Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ab58fdf77a12d101f5ac6b6702cd8ed9dc2c7d55)
|
|
(This used to be commit 727d2929bc4025ab418e933356d8ba4f31420423)
|
|
Allow rid to be specified in lookupuser.
(This used to be commit 1ea5aa4a80f9da56b071b403fb8f1cfa0ff79b8d)
|
|
Moved fetch_domain_sid() calls out of harms way so they didn't spam out
queries on SAMR pipe.
(This used to be commit 982195c89d2ea0e66c24f6426f50c7d2f35800e0)
|
|
(This used to be commit 23427a57da8b18506bbd970e5d7491c0917f6d06)
|
|
(This used to be commit 0a6ceed279cc8111008b21f75c6791efbd993f4b)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
convert names to rids yet.
(This used to be commit cea13dff759dfb7efb5d2a248dd77905e16b1605)
|
|
(This used to be commit 0cb7639cef4a1ba0d56d7e58bd7e03343cbf229d)
|
|
to be filled in one at a time.
(This used to be commit 6aaac3766324302b995b5a55876bf2ab74af1ff8)
|
|
back to working order. The main change is that the cli_*() RPC
functions from libsmb/*.c now should accept a struct cli_state*.
The reason for this is that rpcclient should establish the
connection to the server at startup so that it is not necessary
to keep the clear test or password hash in memory for each command.
enumports and enumprinters now works as well. lsa* functions
have been tested. SAMR calls may or may not work (one of the core
dumps I know), but it compiles :-)
jerry
(This used to be commit d98ac8852ae6b39b6fcff92c346ba56d9e63c518)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
now pass through insure except for some of the dodgy spoolss prs
weirdness.
(This used to be commit 76f08426a08881793b0ef32ccc4e13c54f26417f)
|
|
Currently there are a small selection of lsa, samr and spoolss functions
implemented. More to follow...
(This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
|
|
blocks around a few unimplemented functions. Also had to
add cli_reg.c to Makefile.in
--jerry
(This used to be commit 426c43fb5167b042682c22e67871e5ebadb4b769)
|
|
head/tng merge.
It goes something like this:
- headers from tng get copied over one at a time
- the old headers get renamed to *_old.h
- server side code that used the old headers gets a
#define OLD_NTDOMAIN 1
#undef OLD_NTDOMAIN
at the start and end of the code
- mkproto.awk recognises these special defines and does magic stuff so
that each .c file sees the right headers
- we start moving the rpc client libraries from tng to head.
if this goes OK then, in theory, we should be able to move the client
side rpc code from tng to head without disturbing the existing head
server side code. Then when that works we can consider merging the
server side.
it remains to be seen if this scheme will work. So far I've moved
rpc_samr.h and don't seem to have broken anything.
Note this this is still a very delicate operation, as at every step of
the way I want to keep head fully functional. Please don't take part
unless you discuss it with me first.
(This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
|
|
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
|
|
(This used to be commit 50dc709fa95e86ebe2b3132176241cb3a2cc4e36)
|
|
(This used to be commit fbfb350bdf17e84b512b745527886d942904b67d)
|
|
in private .mac file (oops). ntlogin test now works.
(This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
and then set a default random password.
(This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
|
|
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
|
|
(This used to be commit 5b5719d6a08130db1062bfa24123cedcdc692bff)
|
|
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
|
|
except with only one user. done by sharing same code.
(This used to be commit 4e029d50fcb9148f2d65c6be2703b1003e68cec7)
|
|
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
|
|
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
(This used to be commit 447143be81acbbcc148211183a512d4cab347ac7)
|
|
(This used to be commit d5869df3716fec21d3a4237dbf5d2417d3350e11)
|
|
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
(This used to be commit e885027eb705ab13c2800b8995661accad841643)
|
|
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
|
|
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
|
|
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
|
|
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
|
|
oops!
(This used to be commit ea1d5af105cc0df8d6523d0a734827ee47e1f58c)
|
|
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
|
|
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa977385cdd5f572a51f654f14d893347d7b)
|
|
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
(This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
|
|
error wrong password against nt. ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
|
|
added samaliasmem <aliasname> rpcclient command (shows members in alias)
added tab command-completion to SAM alias related commands (inc 2 above).
(This used to be commit 0c700fb609adf80cb3191f2976c6d56088d81232)
|
|
(This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767)
|
|
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
|