From fac378485f5f15ac0a11c3d82207c4bc780bfb80 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Oct 2024 15:22:47 +0100 Subject: [PATCH] pycredentials: add py_creds_encrypt_netr_PasswordInfo helper This will replace py_creds_encrypt_samr_password in the next steps and prepares the introduction of netr_ServerAuthenticateKerberos(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall --- auth/credentials/pycredentials.c | 73 ++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c index 9533392b623..b123c2e986a 100644 --- a/auth/credentials/pycredentials.c +++ b/auth/credentials/pycredentials.c @@ -1162,6 +1162,68 @@ static PyObject *py_creds_encrypt_samr_password(PyObject *self, Py_RETURN_NONE; } +static PyObject *py_creds_encrypt_netr_PasswordInfo(PyObject *self, + PyObject *args, + PyObject *kwargs) +{ + const char * const kwnames[] = { + "info", + "auth_type", + "auth_level", + NULL + }; + struct cli_credentials *creds = NULL; + PyObject *py_info = Py_None; + enum netr_LogonInfoClass level = NetlogonInteractiveInformation; + union netr_LogonLevel logon = { .password = NULL, }; + uint8_t auth_type = DCERPC_AUTH_TYPE_NONE; + uint8_t auth_level = DCERPC_AUTH_LEVEL_NONE; + NTSTATUS status; + bool ok; + + creds = PyCredentials_AsCliCredentials(self); + if (creds == NULL) { + PyErr_Format(PyExc_TypeError, "Credentials expected"); + return NULL; + } + + if (creds->netlogon_creds == NULL) { + PyErr_Format(PyExc_ValueError, "NetLogon credentials not set"); + return NULL; + } + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Obb", + discard_const_p(char *, kwnames), + &py_info, &auth_type, &auth_level)) + { + return NULL; + } + + ok = py_check_dcerpc_type(py_info, + "samba.dcerpc.netlogon", + "netr_PasswordInfo"); + if (!ok) { + /* py_check_dcerpc_type sets TypeError */ + return NULL; + } + + logon.password = pytalloc_get_type(py_info, struct netr_PasswordInfo); + if (logon.password == NULL) { + /* pytalloc_get_type sets TypeError */ + return NULL; + } + + status = netlogon_creds_encrypt_samlogon_logon(creds->netlogon_creds, + level, + &logon, + auth_type, + auth_level); + + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + Py_RETURN_NONE; +} + static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused) { enum smb_signing_setting signing_state; @@ -1695,6 +1757,17 @@ static PyMethodDef py_creds_methods[] = { "the negotiated encryption algorithm in place\n" "i.e. it overwrites the original data" }, + { + .ml_name = "encrypt_netr_PasswordInfo", + .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction, + py_creds_encrypt_netr_PasswordInfo), + .ml_flags = METH_VARARGS | METH_KEYWORDS, + .ml_doc = "S.encrypt_netr_PasswordInfo(info, " + "auth_type, auth_level) -> None\n" + "Encrypt the supplied password info using the session key and\n" + "the negotiated encryption algorithm in place\n" + "i.e. it overwrites the original data" + }, { .ml_name = "get_smb_signing", .ml_meth = py_creds_get_smb_signing,