archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
3.8 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/kerbcli/changepw.cxx

478 lines
11 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1999
  6. //
  7. // File: changepw.cxx
  8. //
  9. // Contents: Code for KerbSetPassword and KerbChangePassword
  10. //
  11. //
  12. // History: 24-May-1999 MikeSw Created
  13. //
  14. //------------------------------------------------------------------------
  16. #include <nt.h>
  17. #include <ntrtl.h>
  18. #include <nturtl.h>
  19. #include <windows.h>
  20. #include <sspi.h>
  21. #include <ntsecapi.h>
  22. #include <align.h>
  23. #include <dsgetdc.h>
  24. #include <kerbcli.h>
  29. //+-------------------------------------------------------------------------
  30. //
  31. // Function: KerbChangePasswordUserEx
  32. //
  33. // Synopsis: Changes a users password. If the user is logged on,
  34. // it also updates the in-memory password.
  35. //
  36. // Effects:
  37. //
  38. // Arguments:
  39. //
  40. // Requires:
  41. //
  42. // Returns:
  43. //
  44. // Notes:
  45. //
  46. //
  47. //--------------------------------------------------------------------------
  50. NTSTATUS
  51. KerbChangePasswordUser(
  52. IN LPWSTR DomainName,
  53. IN LPWSTR UserName,
  54. IN LPWSTR OldPassword,
  55. IN LPWSTR NewPassword
  56. )
  57. {
  58. NTSTATUS Status;
  59. BOOLEAN WasEnabled;
  60. STRING Name;
  61. ULONG Dummy;
  62. HANDLE LogonHandle = NULL;
  63. ULONG PackageId;
  64. PVOID Response = NULL ;
  65. ULONG ResponseSize;
  66. NTSTATUS SubStatus;
  67. PKERB_CHANGEPASSWORD_REQUEST ChangeRequest = NULL;
  68. ULONG ChangeSize;
  69. UNICODE_STRING User,Domain,OldPass,NewPass;
  71. Status = LsaConnectUntrusted(
  72. &LogonHandle
  73. );
  75. if (!NT_SUCCESS(Status))
  76. {
  77. goto Cleanup;
  78. }
  80. RtlInitString(
  81. &Name,
  82. MICROSOFT_KERBEROS_NAME_A
  83. );
  85. Status = LsaLookupAuthenticationPackage(
  86. LogonHandle,
  87. &Name,
  88. &PackageId
  89. );
  90. if (!NT_SUCCESS(Status))
  91. {
  92. goto Cleanup;
  93. }
  95. RtlInitUnicodeString(
  96. &User,
  97. UserName
  98. );
  99. RtlInitUnicodeString(
  100. &Domain,
  101. DomainName
  102. );
  103. RtlInitUnicodeString(
  104. &OldPass,
  105. OldPassword
  106. );
  107. RtlInitUnicodeString(
  108. &NewPass,
  109. NewPassword
  110. );
  112. if ( OldPass.Length > (127*sizeof(WCHAR)) ||
  113. NewPass.Length > (127*sizeof(WCHAR)) )
  114. {
  115. Status = STATUS_NAME_TOO_LONG;
  116. goto Cleanup;
  117. }
  119. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_CHANGEPASSWORD_REQUEST),4)+
  120. User.Length +
  121. Domain.Length +
  122. OldPass.Length +
  123. NewPass.Length ;
  124. ChangeRequest = (PKERB_CHANGEPASSWORD_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  125. if (NULL == ChangeRequest)
  126. {
  127. goto Cleanup;
  128. }
  130. ChangeRequest->MessageType = KerbChangePasswordMessage;
  132. ChangeRequest->AccountName = User;
  133. ChangeRequest->AccountName.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_CHANGEPASSWORD_REQUEST) + (PBYTE) ChangeRequest,4);
  135. RtlCopyMemory(
  136. ChangeRequest->AccountName.Buffer,
  137. User.Buffer,
  138. User.Length
  139. );
  141. ChangeRequest->DomainName = Domain;
  142. ChangeRequest->DomainName.Buffer = ChangeRequest->AccountName.Buffer + ChangeRequest->AccountName.Length / sizeof(WCHAR);
  144. RtlCopyMemory(
  145. ChangeRequest->DomainName.Buffer,
  146. Domain.Buffer,
  147. Domain.Length
  148. );
  150. ChangeRequest->OldPassword = OldPass;
  151. ChangeRequest->OldPassword.Buffer = ChangeRequest->DomainName.Buffer + ChangeRequest->DomainName.Length / sizeof(WCHAR);
  153. RtlCopyMemory(
  154. ChangeRequest->OldPassword.Buffer,
  155. OldPass.Buffer,
  156. OldPass.Length
  157. );
  159. ChangeRequest->NewPassword = NewPass;
  160. ChangeRequest->NewPassword.Buffer = ChangeRequest->OldPassword.Buffer + ChangeRequest->OldPassword.Length / sizeof(WCHAR);
  162. RtlCopyMemory(
  163. ChangeRequest->NewPassword.Buffer,
  164. NewPass.Buffer,
  165. NewPass.Length
  166. );
  169. //
  170. // We are running as the caller, so state we are impersonating
  171. //
  173. ChangeRequest->Impersonating = TRUE;
  175. Status = LsaCallAuthenticationPackage(
  176. LogonHandle,
  177. PackageId,
  178. ChangeRequest,
  179. ChangeSize,
  180. &Response,
  181. &ResponseSize,
  182. &SubStatus
  183. );
  184. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  185. {
  186. if (NT_SUCCESS(Status))
  187. {
  188. Status = SubStatus;
  189. }
  190. goto Cleanup;
  191. }
  193. Cleanup:
  195. if (LogonHandle != NULL)
  196. {
  197. LsaDeregisterLogonProcess(LogonHandle);
  198. }
  200. if (Response != NULL)
  201. {
  202. LsaFreeReturnBuffer(Response);
  203. }
  205. if (ChangeRequest != NULL)
  206. {
  207. LocalFree(ChangeRequest);
  208. }
  209. return(Status);
  210. }
  213. //+-------------------------------------------------------------------------
  214. //
  215. // Function: KerbSetPasswordUserEx
  216. //
  217. // Synopsis: Sets a password for a user in the specified domain
  218. //
  219. // Effects:
  220. //
  221. // Arguments:
  222. //
  223. // Requires:
  224. //
  225. // Returns:
  226. //
  227. // Notes:
  228. //
  229. //
  230. //--------------------------------------------------------------------------
  233. NTSTATUS
  234. KerbSetPasswordUserEx(
  235. IN LPWSTR DomainName,
  236. IN LPWSTR UserName,
  237. IN LPWSTR NewPassword,
  238. IN OPTIONAL PCredHandle CredentialsHandle,
  239. IN OPTIONAL LPWSTR KdcAddress
  240. )
  241. {
  242. NTSTATUS Status;
  243. BOOLEAN WasEnabled;
  244. STRING Name;
  245. ULONG Dummy;
  246. HANDLE LogonHandle = NULL;
  247. ULONG PackageId;
  248. PVOID Response = NULL;
  249. ULONG ResponseSize;
  250. KERB_PROTOCOL_MESSAGE_TYPE MessageType = KerbSetPasswordMessage;
  251. NTSTATUS SubStatus;
  252. PKERB_SETPASSWORD_EX_REQUEST SetRequest = NULL;
  253. ULONG ChangeSize;
  254. UNICODE_STRING User,Domain,OldPass,NewPass, KdcAddr, ClientName, ClientRealm;
  256. // If you supply a KdcAddress, you must supply name type
  257. if (ARGUMENT_PRESENT(KdcAddress))
  258. {
  259. MessageType = KerbSetPasswordExMessage;
  261. RtlInitUnicodeString(
  262. &KdcAddr,
  263. KdcAddress
  264. );
  265. }
  266. else
  267. {
  268. RtlInitUnicodeString(
  269. &KdcAddr,
  270. NULL
  271. );
  272. }
  274. Status = LsaConnectUntrusted(
  275. &LogonHandle
  276. );
  278. if (!NT_SUCCESS(Status))
  279. {
  280. goto Cleanup;
  281. }
  283. RtlInitString(
  284. &Name,
  285. MICROSOFT_KERBEROS_NAME_A
  286. );
  287. Status = LsaLookupAuthenticationPackage(
  288. LogonHandle,
  289. &Name,
  290. &PackageId
  291. );
  292. if (!NT_SUCCESS(Status))
  293. {
  294. goto Cleanup;
  295. }
  297. RtlInitUnicodeString(
  298. &User,
  299. UserName
  300. );
  301. RtlInitUnicodeString(
  302. &Domain,
  303. DomainName
  304. );
  305. RtlInitUnicodeString(
  306. &NewPass,
  307. NewPassword
  308. );
  310. // These aren't used here (yet)
  311. RtlInitUnicodeString(
  312. &ClientName,
  313. NULL
  314. );
  316. RtlInitUnicodeString(
  317. &ClientRealm,
  318. NULL
  319. );
  321. if ( NewPass.Length > (127 * sizeof(WCHAR)) )
  322. {
  323. Status = STATUS_NAME_TOO_LONG;
  324. goto Cleanup;
  325. }
  327. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_SETPASSWORD_EX_REQUEST),4)+
  328. User.Length +
  329. Domain.Length +
  330. NewPass.Length +
  331. KdcAddr.Length +
  332. ClientName.Length +
  333. ClientRealm.Length;
  335. SetRequest = (PKERB_SETPASSWORD_EX_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  336. if (NULL == SetRequest)
  337. {
  338. goto Cleanup;
  339. }
  341. SetRequest->MessageType = MessageType;
  342. SetRequest->KdcAddressType = DS_UNKNOWN_ADDRESS_TYPE;
  343. SetRequest->AccountRealm = Domain;
  344. SetRequest->AccountRealm.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_SETPASSWORD_EX_REQUEST) + (PBYTE) SetRequest,4);
  346. RtlCopyMemory(
  347. SetRequest->AccountRealm.Buffer,
  348. Domain.Buffer,
  349. Domain.Length
  350. );
  352. SetRequest->AccountName = User;
  353. SetRequest->AccountName.Buffer = SetRequest->AccountRealm.Buffer + SetRequest->AccountRealm.Length / sizeof(WCHAR);
  355. RtlCopyMemory(
  356. SetRequest->AccountName.Buffer,
  357. User.Buffer,
  358. User.Length
  359. );
  362. SetRequest->Password = NewPass;
  363. SetRequest->Password.Buffer = SetRequest->AccountName.Buffer + SetRequest->AccountName.Length / sizeof(WCHAR);
  365. RtlCopyMemory(
  366. SetRequest->Password.Buffer,
  367. NewPass.Buffer,
  368. NewPass.Length
  369. );
  371. // Not yet implemented
  372. SetRequest->ClientRealm = ClientRealm;
  373. SetRequest->ClientRealm.Buffer = SetRequest->Password.Buffer + SetRequest->Password.Length / sizeof(WCHAR);
  375. RtlCopyMemory(
  376. SetRequest->ClientRealm.Buffer,
  377. ClientRealm.Buffer,
  378. ClientRealm.Length
  379. );
  381. SetRequest->ClientName = ClientName;
  382. SetRequest->ClientName.Buffer = SetRequest->ClientRealm.Buffer + SetRequest->ClientRealm.Length / sizeof(WCHAR);
  384. RtlCopyMemory(
  385. SetRequest->ClientName.Buffer,
  386. ClientName.Buffer,
  387. ClientName.Length
  388. );
  389. //
  391. SetRequest->KdcAddress = KdcAddr;
  392. SetRequest->KdcAddress.Buffer = SetRequest->ClientRealm.Buffer + SetRequest->ClientRealm.Length / sizeof(WCHAR);
  394. RtlCopyMemory(
  395. SetRequest->KdcAddress.Buffer,
  396. KdcAddr.Buffer,
  397. KdcAddr.Length
  398. );
  400. if (ARGUMENT_PRESENT(CredentialsHandle))
  401. {
  402. SetRequest->CredentialsHandle = *CredentialsHandle;
  403. SetRequest->Flags |= KERB_SETPASS_USE_CREDHANDLE;
  404. }
  406. Status = LsaCallAuthenticationPackage(
  407. LogonHandle,
  408. PackageId,
  409. SetRequest,
  410. ChangeSize,
  411. &Response,
  412. &ResponseSize,
  413. &SubStatus
  414. );
  415. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  416. {
  417. if (NT_SUCCESS(Status))
  418. {
  419. Status = SubStatus;
  420. }
  421. goto Cleanup;
  422. }
  424. Cleanup:
  426. if (LogonHandle != NULL)
  427. {
  428. LsaDeregisterLogonProcess(LogonHandle);
  429. }
  431. if (Response != NULL)
  432. {
  433. LsaFreeReturnBuffer(Response);
  434. }
  436. if (SetRequest != NULL)
  437. {
  438. LocalFree(SetRequest);
  439. }
  440. return(Status);
  441. }
  443. //+-------------------------------------------------------------------------
  444. //
  445. // Function: KerbSetPasswordUser
  446. //
  447. // Synopsis: Sets a password for a user in the specified domain
  448. //
  449. // Effects:
  450. //
  451. // Arguments:
  452. //
  453. // Requires:
  454. //
  455. // Returns:
  456. //
  457. // Notes:
  458. //
  459. //
  460. //--------------------------------------------------------------------------
  461. NTSTATUS
  462. KerbSetPasswordUser(
  463. IN LPWSTR DomainName,
  464. IN LPWSTR UserName,
  465. IN LPWSTR NewPassword,
  466. IN OPTIONAL PCredHandle CredentialsHandle
  467. )
  468. {
  470. return(KerbSetPasswordUserEx(
  471. DomainName,
  472. UserName,
  473. NewPassword,
  474. CredentialsHandle,
  475. NULL
  476. ));
  477. }