Luke Leighton [Thu, 2 Dec 1999 01:46:01 +0000 (01:46 +0000)]
improved enumdomains added -i option.
Luke Leighton [Thu, 2 Dec 1999 01:16:05 +0000 (01:16 +0000)]
clearing up connection-related stuff. password credentials were messing
up.
added a complicated prompt which i don't like, but it tells you
domain\user@hostname$
Luke Leighton [Wed, 1 Dec 1999 22:39:27 +0000 (22:39 +0000)]
added net use (actually net -S srv -U user -W dom) and net del (actually
same as net use but with -d and -f) command options
Luke Leighton [Wed, 1 Dec 1999 22:06:53 +0000 (22:06 +0000)]
more cli_session_setup() calls. what the heck are these doing???
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
Luke Leighton [Wed, 1 Dec 1999 21:47:30 +0000 (21:47 +0000)]
cli_session_setup() now takes an extra argument (host name). hey, what
the heck is a cli_session_setup() call doing in here??? this should use
cli_establish_connection()server!
Luke Leighton [Wed, 1 Dec 1999 20:18:59 +0000 (20:18 +0000)]
make sure domain and name to generate trust account .mac file are upper case.
Luke Leighton [Wed, 1 Dec 1999 20:18:21 +0000 (20:18 +0000)]
damn, that took a while. nt login password was being stored incorrectly
in private .mac file (oops). ntlogin test now works.
Luke Leighton [Wed, 1 Dec 1999 19:25:51 +0000 (19:25 +0000)]
fixing joining to domain plus something weird going down with nt logins...
Luke Leighton [Wed, 1 Dec 1999 18:47:29 +0000 (18:47 +0000)]
improving createuser account command to be able to add workstations
and then set a default random password.
Luke Leighton [Wed, 1 Dec 1999 16:39:51 +0000 (16:39 +0000)]
1) when no domain used in ntlogin test command, should use default one
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
Luke Leighton [Wed, 1 Dec 1999 02:15:14 +0000 (02:15 +0000)]
sys_select added one more argument (read, write selectors).
Luke Leighton [Wed, 1 Dec 1999 00:52:22 +0000 (00:52 +0000)]
split display.c into modules.
Luke Leighton [Tue, 30 Nov 1999 18:01:03 +0000 (18:01 +0000)]
added failed connections to the net use array, even though they'd been
freed / cleaned up. oops, dat bad, cos they get freed again when u quit.
Luke Leighton [Tue, 30 Nov 1999 00:08:39 +0000 (00:08 +0000)]
ok. this is where it gets interesting. client states are now maintained
by cli_net_use_add() and cli_net_use_del(). MSRPC connections are
established with cli_connection_init(), and automatically unlinked with
cli_connection_unlink. client states are _reused_ by cli_connection_init.
Luke Leighton [Mon, 29 Nov 1999 23:57:41 +0000 (23:57 +0000)]
bug-fix
Luke Leighton [Mon, 29 Nov 1999 23:56:09 +0000 (23:56 +0000)]
this is going to sound _really_ weird, ok, but i had to implement
equivalents of NetUseAdd and NetUseDel!
Luke Leighton [Mon, 29 Nov 1999 21:48:41 +0000 (21:48 +0000)]
sam sync - one of the files that use multiple connection server list
to \PIPE\NETLOGON.
Luke Leighton [Mon, 29 Nov 1999 21:47:14 +0000 (21:47 +0000)]
attempting to resolve the issue that multiple servers often specified in
parameters to connect to \PIPE\NETLOGON.
Luke Leighton [Mon, 29 Nov 1999 21:16:12 +0000 (21:16 +0000)]
ok. got ntlogin command working. argh, it maintains a connection to
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
Luke Leighton [Mon, 29 Nov 1999 19:46:57 +0000 (19:46 +0000)]
first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.
Luke Leighton [Mon, 29 Nov 1999 17:45:47 +0000 (17:45 +0000)]
renamed PRINTER_HND to POLICY_HND.
Luke Leighton [Sat, 27 Nov 1999 23:31:45 +0000 (23:31 +0000)]
cool! spooljobs works! this surprised me very much :-) helped to
specify \PIPE\spoolss instead of \PIPE\lsarpc...
Luke Leighton [Sat, 27 Nov 1999 23:25:45 +0000 (23:25 +0000)]
well, i stuffed up the spooler commands.
Luke Leighton [Sat, 27 Nov 1999 22:58:11 +0000 (22:58 +0000)]
moved at command over to new abstract connection system. matthew, you
initialised dest_wks _after_ using it in at_soon() :-) so i fixed this :)
Luke Leighton [Sat, 27 Nov 1999 22:53:28 +0000 (22:53 +0000)]
moved browser command brsinfo over to new abstracted connection
Luke Leighton [Sat, 27 Nov 1999 22:47:17 +0000 (22:47 +0000)]
this one's a handle-based one (missed in the first round).
Luke Leighton [Sat, 27 Nov 1999 22:35:58 +0000 (22:35 +0000)]
removed do_ prefix from srvsvc API
Luke Leighton [Sat, 27 Nov 1999 22:34:12 +0000 (22:34 +0000)]
updated \PIPE\wkssvc commands to use new abstracted connection system.
modified resolve_srv_name() to return dest host of *SMBSERVER if
server name is \\ip.add.ress.format
Luke Leighton [Sat, 27 Nov 1999 22:19:51 +0000 (22:19 +0000)]
using "abstracted" cli_connection, got \PIPE\srvsvc commands up and running
again.
Luke Leighton [Sat, 27 Nov 1999 22:14:37 +0000 (22:14 +0000)]
modified cli_connect_serverlist to take server list of format
\\server_name \\other_server etc.
Luke Leighton [Sat, 27 Nov 1999 21:50:11 +0000 (21:50 +0000)]
further abstraction involving client states. main client-side code
is pretty much independent of SMB client states, which will make it
easier to add other transports.
Luke Leighton [Sat, 27 Nov 1999 20:34:32 +0000 (20:34 +0000)]
remove use of client_info lsa_info_pol.
Luke Leighton [Sat, 27 Nov 1999 20:29:16 +0000 (20:29 +0000)]
enhanced samuser command to do same thing as enumusers command (-g -u -a)
except with only one user. done by sharing same code.
Luke Leighton [Sat, 27 Nov 1999 00:02:03 +0000 (00:02 +0000)]
bug-fixing registry commands and the rpcclient "rpcclient" command.
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
Luke Leighton [Fri, 26 Nov 1999 23:04:19 +0000 (23:04 +0000)]
whoa. _major_ restructure of rpcclient. fixed some buuugs, created a few.
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
Luke Leighton [Fri, 26 Nov 1999 22:47:50 +0000 (22:47 +0000)]
this file manages client states associated with handles.
Luke Leighton [Thu, 25 Nov 1999 05:34:12 +0000 (05:34 +0000)]
previous commit added an abstraction function that didn't even have
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
Luke Leighton [Thu, 25 Nov 1999 05:26:48 +0000 (05:26 +0000)]
cool! completed a samr* API that _would_ look like an msdn samr* api...
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
Luke Leighton [Wed, 24 Nov 1999 23:40:20 +0000 (23:40 +0000)]
registry API moved over to new format. reg_connect() is the top-level
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
Luke Leighton [Wed, 24 Nov 1999 23:11:03 +0000 (23:11 +0000)]
service control manager API completed. svcenum -i works, but does not
do so twice. possible memory corruption, revolving around getopt().
Luke Leighton [Wed, 24 Nov 1999 22:45:09 +0000 (22:45 +0000)]
ok. *whew*. this is the first completed part of the restructure.
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
Luke Leighton [Wed, 24 Nov 1999 20:24:33 +0000 (20:24 +0000)]
first stages of removing struct cli_state* and uint16 fnum from all
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
Luke Leighton [Wed, 24 Nov 1999 18:15:50 +0000 (18:15 +0000)]
WARNING! MOVED rpc_server/srv_lsa_hnd.c TO lib/util_hnd.c
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
Luke Leighton [Wed, 24 Nov 1999 18:09:33 +0000 (18:09 +0000)]
rewrote policy handle code to be generic (it's needed for client-side too)
attempted to fix regsetsec command
Luke Leighton [Tue, 23 Nov 1999 23:14:10 +0000 (23:14 +0000)]
oops, freed argc,argv arguments twice.
Luke Leighton [Tue, 23 Nov 1999 23:05:47 +0000 (23:05 +0000)]
attempted a svcset command. password is encrypted / messed up, therefore
command fails.
Luke Leighton [Tue, 23 Nov 1999 20:32:52 +0000 (20:32 +0000)]
oops!!!! wrong command!!!
Luke Leighton [Tue, 23 Nov 1999 18:57:07 +0000 (18:57 +0000)]
adding svcctl 0x1b function
Luke Leighton [Tue, 23 Nov 1999 18:56:26 +0000 (18:56 +0000)]
shuffling msrpc code around so that it can be used independently of rpcclient
Luke Leighton [Mon, 22 Nov 1999 20:14:13 +0000 (20:14 +0000)]
the last one. that concludes the removal of all next_token() calls
from rpcclient/cmd_*.c.
Luke Leighton [Mon, 22 Nov 1999 19:46:26 +0000 (19:46 +0000)]
another four next_token() removals (using getopt instead)
Luke Leighton [Mon, 22 Nov 1999 19:37:05 +0000 (19:37 +0000)]
another two.
Luke Leighton [Mon, 22 Nov 1999 19:26:56 +0000 (19:26 +0000)]
another one
Luke Leighton [Mon, 22 Nov 1999 19:25:30 +0000 (19:25 +0000)]
moved two more commands over to getopt.
Luke Leighton [Mon, 22 Nov 1999 19:02:39 +0000 (19:02 +0000)]
okay :) all cmd_() functions now take int argc, char **argv :) that
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
Luke Leighton [Sun, 21 Nov 1999 19:59:56 +0000 (19:59 +0000)]
implement server-side generation of NTLMv2 session key. YESSS :-)
Luke Leighton [Sun, 21 Nov 1999 19:24:01 +0000 (19:24 +0000)]
you know what? this sort of thing makes me laugh. hmm, what functions
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
Luke Leighton [Sun, 21 Nov 1999 17:27:20 +0000 (17:27 +0000)]
hmmm... have to add client-side support in domain_client_validate() to
_use_ user session key.
Luke Leighton [Sun, 21 Nov 1999 17:11:00 +0000 (17:11 +0000)]
adding user session key into network netlogon response.
Luke Leighton [Sun, 21 Nov 1999 17:09:20 +0000 (17:09 +0000)]
moving create user function into msrpc_samr.c
Luke Leighton [Sat, 20 Nov 1999 22:05:31 +0000 (22:05 +0000)]
oops, #ifdef'd cli_shutdown out, as the fun has _already_ started:
NT refuses to play nice, and establish a trust relationship.
Luke Leighton [Sat, 20 Nov 1999 21:59:16 +0000 (21:59 +0000)]
attempting to establish inter-domain trust relationships. modified
smbpasswd so it can be used to set up inter-domain trust account.
Luke Leighton [Sat, 20 Nov 1999 20:54:29 +0000 (20:54 +0000)]
modified domain_client_validate to take trust account name / type. this
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
Luke Leighton [Sat, 20 Nov 1999 19:43:37 +0000 (19:43 +0000)]
doing a code reshuffle. want to add code to establish trust relationships.
Luke Leighton [Sat, 20 Nov 1999 18:17:29 +0000 (18:17 +0000)]
dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.
Luke Leighton [Sat, 20 Nov 1999 17:57:28 +0000 (17:57 +0000)]
adding bits about SAM database security, and what the SAM commands are
actually for.
Luke Leighton [Sat, 20 Nov 1999 17:41:35 +0000 (17:41 +0000)]
explicit reference to tell people that rpcclient doesn't work with
Windows 95. i can just imagine some people saying "it dunna wurk on
my box at home", and me having to reply, "i dunna care".
Luke Leighton [Sat, 20 Nov 1999 17:35:54 +0000 (17:35 +0000)]
yodl update
Luke Leighton [Sat, 20 Nov 1999 17:00:33 +0000 (17:00 +0000)]
oops.
Luke Leighton [Sat, 20 Nov 1999 16:57:38 +0000 (16:57 +0000)]
adding some command descriptions behind the rpcclient commands.
Luke Leighton [Fri, 19 Nov 1999 23:26:42 +0000 (23:26 +0000)]
yodl update - rpcclient
Luke Leighton [Fri, 19 Nov 1999 23:18:00 +0000 (23:18 +0000)]
added an rpcclient man page. wow!
Luke Leighton [Fri, 19 Nov 1999 02:05:19 +0000 (02:05 +0000)]
nt5rc2 falling over because the LsaQueryInfoPolicy() response _must_
have the string max length = string length + 1.
if not, then it gets its knickers in a twist over whether the string
is NULL-terminated or not.
four days.
four days i spent on this one.
Luke Leighton [Fri, 19 Nov 1999 01:37:16 +0000 (01:37 +0000)]
The First Necessary UNICODE String Support.
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
Luke Leighton [Fri, 19 Nov 1999 01:24:41 +0000 (01:24 +0000)]
- surprise! the number of UNICODE strings that didn't have alignment
after them is incredible. how did we get away with this for so long?
Luke Leighton [Fri, 19 Nov 1999 01:01:07 +0000 (01:01 +0000)]
- bug in nmbd registering DOMAIN_NAME<1c> to WINS server; recursion
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
Luke Leighton [Fri, 19 Nov 1999 00:12:16 +0000 (00:12 +0000)]
added \PIPE\browser plus experimental brsinfo command. you wouldn't
believe the XXXX that MIGHT be involved in getting nt5rc2 to join
a samba domain...
Luke Leighton [Thu, 18 Nov 1999 23:15:45 +0000 (23:15 +0000)]
responses to UDP samquery go back to SERVER<00> not DOMAIN<1c>, the
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
Luke Leighton [Thu, 18 Nov 1999 22:03:47 +0000 (22:03 +0000)]
set "key does not exist" response to reg_query_val() (win32 status code
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
Luke Leighton [Thu, 18 Nov 1999 19:29:08 +0000 (19:29 +0000)]
added samuserset2 rpcclient command to test ACB_XXX bit-setting on
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
Luke Leighton [Thu, 18 Nov 1999 17:57:21 +0000 (17:57 +0000)]
updating reg_value_info() parsing code to take BUFFER2 instead of just
a char*. now copes with multiple types.
Luke Leighton [Thu, 18 Nov 1999 00:26:11 +0000 (00:26 +0000)]
added regqueryval command (experimental) to get reg_io_q_info() and
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
Luke Leighton [Tue, 16 Nov 1999 21:14:53 +0000 (21:14 +0000)]
attempting to get nt5 wksta to join domain.
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
Luke Leighton [Tue, 16 Nov 1999 17:27:41 +0000 (17:27 +0000)]
added two new params: "trusted domains" and "trusting domains".
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
Luke Leighton [Tue, 16 Nov 1999 17:25:45 +0000 (17:25 +0000)]
added another dummy key so that NT5 can check in the registry whether
password changes are allowed or not. *dur*!!!!
Luke Leighton [Tue, 16 Nov 1999 17:15:45 +0000 (17:15 +0000)]
oops, mistake in parsing command-arguments. repeated calls to
next_token() should not have line to parse as first arg. oops.
Luke Leighton [Tue, 16 Nov 1999 15:39:09 +0000 (15:39 +0000)]
Shirish Kalele <kalele@veritas.com> noticed that NT workstations are
sending anonymous NTLMSSP user credentials to set up \PIPE\samr.
added anonymous NTLMSSP sessions.
Richard Sharpe [Tue, 16 Nov 1999 14:10:23 +0000 (14:10 +0000)]
Changes to implement NET_AUTH based on NET_AUTH2, to get Win2000
happier in joining a Samba domain.
Luke Leighton [Mon, 15 Nov 1999 23:46:27 +0000 (23:46 +0000)]
added server-side samr enum domains. fixed some parsing issues, server-side.
Luke Leighton [Mon, 15 Nov 1999 22:43:08 +0000 (22:43 +0000)]
added rpcclient "enumdomains" command. enumerates names of domains
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
Luke Leighton [Mon, 15 Nov 1999 22:11:10 +0000 (22:11 +0000)]
- added DCE/RPC "fault" PDU support.
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
Luke Leighton [Fri, 12 Nov 1999 15:37:05 +0000 (15:37 +0000)]
split array-handling functions into separate module.
Luke Leighton [Tue, 9 Nov 1999 19:35:30 +0000 (19:35 +0000)]
debugging rpcclient spoolenum and spooljobs commands. oh, did i forget
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
Luke Leighton [Tue, 9 Nov 1999 17:39:21 +0000 (17:39 +0000)]
riccardo sibilia spotted line 1884 has uint32 group_rid[0] not group_rid[1]
oops!
Luke Leighton [Mon, 8 Nov 1999 22:00:41 +0000 (22:00 +0000)]
preparation for doing a spoolss enum jobs command. had to rewrite
spoolss_enumjobs parsing code to do read / writes not just writes.
Luke Leighton [Mon, 8 Nov 1999 20:58:06 +0000 (20:58 +0000)]
const feeding frenzy
Luke Leighton [Mon, 8 Nov 1999 19:32:05 +0000 (19:32 +0000)]
const feeding frenzy
Tim Potter [Mon, 8 Nov 1999 03:34:35 +0000 (03:34 +0000)]
Fixed typo in automatic printer install share name.
Removed confusing 'writeable = no' parameter from example [printers]
entry.
Luke Leighton [Sat, 6 Nov 1999 22:45:31 +0000 (22:45 +0000)]
horrible code to do SMBwriteX / SMBreadX for large MSRPC reads. ARGH!
Luke Leighton [Sat, 6 Nov 1999 21:25:52 +0000 (21:25 +0000)]
missed mem_grow_data call