From ff67642dc29419c9fc80b6b9cb5b197a1586be75 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 13 Mar 2020 16:15:52 +0100 Subject: tests: Add test to check the server doesn't allow NTLM Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner --- testprogs/blackbox/test_weak_crypto_server.sh | 64 +++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100755 testprogs/blackbox/test_weak_crypto_server.sh (limited to 'testprogs') diff --git a/testprogs/blackbox/test_weak_crypto_server.sh b/testprogs/blackbox/test_weak_crypto_server.sh new file mode 100755 index 00000000000..8e38b009947 --- /dev/null +++ b/testprogs/blackbox/test_weak_crypto_server.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# +# Blackbox tests for weak crytpo +# Copyright (c) 2020 Andreas Schneider +# + +if [ $# -lt 7 ]; then +cat <$testparm_stderr_output_path >/dev/null + + grep "Weak crypto is allowed" $testparm_stderr_output_path >/dev/null 2>&1 + if [ $ret -ne 0 ]; then + echo "Invalid crypto state:" + cat $testparm_stderr_output_path + rm -f $testparm_stderr_output_path + return 1 + fi + + rm -f $testparm_stderr_output_path + + return 0 +} + +unset GNUTLS_FORCE_FIPS_MODE + +# Checks that testparm reports: Weak crypto is disallowed +testit "testparm-weak-crypto" test_weak_crypto_allowed || failed=`expr $failed + 1` + +# We should not be allowed to use NTLM for connecting +testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER_IP[ntlm] -U$USERNAME%$PASSWORD -c "getusername" && failed=`expr $failed + 1` + +GNUTLS_FORCE_FIPS_MODE=1 +export GNUTLS_FORCE_FIPS_MODE + +exit $failed -- cgit v1.2.1