From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 Feb 2019 18:32:34 +0100
Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from
(test_)encrypted_secrets
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
version is detected that will be used and Samba crypto wont be
available.
This removes the dual-stack mode that encrypted with one and decrypted
with the other in the testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Commit message clarified by Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127)
---
.../samdb/ldb_modules/encrypted_secrets.c | 16 ++----
.../tests/test_encrypted_secrets.c | 49 ++-----------------
2 files changed, 10 insertions(+), 55 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index deaa03cbb35..5f8cd8747ea 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -39,18 +39,12 @@
#include "dsdb/samdb/samdb.h"
#include "dsdb/samdb/ldb_modules/util.h"
-#ifdef TEST_ENCRYPTED_SECRETS
+/* Build either with GnuTLS crypto or Samba crypto. */
+#ifdef HAVE_GNUTLS_AEAD
+ #define BUILD_WITH_GNUTLS_AEAD
+#else /* !HAVE_GNUTLS_AEAD */
#define BUILD_WITH_SAMBA_AES_GCM
- #ifdef HAVE_GNUTLS_AEAD
- #define BUILD_WITH_GNUTLS_AEAD
- #endif
-#else
- #ifdef HAVE_GNUTLS_AEAD
- #define BUILD_WITH_GNUTLS_AEAD
- #else
- #define BUILD_WITH_SAMBA_AES_GCM
- #endif
-#endif
+#endif /* HAVE_GNUTLS_AEAD */
#ifdef BUILD_WITH_GNUTLS_AEAD
#include <gnutls/gnutls.h>
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
index cfea95ae544..a33781d703d 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
@@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state)
&decrypted->cleartext,
&plain_text));
}
-
- {
- struct PlaintextSecret *decrypted =
- talloc_zero(test_ctx, struct PlaintextSecret);
- samba_decrypt_aead(
- &err,
- test_ctx,
- test_ctx->ldb,
- &es,
- decrypted,
- data);
- assert_int_equal(LDB_SUCCESS, err);
- assert_int_equal(
- plain_text.length,
- decrypted->cleartext.length);
- assert_int_equal(0,
- data_blob_cmp(
- &decrypted->cleartext,
- &plain_text));
- }
}
#endif /* HAVE_GNUTLS_AEAD */
@@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state)
}
}
#endif /* HAVE_GNUTLS_AEAD */
+
/*
* Test samba encryption and decryption and decryption.
*/
+#ifndef HAVE_GNUTLS_AEAD
static void test_samba_value_encryption(void **state)
{
struct ldbtest_ctx *test_ctx =
@@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state)
assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
assert_true(check_header(&es));
-#ifdef HAVE_GNUTLS_AEAD
- {
- struct PlaintextSecret *decrypted =
- talloc_zero(test_ctx, struct PlaintextSecret);
- gnutls_decrypt_aead(
- &err,
- test_ctx,
- test_ctx->ldb,
- &es,
- decrypted,
- data);
- assert_int_equal(LDB_SUCCESS, err);
- assert_int_equal(
- plain_text.length,
- decrypted->cleartext.length);
- assert_int_equal(0,
- data_blob_cmp(
- &decrypted->cleartext,
- &plain_text));
- }
-#endif /* HAVE_GNUTLS_AEAD */
-
-
{
struct PlaintextSecret *decrypted =
talloc_zero(test_ctx, struct PlaintextSecret);
@@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state)
assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
}
}
+#endif
/*
* Test message encryption.
@@ -1188,7 +1148,7 @@ int main(void) {
test_gnutls_altered_iv,
setup_with_key,
teardown),
-#endif /* HAVE_GNUTLS_AEAD */
+#else
cmocka_unit_test_setup_teardown(
test_samba_value_encryption,
setup_with_key,
@@ -1205,6 +1165,7 @@ int main(void) {
test_samba_altered_iv,
setup_with_key,
teardown),
+#endif /* HAVE_GNUTLS_AEAD */
cmocka_unit_test_setup_teardown(
test_message_encryption_decryption,
setup_with_key,
--
2.23.0