From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 10 Oct 2024 13:02:16 +0000 (+0200)
Subject: s4:torture/rpc: without weak crypto we should require AES
X-Git-Tag: tdb-1.4.13~837
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830;p=thirdparty%2Fsamba.git

s4:torture/rpc: without weak crypto we should require AES

We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/source4/torture/rpc/netlogon_crypto.c b/source4/torture/rpc/netlogon_crypto.c
index 8defd439a88..eec8a753179 100644
--- a/source4/torture/rpc/netlogon_crypto.c
+++ b/source4/torture/rpc/netlogon_crypto.c
@@ -169,8 +169,8 @@ static bool test_ServerAuth3Crypto(struct dcerpc_pipe *p,
 
 	if (!weak_crypto_allowed) {
 		torture_assert(tctx,
-			       (negotiate_flags & NETLOGON_NEG_ARCFOUR) == 0,
-			       "Server should not announce RC4 support");
+			       (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES),
+			       "Server negotiate AES support");
 	}
 
 	/* Prove that requesting a challenge again won't break it */