2025-02-08 05:57:51 +03:00 · 2023-12-21 14:04:23 +13:00 · 2023-12-21 14:04:23 +13:00 · 48affb137f
commit 48affb137f
parent b8308f3fe0
3 changed files with 35 additions and 4 deletions
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@ -1508,6 +1508,7 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 					      TALLOC_CTX *mem_ctx,
 					      struct loadparm_context *lp_ctx,
 					      krb5_enctype enctype,
 					      bool previous,
 					      DATA_BLOB *key_blob)
 {
 	struct smb_krb5_context *smb_krb5_context = NULL;
@ -1524,8 +1525,14 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 	TALLOC_CTX *frame = talloc_stackframe();
 	if ((int)enctype == (int)ENCTYPE_ARCFOUR_HMAC) {
-		struct samr_Password *nt_hash
+		struct samr_Password *nt_hash;
-			= cli_credentials_get_nt_hash(cred, frame);
+
 		if (previous) {
 			nt_hash = cli_credentials_get_old_nt_hash(cred, frame);
 		} else {
 			nt_hash = cli_credentials_get_nt_hash(cred, frame);
 		}
 		if (nt_hash == NULL) {
 			TALLOC_FREE(frame);
 			return EINVAL;
@ -1553,7 +1560,11 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 		return EINVAL;
 	}
-	password = cli_credentials_get_password(cred);
+	if (previous) {
 		password = cli_credentials_get_old_password(cred);
 	} else {
 		password = cli_credentials_get_password(cred);
 	}
 	if (password == NULL) {
 		TALLOC_FREE(frame);
 		return EINVAL;
--- a/auth/credentials/credentials_krb5.h
+++ b/auth/credentials/credentials_krb5.h
@ -45,6 +45,7 @@ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 				     TALLOC_CTX *mem_ctx,
 				     struct loadparm_context *lp_ctx,
 				     krb5_enctype enctype,
 				     bool previous,
 				     DATA_BLOB *key_blob);
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@ -1015,7 +1015,7 @@ static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *
 	return ret;
 }
-static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
+static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
 {
 	struct loadparm_context *lp_ctx = NULL;
 	TALLOC_CTX *mem_ctx = NULL;
@ -1049,6 +1049,7 @@ static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
 						mem_ctx,
 						lp_ctx,
 						enctype,
 						old,
 						&key);
 	if (code != 0) {
 		PyErr_SetString(PyExc_RuntimeError,
@ -1063,6 +1064,16 @@ static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
 	return ret;
 }
 static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
 {
 	return py_creds_get_kerberos_key_current_or_old(self, args, false);
 }
 static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
 {
 	return py_creds_get_kerberos_key_current_or_old(self, args, true);
 }
 static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
 						      PyObject *args)
 {
@ -1646,6 +1657,14 @@ static PyMethodDef py_creds_methods[] = {
 			    "Generate a Kerberos key using the current password and\n"
 			    "the salt on this credentials object",
 	},
 	{
 		.ml_name  = "get_old_kerberos_key",
 		.ml_meth  = py_creds_get_old_kerberos_key,
 		.ml_flags = METH_VARARGS,
 		.ml_doc   = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
 			    "Generate a Kerberos key using the old (previous) password and\n"
 			    "the salt on this credentials object",
 	},
 	{
 		.ml_name  = "encrypt_netr_crypt_password",
 		.ml_meth  = py_creds_encrypt_netr_crypt_password,