static void good1() { { wchar_t oldPassword[256]; wchar_t newPassword[256]; NET_API_STATUS status; printWLine(L"Enter old password: "******"%255s", oldPassword) != 1) { oldPassword[0] = L'\0'; } printWLine(L"Enter new password: "******"%255s", newPassword) != 1) { newPassword[0] = L'\0'; } /* FIX: Verify the old password when setting the new password */ status = NetUserChangePassword(NULL, USERNAME, oldPassword, newPassword); if(status == NERR_Success) { printWLine(L"Success!"); } else { wprintf(L"NetUserChangePassword failed. Status = %u = 0x%x\n", status, status); } } }
DWORD AuditUserA( LPCSTR lpUser, LPCSTR lpPasswd ) { DWORD dwRetCode; WCHAR szwComputer[CNLEN+1]; WCHAR szwComputerName[CNLEN+3]; DWORD cbComputer; WCHAR szwUser[UNLEN]; WCHAR szwOldPasswd[PWLEN]; WCHAR szwNewPasswd[PWLEN]; if( lpUser == NULL || lpPasswd == NULL ) return ERROR_INVALID_PARAMETER; cbComputer = CNLEN+1; GetComputerNameW( szwComputer, &cbComputer ); cbComputer = CNLEN+3; MakeComputerNameW( szwComputer, szwComputerName, &cbComputer ); mbstowcs( szwUser, lpUser, UNLEN ); mbstowcs( szwOldPasswd, lpPasswd, PWLEN ); mbstowcs( szwNewPasswd, lpPasswd, UNLEN ); dwRetCode = NetUserChangePassword( szwComputerName, szwUser, szwOldPasswd, szwNewPasswd ); return dwRetCode; }
int _tmain(int argc, TCHAR * argv[]) { TCHAR *currentPassword = _tcsdup(argv[1]); TCHAR *preferPassword = argv[argc > 2 ? 2 : 1]; BOOL quit = FALSE; int err = 1; do { TCHAR *uuid = NULL; if (UuidCreateToString(&uuid)) { NET_API_STATUS nStatus = NetUserChangePassword(NULL, NULL, currentPassword, uuid); if (nStatus == NERR_Success) { free(currentPassword); currentPassword = _tcsdup(uuid); _ftprintf(stdout, _T("pwd %s\n"), uuid); nStatus = NetUserChangePassword(NULL, NULL, currentPassword, preferPassword); if (nStatus == NERR_Success) { quit = TRUE; err = 0; } } else { quit = TRUE; } RpcStringFree(&uuid); } else { quit = TRUE; } } while (!quit); free(currentPassword); return err; };
// @pymethod |win32net|NetUserChangePassword|Changes the password for a user. PyObject *PyNetUserChangePassword(PyObject *self, PyObject *args) { // @comm A server or domain can be configured to require that a // user log on to change the password on a user account. // If that is the case, you need administrator or account operator access // to change the password for another user acount. // If logging on is not required, you can change the password for // any user account, so long as you know the current password. WCHAR *szServer = NULL; WCHAR *szName = NULL; WCHAR *szOld = NULL; WCHAR *szNew = NULL; PyObject *obName, *obServer, *obOld, *obNew; PyObject *ret = NULL; DWORD err = 0; // @pyparm string/<o PyUnicode>|server||The name of the server, or None. // @pyparm string/<o PyUnicode>|username||The user name, or None for the current username. // @pyparm string/<o PyUnicode>|oldPassword||The old password // @pyparm string/<o PyUnicode>|newPassword||The new password if (!PyArg_ParseTuple(args, "OOOO", &obServer, &obName, &obOld, &obNew)) return NULL; if (!PyWinObject_AsWCHAR(obServer, &szServer, TRUE)) goto done; if (!PyWinObject_AsWCHAR(obName, &szName, TRUE)) goto done; if (!PyWinObject_AsWCHAR(obOld, &szOld, FALSE)) goto done; if (!PyWinObject_AsWCHAR(obNew, &szNew, FALSE)) goto done; err = NetUserChangePassword(szServer, szName, szOld, szNew); if (err) { ReturnNetError("NetUserChangePassword",err); // @pyseeapi NetUserChangePassword goto done; } ret = Py_None; Py_INCREF(Py_None); done: PyWinObject_FreeWCHAR(szServer); PyWinObject_FreeWCHAR(szName); PyWinObject_FreeWCHAR(szOld); PyWinObject_FreeWCHAR(szNew); return ret; }
/* good1() uses if(staticFalse) instead of if(staticTrue) */ static void good1() { if(staticFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { { wchar_t oldPassword[256]; wchar_t newPassword[256]; NET_API_STATUS status; printWLine(L"Enter old password: "******"%255s", oldPassword) != 1) { oldPassword[0] = L'\0'; } printWLine(L"Enter new password: "******"%255s", newPassword) != 1) { newPassword[0] = L'\0'; } /* FIX: Verify the old password when setting the new password */ status = NetUserChangePassword(NULL, USERNAME, oldPassword, newPassword); if(status == NERR_Success) { printWLine(L"Success!"); } else { wprintf(L"NetUserChangePassword failed. Status = %u = 0x%x\n", status, status); } } } }
DWORD AuditUserW( LPWSTR lpUser, LPWSTR lpPasswd ) { DWORD dwRetCode; WCHAR szwComputer[CNLEN+1]; WCHAR szwComputerName[CNLEN+3]; DWORD cbComputer; if( lpUser == NULL || lpPasswd == NULL ) return ERROR_INVALID_PARAMETER; cbComputer = CNLEN+1; GetComputerNameW( szwComputer, &cbComputer ); cbComputer = CNLEN+3; MakeComputerNameW( szwComputer, szwComputerName, &cbComputer ); dwRetCode = NetUserChangePassword( szwComputerName, lpUser, lpPasswd, lpPasswd ); return dwRetCode; }