| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
|
| |
|
|
|
|
| |
to redirect multiple socket-based connnections onto a single client state.
argh!
|
| |
|
|
| |
which isn't actually used right now :-)
|
| |
|
|
|
|
|
|
| |
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
|
| |
|
|
| |
get_any_dc_name().
|
| |
|
|
|
| |
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
|
| | |
|
| |
|
|
| |
this is horrible.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
|
| |
|
|
| |
in private .mac file (oops). ntlogin test now works.
|
| | |
|
| |
|
|
| |
and then set a default random password.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
|
| | |
|
| | |
|
| |
|
|
| |
equivalents of NetUseAdd and NetUseDel!
|
| |
|
|
| |
parameters to connect to \PIPE\NETLOGON.
|
| |
|
|
|
|
| |
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
modified resolve_srv_name() to return dest host of *SMBSERVER if
server name is \\ip.add.ress.format
|
| |
|
|
| |
again.
|
| |
|
|
|
| |
is pretty much independent of SMB client states, which will make it
easier to add other transports.
|
| |
|
|
| |
except with only one user. done by sharing same code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
|
| |
|
|
|
|
| |
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
|
| |
|
|
|
| |
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
|
| |
|
|
|
|
| |
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
|
| |
|
|
|
|
| |
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
|
| |
|
|
| |
do so twice. possible memory corruption, revolving around getopt().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
|
| |
|
|
|
|
|
|
|
| |
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
|
| |
|
|
|
|
| |
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
|
| |
|
|
| |
attempted to fix regsetsec command
|
| |
|
|
| |
command fails.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
|
| |
|
|
| |
_use_ user session key.
|
