4 # Blackbox tests for weak crypto
5 # Copyright (c) 2020 Andreas Schneider <asn@samba.org>
10 Usage: $0 SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
25 . $
(dirname $0)/subunit.sh
27 samba_bindir
="$BINDIR"
28 samba_testparm
="$BINDIR/testparm"
29 samba_rpcclient
="$samba_bindir/rpcclient"
31 # remove the --configfile=
32 configuration
="${CONFIGURATION##*=}"
34 test_weak_crypto_allowed
()
36 local testparm_stderr_output_path
="$PREFIX/testparm_stderr_output"
38 $samba_testparm --suppress-prompt $configuration 2>$testparm_stderr_output_path >/dev
/null
40 grep "Weak crypto is allowed" $testparm_stderr_output_path >/dev
/null
2>&1
41 if [ $ret -ne 0 ]; then
42 echo "Invalid crypto state:"
43 cat $testparm_stderr_output_path
44 rm -f $testparm_stderr_output_path
48 rm -f $testparm_stderr_output_path
53 unset GNUTLS_FORCE_FIPS_MODE
55 # Checks that testparm reports: Weak crypto is disallowed
56 testit
"testparm-weak-crypto" test_weak_crypto_allowed || failed
=$
(expr $failed + 1)
58 # We should not be allowed to use NTLM for connecting
59 testit_expect_failure
"rpclient.ntlm" $samba_rpcclient ncacn_np
:${SERVER_IP}[ntlm
] -U$USERNAME%$PASSWORD -c "getusername" || failed
=$
(expr $failed + 1)
61 GNUTLS_FORCE_FIPS_MODE
=1
62 export GNUTLS_FORCE_FIPS_MODE