pycredentials: add py_creds_encrypt_netr_PasswordInfo helper

This will replace py_creds_encrypt_samr_password in the next steps
and prepares the introduction of netr_ServerAuthenticateKerberos().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 9533392b62391c3f0d91043b50da9af4db13182a..b123c2e986a0d2cb4e21b7034923e7525cddba44 100644 (file)
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -1162,6 +1162,68 @@ static PyObject *py_creds_encrypt_samr_password(PyObject *self,
        Py_RETURN_NONE;
 }
 
+static PyObject *py_creds_encrypt_netr_PasswordInfo(PyObject *self,
+                                                   PyObject *args,
+                                                   PyObject *kwargs)
+{
+       const char * const kwnames[] = {
+               "info",
+               "auth_type",
+               "auth_level",
+               NULL
+       };
+       struct cli_credentials *creds = NULL;
+       PyObject *py_info = Py_None;
+       enum netr_LogonInfoClass level = NetlogonInteractiveInformation;
+       union netr_LogonLevel logon = { .password = NULL, };
+       uint8_t auth_type = DCERPC_AUTH_TYPE_NONE;
+       uint8_t auth_level = DCERPC_AUTH_LEVEL_NONE;
+       NTSTATUS status;
+       bool ok;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+
+       if (creds->netlogon_creds == NULL) {
+               PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
+               return NULL;
+       }
+
+       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Obb",
+                                        discard_const_p(char *, kwnames),
+                                        &py_info, &auth_type, &auth_level))
+       {
+               return NULL;
+       }
+
+       ok = py_check_dcerpc_type(py_info,
+                                 "samba.dcerpc.netlogon",
+                                 "netr_PasswordInfo");
+       if (!ok) {
+               /* py_check_dcerpc_type sets TypeError */
+               return NULL;
+       }
+
+       logon.password = pytalloc_get_type(py_info, struct netr_PasswordInfo);
+       if (logon.password == NULL) {
+               /* pytalloc_get_type sets TypeError */
+               return NULL;
+       }
+
+       status = netlogon_creds_encrypt_samlogon_logon(creds->netlogon_creds,
+                                                      level,
+                                                      &logon,
+                                                      auth_type,
+                                                      auth_level);
+
+       PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+       Py_RETURN_NONE;
+}
+
 static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
 {
        enum smb_signing_setting signing_state;
@@ -1695,6 +1757,17 @@ static PyMethodDef py_creds_methods[] = {
                            "the negotiated encryption algorithm in place\n"
                            "i.e. it overwrites the original data"
        },
+       {
+               .ml_name  = "encrypt_netr_PasswordInfo",
+               .ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+                                       py_creds_encrypt_netr_PasswordInfo),
+               .ml_flags = METH_VARARGS | METH_KEYWORDS,
+               .ml_doc   = "S.encrypt_netr_PasswordInfo(info, "
+                           "auth_type, auth_level) -> None\n"
+                           "Encrypt the supplied password info using the session key and\n"
+                           "the negotiated encryption algorithm in place\n"
+                           "i.e. it overwrites the original data"
+       },
        {
                .ml_name  = "get_smb_signing",
                .ml_meth  = py_creds_get_smb_signing,