From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 27 Nov 2024 11:21:12 +0000 (+0100)
Subject: s4:torture/rpc: prepare netlogon tests for ServerAuthenticateKerberos
X-Git-Tag: tdb-1.4.13~163
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fa67395df4c2d41223e83c8ecfa515970bbf85d;p=thirdparty%2Fsamba.git

s4:torture/rpc: prepare netlogon tests for ServerAuthenticateKerberos

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
---

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 2fe8b4ed96e..65e9633a2d0 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1996,6 +1996,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 
 		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
 			"LogonSamLogon failed");
+		if (creds->authenticate_kerberos &&
+		    auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+		    auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+		{
+			torture_assert_ntstatus_equal(tctx,
+						      r.out.result,
+						      NT_STATUS_ACCESS_DENIED,
+						      "LogonSamLogon auth none krb5");
+			continue;
+		}
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
 		status = netlogon_creds_client_verify(creds,
@@ -2037,6 +2047,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 
 		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
 			"LogonSamLogon failed");
+		if (creds->authenticate_kerberos &&
+		    auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+		    auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+		{
+			torture_assert_ntstatus_equal(tctx,
+						      r.out.result,
+						      NT_STATUS_ACCESS_DENIED,
+						      "LogonSamLogon auth none krb5");
+			continue;
+		}
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
 		status = netlogon_creds_client_verify(creds,
@@ -2104,6 +2124,16 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 
 		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
 			"LogonSamLogon failed");
+		if (creds->authenticate_kerberos &&
+		    auth_type != DCERPC_AUTH_TYPE_KRB5 &&
+		    auth_level != DCERPC_AUTH_LEVEL_PRIVACY)
+		{
+			torture_assert_ntstatus_equal(tctx,
+						      r.out.result,
+						      NT_STATUS_ACCESS_DENIED,
+						      "LogonSamLogon auth none krb5");
+			continue;
+		}
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
 		status = netlogon_creds_client_verify(creds,