Age | Commit message (Collapse) | Author | Files | Lines |
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
_use_ user session key.
(This used to be commit be6a6b13939798a9c7242b38864f0ce842391a74)
|
|
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
|
|
(This used to be commit e885027eb705ab13c2800b8995661accad841643)
|
|
NT refuses to play nice, and establish a trust relationship.
(This used to be commit 98c42764fba365d612a8ae4b3172b03367066112)
|
|
smbpasswd so it can be used to set up inter-domain trust account.
(This used to be commit 99ec0620c3bf4af96440c684f880d414659de2e9)
|
|
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
(This used to be commit 97ec74e1fa99d773812d2df402251fafb76b181c)
|
|
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
|
|
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.
(This used to be commit a51f62f4cf610c23e45251cedb543144747a3e54)
|
|
actually for.
(This used to be commit f973195b5cf9631bdb0206bf0fd16e23d5e70e4e)
|
|
Windows 95. i can just imagine some people saying "it dunna wurk on
my box at home", and me having to reply, "i dunna care".
(This used to be commit b31de1640728ebcdc87cdb887cd74a288e180ed7)
|
|
(This used to be commit 28a63ac24d7d2344f005440ca099b255be04521b)
|
|
(This used to be commit d8d1daff6f84e95b9e34ec96ed6bd6ccc0ea9623)
|
|
(This used to be commit 3a6900ad7ba0719806d05ae90bbf8b3323ee551f)
|
|
(This used to be commit 9eef1817f8f29c2d69832806b394658cf2cce5e9)
|
|
(This used to be commit a46b33079fdcdbbbd622002cb790e20ed25ccd03)
|
|
have the string max length = string length + 1.
if not, then it gets its knickers in a twist over whether the string
is NULL-terminated or not.
four days.
four days i spent on this one.
(This used to be commit 9795e5948c698115e34c28993cdb82ba31377f5d)
|
|
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
(This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)
|
|
after them is incredible. how did we get away with this for so long?
(This used to be commit 3152bde7d855d189f6f8ab9e6291828579cde2d0)
|
|
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)
|
|
believe the XXXX that MIGHT be involved in getting nt5rc2 to join
a samba domain...
(This used to be commit 569babb3935950c1b64396955541abf276cc1d92)
|
|
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
|
|
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
(This used to be commit a8801942f72b2394a54e4a46546029fac70efeed)
|
|
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
|
|
a char*. now copes with multiple types.
(This used to be commit 3df7c903c5b70f336294a95ad864aedbacf544b0)
|
|
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
|
|
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
|
|
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
(This used to be commit 71f12138679251a9ebcada35969d9baea286a3e9)
|
|
password changes are allowed or not. *dur*!!!!
(This used to be commit b51fa05c820c4629b278dc294ad0a405ee470a6e)
|
|
next_token() should not have line to parse as first arg. oops.
(This used to be commit 3273bc068d0e0a8eefc92f9b21db47f239b76d21)
|
|
sending anonymous NTLMSSP user credentials to set up \PIPE\samr.
added anonymous NTLMSSP sessions.
(This used to be commit df5ee2bd427ccd5fcf27fd3c366e06e037bc4f1e)
|
|
happier in joining a Samba domain.
(This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
|
|
(This used to be commit 60b0840106a6f5c283a8339428f3cfeb62398355)
|
|
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
|
|
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
|
|
(This used to be commit cc2ce2b755b12cb3d97522aaee69b93309571abc)
|
|
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c8d120f0c11fa63061f2786098e3357)
|
|
oops!
(This used to be commit ea1d5af105cc0df8d6523d0a734827ee47e1f58c)
|
|
spoolss_enumjobs parsing code to do read / writes not just writes.
(This used to be commit bc659a09f9103eee9616279e27fafacf89dcd9b9)
|
|
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
|
|
(This used to be commit 6d27c5f32dab7607398ae907eadb1c27a416da0d)
|
|
Removed confusing 'writeable = no' parameter from example [printers]
entry.
(This used to be commit 31f0a7a334a2075c7a3998531b55fb4def0106cf)
|
|
(This used to be commit 0f9d661ca2560e88a04bc529ba41ac4cf1579fa4)
|
|
(This used to be commit 681cbb9ec1310fa81f4da40ef0cfed92500b5f4e)
|
|
(This used to be commit 6947f8fac7d6d643a265fdcb56b2a390b9a9a1c0)
|
|
(This used to be commit 0249ae50ad8135cf3fd11a3b85f771f2347fcb29)
|
|
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa977385cdd5f572a51f654f14d893347d7b)
|
|
experimental spoolopen <printer name> command added.
jean-francois, f.y.i. i changed the #define for SPOOLSS_OPENPRINTEREX from
op code 0x44 to 0x45.
(This used to be commit ef7fa58fd3c259c765c3bc82424d4c0f192ec90e)
|
|
(This used to be commit c86edef90e7c96d5a99be29e2d2a3679ed26d97d)
|
|
Samba domain via rpcclient.
Copyright (c) David Bannon 1999
David Bannon, D.Bannon@latrobe.edu.au, 4th November, 1999
(This used to be commit 51747ecf6adbb89695a1a8b8fbb98e9f6b7d2290)
|