NTSTATUS SetAdministratorPassword(LPCWSTR Password) { PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL; USER_SET_PASSWORD_INFORMATION PasswordInfo; LSA_OBJECT_ATTRIBUTES ObjectAttributes; LSA_HANDLE PolicyHandle = NULL; SAM_HANDLE ServerHandle = NULL; SAM_HANDLE DomainHandle = NULL; SAM_HANDLE UserHandle = NULL; NTSTATUS Status; DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password); memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); Status = LsaOpenPolicy(NULL, &ObjectAttributes, POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, &PolicyHandle); if (Status != STATUS_SUCCESS) { DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); return Status; } Status = LsaQueryInformationPolicy(PolicyHandle, PolicyAccountDomainInformation, (PVOID *)&OrigInfo); if (!NT_SUCCESS(Status)) { DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); goto done; } Status = SamConnect(NULL, &ServerHandle, SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, NULL); if (!NT_SUCCESS(Status)) { DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); goto done; } Status = SamOpenDomain(ServerHandle, DOMAIN_LOOKUP, OrigInfo->DomainSid, &DomainHandle); if (!NT_SUCCESS(Status)) { DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); goto done; } Status = SamOpenUser(DomainHandle, USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL, DOMAIN_USER_RID_ADMIN, &UserHandle); if (!NT_SUCCESS(Status)) { DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status); goto done; } RtlInitUnicodeString(&PasswordInfo.Password, Password); PasswordInfo.PasswordExpired = FALSE; Status = SamSetInformationUser(UserHandle, UserSetPasswordInformation, (PVOID)&PasswordInfo); if (!NT_SUCCESS(Status)) { DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); goto done; } Status = SamQueryInformationUser(UserHandle, UserAccountNameInformation, (PVOID*)&AccountNameInfo); if (!NT_SUCCESS(Status)) { DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); goto done; } AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, AccountNameInfo->UserName.Length + sizeof(WCHAR)); if (AdminInfo.Name != NULL) RtlCopyMemory(AdminInfo.Name, AccountNameInfo->UserName.Buffer, AccountNameInfo->UserName.Length); AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, OrigInfo->DomainName.Length + sizeof(WCHAR)); if (AdminInfo.Domain != NULL) RtlCopyMemory(AdminInfo.Domain, OrigInfo->DomainName.Buffer, OrigInfo->DomainName.Length); AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(), 0, (wcslen(Password) + 1) * sizeof(WCHAR)); if (AdminInfo.Password != NULL) wcscpy(AdminInfo.Password, Password); DPRINT("Administrator Name: %S\n", AdminInfo.Name); DPRINT("Administrator Domain: %S\n", AdminInfo.Domain); DPRINT("Administrator Password: %S\n", AdminInfo.Password); done: if (AccountNameInfo != NULL) SamFreeMemory(AccountNameInfo); if (OrigInfo != NULL) LsaFreeMemory(OrigInfo); if (PolicyHandle != NULL) LsaClose(PolicyHandle); if (UserHandle != NULL) SamCloseHandle(UserHandle); if (DomainHandle != NULL) SamCloseHandle(DomainHandle); if (ServerHandle != NULL) SamCloseHandle(ServerHandle); DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status); return Status; }
NTSTATUS kuhl_m_net_user(int argc, wchar_t * argv[]) { NTSTATUS status, enumDomainStatus, enumUserStatus; UNICODE_STRING serverName, *groupName; SAMPR_HANDLE hServerHandle, hBuiltinHandle = NULL, hDomainHandle, hUserHandle; DWORD domainEnumerationContext, domainCountRetourned, userEnumerationContext, userCountRetourned, groupsCountRetourned, i, j, k, *usage, aliasCountRetourned, *alias; PSAMPR_RID_ENUMERATION pEnumDomainBuffer, pEnumUsersBuffer; PSID domainSid, userSid; PGROUP_MEMBERSHIP pGroupMemberShip; SID builtin = {1, 1, {0, 0, 0, 0, 0, 5}, {32}}; RtlInitUnicodeString(&serverName, argc ? argv[0] : L""); status = SamConnect(&serverName, &hServerHandle, SAM_SERVER_CONNECT | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN, FALSE); if(NT_SUCCESS(status)) { status = SamOpenDomain(hServerHandle, DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP, &builtin, &hBuiltinHandle); if(!NT_SUCCESS(status)) PRINT_ERROR(L"SamOpenDomain Builtin (?) %08x\n", status); domainEnumerationContext = 0; do { enumDomainStatus = SamEnumerateDomainsInSamServer(hServerHandle, &domainEnumerationContext, &pEnumDomainBuffer, 1, &domainCountRetourned); if(NT_SUCCESS(enumDomainStatus) || enumDomainStatus == STATUS_MORE_ENTRIES) { for(i = 0; i < domainCountRetourned; i++) { kprintf(L"\nDomain name : %wZ", &pEnumDomainBuffer[i].Name); status = SamLookupDomainInSamServer(hServerHandle, &pEnumDomainBuffer[i].Name, &domainSid); if(NT_SUCCESS(status)) { kprintf(L"\nDomain SID : "); kull_m_string_displaySID(domainSid); status = SamOpenDomain(hServerHandle, DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP, domainSid, &hDomainHandle); if(NT_SUCCESS(status)) { userEnumerationContext = 0; do { enumUserStatus = SamEnumerateUsersInDomain(hDomainHandle, &userEnumerationContext, 0/*UF_NORMAL_ACCOUNT*/, &pEnumUsersBuffer, 1, &userCountRetourned); if(NT_SUCCESS(enumUserStatus) || enumUserStatus == STATUS_MORE_ENTRIES) { for(j = 0; j < userCountRetourned; j++) { kprintf(L"\n %-5u %wZ", pEnumUsersBuffer[j].RelativeId, &pEnumUsersBuffer[j].Name); status = SamOpenUser(hDomainHandle, USER_READ_GROUP_INFORMATION | USER_LIST_GROUPS | USER_READ_ACCOUNT | USER_READ_LOGON | USER_READ_PREFERENCES | USER_READ_GENERAL, pEnumUsersBuffer[j].RelativeId, &hUserHandle); if(NT_SUCCESS(status)) { status = SamGetGroupsForUser(hUserHandle, &pGroupMemberShip, &groupsCountRetourned); if(NT_SUCCESS(status)) { for(k = 0; k < groupsCountRetourned; k++) { kprintf(L"\n | %-5u ", pGroupMemberShip[k].RelativeId); status = SamLookupIdsInDomain(hDomainHandle, 1, &pGroupMemberShip[k].RelativeId, &groupName, &usage); if(NT_SUCCESS(status)) { kprintf(L"%wZ", groupName); SamFreeMemory(groupName); SamFreeMemory(usage); } else PRINT_ERROR(L"SamLookupIdsInDomain %08x", status); } SamFreeMemory(pGroupMemberShip); } else PRINT_ERROR(L"SamGetGroupsForUser %08x", status); status = SamRidToSid(hUserHandle, pEnumUsersBuffer[j].RelativeId, &userSid); if(NT_SUCCESS(status)) { status = SamGetAliasMembership(hDomainHandle, 1, &userSid, &aliasCountRetourned, &alias); if(NT_SUCCESS(status)) { for(k = 0; k < aliasCountRetourned; k++) { kprintf(L"\n |`%-5u ", alias[k]); status = SamLookupIdsInDomain(hDomainHandle, 1, &alias[k], &groupName, &usage); if(NT_SUCCESS(status)) { kprintf(L"%wZ", groupName); SamFreeMemory(groupName); SamFreeMemory(usage); } else PRINT_ERROR(L"SamLookupIdsInDomain %08x", status); } SamFreeMemory(alias); } else PRINT_ERROR(L"SamGetAliasMembership %08x", status); if(hBuiltinHandle) { status = SamGetAliasMembership(hBuiltinHandle, 1, &userSid, &aliasCountRetourned, &alias); if(NT_SUCCESS(status)) { for(k = 0; k < aliasCountRetourned; k++) { kprintf(L"\n |´%-5u ", alias[k]); status = SamLookupIdsInDomain(hBuiltinHandle, 1, &alias[k], &groupName, &usage); if(NT_SUCCESS(status)) { kprintf(L"%wZ", groupName); SamFreeMemory(groupName); SamFreeMemory(usage); } else PRINT_ERROR(L"SamLookupIdsInDomain %08x", status); } SamFreeMemory(alias); } else PRINT_ERROR(L"SamGetAliasMembership %08x", status); } SamFreeMemory(userSid); } else PRINT_ERROR(L"SamRidToSid %08x", status); } else PRINT_ERROR(L"SamOpenUser %08x", status); } SamFreeMemory(pEnumUsersBuffer); } else PRINT_ERROR(L"SamEnumerateUsersInDomain %08x", enumUserStatus); } while(enumUserStatus == STATUS_MORE_ENTRIES); SamCloseHandle(hDomainHandle); } else PRINT_ERROR(L"SamOpenDomain %08x", status); SamFreeMemory(domainSid); } else PRINT_ERROR(L"SamLookupDomainInSamServer %08x", status); } SamFreeMemory(pEnumDomainBuffer); } else PRINT_ERROR(L"SamEnumerateDomainsInSamServer %08x\n", enumDomainStatus); kprintf(L"\n"); } while(enumDomainStatus == STATUS_MORE_ENTRIES); if(hBuiltinHandle) SamCloseHandle(hBuiltinHandle); SamCloseHandle(hServerHandle); } else PRINT_ERROR(L"SamConnect %08x\n", status); return ERROR_SUCCESS; }