s4:torture/rpc: make more use of netlogon_creds_client_verify()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 9aa6f2700130be93421547d6d480af4cb99df661..2fe8b4ed96ebf7c87efc59e87befea43861ad443 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1925,6 +1925,8 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
        DATA_BLOB names_blob, chal, lm_resp, nt_resp;
        int i;
        struct dcerpc_binding_handle *b = p->binding_handle;
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
        int flags = CLI_CRED_NTLM_AUTH;
        if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
                flags |= CLI_CRED_LANMAN_AUTH;
@@ -1934,6 +1936,8 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                flags |= CLI_CRED_NTLMv2_AUTH;
        }
 
+       dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
        cli_credentials_get_ntlm_username_domain(samba_cmdline_get_creds(),
                                                 tctx,
                                                 &ninfo.identity_info.account_name.string,
@@ -1994,8 +1998,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                        "LogonSamLogon failed");
                torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-               torture_assert(tctx, netlogon_creds_client_check(creds,
-                                                                &r.out.return_authenticator->cred),
+               status = netlogon_creds_client_verify(creds,
+                                                     &r.out.return_authenticator->cred,
+                                                     auth_type,
+                                                     auth_level);
+               torture_assert_ntstatus_ok(tctx, status,
                        "Credential chaining failed");
                torture_assert_int_equal(tctx, *r.out.authoritative, 1,
                                         "LogonSamLogon invalid  *r.out.authoritative");
@@ -2032,8 +2039,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                        "LogonSamLogon failed");
                torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-               torture_assert(tctx, netlogon_creds_client_check(creds,
-                                                                &r.out.return_authenticator->cred),
+               status = netlogon_creds_client_verify(creds,
+                                                     &r.out.return_authenticator->cred,
+                                                     auth_type,
+                                                     auth_level);
+               torture_assert_ntstatus_ok(tctx, status,
                        "Credential chaining failed");
                torture_assert_int_equal(tctx, *r.out.authoritative, 1,
                                         "LogonSamLogon invalid  *r.out.authoritative");
@@ -2096,8 +2106,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                        "LogonSamLogon failed");
                torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-               torture_assert(tctx, netlogon_creds_client_check(creds,
-                                                                &r.out.return_authenticator->cred),
+               status = netlogon_creds_client_verify(creds,
+                                                     &r.out.return_authenticator->cred,
+                                                     auth_type,
+                                                     auth_level);
+               torture_assert_ntstatus_ok(tctx, status,
                        "Credential chaining failed");
                torture_assert_int_equal(tctx, *r.out.authoritative, 1,
                                         "LogonSamLogon invalid  *r.out.authoritative");
@@ -2127,6 +2140,10 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
        struct netr_Authenticator auth, return_auth;
        struct netlogon_creds_CredentialState tmp_creds;
        struct dcerpc_binding_handle *b = p->binding_handle;
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+       dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
 
        r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
        r.in.computer_name = cli_credentials_get_workstation(credentials);
@@ -2196,8 +2213,11 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
 
        *creds = tmp_creds;
 
-       torture_assert(tctx, netlogon_creds_client_check(creds,
-                                                        &r.out.return_authenticator->cred),
+       status = netlogon_creds_client_verify(creds,
+                                             &r.out.return_authenticator->cred,
+                                             auth_type,
+                                             auth_level);
+       torture_assert_ntstatus_ok(tctx, status,
                       "Credential chaining failed");
 
        torture_assert_int_equal(tctx, creds->negotiate_flags,
@@ -2227,8 +2247,11 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
 
        *creds = tmp_creds;
 
-       torture_assert(tctx, netlogon_creds_client_check(creds,
-                                                        &r.out.return_authenticator->cred),
+       status = netlogon_creds_client_verify(creds,
+                                             &r.out.return_authenticator->cred,
+                                             auth_type,
+                                             auth_level);
+       torture_assert_ntstatus_ok(tctx, status,
                       "Credential chaining failed");
 
        torture_assert_int_equal(tctx, requested_flags,

diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 57768aeb41138b263a68f58613cef20de58d8dad..21891694537d2366dd3a2dc1883aa79ca7471e5b 100644 (file)
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -169,9 +169,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
                        }
                        return status;
                }
-               if (!r->out.return_authenticator ||
-                   !netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
-                       torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+               if (r->out.return_authenticator == NULL) {
+                       status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+                       if (error_string) {
+                               *error_string = strdup(nt_errstr(status));
+                       }
+                       return status;
+               }
+               status = netlogon_creds_client_verify(samlogon_state->creds,
+                                                     &r->out.return_authenticator->cred,
+                                                     auth_type,
+                                                     auth_level);
+               if (!NT_STATUS_IS_OK(status)) {
+                       if (error_string) {
+                               *error_string = strdup(nt_errstr(status));
+                       }
+                       return status;
                }
                if (!NT_STATUS_IS_OK(r->out.result)) {
                        if (error_string) {
@@ -261,9 +274,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
                        }
                        return status;
                }
-               if (!r_flags->out.return_authenticator ||
-                   !netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
-                       torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+               if (r_flags->out.return_authenticator == NULL) {
+                       status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+                       if (error_string) {
+                               *error_string = strdup(nt_errstr(status));
+                       }
+                       return status;
+               }
+               status = netlogon_creds_client_verify(samlogon_state->creds,
+                                                     &r_flags->out.return_authenticator->cred,
+                                                     auth_type,
+                                                     auth_level);
+               if (!NT_STATUS_IS_OK(status)) {
+                       if (error_string) {
+                               *error_string = strdup(nt_errstr(status));
+                       }
+                       return status;
                }
                if (!NT_STATUS_IS_OK(r_flags->out.result)) {
                        if (error_string) {
@@ -1614,9 +1640,11 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
                torture_fail(tctx, "no authenticator returned");
        }
 
-       torture_assert_goto(tctx,
-               netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
-               ret, failed,
+       status = netlogon_creds_client_verify(creds,
+                                             &r.out.return_authenticator->cred,
+                                             auth_type,
+                                             auth_level);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, failed,
                "Credential chaining failed\n");
 
        torture_assert_ntstatus_equal(tctx, r.out.result, expected_error,