| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
(This used to be commit d923bc8da2cf996408194d98381409191dd81a16)
|
|
to redirect multiple socket-based connnections onto a single client state.
argh!
(This used to be commit 06390e792cd8aa57a91c3a3d1d267fd1bcdc17a1)
|
|
moved smb-agent over to a single-process model instead of fork()
in order to reuse client connections. except, of course, you
can't do a select() on the same socket connections! argh!
(This used to be commit e9e5a34de8e8f9a69e817aceb8c16284334d4642)
|
|
which isn't actually used right now :-)
(This used to be commit d54a64ae3ab7cdc1ac67fb49f7255e6a106d624e)
|
|
restricted to connections from the current user (socket is created
with current user uid).
(This used to be commit 5af076e4b7ee13eebe0b89748e3f5a1ef21f8c73)
|
|
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf)
|
|
lp_trusted_domains() parameter, so trusted domain logins should work,
right, if you put user = TRUSTED_DOMAIN\NTuser in "domain name map", right?
right - as _long_ as you're not using NTLMv2, because the damn NT username
gets mapped to the damn unix name too early, and NTLMv2 challenge-responses
are based on the client's user name, client's domain name, client's host name
etc damn etc.
so it becomes necessary to stop using char* username because this allows
for massive amounts of confusion as to which username is being referred to.
the underlying unix username on the local unix system that is associated with
the smbd process that represents the NT username? or the NT username itself?
(This used to be commit dd3ccdd7d996c107766cdad3c403e8b8947b9e65)
|
|
(This used to be commit 455e17dbb7d451b462004f302f5c68770f17b65e)
|
|
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
|
|
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
|
|
\\server_name \\other_server etc.
(This used to be commit 4fd4aeb57455792bd8eaf81f8fa45bca6bd3e2e2)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
(This used to be commit c86edef90e7c96d5a99be29e2d2a3679ed26d97d)
|
|
switching on CAP_STATUS32 from non-CAP_EXTENDED_SECURITY code (enabled
for test purposes only)
(This used to be commit 96d8e14f50fda8047d209fa0b94b98a95ce51f21)
|
|
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
|
|
this format is what i would like _all_ these functions to be
(returning status codes, not BOOL) but that's a horrendous
amount of work at the moment :)
(This used to be commit 02f240604241367f146b26934ad1a1b2563430de)
|
|
(This used to be commit 858f79b362dce8aa06013533209bc982cb99d33d)
|
|
a problem i was having.
- added rudimentary CAP_STATUS32 support for same reason.
- added hard-coded, copy-the-same-data-from-over-the-wire version of
CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate
GSSAPI which encodes
SPNEGO which is used to negotiate
Kerberos or NTLMSSP. i have implemented
NTLMSSP which negotiates
NTLMv1 or NTLMv2 and 40-bit or 128-bit etc. i have implemented
NTLMv1 / 40-bit.
*whew*.
(This used to be commit e5b80bd2f76fda70e41e4a9007eb035dab92ed8e)
|
|
(This used to be commit 25025f450531c66c0fd9f7eed886cb288d76d025)
|
|
(This used to be commit a8d4560e0064a67a234eae89a564b79d2426d9a9)
|
|
(This used to be commit 5c974cc4a4cdcb9fd3fe01e93aa577b81cf2d18b)
|
|
(This used to be commit 062b9302c1c7a21df74571ead5f89ce002820d53)
|
|
if this fails.
(This used to be commit 5f821e65015c27f5306c3a707841cd0228509974)
|
|
- ssl close from cli_reestablish_connection() not called.
- ntlmv2 fall-back to ntlmv1 failed.
(This used to be commit fdc275353de85fde0c348320e4d64ba66365b73b)
|
|
(This used to be commit 12ee037d44a603ce50982d5b90e08c30339de750)
|
|
password and password length variables not constants.
(This used to be commit 236022071f2f6df0c583fd88d9802d9b3ea6f73e)
|
|
static cli_calc_session_pwds(). this code used to be inside cli_session_setup()
itself and worked on non-NULL local variables.
(This used to be commit 7aff19ba57fd91572da7cbe16f118d11226590e3)
|
|
now uses improved authentication. smbclient now "broken" for "scripts"
based on DEBUG() output. cli_establish_connection() requires modification
to support old scripts.
(This used to be commit b0539d43407cb2b0bab7977908de09b21b145218)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
(This used to be commit de9a38b0bcb5adcb6e502f2200d3e84bdcbdfc48)
|
|
of a pstrcpy into an fstring).
(This used to be commit ac0060443de800fec9042b69b299ff2e9128a31c)
|
|
anywhere.
(This used to be commit 71b861f7468d7950bedb61dd18a4b9d830bf8628)
|
|
Copyright (C) Benjamin Kuit <bj@mcs.uts.edu.au> 1999.
(This used to be commit fdf61e1dabc2c977ee5cf1e9d60e3380f19840da)
|
|
(This used to be commit 73db80f34183324845407b00f58462ff2d7b47ea)
|
|
(This used to be commit af83778abc5fae0df53ed1874181e33bc8de8d94)
|
|
validation checks and also added capability to send plaintext passwords.
send "ntpasslen" of zero to do this. sending same plaintext password
for pass and ntpass arguments will result in previous behaviour of
encrypting password if server supports it.
(This used to be commit 17f4c5a785cf20901bcb76510e5ea9b0a6928115)
|
|
needed this for some tests.
- removed code that said "if lm password is not encrypted then encrypt both
lm and nt passwords". actually it said "if lm password length is not 24
bytes and we're in security=user mode..."
it didn't bother to check whether the nt password was NULL or not, and
doing the encryption inside cli_session_setup is the wrong place.
- checked all instances where cli_session_setup is called with cleartext
passwords that are expected to then be encrypted (see above) with the
test "if pwlen != 24...". there was only one: all the others either
provide encrypted passwords, do null sessions or use
cli_establish_connection.
* recommendation: use cli_establish_connection() in smbwrapper/smbw.c
(This used to be commit 2a509e9606f8aefbefa6e7b49878726464dbed44)
|
|
However, it seems that the -s flag
in smbclient is also ignored :-(
(This used to be commit f6c78192664d611d4663ed7459a2789315861eec)
|
|
own smbd process, rather than complaining about a password server loop.
(This used to be commit 63d7822b9d87d085194de6895d3e271cedcd3c9a)
|
|
is not the same as
!(eclass == ERRDOS && num == ERRmoredata)
This was causing smbclient to segfault on receiving certain errors.
(This used to be commit 15bd172530af360cf16ad626330dfe2ea92100df)
|
|
idiotic *SMBSERVER connectionism added to cli_connect_serverlist().
also added check for protocol < LANMAN2.
(This used to be commit c2bcb3a286f22ed4f0f55da2a3eb2bff17906fb1)
|
|
(This used to be commit 9bce7340d60a49594f67cc3c6cc6119b33a5358a)
|
|
(This used to be commit 603c5f6df8c525f30d00da912d408b98378ea538)
|
|
a connection succeeds...).
(This used to be commit c0efc35b27d50c40bc04bfd9fb1d61ea5d32bde5)
|
|
Fix by Matt Chapman <m.chapman@student.unsw.edu.au>
(This used to be commit c44b418d6fd16a257af21f6b5b29b1cdf26015b7)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
lowercase share names!)
(This used to be commit dddf1d8522707b828cac466c4a9ab2807d098573)
|
|
smbwrapper not made
by default.
nmbd*: Changed all calls to namestr() to nmbd_namestr() to fix broken FreeBSD include
file problem...sigh.
Jeremy.
(This used to be commit 9ee8f39aed8772a05c203161b4ae6b7d90d67481)
|
