2020-03-11 20:35:57 +03:00
#!/bin/sh
#
2023-06-22 07:04:03 +03:00
# Blackbox tests for weak crypto
2020-03-11 20:35:57 +03:00
# Copyright (c) 2020 Andreas Schneider <asn@samba.org>
#
if [ $# -lt 6 ] ; then
2022-04-22 16:46:06 +03:00
cat <<EOF
2020-03-11 20:35:57 +03:00
Usage: $0 SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
EOF
2022-04-22 16:46:06 +03:00
exit 1
2020-03-11 20:35:57 +03:00
fi
SERVER = $1
USERNAME = $2
PASSWORD = $3
REALM = $4
DOMAIN = $5
PREFIX = $6
shift 6
failed = 0
2022-04-22 16:46:06 +03:00
. $( dirname $0 ) /subunit.sh
2020-03-11 20:35:57 +03:00
samba_bindir = " $BINDIR "
samba_testparm = " $BINDIR /testparm "
samba_rpcclient = " $samba_bindir /rpcclient "
2020-09-15 13:32:44 +03:00
opt = " --option=gensec:gse_krb5=no -U ${ USERNAME } % ${ PASSWORD } "
unset GNUTLS_FORCE_FIPS_MODE
# Checks that testparm reports: Weak crypto is allowed
2022-04-22 16:46:06 +03:00
testit_grep "testparm" "Weak crypto is allowed" $samba_testparm --suppress-prompt $SMB_CONF_PATH 2>& 1 || failed = $( expr $failed + 1)
2020-09-15 13:32:44 +03:00
# We should be allowed to use NTLM for connecting
2022-04-22 16:46:06 +03:00
testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed = $( expr $failed + 1)
2020-09-15 13:32:44 +03:00
2020-03-11 20:35:57 +03:00
GNUTLS_FORCE_FIPS_MODE = 1
export GNUTLS_FORCE_FIPS_MODE
# Checks that testparm reports: Weak crypto is disallowed
2022-04-22 16:46:06 +03:00
testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm --suppress-prompt $SMB_CONF_PATH 2>& 1 || failed = $( expr $failed + 1)
2020-03-11 20:35:57 +03:00
# We should not be allowed to use NTLM for connecting
2022-04-22 16:46:06 +03:00
testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed = $( expr $failed + 1)
2020-03-11 20:35:57 +03:00
unset GNUTLS_FORCE_FIPS_MODE
exit $failed
