diff options
-rwxr-xr-x | source4/selftest/tests.py | 1 | ||||
-rwxr-xr-x | testprogs/blackbox/test_net_ads_fips.sh | 43 |
2 files changed, 44 insertions, 0 deletions
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index a3831b5d67c..15af32a0415 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -530,6 +530,7 @@ plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:lo if have_gnutls_crypto_policies: plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"]) plantestsuite("samba4.blackbox.weak_crypto.server", "ad_dc_fips", [os.path.join(bbdir, "test_weak_crypto_server.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_fips", configuration]) + plantestsuite("samba4.blackbox.net_ads_fips", "ad_dc_fips:client", [os.path.join(bbdir, "test_net_ads_fips.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS']) plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "ad_dc_ntvfs", [valgrindify(smbtorture4), "$LISTOPT", "$LOADLIST", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo']) # json tests hook into ``chgdcpass'' to make them run in contributor CI on diff --git a/testprogs/blackbox/test_net_ads_fips.sh b/testprogs/blackbox/test_net_ads_fips.sh new file mode 100755 index 00000000000..6364f9dcd94 --- /dev/null +++ b/testprogs/blackbox/test_net_ads_fips.sh @@ -0,0 +1,43 @@ +if [ $# -lt 4 ]; then +cat <<EOF +Usage: test_net_ads_fips.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS +EOF +exit 1; +fi + +DC_SERVER=$1 +DC_USERNAME=$2 +DC_PASSWORD=$3 +BASEDIR=$4 + +HOSTNAME=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10` + +RUNDIR=`pwd` +cd $BASEDIR +WORKDIR=`mktemp -d -p .` +WORKDIR=`basename $WORKDIR` +cp -a client/* $WORKDIR/ +sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf +sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf +rm -f $WORKDIR/private/secrets.tdb +cd $RUNDIR + +failed=0 + +net_tool="$BINDIR/net -s $BASEDIR/$WORKDIR/client.conf --option=security=ads" + +# Load test functions +. `dirname $0`/subunit.sh + +# This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode). +testit "join" $VALGRIND $net_tool ads join -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` + +testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1` + +testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1` + +testit "leave" $VALGRIND $net_tool ads leave -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` + +rm -rf $BASEDIR/$WORKDIR + +exit $failed |