| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
at present, a unix password is missing from the unix credentials, but is
not _actually_ expected to be needed. weeelll... maybe :-)
this is used to transfer credentials between smbd and msrpc daemons, down
a unix socket, so that the unix and nt credentials can be inherited by
an msrpc daemon called up from smbd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
received properly when a UDP "retry" occurs. it's because reads and
writes must be interleaved / matched.
scenario:
nmblookup connects to agent, sends request.
agent receives request, broadcasts it on 137.
agent RECEIVES 137 broadcast, sends it to nmblookup
agent receives RESPONSE to 137 broadcast, sends it to nmblookup.
if reads are not equally interspersed with writes, then second send
will fail.
if you think this is odd behaviour and that the agent should be filtering
its own UDP traffic, think again.
agent will be, potentially, redirecting nmbd traffic (including WINS
server) not just client programs.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
|
| |
|
|
|
|
| |
to redirect multiple socket-based connnections onto a single client state.
argh!
|
| |
|
|
|
|
| |
moved smb-agent over to a single-process model instead of fork()
in order to reuse client connections. except, of course, you
can't do a select() on the same socket connections! argh!
|
| |
|
|
| |
which isn't actually used right now :-)
|
| | |
|
| |
|
|
|
| |
restricted to connections from the current user (socket is created
with current user uid).
|
| |
|
|
|
|
|
|
| |
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lp_trusted_domains() parameter, so trusted domain logins should work,
right, if you put user = TRUSTED_DOMAIN\NTuser in "domain name map", right?
right - as _long_ as you're not using NTLMv2, because the damn NT username
gets mapped to the damn unix name too early, and NTLMv2 challenge-responses
are based on the client's user name, client's domain name, client's host name
etc damn etc.
so it becomes necessary to stop using char* username because this allows
for massive amounts of confusion as to which username is being referred to.
the underlying unix username on the local unix system that is associated with
the smbd process that represents the NT username? or the NT username itself?
|
| |
|
|
| |
get_any_dc_name().
|
| |
|
|
|
| |
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
|
| | |
|
| |
|
|
| |
this is horrible.
|
| |
|
|
| |
trusted domains may cause rpcclient to fail).
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
up.
added a complicated prompt which i don't like, but it tells you
domain\user@hostname$
|
| |
|
|
| |
same as net use but with -d and -f) command options
|
| |
|
|
|
|
|
| |
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
|
| |
|
|
|
| |
the heck is a cli_session_setup() call doing in here??? this should use
cli_establish_connection()server!
|
| | |
|
| |
|
|
| |
in private .mac file (oops). ntlogin test now works.
|
| | |
|
| |
|
|
| |
and then set a default random password.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
|
| | |
|
| | |
|
| |
|
|
| |
freed / cleaned up. oops, dat bad, cos they get freed again when u quit.
|
| |
|
|
|
|
| |
by cli_net_use_add() and cli_net_use_del(). MSRPC connections are
established with cli_connection_init(), and automatically unlinked with
cli_connection_unlink. client states are _reused_ by cli_connection_init.
|
| | |
|
| |
|
|
| |
equivalents of NetUseAdd and NetUseDel!
|
| |
|
|
| |
to \PIPE\NETLOGON.
|
| |
|
|
| |
parameters to connect to \PIPE\NETLOGON.
|
| |
|
|
|
|
| |
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
|
| | |
|
| | |
|
| |
|
|
| |
specify \PIPE\spoolss instead of \PIPE\lsarpc...
|
