From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 28 Oct 2024 12:03:37 +0000 (+0100)
Subject: libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
X-Git-Tag: ldb-2.9.2~28
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=1aa11e2af6e6fd2cdb71d06bf2dc14d45c216846;p=thirdparty%2Fsamba.git

libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6)
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index dd43036c9bc..fcc06a94836 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -1149,6 +1149,53 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS
 						   true);
 }
 
+static NTSTATUS netlogon_creds_crypt_samr_Password(
+		struct netlogon_creds_CredentialState *creds,
+		struct samr_Password *pass,
+		enum dcerpc_AuthType auth_type,
+		enum dcerpc_AuthLevel auth_level,
+		bool do_encrypt)
+{
+	if (all_zero(pass->hash, ARRAY_SIZE(pass->hash))) {
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Even with NETLOGON_NEG_SUPPORTS_AES or
+	 * NETLOGON_NEG_ARCFOUR this uses DES
+	 */
+
+	if (do_encrypt) {
+		return netlogon_creds_des_encrypt(creds, pass);
+	}
+
+	return netlogon_creds_des_decrypt(creds, pass);
+}
+
+NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+					      struct samr_Password *pass,
+					      enum dcerpc_AuthType auth_type,
+					      enum dcerpc_AuthLevel auth_level)
+{
+	return netlogon_creds_crypt_samr_Password(creds,
+						  pass,
+						  auth_type,
+						  auth_level,
+						  false);
+}
+
+NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+					      struct samr_Password *pass,
+					      enum dcerpc_AuthType auth_type,
+					      enum dcerpc_AuthLevel auth_level)
+{
+	return netlogon_creds_crypt_samr_Password(creds,
+						  pass,
+						  auth_type,
+						  auth_level,
+						  true);
+}
+
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
 					enum netr_LogonInfoClass level,
 					const union netr_LogonLevel *in)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index c5e26d183ab..b43781191bc 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -96,6 +96,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS
 					       union netr_LogonLevel *logon,
 					       enum dcerpc_AuthType auth_type,
 					       enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+					      struct samr_Password *pass,
+					      enum dcerpc_AuthType auth_type,
+					      enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds,
+					      struct samr_Password *pass,
+					      enum dcerpc_AuthType auth_type,
+					      enum dcerpc_AuthLevel auth_level);
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
 					enum netr_LogonInfoClass level,
 					const union netr_LogonLevel *in);