sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

selftest: Force fips mode for openssl in ad_dc_fips

Browse Source 
This allows us to test MIT KRB5 and OpenLDAP in FIPS mode.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Andreas Schneider 2020-03-16 09:39:48 +01:00 committed by Andreas Schneider
parent ff67642dc2
commit 5ae07ac3ea
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
selftest/target/Samba.pm
View File

@ -692,6 +692,9 @@ sub get_env_for_process
if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) {
$proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE};
}
if (defined($env_vars->{OPENSSL_FORCE_FIPS_MODE})) {
$proc_envs->{OPENSSL_FORCE_FIPS_MODE} = $env_vars->{OPENSSL_FORCE_FIPS_MODE};
}
return $proc_envs;
}
@ -878,6 +881,7 @@ my @exported_envvars = (
# crypto libraries
"GNUTLS_FORCE_FIPS_MODE",
"OPENSSL_FORCE_FIPS_MODE",
);
sub exported_envvars_str

8
selftest/target/Samba4.pm
View File

@ -171,6 +171,9 @@ sub wait_for_start($$)
if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) {
$cmd .= "GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} ";
}
if (defined($testenv_vars->{OPENSSL_FORCE_FIPS_MODE})) {
$cmd .= "OPENSSL_FORCE_FIPS_MODE=$testenv_vars->{OPENSSL_FORCE_FIPS_MODE} ";
}
$cmd .= "$ldbsearch ";
$cmd .= "$testenv_vars->{CONFIGURATION} ";
@ -387,6 +390,9 @@ sub get_cmd_env_vars
if (defined($localenv->{GNUTLS_FORCE_FIPS_MODE})) {
$cmd_env .= "GNUTLS_FORCE_FIPS_MODE=$localenv->{GNUTLS_FORCE_FIPS_MODE} ";
}
if (defined($localenv->{OPENSSL_FORCE_FIPS_MODE})) {
$cmd_env .= "OPENSSL_FORCE_FIPS_MODE=$localenv->{OPENSSL_FORCE_FIPS_MODE} ";
}
$cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
$cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
$cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" ";
@ -616,6 +622,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
}
if (defined($ctx->{force_fips_mode})) {
push (@provision_options, "GNUTLS_FORCE_FIPS_MODE=1");
push (@provision_options, "OPENSSL_FORCE_FIPS_MODE=1");
}
if (defined($ENV{GDB_PROVISION})) {
@ -892,6 +899,7 @@ nogroup:x:65534:nobody
}
if (defined($ctx->{force_fips_mode})) {
$ret->{GNUTLS_FORCE_FIPS_MODE} = "1",
$ret->{OPENSSL_FORCE_FIPS_MODE} = "1",
}
if ($ctx->{server_role} eq "domain controller") {