| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
do so twice. possible memory corruption, revolving around getopt().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
|
| |
|
|
|
|
|
|
|
| |
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
|
| |
|
|
|
|
| |
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
|
| |
|
|
| |
attempted to fix regsetsec command
|
| | |
|
| |
|
|
| |
command fails.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
from rpcclient/cmd_*.c.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
|
| |
|
|
| |
_use_ user session key.
|
| | |
|
| | |
|
| |
|
|
| |
NT refuses to play nice, and establish a trust relationship.
|
| |
|
|
| |
smbpasswd so it can be used to set up inter-domain trust account.
|
| |
|
|
|
|
|
|
|
|
| |
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.
|
| |
|
|
|
|
|
|
|
|
|
| |
have the string max length = string length + 1.
if not, then it gets its knickers in a twist over whether the string
is NULL-terminated or not.
four days.
four days i spent on this one.
|
| |
|
|
|
|
|
|
|
| |
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
|
| |
|
|
| |
after them is incredible. how did we get away with this for so long?
|
| |
|
|
|
|
|
|
| |
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
|
| |
|
|
|
| |
believe the XXXX that MIGHT be involved in getting nt5rc2 to join
a samba domain...
|
| |
|
|
|
|
|
| |
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
|
| |
|
|
| |
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
|
| |
|
|
|
| |
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
|
| |
|
|
| |
a char*. now copes with multiple types.
|
| |
|
|
|
|
|
|
| |
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
|
| |
|
|
|
|
|
|
| |
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
|
| |
|
|
|
|
|
| |
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
|
| |
|
|
| |
password changes are allowed or not. *dur*!!!!
|
| |
|
|
| |
next_token() should not have line to parse as first arg. oops.
|
| |
|
|
|
| |
sending anonymous NTLMSSP user credentials to set up \PIPE\samr.
added anonymous NTLMSSP sessions.
|
| |
|
|
| |
happier in joining a Samba domain.
|
| | |
|
| |
|
|
|
|
|
|
| |
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
|
| |
|
|
|
|
|
|
|
| |
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
|
| | |
|
| |
|
|
|
| |
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
|
| |
|
|
| |
oops!
|
| |
|
|
| |
spoolss_enumjobs parsing code to do read / writes not just writes.
|
| | |
|
