Age | Commit message (Collapse) | Author | Files | Lines |
|
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H
querysecret to work, it keeps returning access denied.
(This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
|
|
negative response, which tended to crash lsass.exe.
(This used to be commit 6d03f61d2536630968007958345cf44a42b03584)
|
|
(actually, decryption only currently because I need to get some sleep).
Basically another Microsoft twist on DES; the "master key" is the user's
NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys.
(This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)
|
|
(-> LsarQuerySecret) on client side, including rpcclient command
"querysecret" for others to play with.
The major obstacle is working out the encryption algorithm used
for the secret value. It definitely uses the NT hash as part of the
key, and it seems the block size is 64 bits - probably DES based -
but I can't work out what's done in between. Help required.
(This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
|
|
LsaLookupNames being incorrect. this is a bit wierd: why would the
lsass.exe on the nt _client_ crash due to an LsaLookupNames response
from a samba _server_?
(This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
|
|
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
|
|
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
|
|
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
|
|
code. added "quality of service" capability to lsa_open_policy code.
different lsa_open_policy queries are *not* dealt with in the server code.
answers like "0xC000 0022" - access denied - will have to be made to
lsa_lookup_sids calls when a "quality of service" request is *not* specified
in the lsa_open_policy call.
(This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
|
|
(This used to be commit 5212dd69d05a0d26dddcb4a0d9efca195436bfda)
|
|
(This used to be commit bd9290c36c9993a994e485da0a81df926f8662e4)
|
|
lib/rpc/include/rpc_lsa.h: Changed #defines for RPC calls - moved some, made LSA_LOOKUPNAMES correct.
lib/rpc/include/rpc_misc.h: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx.
Changed bitmasks for uid to rid to be 1 bit.
lib/rpc/parse/parse_misc.c: Changed make_unistr2 to put length as given, max length as one more.
lib/rpc/server/srv_netlog.c: Removed 'domain other sids' parameter.
lib/rpc/server/srv_samr.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx.
lib/rpc/server/srv_util.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx.
Jeremy.
(This used to be commit 34c91840a3d8c252715dc2f749b7a3b171a5b74f)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|