diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2017-12-15 07:17:54 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-18 00:10:16 +0100 |
commit | b29ab3a0c16b2f1abed89b41c92c446e8fe59f9b (patch) | |
tree | 93bbaff98856212d4fa393191612c60eab1e36e4 /source4/selftest/tests.py | |
parent | e5ce0a4d73a196ee4c92b68eb744434cfcf942ec (diff) | |
download | samba-b29ab3a0c16b2f1abed89b41c92c446e8fe59f9b.tar.gz |
tests dsdb encrypted secrets module
Add tests to check that the encrypted_secrets module encrypts
secrets/sensitive attributes on disk.
This test also proves that the provision and join operations correctly
configure the encrypted_secrets module.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/selftest/tests.py')
-rwxr-xr-x | source4/selftest/tests.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index a582e0d29ae..1c5714d8a7f 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -682,6 +682,21 @@ planoldpythontestsuite("fl2003dc:local", planoldpythontestsuite("ad_dc", "samba.tests.password_hash_ldap", extra_args=['-U"$USERNAME%$PASSWORD"']) +# Encrypted secrets +# ensure default provision (ad_dc) and join (vampire_dc) +# encrypt secret values on disk. +planoldpythontestsuite("ad_dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("vampire_dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# The fl2000dc environment is provisioned with the --plaintext_secrets option +# so this test will fail, which proves the secrets are not being encrypted. +# There is an entry in known_fail.d. +planoldpythontestsuite("fl2000dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.lsa_string") planoldpythontestsuite("ad_dc_ntvfs", |