s3:rpcclient: Encrypt the password buffers only if really needed

If we are in FIPS mode certain ciphers like RC4 are not available, so
we should make sure we do not call them. We will add AES support in the
next patch.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index a048a4f935ebe7d016fe0b8c1865858f2b393386..5760ab6c1ff4e7482342926a611bffb95bb4ad8c 100644 (file)
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -3157,15 +3157,28 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
                goto done;
        }
 
-       status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto done;
-       }
-       status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto done;
+       switch(level) {
+       case 18:
+       case 21:
+               nt_lm_owf_gen(param, nt_hash, lm_hash);
+               break;
+       case 23:
+       case 24:
+               status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+               break;
+       case 25:
+       case 26:
+               status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+               break;
+       default:
+               break;
        }
-       nt_lm_owf_gen(param, nt_hash, lm_hash);
 
        switch (level) {
        case 18: