archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/kerbcli/changepw.cxx

474 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1999
  6. //
  7. // File: changepw.cxx
  8. //
  9. // Contents: Code for KerbSetPassword and KerbChangePassword
  10. //
  11. //
  12. // History: 24-May-1999 MikeSw Created
  13. //
  14. //------------------------------------------------------------------------
  16. #include <nt.h>
  17. #include <ntrtl.h>
  18. #include <nturtl.h>
  19. #include <windows.h>
  20. #include <sspi.h>
  21. #include <ntsecapi.h>
  22. #include <align.h>
  23. #include <dsgetdc.h>
  24. #include <kerbcli.h>
  29. //+-------------------------------------------------------------------------
  30. //
  31. // Function: KerbChangePasswordUserEx
  32. //
  33. // Synopsis: Changes a users password. If the user is logged on,
  34. // it also updates the in-memory password.
  35. //
  36. // Effects:
  37. //
  38. // Arguments:
  39. //
  40. // Requires:
  41. //
  42. // Returns:
  43. //
  44. // Notes:
  45. //
  46. //
  47. //--------------------------------------------------------------------------
  50. NTSTATUS
  51. KerbChangePasswordUser(
  52. IN LPWSTR DomainName,
  53. IN LPWSTR UserName,
  54. IN LPWSTR OldPassword,
  55. IN LPWSTR NewPassword
  56. )
  57. {
  58. NTSTATUS Status;
  59. STRING Name;
  60. HANDLE LogonHandle = NULL;
  61. ULONG PackageId;
  62. PVOID Response = NULL ;
  63. ULONG ResponseSize;
  64. NTSTATUS SubStatus;
  65. PKERB_CHANGEPASSWORD_REQUEST ChangeRequest = NULL;
  66. ULONG ChangeSize;
  67. UNICODE_STRING User,Domain,OldPass,NewPass;
  69. Status = LsaConnectUntrusted(
  70. &LogonHandle
  71. );
  73. if (!NT_SUCCESS(Status))
  74. {
  75. goto Cleanup;
  76. }
  78. RtlInitString(
  79. &Name,
  80. MICROSOFT_KERBEROS_NAME_A
  81. );
  83. Status = LsaLookupAuthenticationPackage(
  84. LogonHandle,
  85. &Name,
  86. &PackageId
  87. );
  88. if (!NT_SUCCESS(Status))
  89. {
  90. goto Cleanup;
  91. }
  93. RtlInitUnicodeString(
  94. &User,
  95. UserName
  96. );
  97. RtlInitUnicodeString(
  98. &Domain,
  99. DomainName
  100. );
  101. RtlInitUnicodeString(
  102. &OldPass,
  103. OldPassword
  104. );
  105. RtlInitUnicodeString(
  106. &NewPass,
  107. NewPassword
  108. );
  110. if ( OldPass.Length > (127*sizeof(WCHAR)) ||
  111. NewPass.Length > (127*sizeof(WCHAR)) )
  112. {
  113. Status = STATUS_NAME_TOO_LONG;
  114. goto Cleanup;
  115. }
  117. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_CHANGEPASSWORD_REQUEST),4)+
  118. User.Length +
  119. Domain.Length +
  120. OldPass.Length +
  121. NewPass.Length ;
  122. ChangeRequest = (PKERB_CHANGEPASSWORD_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  123. if (NULL == ChangeRequest)
  124. {
  125. goto Cleanup;
  126. }
  128. ChangeRequest->MessageType = KerbChangePasswordMessage;
  130. ChangeRequest->AccountName = User;
  131. ChangeRequest->AccountName.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_CHANGEPASSWORD_REQUEST) + (PBYTE) ChangeRequest,4);
  133. RtlCopyMemory(
  134. ChangeRequest->AccountName.Buffer,
  135. User.Buffer,
  136. User.Length
  137. );
  139. ChangeRequest->DomainName = Domain;
  140. ChangeRequest->DomainName.Buffer = ChangeRequest->AccountName.Buffer + ChangeRequest->AccountName.Length / sizeof(WCHAR);
  142. RtlCopyMemory(
  143. ChangeRequest->DomainName.Buffer,
  144. Domain.Buffer,
  145. Domain.Length
  146. );
  148. ChangeRequest->OldPassword = OldPass;
  149. ChangeRequest->OldPassword.Buffer = ChangeRequest->DomainName.Buffer + ChangeRequest->DomainName.Length / sizeof(WCHAR);
  151. RtlCopyMemory(
  152. ChangeRequest->OldPassword.Buffer,
  153. OldPass.Buffer,
  154. OldPass.Length
  155. );
  157. ChangeRequest->NewPassword = NewPass;
  158. ChangeRequest->NewPassword.Buffer = ChangeRequest->OldPassword.Buffer + ChangeRequest->OldPassword.Length / sizeof(WCHAR);
  160. RtlCopyMemory(
  161. ChangeRequest->NewPassword.Buffer,
  162. NewPass.Buffer,
  163. NewPass.Length
  164. );
  167. //
  168. // We are running as the caller, so state we are impersonating
  169. //
  171. ChangeRequest->Impersonating = TRUE;
  173. Status = LsaCallAuthenticationPackage(
  174. LogonHandle,
  175. PackageId,
  176. ChangeRequest,
  177. ChangeSize,
  178. &Response,
  179. &ResponseSize,
  180. &SubStatus
  181. );
  182. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  183. {
  184. if (NT_SUCCESS(Status))
  185. {
  186. Status = SubStatus;
  187. }
  188. goto Cleanup;
  189. }
  191. Cleanup:
  193. if (LogonHandle != NULL)
  194. {
  195. LsaDeregisterLogonProcess(LogonHandle);
  196. }
  198. if (Response != NULL)
  199. {
  200. LsaFreeReturnBuffer(Response);
  201. }
  203. if (ChangeRequest != NULL)
  204. {
  205. LocalFree(ChangeRequest);
  206. }
  207. return(Status);
  208. }
  211. //+-------------------------------------------------------------------------
  212. //
  213. // Function: KerbSetPasswordUserEx
  214. //
  215. // Synopsis: Sets a password for a user in the specified domain
  216. //
  217. // Effects:
  218. //
  219. // Arguments:
  220. //
  221. // Requires:
  222. //
  223. // Returns:
  224. //
  225. // Notes:
  226. //
  227. //
  228. //--------------------------------------------------------------------------
  231. NTSTATUS
  232. KerbSetPasswordUserEx(
  233. IN LPWSTR DomainName,
  234. IN LPWSTR UserName,
  235. IN LPWSTR NewPassword,
  236. IN OPTIONAL PCredHandle CredentialsHandle,
  237. IN OPTIONAL LPWSTR KdcAddress
  238. )
  239. {
  240. NTSTATUS Status;
  241. STRING Name;
  242. HANDLE LogonHandle = NULL;
  243. ULONG PackageId;
  244. PVOID Response = NULL;
  245. ULONG ResponseSize;
  246. KERB_PROTOCOL_MESSAGE_TYPE MessageType = KerbSetPasswordMessage;
  247. NTSTATUS SubStatus;
  248. PKERB_SETPASSWORD_EX_REQUEST SetRequest = NULL;
  249. ULONG ChangeSize;
  250. UNICODE_STRING User, Domain, NewPass, KdcAddr, ClientName, ClientRealm;
  252. // If you supply a KdcAddress, you must supply name type
  253. if (ARGUMENT_PRESENT(KdcAddress))
  254. {
  255. MessageType = KerbSetPasswordExMessage;
  257. RtlInitUnicodeString(
  258. &KdcAddr,
  259. KdcAddress
  260. );
  261. }
  262. else
  263. {
  264. RtlInitUnicodeString(
  265. &KdcAddr,
  266. NULL
  267. );
  268. }
  270. Status = LsaConnectUntrusted(
  271. &LogonHandle
  272. );
  274. if (!NT_SUCCESS(Status))
  275. {
  276. goto Cleanup;
  277. }
  279. RtlInitString(
  280. &Name,
  281. MICROSOFT_KERBEROS_NAME_A
  282. );
  283. Status = LsaLookupAuthenticationPackage(
  284. LogonHandle,
  285. &Name,
  286. &PackageId
  287. );
  288. if (!NT_SUCCESS(Status))
  289. {
  290. goto Cleanup;
  291. }
  293. RtlInitUnicodeString(
  294. &User,
  295. UserName
  296. );
  297. RtlInitUnicodeString(
  298. &Domain,
  299. DomainName
  300. );
  301. RtlInitUnicodeString(
  302. &NewPass,
  303. NewPassword
  304. );
  306. // These aren't used here (yet)
  307. RtlInitUnicodeString(
  308. &ClientName,
  309. NULL
  310. );
  312. RtlInitUnicodeString(
  313. &ClientRealm,
  314. NULL
  315. );
  317. if ( NewPass.Length > (127 * sizeof(WCHAR)) )
  318. {
  319. Status = STATUS_NAME_TOO_LONG;
  320. goto Cleanup;
  321. }
  323. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_SETPASSWORD_EX_REQUEST),4)+
  324. User.Length +
  325. Domain.Length +
  326. NewPass.Length +
  327. KdcAddr.Length +
  328. ClientName.Length +
  329. ClientRealm.Length;
  331. SetRequest = (PKERB_SETPASSWORD_EX_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  332. if (NULL == SetRequest)
  333. {
  334. goto Cleanup;
  335. }
  337. SetRequest->MessageType = MessageType;
  338. SetRequest->KdcAddressType = DS_UNKNOWN_ADDRESS_TYPE;
  339. SetRequest->AccountRealm = Domain;
  340. SetRequest->AccountRealm.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_SETPASSWORD_EX_REQUEST) + (PBYTE) SetRequest,4);
  342. RtlCopyMemory(
  343. SetRequest->AccountRealm.Buffer,
  344. Domain.Buffer,
  345. Domain.Length
  346. );
  348. SetRequest->AccountName = User;
  349. SetRequest->AccountName.Buffer = SetRequest->AccountRealm.Buffer + SetRequest->AccountRealm.Length / sizeof(WCHAR);
  351. RtlCopyMemory(
  352. SetRequest->AccountName.Buffer,
  353. User.Buffer,
  354. User.Length
  355. );
  358. SetRequest->Password = NewPass;
  359. SetRequest->Password.Buffer = SetRequest->AccountName.Buffer + SetRequest->AccountName.Length / sizeof(WCHAR);
  361. RtlCopyMemory(
  362. SetRequest->Password.Buffer,
  363. NewPass.Buffer,
  364. NewPass.Length
  365. );
  367. // Not yet implemented
  368. SetRequest->ClientRealm = ClientRealm;
  369. SetRequest->ClientRealm.Buffer = SetRequest->Password.Buffer + SetRequest->Password.Length / sizeof(WCHAR);
  371. RtlCopyMemory(
  372. SetRequest->ClientRealm.Buffer,
  373. ClientRealm.Buffer,
  374. ClientRealm.Length
  375. );
  377. SetRequest->ClientName = ClientName;
  378. SetRequest->ClientName.Buffer = SetRequest->ClientRealm.Buffer + SetRequest->ClientRealm.Length / sizeof(WCHAR);
  380. RtlCopyMemory(
  381. SetRequest->ClientName.Buffer,
  382. ClientName.Buffer,
  383. ClientName.Length
  384. );
  385. //
  387. SetRequest->KdcAddress = KdcAddr;
  388. SetRequest->KdcAddress.Buffer = SetRequest->ClientRealm.Buffer + SetRequest->ClientRealm.Length / sizeof(WCHAR);
  390. RtlCopyMemory(
  391. SetRequest->KdcAddress.Buffer,
  392. KdcAddr.Buffer,
  393. KdcAddr.Length
  394. );
  396. if (ARGUMENT_PRESENT(CredentialsHandle))
  397. {
  398. SetRequest->CredentialsHandle = *CredentialsHandle;
  399. SetRequest->Flags |= KERB_SETPASS_USE_CREDHANDLE;
  400. }
  402. Status = LsaCallAuthenticationPackage(
  403. LogonHandle,
  404. PackageId,
  405. SetRequest,
  406. ChangeSize,
  407. &Response,
  408. &ResponseSize,
  409. &SubStatus
  410. );
  411. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  412. {
  413. if (NT_SUCCESS(Status))
  414. {
  415. Status = SubStatus;
  416. }
  417. goto Cleanup;
  418. }
  420. Cleanup:
  422. if (LogonHandle != NULL)
  423. {
  424. LsaDeregisterLogonProcess(LogonHandle);
  425. }
  427. if (Response != NULL)
  428. {
  429. LsaFreeReturnBuffer(Response);
  430. }
  432. if (SetRequest != NULL)
  433. {
  434. LocalFree(SetRequest);
  435. }
  436. return(Status);
  437. }
  439. //+-------------------------------------------------------------------------
  440. //
  441. // Function: KerbSetPasswordUser
  442. //
  443. // Synopsis: Sets a password for a user in the specified domain
  444. //
  445. // Effects:
  446. //
  447. // Arguments:
  448. //
  449. // Requires:
  450. //
  451. // Returns:
  452. //
  453. // Notes:
  454. //
  455. //
  456. //--------------------------------------------------------------------------
  457. NTSTATUS
  458. KerbSetPasswordUser(
  459. IN LPWSTR DomainName,
  460. IN LPWSTR UserName,
  461. IN LPWSTR NewPassword,
  462. IN OPTIONAL PCredHandle CredentialsHandle
  463. )
  464. {
  466. return(KerbSetPasswordUserEx(
  467. DomainName,
  468. UserName,
  469. NewPassword,
  470. CredentialsHandle,
  471. NULL
  472. ));
  473. }