| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
arguments: get_any_dc_name() was being called with a server name
not a domain name. oops.
(This used to be commit 631814302d6992138cfe024ba7bd456cc7e0d3bf)
|
|
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
|
|
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
(This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)
|
|
(This used to be commit 5e5a1dceee0b6088822697284d3e0af04d197477)
|
|
(This used to be commit a3af3b4312144943413894b18b5845b56474ebb5)
|
|
(This used to be commit 7bb2e55d0d3a00a97bba99ebed722a4adf84093c)
|
|
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
(This used to be commit d923bc8da2cf996408194d98381409191dd81a16)
|
|
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf)
|
|
get_any_dc_name().
(This used to be commit e21367c0ebdc5e202cdc39d50950bff089bf67f8)
|
|
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
(This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2)
|
|
(This used to be commit 455e17dbb7d451b462004f302f5c68770f17b65e)
|
|
this is horrible.
(This used to be commit 9df973fe711f322075d86d6792d6c0b8539c1d00)
|
|
(This used to be commit f0946d1ccafeb5f541935b41f2d54bcbc06797ed)
|
|
(This used to be commit 50dc709fa95e86ebe2b3132176241cb3a2cc4e36)
|
|
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f2f8d04d3fab09db048b4f3dc1e97d5)
|
|
in private .mac file (oops). ntlogin test now works.
(This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
and then set a default random password.
(This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
|
|
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
|
|
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
|
|
(This used to be commit 1abdf9a45ff2e1d903a08891fbec0794349a9546)
|
|
equivalents of NetUseAdd and NetUseDel!
(This used to be commit 86f4b1d3cc3887c4bb7bd6433f5f932f7db1b88e)
|
|
parameters to connect to \PIPE\NETLOGON.
(This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62)
|
|
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
(This used to be commit 85cc680736f17e3f879895be5dac8f1427653919)
|
|
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
|
|
(This used to be commit 7a696330586b9ad5157b0c1ab249cc66e9accef7)
|
|
(This used to be commit 601d217f44ea1ce3735b9267b6f829b472a982b4)
|
|
(This used to be commit 4c3556fae73c60693355f95f48ac63834ba4dd10)
|
|
(This used to be commit e4e5743a407b60c3695410eaf3df4ca3de4a870e)
|
|
modified resolve_srv_name() to return dest host of *SMBSERVER if
server name is \\ip.add.ress.format
(This used to be commit 3204829225792974c8b20efb6ba6e24661a4f658)
|
|
again.
(This used to be commit 6b67d6164dbfda3ba690d86597ae560b7e5c7584)
|
|
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
|
|
except with only one user. done by sharing same code.
(This used to be commit 4e029d50fcb9148f2d65c6be2703b1003e68cec7)
|
|
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
(This used to be commit c049865782d87ca09744ecdefb387b7852ec2ae7)
|
|
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
|
|
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
(This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
|
|
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
|
|
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
(This used to be commit 45e92258e7df84c21d23c0be7e1d85457ccac551)
|
|
do so twice. possible memory corruption, revolving around getopt().
(This used to be commit 7cacf8bd026f1ee274f1d352c68cf79cf4f3b499)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
(This used to be commit c26e8a6ac59934ae580077df937439c2c538dbdb)
|
|
attempted to fix regsetsec command
(This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
|
|
command fails.
(This used to be commit 9193f0eff56399e9bc09787dbe785b603886eaa3)
|
|
(This used to be commit cbbfef6d2a5335a6daa4fe09ea2d73197417894f)
|
|
(This used to be commit d5869df3716fec21d3a4237dbf5d2417d3350e11)
|
|
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
|
|
(This used to be commit 1092b4f6fbdf3770c0dab756b982a562def1738e)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
_use_ user session key.
(This used to be commit be6a6b13939798a9c7242b38864f0ce842391a74)
|
