s4:torture/rpc: without weak crypto we should require AES

We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830)

diff --git a/source4/torture/rpc/netlogon_crypto.c b/source4/torture/rpc/netlogon_crypto.c
index 8defd439a88866b616e208785dc5c3f711251a87..eec8a75317919fcadbddaf65a006551f0e434dc4 100644 (file)
--- a/source4/torture/rpc/netlogon_crypto.c
+++ b/source4/torture/rpc/netlogon_crypto.c
@@ -169,8 +169,8 @@ static bool test_ServerAuth3Crypto(struct dcerpc_pipe *p,
 
        if (!weak_crypto_allowed) {
                torture_assert(tctx,
-                              (negotiate_flags & NETLOGON_NEG_ARCFOUR) == 0,
-                              "Server should not announce RC4 support");
+                              (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES),
+                              "Server negotiate AES support");
        }
 
        /* Prove that requesting a challenge again won't break it */