auth/credentials: Add set_nt_hash()

This method allows setting the NT hash directly. This is useful in cases
where we don’t know the password, such as with a computer or server
account.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 33 insertions, 0 deletions

diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index ac9ccd4ae27..b87cdc06a93 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -546,6 +546,32 @@ static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
 	return ret;
 }
 
+static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
+{
+	PyObject *py_cp = Py_None;
+	const struct samr_Password *pwd = NULL;
+	enum credentials_obtained obt = CRED_SPECIFIED;
+	int _obt = obt;
+	struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
+	if (creds == NULL) {
+		PyErr_Format(PyExc_TypeError, "Credentials expected");
+		return NULL;
+	}
+
+	if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
+		return NULL;
+	}
+	obt = _obt;
+
+	pwd = pytalloc_get_type(py_cp, struct samr_Password);
+	if (pwd == NULL) {
+		/* pytalloc_get_type sets TypeError */
+		return NULL;
+	}
+
+	return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
+}
+
 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
 {
 	int state;
@@ -1390,6 +1416,13 @@ static PyMethodDef py_creds_methods[] = {
 		.ml_flags = METH_NOARGS,
 	},
 	{
+		.ml_name  = "set_nt_hash",
+		.ml_meth  = py_creds_set_nt_hash,
+		.ml_flags = METH_VARARGS,
+		.ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
+			"Change NT hash.",
+	},
+	{
 		.ml_name  = "get_kerberos_state",
 		.ml_meth  = py_creds_get_kerberos_state,
 		.ml_flags = METH_NOARGS,