s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
index 279dd4d92dc49282561d333aa9c1532c833067ff..6a82b44ec0f7060ce6a834c7ff99af89ba001d14 100644 (file)
--- a/source4/torture/rpc/forest_trust.c
+++ b/source4/torture/rpc/forest_trust.c
@@ -658,6 +658,8 @@ static bool test_validate_trust(struct torture_context *tctx,
        struct samr_Password *old_nt_hash;
        char *dummy;
        uint32_t trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 
        status = dcerpc_parse_binding(tctx, binding, &b);
        torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
@@ -733,8 +735,19 @@ static bool test_validate_trust(struct torture_context *tctx,
        old_nt_hash = cli_credentials_get_old_nt_hash(credentials, tctx);
        torture_assert(tctx, old_nt_hash != NULL, "cli_credentials_get_old_nt_hash()");
 
-       netlogon_creds_des_decrypt(creds, &new_owf_password);
-       netlogon_creds_des_decrypt(creds, &old_owf_password);
+       dcerpc_binding_handle_auth_info(p->binding_handle,
+                                       &auth_type,
+                                       &auth_level);
+       status = netlogon_creds_decrypt_samr_Password(creds,
+                                                     &new_owf_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
+       status = netlogon_creds_decrypt_samr_Password(creds,
+                                                     &old_owf_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
 
        dump_data(1, new_owf_password.hash, 16);
        dump_data(1, new_nt_hash->hash, 16);

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 7f6617d2e75a320ca48b5a58fe6a1773dd29cecf..9aa6f2700130be93421547d6d480af4cb99df661 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -934,6 +934,9 @@ static bool test_SetPassword(struct torture_context *tctx,
        struct netr_Authenticator credential, return_authenticator;
        struct samr_Password new_password;
        struct dcerpc_binding_handle *b = p->binding_handle;
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+       NTSTATUS status;
 
        if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
                return false;
@@ -950,7 +953,12 @@ static bool test_SetPassword(struct torture_context *tctx,
        password = generate_random_password(tctx, 8, 255);
        E_md4hash(password, new_password.hash);
 
-       netlogon_creds_des_encrypt(creds, &new_password);
+       dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+       status = netlogon_creds_encrypt_samr_Password(creds,
+                                                     &new_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
 
        torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
        torture_comment(tctx, "Changing machine account password to '%s'\n",
@@ -1009,6 +1017,9 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
        struct samr_Password new_password;
        struct dcerpc_pipe *p = NULL;
        struct dcerpc_binding_handle *b = NULL;
+       enum dcerpc_AuthType auth_type;
+       enum dcerpc_AuthLevel auth_level;
+       NTSTATUS status;
 
        if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
                                    machine_credentials,
@@ -1033,7 +1044,12 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
        password = generate_random_password(tctx, 8, 255);
        E_md4hash(password, new_password.hash);
 
-       netlogon_creds_des_encrypt(creds, &new_password);
+       dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+       status = netlogon_creds_encrypt_samr_Password(creds,
+                                                     &new_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
 
        torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
        torture_comment(tctx, "Changing machine account password to '%s'\n",
@@ -5049,6 +5065,9 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
        struct dcerpc_binding_handle *b = NULL;
 
        struct samr_Password nt_hash;
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+       NTSTATUS status;
 
        if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
                                    machine_credentials, &creds)) {
@@ -5080,7 +5099,17 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
 
        E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
 
-       netlogon_creds_des_decrypt(creds, &new_owf_password);
+       dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+       status = netlogon_creds_decrypt_samr_Password(creds,
+                                                     &new_owf_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
+       status = netlogon_creds_decrypt_samr_Password(creds,
+                                                     &old_owf_password,
+                                                     auth_type,
+                                                     auth_level);
+       torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
 
        dump_data(1, new_owf_password.hash, 16);
        dump_data(1, nt_hash.hash, 16);

diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 4f6d01f3759fa6ce57da126a5c0dc882f7ba187b..2141b6a78b06afc1d59f9ab74f2f3fe0a91e7925 100644 (file)
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -1310,6 +1310,8 @@ static bool schan(struct torture_context *tctx,
                struct netlogon_creds_CredentialState *creds_state;
                struct netr_Authenticator credential, return_authenticator;
                struct samr_Password new_password;
+               enum dcerpc_AuthType auth_type;
+               enum dcerpc_AuthLevel auth_level;
 
                s.in.server_name = talloc_asprintf(
                        mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@@ -1324,7 +1326,14 @@ static bool schan(struct torture_context *tctx,
                E_md4hash(password, new_password.hash);
 
                creds_state = cli_credentials_get_netlogon_creds(wks_creds);
-               netlogon_creds_des_encrypt(creds_state, &new_password);
+               dcerpc_binding_handle_auth_info(net_handle,
+                                               &auth_type,
+                                               &auth_level);
+               status = netlogon_creds_encrypt_samr_Password(creds_state,
+                                                             &new_password,
+                                                             auth_type,
+                                                             auth_level);
+               torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
                netlogon_creds_client_authenticator(creds_state, &credential);
 
                status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);

diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 32a7380761cf27f5fa6969ccab36ff3634cff58d..238952f93f9d49db8efb391d403786c7b4e4d0f9 100644 (file)
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -1290,6 +1290,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
                struct dcerpc_pipe *net_pipe;
                struct netr_Authenticator credential, return_authenticator;
                struct samr_Password new_password;
+               enum dcerpc_AuthType auth_type;
+               enum dcerpc_AuthLevel auth_level;
 
                status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
                                               &ndr_table_netlogon,
@@ -1314,7 +1316,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 
                creds_state = cli_credentials_get_netlogon_creds(
                        s->wks_creds1);
-               netlogon_creds_des_encrypt(creds_state, &new_password);
+               dcerpc_binding_handle_auth_info(net_pipe->binding_handle,
+                                               &auth_type,
+                                               &auth_level);
+               status = netlogon_creds_encrypt_samr_Password(creds_state,
+                                                             &new_password,
+                                                             auth_type,
+                                                             auth_level);
+               torture_assert_ntstatus_ok(torture, status, "encrypt_samr_Password");
                netlogon_creds_client_authenticator(creds_state, &credential);
 
                torture_assert_ntstatus_ok(torture, dcerpc_netr_ServerPasswordSet_r(net_pipe->binding_handle, torture, &pwset),