;;; ntlm.el --- NTLM (NT LanManager) authentication support
-;; Copyright (C) 2001 Taro Kawagishi
+;; Copyright (C) 2001, 2007-2016 Free Software Foundation, Inc.
+
;; Author: Taro Kawagishi <tarok@transpulse.org>
-;; Keywords: NTLM, SASL
-;; Version: 1.00
+;; Maintainer: Thomas Fitzsimmons <fitzsim@fitzsim.org>
+;; Keywords: NTLM, SASL, comm
+;; Version: 2.0.0
;; Created: February 2001
-;; This program is free software; you can redistribute it and/or modify
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
-;; the Free Software Foundation; either version 2, or (at your option)
-;; any later version.
-;;
-;; This program is distributed in the hope that it will be useful,
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
-;;
+
;; You should have received a copy of the GNU General Public License
-;; along with this program; see the file COPYING. If not, write to the
-;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-;; Boston, MA 02111-1307, USA.
+;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
;;; Commentary:
;; This library is a direct translation of the Samba release 2.2.0
;; implementation of Windows NT and LanManager compatible password
;; encryption.
-;;
+;;
;; Interface functions:
-;;
+;;
;; ntlm-build-auth-request
;; This will return a binary string, which should be used in the
;; base64 encoded form and it is the caller's responsibility to encode
;; (which will be a binary string) as the first argument and to
;; encode the returned string with base64. The second argument user
;; should be given in user@domain format.
-;;
+;;
;; ntlm-get-password-hashes
;;
;;
;;; Code:
(require 'md4)
+(require 'hmac-md5)
+(require 'calc)
+
+(defgroup ntlm nil
+ "NTLM (NT LanManager) authentication."
+ :version "25.1"
+ :group 'comm)
+
+(defcustom ntlm-compatibility-level 5
+ "The NTLM compatibility level.
+Ordered from 0, the oldest, least-secure level through 5, the
+newest, most-secure level. Newer servers may reject lower
+levels. At levels 3 through 5, send LMv2 and NTLMv2 responses.
+At levels 0, 1 and 2, send LM and NTLM responses.
+
+In this implementation, levels 0, 1 and 2 are the same (old,
+insecure), and levels 3, 4 and 5 are the same (new, secure). If
+NTLM authentication isn't working at level 5, try level 0. The
+other levels are only present because other clients have six
+levels."
+ :type '(choice (const 0) (const 1) (const 2) (const 3) (const 4) (const 5)))
;;;
;;; NTLM authentication interface functions
(request-msgType (concat (make-string 1 1) (make-string 3 0)))
;0x01 0x00 0x00 0x00
(request-flags (concat (make-string 1 7) (make-string 1 178)
- (make-string 2 0)))
- ;0x07 0xb2 0x00 0x00
+ (make-string 1 8) (make-string 1 0)))
+ ;0x07 0xb2 0x08 0x00
lu ld off-d off-u)
(when (string-match "@" user)
(unless domain
(md4-pack-int16 ld) ;domain field, count field
(md4-pack-int16 ld) ;domain field, max count field
(md4-pack-int32 (cons 0 off-d)) ;domain field, offset field
- user ;bufer field
- domain ;bufer field
+ user ;buffer field
+ domain ;buffer field
)))
+(eval-when-compile
+ (defmacro ntlm-string-as-unibyte (string)
+ (if (fboundp 'string-as-unibyte)
+ `(string-as-unibyte ,string)
+ string))
+ (defmacro ntlm-string-make-unibyte (string)
+ (if (fboundp 'string-make-unibyte)
+ `(string-make-unibyte ,string)
+ string))
+ (defmacro ntlm-unibyte-string (&rest bytes)
+ (if (fboundp 'unibyte-string)
+ `(unibyte-string ,@bytes)
+ `(concat (vector ,@bytes)))))
+
+(eval-and-compile
+ (autoload 'sha1 "sha1")
+ (if (fboundp 'secure-hash)
+ (defalias 'ntlm-secure-hash 'secure-hash)
+ (defun ntlm-secure-hash (algorithm object &optional start end binary)
+ "Return the secure hash of OBJECT, a buffer or string.
+ALGORITHM is a symbol specifying the hash to use: md5, sha1.
+
+The two optional arguments START and END are positions specifying for
+which part of OBJECT to compute the hash. If nil or omitted, uses the
+whole OBJECT.
+
+If BINARY is non-nil, returns a string in binary form."
+ (cond ((eq algorithm 'md5)
+ (if binary
+ (let* ((hex (md5 object start end))
+ (len (length hex))
+ (beg 0)
+ rest)
+ (while (< beg len)
+ (push (ntlm-string-make-unibyte
+ (char-to-string
+ (string-to-number
+ (substring hex beg (setq beg (+ beg 2)))
+ 16)))
+ rest))
+ (apply #'concat (nreverse rest)))
+ (md5 object start end)))
+ ((eq algorithm 'sha1)
+ (sha1 object start end binary))
+ (t
+ (error "(ntlm-secure-hash) Unsupported algorithm: %s"
+ algorithm))))))
+
+(defun ntlm-compute-timestamp ()
+ "Compute an NTLMv2 timestamp.
+Return a unibyte string representing the number of tenths of a
+microsecond since January 1, 1601 as a 64-bit little-endian
+signed integer."
+ (let* ((s-to-tenths-of-us "mul(add(lsh($1,16),$2),10000000)")
+ (us-to-tenths-of-us "mul($3,10)")
+ (ps-to-tenths-of-us "idiv($4,100000)")
+ (tenths-of-us-since-jan-1-1601
+ (apply 'calc-eval (concat "add(add(add("
+ s-to-tenths-of-us ","
+ us-to-tenths-of-us "),"
+ ps-to-tenths-of-us "),"
+ ;; tenths of microseconds between
+ ;; 1601-01-01 and 1970-01-01
+ "116444736000000000)")
+ ;; add trailing zeros to support old current-time formats
+ 'rawnum (append (current-time) '(0 0))))
+ result-bytes)
+ (dotimes (byte 8)
+ (push (calc-eval "and($1,16#FF)" 'rawnum tenths-of-us-since-jan-1-1601)
+ result-bytes)
+ (setq tenths-of-us-since-jan-1-1601
+ (calc-eval "rsh($1,8,64)" 'rawnum tenths-of-us-since-jan-1-1601)))
+ (apply 'ntlm-unibyte-string (nreverse result-bytes))))
+
+(defun ntlm-generate-nonce ()
+ "Generate a random nonce, not to be used more than once.
+Return a random eight byte unibyte string."
+ (ntlm-unibyte-string
+ (random 256) (random 256) (random 256) (random 256)
+ (random 256) (random 256) (random 256) (random 256)))
+
(defun ntlm-build-auth-response (challenge user password-hashes)
"Return the response string to a challenge string CHALLENGE given by
the NTLM based server for the user USER and the password hash list
PASSWORD-HASHES. NTLM uses two hash values which are represented
by PASSWORD-HASHES. PASSWORD-HASHES should be a return value of
- (list (smb-passwd-hash password) (ntlm-md4hash password))"
- (let* ((rchallenge (string-as-unibyte challenge))
+ (list (ntlm-smb-passwd-hash password) (ntlm-md4hash password))"
+ (let* ((rchallenge (ntlm-string-as-unibyte challenge))
;; get fields within challenge struct
;;(ident (substring rchallenge 0 8)) ;ident, 8 bytes
;;(msgType (substring rchallenge 8 12)) ;msgType, 4 bytes
uDomain-len uDomain-offs
;; response struct and its fields
lmRespData ;lmRespData, 24 bytes
- ntRespData ;ntRespData, 24 bytes
+ ntRespData ;ntRespData, variable length
domain ;ascii domain string
- lu ld off-lm off-nt off-d off-u off-w off-s)
+ lu ld ln off-lm off-nt off-d off-u off-w off-s)
;; extract domain string from challenge string
(setq uDomain-len (md4-unpack-int16 (substring uDomain 0 2)))
(setq uDomain-offs (md4-unpack-int32 (substring uDomain 4 8)))
(setq domain (substring user (1+ (match-beginning 0))))
(setq user (substring user 0 (match-beginning 0))))
- ;; generate response data
- (setq lmRespData
- (smb-owf-encrypt (car password-hashes) challengeData))
- (setq ntRespData
- (smb-owf-encrypt (cadr password-hashes) challengeData))
+ (unless (and (integerp ntlm-compatibility-level)
+ (>= ntlm-compatibility-level 0)
+ (<= ntlm-compatibility-level 5))
+ (error "Invalid ntlm-compatibility-level value"))
+ (if (and (>= ntlm-compatibility-level 3)
+ (<= ntlm-compatibility-level 5))
+ ;; extract target information block, if it is present
+ (if (< (cdr uDomain-offs) 48)
+ (error "Failed to find target information block")
+ (let* ((targetInfo-len (md4-unpack-int16 (substring rchallenge
+ 40 42)))
+ (targetInfo-offs (md4-unpack-int32 (substring rchallenge
+ 44 48)))
+ (targetInfo (substring rchallenge
+ (cdr targetInfo-offs)
+ (+ (cdr targetInfo-offs)
+ targetInfo-len)))
+ (upcase-user (upcase (ntlm-ascii2unicode user (length user))))
+ (ntlmv2-hash (hmac-md5 (concat upcase-user
+ (ntlm-ascii2unicode
+ domain (length domain)))
+ (cadr password-hashes)))
+ (nonce (ntlm-generate-nonce))
+ (blob (concat (make-string 2 1)
+ (make-string 2 0) ; blob signature
+ (make-string 4 0) ; reserved value
+ (ntlm-compute-timestamp) ; timestamp
+ nonce ; client nonce
+ (make-string 4 0) ; unknown
+ targetInfo ; target info
+ (make-string 4 0))) ; unknown
+ ;; for reference: LMv2 interim calculation
+ ;; (lm-interim (hmac-md5 (concat challengeData nonce)
+ ;; ntlmv2-hash))
+ (nt-interim (hmac-md5 (concat challengeData blob)
+ ntlmv2-hash)))
+ ;; for reference: LMv2 field, but match other clients that
+ ;; send all zeros
+ ;; (setq lmRespData (concat lm-interim nonce))
+ (setq lmRespData (make-string 24 0))
+ (setq ntRespData (concat nt-interim blob))))
+ ;; compatibility level is 2, 1 or 0
+ ;; level 2 should be treated specially but it's not clear how,
+ ;; so just treat it the same as levels 0 and 1
+ ;; check if "negotiate NTLM2 key" flag is set in type 2 message
+ (if (not (zerop (logand (aref flags 2) 8)))
+ (let (randomString
+ sessionHash)
+ ;; generate NTLM2 session response data
+ (setq randomString (ntlm-generate-nonce))
+ (setq sessionHash (ntlm-secure-hash
+ 'md5 (concat challengeData randomString)
+ nil nil t))
+ (setq sessionHash (substring sessionHash 0 8))
+ (setq lmRespData (concat randomString (make-string 16 0)))
+ (setq ntRespData (ntlm-smb-owf-encrypt
+ (cadr password-hashes) sessionHash)))
+ ;; generate response data
+ (setq lmRespData
+ (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
+ (setq ntRespData
+ (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
;; get offsets to fields to pack the response struct in a string
(setq lu (length user))
(setq ld (length domain))
+ (setq ln (length ntRespData))
(setq off-lm 64) ;offset to string 'lmResponse
(setq off-nt (+ 64 24)) ;offset to string 'ntResponse
- (setq off-d (+ 64 48)) ;offset to string 'uDomain
- (setq off-u (+ 64 48 (* 2 ld))) ;offset to string 'uUser
- (setq off-w (+ 64 48 (* 2 (+ ld lu)))) ;offset to string 'uWks
- (setq off-s (+ 64 48 (* 2 (+ ld lu lu)))) ;offset to string 'sessionKey
+ (setq off-d (+ 64 24 ln)) ;offset to string 'uDomain
+ (setq off-u (+ 64 24 ln (* 2 ld))) ;offset to string 'uUser
+ (setq off-w (+ 64 24 ln (* 2 (+ ld lu)))) ;offset to string 'uWks
+ (setq off-s (+ 64 24 ln (* 2 (+ ld lu lu)))) ;offset to string 'sessionKey
;; pack the response struct in a string
(concat "NTLMSSP\0" ;response ident field, 8 bytes
(md4-pack-int32 '(0 . 3)) ;response msgType field, 4 bytes
(md4-pack-int32 (cons 0 off-lm)) ;field offset
;; ntResponse field, 8 bytes
- ;;AddBytes(response,ntResponse,ntRespData,24);
- (md4-pack-int16 24) ;len field
- (md4-pack-int16 24) ;maxlen field
+ ;;AddBytes(response,ntResponse,ntRespData,ln);
+ (md4-pack-int16 ln) ;len field
+ (md4-pack-int16 ln) ;maxlen field
(md4-pack-int32 (cons 0 off-nt)) ;field offset
;; uDomain field, 8 bytes
;; buffer field
lmRespData ;lmResponse, 24 bytes
ntRespData ;ntResponse, 24 bytes
- (ntlm-ascii2unicode domain ;unicode domain string, 2*ld bytes
+ (ntlm-ascii2unicode domain ;Unicode domain string, 2*ld bytes
(length domain)) ;
- (ntlm-ascii2unicode user ;unicode user string, 2*lu bytes
+ (ntlm-ascii2unicode user ;Unicode user string, 2*lu bytes
(length user)) ;
- (ntlm-ascii2unicode user ;unicode user string, 2*lu bytes
+ (ntlm-ascii2unicode user ;Unicode user string, 2*lu bytes
(length user)) ;
)))
(defun ntlm-get-password-hashes (password)
- "Return a pair of SMB hash and NT MD4 hash of the given password PASSWORD"
- (list (smb-passwd-hash password)
+ "Return a pair of SMB hash and NT MD4 hash of the given password PASSWORD."
+ (list (ntlm-smb-passwd-hash password)
(ntlm-md4hash password)))
(defun ntlm-ascii2unicode (str len)
j (+ 2 j)))
buf))
-(defun smb-passwd-hash (passwd)
+(defun ntlm-smb-passwd-hash (passwd)
"Return the SMB password hash string of 16 bytes long for the given password
string PASSWD. PASSWD is truncated to 14 bytes if longer."
(let ((len (min (length passwd) 14)))
- (smbdes-e-p16
+ (ntlm-smb-des-e-p16
(concat (substring (upcase passwd) 0 len) ;fill top 14 bytes with passwd
(make-string (- 15 len) 0)))))
-(defun smb-owf-encrypt (passwd c8)
+(defun ntlm-smb-owf-encrypt (passwd c8)
"Return the response string of 24 bytes long for the given password
string PASSWD based on the DES encryption. PASSWD is of at most 14
bytes long and the challenge string C8 of 8 bytes long."
(let ((len (min (length passwd) 16)) p22)
(setq p22 (concat (substring passwd 0 len) ;fill top 16 bytes with passwd
(make-string (- 22 len) 0)))
- (smbdes-e-p24 p22 c8)))
+ (ntlm-smb-des-e-p24 p22 c8)))
-(defun smbdes-e-p24 (p22 c8)
+(defun ntlm-smb-des-e-p24 (p22 c8)
"Return a 24 bytes hashed string for a 21 bytes string P22 and a 8 bytes
string C8."
- (concat (smbhash c8 p22 t) ;hash first 8 bytes of p22
- (smbhash c8 (substring p22 7) t)
- (smbhash c8 (substring p22 14) t)))
+ (concat (ntlm-smb-hash c8 p22 t) ;hash first 8 bytes of p22
+ (ntlm-smb-hash c8 (substring p22 7) t)
+ (ntlm-smb-hash c8 (substring p22 14) t)))
-(defconst smb-sp8 [75 71 83 33 64 35 36 37])
+(defconst ntlm-smb-sp8 [75 71 83 33 64 35 36 37])
-(defun smbdes-e-p16 (p15)
+(defun ntlm-smb-des-e-p16 (p15)
"Return a 16 bytes hashed string for a 15 bytes string P15."
- (concat (smbhash smb-sp8 p15 t) ;hash of first 8 bytes of p15
- (smbhash smb-sp8 (substring p15 7) t) ;hash of last 8 bytes of p15
- ))
+ (concat (ntlm-smb-hash ntlm-smb-sp8 p15 t) ;hash of first 8 bytes of p15
+ (ntlm-smb-hash ntlm-smb-sp8 ;hash of last 8 bytes of p15
+ (substring p15 7) t)))
-(defun smbhash (in key forw)
+(defun ntlm-smb-hash (in key forw)
"Return the hash string of length 8 for a string IN of length 8 and
a string KEY of length 8. FORW is t or nil."
(let ((out (make-string 8 0))
outb ;string of length 64
(inb (make-string 64 0))
(keyb (make-string 64 0))
- (key2 (smb-str-to-key key))
+ (key2 (ntlm-smb-str-to-key key))
(i 0) aa)
(while (< i 64)
(unless (zerop (logand (aref in (/ i 8)) (lsh 1 (- 7 (% i 8)))))
(unless (zerop (logand (aref key2 (/ i 8)) (lsh 1 (- 7 (% i 8)))))
(aset keyb i 1))
(setq i (1+ i)))
- (setq outb (smb-dohash inb keyb forw))
+ (setq outb (ntlm-smb-dohash inb keyb forw))
(setq i 0)
(while (< i 64)
(unless (zerop (aref outb i))
(setq i (1+ i)))
out))
-(defun smb-str-to-key (str)
+(defun ntlm-smb-str-to-key (str)
"Return a string of length 8 for the given string STR of length 7."
(let ((key (make-string 8 0))
(i 7))
(setq i (1- i)))
key))
-(defconst smb-perm1 [57 49 41 33 25 17 9
+(defconst ntlm-smb-perm1 [57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
14 6 61 53 45 37 29
21 13 5 28 20 12 4])
-(defconst smb-perm2 [14 17 11 24 1 5
+(defconst ntlm-smb-perm2 [14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
44 49 39 56 34 53
46 42 50 36 29 32])
-(defconst smb-perm3 [58 50 42 34 26 18 10 2
+(defconst ntlm-smb-perm3 [58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7])
-(defconst smb-perm4 [32 1 2 3 4 5
+(defconst ntlm-smb-perm4 [32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
24 25 26 27 28 29
28 29 30 31 32 1])
-(defconst smb-perm5 [16 7 20 21
+(defconst ntlm-smb-perm5 [16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
19 13 30 6
22 11 4 25])
-(defconst smb-perm6 [40 8 48 16 56 24 64 32
+(defconst ntlm-smb-perm6 [40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25])
-(defconst smb-sc [1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1])
+(defconst ntlm-smb-sc [1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1])
-(defconst smb-sbox [[[14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7]
+(defconst ntlm-smb-sbox [[[14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7]
[ 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8]
[ 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0]
[15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13]]
[ 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8]
[ 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11]]])
-(defsubst string-permute (in perm n)
+(defsubst ntlm-string-permute (in perm n)
"Return a string of length N for a string IN and a permutation vector
PERM of size N. The length of IN should be height of PERM."
(let ((i 0) (out (make-string n 0)))
(setq i (1+ i)))
out))
-(defsubst string-lshift (str count len)
+(defsubst ntlm-string-lshift (str count len)
"Return a string by circularly shifting a string STR by COUNT to the left.
length of STR is LEN."
(let ((c (% count len)))
(concat (substring str c len) (substring str 0 c))))
-(defsubst string-xor (in1 in2 n)
+(defsubst ntlm-string-xor (in1 in2 n)
"Return exclusive-or of sequences in1 and in2"
(let ((w (make-string n 0)) (i 0))
(while (< i n)
(setq i (1+ i)))
w))
-(defun smb-dohash (in key forw)
+(defun ntlm-smb-dohash (in key forw)
"Return the hash value for a string IN and a string KEY.
-Length of IN and KEY are 64. FORW non nill means forward, nil means
+Length of IN and KEY are 64. FORW non-nil means forward, nil means
backward."
(let (pk1 ;string of length 56
c ;string of length 28
r ;string of length 32
rl ;string of length 64
(i 0) (j 0) (k 0))
- (setq pk1 (string-permute key smb-perm1 56))
+ (setq pk1 (ntlm-string-permute key ntlm-smb-perm1 56))
(setq c (substring pk1 0 28))
(setq d (substring pk1 28 56))
(setq i 0)
(while (< i 16)
- (setq c (string-lshift c (aref smb-sc i) 28))
- (setq d (string-lshift d (aref smb-sc i) 28))
+ (setq c (ntlm-string-lshift c (aref ntlm-smb-sc i) 28))
+ (setq d (ntlm-string-lshift d (aref ntlm-smb-sc i) 28))
(setq cd (concat (substring c 0 28) (substring d 0 28)))
- (aset ki i (string-permute cd smb-perm2 48))
+ (aset ki i (ntlm-string-permute cd ntlm-smb-perm2 48))
(setq i (1+ i)))
- (setq pd1 (string-permute in smb-perm3 64))
+ (setq pd1 (ntlm-string-permute in ntlm-smb-perm3 64))
(setq l (substring pd1 0 32))
(setq r (substring pd1 32 64))
r2 ;string of length 32
jj m n bj sbox-jmn)
(while (< i 16)
- (setq er (string-permute r smb-perm4 48))
- (setq erk (string-xor er
+ (setq er (ntlm-string-permute r ntlm-smb-perm4 48))
+ (setq erk (ntlm-string-xor er
(aref ki (if forw i (- 15 i)))
48))
(setq j 0)
(lsh (aref bj 3) 1)
(aref bj 4)))
(setq k 0)
- (setq sbox-jmn (aref (aref (aref smb-sbox j) m) n))
+ (setq sbox-jmn (aref (aref (aref ntlm-smb-sbox j) m) n))
(while (< k 4)
(aset bj k
(if (zerop (logand sbox-jmn (lsh 1 (- 3 k))))
(setq cb (concat cb (substring (aref b j) 0 4)))
(setq j (1+ j)))
- (setq pcb (string-permute cb smb-perm5 32))
- (setq r2 (string-xor l pcb 32))
+ (setq pcb (ntlm-string-permute cb ntlm-smb-perm5 32))
+ (setq r2 (ntlm-string-xor l pcb 32))
(setq l r)
(setq r r2)
(setq i (1+ i))))
(setq rl (concat r l))
- (string-permute rl smb-perm6 64)))
+ (ntlm-string-permute rl ntlm-smb-perm6 64)))
(defun ntlm-md4hash (passwd)
"Return the 16 bytes MD4 hash of a string PASSWD after converting it
(setq len (length passwd))
(if (> len 128)
(setq len 128))
- ;; Password must be converted to NT unicode
+ ;; Password must be converted to NT Unicode
(setq wpwd (ntlm-ascii2unicode passwd len))
;; Calculate length in bytes
(setq len (* len 2))
projects / gnus / blobdiff