Age | Commit message (Collapse) | Author | Files | Lines |
|
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
(This used to be commit 45e92258e7df84c21d23c0be7e1d85457ccac551)
|
|
do so twice. possible memory corruption, revolving around getopt().
(This used to be commit 7cacf8bd026f1ee274f1d352c68cf79cf4f3b499)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
attempted to fix regsetsec command
(This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
|
|
command fails.
(This used to be commit 9193f0eff56399e9bc09787dbe785b603886eaa3)
|
|
(This used to be commit cbbfef6d2a5335a6daa4fe09ea2d73197417894f)
|
|
(This used to be commit e88e7d529b5bdf32ac3bc71fa8e18f6f2a98c695)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
_use_ user session key.
(This used to be commit be6a6b13939798a9c7242b38864f0ce842391a74)
|
|
(This used to be commit e885027eb705ab13c2800b8995661accad841643)
|
|
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
|
|
believe the XXXX that MIGHT be involved in getting nt5rc2 to join
a samba domain...
(This used to be commit 569babb3935950c1b64396955541abf276cc1d92)
|
|
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
|
|
a char*. now copes with multiple types.
(This used to be commit 3df7c903c5b70f336294a95ad864aedbacf544b0)
|
|
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
|
|
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
|
|
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c8d120f0c11fa63061f2786098e3357)
|
|
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
|
|
(This used to be commit 0f9d661ca2560e88a04bc529ba41ac4cf1579fa4)
|
|
(This used to be commit 681cbb9ec1310fa81f4da40ef0cfed92500b5f4e)
|
|
(This used to be commit 6947f8fac7d6d643a265fdcb56b2a390b9a9a1c0)
|
|
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa977385cdd5f572a51f654f14d893347d7b)
|
|
experimental spoolopen <printer name> command added.
jean-francois, f.y.i. i changed the #define for SPOOLSS_OPENPRINTEREX from
op code 0x44 to 0x45.
(This used to be commit ef7fa58fd3c259c765c3bc82424d4c0f192ec90e)
|
|
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
(This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
|
|
error wrong password against nt. ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
|
|
(This used to be commit 3f9455c535607090103a371ff96051a5ce32e461)
|
|
(This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767)
|
|
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H
querysecret to work, it keeps returning access denied.
(This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
|
|
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
|
|
command-completion works.
(This used to be commit 926fe6273a8cd9550838ecdfca276f915c92031b)
|
|
works with command-line completion on the service name (ohh yesss, this
is becoming my favourite bit of functionality-on-the-side hee hee :)
had to fix the svc_io_q_start_service() code which was missing the
ptr_argv[] array in between the array-size and the UNISTR2-array.
i.e it's actually an array of _pointers_ to unicode strings...
(This used to be commit 2903f22e7ed9306229035accfa757fd810645820)
|
|
(This used to be commit c243231d8596a732aba69179ff8f3882e7118297)
|
|
(This used to be commit 37f4aac06fec3fbb34ed40d1010829b2e1f28558)
|
|
added samgroup <groupname> command
added samgroupmem <groupname> command
added proper registry key completion
added sam command user-completion (e.g samuser [tab])
added sam command group-completion (e.g samgroup [tab])
(This used to be commit bc5d021916a2f070c62011870a80b3b2707aff3b)
|
|
(This used to be commit 6a759c57dcb851aa19d1d4156249a3df112aefd0)
|
|
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
|
|
in rpcclient, regenum HKEY_CLASSES_ROOT or regenum HKCR to test.
(This used to be commit b0aa933ef4c0b58840430cf3b3cb3cbeb5c7f704)
|
|
sam_enum_dom_groups. enum dom aliases is still left to do (dom users
already done).
(This used to be commit 8d181924cedb7a2d34a0b40cee600494665fe923)
|
|
(This used to be commit a78607b5dbf0fca6a22ab41195f465474578ee39)
|
|
restoring opening S-1-5-20 in sam enum users code.
(This used to be commit 1be877114e2e958c59e6516dacf22d3fb5a4240f)
|
|
- signed / unsigned issues.
(This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf)
|
|
(This used to be commit 6e22bf912cb981d91834c63098d41f5f8abaa594)
|
|
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
|
|
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
|
|
break a few things...
(This used to be commit 4b06f303235d36903b6e9f55ee45b987d98256b0)
|
|
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
|
|
this format is what i would like _all_ these functions to be
(returning status codes, not BOOL) but that's a horrendous
amount of work at the moment :)
(This used to be commit 02f240604241367f146b26934ad1a1b2563430de)
|
|
(This used to be commit 134cb4cdff43192a3039a6cce23f331c80fd1990)
|
|
deal with linking issues in other binaries
(This used to be commit 57f95a01988fb4035b2e4448f4fd3ef0d652c106)
|