| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
and then set a default random password.
(This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
|
|
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
|
|
(This used to be commit 5b5719d6a08130db1062bfa24123cedcdc692bff)
|
|
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
|
|
except with only one user. done by sharing same code.
(This used to be commit 4e029d50fcb9148f2d65c6be2703b1003e68cec7)
|
|
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
|
|
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
(This used to be commit 447143be81acbbcc148211183a512d4cab347ac7)
|
|
(This used to be commit d5869df3716fec21d3a4237dbf5d2417d3350e11)
|
|
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
(This used to be commit e885027eb705ab13c2800b8995661accad841643)
|
|
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
|
|
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
|
|
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
|
|
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
|
|
oops!
(This used to be commit ea1d5af105cc0df8d6523d0a734827ee47e1f58c)
|
|
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
|
|
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa977385cdd5f572a51f654f14d893347d7b)
|
|
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
(This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
|
|
error wrong password against nt. ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
|
|
added samaliasmem <aliasname> rpcclient command (shows members in alias)
added tab command-completion to SAM alias related commands (inc 2 above).
(This used to be commit 0c700fb609adf80cb3191f2976c6d56088d81232)
|
|
(This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767)
|
|
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
|
|
added samgroup <groupname> command
added samgroupmem <groupname> command
added proper registry key completion
added sam command user-completion (e.g samuser [tab])
added sam command group-completion (e.g samgroup [tab])
(This used to be commit bc5d021916a2f070c62011870a80b3b2707aff3b)
|
|
(This used to be commit b794ff213009fbcf6a4767e3361501291cdc065d)
|
|
(This used to be commit 4a44cccf4401e0ce01303459011ac64805c53561)
|
|
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
|
|
useful for doing things _other_ than just "print me".
(This used to be commit 229313de7dc734a6c77e9000e654b0c289053fa6)
|
|
sam_enum_dom_groups. enum dom aliases is still left to do (dom users
already done).
(This used to be commit 8d181924cedb7a2d34a0b40cee600494665fe923)
|
|
(This used to be commit a78607b5dbf0fca6a22ab41195f465474578ee39)
|
|
(This used to be commit 4d5b860802528a9d74c2722dc996d6d8fd0b51ef)
|
|
(This used to be commit 3f99ab77203da2eb80b7cedbda88cb03640d427b)
|
|
(This used to be commit d2d5a853f8f34a0c3d5920540beb971a33f5276e)
|
|
restoring opening S-1-5-20 in sam enum users code.
(This used to be commit 1be877114e2e958c59e6516dacf22d3fb5a4240f)
|
|
(This used to be commit 6e22bf912cb981d91834c63098d41f5f8abaa594)
|
|
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
|
|
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
|
|
break a few things...
(This used to be commit 4b06f303235d36903b6e9f55ee45b987d98256b0)
|
|
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
|
|
(This used to be commit 39c367b8e9932f64fa774b807e14416f97254312)
|
|
(This used to be commit cbc646b1d8ce73d1d8167887cbfdab3cad4f11a4)
|
|
domain info. adjusting net_srv_get_info function.
(This used to be commit 42eb916fae0d377f8908dfc42b332e6a53c4e2d9)
|
|
(This used to be commit 6c98d6c9aae64016bfe7727cfe12762967eb5a84)
|
|
(This used to be commit 9d74161a9204da90d3024c2a86d59fefd516ff07)
|
|
(This used to be commit 7fc2ee2f96b79e77039e141c2d2be9598465e5e6)
|
|
(This used to be commit 1cde47ba6a6409e0ae178ca9f44be2123bef0f9d)
|
|
(This used to be commit e2a72e2c64d6aad37d0c0f94d36f4fdadd3bd6cc)
|
