It turns out that the Netlogon PAC verification is encrypted.
[kai/samba.git] / source4 / torture / rpc / remote_pac.c
index a01077a6c7327818817be15d95cdeb1afcc9784e..58c8ba0ee0eef2250e08c9fd749895524045f7e3 100644 (file)
@@ -154,7 +154,9 @@ static bool test_PACVerify(struct torture_context *tctx,
                                       (ndr_push_flags_fn_t)ndr_push_PAC_Validate);
        torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
                
-       
+       torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
+       creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+
        /* Validate it over the netlogon pipe */
 
        generic.identity_info.parameter_control = 0;