libcli/auth: make sure low level crypto function are not used directly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

libcli/auth/credentials.c

@@ -30,6 +30,12 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
+#undef netlogon_creds_des_encrypt
+#undef netlogon_creds_des_decrypt
+#undef netlogon_creds_arcfour_crypt
+#undef netlogon_creds_aes_encrypt
+#undef netlogon_creds_aes_decrypt
+
 bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge)
 {
 	/*

libcli/auth/proto.h

@@ -30,6 +30,13 @@ NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds
 				    uint8_t *data,
 				    size_t len);
 
+/* These should not be used directly! */
+#define netlogon_creds_des_encrypt __DO_NOT_USE_netlogon_creds_des_encrypt
+#define netlogon_creds_des_decrypt __DO_NOT_USE_netlogon_creds_des_decrypt
+#define netlogon_creds_arcfour_crypt __DO_NOT_USE_netlogon_creds_arcfour_crypt
+#define netlogon_creds_aes_encrypt __DO_NOT_USE_netlogon_creds_aes_encrypt
+#define netlogon_creds_aes_decrypt __DO_NOT_USE_netlogon_creds_aes_decrypt
+
 /*****************************************************************
 The above functions are common to the client and server interface
 next comes the client specific functions

libcli/samsync/decrypt.c

@@ -27,6 +27,8 @@
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "lib/crypto/gnutls_helpers.h"
 
+#undef netlogon_creds_arcfour_crypt
+
 /**
  * Decrypt and extract the user's passwords.
  *

source4/torture/rpc/samba3rpc.c

@@ -1278,7 +1278,9 @@ static bool schan(struct torture_context *tctx,
 		 *
 		 * in order to detect bugs
 		 */
+#undef netlogon_creds_aes_encrypt
 		netlogon_creds_aes_encrypt(creds_state, pinfo.ntpassword.hash, 16);
+#define netlogon_creds_aes_encrypt __DO_NOT_USE_netlogon_creds_aes_encrypt
 
 		r.in.logon_level = NetlogonInteractiveInformation;
 		r.in.logon = &logon;