libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index dd43036c9bc4759abcda154a3467aad8ec31d658..fcc06a948369723ce89880954063f74e8edb53c7 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -1149,6 +1149,53 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS
                                                   true);
 }
 
+static NTSTATUS netlogon_creds_crypt_samr_Password(
+               struct netlogon_creds_CredentialState *creds,
+               struct samr_Password *pass,
+               enum dcerpc_AuthType auth_type,
+               enum dcerpc_AuthLevel auth_level,
+               bool do_encrypt)
+{
+       if (all_zero(pass->hash, ARRAY_SIZE(pass->hash))) {
+               return NT_STATUS_OK;
+       }
+
+       /*
+        * Even with NETLOGON_NEG_SUPPORTS_AES or
+        * NETLOGON_NEG_ARCFOUR this uses DES
+        */
+
+       if (do_encrypt) {
+               return netlogon_creds_des_encrypt(creds, pass);
+       }
+
+       return netlogon_creds_des_decrypt(creds, pass);
+}
+
+NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+                                             struct samr_Password *pass,
+                                             enum dcerpc_AuthType auth_type,
+                                             enum dcerpc_AuthLevel auth_level)
+{
+       return netlogon_creds_crypt_samr_Password(creds,
+                                                 pass,
+                                                 auth_type,
+                                                 auth_level,
+                                                 false);
+}
+
+NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+                                             struct samr_Password *pass,
+                                             enum dcerpc_AuthType auth_type,
+                                             enum dcerpc_AuthLevel auth_level)
+{
+       return netlogon_creds_crypt_samr_Password(creds,
+                                                 pass,
+                                                 auth_type,
+                                                 auth_level,
+                                                 true);
+}
+
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
                                        enum netr_LogonInfoClass level,
                                        const union netr_LogonLevel *in)

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index c5e26d183ab4dee111c1cfd48861905207628701..b43781191bce58bc5f6a71dce58b402a45091ce4 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -96,6 +96,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS
                                               union netr_LogonLevel *logon,
                                               enum dcerpc_AuthType auth_type,
                                               enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+                                             struct samr_Password *pass,
+                                             enum dcerpc_AuthType auth_type,
+                                             enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+                                             struct samr_Password *pass,
+                                             enum dcerpc_AuthType auth_type,
+                                             enum dcerpc_AuthLevel auth_level);
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
                                        enum netr_LogonInfoClass level,
                                        const union netr_LogonLevel *in);