summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
1999-11-21you know what? this sort of thing makes me laugh. hmm, what functionsLuke Leighton7-6/+48
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
1999-11-21hmmm... have to add client-side support in domain_client_validate() toLuke Leighton4-18/+42
_use_ user session key. (This used to be commit be6a6b13939798a9c7242b38864f0ce842391a74)
1999-11-21adding user session key into network netlogon response.Luke Leighton4-24/+53
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
1999-11-21moving create user function into msrpc_samr.cLuke Leighton2-51/+62
(This used to be commit e885027eb705ab13c2800b8995661accad841643)
1999-11-20oops, #ifdef'd cli_shutdown out, as the fun has _already_ started:Luke Leighton1-2/+1
NT refuses to play nice, and establish a trust relationship. (This used to be commit 98c42764fba365d612a8ae4b3172b03367066112)
1999-11-20attempting to establish inter-domain trust relationships. modifiedLuke Leighton2-28/+117
smbpasswd so it can be used to set up inter-domain trust account. (This used to be commit 99ec0620c3bf4af96440c684f880d414659de2e9)
1999-11-20modified domain_client_validate to take trust account name / type. thisLuke Leighton7-15/+108
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and SEC_CHAN_WKSTA. modified check_domain_security to determine if domain name is own domain, and to use wksta trust account if so, otherwise check "trusting domains" parameter and use inter-domain trust account if so, otherwise return False. (This used to be commit 97ec74e1fa99d773812d2df402251fafb76b181c)
1999-11-20doing a code reshuffle. want to add code to establish trust relationships.Luke Leighton9-1746/+2078
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()Luke Leighton2-0/+4
some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT() some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT() some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops. (This used to be commit a51f62f4cf610c23e45251cedb543144747a3e54)
1999-11-20adding bits about SAM database security, and what the SAM commands areLuke Leighton1-5/+30
actually for. (This used to be commit f973195b5cf9631bdb0206bf0fd16e23d5e70e4e)
1999-11-20explicit reference to tell people that rpcclient doesn't work withLuke Leighton1-0/+5
Windows 95. i can just imagine some people saying "it dunna wurk on my box at home", and me having to reply, "i dunna care". (This used to be commit b31de1640728ebcdc87cdb887cd74a288e180ed7)
1999-11-20yodl updateLuke Leighton4-32/+156
(This used to be commit 28a63ac24d7d2344f005440ca099b255be04521b)
1999-11-20oops.Luke Leighton1-1/+1
(This used to be commit d8d1daff6f84e95b9e34ec96ed6bd6ccc0ea9623)
1999-11-20adding some command descriptions behind the rpcclient commands.Luke Leighton1-14/+75
(This used to be commit 3a6900ad7ba0719806d05ae90bbf8b3323ee551f)
1999-11-19yodl update - rpcclientLuke Leighton9-16/+2065
(This used to be commit 9eef1817f8f29c2d69832806b394658cf2cce5e9)
1999-11-19added an rpcclient man page. wow!Luke Leighton3-5/+789
(This used to be commit a46b33079fdcdbbbd622002cb790e20ed25ccd03)
1999-11-19nt5rc2 falling over because the LsaQueryInfoPolicy() response _must_Luke Leighton3-2/+5
have the string max length = string length + 1. if not, then it gets its knickers in a twist over whether the string is NULL-terminated or not. four days. four days i spent on this one. (This used to be commit 9795e5948c698115e34c28993cdb82ba31377f5d)
1999-11-19The First Necessary UNICODE String Support.Luke Leighton3-32/+83
the random workstation trust account password is TOTAL garbage. i mean, complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore we can't just take every second character. created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)). followed through to the password setting in srv_samr.c (This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)
1999-11-19- surprise! the number of UNICODE strings that didn't have alignmentLuke Leighton1-0/+20
after them is incredible. how did we get away with this for so long? (This used to be commit 3152bde7d855d189f6f8ab9e6291828579cde2d0)
1999-11-19- bug in nmbd registering DOMAIN_NAME<1c> to WINS server; recursionLuke Leighton7-8/+124
desired flag MUST be set in any NBT UDP packets sent to a WINS server, else they will go to the WINS client side of the NT NetBIOS kernel instead, and will get trashed. - added \PIPE\browser server-side code. (This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)
1999-11-19added \PIPE\browser plus experimental brsinfo command. you wouldn'tLuke Leighton10-2/+491
believe the XXXX that MIGHT be involved in getting nt5rc2 to join a samba domain... (This used to be commit 569babb3935950c1b64396955541abf276cc1d92)
1999-11-18responses to UDP samquery go back to SERVER<00> not DOMAIN<1c>, theLuke Leighton4-14/+24
request name. modified createuser rpcclient command to examine name being added. if it ends in a $, assume that a workstation trust account is being added. (This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
1999-11-18set "key does not exist" response to reg_query_val() (win32 status codeLuke Leighton5-10/+70
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff]. (This used to be commit a8801942f72b2394a54e4a46546029fac70efeed)
1999-11-18added samuserset2 rpcclient command to test ACB_XXX bit-setting onLuke Leighton7-11/+571
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join a samba domain. what _is_ it with this stuff, dammit? (This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
1999-11-18updating reg_value_info() parsing code to take BUFFER2 instead of justLuke Leighton6-46/+55
a char*. now copes with multiple types. (This used to be commit 3df7c903c5b70f336294a95ad864aedbacf544b0)
1999-11-18added regqueryval command (experimental) to get reg_io_q_info() andLuke Leighton12-124/+262
reg_io_r_info() working properly. previously they weren't well understood (well, they were the first of the registry functions i did, back in december 97, ok??? :-) set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv. (This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton9-43/+101
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-11-16added two new params: "trusted domains" and "trusting domains".Luke Leighton5-8/+50
these _may_ not actually ever get used, as trust relationships really need to be established with shared secrets, and you need to get the SID of the trusted and trusting domains, so this may have to go in a private/xxx.mac file. (This used to be commit 71f12138679251a9ebcada35969d9baea286a3e9)
1999-11-16added another dummy key so that NT5 can check in the registry whetherLuke Leighton1-1/+2
password changes are allowed or not. *dur*!!!! (This used to be commit b51fa05c820c4629b278dc294ad0a405ee470a6e)
1999-11-16oops, mistake in parsing command-arguments. repeated calls toLuke Leighton1-1/+1
next_token() should not have line to parse as first arg. oops. (This used to be commit 3273bc068d0e0a8eefc92f9b21db47f239b76d21)
1999-11-16Shirish Kalele <kalele@veritas.com> noticed that NT workstations areLuke Leighton1-18/+51
sending anonymous NTLMSSP user credentials to set up \PIPE\samr. added anonymous NTLMSSP sessions. (This used to be commit df5ee2bd427ccd5fcf27fd3c366e06e037bc4f1e)
1999-11-16Changes to implement NET_AUTH based on NET_AUTH2, to get Win2000Richard Sharpe3-4/+151
happier in joining a Samba domain. (This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
1999-11-15added server-side samr enum domains. fixed some parsing issues, server-side.Luke Leighton4-16/+90
(This used to be commit 60b0840106a6f5c283a8339428f3cfeb62398355)
1999-11-15added rpcclient "enumdomains" command. enumerates names of domainsLuke Leighton7-1/+457
for which a PDC is responsible. typical answers are: <Name of Domain> plus <Builtin>. against a hierarchical, down-level-compatible NT5 PDC, there's likely to be more than these two entries!!!!! (This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
1999-11-15- added DCE/RPC "fault" PDU support.Luke Leighton11-16/+152
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be re-enabled but to be replaced with a better mechanism. - added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is sending DCE/RPC over SMBwrite not SMBwriteX. (This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
1999-11-12split array-handling functions into separate module.Luke Leighton3-224/+249
(This used to be commit cc2ce2b755b12cb3d97522aaee69b93309571abc)
1999-11-09debugging rpcclient spoolenum and spooljobs commands. oh, did i forgetLuke Leighton10-103/+580
to mention, there's a spooljobs <printer name> command, and it uses command-line completion? prints out NT print jobs really nicely, too. (This used to be commit e6e5caf16c8d120f0c11fa63061f2786098e3357)
1999-11-09riccardo sibilia spotted line 1884 has uint32 group_rid[0] not group_rid[1]Luke Leighton1-1/+1
oops! (This used to be commit ea1d5af105cc0df8d6523d0a734827ee47e1f58c)
1999-11-08preparation for doing a spoolss enum jobs command. had to rewriteLuke Leighton6-187/+310
spoolss_enumjobs parsing code to do read / writes not just writes. (This used to be commit bc659a09f9103eee9616279e27fafacf89dcd9b9)
1999-11-08const feeding frenzyLuke Leighton13-556/+662
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
1999-11-08const feeding frenzyLuke Leighton2-74/+76
(This used to be commit 6d27c5f32dab7607398ae907eadb1c27a416da0d)
1999-11-08Fixed typo in automatic printer install share name.Tim Potter1-2/+1
Removed confusing 'writeable = no' parameter from example [printers] entry. (This used to be commit 31f0a7a334a2075c7a3998531b55fb4def0106cf)
1999-11-06horrible code to do SMBwriteX / SMBreadX for large MSRPC reads. ARGH!Luke Leighton2-94/+128
(This used to be commit 0f9d661ca2560e88a04bc529ba41ac4cf1579fa4)
1999-11-06missed mem_grow_data callLuke Leighton2-1/+3
(This used to be commit 681cbb9ec1310fa81f4da40ef0cfed92500b5f4e)
1999-11-06added command-completion printer enum code.Luke Leighton5-19/+91
(This used to be commit 6947f8fac7d6d643a265fdcb56b2a390b9a9a1c0)
1999-11-06fixed string function for reading in printer_info_N.Luke Leighton4-15/+240
(This used to be commit 0249ae50ad8135cf3fd11a3b85f771f2347fcb29)
1999-11-06added rpcclient spoolenum command. enumerates printers.Luke Leighton9-68/+364
spoolss_r_io_enumprinters doesn't decode strings correctly as printer_info_1/2 code has only been written to write structures, not read them. (This used to be commit 135eaa977385cdd5f572a51f654f14d893347d7b)
1999-11-06spoolss openprinterex / closeprinter client-code.Luke Leighton8-108/+370
experimental spoolopen <printer name> command added. jean-francois, f.y.i. i changed the #define for SPOOLSS_OPENPRINTEREX from op code 0x44 to 0x45. (This used to be commit ef7fa58fd3c259c765c3bc82424d4c0f192ec90e)
1999-11-05experimental spoolss rpcclient commandsLuke Leighton6-40/+196
(This used to be commit c86edef90e7c96d5a99be29e2d2a3679ed26d97d)
1999-11-05This is an experimental program to shutdown a group of NTws in aLuke Leighton1-0/+259
Samba domain via rpcclient. Copyright (c) David Bannon 1999 David Bannon, D.Bannon@latrobe.edu.au, 4th November, 1999 (This used to be commit 51747ecf6adbb89695a1a8b8fbb98e9f6b7d2290)