mirror of
https://github.com/samba-team/samba.git
synced 2025-01-03 01:18:10 +03:00
ed625d6694
Otherwise the test fails because the client is authenticated using spnego and gse_krb5, not triggering the weak crypto restrictions. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
52 lines
1.3 KiB
Bash
Executable File
52 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
#
|
|
# Blackbox tests for weak crytpo
|
|
# Copyright (c) 2020 Andreas Schneider <asn@samba.org>
|
|
#
|
|
|
|
if [ $# -lt 6 ]; then
|
|
cat <<EOF
|
|
Usage: $0 SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
|
|
EOF
|
|
exit 1;
|
|
fi
|
|
|
|
SERVER=$1
|
|
USERNAME=$2
|
|
PASSWORD=$3
|
|
REALM=$4
|
|
DOMAIN=$5
|
|
PREFIX=$6
|
|
shift 6
|
|
|
|
failed=0
|
|
. `dirname $0`/subunit.sh
|
|
|
|
samba_bindir="$BINDIR"
|
|
samba_testparm="$BINDIR/testparm"
|
|
samba_rpcclient="$samba_bindir/rpcclient"
|
|
|
|
opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
|
|
|
|
unset GNUTLS_FORCE_FIPS_MODE
|
|
|
|
# Checks that testparm reports: Weak crypto is allowed
|
|
testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
|
|
|
|
# We should be allowed to use NTLM for connecting
|
|
testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
|
|
|
|
GNUTLS_FORCE_FIPS_MODE=1
|
|
export GNUTLS_FORCE_FIPS_MODE
|
|
|
|
# Checks that testparm reports: Weak crypto is disallowed
|
|
testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
|
|
|
|
# We should not be allowed to use NTLM for connecting
|
|
testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
|
|
|
|
unset GNUTLS_FORCE_FIPS_MODE
|
|
|
|
exit $failed
|