountpoint])
finally:
self.cleanup_mount(mountpoint)
self.smbserver.run_command(['rm', '-f', test_file_server_path])
@skip_if_fips()
def test_ntlm_authentication_with_auto_domain(self):
"""Repeatedly try to authenticate with username and password with
automatic domain discovery.
This is a regression test for https://pagure.io/freeipa/issue/8636
"""
tasks.kdestroy_all(self.smbclient)
mount_options = 'user={user},pass={password},domainauto'.format(
user=self.ipa_user1,
password=self.ipa_user1_password
)
self.check_repeated_smb_mount(mount_options)
@skip_if_fips()
def test_ntlm_authentication_with_upn_with_lowercase_domain(self):
tasks.kdestroy_all(self.smbclient)
mount_options = 'user={user}@{domain},pass={password}'.format(
user=self.ipa_user1,
password=self.ipa_user1_password,
domain=self.master.domain.name.lower()
)
self.check_repeated_smb_mount(mount_options)
@skip_if_fips()
def test_ntlm_authentication_with_upn_with_uppercase_domain(self):
tasks.kdestroy_all(self.smbclient)
mount_options = 'user={user}@{domain},pass={password}'.format(
user=self.ipa_user1,
password=self.ipa_user1_password,
domain=self.master.domain.name.upper()
)
self.check_repeated_smb_mount(mount_options)
def test_uninstall_samba(self):
self.smbserver.run_command(['ipa-client-samba', '--uninstall', '-U'])
res = self.smbserver.run_command(