sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

waf: Check correctly if gnutls has been compiled with fips mode support

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 13 19:17:56 UTC 2021 on sn-devel-184
This commit is contained in:
Andreas Schneider 2021-04-13 17:48:21 +02:00 committed by Stefan Metzmacher
parent d5759794d6
commit bfb9cd8b9b
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source4/selftest/tests.py
View File

@ -86,7 +86,7 @@ finally:
f.close() f.close()
have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash) have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
have_gnutls_crypto_policies = ("HAVE_GNUTLS_CRYPTO_POLICIES" in config_hash) have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
for options in ['-U"$USERNAME%$PASSWORD"']: for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs", plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
@ -567,7 +567,7 @@ plantestsuite("samba4.blackbox.net_ads_dns_async(ad_member:local)",
'$REALM']) '$REALM'])
plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID']) plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID'])
if have_gnutls_crypto_policies: if have_gnutls_fips_mode_support:
plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"]) plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
for env in ["ad_dc_fips", "ad_member_fips"]: for env in ["ad_dc_fips", "ad_member_fips"]:
@ -722,7 +722,7 @@ def planoldpythontestsuite(env, module, name=None, extra_path=[], environ={}, ex
name = module name = module
plantestsuite_loadlist(name, env, args) plantestsuite_loadlist(name, env, args)
if have_gnutls_crypto_policies: if have_gnutls_fips_mode_support:
planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.createtrustrelax", environ={'GNUTLS_FORCE_FIPS_MODE':'1'}) planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.createtrustrelax", environ={'GNUTLS_FORCE_FIPS_MODE':'1'})
planoldpythontestsuite("ad_dc_fips", "samba.tests.dcerpc.createtrustrelax", environ={'GNUTLS_FORCE_FIPS_MODE':'1'}) planoldpythontestsuite("ad_dc_fips", "samba.tests.dcerpc.createtrustrelax", environ={'GNUTLS_FORCE_FIPS_MODE':'1'})

29
wscript_configure_system_gnutls
View File

@ -1,4 +1,5 @@
from waflib import Options from waflib import Options
import os
def parse_version(v): def parse_version(v):
return tuple(map(int, (v.split(".")))) return tuple(map(int, (v.split("."))))
@ -35,9 +36,31 @@ conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
if (parse_version(gnutls_version) > parse_version('3.6.14')): if (parse_version(gnutls_version) > parse_version('3.6.14')):
conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
# Check if we have support for crypto policies # Check if gnutls has fips mode support
if conf.CHECK_FUNCS_IN('gnutls_get_system_config_file', 'gnutls'): # gnutls_fips140_mode_enabled() is available since 3.3.0
conf.DEFINE('HAVE_GNUTLS_CRYPTO_POLICIES', 1) fragment = '''
#include <gnutls/gnutls.h>
#include <stdlib.h>
int main(void)
{
unsigned int ok;
ok = gnutls_fips140_mode_enabled();
return !ok;
}
'''
os.environ['GNUTLS_FORCE_FIPS_MODE'] = '1'
conf.CHECK_CODE(fragment,
'HAVE_GNUTLS_FIPS_MODE_SUPPORTED',
execute=True,
addmain=False,
add_headers=False,
lib='gnutls',
msg='Checking for gnutls fips mode support')
del os.environ['GNUTLS_FORCE_FIPS_MODE']
if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)