static rc_t GetNewPassword(const struct KFile* pwd_in, struct KFile* pwd_out, char* buf) { rc_t rc = KFileWrite ( pwd_out, 0, KR_PWD_PROMPT_1, string_measure(KR_PWD_PROMPT_1, NULL), NULL); if (rc == 0) { char buf1[MaxPwdSize]; size_t last_pos = 0; rc = ReadPassword(pwd_in, & last_pos, buf1, MaxPwdSize); if (rc == 0) { rc = KFileWrite ( pwd_out, string_measure(KR_PWD_PROMPT_1, NULL), KR_PWD_PROMPT_2, string_measure(KR_PWD_PROMPT_2, NULL), NULL ); if (rc == 0) { char buf2[MaxPwdSize]; rc = ReadPassword(pwd_in, & last_pos, buf2, sizeof(buf2)); if (rc == 0) { size_t pwd_size = string_measure(buf1, NULL); if (string_cmp(buf1, pwd_size, buf2, string_measure(buf2, NULL), MaxPwdSize) != 0) rc = RC(rcApp, rcEncryptionKey, rcCreating, rcParam, rcInconsistent); else string_copy(buf, MaxPwdSize, buf1, pwd_size + 1); } } } } return rc; }
static rc_t GetPassword(const struct KFile* pwd_in, struct KFile* pwd_out, char* buf) { rc_t rc = KFileWrite ( pwd_out, 0, KR_PWD_PROMPT_1, string_measure(KR_PWD_PROMPT_1, NULL), NULL); if (rc == 0) { char buf1[MaxPwdSize]; size_t last_pos = 0; rc = ReadPassword(pwd_in, & last_pos, buf1, MaxPwdSize); if (rc == 0) string_copy(buf, MaxPwdSize, buf1, string_measure(buf1, NULL) + 1); } return rc; }
INT cmdUser( INT argc, WCHAR **argv) { INT i, j; INT result = 0; BOOL bAdd = FALSE; BOOL bDelete = FALSE; #if 0 BOOL bDomain = FALSE; #endif LPWSTR lpUserName = NULL; LPWSTR lpPassword = NULL; PUSER_INFO_4 pUserInfo = NULL; USER_INFO_4 UserInfo; LPWSTR p; LPWSTR endptr; DWORD value; BOOL bPasswordAllocated = FALSE; NET_API_STATUS Status; if (argc == 2) { Status = EnumerateUsers(); ConPrintf(StdOut, L"Status: %lu\n", Status); return 0; } else if (argc == 3) { Status = DisplayUser(argv[2]); ConPrintf(StdOut, L"Status: %lu\n", Status); return 0; } i = 2; if (argv[i][0] != L'/') { lpUserName = argv[i]; // ConPrintf(StdOut, L"User: %s\n", lpUserName); i++; } if (argv[i][0] != L'/') { lpPassword = argv[i]; // ConPrintf(StdOut, L"Password: %s\n", lpPassword); i++; } for (j = i; j < argc; j++) { if (_wcsicmp(argv[j], L"/help") == 0) { ConResPuts(StdOut, IDS_USER_HELP); return 0; } else if (_wcsicmp(argv[j], L"/add") == 0) { bAdd = TRUE; } else if (_wcsicmp(argv[j], L"/delete") == 0) { bDelete = TRUE; } else if (_wcsicmp(argv[j], L"/domain") == 0) { ConResPrintf(StdErr, IDS_ERROR_OPTION_NOT_SUPPORTED, L"/DOMAIN"); #if 0 bDomain = TRUE; #endif } } if (bAdd && bDelete) { result = 1; goto done; } /* Interactive password input */ if (lpPassword != NULL && wcscmp(lpPassword, L"*") == 0) { ReadPassword(&lpPassword, &bPasswordAllocated); } if (!bAdd && !bDelete) { /* Modify the user */ Status = NetUserGetInfo(NULL, lpUserName, 4, (LPBYTE*)&pUserInfo); if (Status != NERR_Success) { ConPrintf(StdOut, L"Status: %lu\n", Status); result = 1; goto done; } } else if (bAdd && !bDelete) { /* Add the user */ ZeroMemory(&UserInfo, sizeof(USER_INFO_4)); UserInfo.usri4_name = lpUserName; UserInfo.usri4_password = lpPassword; UserInfo.usri4_flags = UF_SCRIPT | UF_NORMAL_ACCOUNT; pUserInfo = &UserInfo; } for (j = i; j < argc; j++) { if (_wcsnicmp(argv[j], L"/active:", 8) == 0) { p = &argv[i][8]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_ACCOUNTDISABLE; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_ACCOUNTDISABLE; } else { ConResPrintf(StdErr, IDS_ERROR_INVALID_OPTION_VALUE, L"/ACTIVE"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/comment:", 9) == 0) { pUserInfo->usri4_comment = &argv[j][9]; } else if (_wcsnicmp(argv[j], L"/countrycode:", 13) == 0) { p = &argv[i][13]; value = wcstoul(p, &endptr, 10); if (*endptr != 0) { ConResPrintf(StdErr, IDS_ERROR_INVALID_OPTION_VALUE, L"/COUNTRYCODE"); result = 1; goto done; } /* FIXME: verify the country code */ pUserInfo->usri4_country_code = value; } else if (_wcsnicmp(argv[j], L"/expires:", 9) == 0) { p = &argv[i][9]; if (_wcsicmp(p, L"never") == 0) { pUserInfo->usri4_acct_expires = TIMEQ_FOREVER; } else { /* FIXME: Parse the date */ ConResPrintf(StdErr, IDS_ERROR_OPTION_NOT_SUPPORTED, L"/EXPIRES"); } } else if (_wcsnicmp(argv[j], L"/fullname:", 10) == 0) { pUserInfo->usri4_full_name = &argv[j][10]; } else if (_wcsnicmp(argv[j], L"/homedir:", 9) == 0) { pUserInfo->usri4_home_dir = &argv[j][9]; } else if (_wcsnicmp(argv[j], L"/passwordchg:", 13) == 0) { p = &argv[i][13]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_PASSWD_CANT_CHANGE; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_PASSWD_CANT_CHANGE; } else { ConResPrintf(StdErr, IDS_ERROR_INVALID_OPTION_VALUE, L"/PASSWORDCHG"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/passwordreq:", 13) == 0) { p = &argv[i][13]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_PASSWD_NOTREQD; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_PASSWD_NOTREQD; } else { ConResPrintf(StdErr, IDS_ERROR_INVALID_OPTION_VALUE, L"/PASSWORDREQ"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/profilepath:", 13) == 0) { pUserInfo->usri4_profile = &argv[j][13]; } else if (_wcsnicmp(argv[j], L"/scriptpath:", 12) == 0) { pUserInfo->usri4_script_path = &argv[j][12]; } else if (_wcsnicmp(argv[j], L"/times:", 7) == 0) { /* FIXME */ ConResPrintf(StdErr, IDS_ERROR_OPTION_NOT_SUPPORTED, L"/TIMES"); } else if (_wcsnicmp(argv[j], L"/usercomment:", 13) == 0) { pUserInfo->usri4_usr_comment = &argv[j][13]; } else if (_wcsnicmp(argv[j], L"/workstations:", 14) == 0) { /* FIXME */ ConResPrintf(StdErr, IDS_ERROR_OPTION_NOT_SUPPORTED, L"/WORKSTATIONS"); } } if (!bAdd && !bDelete) { /* Modify the user */ Status = NetUserSetInfo(NULL, lpUserName, 4, (LPBYTE)pUserInfo, NULL); ConPrintf(StdOut, L"Status: %lu\n", Status); } else if (bAdd && !bDelete) { /* Add the user */ Status = NetUserAdd(NULL, 4, (LPBYTE)pUserInfo, NULL); ConPrintf(StdOut, L"Status: %lu\n", Status); } else if (!bAdd && bDelete) { /* Delete the user */ Status = NetUserDel(NULL, lpUserName); ConPrintf(StdOut, L"Status: %lu\n", Status); } done: if (bPasswordAllocated == TRUE && lpPassword != NULL) HeapFree(GetProcessHeap(), 0, lpPassword); if (!bAdd && !bDelete && pUserInfo != NULL) NetApiBufferFree(pUserInfo); if (result != 0) ConResPuts(StdOut, IDS_USER_SYNTAX); return result; }
INT cmdUser( INT argc, WCHAR **argv) { INT i, j; INT result = 0; BOOL bAdd = FALSE; BOOL bDelete = FALSE; #if 0 BOOL bDomain = FALSE; #endif BOOL bRandomPassword = FALSE; LPWSTR lpUserName = NULL; LPWSTR lpPassword = NULL; PUSER_INFO_4 pUserInfo = NULL; USER_INFO_4 UserInfo; LPWSTR pWorkstations = NULL; LPWSTR p; LPWSTR endptr; DWORD value; BOOL bPasswordAllocated = FALSE; NET_API_STATUS Status; i = 2; if ((i < argc) && (argv[i][0] != L'/')) { lpUserName = argv[i]; // ConPrintf(StdOut, L"User: %s\n", lpUserName); i++; } if ((i < argc) && (argv[i][0] != L'/')) { lpPassword = argv[i]; // ConPrintf(StdOut, L"Password: %s\n", lpPassword); i++; } for (j = i; j < argc; j++) { if (_wcsicmp(argv[j], L"/help") == 0) { PrintNetMessage(MSG_USER_HELP); return 0; } else if (_wcsicmp(argv[j], L"/add") == 0) { bAdd = TRUE; } else if (_wcsicmp(argv[j], L"/delete") == 0) { bDelete = TRUE; } else if (_wcsicmp(argv[j], L"/domain") == 0) { ConPuts(StdErr, L"The /DOMAIN option is not supported yet.\n"); #if 0 bDomain = TRUE; #endif } else if (_wcsicmp(argv[j], L"/random") == 0) { bRandomPassword = TRUE; GenerateRandomPassword(&lpPassword, &bPasswordAllocated); } } if (lpUserName == NULL && lpPassword == NULL) { Status = EnumerateUsers(); ConPrintf(StdOut, L"Status: %lu\n", Status); return 0; } else if (lpUserName != NULL && lpPassword == NULL) { Status = DisplayUser(lpUserName); ConPrintf(StdOut, L"Status: %lu\n", Status); return 0; } if (bAdd && bDelete) { result = 1; goto done; } /* Interactive password input */ if (lpPassword != NULL && wcscmp(lpPassword, L"*") == 0) { ReadPassword(&lpPassword, &bPasswordAllocated); } if (!bAdd && !bDelete) { /* Modify the user */ Status = NetUserGetInfo(NULL, lpUserName, 4, (LPBYTE*)&pUserInfo); if (Status != NERR_Success) { ConPrintf(StdOut, L"Status: %lu\n", Status); result = 1; goto done; } } else if (bAdd && !bDelete) { /* Add the user */ ZeroMemory(&UserInfo, sizeof(USER_INFO_4)); UserInfo.usri4_name = lpUserName; UserInfo.usri4_password = lpPassword; UserInfo.usri4_flags = UF_SCRIPT | UF_NORMAL_ACCOUNT; UserInfo.usri4_acct_expires = TIMEQ_FOREVER; UserInfo.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS; pUserInfo = &UserInfo; } for (j = i; j < argc; j++) { if (_wcsnicmp(argv[j], L"/active:", 8) == 0) { p = &argv[i][8]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_ACCOUNTDISABLE; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_ACCOUNTDISABLE; } else { PrintMessageStringV(3952, L"/ACTIVE"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/comment:", 9) == 0) { pUserInfo->usri4_comment = &argv[j][9]; } else if (_wcsnicmp(argv[j], L"/countrycode:", 13) == 0) { p = &argv[i][13]; value = wcstoul(p, &endptr, 10); if (*endptr != 0) { PrintMessageStringV(3952, L"/COUNTRYCODE"); result = 1; goto done; } /* Verify the country code */ if (GetCountryFromCountryCode(value, 0, NULL)) pUserInfo->usri4_country_code = value; } else if (_wcsnicmp(argv[j], L"/expires:", 9) == 0) { p = &argv[i][9]; if (_wcsicmp(p, L"never") == 0) { pUserInfo->usri4_acct_expires = TIMEQ_FOREVER; } else if (!ParseDate(p, &pUserInfo->usri4_acct_expires)) { PrintMessageStringV(3952, L"/EXPIRES"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/fullname:", 10) == 0) { pUserInfo->usri4_full_name = &argv[j][10]; } else if (_wcsnicmp(argv[j], L"/homedir:", 9) == 0) { pUserInfo->usri4_home_dir = &argv[j][9]; } else if (_wcsnicmp(argv[j], L"/passwordchg:", 13) == 0) { p = &argv[i][13]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_PASSWD_CANT_CHANGE; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_PASSWD_CANT_CHANGE; } else { PrintMessageStringV(3952, L"/PASSWORDCHG"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/passwordreq:", 13) == 0) { p = &argv[i][13]; if (_wcsicmp(p, L"yes") == 0) { pUserInfo->usri4_flags &= ~UF_PASSWD_NOTREQD; } else if (_wcsicmp(p, L"no") == 0) { pUserInfo->usri4_flags |= UF_PASSWD_NOTREQD; } else { PrintMessageStringV(3952, L"/PASSWORDREQ"); result = 1; goto done; } } else if (_wcsnicmp(argv[j], L"/profilepath:", 13) == 0) { pUserInfo->usri4_profile = &argv[j][13]; } else if (_wcsnicmp(argv[j], L"/scriptpath:", 12) == 0) { pUserInfo->usri4_script_path = &argv[j][12]; } else if (_wcsnicmp(argv[j], L"/times:", 7) == 0) { /* FIXME */ ConPuts(StdErr, L"The /TIMES option is not supported yet.\n"); } else if (_wcsnicmp(argv[j], L"/usercomment:", 13) == 0) { pUserInfo->usri4_usr_comment = &argv[j][13]; } else if (_wcsnicmp(argv[j], L"/workstations:", 14) == 0) { p = &argv[i][14]; if (wcscmp(p, L"*") == 0 || wcscmp(p, L"") == 0) { pUserInfo->usri4_workstations = NULL; } else { Status = BuildWorkstationsList(&pWorkstations, p); if (Status == NERR_Success) { pUserInfo->usri4_workstations = pWorkstations; } else { ConPrintf(StdOut, L"Status %lu\n\n", Status); result = 1; goto done; } } } } if (!bAdd && !bDelete) { /* Modify the user */ Status = NetUserSetInfo(NULL, lpUserName, 4, (LPBYTE)pUserInfo, NULL); ConPrintf(StdOut, L"Status: %lu\n", Status); } else if (bAdd && !bDelete) { /* Add the user */ Status = NetUserAdd(NULL, 4, (LPBYTE)pUserInfo, NULL); ConPrintf(StdOut, L"Status: %lu\n", Status); } else if (!bAdd && bDelete) { /* Delete the user */ Status = NetUserDel(NULL, lpUserName); ConPrintf(StdOut, L"Status: %lu\n", Status); } if (Status == NERR_Success && lpPassword != NULL && bRandomPassword == TRUE) { PrintMessageStringV(3968, lpUserName, lpPassword); } done: if (pWorkstations != NULL) HeapFree(GetProcessHeap(), 0, pWorkstations); if ((bPasswordAllocated == TRUE) && (lpPassword != NULL)) HeapFree(GetProcessHeap(), 0, lpPassword); if (!bAdd && !bDelete && pUserInfo != NULL) NetApiBufferFree(pUserInfo); if (result != 0) { PrintMessageString(4381); ConPuts(StdOut, L"\n"); PrintNetMessage(MSG_USER_SYNTAX); } return result; }
void UpdateClsidKeys( CLSID_INFO * ClsidInfo ) { HKEY hProgId; HKEY hClsid; HKEY hProgIdClsid; HKEY hKey; DWORD RegStatus; DWORD Disposition; DWORD RegType; char ProgIdClsid[64]; char Response[64]; DWORD BufSize; int n; RegStatus = RegOpenKeyEx( HKEY_CLASSES_ROOT, "CLSID", 0, KEY_READ | KEY_WRITE, &hRegClsid ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open HKEY_CLASSES_ROOT\\CLSID for writing\n" ); return; } hProgId = 0; hClsid = 0; if ( ClsidInfo->ProgId ) { RegStatus = RegCreateKeyEx( HKEY_CLASSES_ROOT, ClsidInfo->ProgId, 0, "REG_SZ", REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, NULL, &hProgId, &Disposition ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open or create ProgID key %s.\n", ClsidInfo->ProgId); return; } if ( Disposition == REG_CREATED_NEW_KEY ) printf( "ProgId key %s created.\n", ClsidInfo->ProgId ); if ( ClsidInfo->ProgIdDescription ) { RegStatus = RegSetValueEx( hProgId, NULL, 0, REG_SZ, (LPBYTE) ClsidInfo->ProgIdDescription, strlen(ClsidInfo->ProgIdDescription) + sizeof(char) ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not set description value for ProgID %s.\n", ClsidInfo->ProgId ); return; } printf( "Setting description value %s for ProgID %s.\n", ClsidInfo->ProgIdDescription, ClsidInfo->ProgId ); } RegStatus = RegCreateKeyEx( hProgId, "CLSID", 0, "REG_SZ", REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, NULL, &hProgIdClsid, &Disposition ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open or create CLSID key for ProgID %s.\n", ClsidInfo->ProgId ); return; } // // Check if a CLSID key value already exists for this ProgID. If so, // and a CLSID was specified to us then check if they differ. // BufSize = sizeof(ProgIdClsid); RegStatus = RegQueryValueEx( hProgIdClsid, NULL, 0, &RegType, (LPBYTE) ProgIdClsid, &BufSize ); if ( RegStatus == ERROR_SUCCESS ) { if ( ClsidInfo->Clsid && (_stricmp(ClsidInfo->Clsid, ProgIdClsid) != 0) ) { printf( "ProgID %s has existing CLSID key value %s\n", ClsidInfo->ProgId, ProgIdClsid ); printf( "which differs from given CLSID %s.\n", ClsidInfo->Clsid ); printf( "Would you like to replace the existing CLSID value with the new CLSID value? " ); gets( Response ); if ( (char)CharUpper((LPSTR)Response[0]) != 'Y' ) ClsidInfo->Clsid = ProgIdClsid; } else ClsidInfo->Clsid = ProgIdClsid; } if ( ! ClsidInfo->Clsid ) { printf( "CLSID for ProgID %s not specified.\n", ClsidInfo->ProgId ); return; } if ( ClsidInfo->Clsid != ProgIdClsid ) { RegStatus = RegSetValueEx( hProgIdClsid, NULL, 0, REG_SZ, (LPBYTE) ClsidInfo->Clsid, strlen(ClsidInfo->Clsid) + sizeof(char) ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not set CLSID value for ProgID %s.\n", ClsidInfo->ProgId ); return; } printf( "Setting CLSID value %s for ProgID %s.\n", ClsidInfo->Clsid, ClsidInfo->ProgId ); } } RegStatus = RegCreateKeyEx( hRegClsid, ClsidInfo->Clsid, 0, "REG_SZ", REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, NULL, &hClsid, &Disposition ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open or create CLSID key %s.\n", ClsidInfo->Clsid ); return; } if ( Disposition == REG_CREATED_NEW_KEY ) printf( "CLSID key %s created.\n", ClsidInfo->Clsid ); if ( ClsidInfo->ClsidDescription ) { RegStatus = RegSetValueEx( hClsid, NULL, 0, REG_SZ, (LPBYTE) ClsidInfo->ClsidDescription, strlen(ClsidInfo->ClsidDescription) + sizeof(char) ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not set description value for CLSID %s.\n", ClsidInfo->Clsid ); return; } printf( "Setting description value %s for CLSID %s.\n", ClsidInfo->ClsidDescription, ClsidInfo->Clsid ); } // // Now add and delete individual keys on this CLSID. // if ( (ClsidInfo->LaunchPermission == YES) || (ClsidInfo->LaunchPermission == NO) ) { SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[LAUNCH_PERMISSION], (ClsidInfo->LaunchPermission == YES) ? "Y" : "N" ); } if ( ClsidInfo->AccessPermission == YES ) { SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[ACCESS_PERMISSION], NULL ); } if ( (ClsidInfo->ActivateAtStorage == YES) || (ClsidInfo->ActivateAtStorage == NO) ) { SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[ACTIVATE_AT_STORAGE], (ClsidInfo->ActivateAtStorage == YES) ? "Y" : "N" ); } for ( n = 1; n <= CLSID_PATH_KEYS; n++ ) { if ( ! ClsidInfo->ServerPaths[n] ) continue; if ( ClsidInfo->ServerPaths[n][0] == '\0' ) DeleteClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[n] ); else SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[n], ClsidInfo->ServerPaths[n] ); } if ( ClsidInfo->RemoteServerName ) { if ( ClsidInfo->RemoteServerName[0] == '\0' ) DeleteClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[REMOTE_SERVER_NAME] ); else SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[REMOTE_SERVER_NAME], ClsidInfo->RemoteServerName ); } if ( ClsidInfo->RunAsUserName ) { DWORD CharRead; char Password1[64]; char Password2[64]; LSA_HANDLE hPolicy; LSA_OBJECT_ATTRIBUTES ObjAttributes; LSA_UNICODE_STRING LsaKey; LSA_UNICODE_STRING LsaData; WCHAR wszKey[64]; WCHAR wszPassword[64]; NTSTATUS NtStatus; BOOL Status; BOOL RunAsInteractiveUser; RunAsInteractiveUser = (_stricmp(ClsidInfo->RunAsUserName,"Interactive User") == 0); if ( ! RunAsInteractiveUser ) { InitializeObjectAttributes( &ObjAttributes, NULL, 0L, NULL, NULL ); // Open the local security policy NtStatus = LsaOpenPolicy( NULL, &ObjAttributes, POLICY_CREATE_SECRET, &hPolicy ); if ( ! NT_SUCCESS( NtStatus ) ) { printf( "Could not setup RunAs (0x%x)\n", NtStatus ); return; } lstrcpyW( wszKey, L"SCM:" ); MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, ClsidInfo->Clsid, -1, &wszKey[lstrlenW(wszKey)], sizeof(wszKey)/2 - lstrlenW(wszKey) ); LsaKey.Length = (lstrlenW(wszKey) + 1) * sizeof(WCHAR); LsaKey.MaximumLength = sizeof(wszKey); LsaKey.Buffer = wszKey; } if ( ClsidInfo->RunAsUserName[0] == '\0' ) { DeleteClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[RUN_AS] ); LsaStorePrivateData( hPolicy, &LsaKey, NULL ); } else { Status = SetClsidKey( hClsid, ClsidInfo->Clsid, ClsidKeyNames[RUN_AS], ClsidInfo->RunAsUserName ); if ( ! Status ) return; if ( ! RunAsInteractiveUser && (ClsidInfo->RunAsPassword[0] == '*') ) { for (;;) { printf( "Enter RunAs password for %s : ", ClsidInfo->RunAsUserName ); ReadPassword( Password1 ); printf( "Confirm password : "******"Passwords differ, try again or hit Control-C to exit.\n" ); continue; } if ( Password1[0] == '\0' ) { printf( "Do you really want a blank password? " ); gets( Response ); if ( (char)CharUpper((LPSTR)Response[0]) != 'Y' ) continue; } break; } ClsidInfo->RunAsPassword = Password1; } // if password == "*" // Got a good one! if ( ! RunAsInteractiveUser ) { MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, ClsidInfo->RunAsPassword, -1, wszPassword, sizeof(wszPassword)/2 ); LsaData.Length = (lstrlenW(wszPassword) + 1) * sizeof(WCHAR); LsaData.MaximumLength = sizeof(wszPassword); LsaData.Buffer = wszPassword; // Store private data NtStatus = LsaStorePrivateData( hPolicy, &LsaKey, &LsaData ); if ( ! NT_SUCCESS(NtStatus) ) { printf( "Could not store password securely (0x%x)\n", NtStatus ); return; } LsaClose(hPolicy); } } } printf( "CLSID keys updated successfully.\n" ); }
void DisplayClsidKeys( CLSID_INFO * ClsidInfo ) { HKEY hProgId; HKEY hClsid; HKEY hProgIdClsid; HKEY hKey; DWORD RegStatus; DWORD RegType; DWORD BufSize; char ProgIdClsid[64]; char Value[128]; int Key; BOOL HasRunAs; char Password[64]; LSA_HANDLE hPolicy; LSA_OBJECT_ATTRIBUTES ObjAttributes; LSA_UNICODE_STRING LsaKey; LSA_UNICODE_STRING * LsaData; WCHAR wszKey[64]; WCHAR wszPassword[64]; NTSTATUS NtStatus; RegStatus = RegOpenKeyEx( HKEY_CLASSES_ROOT, "CLSID", 0, KEY_READ, &hRegClsid ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open HKEY_CLASSES_ROOT\\CLSID for reading.\n" ); return; } if ( ClsidInfo->ProgId ) { RegStatus = RegOpenKeyEx( HKEY_CLASSES_ROOT, ClsidInfo->ProgId, 0, KEY_READ, &hProgId ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Couldn't open ProgID %s\n", ClsidInfo->ProgId ); return; } RegStatus = RegOpenKeyEx( hProgId, "CLSID", 0, KEY_READ, &hProgIdClsid ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Couldn't open CLSID key for ProgID %s\n", ClsidInfo->ProgId ); return; } BufSize = sizeof(ProgIdClsid); RegStatus = RegQueryValueEx( hProgIdClsid, NULL, 0, &RegType, (LPBYTE) ProgIdClsid, &BufSize ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Couldn't open CLSID value for ProgID %s\n", ClsidInfo->ProgId ); return; } if ( ClsidInfo->Clsid && (_stricmp( ClsidInfo->Clsid, ProgIdClsid ) != 0) ) { printf( "ProgID %s CLSID key value %s differs from given CLSID %s.\n", ClsidInfo->ProgId, ProgIdClsid, ClsidInfo->Clsid ); return; } else ClsidInfo->Clsid = ProgIdClsid; } if ( ! ClsidInfo->Clsid ) { printf( "Could not determine CLSID.\n" ); return; } RegStatus = RegOpenKeyEx( hRegClsid, ClsidInfo->Clsid, 0, KEY_READ, &hClsid ); if ( RegStatus != ERROR_SUCCESS ) { printf( "Could not open CLSID %s\n", ClsidInfo->Clsid ); return; } putchar( '\n' ); if ( ClsidInfo->ProgId ) printf( "Server settings for ProgID %s, ", ClsidInfo->ProgId ); else printf( "Server settings for " ); printf( "CLSID %s\n", ClsidInfo->Clsid ); HasRunAs = FALSE; for ( Key = 1; Key <= CLSID_KEYS; Key++ ) { RegStatus = RegOpenKeyEx( hClsid, ClsidKeyNames[Key], 0, KEY_READ, &hKey ); if ( RegStatus != ERROR_SUCCESS ) continue; BufSize = sizeof(Value); if ( Key != ACCESS_PERMISSION ) { RegStatus = RegQueryValueEx( hKey, NULL, 0, &RegType, (LPBYTE) Value, &BufSize ); } else RegStatus = ERROR_SUCCESS; if ( RegStatus != ERROR_SUCCESS ) { printf( " %-28s(key exists, but value could not be read)\n", ClsidKeyNames[Key] ); continue; } printf( " %-28s%s\n", ClsidKeyNames[Key], (Key == ACCESS_PERMISSION) ? "on" : Value ); if ( (Key == RUN_AS) && (_stricmp(Value,"Interactive User") != 0) ) HasRunAs = TRUE; } if ( ! HasRunAs ) return; // // Give the option of verifying the RunAs password. // printf( "\nCLSID configured with RunAs. Would you like to verify the password? " ); if ( (char)CharUpper((LPSTR)getchar()) != 'Y' ) return; while ( getchar() != '\n' ) ; putchar( '\n' ); lstrcpyW( wszKey, L"SCM:" ); MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, ClsidInfo->Clsid, -1, &wszKey[lstrlenW(wszKey)], sizeof(wszKey)/2 - lstrlenW(wszKey) ); LsaKey.Length = (lstrlenW(wszKey) + 1) * sizeof(WCHAR); LsaKey.MaximumLength = sizeof(wszKey); LsaKey.Buffer = wszKey; InitializeObjectAttributes( &ObjAttributes, NULL, 0L, NULL, NULL ); // Open the local security policy NtStatus = LsaOpenPolicy( NULL, &ObjAttributes, POLICY_CREATE_SECRET, &hPolicy ); if ( ! NT_SUCCESS( NtStatus ) ) { printf( "Could not open RunAs password (0x%x)\n", NtStatus ); return; } // Retrive private data NtStatus = LsaRetrievePrivateData( hPolicy, &LsaKey, &LsaData ); if ( ! NT_SUCCESS(NtStatus) ) { printf( "Could not open RunAs password (0x%x)\n", NtStatus ); return; } LsaClose(hPolicy); for (;;) { printf( "Password : "******"dcom4ever" ) == 0 ) { printf( "\nThe RunAs password is %ws\n", LsaData->Buffer ); return; } MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, Password, -1, wszPassword, sizeof(wszPassword) ); if ( lstrcmpW( wszPassword, LsaData->Buffer ) != 0 ) { printf( "\nPassword does not match RunAs password.\n" ); printf( "Enter another password or hit Control-C to exit.\n\n" ); } else { printf( "\nPasswords match.\n" ); return; } } }
static DWORD ProcessLeave( int argc, char* argv[] ) { typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_ACCOUNT, PARSE_MODE_PASSWORD } PARSE_MODE; DWORD dwError = 0; DWORD idx = 0; DWORD dwLeaveFlags = 0; PSTR pszLogin = NULL; PSTR pszPassword = NULL; PSTR pszPasswordNew = NULL; PARSE_MODE mode = PARSE_MODE_OPEN; for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!VmAfdStringCompareA(pszArg, "--username", TRUE)) { mode = PARSE_MODE_ACCOUNT; } else if (!VmAfdStringCompareA(pszArg, "--password", TRUE)) { mode = PARSE_MODE_PASSWORD; } else if (!VmAfdStringCompareA(pszArg, "--force", TRUE)) { dwLeaveFlags = dwLeaveFlags | VMAFD_DOMAIN_LEAVE_FLAGS_FORCE; mode = PARSE_MODE_OPEN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_MODE_ACCOUNT: pszLogin = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_PASSWORD: pszPassword = pszArg; mode = PARSE_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } } if (pszLogin && !pszPassword) { dwError = ReadPassword(&pszPasswordNew); BAIL_ON_VMAFD_ERROR(dwError); pszPassword = pszPasswordNew; } dwError = VmAfdLeaveDomain( pszLogin, pszPassword, dwLeaveFlags ); BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_MEMORY(pszPasswordNew); return dwError; error: goto cleanup; }
static DWORD ProcessJoin( int argc, char* argv[] ) { typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_ACCOUNT, PARSE_MODE_PASSWORD, PARSE_MODE_ORGUNIT, PARSE_MODE_SITENAME } PARSE_MODE; DWORD dwError = 0; DWORD idx = 0; PSTR pszLogin = NULL; PSTR pszPassword = NULL; PSTR pszPasswordNew = NULL; PSTR pszDomain = NULL; PSTR pszOrgUnit = NULL; PSTR pszSiteName = NULL; PARSE_MODE mode = PARSE_MODE_OPEN; if (!argc) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!VmAfdStringCompareA(pszArg, "--username", TRUE)) { mode = PARSE_MODE_ACCOUNT; } else if (!VmAfdStringCompareA(pszArg, "--password", TRUE)) { mode = PARSE_MODE_PASSWORD; } else if (!VmAfdStringCompareA(pszArg, "--orgunit", TRUE)) { mode = PARSE_MODE_ORGUNIT; } else if (!VmAfdStringCompareA(pszArg, "--site", TRUE)) { mode = PARSE_MODE_SITENAME; } else { if (pszDomain) { dwError = ERROR_INVALID_COMMAND_LINE; BAIL_ON_VMAFD_ERROR(dwError); } pszDomain = pszArg; } break; case PARSE_MODE_ACCOUNT: pszLogin = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_PASSWORD: pszPassword = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_ORGUNIT: pszOrgUnit = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_SITENAME: pszSiteName = pszArg; mode = PARSE_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } } if (!pszPassword) { dwError = ReadPassword(&pszPasswordNew); BAIL_ON_VMAFD_ERROR(dwError); pszPassword = pszPasswordNew; } if (!pszDomain) { dwError = ERROR_NO_SUCH_DOMAIN; BAIL_ON_VMAFD_ERROR(dwError); } if (!pszLogin) { pszLogin = "******"; } else if (strchr(pszLogin, (int)'@') != NULL) { fprintf(stderr, "Error: Username may not include domain\n"); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VmAfdJoinDomainWithSite( pszDomain, pszLogin, pszPassword, pszOrgUnit, pszSiteName); BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_MEMORY(pszPasswordNew); return dwError; error: goto cleanup; }