From 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Oct 2024 13:03:37 +0100 Subject: [PATCH] libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password() These will simplify adding the logic for netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall --- libcli/auth/credentials.c | 47 +++++++++++++++++++++++++++++++++++++++ libcli/auth/proto.h | 8 +++++++ 2 files changed, 55 insertions(+) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index dd43036c9bc..fcc06a94836 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -1149,6 +1149,53 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS true); } +static NTSTATUS netlogon_creds_crypt_samr_Password( + struct netlogon_creds_CredentialState *creds, + struct samr_Password *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level, + bool do_encrypt) +{ + if (all_zero(pass->hash, ARRAY_SIZE(pass->hash))) { + return NT_STATUS_OK; + } + + /* + * Even with NETLOGON_NEG_SUPPORTS_AES or + * NETLOGON_NEG_ARCFOUR this uses DES + */ + + if (do_encrypt) { + return netlogon_creds_des_encrypt(creds, pass); + } + + return netlogon_creds_des_decrypt(creds, pass); +} + +NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds, + struct samr_Password *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level) +{ + return netlogon_creds_crypt_samr_Password(creds, + pass, + auth_type, + auth_level, + false); +} + +NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds, + struct samr_Password *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level) +{ + return netlogon_creds_crypt_samr_Password(creds, + pass, + auth_type, + auth_level, + true); +} + union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, enum netr_LogonInfoClass level, const union netr_LogonLevel *in) diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index c5e26d183ab..b43781191bc 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -96,6 +96,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialS union netr_LogonLevel *logon, enum dcerpc_AuthType auth_type, enum dcerpc_AuthLevel auth_level); +NTSTATUS netlogon_creds_decrypt_samr_Password(struct netlogon_creds_CredentialState *creds, + struct samr_Password *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level); +NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialState *creds, + struct samr_Password *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level); union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, enum netr_LogonInfoClass level, const union netr_LogonLevel *in);