From: Samuel Cabrero Date: Tue, 15 Sep 2020 10:32:44 +0000 (+0200) Subject: tests: Disable kerberos for weak crypto test X-Git-Tag: talloc-2.3.2~477 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ed625d669437bb940a98a0e51c67a85d947dc2d5;p=thirdparty%2Fsamba.git tests: Disable kerberos for weak crypto test Otherwise the test fails because the client is authenticated using spnego and gse_krb5, not triggering the weak crypto restrictions. Signed-off-by: Samuel Cabrero Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184 --- diff --git a/testprogs/blackbox/test_weak_crypto.sh b/testprogs/blackbox/test_weak_crypto.sh index fe927e8c3a9..50a67aef110 100755 --- a/testprogs/blackbox/test_weak_crypto.sh +++ b/testprogs/blackbox/test_weak_crypto.sh @@ -27,6 +27,16 @@ samba_bindir="$BINDIR" samba_testparm="$BINDIR/testparm" samba_rpcclient="$samba_bindir/rpcclient" +opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}" + +unset GNUTLS_FORCE_FIPS_MODE + +# Checks that testparm reports: Weak crypto is allowed +testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1` + +# We should be allowed to use NTLM for connecting +testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1` + GNUTLS_FORCE_FIPS_MODE=1 export GNUTLS_FORCE_FIPS_MODE @@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1` # We should not be allowed to use NTLM for connecting -testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1` +testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1` unset GNUTLS_FORCE_FIPS_MODE