s4:torture/rpc: prepare netlogon tests for ServerAuthenticateKerberos

author Stefan Metzmacher <metze@samba.org>

Wed, 27 Nov 2024 11:21:12 +0000 (12:21 +0100)

committer Stefan Metzmacher <metze@samba.org>

Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 27 Nov 2024 11:21:12 +0000 (12:21 +0100)
committer Stefan Metzmacher <metze@samba.org>
Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c

index 2fe8b4ed96ebf7c87efc59e87befea43861ad443..65e9633a2d07f26dd421bf14575cce6def7b5fa0 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1996,6 +1996,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
  
                 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
                         "LogonSamLogon failed");
+               if (creds->authenticate_kerberos &&
+                   auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+                   auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       torture_assert_ntstatus_equal(tctx,
+                                                     r.out.result,
+                                                     NT_STATUS_ACCESS_DENIED,
+                                                     "LogonSamLogon auth none krb5");
+                       continue;
+               }
                 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
  
                 status = netlogon_creds_client_verify(creds,
@@ -2037,6 +2047,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
  
                 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
                         "LogonSamLogon failed");
+               if (creds->authenticate_kerberos &&
+                   auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+                   auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       torture_assert_ntstatus_equal(tctx,
+                                                     r.out.result,
+                                                     NT_STATUS_ACCESS_DENIED,
+                                                     "LogonSamLogon auth none krb5");
+                       continue;
+               }
                 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
  
                 status = netlogon_creds_client_verify(creds,
@@ -2104,6 +2124,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
  
                 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
                         "LogonSamLogon failed");
+               if (creds->authenticate_kerberos &&
+                   auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+                   auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       torture_assert_ntstatus_equal(tctx,
+                                                     r.out.result,
+                                                     NT_STATUS_ACCESS_DENIED,
+                                                     "LogonSamLogon auth none krb5");
+                       continue;
+               }
                 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
  
                 status = netlogon_creds_client_verify(creds,
author	Stefan Metzmacher <metze@samba.org>
	Wed, 27 Nov 2024 11:21:12 +0000 (12:21 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)