From 2f4a80322b9e4b1617839e8e1185a9e620b89a51 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 23 Aug 2021 15:03:19 +0200
Subject: libcli:auth: Add decode_pwd_string_from_buffer514()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 libcli/auth/proto.h      | 19 +++++++++++++++++++
 libcli/auth/smbencrypt.c | 30 ++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

(limited to 'libcli')

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index c787ac2d712..baf57308c9f 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -221,6 +221,25 @@ bool extract_pwd_blob_from_buffer514(TALLOC_CTX *mem_ctx,
 				     const uint8_t in_buffer[514],
 				     DATA_BLOB *new_password);
 
+/**
+ * @brief Decode AES password buffer to password in the given charset.
+ *
+ * @param mem_ctx       The memory context to allocate the deocded passwrod on.
+ *
+ * @param in_buffer[514] The in buffer with the decrypted password data.
+ *
+ * @param string_charset The charset to decode to.
+ *
+ * @param decoded_password A pointer to store the blob for the decoded password.
+ *                         It ensures that the password is NULL terminated.
+ *
+ * @return true on success, false otherwise.
+ */
+bool decode_pwd_string_from_buffer514(TALLOC_CTX *mem_ctx,
+				      const uint8_t in_buffer[514],
+				      charset_t string_charset,
+				      DATA_BLOB *decoded_password);
+
 /***********************************************************
  Encode an arc4 password change buffer.
 ************************************************************/
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index cf141a9891f..7abf6613d80 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -1041,6 +1041,36 @@ bool extract_pwd_blob_from_buffer514(TALLOC_CTX *mem_ctx,
 	return true;
 }
 
+bool decode_pwd_string_from_buffer514(TALLOC_CTX *mem_ctx,
+				      const uint8_t in_buffer[514],
+				      charset_t string_charset,
+				      DATA_BLOB *decoded_password)
+{
+	DATA_BLOB new_password = {
+		.length = 0,
+	};
+	bool ok;
+
+	ok = extract_pwd_blob_from_buffer514(mem_ctx, in_buffer, &new_password);
+	if (!ok) {
+		return false;
+	}
+
+	ok = convert_string_talloc(mem_ctx,
+				   string_charset,
+				   CH_UNIX,
+				   new_password.data,
+				   new_password.length,
+				   (void *)&decoded_password->data,
+				   &decoded_password->length);
+	data_blob_free(&new_password);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
 /***********************************************************
  Encode an arc4 password change buffer.
 ************************************************************/
-- 
cgit v1.2.1