Skip to content
Permalink
Browse files

Merge pull request #370 from joergsteffens/dev/joergs/master/systemte…

…st-bconsole-pam

systemtests (bconsole-pam): run Python tests without TLS-PSK required
  • Loading branch information
joergsteffens committed Dec 13, 2019
2 parents 5a157f1 + e70e4bb commit e23fd5786ed3c6d9e2dc61aff919e1cf546f814f
@@ -276,7 +276,7 @@ def reconnect(self):
self.max_reconnects -= 1
if self.__connect() and self._init_connection():
result = True
except socket.error:
except (socket.error, bareos.exceptions.ConnectionLostError):
self.logger.warning("failed to reconnect")
return result

@@ -61,4 +61,4 @@ def pam_user_credentials(pam_username, pam_password):
Returns a string similar to:
4002 USERNAME PASSWORD
'''
return b'{id}{s}{username}{s}{password}'.format(id=ProtocolMessageIds.PamUserCredentials, username=pam_username, password=pam_password, s=Constants.record_separator)
return bytearray('{id}{s}{username}{s}{password}'.format(id=ProtocolMessageIds.PamUserCredentials, username=pam_username, password=pam_password, s=Constants.record_separator), 'utf-8')
@@ -0,0 +1,6 @@
Console {
Name = "PamConsole-notls"
Password = "secret"
UsePamAuthentication = yes
TLS Enable = no
}
@@ -8,8 +8,8 @@
import unittest

import bareos.bsock
import bareos.exceptions
from bareos.bsock.protocolversions import ProtocolVersions
import bareos.exceptions


class PythonBareosBase(unittest.TestCase):
@@ -18,7 +18,7 @@ class PythonBareosBase(unittest.TestCase):
director_root_password = 'secret'
director_operator_username = 'admin'
director_operator_password = 'secret'
console_pam_username = u'PamConsole'
console_pam_username = u'PamConsole-notls'
console_pam_password = u'secret'
client = 'bareos-fd'
#restorefile = '/usr/sbin/bconsole'
@@ -51,7 +51,7 @@ class PythonBareosPamLoginTest(PythonBareosBase):
Requires Bareos Console Protocol >= 18.2.
'''

def test_pam_login(self):
def test_pam_login_notls(self):

pam_username = u'user1'
pam_password = u'user1'
@@ -72,6 +72,32 @@ def test_pam_login(self):
self.assertEqual(pam_username, whoami.rstrip())


@unittest.skipUnless(bareos.bsock.DirectorConsole.is_tls_psk_available(),
"TLS-PSK is not available.")
def test_pam_login_tls(self):

pam_username = u'user1'
pam_password = u'user1'

console_pam_username = u"PamConsole"
console_pam_password = u"secret"

#
# login as console_pam_username
#
bareos_password = bareos.bsock.Password(console_pam_password)
director = bareos.bsock.DirectorConsole(
address=self.director_address,
port=self.director_port,
name=console_pam_username,
password=bareos_password,
pam_username=pam_username,
pam_password=pam_password)

whoami = director.call('whoami').decode('utf-8')
self.assertEqual(pam_username, whoami.rstrip())


def test_pam_login_with_not_existing_username(self):
'''
Verify bareos.bsock.DirectorConsole raises an AuthenticationError exception.
@@ -152,6 +178,8 @@ def test_login_with_director_requires_pam_but_protocol_124(self):
the console first retrieves a "1000 OK",
but further communication fails.
In the end, a ConnectionLostError exception is raised.
Sometimes this occurs during initialization,
sometimes first the call command fails.
'''

bareos_password = bareos.bsock.Password(self.console_pam_password)
@@ -162,8 +190,7 @@ def test_login_with_director_requires_pam_but_protocol_124(self):
protocolversion=ProtocolVersions.bareos_12_4,
name=self.console_pam_username,
password=bareos_password)


result = director.call('whoami').decode('utf-8')


def get_env():
@@ -445,7 +445,7 @@ def test_login_notls_tls(self):
self.assertFalse(hasattr(director.socket, 'cipher'))


def test_login_notls_tls_fixprotocolversion(self):
def test_login_notls_tls_fixedprotocolversion(self):
'''
console: notls, director: tls => nologin
@@ -523,6 +523,34 @@ def test_login_tls_tls(self):
logger.debug(str(cipher))


@unittest.skipUnless(bareos.bsock.DirectorConsole.is_tls_psk_available(),
"TLS-PSK is not available.")
def test_login_tls_tls_fixedprotocolversion(self):
'''
console: tls, director: tls => login
'''

logger = logging.getLogger()

username = self.get_operator_username(tls=True)
password = self.get_operator_password(username)

director = bareos.bsock.DirectorConsole(
address=self.director_address,
port=self.director_port,
protocolversion=ProtocolVersions.last,
tls_psk_require=True,
name=username,
password=password)

whoami = director.call('whoami').decode('utf-8')
self.assertEqual(username, whoami.rstrip())

self.assertTrue(hasattr(director.socket, 'cipher'))
cipher = director.socket.cipher()
logger.debug(str(cipher))



#
# Test with JSON backend

0 comments on commit e23fd57

Please sign in to comment.
You can’t perform that action at this time.