samba/SOURCES/0085-s4-samdb-Remove-dual-stack-mode-from-test_-encrypted.patch

From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 Feb 2019 18:32:34 +0100
Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from
 (test_)encrypted_secrets

Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
version is detected that will be used and Samba crypto wont be
available.

This removes the dual-stack mode that encrypted with one and decrypted
with the other in the testsuite.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Commit message clarified by Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127)
---
 .../samdb/ldb_modules/encrypted_secrets.c     | 16 ++----
 .../tests/test_encrypted_secrets.c            | 49 ++-----------------
 2 files changed, 10 insertions(+), 55 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index deaa03cbb35..5f8cd8747ea 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -39,18 +39,12 @@
 #include "dsdb/samdb/samdb.h"
 #include "dsdb/samdb/ldb_modules/util.h"
 
-#ifdef TEST_ENCRYPTED_SECRETS
+/* Build either with GnuTLS crypto or Samba crypto. */
+#ifdef HAVE_GNUTLS_AEAD
+	#define BUILD_WITH_GNUTLS_AEAD
+#else /* !HAVE_GNUTLS_AEAD */
 	#define BUILD_WITH_SAMBA_AES_GCM
-	#ifdef HAVE_GNUTLS_AEAD
-		#define BUILD_WITH_GNUTLS_AEAD
-	#endif
-#else
-	#ifdef HAVE_GNUTLS_AEAD
-		#define BUILD_WITH_GNUTLS_AEAD
-	#else
-		#define BUILD_WITH_SAMBA_AES_GCM
-	#endif
-#endif
+#endif /* HAVE_GNUTLS_AEAD */
 
 #ifdef BUILD_WITH_GNUTLS_AEAD
 	#include <gnutls/gnutls.h>
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
index cfea95ae544..a33781d703d 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
@@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state)
 				&decrypted->cleartext,
 				&plain_text));
 	}
-
-	{
-		struct PlaintextSecret *decrypted =
-			talloc_zero(test_ctx, struct PlaintextSecret);
-		samba_decrypt_aead(
-			&err,
-			test_ctx,
-			test_ctx->ldb,
-			&es,
-			decrypted,
-			data);
-		assert_int_equal(LDB_SUCCESS, err);
-		assert_int_equal(
-			plain_text.length,
-			decrypted->cleartext.length);
-		assert_int_equal(0,
-			data_blob_cmp(
-				&decrypted->cleartext,
-				&plain_text));
-	}
 }
 #endif /* HAVE_GNUTLS_AEAD */
 
@@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state)
 	}
 }
 #endif /* HAVE_GNUTLS_AEAD */
+
 /*
  *  Test samba encryption and decryption and decryption.
  */
+#ifndef HAVE_GNUTLS_AEAD
 static void test_samba_value_encryption(void **state)
 {
 	struct ldbtest_ctx *test_ctx =
@@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state)
 	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
 	assert_true(check_header(&es));
 
-#ifdef HAVE_GNUTLS_AEAD
-	{
-		struct PlaintextSecret *decrypted =
-			talloc_zero(test_ctx, struct PlaintextSecret);
-		gnutls_decrypt_aead(
-			&err,
-			test_ctx,
-			test_ctx->ldb,
-			&es,
-			decrypted,
-			data);
-		assert_int_equal(LDB_SUCCESS, err);
-		assert_int_equal(
-			plain_text.length,
-			decrypted->cleartext.length);
-		assert_int_equal(0,
-			data_blob_cmp(
-				&decrypted->cleartext,
-				&plain_text));
-	}
-#endif /* HAVE_GNUTLS_AEAD */
-
-
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
@@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state)
 		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
 	}
 }
+#endif
 
 /*
  *  Test message encryption.
@@ -1188,7 +1148,7 @@ int main(void) {
 			test_gnutls_altered_iv,
 			setup_with_key,
 			teardown),
-#endif /* HAVE_GNUTLS_AEAD */
+#else
 		cmocka_unit_test_setup_teardown(
 			test_samba_value_encryption,
 			setup_with_key,
@@ -1205,6 +1165,7 @@ int main(void) {
 			test_samba_altered_iv,
 			setup_with_key,
 			teardown),
+#endif /* HAVE_GNUTLS_AEAD */
 		cmocka_unit_test_setup_teardown(
 			test_message_encryption_decryption,
 			setup_with_key,
-- 
2.23.0
import samba-4.11.2-13.el8 2020-04-28 09:33:08 +00:00			`From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001`
			`From: Andreas Schneider <asn@samba.org>`
			`Date: Tue, 26 Feb 2019 18:32:34 +0100`
			`Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from`
			`(test_)encrypted_secrets`

			`Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS`
			`version is detected that will be used and Samba crypto wont be`
			`available.`

			`This removes the dual-stack mode that encrypted with one and decrypted`
			`with the other in the testsuite.`

			`Signed-off-by: Andreas Schneider <asn@samba.org>`
			`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`

			`Commit message clarified by Andrew Bartlett`

			`Signed-off-by: Andrew Bartlett <abartlet@samba.org>`
			`(cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127)`
			`---`
			`.../samdb/ldb_modules/encrypted_secrets.c \| 16 ++----`
			`.../tests/test_encrypted_secrets.c \| 49 ++-----------------`
			`2 files changed, 10 insertions(+), 55 deletions(-)`

			`diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c`
			`index deaa03cbb35..5f8cd8747ea 100644`
			`--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c`
			`+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c`
			`@@ -39,18 +39,12 @@`
			`#include "dsdb/samdb/samdb.h"`
			`#include "dsdb/samdb/ldb_modules/util.h"`

			`-#ifdef TEST_ENCRYPTED_SECRETS`
			`+/* Build either with GnuTLS crypto or Samba crypto. */`
			`+#ifdef HAVE_GNUTLS_AEAD`
			`+ #define BUILD_WITH_GNUTLS_AEAD`
			`+#else /* !HAVE_GNUTLS_AEAD */`
			`#define BUILD_WITH_SAMBA_AES_GCM`
			`- #ifdef HAVE_GNUTLS_AEAD`
			`- #define BUILD_WITH_GNUTLS_AEAD`
			`- #endif`
			`-#else`
			`- #ifdef HAVE_GNUTLS_AEAD`
			`- #define BUILD_WITH_GNUTLS_AEAD`
			`- #else`
			`- #define BUILD_WITH_SAMBA_AES_GCM`
			`- #endif`
			`-#endif`
			`+#endif /* HAVE_GNUTLS_AEAD */`

			`#ifdef BUILD_WITH_GNUTLS_AEAD`
			`#include <gnutls/gnutls.h>`
			`diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c`
			`index cfea95ae544..a33781d703d 100644`
			`--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c`
			`+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c`
			`@@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state)`
			`&decrypted->cleartext,`
			`&plain_text));`
			`}`
			`-`
			`- {`
			`- struct PlaintextSecret *decrypted =`
			`- talloc_zero(test_ctx, struct PlaintextSecret);`
			`- samba_decrypt_aead(`
			`- &err,`
			`- test_ctx,`
			`- test_ctx->ldb,`
			`- &es,`
			`- decrypted,`
			`- data);`
			`- assert_int_equal(LDB_SUCCESS, err);`
			`- assert_int_equal(`
			`- plain_text.length,`
			`- decrypted->cleartext.length);`
			`- assert_int_equal(0,`
			`- data_blob_cmp(`
			`- &decrypted->cleartext,`
			`- &plain_text));`
			`- }`
			`}`
			`#endif /* HAVE_GNUTLS_AEAD */`

			`@@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state)`
			`}`
			`}`
			`#endif /* HAVE_GNUTLS_AEAD */`
			`+`
			`/*`
			`* Test samba encryption and decryption and decryption.`
			`*/`
			`+#ifndef HAVE_GNUTLS_AEAD`
			`static void test_samba_value_encryption(void **state)`
			`{`
			`struct ldbtest_ctx *test_ctx =`
			`@@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state)`
			`assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));`
			`assert_true(check_header(&es));`

			`-#ifdef HAVE_GNUTLS_AEAD`
			`- {`
			`- struct PlaintextSecret *decrypted =`
			`- talloc_zero(test_ctx, struct PlaintextSecret);`
			`- gnutls_decrypt_aead(`
			`- &err,`
			`- test_ctx,`
			`- test_ctx->ldb,`
			`- &es,`
			`- decrypted,`
			`- data);`
			`- assert_int_equal(LDB_SUCCESS, err);`
			`- assert_int_equal(`
			`- plain_text.length,`
			`- decrypted->cleartext.length);`
			`- assert_int_equal(0,`
			`- data_blob_cmp(`
			`- &decrypted->cleartext,`
			`- &plain_text));`
			`- }`
			`-#endif /* HAVE_GNUTLS_AEAD */`
			`-`
			`-`
			`{`
			`struct PlaintextSecret *decrypted =`
			`talloc_zero(test_ctx, struct PlaintextSecret);`
			`@@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state)`
			`assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);`
			`}`
			`}`
			`+#endif`

			`/*`
			`* Test message encryption.`
			`@@ -1188,7 +1148,7 @@ int main(void) {`
			`test_gnutls_altered_iv,`
			`setup_with_key,`
			`teardown),`
			`-#endif /* HAVE_GNUTLS_AEAD */`
			`+#else`
			`cmocka_unit_test_setup_teardown(`
			`test_samba_value_encryption,`
			`setup_with_key,`
			`@@ -1205,6 +1165,7 @@ int main(void) {`
			`test_samba_altered_iv,`
			`setup_with_key,`
			`teardown),`
			`+#endif /* HAVE_GNUTLS_AEAD */`
			`cmocka_unit_test_setup_teardown(`
			`test_message_encryption_decryption,`
			`setup_with_key,`
			`--`
			`2.23.0`