From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 28 Oct 2024 15:28:47 +0000 (+0100)
Subject: s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()
X-Git-Tag: ldb-2.9.2~12
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=3aefe6a54a7020b266b390f6e53a9c95efada750;p=thirdparty%2Fsamba.git

s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7a7cb0d0426a891185f5acf825573d98360e98e1)
---

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 050e6e4bcdd..fa859e1125e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1010,6 +1010,10 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
 	const struct dom_sid *client_sid = NULL;
 	struct ldb_context *sam_ctx;
 	NTSTATUS nt_status;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
 
 	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
 							mem_ctx,
@@ -1024,7 +1028,10 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 
-	nt_status = netlogon_creds_des_decrypt(creds, r->in.new_password);
+	nt_status = netlogon_creds_decrypt_samr_Password(creds,
+							 r->in.new_password,
+							 auth_type,
+							 auth_level);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	/* Using the sid for the account as the key, set the password */
@@ -4544,6 +4551,10 @@ static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_cal
 		NULL
 	};
 	struct netr_TrustInfo *trust_info = NULL;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
 
 	ZERO_STRUCTP(r->out.new_owf_password);
 	ZERO_STRUCTP(r->out.old_owf_password);
@@ -4661,14 +4672,20 @@ static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_cal
 
 	if (curNtHash != NULL) {
 		*r->out.new_owf_password = *curNtHash;
-		nt_status = netlogon_creds_des_encrypt(creds, r->out.new_owf_password);
+		nt_status = netlogon_creds_encrypt_samr_Password(creds,
+						r->out.new_owf_password,
+						auth_type,
+						auth_level);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}
 	}
 	if (prevNtHash != NULL) {
 		*r->out.old_owf_password = *prevNtHash;
-		nt_status = netlogon_creds_des_encrypt(creds, r->out.old_owf_password);
+		nt_status = netlogon_creds_encrypt_samr_Password(creds,
+						r->out.old_owf_password,
+						auth_type,
+						auth_level);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}