From 80ccac79b9d123e158a5ba60f9853611d0854188 Mon Sep 17 00:00:00 2001 From: Sergey Orlov Date: Wed, 17 Feb 2021 16:48:33 +0100 Subject: [PATCH] ipatests: test Samba mount with NTLM authentication Related to https://pagure.io/freeipa/issue/8636 Reviewed-By: Alexander Bokovoy --- ipatests/pytest_ipa/integration/__init__.py | 17 ++++++ ipatests/test_integration/test_smb.py | 63 +++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/ipatests/pytest_ipa/integration/__init__.py b/ipatests/pytest_ipa/integration/__init__.py index 55291ae8b..f62b667bd 100644 --- a/ipatests/pytest_ipa/integration/__init__.py +++ b/ipatests/pytest_ipa/integration/__init__.py @@ -28,12 +28,14 @@ import os import tempfile import shutil import re +import functools import pytest from pytest_multihost import make_multihost_fixture from ipapython import ipautil from ipaplatform.paths import paths +from . import fips from .config import Config from .env_config import get_global_config from . import tasks @@ -478,3 +480,18 @@ def del_compat_attrs(cls): del cls.ad_subdomains del cls.ad_treedomains del cls.ad_domains + + +def skip_if_fips(reason='Not supported in FIPS mode', host='master'): + if callable(reason): + raise TypeError('Invalid decorator usage, add "()"') + + def decorator(test_method): + @functools.wraps(test_method) + def wrapper(instance, *args, **kwargs): + if fips.is_fips_enabled(getattr(instance, host)): + pytest.skip(reason) + else: + test_method(instance, *args, **kwargs) + return wrapper + return decorator diff --git a/ipatests/test_integration/test_smb.py b/ipatests/test_integration/test_smb.py index 37725ab15..749a96325 100644 --- a/ipatests/test_integration/test_smb.py +++ b/ipatests/test_integration/test_smb.py @@ -19,6 +19,7 @@ from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_ipa.integration import tasks from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths +from ipatests.pytest_ipa.integration import skip_if_fips def wait_smbd_functional(host): @@ -378,6 +379,68 @@ class TestSMB(IntegrationTest): finally: self.cleanup_mount(mountpoint) + def check_repeated_smb_mount(self, options): + mountpoint = '/mnt/smb' + unc = '//{}/homes'.format(self.smbserver.hostname) + test_file = 'ntlm_test' + test_file_server_path = '/home/{}/{}'.format(self.ipa_user1, test_file) + test_file_client_path = '{}/{}'.format(mountpoint, test_file) + + self.smbclient.run_command(['mkdir', '-p', mountpoint]) + self.smbserver.put_file_contents(test_file_server_path, '') + try: + for i in [1, 2]: + res = self.smbclient.run_command([ + 'mount', '-t', 'cifs', unc, mountpoint, '-o', options], + raiseonerr=False) + assert res.returncode == 0, ( + 'Mount failed at iteration {}. Output: {}' + .format(i, res.stdout_text + res.stderr_text)) + assert self.smbclient.transport.file_exists( + test_file_client_path) + self.smbclient.run_command(['umount', mountpoint]) + finally: + self.cleanup_mount(mountpoint) + self.smbserver.run_command(['rm', '-f', test_file_server_path]) + + @skip_if_fips() + def test_ntlm_authentication_with_auto_domain(self): + """Repeatedly try to authenticate with username and password with + automatic domain discovery. + + This is a regression test for https://pagure.io/freeipa/issue/8636 + """ + tasks.kdestroy_all(self.smbclient) + + mount_options = 'user={user},pass={password},domainauto'.format( + user=self.ipa_user1, + password=self.ipa_user1_password + ) + + self.check_repeated_smb_mount(mount_options) + + @skip_if_fips() + def test_ntlm_authentication_with_upn_with_lowercase_domain(self): + tasks.kdestroy_all(self.smbclient) + + mount_options = 'user={user}@{domain},pass={password}'.format( + user=self.ipa_user1, + password=self.ipa_user1_password, + domain=self.master.domain.name.lower() + ) + self.check_repeated_smb_mount(mount_options) + + @skip_if_fips() + def test_ntlm_authentication_with_upn_with_uppercase_domain(self): + tasks.kdestroy_all(self.smbclient) + + mount_options = 'user={user}@{domain},pass={password}'.format( + user=self.ipa_user1, + password=self.ipa_user1_password, + domain=self.master.domain.name.upper() + ) + self.check_repeated_smb_mount(mount_options) + def test_uninstall_samba(self): self.smbserver.run_command(['ipa-client-samba', '--uninstall', '-U']) res = self.smbserver.run_command( -- 2.29.2