pycredentials: Properly check type in creds.set_nt_hash() and samr.encrypt_samr_passw...

We should not be just doing a talloc type check, we should check the python
type first.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 8e7d8ae7b5635d9b116f64f600217835a78d7380..a27e02d1aa53b9765e8b2225c2dda7898c933f80 100644 (file)
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -568,6 +568,11 @@ static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
        }
        obt = _obt;
 
+       if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
+               /* py_check_dcerpc_type sets TypeError */
+               return NULL;
+       }
+
        pwd = pytalloc_get_type(py_cp, struct samr_Password);
        if (pwd == NULL) {
                /* pytalloc_get_type sets TypeError */
@@ -1073,6 +1078,11 @@ static PyObject *py_creds_encrypt_samr_password(PyObject *self,
                return NULL;
        }
 
+       if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
+               /* py_check_dcerpc_type sets TypeError */
+               return NULL;
+       }
+
        pwd = pytalloc_get_type(py_cp, struct samr_Password);
        if (pwd == NULL) {
                /* pytalloc_get_type sets TypeError */

diff --git a/auth/credentials/wscript_build b/auth/credentials/wscript_build
index 7568554df4d669bccf0d20969b482b8bdf13e4ae..83c6e8ca5a0c361f455af1acd7e2202eb1f9bbbf 100644 (file)
--- a/auth/credentials/wscript_build
+++ b/auth/credentials/wscript_build
@@ -27,12 +27,13 @@ bld.SAMBA_SUBSYSTEM('CREDENTIALS_CMDLINE',
                     source='credentials_cmdline.c',
                     deps='samba-credentials')
 
+pyrpc_util = bld.pyembed_libname('pyrpc_util')
 pytalloc_util = bld.pyembed_libname('pytalloc-util')
 pyparam_util = bld.pyembed_libname('pyparam_util')
 
 bld.SAMBA_PYTHON('pycredentials',
     source='pycredentials.c',
-    public_deps='samba-credentials %s %s CREDENTIALS_CMDLINE CREDENTIALS_KRB5 CREDENTIALS_SECRETS' % (pytalloc_util, pyparam_util),
+    public_deps='samba-credentials %s %s %s CREDENTIALS_CMDLINE CREDENTIALS_KRB5 CREDENTIALS_SECRETS' % (pyrpc_util, pytalloc_util, pyparam_util),
     realname='samba/credentials.so'
 )