From 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 10 Oct 2024 15:02:16 +0200
Subject: [PATCH] s4:torture/rpc: without weak crypto we should require AES

We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 source4/torture/rpc/netlogon_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source4/torture/rpc/netlogon_crypto.c b/source4/torture/rpc/netlogon_crypto.c
index 8defd439a88..eec8a753179 100644
--- a/source4/torture/rpc/netlogon_crypto.c
+++ b/source4/torture/rpc/netlogon_crypto.c
@@ -169,8 +169,8 @@ static bool test_ServerAuth3Crypto(struct dcerpc_pipe *p,
 
 	if (!weak_crypto_allowed) {
 		torture_assert(tctx,
-			       (negotiate_flags & NETLOGON_NEG_ARCFOUR) == 0,
-			       "Server should not announce RC4 support");
+			       (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES),
+			       "Server negotiate AES support");
 	}
 
 	/* Prove that requesting a challenge again won't break it */