xref: /titanic_41/usr/src/lib/smbsrv/libmlsvc/common/samlib.c (revision 4f4499478f0aa55fc93bcd8030ba3d128663ae70) 
1da6c28aaSamw /*
2da6c28aaSamw  * CDDL HEADER START
3da6c28aaSamw  *
4da6c28aaSamw  * The contents of this file are subject to the terms of the
5da6c28aaSamw  * Common Development and Distribution License (the "License").
6da6c28aaSamw  * You may not use this file except in compliance with the License.
7da6c28aaSamw  *
8da6c28aaSamw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw  * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw  * See the License for the specific language governing permissions
11da6c28aaSamw  * and limitations under the License.
12da6c28aaSamw  *
13da6c28aaSamw  * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw  * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw  * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw  * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw  *
19da6c28aaSamw  * CDDL HEADER END
20da6c28aaSamw  */
21148c5f43SAlan Wright 
22da6c28aaSamw /*
23148c5f43SAlan Wright  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24*4f449947SGordon Ross  * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
25da6c28aaSamw  */
26da6c28aaSamw 
27da6c28aaSamw /*
28da6c28aaSamw  * This module provides the high level interface to the SAM RPC
29da6c28aaSamw  * functions.
30da6c28aaSamw  */
31da6c28aaSamw 
32*4f449947SGordon Ross #include <sys/types.h>
33*4f449947SGordon Ross #include <sys/isa_defs.h>
34*4f449947SGordon Ross #include <sys/byteorder.h>
35*4f449947SGordon Ross 
36da6c28aaSamw #include <alloca.h>
37da6c28aaSamw 
38da6c28aaSamw #include <smbsrv/libsmb.h>
39da6c28aaSamw #include <smbsrv/libmlsvc.h>
40da6c28aaSamw #include <smbsrv/ntaccess.h>
418d7e4166Sjose borrego #include <lsalib.h>
428d7e4166Sjose borrego #include <samlib.h>
43da6c28aaSamw 
44*4f449947SGordon Ross #ifdef _LITTLE_ENDIAN
45*4f449947SGordon Ross /* little-endian values on little-endian */
46*4f449947SGordon Ross #define	htolel(x)	((uint32_t)(x))
47*4f449947SGordon Ross #define	letohl(x)	((uint32_t)(x))
48*4f449947SGordon Ross #else	/* (BYTE_ORDER == LITTLE_ENDIAN) */
49*4f449947SGordon Ross /* little-endian values on big-endian (swap) */
50*4f449947SGordon Ross #define	letohl(x) 	BSWAP_32(x)
51*4f449947SGordon Ross #define	htolel(x) 	BSWAP_32(x)
52*4f449947SGordon Ross #endif	/* (BYTE_ORDER == LITTLE_ENDIAN) */
53*4f449947SGordon Ross 
54da6c28aaSamw /*
55da6c28aaSamw  * Valid values for the OEM OWF password encryption.
56da6c28aaSamw  */
57da6c28aaSamw #define	SAM_KEYLEN		16
58da6c28aaSamw 
59*4f449947SGordon Ross static void samr_fill_userpw(struct samr_user_password *, const char *);
60*4f449947SGordon Ross static void samr_make_encrypted_password(
61*4f449947SGordon Ross 	struct samr_encr_passwd *epw,
62*4f449947SGordon Ross 	char *new_pw_clear,
63*4f449947SGordon Ross 	uint8_t *crypt_key);
64da6c28aaSamw 
65da6c28aaSamw 
66da6c28aaSamw /*
67*4f449947SGordon Ross  * Todo: Implement "unjoin" domain, which would use the
68*4f449947SGordon Ross  * sam_remove_trust_account code below.
69da6c28aaSamw  */
70da6c28aaSamw 
71da6c28aaSamw /*
72da6c28aaSamw  * sam_remove_trust_account
73da6c28aaSamw  *
74da6c28aaSamw  * Attempt to remove the workstation trust account for this system.
75da6c28aaSamw  * Administrator access is required to perform this operation.
76da6c28aaSamw  *
77da6c28aaSamw  * Returns NT status codes.
78da6c28aaSamw  */
79da6c28aaSamw DWORD
sam_remove_trust_account(char * server,char * domain)80da6c28aaSamw sam_remove_trust_account(char *server, char *domain)
81da6c28aaSamw {
82b89a8333Snatalie li - Sun Microsystems - Irvine United States 	char account_name[SMB_SAMACCT_MAXLEN];
83da6c28aaSamw 
84b89a8333Snatalie li - Sun Microsystems - Irvine United States 	if (smb_getsamaccount(account_name, SMB_SAMACCT_MAXLEN) != 0)
85b89a8333Snatalie li - Sun Microsystems - Irvine United States 		return (NT_STATUS_INTERNAL_ERROR);
86da6c28aaSamw 
87da6c28aaSamw 	return (sam_delete_account(server, domain, account_name));
88da6c28aaSamw }
89da6c28aaSamw 
90da6c28aaSamw 
91da6c28aaSamw /*
92da6c28aaSamw  * sam_delete_account
93da6c28aaSamw  *
94da6c28aaSamw  * Attempt to remove an account from the SAM database on the specified
95da6c28aaSamw  * server.
96da6c28aaSamw  *
97da6c28aaSamw  * Returns NT status codes.
98da6c28aaSamw  */
99da6c28aaSamw DWORD
sam_delete_account(char * server,char * domain_name,char * account_name)100da6c28aaSamw sam_delete_account(char *server, char *domain_name, char *account_name)
101da6c28aaSamw {
102da6c28aaSamw 	mlsvc_handle_t samr_handle;
103da6c28aaSamw 	mlsvc_handle_t domain_handle;
104da6c28aaSamw 	mlsvc_handle_t user_handle;
1057f667e74Sjose borrego 	smb_account_t ainfo;
106*4f449947SGordon Ross 	smb_sid_t *sid;
107da6c28aaSamw 	DWORD access_mask;
108da6c28aaSamw 	DWORD status;
109da6c28aaSamw 	int rc;
110a0aa776eSAlan Wright 	char user[SMB_USERNAME_MAXLEN];
111a0aa776eSAlan Wright 
112a0aa776eSAlan Wright 	smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
113da6c28aaSamw 
11455bf511dSas200622 	rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION,
11555bf511dSas200622 	    &samr_handle);
1167f667e74Sjose borrego 	if (rc != 0)
117*4f449947SGordon Ross 		return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
1187f667e74Sjose borrego 
119*4f449947SGordon Ross 	sid = samr_lookup_domain(&samr_handle, domain_name);
120*4f449947SGordon Ross 	if (sid == NULL) {
121*4f449947SGordon Ross 		status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
122*4f449947SGordon Ross 		goto out_samr_hdl;
123da6c28aaSamw 	}
124da6c28aaSamw 
125*4f449947SGordon Ross 	status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION,
126*4f449947SGordon Ross 	    (struct samr_sid *)sid, &domain_handle);
127*4f449947SGordon Ross 	if (status != NT_STATUS_SUCCESS)
128*4f449947SGordon Ross 		goto out_sid_ptr;
129*4f449947SGordon Ross 
1307f667e74Sjose borrego 	status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo);
131*4f449947SGordon Ross 	if (status != NT_STATUS_SUCCESS)
132*4f449947SGordon Ross 		goto out_dom_hdl;
133*4f449947SGordon Ross 
134da6c28aaSamw 	access_mask = STANDARD_RIGHTS_EXECUTE | DELETE;
13555bf511dSas200622 	status = samr_open_user(&domain_handle, access_mask,
1367f667e74Sjose borrego 	    ainfo.a_rid, &user_handle);
137*4f449947SGordon Ross 	if (status != NT_STATUS_SUCCESS)
138*4f449947SGordon Ross 		goto out_dom_hdl;
139*4f449947SGordon Ross 
140*4f449947SGordon Ross 	status = samr_delete_user(&user_handle);
141*4f449947SGordon Ross 
142da6c28aaSamw 	(void) samr_close_handle(&user_handle);
143*4f449947SGordon Ross out_dom_hdl:
144da6c28aaSamw 	(void) samr_close_handle(&domain_handle);
145*4f449947SGordon Ross out_sid_ptr:
1467f667e74Sjose borrego 	free(sid);
147*4f449947SGordon Ross out_samr_hdl:
1487f667e74Sjose borrego 	(void) samr_close_handle(&samr_handle);
149*4f449947SGordon Ross 
1507f667e74Sjose borrego 	return (status);
1517f667e74Sjose borrego }
15255bf511dSas200622 
15355bf511dSas200622 
15455bf511dSas200622 /*
155da6c28aaSamw  * sam_lookup_name
156da6c28aaSamw  *
157da6c28aaSamw  * Lookup an account name in the SAM database on the specified domain
158da6c28aaSamw  * controller. Provides the account RID on success.
159da6c28aaSamw  *
160da6c28aaSamw  * Returns NT status codes.
161da6c28aaSamw  */
162da6c28aaSamw DWORD
sam_lookup_name(char * server,char * domain_name,char * account_name,DWORD * rid_ret)163da6c28aaSamw sam_lookup_name(char *server, char *domain_name, char *account_name,
164da6c28aaSamw     DWORD *rid_ret)
165da6c28aaSamw {
166da6c28aaSamw 	mlsvc_handle_t samr_handle;
167da6c28aaSamw 	mlsvc_handle_t domain_handle;
1687f667e74Sjose borrego 	smb_account_t ainfo;
169da6c28aaSamw 	struct samr_sid *domain_sid;
170da6c28aaSamw 	int rc;
171da6c28aaSamw 	DWORD status;
172a0aa776eSAlan Wright 	char user[SMB_USERNAME_MAXLEN];
173a0aa776eSAlan Wright 
174a0aa776eSAlan Wright 	smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
175da6c28aaSamw 
176da6c28aaSamw 	*rid_ret = 0;
177da6c28aaSamw 
17855bf511dSas200622 	rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION,
17955bf511dSas200622 	    &samr_handle);
180da6c28aaSamw 
1817f667e74Sjose borrego 	if (rc != 0)
182da6c28aaSamw 		return (NT_STATUS_OPEN_FAILED);
183da6c28aaSamw 
1847f667e74Sjose borrego 	domain_sid = (struct samr_sid *)samr_lookup_domain(&samr_handle,
1857f667e74Sjose borrego 	    domain_name);
1867f667e74Sjose borrego 	if (domain_sid == NULL) {
187da6c28aaSamw 		(void) samr_close_handle(&samr_handle);
188da6c28aaSamw 		return (NT_STATUS_NO_SUCH_DOMAIN);
189da6c28aaSamw 	}
190da6c28aaSamw 
191da6c28aaSamw 	status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION,
192da6c28aaSamw 	    domain_sid, &domain_handle);
1937f667e74Sjose borrego 	if (status == NT_STATUS_SUCCESS) {
194da6c28aaSamw 		status = samr_lookup_domain_names(&domain_handle,
1957f667e74Sjose borrego 		    account_name, &ainfo);
1967f667e74Sjose borrego 		if (status == NT_STATUS_SUCCESS)
1977f667e74Sjose borrego 			*rid_ret = ainfo.a_rid;
198da6c28aaSamw 
199da6c28aaSamw 		(void) samr_close_handle(&domain_handle);
200da6c28aaSamw 	}
201da6c28aaSamw 
202da6c28aaSamw 	(void) samr_close_handle(&samr_handle);
203da6c28aaSamw 	return (status);
204da6c28aaSamw }
205da6c28aaSamw 
206da6c28aaSamw /*
207da6c28aaSamw  * sam_get_local_domains
208da6c28aaSamw  *
209da6c28aaSamw  * Query a remote server to get the list of local domains that it
210da6c28aaSamw  * supports.
211da6c28aaSamw  *
212da6c28aaSamw  * Returns NT status codes.
213da6c28aaSamw  */
214da6c28aaSamw DWORD
sam_get_local_domains(char * server,char * domain_name)215da6c28aaSamw sam_get_local_domains(char *server, char *domain_name)
216da6c28aaSamw {
217da6c28aaSamw 	mlsvc_handle_t samr_handle;
218da6c28aaSamw 	DWORD status;
219da6c28aaSamw 	int rc;
220a0aa776eSAlan Wright 	char user[SMB_USERNAME_MAXLEN];
221a0aa776eSAlan Wright 
222a0aa776eSAlan Wright 	smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
223da6c28aaSamw 
22455bf511dSas200622 	rc = samr_open(server, domain_name, user, SAM_ENUM_LOCAL_DOMAIN,
22555bf511dSas200622 	    &samr_handle);
226da6c28aaSamw 	if (rc != 0)
227da6c28aaSamw 		return (NT_STATUS_OPEN_FAILED);
228da6c28aaSamw 
229da6c28aaSamw 	status = samr_enum_local_domains(&samr_handle);
230da6c28aaSamw 	(void) samr_close_handle(&samr_handle);
231da6c28aaSamw 	return (status);
232da6c28aaSamw }
233da6c28aaSamw 
234da6c28aaSamw /*
235*4f449947SGordon Ross  * Set the account control flags on some account for which we
236*4f449947SGordon Ross  * have already opened a SAM handle with appropriate rights,
237*4f449947SGordon Ross  * passed in here as sam_handle, along with the new flags.
238da6c28aaSamw  */
239*4f449947SGordon Ross DWORD
netr_set_user_control(mlsvc_handle_t * user_handle,DWORD UserAccountControl)240*4f449947SGordon Ross netr_set_user_control(
241*4f449947SGordon Ross 	mlsvc_handle_t *user_handle,
242*4f449947SGordon Ross 	DWORD UserAccountControl)
243da6c28aaSamw {
244*4f449947SGordon Ross 	struct samr_SetUserInfo16 info;
245da6c28aaSamw 
246*4f449947SGordon Ross 	info.UserAccountControl = UserAccountControl;
247*4f449947SGordon Ross 	return (samr_set_user_info(user_handle, 16, &info));
248da6c28aaSamw }
2498d7e4166Sjose borrego 
250*4f449947SGordon Ross /*
251*4f449947SGordon Ross  * Set the password on some account, for which we have already
252*4f449947SGordon Ross  * opened a SAM handle with appropriate rights, passed in here
253*4f449947SGordon Ross  * as sam_handle, along with the new password as cleartext.
254*4f449947SGordon Ross  *
255*4f449947SGordon Ross  * This builds a struct SAMPR_USER_INTERNAL5_INFORMATION [MS-SAMR]
256*4f449947SGordon Ross  * containing the new password, encrypted with our session key.
257*4f449947SGordon Ross  */
258*4f449947SGordon Ross DWORD
netr_set_user_password(mlsvc_handle_t * user_handle,char * new_pw_clear)259*4f449947SGordon Ross netr_set_user_password(
260*4f449947SGordon Ross 	mlsvc_handle_t *user_handle,
261*4f449947SGordon Ross 	char *new_pw_clear)
2628d7e4166Sjose borrego {
263*4f449947SGordon Ross 	unsigned char ssn_key[SMBAUTH_HASH_SZ];
264*4f449947SGordon Ross 	struct samr_SetUserInfo24 info;
2658d7e4166Sjose borrego 
266*4f449947SGordon Ross 	if (ndr_rpc_get_ssnkey(user_handle, ssn_key, SMBAUTH_HASH_SZ))
267*4f449947SGordon Ross 		return (NT_STATUS_INTERNAL_ERROR);
268*4f449947SGordon Ross 
269*4f449947SGordon Ross 	(void) memset(&info, 0, sizeof (info));
270*4f449947SGordon Ross 	samr_make_encrypted_password(&info.encr_pw, new_pw_clear, ssn_key);
271*4f449947SGordon Ross 
272*4f449947SGordon Ross 	/* Rather not leave the session key around. */
273*4f449947SGordon Ross 	(void) memset(ssn_key, 0, sizeof (ssn_key));
274*4f449947SGordon Ross 
275*4f449947SGordon Ross 	return (samr_set_user_info(user_handle, 24, &info));
2768d7e4166Sjose borrego }
27729bd2886SAlan Wright 
278*4f449947SGordon Ross /*
279*4f449947SGordon Ross  * Change a password like NetUserChangePassword(),
280*4f449947SGordon Ross  * but where we already know which AD server to use,
281*4f449947SGordon Ross  * so we don't request the domain name or search for
282*4f449947SGordon Ross  * an AD server for that domain here.
283*4f449947SGordon Ross  */
284*4f449947SGordon Ross DWORD
netr_change_password(char * server,char * account,char * old_pw_clear,char * new_pw_clear)285*4f449947SGordon Ross netr_change_password(
286*4f449947SGordon Ross 	char *server,
287*4f449947SGordon Ross 	char *account,
288*4f449947SGordon Ross 	char *old_pw_clear,
289*4f449947SGordon Ross 	char *new_pw_clear)
290*4f449947SGordon Ross {
291*4f449947SGordon Ross 	struct samr_encr_passwd epw;
292*4f449947SGordon Ross 	struct samr_encr_hash old_hash;
293*4f449947SGordon Ross 	uint8_t old_nt_hash[SAMR_PWHASH_LEN];
294*4f449947SGordon Ross 	uint8_t new_nt_hash[SAMR_PWHASH_LEN];
295*4f449947SGordon Ross 	mlsvc_handle_t handle;
296*4f449947SGordon Ross 	DWORD rc;
297*4f449947SGordon Ross 
298*4f449947SGordon Ross 	/*
299*4f449947SGordon Ross 	 * Create an RPC handle to this server, bound to SAMR.
300*4f449947SGordon Ross 	 */
301*4f449947SGordon Ross 	rc = ndr_rpc_bind(&handle, server, "", "", "SAMR");
302*4f449947SGordon Ross 	if (rc)
303*4f449947SGordon Ross 		return (RPC_NT_SERVER_UNAVAILABLE);
304*4f449947SGordon Ross 
305*4f449947SGordon Ross 	/*
306*4f449947SGordon Ross 	 * Encrypt the new p/w (plus random filler) with the
307*4f449947SGordon Ross 	 * old password, and send the old p/w encrypted with
308*4f449947SGordon Ross 	 * the new p/w hash to prove we know the old p/w.
309*4f449947SGordon Ross 	 * Details:  [MS-SAMR 3.1.5.10.3]
310*4f449947SGordon Ross 	 */
311*4f449947SGordon Ross 	(void) smb_auth_ntlm_hash(old_pw_clear, old_nt_hash);
312*4f449947SGordon Ross 	(void) smb_auth_ntlm_hash(new_pw_clear, new_nt_hash);
313*4f449947SGordon Ross 	samr_make_encrypted_password(&epw, new_pw_clear, old_nt_hash);
314*4f449947SGordon Ross 
315*4f449947SGordon Ross 	(void) smb_auth_DES(old_hash.data, SAMR_PWHASH_LEN,
316*4f449947SGordon Ross 	    new_nt_hash, 14, /* key */
317*4f449947SGordon Ross 	    old_nt_hash, SAMR_PWHASH_LEN);
318*4f449947SGordon Ross 
319*4f449947SGordon Ross 	/*
320*4f449947SGordon Ross 	 * Finally, ready to try the OtW call.
321*4f449947SGordon Ross 	 */
322*4f449947SGordon Ross 	rc = samr_change_password(
323*4f449947SGordon Ross 	    &handle, server, account,
324*4f449947SGordon Ross 	    &epw, &old_hash);
325*4f449947SGordon Ross 
326*4f449947SGordon Ross 	/* Avoid leaving cleartext (or equivalent) around. */
327*4f449947SGordon Ross 	(void) memset(old_nt_hash, 0, sizeof (old_nt_hash));
328*4f449947SGordon Ross 	(void) memset(new_nt_hash, 0, sizeof (new_nt_hash));
329*4f449947SGordon Ross 
330*4f449947SGordon Ross 	ndr_rpc_unbind(&handle);
331*4f449947SGordon Ross 	return (rc);
3328d7e4166Sjose borrego }
3338d7e4166Sjose borrego 
334*4f449947SGordon Ross /*
335*4f449947SGordon Ross  * Build an encrypted password, as used by samr_set_user_info
336*4f449947SGordon Ross  * and samr_change_password.  Note: This builds the unencrypted
337*4f449947SGordon Ross  * form in one union arm, and encrypts it in the other union arm.
338*4f449947SGordon Ross  */
339*4f449947SGordon Ross void
samr_make_encrypted_password(struct samr_encr_passwd * epw,char * new_pw_clear,uint8_t * crypt_key)340*4f449947SGordon Ross samr_make_encrypted_password(
341*4f449947SGordon Ross 	struct samr_encr_passwd *epw,
342*4f449947SGordon Ross 	char *new_pw_clear,
343*4f449947SGordon Ross 	uint8_t *crypt_key)
344*4f449947SGordon Ross {
345*4f449947SGordon Ross 	union {
346*4f449947SGordon Ross 		struct samr_user_password u;
347*4f449947SGordon Ross 		struct samr_encr_passwd e;
348*4f449947SGordon Ross 	} pwu;
349*4f449947SGordon Ross 
350*4f449947SGordon Ross 	samr_fill_userpw(&pwu.u, new_pw_clear);
351*4f449947SGordon Ross 
352*4f449947SGordon Ross 	(void) smb_auth_RC4(pwu.e.data, sizeof (pwu.e.data),
353*4f449947SGordon Ross 	    crypt_key, SAMR_PWHASH_LEN,
354*4f449947SGordon Ross 	    pwu.e.data, sizeof (pwu.e.data));
355*4f449947SGordon Ross 
356*4f449947SGordon Ross 	(void) memcpy(epw->data, pwu.e.data, sizeof (pwu.e.data));
357*4f449947SGordon Ross 	(void) memset(pwu.e.data, 0, sizeof (pwu.e.data));
358*4f449947SGordon Ross }
359*4f449947SGordon Ross 
360*4f449947SGordon Ross /*
361*4f449947SGordon Ross  * This fills in a samr_user_password (a.k.a. SAMPR_USER_PASSWORD
362*4f449947SGordon Ross  * in the MS Net API) which has the new password "right justified"
363*4f449947SGordon Ross  * in the buffer, and any space on the left filled with random junk
364*4f449947SGordon Ross  * to improve the quality of the encryption that is subsequently
365*4f449947SGordon Ross  * applied to this buffer before it goes over the wire.
366*4f449947SGordon Ross  */
367*4f449947SGordon Ross static void
samr_fill_userpw(struct samr_user_password * upw,const char * new_pw)368*4f449947SGordon Ross samr_fill_userpw(struct samr_user_password *upw, const char *new_pw)
369*4f449947SGordon Ross {
370*4f449947SGordon Ross 	smb_wchar_t *pbuf;
371*4f449947SGordon Ross 	uint32_t pwlen_bytes;
372*4f449947SGordon Ross 	size_t pwlen_wchars;
373*4f449947SGordon Ross 
374*4f449947SGordon Ross 	/*
375*4f449947SGordon Ross 	 * First fill the whole buffer with the random junk.
376*4f449947SGordon Ross 	 * (Slightly less random when debugging:)
377*4f449947SGordon Ross 	 */
378*4f449947SGordon Ross #ifdef DEBUG
379*4f449947SGordon Ross 	(void) memset(upw->Buffer, '*', sizeof (upw->Buffer));
380*4f449947SGordon Ross #else
381*4f449947SGordon Ross 	randomize((char *)upw->Buffer, sizeof (upw->Buffer));
382*4f449947SGordon Ross #endif
383*4f449947SGordon Ross 
384*4f449947SGordon Ross 	/*
385*4f449947SGordon Ross 	 * Now overwrite the last pwlen characters of
386*4f449947SGordon Ross 	 * that buffer with the password, and set the
387*4f449947SGordon Ross 	 * length field so the receiving end knows where
388*4f449947SGordon Ross 	 * the junk ends and the real password starts.
389*4f449947SGordon Ross 	 */
390*4f449947SGordon Ross 	pwlen_wchars = smb_wcequiv_strlen(new_pw) / 2;
391*4f449947SGordon Ross 	if (pwlen_wchars > SAMR_USER_PWLEN)
392*4f449947SGordon Ross 		pwlen_wchars = SAMR_USER_PWLEN;
393*4f449947SGordon Ross 	pwlen_bytes = pwlen_wchars * 2;
394*4f449947SGordon Ross 
395*4f449947SGordon Ross 	pbuf = &upw->Buffer[SAMR_USER_PWLEN - pwlen_wchars];
396*4f449947SGordon Ross 	(void) smb_mbstowcs(pbuf, new_pw, pwlen_wchars);
397*4f449947SGordon Ross 
398*4f449947SGordon Ross 	/* Yes, this is in Bytes, not wchars. */
399*4f449947SGordon Ross 	upw->Length = htolel(pwlen_bytes);
4008d7e4166Sjose borrego }
401