From 78ff2be8592fa48f3889e5aae934b7acb7fa08f3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Oct 2024 16:57:53 +0100 Subject: [PATCH] s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation() This will make it easier to implement netr_ServerAuthenticateKerberos() later... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall (cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb) --- source4/torture/rpc/schannel.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 42b6f5d5264..cbd9e7ecac8 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -64,6 +64,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, struct netr_SamBaseInfo *base = NULL; const char *crypto_alg = ""; bool can_do_validation_6 = true; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; if (lpcfg_client_lanman_auth(tctx->lp_ctx)) { @@ -137,7 +138,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, } } - dcerpc_binding_handle_auth_info(b, NULL, &auth_level); + dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level); if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { r.in.validation_level = 6; @@ -208,13 +209,12 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, dump_data(1, base->key.key, 16); dump_data(1, base->LMSessKey.key, 8); - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, base->key.key, 16); - netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, base->key.key, 16); - netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8); - } + status = netlogon_creds_decrypt_samlogon_validation(creds, + r.in.validation_level, + r.out.validation, + auth_type, + auth_level); + torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation"); DEBUG(1,("decrypted keys validation_level %d\n", validation_levels[i])); @@ -277,6 +277,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p, struct netr_SamBaseInfo *base = NULL; const char *crypto_alg = ""; bool can_do_validation_6 = true; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; flags |= CLI_CRED_NTLMv2_AUTH; @@ -342,7 +343,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p, } } - dcerpc_binding_handle_auth_info(b, NULL, &auth_level); + dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level); if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { r.in.validation_level = 6; @@ -413,13 +414,12 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p, dump_data(1, base->key.key, 16); dump_data(1, base->LMSessKey.key, 8); - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, base->key.key, 16); - netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, base->key.key, 16); - netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8); - } + status = netlogon_creds_decrypt_samlogon_validation(creds, + r.in.validation_level, + r.out.validation, + auth_type, + auth_level); + torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation"); DEBUG(1,("decrypted keys validation_level %d\n", validation_levels[i])); -- 2.47.2