| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
|
|
|
|
| |
which isn't actually used right now :-)
|
| |
|
|
|
|
|
|
|
|
| |
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
|
| |
|
|
|
|
|
| |
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
|
|
|
|
| |
trusted domains may cause rpcclient to fail).
|
| |
|
| |
|
|
|
|
|
|
|
| |
up.
added a complicated prompt which i don't like, but it tells you
domain\user@hostname$
|
|
|
|
| |
same as net use but with -d and -f) command options
|
|
|
|
|
|
|
| |
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
|
| |
|
|
|
|
| |
in private .mac file (oops). ntlogin test now works.
|
| |
|
|
|
|
| |
and then set a default random password.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
|
| |
|
| |
|
|
|
|
| |
parameters to connect to \PIPE\NETLOGON.
|
|
|
|
|
|
| |
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
|
| |
|
| |
|
| |
|
|
|
|
| |
initialised dest_wks _after_ using it in at_soon() :-) so i fixed this :)
|
| |
|
| |
|
| |
|
|
|
|
|
| |
modified resolve_srv_name() to return dest host of *SMBSERVER if
server name is \\ip.add.ress.format
|
|
|
|
| |
again.
|
|
|
|
|
| |
is pretty much independent of SMB client states, which will make it
easier to add other transports.
|
| |
|
|
|
|
| |
except with only one user. done by sharing same code.
|
|
|
|
|
|
|
|
|
|
|
|
| |
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
|
|
|
|
|
|
| |
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
|
|
|
|
|
|
| |
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
|
|
|
|
|
|
| |
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
|
|
|
|
| |
do so twice. possible memory corruption, revolving around getopt().
|
|
|
|
|
|
|
|
|
|
|
|
| |
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
|
|
|
|
|
|
|
|
|
| |
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
|
|
|
|
| |
attempted to fix regsetsec command
|
| |
|
|
|
|
| |
command fails.
|
| |
|
| |
|
| |
|
|
|
|
| |
from rpcclient/cmd_*.c.
|
| |
|