155 lines
4.2 KiB
Diff
155 lines
4.2 KiB
Diff
From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 26 Feb 2019 18:32:34 +0100
|
|
Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from
|
|
(test_)encrypted_secrets
|
|
|
|
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
|
|
version is detected that will be used and Samba crypto wont be
|
|
available.
|
|
|
|
This removes the dual-stack mode that encrypted with one and decrypted
|
|
with the other in the testsuite.
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Commit message clarified by Andrew Bartlett
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127)
|
|
---
|
|
.../samdb/ldb_modules/encrypted_secrets.c | 16 ++----
|
|
.../tests/test_encrypted_secrets.c | 49 ++-----------------
|
|
2 files changed, 10 insertions(+), 55 deletions(-)
|
|
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
|
index deaa03cbb35..5f8cd8747ea 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
|
@@ -39,18 +39,12 @@
|
|
#include "dsdb/samdb/samdb.h"
|
|
#include "dsdb/samdb/ldb_modules/util.h"
|
|
|
|
-#ifdef TEST_ENCRYPTED_SECRETS
|
|
+/* Build either with GnuTLS crypto or Samba crypto. */
|
|
+#ifdef HAVE_GNUTLS_AEAD
|
|
+ #define BUILD_WITH_GNUTLS_AEAD
|
|
+#else /* !HAVE_GNUTLS_AEAD */
|
|
#define BUILD_WITH_SAMBA_AES_GCM
|
|
- #ifdef HAVE_GNUTLS_AEAD
|
|
- #define BUILD_WITH_GNUTLS_AEAD
|
|
- #endif
|
|
-#else
|
|
- #ifdef HAVE_GNUTLS_AEAD
|
|
- #define BUILD_WITH_GNUTLS_AEAD
|
|
- #else
|
|
- #define BUILD_WITH_SAMBA_AES_GCM
|
|
- #endif
|
|
-#endif
|
|
+#endif /* HAVE_GNUTLS_AEAD */
|
|
|
|
#ifdef BUILD_WITH_GNUTLS_AEAD
|
|
#include <gnutls/gnutls.h>
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
|
index cfea95ae544..a33781d703d 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
|
@@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state)
|
|
&decrypted->cleartext,
|
|
&plain_text));
|
|
}
|
|
-
|
|
- {
|
|
- struct PlaintextSecret *decrypted =
|
|
- talloc_zero(test_ctx, struct PlaintextSecret);
|
|
- samba_decrypt_aead(
|
|
- &err,
|
|
- test_ctx,
|
|
- test_ctx->ldb,
|
|
- &es,
|
|
- decrypted,
|
|
- data);
|
|
- assert_int_equal(LDB_SUCCESS, err);
|
|
- assert_int_equal(
|
|
- plain_text.length,
|
|
- decrypted->cleartext.length);
|
|
- assert_int_equal(0,
|
|
- data_blob_cmp(
|
|
- &decrypted->cleartext,
|
|
- &plain_text));
|
|
- }
|
|
}
|
|
#endif /* HAVE_GNUTLS_AEAD */
|
|
|
|
@@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state)
|
|
}
|
|
}
|
|
#endif /* HAVE_GNUTLS_AEAD */
|
|
+
|
|
/*
|
|
* Test samba encryption and decryption and decryption.
|
|
*/
|
|
+#ifndef HAVE_GNUTLS_AEAD
|
|
static void test_samba_value_encryption(void **state)
|
|
{
|
|
struct ldbtest_ctx *test_ctx =
|
|
@@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state)
|
|
assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
|
|
assert_true(check_header(&es));
|
|
|
|
-#ifdef HAVE_GNUTLS_AEAD
|
|
- {
|
|
- struct PlaintextSecret *decrypted =
|
|
- talloc_zero(test_ctx, struct PlaintextSecret);
|
|
- gnutls_decrypt_aead(
|
|
- &err,
|
|
- test_ctx,
|
|
- test_ctx->ldb,
|
|
- &es,
|
|
- decrypted,
|
|
- data);
|
|
- assert_int_equal(LDB_SUCCESS, err);
|
|
- assert_int_equal(
|
|
- plain_text.length,
|
|
- decrypted->cleartext.length);
|
|
- assert_int_equal(0,
|
|
- data_blob_cmp(
|
|
- &decrypted->cleartext,
|
|
- &plain_text));
|
|
- }
|
|
-#endif /* HAVE_GNUTLS_AEAD */
|
|
-
|
|
-
|
|
{
|
|
struct PlaintextSecret *decrypted =
|
|
talloc_zero(test_ctx, struct PlaintextSecret);
|
|
@@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state)
|
|
assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
|
|
}
|
|
}
|
|
+#endif
|
|
|
|
/*
|
|
* Test message encryption.
|
|
@@ -1188,7 +1148,7 @@ int main(void) {
|
|
test_gnutls_altered_iv,
|
|
setup_with_key,
|
|
teardown),
|
|
-#endif /* HAVE_GNUTLS_AEAD */
|
|
+#else
|
|
cmocka_unit_test_setup_teardown(
|
|
test_samba_value_encryption,
|
|
setup_with_key,
|
|
@@ -1205,6 +1165,7 @@ int main(void) {
|
|
test_samba_altered_iv,
|
|
setup_with_key,
|
|
teardown),
|
|
+#endif /* HAVE_GNUTLS_AEAD */
|
|
cmocka_unit_test_setup_teardown(
|
|
test_message_encryption_decryption,
|
|
setup_with_key,
|
|
--
|
|
2.23.0
|
|
|