You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
330 lines
7.8 KiB
330 lines
7.8 KiB
/*++
|
|
|
|
Copyright (c) 1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
setpwd.c
|
|
|
|
Abstract:
|
|
|
|
Test for SamiChangePasswordUser NT security API.
|
|
|
|
Author:
|
|
|
|
Ovidiu Temereanca 17-Mar-2000 Initial implementation
|
|
|
|
Revision History:
|
|
|
|
|
|
|
|
--*/
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#undef DOMAIN_ALL_ACCESS // defined in both ntsam.h and ntwinapi.h
|
|
#include <ntsam.h>
|
|
#include <ntlsa.h>
|
|
|
|
#include <windef.h>
|
|
#include <winbase.h>
|
|
|
|
#include <align.h>
|
|
#include <lm.h>
|
|
#include <lmapibuf.h>
|
|
#include <lmaccess.h>
|
|
#include <lmerr.h>
|
|
#include <limits.h>
|
|
#include <rpcutil.h>
|
|
#include <secobj.h>
|
|
#include <stddef.h>
|
|
#include <ntdsapi.h>
|
|
#include <dsgetdc.h>
|
|
|
|
#include <windows.h>
|
|
#include <setupapi.h>
|
|
|
|
#include "common.h"
|
|
#include "migutil.h"
|
|
#include "encrypt.h"
|
|
|
|
#include <ntsamp.h>
|
|
|
|
|
|
DWORD
|
|
CreateLocalAccount (
|
|
IN PWSTR User,
|
|
IN PWSTR OldPassword,
|
|
IN PWSTR NewPassword,
|
|
IN BOOL EncryptedPwd
|
|
);
|
|
|
|
|
|
HINSTANCE g_hInst;
|
|
HANDLE g_hHeap;
|
|
|
|
typedef BOOL (WINAPI INITROUTINE_PROTOTYPE)(HINSTANCE, DWORD, LPVOID);
|
|
|
|
INITROUTINE_PROTOTYPE MigUtil_Entry;
|
|
|
|
BOOL
|
|
Init (
|
|
VOID
|
|
)
|
|
{
|
|
HINSTANCE hInstance;
|
|
DWORD dwReason;
|
|
PVOID lpReserved;
|
|
|
|
//
|
|
// Simulate DllMain
|
|
//
|
|
|
|
g_hInst = GetModuleHandle (NULL);
|
|
g_hHeap = GetProcessHeap();
|
|
|
|
hInstance = GetModuleHandle (NULL);
|
|
dwReason = DLL_PROCESS_ATTACH;
|
|
lpReserved = NULL;
|
|
|
|
//
|
|
// Initialize DLL globals
|
|
//
|
|
|
|
if (!MigUtil_Entry (g_hInst, DLL_PROCESS_ATTACH, NULL)) {
|
|
_tprintf (TEXT("MigUtil failed initializing\n"));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
VOID
|
|
Terminate (
|
|
VOID
|
|
)
|
|
{
|
|
HINSTANCE hInstance;
|
|
DWORD dwReason;
|
|
PVOID lpReserved;
|
|
|
|
//
|
|
// Simulate DllMain
|
|
//
|
|
|
|
hInstance = GetModuleHandle (NULL);
|
|
dwReason = DLL_PROCESS_DETACH;
|
|
lpReserved = NULL;
|
|
|
|
//
|
|
// Call the exit routine that requires library APIs
|
|
//
|
|
|
|
MigUtil_Entry (g_hInst, DLL_PROCESS_DETACH, NULL);
|
|
}
|
|
|
|
|
|
INT
|
|
__cdecl
|
|
_tmain (
|
|
INT argc,
|
|
TCHAR *argv[]
|
|
)
|
|
{
|
|
NTSTATUS rc;
|
|
PWSTR oldHash, newHash;
|
|
BOOL encrypted;
|
|
INT i;
|
|
|
|
if (argc < 4) {
|
|
_tprintf (TEXT("Usage:\n")
|
|
TEXT(" setpwd [/e] <LocalUserName> <oldpwd_hash> <newpwd_hash>\n")
|
|
TEXT(" /e - if specified, password is a hash value; otherwise it's in clear")
|
|
TEXT("Use quotes if any arg contains spaces\n")
|
|
TEXT("Use dot as a placeholder for the empty password hash value\n")
|
|
);
|
|
return 1;
|
|
}
|
|
|
|
if (!Init()) {
|
|
_tprintf (TEXT("Unable to initialize!\n"));
|
|
return 2;
|
|
}
|
|
|
|
if ((argv[1][0] == TEXT('/') || argv[1][0] == TEXT('-')) &&
|
|
_totlower(argv[1][1]) == TEXT('e')
|
|
) {
|
|
encrypted = TRUE;
|
|
i = 2;
|
|
} else {
|
|
encrypted = FALSE;
|
|
i = 1;
|
|
}
|
|
|
|
if (StringMatch (argv[i + 1], TEXT("."))) {
|
|
oldHash = NULL;
|
|
} else {
|
|
oldHash = argv[i + 1];
|
|
}
|
|
if (StringMatch (argv[i + 2], TEXT("."))) {
|
|
newHash = NULL;
|
|
} else {
|
|
newHash = argv[i + 2];
|
|
}
|
|
|
|
rc = CreateLocalAccount (argv[i], oldHash, newHash, encrypted);
|
|
if (rc != NO_ERROR) {
|
|
_tprintf (TEXT("CreateLocalAccount failed (status = %lu)\n"), rc);
|
|
}
|
|
|
|
Terminate();
|
|
|
|
return rc;
|
|
}
|
|
|
|
|
|
DWORD
|
|
CreateLocalAccount (
|
|
IN PWSTR User,
|
|
IN PWSTR OldPassword,
|
|
IN PWSTR NewPassword,
|
|
IN BOOL EncryptedPwd
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
CreateLocalAccount creates an account for a local user
|
|
|
|
Arguments:
|
|
|
|
Properties - Specifies a set of attributes for a user
|
|
|
|
User - An optional name to override Properties->User
|
|
|
|
Return value:
|
|
|
|
A Win32 error code
|
|
|
|
--*/
|
|
|
|
{
|
|
USER_INFO_3 ui;
|
|
PUSER_INFO_3 ExistingInfo;
|
|
DWORD rc;
|
|
LONG ErrParam;
|
|
|
|
//
|
|
// Create local account
|
|
//
|
|
|
|
ZeroMemory (&ui, sizeof (ui));
|
|
ui.usri3_name = User;
|
|
ui.usri3_password = EncryptedPwd ? TEXT("GigiMarga@123456") : NewPassword;
|
|
ui.usri3_comment = TEXT("TestAccount");
|
|
ui.usri3_full_name = TEXT("Full name");
|
|
|
|
ui.usri3_priv = USER_PRIV_USER;
|
|
ui.usri3_flags = UF_SCRIPT|UF_NORMAL_ACCOUNT;
|
|
ui.usri3_acct_expires = TIMEQ_FOREVER;
|
|
ui.usri3_max_storage = USER_MAXSTORAGE_UNLIMITED;
|
|
|
|
ui.usri3_primary_group_id = DOMAIN_GROUP_RID_USERS;
|
|
ui.usri3_max_storage = USER_MAXSTORAGE_UNLIMITED;
|
|
ui.usri3_acct_expires = TIMEQ_FOREVER;
|
|
|
|
ui.usri3_password_expired = FALSE;
|
|
|
|
rc = NetUserDel (NULL, User);
|
|
rc = NetUserAdd (NULL, 3, (PBYTE) &ui, &ErrParam);
|
|
|
|
if (rc == ERROR_SUCCESS) {
|
|
if (EncryptedPwd) {
|
|
//
|
|
// change user's password using encrypted password APIs
|
|
//
|
|
rc = SetLocalUserEncryptedPassword (
|
|
User,
|
|
TEXT("aad3b435b51404eeaad3b435b51404ee64d208a23ff2f0482eb02f6f267e97ea"),
|
|
TRUE,
|
|
NewPassword,
|
|
TRUE
|
|
);
|
|
if (rc != ERROR_SUCCESS) {
|
|
DEBUGMSG ((
|
|
DBG_WARNING,
|
|
"Can't set encrypted password on user %s, rc=%u",
|
|
User,
|
|
rc
|
|
));
|
|
|
|
rc = ERROR_SUCCESS;
|
|
}
|
|
}
|
|
} else {
|
|
if (rc == NERR_UserExists) {
|
|
//
|
|
// Try to change password if user already exists and this is the intent
|
|
//
|
|
|
|
DEBUGMSG ((DBG_WARNING, "User %s already exists", User));
|
|
|
|
if (EncryptedPwd) {
|
|
rc = SetLocalUserEncryptedPassword (
|
|
User,
|
|
TEXT("65c5c4e1e98d8bada13f0882c43aca5810fec09fb8c9d1b9d065c2d6d75fc582"),
|
|
TRUE,
|
|
NewPassword,
|
|
TRUE
|
|
);
|
|
if (rc != ERROR_SUCCESS) {
|
|
DEBUGMSG ((
|
|
DBG_WARNING,
|
|
"Can't set encrypted password on user %s, rc=%u",
|
|
User,
|
|
rc
|
|
));
|
|
|
|
rc = ERROR_SUCCESS;
|
|
}
|
|
} else {
|
|
rc = NetUserGetInfo (NULL, User, 3, (PBYTE *) &ExistingInfo);
|
|
if (rc == ERROR_SUCCESS) {
|
|
ExistingInfo->usri3_password = ui.usri3_password;
|
|
ExistingInfo->usri3_comment = ui.usri3_comment;
|
|
ExistingInfo->usri3_full_name = ui.usri3_full_name;
|
|
ExistingInfo->usri3_flags = ui.usri3_flags;
|
|
ExistingInfo->usri3_password_expired = ui.usri3_password_expired;
|
|
|
|
rc = NetUserSetInfo (NULL, User, 3, (PBYTE) ExistingInfo, &ErrParam);
|
|
|
|
NetApiBufferFree ((PVOID) ExistingInfo);
|
|
|
|
if (rc != ERROR_SUCCESS) {
|
|
DEBUGMSG ((
|
|
DBG_WARNING,
|
|
"Can't set info on user %s, rc=%u, ErrParam=%u",
|
|
User,
|
|
rc,
|
|
ErrParam
|
|
));
|
|
|
|
rc = ERROR_SUCCESS;
|
|
}
|
|
} else {
|
|
DEBUGMSG ((DBG_WARNING, "Can't get info for user %s, rc=%u", User, rc));
|
|
rc = ERROR_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (rc != ERROR_SUCCESS) {
|
|
SetLastError (rc);
|
|
LOG ((LOG_ERROR, "NetUserAdd failed for %s. ErrParam=%i.", User, ErrParam));
|
|
}
|
|
|
|
return rc;
|
|
}
|