From 8eb95a155de396981375c7f11221695fd3c7f9d5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Oct 2024 13:12:24 +0100 Subject: [PATCH] libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword() These will simplify adding the logic for netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall --- libcli/auth/credentials.c | 48 +++++++++++++++++++++++++++++++++++++++ libcli/auth/proto.h | 8 +++++++ 2 files changed, 56 insertions(+) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index fcc06a94836..6fdd4213b54 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -1196,6 +1196,54 @@ NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialSt true); } +static NTSTATUS netlogon_creds_crypt_samr_CryptPassword( + struct netlogon_creds_CredentialState *creds, + struct samr_CryptPassword *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level, + bool do_encrypt) +{ + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + if (do_encrypt) { + return netlogon_creds_aes_encrypt(creds, + pass->data, + ARRAY_SIZE(pass->data)); + } + + return netlogon_creds_aes_decrypt(creds, + pass->data, + ARRAY_SIZE(pass->data)); + } + + return netlogon_creds_arcfour_crypt(creds, + pass->data, + ARRAY_SIZE(pass->data)); +} + +NTSTATUS netlogon_creds_decrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds, + struct samr_CryptPassword *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level) +{ + return netlogon_creds_crypt_samr_CryptPassword(creds, + pass, + auth_type, + auth_level, + false); +} + +NTSTATUS netlogon_creds_encrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds, + struct samr_CryptPassword *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level) +{ + return netlogon_creds_crypt_samr_CryptPassword(creds, + pass, + auth_type, + auth_level, + true); +} + union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, enum netr_LogonInfoClass level, const union netr_LogonLevel *in) diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index b43781191bc..d02ffa64c10 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -104,6 +104,14 @@ NTSTATUS netlogon_creds_encrypt_samr_Password(struct netlogon_creds_CredentialSt struct samr_Password *pass, enum dcerpc_AuthType auth_type, enum dcerpc_AuthLevel auth_level); +NTSTATUS netlogon_creds_decrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds, + struct samr_CryptPassword *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level); +NTSTATUS netlogon_creds_encrypt_samr_CryptPassword(struct netlogon_creds_CredentialState *creds, + struct samr_CryptPassword *pass, + enum dcerpc_AuthType auth_type, + enum dcerpc_AuthLevel auth_level); union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, enum netr_LogonInfoClass level, const union netr_LogonLevel *in);