s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

source4/torture/rpc/forest_trust.c

@@ -658,6 +658,8 @@ static bool test_validate_trust(struct torture_context *tctx,
 	struct samr_Password *old_nt_hash;
 	char *dummy;
 	uint32_t trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 
 	status = dcerpc_parse_binding(tctx, binding, &b);
 	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
@@ -733,8 +735,19 @@ static bool test_validate_trust(struct torture_context *tctx,
 	old_nt_hash = cli_credentials_get_old_nt_hash(credentials, tctx);
 	torture_assert(tctx, old_nt_hash != NULL, "cli_credentials_get_old_nt_hash()");
 
-	netlogon_creds_des_decrypt(creds, &new_owf_password);
-	netlogon_creds_des_decrypt(creds, &old_owf_password);
+	dcerpc_binding_handle_auth_info(p->binding_handle,
+					&auth_type,
+					&auth_level);
+	status = netlogon_creds_decrypt_samr_Password(creds,
+						      &new_owf_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
+	status = netlogon_creds_decrypt_samr_Password(creds,
+						      &old_owf_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
 
 	dump_data(1, new_owf_password.hash, 16);
 	dump_data(1, new_nt_hash->hash, 16);

source4/torture/rpc/netlogon.c

@@ -934,6 +934,9 @@ static bool test_SetPassword(struct torture_context *tctx,
 	struct netr_Authenticator credential, return_authenticator;
 	struct samr_Password new_password;
 	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+	NTSTATUS status;
 
 	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
 		return false;
@@ -950,7 +953,12 @@ static bool test_SetPassword(struct torture_context *tctx,
 	password = generate_random_password(tctx, 8, 255);
 	E_md4hash(password, new_password.hash);
 
-	netlogon_creds_des_encrypt(creds, &new_password);
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+	status = netlogon_creds_encrypt_samr_Password(creds,
+						      &new_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
 
 	torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
 	torture_comment(tctx, "Changing machine account password to '%s'\n",
@@ -1009,6 +1017,9 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
 	struct samr_Password new_password;
 	struct dcerpc_pipe *p = NULL;
 	struct dcerpc_binding_handle *b = NULL;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	NTSTATUS status;
 
 	if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
 				    machine_credentials,
@@ -1033,7 +1044,12 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
 	password = generate_random_password(tctx, 8, 255);
 	E_md4hash(password, new_password.hash);
 
-	netlogon_creds_des_encrypt(creds, &new_password);
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+	status = netlogon_creds_encrypt_samr_Password(creds,
+						      &new_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
 
 	torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
 	torture_comment(tctx, "Changing machine account password to '%s'\n",
@@ -5049,6 +5065,9 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
 	struct dcerpc_binding_handle *b = NULL;
 
 	struct samr_Password nt_hash;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+	NTSTATUS status;
 
 	if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
 				    machine_credentials, &creds)) {
@@ -5080,7 +5099,17 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
 
 	E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
 
-	netlogon_creds_des_decrypt(creds, &new_owf_password);
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+	status = netlogon_creds_decrypt_samr_Password(creds,
+						      &new_owf_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
+	status = netlogon_creds_decrypt_samr_Password(creds,
+						      &old_owf_password,
+						      auth_type,
+						      auth_level);
+	torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
 
 	dump_data(1, new_owf_password.hash, 16);
 	dump_data(1, nt_hash.hash, 16);

source4/torture/rpc/samba3rpc.c

@@ -1310,6 +1310,8 @@ static bool schan(struct torture_context *tctx,
 		struct netlogon_creds_CredentialState *creds_state;
 		struct netr_Authenticator credential, return_authenticator;
 		struct samr_Password new_password;
+		enum dcerpc_AuthType auth_type;
+		enum dcerpc_AuthLevel auth_level;
 
 		s.in.server_name = talloc_asprintf(
 			mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@@ -1324,7 +1326,14 @@ static bool schan(struct torture_context *tctx,
 		E_md4hash(password, new_password.hash);
 
 		creds_state = cli_credentials_get_netlogon_creds(wks_creds);
-		netlogon_creds_des_encrypt(creds_state, &new_password);
+		dcerpc_binding_handle_auth_info(net_handle,
+						&auth_type,
+						&auth_level);
+		status = netlogon_creds_encrypt_samr_Password(creds_state,
+							      &new_password,
+							      auth_type,
+							      auth_level);
+		torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
 		netlogon_creds_client_authenticator(creds_state, &credential);
 
 		status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);

source4/torture/rpc/schannel.c

@@ -1290,6 +1290,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 		struct dcerpc_pipe *net_pipe;
 		struct netr_Authenticator credential, return_authenticator;
 		struct samr_Password new_password;
+		enum dcerpc_AuthType auth_type;
+		enum dcerpc_AuthLevel auth_level;
 
 		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
 					       &ndr_table_netlogon,
@@ -1314,7 +1316,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 
 		creds_state = cli_credentials_get_netlogon_creds(
 			s->wks_creds1);
-		netlogon_creds_des_encrypt(creds_state, &new_password);
+		dcerpc_binding_handle_auth_info(net_pipe->binding_handle,
+						&auth_type,
+						&auth_level);
+		status = netlogon_creds_encrypt_samr_Password(creds_state,
+							      &new_password,
+							      auth_type,
+							      auth_level);
+		torture_assert_ntstatus_ok(torture, status, "encrypt_samr_Password");
 		netlogon_creds_client_authenticator(creds_state, &credential);
 
 		torture_assert_ntstatus_ok(torture, dcerpc_netr_ServerPasswordSet_r(net_pipe->binding_handle, torture, &pwset),