Merge pull request #370 from joergsteffens/dev/joergs/master/systemte…

…st-bconsole-pam systemtests (bconsole-pam): run Python tests without TLS-PSK required
bareos · Dec 13, 2019 · e23fd57 · e23fd57
2 parents 5a157f1 + e70e4bb
commit e23fd57
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 8 deletions.
diff --git a/python-bareos/bareos/bsock/lowlevel.py b/python-bareos/bareos/bsock/lowlevel.py
@@ -276,7 +276,7 @@ def reconnect(self):
                 self.max_reconnects -= 1
                 if self.__connect() and self._init_connection():
                     result = True
-            except socket.error:
+            except (socket.error, bareos.exceptions.ConnectionLostError):
                 self.logger.warning("failed to reconnect")
         return result
 

diff --git a/python-bareos/bareos/bsock/protocolmessages.py b/python-bareos/bareos/bsock/protocolmessages.py
@@ -61,4 +61,4 @@ def pam_user_credentials(pam_username, pam_password):
         Returns a string similar to:
         4002 USERNAME PASSWORD
         '''
-        return b'{id}{s}{username}{s}{password}'.format(id=ProtocolMessageIds.PamUserCredentials, username=pam_username, password=pam_password, s=Constants.record_separator)
+        return bytearray('{id}{s}{username}{s}{password}'.format(id=ProtocolMessageIds.PamUserCredentials, username=pam_username, password=pam_password, s=Constants.record_separator), 'utf-8')
diff --git a/systemtests/tests/bconsole-pam/etc/bareos/bareos-dir.d/console/PamConsole-notls.conf b/systemtests/tests/bconsole-pam/etc/bareos/bareos-dir.d/console/PamConsole-notls.conf
@@ -0,0 +1,6 @@
+Console {
+   Name = "PamConsole-notls"
+   Password = "secret"
+   UsePamAuthentication = yes
+   TLS Enable = no
+}
diff --git a/.../etc/bareos/bareos-dir.d/console/pam.conf → ...reos/bareos-dir.d/console/PamConsole.conf b/.../etc/bareos/bareos-dir.d/console/pam.conf → ...reos/bareos-dir.d/console/PamConsole.conf
diff --git a/systemtests/tests/bconsole-pam/python-bareos-unittest.py b/systemtests/tests/bconsole-pam/python-bareos-unittest.py
@@ -8,8 +8,8 @@
 import unittest
 
 import bareos.bsock
-import bareos.exceptions
 from   bareos.bsock.protocolversions import ProtocolVersions
+import bareos.exceptions
 
 
 class PythonBareosBase(unittest.TestCase):
@@ -18,7 +18,7 @@ class PythonBareosBase(unittest.TestCase):
     director_root_password = 'secret'
     director_operator_username = 'admin'
     director_operator_password = 'secret'
-    console_pam_username = u'PamConsole'
+    console_pam_username = u'PamConsole-notls'
     console_pam_password = u'secret'
     client = 'bareos-fd'
     #restorefile = '/usr/sbin/bconsole'
@@ -51,7 +51,7 @@ class PythonBareosPamLoginTest(PythonBareosBase):
     Requires Bareos Console Protocol >= 18.2.
     '''
 
-    def test_pam_login(self):
+    def test_pam_login_notls(self):
 
         pam_username = u'user1'
         pam_password = u'user1'
@@ -72,6 +72,32 @@ def test_pam_login(self):
         self.assertEqual(pam_username, whoami.rstrip())
 
 
+    @unittest.skipUnless(bareos.bsock.DirectorConsole.is_tls_psk_available(),
+                         "TLS-PSK is not available.")
+    def test_pam_login_tls(self):
+
+        pam_username = u'user1'
+        pam_password = u'user1'
+
+        console_pam_username = u"PamConsole"
+        console_pam_password = u"secret"
+
+        #
+        # login as console_pam_username
+        #
+        bareos_password = bareos.bsock.Password(console_pam_password)
+        director = bareos.bsock.DirectorConsole(
+            address=self.director_address,
+            port=self.director_port,
+            name=console_pam_username,
+            password=bareos_password,
+            pam_username=pam_username,
+            pam_password=pam_password)
+
+        whoami = director.call('whoami').decode('utf-8')
+        self.assertEqual(pam_username, whoami.rstrip())
+
+
     def test_pam_login_with_not_existing_username(self):
         '''
         Verify bareos.bsock.DirectorConsole raises an AuthenticationError exception.
@@ -152,6 +178,8 @@ def test_login_with_director_requires_pam_but_protocol_124(self):
         the console first retrieves a "1000 OK",
         but further communication fails.
         In the end, a ConnectionLostError exception is raised.
+        Sometimes this occurs during initialization,
+        sometimes first the call command fails.
         '''
 
         bareos_password = bareos.bsock.Password(self.console_pam_password)
@@ -162,8 +190,7 @@ def test_login_with_director_requires_pam_but_protocol_124(self):
                 protocolversion=ProtocolVersions.bareos_12_4,
                 name=self.console_pam_username,
                 password=bareos_password)
-
-
+            result = director.call('whoami').decode('utf-8')
 
 
 def get_env():

diff --git a/systemtests/tests/python-bareos-test/python-bareos-unittest.py b/systemtests/tests/python-bareos-test/python-bareos-unittest.py
@@ -445,7 +445,7 @@ def test_login_notls_tls(self):
         self.assertFalse(hasattr(director.socket, 'cipher'))
 
 
-    def test_login_notls_tls_fixprotocolversion(self):
+    def test_login_notls_tls_fixedprotocolversion(self):
         '''
         console: notls, director: tls => nologin
 
@@ -523,6 +523,34 @@ def test_login_tls_tls(self):
         logger.debug(str(cipher))
 
 
+    @unittest.skipUnless(bareos.bsock.DirectorConsole.is_tls_psk_available(),
+                         "TLS-PSK is not available.")
+    def test_login_tls_tls_fixedprotocolversion(self):
+        '''
+        console: tls, director: tls     => login
+        '''
+
+        logger = logging.getLogger()
+
+        username = self.get_operator_username(tls=True)
+        password = self.get_operator_password(username)
+
+        director = bareos.bsock.DirectorConsole(
+            address=self.director_address,
+            port=self.director_port,
+            protocolversion=ProtocolVersions.last,
+            tls_psk_require=True,
+            name=username,
+            password=password)
+
+        whoami = director.call('whoami').decode('utf-8')
+        self.assertEqual(username, whoami.rstrip())
+
+        self.assertTrue(hasattr(director.socket, 'cipher'))
+        cipher = director.socket.cipher()
+        logger.debug(str(cipher))
+
+
 
 #
 # Test with JSON backend