/*++ Copyright (c) 1996 Microsoft Corporation Module Name: setpwd.c Abstract: Test for SamiChangePasswordUser NT security API. Author: Ovidiu Temereanca 17-Mar-2000 Initial implementation Revision History: --*/ #include #include #include #undef DOMAIN_ALL_ACCESS // defined in both ntsam.h and ntwinapi.h #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "common.h" #include "migutil.h" #include "encrypt.h" #include DWORD CreateLocalAccount ( IN PWSTR User, IN PWSTR OldPassword, IN PWSTR NewPassword, IN BOOL EncryptedPwd ); HINSTANCE g_hInst; HANDLE g_hHeap; typedef BOOL (WINAPI INITROUTINE_PROTOTYPE)(HINSTANCE, DWORD, LPVOID); INITROUTINE_PROTOTYPE MigUtil_Entry; BOOL Init ( VOID ) { HINSTANCE hInstance; DWORD dwReason; PVOID lpReserved; // // Simulate DllMain // g_hInst = GetModuleHandle (NULL); g_hHeap = GetProcessHeap(); hInstance = GetModuleHandle (NULL); dwReason = DLL_PROCESS_ATTACH; lpReserved = NULL; // // Initialize DLL globals // if (!MigUtil_Entry (g_hInst, DLL_PROCESS_ATTACH, NULL)) { _tprintf (TEXT("MigUtil failed initializing\n")); return FALSE; } return TRUE; } VOID Terminate ( VOID ) { HINSTANCE hInstance; DWORD dwReason; PVOID lpReserved; // // Simulate DllMain // hInstance = GetModuleHandle (NULL); dwReason = DLL_PROCESS_DETACH; lpReserved = NULL; // // Call the exit routine that requires library APIs // MigUtil_Entry (g_hInst, DLL_PROCESS_DETACH, NULL); } INT __cdecl _tmain ( INT argc, TCHAR *argv[] ) { NTSTATUS rc; PWSTR oldHash, newHash; BOOL encrypted; INT i; if (argc < 4) { _tprintf (TEXT("Usage:\n") TEXT(" setpwd [/e] \n") TEXT(" /e - if specified, password is a hash value; otherwise it's in clear") TEXT("Use quotes if any arg contains spaces\n") TEXT("Use dot as a placeholder for the empty password hash value\n") ); return 1; } if (!Init()) { _tprintf (TEXT("Unable to initialize!\n")); return 2; } if ((argv[1][0] == TEXT('/') || argv[1][0] == TEXT('-')) && _totlower(argv[1][1]) == TEXT('e') ) { encrypted = TRUE; i = 2; } else { encrypted = FALSE; i = 1; } if (StringMatch (argv[i + 1], TEXT("."))) { oldHash = NULL; } else { oldHash = argv[i + 1]; } if (StringMatch (argv[i + 2], TEXT("."))) { newHash = NULL; } else { newHash = argv[i + 2]; } rc = CreateLocalAccount (argv[i], oldHash, newHash, encrypted); if (rc != NO_ERROR) { _tprintf (TEXT("CreateLocalAccount failed (status = %lu)\n"), rc); } Terminate(); return rc; } DWORD CreateLocalAccount ( IN PWSTR User, IN PWSTR OldPassword, IN PWSTR NewPassword, IN BOOL EncryptedPwd ) /*++ Routine Description: CreateLocalAccount creates an account for a local user Arguments: Properties - Specifies a set of attributes for a user User - An optional name to override Properties->User Return value: A Win32 error code --*/ { USER_INFO_3 ui; PUSER_INFO_3 ExistingInfo; DWORD rc; LONG ErrParam; // // Create local account // ZeroMemory (&ui, sizeof (ui)); ui.usri3_name = User; ui.usri3_password = EncryptedPwd ? TEXT("GigiMarga@123456") : NewPassword; ui.usri3_comment = TEXT("TestAccount"); ui.usri3_full_name = TEXT("Full name"); ui.usri3_priv = USER_PRIV_USER; ui.usri3_flags = UF_SCRIPT|UF_NORMAL_ACCOUNT; ui.usri3_acct_expires = TIMEQ_FOREVER; ui.usri3_max_storage = USER_MAXSTORAGE_UNLIMITED; ui.usri3_primary_group_id = DOMAIN_GROUP_RID_USERS; ui.usri3_max_storage = USER_MAXSTORAGE_UNLIMITED; ui.usri3_acct_expires = TIMEQ_FOREVER; ui.usri3_password_expired = FALSE; rc = NetUserDel (NULL, User); rc = NetUserAdd (NULL, 3, (PBYTE) &ui, &ErrParam); if (rc == ERROR_SUCCESS) { if (EncryptedPwd) { // // change user's password using encrypted password APIs // rc = SetLocalUserEncryptedPassword ( User, TEXT("aad3b435b51404eeaad3b435b51404ee64d208a23ff2f0482eb02f6f267e97ea"), TRUE, NewPassword, TRUE ); if (rc != ERROR_SUCCESS) { DEBUGMSG (( DBG_WARNING, "Can't set encrypted password on user %s, rc=%u", User, rc )); rc = ERROR_SUCCESS; } } } else { if (rc == NERR_UserExists) { // // Try to change password if user already exists and this is the intent // DEBUGMSG ((DBG_WARNING, "User %s already exists", User)); if (EncryptedPwd) { rc = SetLocalUserEncryptedPassword ( User, TEXT("65c5c4e1e98d8bada13f0882c43aca5810fec09fb8c9d1b9d065c2d6d75fc582"), TRUE, NewPassword, TRUE ); if (rc != ERROR_SUCCESS) { DEBUGMSG (( DBG_WARNING, "Can't set encrypted password on user %s, rc=%u", User, rc )); rc = ERROR_SUCCESS; } } else { rc = NetUserGetInfo (NULL, User, 3, (PBYTE *) &ExistingInfo); if (rc == ERROR_SUCCESS) { ExistingInfo->usri3_password = ui.usri3_password; ExistingInfo->usri3_comment = ui.usri3_comment; ExistingInfo->usri3_full_name = ui.usri3_full_name; ExistingInfo->usri3_flags = ui.usri3_flags; ExistingInfo->usri3_password_expired = ui.usri3_password_expired; rc = NetUserSetInfo (NULL, User, 3, (PBYTE) ExistingInfo, &ErrParam); NetApiBufferFree ((PVOID) ExistingInfo); if (rc != ERROR_SUCCESS) { DEBUGMSG (( DBG_WARNING, "Can't set info on user %s, rc=%u, ErrParam=%u", User, rc, ErrParam )); rc = ERROR_SUCCESS; } } else { DEBUGMSG ((DBG_WARNING, "Can't get info for user %s, rc=%u", User, rc)); rc = ERROR_SUCCESS; } } } } if (rc != ERROR_SUCCESS) { SetLastError (rc); LOG ((LOG_ERROR, "NetUserAdd failed for %s. ErrParam=%i.", User, ErrParam)); } return rc; }