From ed625d669437bb940a98a0e51c67a85d947dc2d5 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Tue, 15 Sep 2020 12:32:44 +0200 Subject: [PATCH] tests: Disable kerberos for weak crypto test Otherwise the test fails because the client is authenticated using spnego and gse_krb5, not triggering the weak crypto restrictions. Signed-off-by: Samuel Cabrero Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184 --- testprogs/blackbox/test_weak_crypto.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/testprogs/blackbox/test_weak_crypto.sh b/testprogs/blackbox/test_weak_crypto.sh index fe927e8c3a9..50a67aef110 100755 --- a/testprogs/blackbox/test_weak_crypto.sh +++ b/testprogs/blackbox/test_weak_crypto.sh @@ -27,6 +27,16 @@ samba_bindir="$BINDIR" samba_testparm="$BINDIR/testparm" samba_rpcclient="$samba_bindir/rpcclient" +opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}" + +unset GNUTLS_FORCE_FIPS_MODE + +# Checks that testparm reports: Weak crypto is allowed +testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1` + +# We should be allowed to use NTLM for connecting +testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1` + GNUTLS_FORCE_FIPS_MODE=1 export GNUTLS_FORCE_FIPS_MODE @@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1` # We should not be allowed to use NTLM for connecting -testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1` +testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1` unset GNUTLS_FORCE_FIPS_MODE