s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb)

source4/torture/rpc/schannel.c

@@ -64,6 +64,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	struct netr_SamBaseInfo *base = NULL;
 	const char *crypto_alg = "";
 	bool can_do_validation_6 = true;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
 	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 
 	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
@@ -137,7 +138,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 		}
 	}
 
-	dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
 	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
 		r.in.validation_level = 6;
 
@@ -208,13 +209,12 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 		dump_data(1, base->key.key, 16);
 		dump_data(1, base->LMSessKey.key, 8);
 
-		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		status = netlogon_creds_decrypt_samlogon_validation(creds,
-			netlogon_creds_aes_decrypt(creds, base->key.key, 16);
+								    r.in.validation_level,
-			netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
+								    r.out.validation,
-		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+								    auth_type,
-			netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+								    auth_level);
-			netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+		torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation");
-		}
 
 		DEBUG(1,("decrypted keys validation_level %d\n",
 			validation_levels[i]));
@@ -281,6 +281,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
 	struct netr_SamBaseInfo *base = NULL;
 	const char *crypto_alg = "";
 	bool can_do_validation_6 = true;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
 	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 
 	flags |= CLI_CRED_NTLMv2_AUTH;
@@ -346,7 +347,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
 		}
 	}
 
-	dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
 	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
 		r.in.validation_level = 6;
 
@@ -417,13 +418,12 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
 		dump_data(1, base->key.key, 16);
 		dump_data(1, base->LMSessKey.key, 8);
 
-		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		status = netlogon_creds_decrypt_samlogon_validation(creds,
-			netlogon_creds_aes_decrypt(creds, base->key.key, 16);
+								    r.in.validation_level,
-			netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
+								    r.out.validation,
-		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+								    auth_type,
-			netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+								    auth_level);
-			netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+		torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation");
-		}
 
 		DEBUG(1,("decrypted keys validation_level %d\n",
 			validation_levels[i]));