From a78f4819847c7134bc72a105e8e81ce747676257 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 13 Mar 2020 14:36:18 +0100
Subject: [PATCH] selftest: Start ad_dc_fips with forced fips mode

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
---
 selftest/target/Samba.pm  |  6 ++++++
 selftest/target/Samba4.pm | 15 ++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index f559f6e85fb..9264dfe83c6 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -689,6 +689,9 @@ sub get_env_for_process
 	} else {
 		$proc_envs->{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
 	}
+	if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) {
+		$proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE};
+	}
 	return $proc_envs;
 }
 
@@ -872,6 +875,9 @@ my @exported_envvars = (
 	# resolv_wrapper
 	"RESOLV_WRAPPER_CONF",
 	"RESOLV_WRAPPER_HOSTS",
+
+	# crypto libraries
+	"GNUTLS_FORCE_FIPS_MODE",
 );
 
 sub exported_envvars_str
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b9c1a4051dc..c13a454e262 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -168,6 +168,9 @@ sub wait_for_start($$)
 			$cmd .= "RESOLV_WRAPPER_HOSTS='$testenv_vars->{RESOLV_WRAPPER_HOSTS}' ";
 		}
 		$cmd .= "RESOLV_CONF='$testenv_vars->{RESOLV_CONF}' ";
+		if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) {
+			$cmd .= "GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} ";
+		}
 
 		$cmd .= "$ldbsearch ";
 		$cmd .= "$testenv_vars->{CONFIGURATION} ";
@@ -381,6 +384,9 @@ sub get_cmd_env_vars
 	} else {
 		$cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
 	}
+	if (defined($localenv->{GNUTLS_FORCE_FIPS_MODE})) {
+		$cmd_env .= "GNUTLS_FORCE_FIPS_MODE=$localenv->{GNUTLS_FORCE_FIPS_MODE} ";
+	}
 	$cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
 	$cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
 	$cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" ";
@@ -608,6 +614,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
 	} else {
 		push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
 	}
+	if (defined($ctx->{force_fips_mode})) {
+		push (@provision_options, "GNUTLS_FORCE_FIPS_MODE=1");
+	}
+
 	if (defined($ENV{GDB_PROVISION})) {
 		push (@provision_options, "gdb --args");
 		if (!defined($ENV{PYTHON})) {
@@ -872,7 +882,7 @@ nogroup:x:65534:nobody
                 UID_RFC2307TEST => $uid_rfc2307test,
                 GID_RFC2307TEST => $gid_rfc2307test,
                 SERVER_ROLE => $ctx->{server_role},
-	        RESOLV_CONF => $ctx->{resolv_conf}
+	        RESOLV_CONF => $ctx->{resolv_conf},
 	};
 
 	if (defined($ctx->{use_resolv_wrapper})) {
@@ -880,6 +890,9 @@ nogroup:x:65534:nobody
 	} else {
 		$ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
 	}
+	if (defined($ctx->{force_fips_mode})) {
+		$ret->{GNUTLS_FORCE_FIPS_MODE} = "1",
+	}
 
 	if ($ctx->{server_role} eq "domain controller") {
 		$ret->{DOMSID} = $ret->{SAMSID};
-- 
2.47.3