da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NETR challenge/response client functions.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NT_STATUS_INVALID_PARAMETER
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NT_STATUS_NO_TRUST_SAM_ACCOUNT
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NT_STATUS_ACCESS_DENIED
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego/* The DES algorithm uses a 56-bit encryption key. */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint netr_setup_authenticator(netr_info_t *, struct netr_authenticator *,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD netr_validate_chain(netr_info_t *, struct netr_authenticator *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int netr_server_req_challenge(mlsvc_handle_t *, netr_info_t *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int netr_server_authenticate2(mlsvc_handle_t *, netr_info_t *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Shared with netr_logon.c
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netlogon_auth
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This is the core of the NETLOGON authentication protocol.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Do the challenge response authentication.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Prior to calling this function, an anonymous session to the NETLOGON
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * pipe on a domain controller(server) should have already been opened.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * Upon a successful NETLOGON credential chain establishment, the
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * netlogon sequence number will be set to match the kpasswd sequence
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetlogon_auth(char *server, mlsvc_handle_t *netr_handle, DWORD flags)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = smb_getnetbiosname(netr_info->hostname, NETBIOS_NAME_SZ);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* server is our DC. Note: normally an FQDN. */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(netr_info->server, sizeof (netr_info->server),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sizeof (struct netr_credential));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ((rc = netr_server_req_challenge(netr_handle, netr_info)) == 0) {
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb if (rc == 0) {
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * TODO: (later) When joining a domain using a
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * pre-created machine account, should do:
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * netr_server_password_set(&netr_handle, netr_info);
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * Nexenta issue 11960
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ((rc) ? NT_STATUS_UNSUCCESSFUL : NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_open
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Open an anonymous session to the NETLOGON pipe on a domain controller
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * and bind to the NETR RPC interface.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * We store the remote server information, which is used to drive Windows
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * version specific behavior.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns 0 or NT status
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_open(char *server, char *domain, mlsvc_handle_t *netr_handle)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross status = ndr_rpc_bind(netr_handle, server, domain, user, "NETR");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_close
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Close a NETLOGON pipe and free the RPC context.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_server_req_challenge
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_server_req_challenge(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) memcpy(&arg.client_challenge, &netr_info->client_challenge,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sizeof (struct netr_credential));
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego ndr_rpc_status(netr_handle, opnum, arg.status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) memcpy(&netr_info->server_challenge, &arg.server_challenge,
8d7e41661dc4633488e93b13363137523ce59977jose borrego sizeof (struct netr_credential));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_server_authenticate2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_server_authenticate2(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* sizeof netr_info->hostname, + 1 for the '$' */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(account_name, sizeof (account_name), "%s$",
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego smb_tracef("server=[%s] account_name=[%s] hostname=[%s]\n",
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego netr_info->server, account_name, netr_info->hostname);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego arg.negotiate_flags = NETR_NEGOTIATE_BASE_FLAGS;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (ndr_rpc_server_os(netr_handle) == NATIVE_OS_WIN2000) {
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego arg.negotiate_flags |= NETR_NEGOTIATE_STRONGKEY_FLAG;
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego if (netr_gen_skey128(netr_info) != SMBAUTH_SUCCESS)
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego return (-1);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego if (netr_gen_skey64(netr_info) != SMBAUTH_SUCCESS)
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego return (-1);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego if (netr_gen_credentials(netr_info->session_key.key,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego if (netr_gen_credentials(netr_info->session_key.key,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) memcpy(&arg.client_credential, &netr_info->client_credential,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sizeof (struct netr_credential));
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego ndr_rpc_status(netr_handle, opnum, arg.status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego rc = memcmp(&netr_info->server_credential, &arg.server_credential,
8d7e41661dc4633488e93b13363137523ce59977jose borrego sizeof (struct netr_credential));
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * netr_gen_skey128
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * Generate a 128-bit session key from the client and server challenges.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * See "Session-Key Computation" section of MS-NRPC document.
3db3f65c6274eb042354801a308c8e9bc4994553amw * We should check (netr_info->flags & NETR_FLG_INIT) and use
3db3f65c6274eb042354801a308c8e9bc4994553amw * the appropriate password but it isn't working yet. So we
3db3f65c6274eb042354801a308c8e9bc4994553amw * always use the default one for now.
3db3f65c6274eb042354801a308c8e9bc4994553amw bzero(netr_info->password, sizeof (netr_info->password));
3db3f65c6274eb042354801a308c8e9bc4994553amw (char *)netr_info->password, sizeof (netr_info->password));
3db3f65c6274eb042354801a308c8e9bc4994553amw if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = smb_auth_ntlm_hash((char *)netr_info->password, ntlmhash);
3db3f65c6274eb042354801a308c8e9bc4994553amw rv = SUNW_C_GetMechSession(mechanism.mechanism, &hSession);
3db3f65c6274eb042354801a308c8e9bc4994553amw (CK_BYTE_PTR)netr_info->client_challenge.data, NETR_CRED_DATA_SZ);
3db3f65c6274eb042354801a308c8e9bc4994553amw (CK_BYTE_PTR)netr_info->server_challenge.data, NETR_CRED_DATA_SZ);
3db3f65c6274eb042354801a308c8e9bc4994553amw rv = C_DigestFinal(hSession, (CK_BYTE_PTR)md5digest, &diglen);
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = smb_auth_hmac_md5(md5digest, diglen, ntlmhash, SMBAUTH_HASH_SZ,
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego netr_info->session_key.len = NETR_SESSKEY128_SZ;
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * netr_gen_skey64
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * Generate a 64-bit session key from the client and server challenges.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * See "Session-Key Computation" section of MS-NRPC document.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * The algorithm is a two stage hash. For the first hash, the input is
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * the combination of the client and server challenges, the key is
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * the first 7 bytes of the password. The initial password is formed
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * using the NT password hash on the local hostname in lower case.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * The result is stored in a temporary buffer.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * input: challenge
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * key: passwd lower 7 bytes
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * output: intermediate result
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * For the second hash, the input is the result of the first hash and
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * the key is the last 7 bytes of the password.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * input: result of first hash
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * key: passwd upper 7 bytes
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * output: session_key
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * The final output should be the session key.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * FYI: smb_auth_DES(output, key, input)
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * If any difficulties occur using the cryptographic framework, the
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw client_challenge = (DWORD *)(uintptr_t)&netr_info->client_challenge;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw server_challenge = (DWORD *)(uintptr_t)&netr_info->server_challenge;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * We should check (netr_info->flags & NETR_FLG_INIT) and use
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the appropriate password but it isn't working yet. So we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * always use the default one for now.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as bzero(netr_info->password, sizeof (netr_info->password));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as (char *)netr_info->password, sizeof (netr_info->password));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as rc = smb_auth_ntlm_hash((char *)netr_info->password, md4hash);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw data[0] = LE_IN32(&client_challenge[0]) + LE_IN32(&server_challenge[0]);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw data[1] = LE_IN32(&client_challenge[1]) + LE_IN32(&server_challenge[1]);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego rc = smb_auth_DES(buffer, 8, md4hash, NETR_DESKEY_LEN,
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego netr_info->session_key.len = NETR_SESSKEY64_SZ;
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego netr_info->session_key.len, &md4hash[9], NETR_DESKEY_LEN, buffer,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_gen_credentials
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Generate a set of credentials from a challenge and a session key.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The algorithm is a two stage hash. For the first hash, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * timestamp is added to the challenge and the result is stored in a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * temporary buffer:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * input: challenge (including timestamp)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * key: session_key
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * output: intermediate result
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * For the second hash, the input is the result of the first hash and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a strange partial key is used:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * input: result of first hash
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * key: funny partial key
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * output: credentiails
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The final output should be an encrypted set of credentials.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * FYI: smb_auth_DES(output, key, input)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If any difficulties occur using the cryptographic framework, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * returned.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_gen_credentials(BYTE *session_key, netr_cred_t *challenge,
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_auth_DES(buffer, 8, session_key, NETR_DESKEY_LEN,
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = smb_auth_DES(out_cred->data, 8, &session_key[NETR_DESKEY_LEN],
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_server_password_set
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Attempt to change the trust account password for this system.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Note that this call may legitimately fail if the registry on the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain controller has been setup to deny attempts to change the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * trust account password. In this case we should just continue to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * use the original password.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Possible status values:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NT_STATUS_ACCESS_DENIED
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_server_password_set(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char account_name[NETBIOS_NAME_SZ * 2];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(account_name, sizeof (account_name), "%s$",
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross arg.sec_chan_type = NETR_WKSTA_TRUST_ACCOUNT_TYPE;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Set up the client side authenticator.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (netr_setup_authenticator(netr_info, &arg.auth, 0) !=
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Generate a new password from the old password.
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego if (netr_gen_password(netr_info->session_key.key,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw netr_info->password, new_password) == SMBAUTH_FAILURE) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego ndr_rpc_status(netr_handle, opnum, arg.status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Check the returned credentials. The server returns the new
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * client credential rather than the new server credentiali,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * as documented elsewhere.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Generate the new seed for the credential chain. Increment
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the timestamp and add it to the client challenge. Then we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * need to copy the challenge to the credential field in
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * preparation for the next cycle.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Save the new password.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * netr_gen_password
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Generate a new pasword from the old password and the session key.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The algorithm is a two stage hash. The session key is used in the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * first hash but only part of the session key is used in the second
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If any difficulties occur using the cryptographic framework, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * returned.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwnetr_gen_password(BYTE *session_key, BYTE *old_password, BYTE *new_password)
3db3f65c6274eb042354801a308c8e9bc4994553amw rv = smb_auth_DES(new_password, 8, session_key, NETR_DESKEY_LEN,
3db3f65c6274eb042354801a308c8e9bc4994553amw rv = smb_auth_DES(&new_password[8], 8, &session_key[NETR_DESKEY_LEN],
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * Todo: need netr_server_password_set2()
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * used by "unsecure join". (NX 11960)