From 536080d084e1abd088e064c098f8f9807e690387 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 28 Oct 2024 13:12:24 +0100
Subject: [PATCH] libcli/auth: add
 netlogon_creds_{de,en}crypt_samr_CryptPassword()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 8eb95a155de396981375c7f11221695fd3c7f9d5)
---
 libcli/auth/credentials.c | 48 +++++++++++++++++++++++++++++++++++++++
 libcli/auth/proto.h       |  8 +++++++
 2 files changed, 56 insertions(+)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index fcc06a94836..6fdd4213b54 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -1196,6 +1196,54 @@ NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialSt
 						  true);
 }
 
+static NTSTATUS netlogon_creds_crypt_samr_CryptPassword(
+		struct netlogon_creds_CredentialState *creds,
+		struct samr_CryptPassword *pass,
+		enum dcerpc_AuthType auth_type,
+		enum dcerpc_AuthLevel auth_level,
+		bool do_encrypt)
+{
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		if (do_encrypt) {
+			return netlogon_creds_aes_encrypt(creds,
+							  pass->data,
+							  ARRAY_SIZE(pass->data));
+		}
+
+		return netlogon_creds_aes_decrypt(creds,
+						  pass->data,
+						  ARRAY_SIZE(pass->data));
+	}
+
+	return netlogon_creds_arcfour_crypt(creds,
+					    pass->data,
+					    ARRAY_SIZE(pass->data));
+}
+
+NTSTATUS netlogon_creds_decrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds,
+						   struct samr_CryptPassword *pass,
+						   enum dcerpc_AuthType auth_type,
+						   enum dcerpc_AuthLevel auth_level)
+{
+	return netlogon_creds_crypt_samr_CryptPassword(creds,
+						       pass,
+						       auth_type,
+						       auth_level,
+						       false);
+}
+
+NTSTATUS netlogon_creds_encrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds,
+						   struct samr_CryptPassword *pass,
+						   enum dcerpc_AuthType auth_type,
+						   enum dcerpc_AuthLevel auth_level)
+{
+	return netlogon_creds_crypt_samr_CryptPassword(creds,
+						       pass,
+						       auth_type,
+						       auth_level,
+						       true);
+}
+
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
 					enum netr_LogonInfoClass level,
 					const union netr_LogonLevel *in)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index b43781191bc..d02ffa64c10 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -104,6 +104,14 @@ NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialSt
 					      struct samr_Password *pass,
 					      enum dcerpc_AuthType auth_type,
 					      enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_decrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds,
+						   struct samr_CryptPassword *pass,
+						   enum dcerpc_AuthType auth_type,
+						   enum dcerpc_AuthLevel auth_level);
+NTSTATUS netlogon_creds_encrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds,
+						   struct samr_CryptPassword *pass,
+						   enum dcerpc_AuthType auth_type,
+						   enum dcerpc_AuthLevel auth_level);
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
 					enum netr_LogonInfoClass level,
 					const union netr_LogonLevel *in);