mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using spnego and gse_krb5, not triggering the weak crypto restrictions. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
This commit is contained in:
parent
63b0d2dc76
commit
ed625d6694
@ -27,6 +27,16 @@ samba_bindir="$BINDIR"
|
||||
samba_testparm="$BINDIR/testparm"
|
||||
samba_rpcclient="$samba_bindir/rpcclient"
|
||||
|
||||
opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
|
||||
|
||||
unset GNUTLS_FORCE_FIPS_MODE
|
||||
|
||||
# Checks that testparm reports: Weak crypto is allowed
|
||||
testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
|
||||
|
||||
# We should be allowed to use NTLM for connecting
|
||||
testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
|
||||
|
||||
GNUTLS_FORCE_FIPS_MODE=1
|
||||
export GNUTLS_FORCE_FIPS_MODE
|
||||
|
||||
@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE
|
||||
testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
|
||||
|
||||
# We should not be allowed to use NTLM for connecting
|
||||
testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
|
||||
testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
|
||||
|
||||
unset GNUTLS_FORCE_FIPS_MODE
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user