selftest: Start ad_dc_fips with forced fips mode

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index f559f6e85fb2fd8165c54e31d0c5719746c4d1d0..9264dfe83c62f3f5ecff9a05c4999c2874a7e571 100644 (file)
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -689,6 +689,9 @@ sub get_env_for_process
        } else {
                $proc_envs->{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
        }
+       if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) {
+               $proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE};
+       }
        return $proc_envs;
 }
 
@@ -872,6 +875,9 @@ my @exported_envvars = (
        # resolv_wrapper
        "RESOLV_WRAPPER_CONF",
        "RESOLV_WRAPPER_HOSTS",
+
+       # crypto libraries
+       "GNUTLS_FORCE_FIPS_MODE",
 );
 
 sub exported_envvars_str

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b9c1a4051dc4799e92da723cdc7703b28ed77963..c13a454e2624fb46c71e966cb79f0b4b2e8dd8c8 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -168,6 +168,9 @@ sub wait_for_start($$)
                        $cmd .= "RESOLV_WRAPPER_HOSTS='$testenv_vars->{RESOLV_WRAPPER_HOSTS}' ";
                }
                $cmd .= "RESOLV_CONF='$testenv_vars->{RESOLV_CONF}' ";
+               if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) {
+                       $cmd .= "GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} ";
+               }
 
                $cmd .= "$ldbsearch ";
                $cmd .= "$testenv_vars->{CONFIGURATION} ";
@@ -381,6 +384,9 @@ sub get_cmd_env_vars
        } else {
                $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
        }
+       if (defined($localenv->{GNUTLS_FORCE_FIPS_MODE})) {
+               $cmd_env .= "GNUTLS_FORCE_FIPS_MODE=$localenv->{GNUTLS_FORCE_FIPS_MODE} ";
+       }
        $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
        $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
        $cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" ";
@@ -608,6 +614,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
        } else {
                push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
        }
+       if (defined($ctx->{force_fips_mode})) {
+               push (@provision_options, "GNUTLS_FORCE_FIPS_MODE=1");
+       }
+
        if (defined($ENV{GDB_PROVISION})) {
                push (@provision_options, "gdb --args");
                if (!defined($ENV{PYTHON})) {
@@ -872,7 +882,7 @@ nogroup:x:65534:nobody
                 UID_RFC2307TEST => $uid_rfc2307test,
                 GID_RFC2307TEST => $gid_rfc2307test,
                 SERVER_ROLE => $ctx->{server_role},
-               RESOLV_CONF => $ctx->{resolv_conf}
+               RESOLV_CONF => $ctx->{resolv_conf},
        };
 
        if (defined($ctx->{use_resolv_wrapper})) {
@@ -880,6 +890,9 @@ nogroup:x:65534:nobody
        } else {
                $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
        }
+       if (defined($ctx->{force_fips_mode})) {
+               $ret->{GNUTLS_FORCE_FIPS_MODE} = "1",
+       }
 
        if ($ctx->{server_role} eq "domain controller") {
                $ret->{DOMSID} = $ret->{SAMSID};