mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
tests: Add test for weak crypto
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
0b84bc03e8
commit
ff70d7cc3a
@ -85,6 +85,7 @@ finally:
|
||||
f.close()
|
||||
|
||||
have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
|
||||
have_gnutls_crypto_policies = ("HAVE_GNUTLS_CRYPTO_POLICIES" in config_hash)
|
||||
|
||||
for options in ['-U"$USERNAME%$PASSWORD"']:
|
||||
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
|
||||
@ -511,6 +512,10 @@ plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:clien
|
||||
plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
|
||||
plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
|
||||
plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID'])
|
||||
|
||||
if have_gnutls_crypto_policies:
|
||||
plantestsuite("samba4.blackbox.weak_crypto", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
|
||||
|
||||
plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "ad_dc_ntvfs", [valgrindify(smbtorture4), "$LISTOPT", "$LOADLIST", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
|
||||
# json tests hook into ``chgdcpass'' to make them run in contributor CI on
|
||||
# gitlab
|
||||
|
41
testprogs/blackbox/test_weak_crypto.sh
Executable file
41
testprogs/blackbox/test_weak_crypto.sh
Executable file
@ -0,0 +1,41 @@
|
||||
#!/bin/sh
|
||||
|
||||
#
|
||||
# Blackbox tests for weak crytpo
|
||||
# Copyright (c) 2020 Andreas Schneider <asn@samba.org>
|
||||
#
|
||||
|
||||
if [ $# -lt 6 ]; then
|
||||
cat <<EOF
|
||||
Usage: $0 SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
|
||||
EOF
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
SERVER=$1
|
||||
USERNAME=$2
|
||||
PASSWORD=$3
|
||||
REALM=$4
|
||||
DOMAIN=$5
|
||||
PREFIX=$6
|
||||
shift 6
|
||||
|
||||
failed=0
|
||||
. `dirname $0`/subunit.sh
|
||||
|
||||
samba_bindir="$BINDIR"
|
||||
samba_testparm="$BINDIR/testparm"
|
||||
samba_rpcclient="$samba_bindir/rpcclient"
|
||||
|
||||
GNUTLS_FORCE_FIPS_MODE=1
|
||||
export GNUTLS_FORCE_FIPS_MODE
|
||||
|
||||
# Checks that testparm reports: Weak crypto is disallowed
|
||||
testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
|
||||
|
||||
# We should not be allowed to use NTLM for connecting
|
||||
testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
|
||||
|
||||
unset GNUTLS_FORCE_FIPS_MODE
|
||||
|
||||
exit $failed
|
Loading…
Reference in New Issue
Block a user