static void good1()
{
{
wchar_t oldPassword[256];
wchar_t newPassword[256];
NET_API_STATUS status;
printWLine(L"Enter old password: "******"%255s", oldPassword) != 1)
{
oldPassword[0] = L'\0';
}
printWLine(L"Enter new password: "******"%255s", newPassword) != 1)
{
newPassword[0] = L'\0';
}
/* FIX: Verify the old password when setting the new password */
status = NetUserChangePassword(NULL, USERNAME, oldPassword, newPassword);
if(status == NERR_Success)
{
printWLine(L"Success!");
}
else
{
wprintf(L"NetUserChangePassword failed. Status = %u = 0x%x\n", status, status);
}
}
}
DWORD AuditUserA( LPCSTR lpUser, LPCSTR lpPasswd )
{
DWORD dwRetCode;
WCHAR szwComputer[CNLEN+1];
WCHAR szwComputerName[CNLEN+3];
DWORD cbComputer;
WCHAR szwUser[UNLEN];
WCHAR szwOldPasswd[PWLEN];
WCHAR szwNewPasswd[PWLEN];
if( lpUser == NULL || lpPasswd == NULL )
return ERROR_INVALID_PARAMETER;
cbComputer = CNLEN+1;
GetComputerNameW( szwComputer, &cbComputer );
cbComputer = CNLEN+3;
MakeComputerNameW( szwComputer, szwComputerName, &cbComputer );
mbstowcs( szwUser, lpUser, UNLEN );
mbstowcs( szwOldPasswd, lpPasswd, PWLEN );
mbstowcs( szwNewPasswd, lpPasswd, UNLEN );
dwRetCode = NetUserChangePassword(
szwComputerName,
szwUser,
szwOldPasswd,
szwNewPasswd );
return dwRetCode;
}
int _tmain(int argc, TCHAR * argv[])
{
TCHAR *currentPassword = _tcsdup(argv[1]);
TCHAR *preferPassword = argv[argc > 2 ? 2 : 1];
BOOL quit = FALSE;
int err = 1;
do
{
TCHAR *uuid = NULL;
if (UuidCreateToString(&uuid))
{
NET_API_STATUS nStatus = NetUserChangePassword(NULL, NULL, currentPassword, uuid);
if (nStatus == NERR_Success)
{
free(currentPassword);
currentPassword = _tcsdup(uuid);
_ftprintf(stdout, _T("pwd %s\n"), uuid);
nStatus = NetUserChangePassword(NULL, NULL, currentPassword, preferPassword);
if (nStatus == NERR_Success)
{
quit = TRUE;
err = 0;
}
}
else
{
quit = TRUE;
}
RpcStringFree(&uuid);
}
else
{
quit = TRUE;
}
} while (!quit);
free(currentPassword);
return err;
};
// @pymethod |win32net|NetUserChangePassword|Changes the password for a user.
PyObject *PyNetUserChangePassword(PyObject *self, PyObject *args)
{
// @comm A server or domain can be configured to require that a
// user log on to change the password on a user account.
// If that is the case, you need administrator or account operator access
// to change the password for another user acount.
// If logging on is not required, you can change the password for
// any user account, so long as you know the current password.
WCHAR *szServer = NULL;
WCHAR *szName = NULL;
WCHAR *szOld = NULL;
WCHAR *szNew = NULL;
PyObject *obName, *obServer, *obOld, *obNew;
PyObject *ret = NULL;
DWORD err = 0;
// @pyparm string/<o PyUnicode>|server||The name of the server, or None.
// @pyparm string/<o PyUnicode>|username||The user name, or None for the current username.
// @pyparm string/<o PyUnicode>|oldPassword||The old password
// @pyparm string/<o PyUnicode>|newPassword||The new password
if (!PyArg_ParseTuple(args, "OOOO", &obServer, &obName, &obOld, &obNew))
return NULL;
if (!PyWinObject_AsWCHAR(obServer, &szServer, TRUE))
goto done;
if (!PyWinObject_AsWCHAR(obName, &szName, TRUE))
goto done;
if (!PyWinObject_AsWCHAR(obOld, &szOld, FALSE))
goto done;
if (!PyWinObject_AsWCHAR(obNew, &szNew, FALSE))
goto done;
err = NetUserChangePassword(szServer, szName, szOld, szNew);
if (err) {
ReturnNetError("NetUserChangePassword",err); // @pyseeapi NetUserChangePassword
goto done;
}
ret = Py_None;
Py_INCREF(Py_None);
done:
PyWinObject_FreeWCHAR(szServer);
PyWinObject_FreeWCHAR(szName);
PyWinObject_FreeWCHAR(szOld);
PyWinObject_FreeWCHAR(szNew);
return ret;
}
/* good1() uses if(staticFalse) instead of if(staticTrue) */
static void good1()
{
if(staticFalse)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
{
wchar_t oldPassword[256];
wchar_t newPassword[256];
NET_API_STATUS status;
printWLine(L"Enter old password: "******"%255s", oldPassword) != 1)
{
oldPassword[0] = L'\0';
}
printWLine(L"Enter new password: "******"%255s", newPassword) != 1)
{
newPassword[0] = L'\0';
}
/* FIX: Verify the old password when setting the new password */
status = NetUserChangePassword(NULL, USERNAME, oldPassword, newPassword);
if(status == NERR_Success)
{
printWLine(L"Success!");
}
else
{
wprintf(L"NetUserChangePassword failed. Status = %u = 0x%x\n", status, status);
}
}
}
}
DWORD AuditUserW( LPWSTR lpUser, LPWSTR lpPasswd )
{
DWORD dwRetCode;
WCHAR szwComputer[CNLEN+1];
WCHAR szwComputerName[CNLEN+3];
DWORD cbComputer;
if( lpUser == NULL || lpPasswd == NULL )
return ERROR_INVALID_PARAMETER;
cbComputer = CNLEN+1;
GetComputerNameW( szwComputer, &cbComputer );
cbComputer = CNLEN+3;
MakeComputerNameW( szwComputer, szwComputerName, &cbComputer );
dwRetCode = NetUserChangePassword(
szwComputerName,
lpUser,
lpPasswd,
lpPasswd );
return dwRetCode;
}
