From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Feb 2019 18:32:34 +0100 Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from (test_)encrypted_secrets Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS version is detected that will be used and Samba crypto wont be available. This removes the dual-stack mode that encrypted with one and decrypted with the other in the testsuite. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Commit message clarified by Andrew Bartlett Signed-off-by: Andrew Bartlett (cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127) --- .../samdb/ldb_modules/encrypted_secrets.c | 16 ++---- .../tests/test_encrypted_secrets.c | 49 ++----------------- 2 files changed, 10 insertions(+), 55 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c index deaa03cbb35..5f8cd8747ea 100644 --- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c +++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c @@ -39,18 +39,12 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/samdb/ldb_modules/util.h" -#ifdef TEST_ENCRYPTED_SECRETS +/* Build either with GnuTLS crypto or Samba crypto. */ +#ifdef HAVE_GNUTLS_AEAD + #define BUILD_WITH_GNUTLS_AEAD +#else /* !HAVE_GNUTLS_AEAD */ #define BUILD_WITH_SAMBA_AES_GCM - #ifdef HAVE_GNUTLS_AEAD - #define BUILD_WITH_GNUTLS_AEAD - #endif -#else - #ifdef HAVE_GNUTLS_AEAD - #define BUILD_WITH_GNUTLS_AEAD - #else - #define BUILD_WITH_SAMBA_AES_GCM - #endif -#endif +#endif /* HAVE_GNUTLS_AEAD */ #ifdef BUILD_WITH_GNUTLS_AEAD #include diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c index cfea95ae544..a33781d703d 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c +++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c @@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state) &decrypted->cleartext, &plain_text)); } - - { - struct PlaintextSecret *decrypted = - talloc_zero(test_ctx, struct PlaintextSecret); - samba_decrypt_aead( - &err, - test_ctx, - test_ctx->ldb, - &es, - decrypted, - data); - assert_int_equal(LDB_SUCCESS, err); - assert_int_equal( - plain_text.length, - decrypted->cleartext.length); - assert_int_equal(0, - data_blob_cmp( - &decrypted->cleartext, - &plain_text)); - } } #endif /* HAVE_GNUTLS_AEAD */ @@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state) } } #endif /* HAVE_GNUTLS_AEAD */ + /* * Test samba encryption and decryption and decryption. */ +#ifndef HAVE_GNUTLS_AEAD static void test_samba_value_encryption(void **state) { struct ldbtest_ctx *test_ctx = @@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state) assert_true(NDR_ERR_CODE_IS_SUCCESS(rc)); assert_true(check_header(&es)); -#ifdef HAVE_GNUTLS_AEAD - { - struct PlaintextSecret *decrypted = - talloc_zero(test_ctx, struct PlaintextSecret); - gnutls_decrypt_aead( - &err, - test_ctx, - test_ctx->ldb, - &es, - decrypted, - data); - assert_int_equal(LDB_SUCCESS, err); - assert_int_equal( - plain_text.length, - decrypted->cleartext.length); - assert_int_equal(0, - data_blob_cmp( - &decrypted->cleartext, - &plain_text)); - } -#endif /* HAVE_GNUTLS_AEAD */ - - { struct PlaintextSecret *decrypted = talloc_zero(test_ctx, struct PlaintextSecret); @@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state) assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err); } } +#endif /* * Test message encryption. @@ -1188,7 +1148,7 @@ int main(void) { test_gnutls_altered_iv, setup_with_key, teardown), -#endif /* HAVE_GNUTLS_AEAD */ +#else cmocka_unit_test_setup_teardown( test_samba_value_encryption, setup_with_key, @@ -1205,6 +1165,7 @@ int main(void) { test_samba_altered_iv, setup_with_key, teardown), +#endif /* HAVE_GNUTLS_AEAD */ cmocka_unit_test_setup_teardown( test_message_encryption_decryption, setup_with_key, -- 2.23.0