s4:torture: avoid usage of dcerpc_schannel_creds()

We use cli_credentials_get_netlogon_creds() which returns the same value.

dcerpc_schannel_creds() is a layer violation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

4 files changed, 11 insertions, 17 deletions

diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 4861038305..886ff39aa7 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -29,7 +29,6 @@
 #include "lib/cmdline/popt_common.h"
 #include "torture/rpc/torture_rpc.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "param/param.h"
 
@@ -1764,8 +1763,8 @@ bool torture_rpc_samlogon(struct torture_context *torture)
 	torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
 		talloc_asprintf(torture, "RPC pipe connect as domain member failed: %s\n", nt_errstr(status)));
 
-	status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds);
-	if (!NT_STATUS_IS_OK(status)) {
+	creds = cli_credentials_get_netlogon_creds(machine_credentials);
+	if (creds == NULL) {
 		ret = false;
 		goto failed;
 	}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index a0a5f1a686..a06529348e 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -37,7 +37,6 @@
 #include "torture/rpc/torture_rpc.h"
 #include "param/param.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "auth/gensec/gensec_proto.h"
 #include "../libcli/auth/schannel.h"
 
@@ -2953,6 +2952,7 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_binding_handle *b,
 
 static bool test_SamLogon(struct torture_context *tctx,
 			  struct dcerpc_pipe *p,
+			  struct cli_credentials *machine_credentials,
 			  struct cli_credentials *test_credentials,
 			  NTSTATUS expected_result,
 			  bool interactive)
@@ -2972,7 +2972,7 @@ static bool test_SamLogon(struct torture_context *tctx,
 	struct netr_Authenticator a;
 	struct dcerpc_binding_handle *b = p->binding_handle;
 
-	torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
+	torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
 
 	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
 		flags |= CLI_CRED_LANMAN_AUTH;
@@ -3099,7 +3099,7 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
 	torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n",
 		interactive ? "interactive" : "network", acct_name, password);
 
-	if (!test_SamLogon(tctx, p, test_credentials,
+	if (!test_SamLogon(tctx, p, machine_creds, test_credentials,
 			    expected_samlogon_result, interactive)) {
 		torture_warning(tctx, "new password did not work\n");
 		ret = false;
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 81027d0658..15cab73f3d 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -27,7 +27,6 @@
 #include "system/time.h"
 #include "torture/rpc/torture_rpc.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/samsync/samsync.h"
 #include "libcli/security/security.h"
@@ -1720,9 +1719,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
 	}
 	samsync_state->b = samsync_state->p->binding_handle;
 
-	status = dcerpc_schannel_creds(samsync_state->p->conn->security_state.generic_state,
-				       samsync_state, &samsync_state->creds);
-	if (!NT_STATUS_IS_OK(status)) {
+	samsync_state->creds = cli_credentials_get_netlogon_creds(credentials);
+	if (samsync_state->creds == NULL) {
 		ret = false;
 	}
 
@@ -1758,9 +1756,8 @@ bool torture_rpc_samsync(struct torture_context *torture)
 		goto failed;
 	}
 
-	status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->conn->security_state.generic_state,
-				       samsync_state, &samsync_state->creds_netlogon_wksta);
-	if (!NT_STATUS_IS_OK(status)) {
+	samsync_state->creds_netlogon_wksta = cli_credentials_get_netlogon_creds(credentials_wksta);
+	if (samsync_state->creds_netlogon_wksta == NULL) {
 		torture_comment(torture, "Failed to obtail schanel creds!\n");
 		ret = false;
 	}
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 8203749edb..0098dcf648 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -26,14 +26,12 @@
 #include "auth/credentials/credentials.h"
 #include "torture/rpc/torture_rpc.h"
 #include "lib/cmdline/popt_common.h"
-#include "auth/gensec/schannel.h"
 #include "../libcli/auth/schannel.h"
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/security/security.h"
 #include "system/filesys.h"
 #include "param/param.h"
 #include "librpc/rpc/dcerpc_proto.h"
-#include "auth/gensec/gensec.h"
 #include "libcli/composite/composite.h"
 #include "lib/events/events.h"
 
@@ -413,8 +411,8 @@ static bool test_schannel(struct torture_context *tctx,
 
 	torture_assert_ntstatus_ok(tctx, status, "bind auth");
 
-	status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
-	torture_assert_ntstatus_ok(tctx, status, "schannel creds");
+	creds = cli_credentials_get_netlogon_creds(credentials);
+	torture_assert(tctx, (creds != NULL), "schannel creds");
 
 	/* checks the capabilities */
 	torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),