netr_info
struct netr_info;
int netr_setup_authenticator(struct netr_info *, struct netr_authenticator *,
DWORD netr_validate_chain(struct netr_info *, struct netr_authenticator *);
netr_info_t *netr_info;
netr_info = &netr_global_info;
bzero(&netr_info->session_key, sizeof (netr_info->session_key));
bzero(&netr_info->rpc_seal_key, sizeof (netr_info->rpc_seal_key));
netr_info->flags = flags;
rc = smb_getnetbiosname(netr_info->hostname, NETBIOS_NAME_SZ);
(void) snprintf(netr_info->server, sizeof (netr_info->server),
rc = smb_getdomainname(netr_info->nb_domain,
sizeof (netr_info->nb_domain));
rc = smb_getfqdomainname(netr_info->fqdn_domain,
sizeof (netr_info->fqdn_domain));
(void) memcpy(&netr_info->client_challenge, leout_rc,
if (!passes_dc_mitigation(netr_info->client_challenge.data))
if ((rc = netr_server_req_challenge(&netr_handle, netr_info)) == 0) {
rc = netr_server_authenticate2(&netr_handle, netr_info);
netr_info->flags |= NETR_FLG_VALID;
netr_server_req_challenge(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
arg.servername = (unsigned char *)netr_info->server;
arg.hostname = (unsigned char *)netr_info->hostname;
(void) memcpy(&arg.client_challenge, &netr_info->client_challenge,
(void) memcpy(&netr_info->server_challenge, &arg.server_challenge,
netr_server_authenticate2(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
netr_info->hostname);
netr_info->server, account_name, netr_info->hostname);
arg.servername = (unsigned char *)netr_info->server;
arg.hostname = (unsigned char *)netr_info->hostname;
if (netr_gen_skey128(netr_info) != SMBAUTH_SUCCESS)
if (netr_gen_skey64(netr_info) != SMBAUTH_SUCCESS)
for (i = 0; i < netr_info->session_key.len; i++)
netr_info->rpc_seal_key.key[i] =
netr_info->session_key.key[i] ^ 0xf0;
netr_info->rpc_seal_key.len = netr_info->session_key.len;
if (netr_gen_credentials(netr_info->session_key.key,
&netr_info->client_challenge, 0,
&netr_info->client_credential, B_FALSE) != SMBAUTH_SUCCESS) {
if (netr_gen_credentials(netr_info->session_key.key,
&netr_info->server_challenge, 0,
&netr_info->server_credential, B_FALSE) != SMBAUTH_SUCCESS) {
(void) memcpy(&arg.client_credential, &netr_info->client_credential,
netr_info->nego_flags = arg.negotiate_flags;
rc = memcmp(&netr_info->server_credential, &arg.server_credential,
netr_gen_skey128(netr_info_t *netr_info)
bzero(netr_info->password, sizeof (netr_info->password));
(char *)netr_info->password, sizeof (netr_info->password));
if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
rc = smb_auth_ntlm_hash((char *)netr_info->password, ntlmhash);
explicit_bzero(&netr_info->password,
sizeof (netr_info->password));
(CK_BYTE_PTR)netr_info->client_challenge.data, NETR_CRED_DATA_SZ);
(CK_BYTE_PTR)netr_info->server_challenge.data, NETR_CRED_DATA_SZ);
netr_info->session_key.key);
netr_info->session_key.len = NETR_SESSKEY128_SZ;
explicit_bzero(&netr_info->password, sizeof (netr_info->password));
netr_gen_skey64(netr_info_t *netr_info)
client_challenge = (DWORD *)(uintptr_t)&netr_info->client_challenge;
server_challenge = (DWORD *)(uintptr_t)&netr_info->server_challenge;
bzero(netr_info->password, sizeof (netr_info->password));
(char *)netr_info->password, sizeof (netr_info->password));
if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
rc = smb_auth_ntlm_hash((char *)netr_info->password, md4hash);
netr_info->session_key.len = NETR_SESSKEY64_SZ;
rc = smb_auth_DES(netr_info->session_key.key,
netr_info->session_key.len, &md4hash[9], NETR_DESKEY_LEN, buffer,
explicit_bzero(&netr_info->password, sizeof (netr_info->password));
netr_server_password_set(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
netr_info->hostname);
arg.servername = (unsigned char *)netr_info->server;
arg.hostname = (unsigned char *)netr_info->hostname;
if (netr_setup_authenticator(netr_info, &arg.auth, 0) !=
if (netr_gen_password(netr_info->session_key.key,
netr_info->password, new_password) == SMBAUTH_FAILURE) {
if (netr_validate_chain(netr_info, &arg.auth) == 0) {
(void) memcpy(netr_info->password, new_password,
netr_info_t *netr_info, smb_token_t *token)
bcopy(netr_info->session_key.key, rc4key, netr_info->session_key.len);
netr_server_samlogon(mlsvc_handle_t *netr_handle, netr_info_t *netr_info,
rc = netr_setup_authenticator(netr_info, &auth, &ret_auth);
if (netr_info->use_logon_ex &&
(netr_info->nego_flags & NETR_NEGO_SECURE_RPC_FLAG) != 0) {
netr_interactive_samlogon(netr_info, user_info, &info1);
netr_network_samlogon(heap, netr_info, user_info, &info2);
netr_invalidate_chain(netr_info);
(void) netr_validate_chain(netr_info,
status = netr_validate_chain(netr_info,
status = netr_setup_token(info3, user_info, netr_info, token);
netr_interactive_samlogon(netr_info_t *netr_info, smb_logon_t *user_info,
(void) memcpy(key, netr_info->session_key.key,
netr_info->session_key.len);
netr_network_samlogon(ndr_heap_t *heap, netr_info_t *netr_info,
netr_setup_authenticator(netr_info_t *netr_info,
netr_info->timestamp = time(0) - 1;
auth->timestamp = ++netr_info->timestamp;
rc = netr_gen_credentials(netr_info->session_key.key,
&netr_info->client_credential,
netr_info->timestamp,
ret_auth->timestamp = netr_info->timestamp;
netr_validate_chain(netr_info_t *netr_info, struct netr_authenticator *auth)
++netr_info->timestamp;
if (netr_gen_credentials(netr_info->session_key.key,
&netr_info->client_credential,
netr_info->timestamp, &cred, B_FALSE) != SMBAUTH_SUCCESS)
netr_invalidate_chain(netr_info);
netr_invalidate_chain(netr_info);
dwp = (uint32_t *)&netr_info->client_credential;
dwp[0] += netr_info->timestamp;
netr_info->flags |= NETR_FLG_VALID;
netr_invalidate_chain(netr_info_t *netr_info)
if ((netr_info->flags & NETR_FLG_VALID) == 0)
netr_info->flags &= ~NETR_FLG_VALID;
explicit_bzero(&netr_info->session_key,
sizeof (netr_info->session_key));
explicit_bzero(&netr_info->rpc_seal_key,
sizeof (netr_info->rpc_seal_key));
explicit_bzero(&netr_info->client_credential,
sizeof (netr_info->client_credential));
explicit_bzero(&netr_info->server_credential,
sizeof (netr_info->server_credential));
extern struct netr_info netr_global_info;