s4:torture: avoid usage of dcerpc_schannel_creds()

We use cli_credentials_get_netlogon_creds() which returns the same value.

dcerpc_schannel_creds() is a layer violation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 48610383050de906f51f5ab38492956b12d3e556..886ff39aa76fae476880162e474b429d2c5e681d 100644 (file)
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -29,7 +29,6 @@
 #include "lib/cmdline/popt_common.h"
 #include "torture/rpc/torture_rpc.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "param/param.h"
 
@@ -1764,8 +1763,8 @@ bool torture_rpc_samlogon(struct torture_context *torture)
        torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
                talloc_asprintf(torture, "RPC pipe connect as domain member failed: %s\n", nt_errstr(status)));
 
-       status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds);
-       if (!NT_STATUS_IS_OK(status)) {
+       creds = cli_credentials_get_netlogon_creds(machine_credentials);
+       if (creds == NULL) {
                ret = false;
                goto failed;
        }

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index a0a5f1a6863af013bb301f256a1434783af18da8..a06529348e518fd9771bf2b0450fe86114b77cc8 100644 (file)
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -37,7 +37,6 @@
 #include "torture/rpc/torture_rpc.h"
 #include "param/param.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "auth/gensec/gensec_proto.h"
 #include "../libcli/auth/schannel.h"
 
@@ -2953,6 +2952,7 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_binding_handle *b,
 
 static bool test_SamLogon(struct torture_context *tctx,
                          struct dcerpc_pipe *p,
+                         struct cli_credentials *machine_credentials,
                          struct cli_credentials *test_credentials,
                          NTSTATUS expected_result,
                          bool interactive)
@@ -2972,7 +2972,7 @@ static bool test_SamLogon(struct torture_context *tctx,
        struct netr_Authenticator a;
        struct dcerpc_binding_handle *b = p->binding_handle;
 
-       torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
+       torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
 
        if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
                flags |= CLI_CRED_LANMAN_AUTH;
@@ -3099,7 +3099,7 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
        torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n",
                interactive ? "interactive" : "network", acct_name, password);
 
-       if (!test_SamLogon(tctx, p, test_credentials,
+       if (!test_SamLogon(tctx, p, machine_creds, test_credentials,
                            expected_samlogon_result, interactive)) {
                torture_warning(tctx, "new password did not work\n");
                ret = false;

diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 81027d0658ddf42b49b7c16b77d5334741975ec6..15cab73f3d3428d54cc4fca12a3596fbfd27103a 100644 (file)
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -27,7 +27,6 @@
 #include "system/time.h"
 #include "torture/rpc/torture_rpc.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/samsync/samsync.h"
 #include "libcli/security/security.h"
@@ -1720,9 +1719,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
        }
        samsync_state->b = samsync_state->p->binding_handle;
 
-       status = dcerpc_schannel_creds(samsync_state->p->conn->security_state.generic_state,
-                                      samsync_state, &samsync_state->creds);
-       if (!NT_STATUS_IS_OK(status)) {
+       samsync_state->creds = cli_credentials_get_netlogon_creds(credentials);
+       if (samsync_state->creds == NULL) {
                ret = false;
        }
 
@@ -1758,9 +1756,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
                goto failed;
        }
 
-       status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->conn->security_state.generic_state,
-                                      samsync_state, &samsync_state->creds_netlogon_wksta);
-       if (!NT_STATUS_IS_OK(status)) {
+       samsync_state->creds_netlogon_wksta = cli_credentials_get_netlogon_creds(credentials_wksta);
+       if (samsync_state->creds_netlogon_wksta == NULL) {
                torture_comment(torture, "Failed to obtail schanel creds!\n");
                ret = false;
        }

diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 8203749edbb21ef8057534c9d56287c0e5f699cf..0098dcf648db1134f73e8f81b5797efc56e9b10c 100644 (file)
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -26,14 +26,12 @@
 #include "auth/credentials/credentials.h"
 #include "torture/rpc/torture_rpc.h"
 #include "lib/cmdline/popt_common.h"
-#include "auth/gensec/schannel.h"
 #include "../libcli/auth/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/security/security.h"
 #include "system/filesys.h"
 #include "param/param.h"
 #include "librpc/rpc/dcerpc_proto.h"
-#include "auth/gensec/gensec.h"
 #include "libcli/composite/composite.h"
 #include "lib/events/events.h"
 
@@ -413,8 +411,8 @@ static bool test_schannel(struct torture_context *tctx,
 
        torture_assert_ntstatus_ok(tctx, status, "bind auth");
 
-       status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
-       torture_assert_ntstatus_ok(tctx, status, "schannel creds");
+       creds = cli_credentials_get_netlogon_creds(credentials);
+       torture_assert(tctx, (creds != NULL), "schannel creds");
 
        /* checks the capabilities */
        torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),