From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 27 Nov 2024 11:15:42 +0000 (+0100)
Subject: s4:torture/rpc: make more use of netlogon_creds_client_verify()
X-Git-Tag: tdb-1.4.13~165
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5241fa9b481fbeddb98a78349e2998334be152ff;p=thirdparty%2Fsamba.git

s4:torture/rpc: make more use of netlogon_creds_client_verify()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
---

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 9aa6f270013..2fe8b4ed96e 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1925,6 +1925,8 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
 	int i;
 	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 	int flags = CLI_CRED_NTLM_AUTH;
 	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
 		flags |= CLI_CRED_LANMAN_AUTH;
@@ -1934,6 +1936,8 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 		flags |= CLI_CRED_NTLMv2_AUTH;
 	}
 
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
 	cli_credentials_get_ntlm_username_domain(samba_cmdline_get_creds(),
 						 tctx,
 						 &ninfo.identity_info.account_name.string,
@@ -1994,8 +1998,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 			"LogonSamLogon failed");
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-		torture_assert(tctx, netlogon_creds_client_check(creds,
-								 &r.out.return_authenticator->cred),
+		status = netlogon_creds_client_verify(creds,
+						      &r.out.return_authenticator->cred,
+						      auth_type,
+						      auth_level);
+		torture_assert_ntstatus_ok(tctx, status,
 			"Credential chaining failed");
 		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
 					 "LogonSamLogon invalid  *r.out.authoritative");
@@ -2032,8 +2039,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 			"LogonSamLogon failed");
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-		torture_assert(tctx, netlogon_creds_client_check(creds,
-								 &r.out.return_authenticator->cred),
+		status = netlogon_creds_client_verify(creds,
+						      &r.out.return_authenticator->cred,
+						      auth_type,
+						      auth_level);
+		torture_assert_ntstatus_ok(tctx, status,
 			"Credential chaining failed");
 		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
 					 "LogonSamLogon invalid  *r.out.authoritative");
@@ -2096,8 +2106,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 			"LogonSamLogon failed");
 		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
 
-		torture_assert(tctx, netlogon_creds_client_check(creds,
-								 &r.out.return_authenticator->cred),
+		status = netlogon_creds_client_verify(creds,
+						      &r.out.return_authenticator->cred,
+						      auth_type,
+						      auth_level);
+		torture_assert_ntstatus_ok(tctx, status,
 			"Credential chaining failed");
 		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
 					 "LogonSamLogon invalid  *r.out.authoritative");
@@ -2127,6 +2140,10 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
 	struct netr_Authenticator auth, return_auth;
 	struct netlogon_creds_CredentialState tmp_creds;
 	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
 
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
@@ -2196,8 +2213,11 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
 
 	*creds = tmp_creds;
 
-	torture_assert(tctx, netlogon_creds_client_check(creds,
-							 &r.out.return_authenticator->cred),
+	status = netlogon_creds_client_verify(creds,
+					      &r.out.return_authenticator->cred,
+					      auth_type,
+					      auth_level);
+	torture_assert_ntstatus_ok(tctx, status,
 		       "Credential chaining failed");
 
 	torture_assert_int_equal(tctx, creds->negotiate_flags,
@@ -2227,8 +2247,11 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
 
 	*creds = tmp_creds;
 
-	torture_assert(tctx, netlogon_creds_client_check(creds,
-							 &r.out.return_authenticator->cred),
+	status = netlogon_creds_client_verify(creds,
+					      &r.out.return_authenticator->cred,
+					      auth_type,
+					      auth_level);
+	torture_assert_ntstatus_ok(tctx, status,
 		       "Credential chaining failed");
 
 	torture_assert_int_equal(tctx, requested_flags,
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 57768aeb411..21891694537 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -169,9 +169,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 			}
 			return status;
 		}
-		if (!r->out.return_authenticator ||
-		    !netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
-			torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+		if (r->out.return_authenticator == NULL) {
+			status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+		status = netlogon_creds_client_verify(samlogon_state->creds,
+						      &r->out.return_authenticator->cred,
+						      auth_type,
+						      auth_level);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
 		}
 		if (!NT_STATUS_IS_OK(r->out.result)) {
 			if (error_string) {
@@ -261,9 +274,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 			}
 			return status;
 		}
-		if (!r_flags->out.return_authenticator ||
-		    !netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
-			torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+		if (r_flags->out.return_authenticator == NULL) {
+			status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+		status = netlogon_creds_client_verify(samlogon_state->creds,
+						      &r_flags->out.return_authenticator->cred,
+						      auth_type,
+						      auth_level);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
 		}
 		if (!NT_STATUS_IS_OK(r_flags->out.result)) {
 			if (error_string) {
@@ -1614,9 +1640,11 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		torture_fail(tctx, "no authenticator returned");
 	}
 
-	torture_assert_goto(tctx,
-		netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
-		ret, failed,
+	status = netlogon_creds_client_verify(creds,
+					      &r.out.return_authenticator->cred,
+					      auth_type,
+					      auth_level);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, failed,
 		"Credential chaining failed\n");
 
 	torture_assert_ntstatus_equal(tctx, r.out.result, expected_error,