archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/tools/autologon/oldsrc/forcemigrate/forcemigrate.c

349 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. forcemigrate.c
  9. Abstract:
  11. forcemigrate.c
  13. Author:
  14. Jason Garms (jasong) 27 October 2000
  17. --*/
  19. #include <shared.h>
  23. //+---------------------------------------------------------------------------------------------------------
  24. //
  25. // Prototypes
  26. //
  27. //+---------------------------------------------------------------------------------------------------------
  29. DWORD
  30. MigratePassword();
  32. DWORD
  33. ListAll();
  35. VOID
  36. DumpCmd();
  39. //+---------------------------------------------------------------------------------------------------------
  40. //
  41. // Globals
  42. //
  43. //+---------------------------------------------------------------------------------------------------------
  44. BOOL g_QuietMode = FALSE;
  45. WCHAR g_TempString[MAX_STRING] = {0};
  46. WCHAR g_ErrorString[MAX_STRING] = {0};
  47. WCHAR g_FailureLocation[MAX_STRING] = {0};
  49. BOOL g_RemoteOperation = FALSE;
  50. WCHAR g_RemoteComputerName[MAX_STRING] = {0};
  51. DWORD g_RunningUsersCreds = 0;
  52. DWORD g_CheckNT4Also = 0;
  54. //+---------------------------------------------------------------------------------------------------------
  55. //
  56. // Functions
  57. //
  58. //+---------------------------------------------------------------------------------------------------------
  61. int
  62. __cdecl
  63. wmain(
  64. int argc,
  65. WCHAR *argv[]
  66. )
  67. {
  68. DWORD dwCommandPosition=1;
  69. DWORD dwRetCode=ERROR_SUCCESS;
  71. // parse the command line params and act on them
  72. // if there's fewer than 2 params, it's not a valid call
  73. if (argc < 2) {
  74. dwRetCode = ERROR_BAD_ARGUMENTS;
  75. goto cleanup;
  76. }
  78. // check to see quietmode is enabled and set global flag
  79. // and increment commandposition pointer, but only if there
  80. // are more arguments to our right, otherwise, it's invalid
  81. // usage
  82. if (!wcscmp(argv[dwCommandPosition], L"-q")) {
  83. g_QuietMode = 1;
  84. dwCommandPosition++;
  85. }
  88. if ((DWORD)argc <= (dwCommandPosition)) {
  89. dwRetCode = ERROR_BAD_ARGUMENTS;
  90. goto cleanup;
  91. }
  93. // check to see if we should try the running user's credentials as well
  94. if (!wcscmp(argv[dwCommandPosition], L"-r")) {
  95. g_RunningUsersCreds = 1;
  96. dwCommandPosition++;
  97. }
  99. if ((DWORD)argc <= (dwCommandPosition)) {
  100. dwRetCode = ERROR_BAD_ARGUMENTS;
  101. goto cleanup;
  102. }
  104. // check to see if we should run against NT4 as well
  105. if (!wcscmp(argv[dwCommandPosition], L"-nt4")) {
  106. g_CheckNT4Also = 1;
  107. dwCommandPosition++;
  108. }
  110. if ((DWORD)argc <= (dwCommandPosition)) {
  111. dwRetCode = ERROR_BAD_ARGUMENTS;
  112. goto cleanup;
  113. }
  115. // check to see if a UNC machine name is passed in for
  116. // remote operation and set the approprite globals
  117. // if there is a UNC path here, then increment commandposition
  118. // pointer, but only if there's more arguments to our right,
  119. // otherwise it's invalid usage.
  120. if ((*(argv[dwCommandPosition]) != '\\')) {
  121. dwRetCode = ERROR_BAD_ARGUMENTS;
  122. goto cleanup;
  123. }
  125. // make sure there's actually some chars to the right of the \\s
  126. if (wcslen(argv[dwCommandPosition])<=2) {
  127. dwRetCode = ERROR_BAD_ARGUMENTS;
  128. goto cleanup;
  129. }
  131. // make sure the machine name fits in our buffer
  132. if (wcslen(argv[dwCommandPosition]) >= MAX_STRING) {
  133. dwRetCode = ERROR_BAD_ARGUMENTS;
  134. goto cleanup;
  135. }
  137. g_RemoteOperation = TRUE;
  138. wcsncpy(g_RemoteComputerName,
  139. argv[dwCommandPosition],
  140. wcslen(argv[dwCommandPosition]));
  142. dwRetCode = MigratePassword();
  144. cleanup:
  145. if (dwRetCode == ERROR_BAD_ARGUMENTS) {
  146. DumpCmd();
  147. }
  148. return dwRetCode;
  149. }
  152. DWORD
  153. MigratePassword()
  154. {
  155. WCHAR UserName[MAX_STRING];
  156. WCHAR DomainName[MAX_STRING];
  157. WCHAR Password[MAX_STRING];
  158. WCHAR ConCat[MAX_STRING];
  159. DWORD dwRetCode = ERROR_SUCCESS;
  160. NETRESOURCE NetResource = {0};
  161. DWORD dwMachineVerNumber = 0;
  163. // Connect to the remote machine to obtain the username, domain, and password
  165. // Make sure it's a Win2k box
  166. dwMachineVerNumber = GetMajorNTVersion(g_RemoteComputerName);
  167. switch (dwMachineVerNumber) {
  168. case 3:
  169. case 4:
  170. if ((dwMachineVerNumber == 4) && (g_CheckNT4Also)) {
  171. break;
  172. } else {
  173. wprintf(L"%s: Error, target is running NT4 and -nt4 option not selected\n", g_RemoteComputerName);
  174. dwRetCode = ERROR_OLD_WIN_VERSION;
  175. goto cleanup;
  176. }
  177. case 5:
  178. break;
  179. default:
  180. wprintf(L"%s: Error target's machine version is invalid\n", g_RemoteComputerName);
  181. dwRetCode = ERROR_OLD_WIN_VERSION;
  182. goto cleanup;
  183. }
  185. wsprintf(g_TempString, L"%s: Beginning Migration: System is running NT%d\n", g_RemoteComputerName, dwMachineVerNumber);
  186. wsprintf(g_TempString, L"%s: DefaultPassword : (reg does not exist)\n", g_RemoteComputerName);
  188. //
  189. // Get the DefaultPassword
  190. //
  191. dwRetCode = GetRegValueSZ(L"DefaultPassword", Password);
  192. switch (dwRetCode) {
  193. // catch this case and continue
  194. case ERROR_FILE_NOT_FOUND:
  195. wsprintf(g_TempString, L"%s: DefaultPassword : (reg does not exist)\n", g_RemoteComputerName);
  196. DisplayMessage(g_TempString);
  197. goto cleanup;
  199. // On success, print the regkey and continue to next item
  200. case ERROR_SUCCESS:
  201. if (!wcscmp(Password, L"")) {
  202. dwRetCode = ERROR_FILE_NOT_FOUND;
  203. wsprintf(g_TempString, L"%s: DefaultPassword : (exists, but is empty)\n", g_RemoteComputerName);
  204. DisplayMessage(g_TempString);
  205. break;
  206. }
  207. wsprintf(g_TempString, L"%s: DefaultPassword : %s\n", g_RemoteComputerName, Password);
  208. DisplayMessage(g_TempString);
  209. break;
  211. // catch all the generic errors and end program
  212. default:
  213. wsprintf(g_TempString, L"DefaultPassword : Failed to query regkey: %s\n", GetErrorString(dwRetCode));
  214. wprintf(L"Flag 3\n", dwRetCode);
  215. goto cleanup;
  216. }
  218. //
  219. // Get the username
  220. //
  221. dwRetCode = GetRegValueSZ(L"DefaultUserName", UserName);
  222. switch (dwRetCode) {
  223. // catch this case and continue
  224. case ERROR_FILE_NOT_FOUND:
  225. wsprintf(g_TempString, L"%s: DefaultUserName : (does not exist)\n", g_RemoteComputerName);
  226. DisplayMessage(g_TempString);
  227. goto cleanup;
  229. // On success, print the regkey and continue to next item
  230. case ERROR_SUCCESS:
  231. wsprintf(g_TempString, L"%s: DefaultUserName : %s\n", g_RemoteComputerName, UserName);
  232. DisplayMessage(g_TempString);
  233. break;
  235. // catch all the generic errors and end program
  236. default:
  237. wsprintf(g_TempString, L"%s: DefaultUserName : Failed to query regkey: %s\n", g_RemoteComputerName, GetErrorString(dwRetCode));
  238. DisplayMessage(g_TempString);
  239. goto cleanup;
  240. }
  242. //
  243. // Get the DefaultDomainName
  244. //
  245. dwRetCode = GetRegValueSZ(L"DefaultDomainName", DomainName);
  246. switch (dwRetCode) {
  247. // catch this case and continue
  248. case ERROR_FILE_NOT_FOUND:
  249. wsprintf(g_TempString, L"%s: DefaultDomainName: (does not exist)\n", g_RemoteComputerName);
  250. DisplayMessage(g_TempString);
  251. goto cleanup;
  253. // On success, print the regkey and continue to next item
  254. case ERROR_SUCCESS:
  255. wsprintf(g_TempString, L"%s: DefaultDomainName: %s\n", g_RemoteComputerName, DomainName);
  256. DisplayMessage(g_TempString);
  257. break;
  259. // catch all the generic errors and end program
  260. default:
  261. wsprintf(g_TempString, L"%s: DefaultDomainName: Failed to query regkey: %s\n", g_RemoteComputerName, GetErrorString(dwRetCode));
  262. DisplayMessage(g_TempString);
  263. goto cleanup;
  264. }
  266. if ((wcslen(DomainName) + wcslen(UserName)) >= MAX_STRING) {
  267. dwRetCode = ERROR_BUFFER_OVERFLOW;
  268. goto cleanup;
  269. }
  271. wcscpy(ConCat, DomainName);
  272. wcscat(ConCat, L"\\");
  273. wcscat(ConCat, UserName);
  275. NetResource.lpRemoteName = g_RemoteComputerName;
  277. dwRetCode = WNetAddConnection2(
  278. &NetResource, // connection details
  279. Password, // password
  280. ConCat, // user name
  281. 0); // connection options
  283. if (dwRetCode != ERROR_SUCCESS) {
  284. if (!g_RunningUsersCreds) {
  285. wprintf(L"%s: Could not logon as %s using password %s\n", g_RemoteComputerName, ConCat, Password);
  286. goto cleanup;
  287. } else {
  288. wprintf(L"Trying with your own credentials\n");
  289. dwRetCode = WNetAddConnection2(
  290. &NetResource, // connection details
  291. NULL, // password
  292. NULL, // user name
  293. 0); // connection options
  294. if (dwRetCode != ERROR_SUCCESS) {
  295. wprintf(L"%s: Could not logon you or as %s using password %s\n", g_RemoteComputerName, ConCat, Password);
  296. goto cleanup;
  297. }
  298. }
  299. }
  301. // Set the DefaultPassword LSAsecret to the value we retrieved from the registry
  302. dwRetCode = SetSecret(Password, 0);
  303. if (dwRetCode != ERROR_SUCCESS) {
  304. wsprintf(g_TempString, L"%s: Migrate Failed: Could not set DefaultPassword LSASecret: %s\n", g_RemoteComputerName, GetErrorString(dwRetCode));
  305. DisplayMessage(g_TempString);
  306. wsprintf(g_TempString, L"%s: This is probably because the user is not the admin of the local machine\n", g_RemoteComputerName);
  307. DisplayMessage(g_TempString);
  308. goto cleanup;
  309. }
  311. // Delete the DefaultPassword registry key
  312. dwRetCode = ClearRegPassword();
  313. if (dwRetCode != ERROR_SUCCESS) {
  314. wsprintf(g_TempString, L"%s: Migrate Failed: Could not delete DefaultPassword RegKey: %s\n", g_RemoteComputerName, GetErrorString(dwRetCode));
  315. DisplayMessage(g_TempString);
  316. goto cleanup;
  317. }
  319. wsprintf(g_TempString, L"%s: Password migrated from Registry to LSASecret\n", g_RemoteComputerName);
  320. DisplayMessage(g_TempString);
  322. cleanup:
  323. if (dwRetCode != ERROR_SUCCESS) {
  324. wsprintf(g_TempString, L"%s: Migrate Failed ---------\n", g_RemoteComputerName);
  325. DisplayMessage(g_TempString);
  326. } else {
  327. wsprintf(g_TempString, L"%s: Migrate Success !!!!!!!!!\n", g_RemoteComputerName);
  328. DisplayMessage(g_TempString);
  329. }
  330. return dwRetCode;
  331. }
  335. VOID
  336. DumpCmd()
  337. {
  338. wprintf(L"FORCEMIGRATE v0.1: Copyright 2000, Microsoft Corporation\n\n");
  339. wprintf(L"DESCRIPTION:\n");
  340. wprintf(L" Force migrates DefaultPassword cleartext to LSASecret\n");
  341. wprintf(L"USAGE:\n");
  342. wprintf(L" FORCEMIGRATE [-q] [-r] [-nt4] \\\\machine\n");
  343. wprintf(L" -q Enable quiet mode, which supresses all output\n");
  344. wprintf(L" -r Try with current user's creds as well as DefaultPassword\n");
  345. wprintf(L" -nt4 Run against NT4 boxes as well\n");
  346. wprintf(L" \\machine If specified, the UNC name of the machine to configure\n");
  347. } // DumpCmd