.000005 401040 4001001 00000000000 06307324433 014416 5ustar00AdministratorsDomnen-Benutzer./check.c000005 401040 4001001 00000012640 06306421322 015716 0ustar00AdministratorsDomnen-Benutzer#include #include #include #include #include "globals.h" #include "check.h" BOOL CheckDictionary(UCHAR *szFilename) { FILE *fp; char buffer[256]; UCHAR szError[MAXPATHLEN]; // empty filename may occur with double ';', return TRUE if (szFilename[0]==0) return TRUE; // printf("checking dictionary %s\n",szFilename); fp=fopen(szFilename,"r"); if (fp==NULL) { sprintf(szError,"Dictionary file %s not found.\n",szFilename); PrintWarningMessage(szError); return TRUE; } while (fgets(buffer,255,fp)!=NULL) { buffer[strlen(buffer)-1]=0; if (_stricmp(szNewPassword,buffer)==0) { fclose(fp); sprintf(szError,"Password found in dictionary %s.\n",szFilename); PrintErrorMessage(szError); return FALSE; } } fclose(fp); return TRUE; } BOOL CheckAccountName(UCHAR *szAccountNamePart) { UCHAR szUpperPassword[MAXPASSWDLEN]; UCHAR szUpperAccountNamePart[MAXNAMELEN]; strcpy(szUpperPassword,szNewPassword); _strupr(szUpperPassword); strcpy(szUpperAccountNamePart,szAccountNamePart); _strupr(szUpperAccountNamePart); // empty part of name may occur with double ' ', return TRUE if (szUpperAccountNamePart[0]==0) return TRUE; // do not check on initials (1 character length) if (strlen(szUpperAccountNamePart)<2) return TRUE; if (strstr(szUpperAccountNamePart,szUpperPassword)!=NULL) { PrintErrorMessage("Password found in part of your full account name.\n"); return FALSE; } if (strstr(szUpperPassword,szUpperAccountNamePart)!=NULL) { PrintErrorMessage("Part of your full account name found in password.\n"); return FALSE; } _strrev(szUpperPassword); if (strstr(szUpperAccountNamePart,szUpperPassword)!=NULL) { PrintErrorMessage("Password found in part of your full account name.\n"); return FALSE; } if (strstr(szUpperPassword,szUpperAccountNamePart)!=NULL) { PrintErrorMessage("Part of your full account name found in password.\n"); return FALSE; } return TRUE; } BOOL CheckPassword(void) { UCHAR c; DWORD dwUpperCount,dwLowerCount,dwDigitCount,dwOtherCount,dwClasses; UINT i; UCHAR szFilename[MAXPATHLEN]; // also used for error message UCHAR szAccountNamePart[MAXNAMELEN]; UCHAR *pSemicolon; UCHAR szError[MAXPATHLEN]; // perform several checks on the password // returns TRUE if the password passed all tests, FALSE otherwise // this check is not really necessary, but will result in a strange error // message (password too short) otherwise if (strlen(szNewPassword)>LM20_PWLEN) { sprintf(szError,"Passwords longer than %d characters are not supported.\n",LM20_PWLEN); PrintErrorMessage(szError); return FALSE; } // new password should not be the same as old password if changing is intended by the system if (strcmp(szOldPassword,szNewPassword)==0) { PrintErrorMessage("Cannot reuse the old password.\n"); return FALSE; } // minimum length checking if (strlen(szNewPassword)0) dwClasses++; if (dwLowerCount>0) dwClasses++; if (dwDigitCount>0) dwClasses++; if (dwOtherCount>0) dwClasses++; if (dwClasses #include #include "globals.h" #include "passwd.h" // may define GUI_FRONTEND_FOR_PASSWD UCHAR szAccountName[MAXNAMELEN]; UCHAR szFullAccountName[MAXNAMELEN]; UCHAR szDomainName[MAXNAMELEN]; UCHAR szOldPassword[MAXPASSWDLEN]; UCHAR szNewPassword[MAXPASSWDLEN]; UCHAR szVerification[MAXPASSWDLEN]; DWORD dwMinPasswordLength=DEFAULT_MIN_PASSWORD_LENGTH; DWORD dwMinClasses=DEFAULT_MIN_CLASSES; DWORD dwAccountCheck=DEFAULT_ACCOUNT_CHECK; // could be BOOL as well UCHAR szDictionaryFiles[MAXPATHLEN]; WCHAR wszAccountName[MAXNAMELEN]; WCHAR wszDomainName[MAXNAMELEN]; WCHAR wszOldPassword[MAXPASSWDLEN]; WCHAR wszNewPassword[MAXPASSWDLEN]; #ifdef GUI_FRONTEND_FOR_PASSWD HWND hPasswdWnd; #endif int PrintErrorMessage(char *message) { int errorcode; #ifdef GUI_FRONTEND_FOR_PASSWD MessageBox(hPasswdWnd,message,"Change Password",MB_ICONERROR); errorcode=1; // never gets evaluated #else printf("Error: "); errorcode=printf(message); #endif return errorcode; } int PrintWarningMessage(char *message) { int errorcode; #ifdef GUI_FRONTEND_FOR_PASSWD MessageBox(hPasswdWnd,message,"Change Password",MB_ICONWARNING); errorcode=1; // never gets evaluated #else printf("Warning: "); errorcode=printf(message); #endif return errorcode; }./globals.h000005 401040 4001001 00000004230 06306645774 016310 0ustar00AdministratorsDomnen-Benutzer#ifndef __GLOBALS_H #define __GLOBALS_H #define MAXPATHLEN 8192 // max. length of path to a file + filename #define MAXPASSWDLEN 50 #define MAXNAMELEN 200 #define DEFAULT_MIN_PASSWORD_LENGTH 6 #define DEFAULT_MIN_CLASSES 2 #define DEFAULT_ACCOUNT_CHECK 1 #ifdef __cplusplus #define LANGUAGE "C" #else #define LANGUAGE #endif extern LANGUAGE UCHAR szAccountName[MAXNAMELEN]; extern LANGUAGE UCHAR szDomainName[MAXNAMELEN]; extern LANGUAGE UCHAR szOldPassword[MAXPASSWDLEN]; extern LANGUAGE UCHAR szNewPassword[MAXPASSWDLEN]; extern LANGUAGE UCHAR szVerification[MAXPASSWDLEN]; extern LANGUAGE UCHAR szFullAccountName[MAXNAMELEN]; extern LANGUAGE PBYTE DomainControllerName; extern LANGUAGE DWORD dwMinPasswordLength; extern LANGUAGE DWORD dwMinClasses; extern LANGUAGE DWORD dwAccountCheck; extern LANGUAGE UCHAR szDictionaryFiles[MAXPATHLEN]; extern LANGUAGE WCHAR wszAccountName[MAXNAMELEN]; extern LANGUAGE WCHAR wszDomainName[MAXNAMELEN]; extern LANGUAGE WCHAR wszOldPassword[MAXPASSWDLEN]; extern LANGUAGE WCHAR wszNewPassword[MAXPASSWDLEN]; #ifdef GUI_FRONTEND_FOR_PASSWD extern LANGUAGE HWND hPasswdWnd; #endif #ifdef GUI_FRONTEND_FOR_PASSWD #define CODEPAGE CP_ACP #else #define CODEPAGE CP_OEMCP #endif #define toUnicode(FROM,TO) \ MultiByteToWideChar(CODEPAGE, \ 0, \ (char *)FROM, \ strlen((char *)FROM)+1,\ TO, \ sizeof(TO)) #define fromUnicode(FROM,TO) \ WideCharToMultiByte(CODEPAGE, \ 0, \ FROM, \ -1, \ TO, \ sizeof(TO), \ NULL, \ NULL) #ifdef __cplusplus extern "C" { #endif int PrintErrorMessage(char *message); int PrintWarningMessage(char *message); #ifdef __cplusplus } #endif #endif // __GLOBALS_H./passwd.c000005 401040 4001001 00000032164 06306520506 016151 0ustar00AdministratorsDomnen-Benutzer#include #include #include #include #include #include "globals.h" #include "passwd.h" #include "reg.h" #include "user.h" #include "check.h" UCHAR szSpecifiedAccountName[MAXNAMELEN]; UCHAR szSpecifiedDomainName[MAXNAMELEN]; BOOL bQuiet=FALSE; BOOL bInfo=FALSE; BOOL bPasswordsSpecified=FALSE; BOOL bUserSpecified=FALSE; BOOL bDomainSpecified=FALSE; BOOL bInstallSecurity=FALSE; BOOL bIsAdmin; BOOL bForce=FALSE; void Usage(char *cmdname) { printf("Usage: %s [-q] [-i] [-p oldpass newpass] [-u user] [-d domain] [-f]\n",cmdname); printf(" change password on the command line\n" " -q (quiet) suppress display of * while entering passwords\n" " -i (info) print account and domain information\n" " -p (passwords) specify old and new password on the command line\n" " -u (user) change password for any other user (default: you)\n" " -d (domain) select a different domain/machine (default: your domain)\n" " -f (force) allows insecure passwords (administrators only)\n\n" "Admin: %s -secure [-l minlen] [-d dictfile] [-a] [-s] | -insecure | -clean\n",cmdname); printf(" sets (default) or removes checking for 'good' passwords (valid only\n" " for passwords changed with %s, administrators only)\n",cmdname); printf(" -l (length) set a minimum length for new passwords (default: 6)\n" " -d (dictionary) rejects passwords found dictionaries (default: none)\n" " -a (no account) do not compare password and account name (default: yes)\n" " -s (no specials) no upper case, digits or non alphanumeric characters\n" " are needed (default: needed)\n" " -clean built-in security options, removes all registry entries\n" " -(in)secure/-clean must be the first parameter on the command line\n\n" " (C) 1997 by Alexander Frink (Alexander.Frink@Uni-Mainz.DE)\n" " All rights reserved.\n"); exit(RETVAL_INVALID_CMDLINE); } void ProcessAdminCmdLine(int argc, char *argv[]) { char c, *p, *arg0; // algorithm for command line processing taken from SDK sample // Win32/WinNT/Floppy/MFMT.C arg0=argv[0]; --argc, ++argv; // skip -secure option, already processed if ( argc > 1 ) { while (--argc > 0 ) { p = *++argv; if (*p == '/' || *p == '-') { while (c = *++p) { switch (tolower(c)) { case '?': Usage(arg0); break; case 's': dwMinClasses=0; break; case 'a': dwAccountCheck=0; break; case 'd': if (argc<2) Usage(arg0); argc--, argv++; strcpy(szDictionaryFiles,*argv); break; case 'l': if (argc<2) Usage(arg0); argc--, argv++; dwMinPasswordLength=atoi(*argv); if (dwMinPasswordLength==0) { Usage(arg0); } break; default: Usage(arg0); break; } } } } } } void ProcessCmdLine(int argc, char *argv[]) { char c, *p, *arg0; // algorithm for command line processing taken from SDK sample // Win32/WinNT/Floppy/MFMT.C arg0=argv[0]; if ((argc>1)&&((_stricmp(argv[1],"-secure")==0)||(_stricmp(argv[1],"/secure")==0))) { if (bIsAdmin) { ProcessAdminCmdLine(argc,argv); bInstallSecurity=TRUE; return; } else { printf(ADMINPRIV_ERROR); Usage(arg0); } } if ((argc>1)&&((_stricmp(argv[1],"-insecure")==0)||(_stricmp(argv[1],"/insecure")==0))) { if (bIsAdmin) { bRemoveSecurity=TRUE; return; } else { printf(ADMINPRIV_ERROR); Usage(arg0); } } if ((argc>1)&&((_stricmp(argv[1],"-clean")==0)||(_stricmp(argv[1],"/clean")==0))) { if (bIsAdmin) { bCleanRegistry=TRUE; return; } else { printf(ADMINPRIV_ERROR); Usage(arg0); } } if ( argc > 1 ) { while (--argc > 0 ) { p = *++argv; if (*p == '/' || *p == '-') { while (c = *++p) { switch (tolower(c)) { case '?': Usage(arg0); break; case 'q': bQuiet = TRUE; break; case 'i': bInfo = TRUE; break; case 'f': if (bIsAdmin) { bForce = TRUE; } else { printf(ADMINPRIV_ERROR); Usage(arg0); } break; case 'p': if (argc<3) Usage(arg0); bPasswordsSpecified = TRUE; argc--, argv++; strcpy(szOldPassword,*argv); argc--, argv++; strcpy(szNewPassword,*argv); break; case 'u': if (argc<2) Usage(arg0); bUserSpecified = TRUE; argc--, argv++; strcpy(szSpecifiedAccountName,*argv); break; case 'd': if (argc<2) Usage(arg0); bDomainSpecified = TRUE; argc--, argv++; strcpy(szSpecifiedDomainName,*argv); break; default: Usage(arg0); break; } } } } } } BOOL TestWinVersion(void) { if (GetVersion() & 0x80000000) { printf("Error: This program cannot run on Windows 3.x or Windows 95.\n"); return FALSE; } return TRUE; } BOOL GetPassword(UCHAR *szPrompt,UCHAR *szPasswd) { /* this subroutine is partially (C) by Steffen Krause: skrause@informatik.hu-berlin.de, the author of SuSrv, a SU utility for Windows NT Improvements: allow correction of typing errors (with 'Backspace') exit on CTRL-C (returns FALSE, otherwise TRUE) skip non-printable characters (function/cursor/escape) optional: suppress *'s while entering password */ int i; int ch; i = 0; printf("%s",szPrompt); while(((ch = _getch()) != CH_ENTER) && (i < MAXPASSWDLEN)) { if (ch==CH_BACKSPACE) { if (i>0) { szPasswd[i]=0; i--; if (!bQuiet) { _putch(CH_BACKSPACE); _putch(CH_BLANK); _putch(CH_BACKSPACE); } } } else if (ch==3) { szPasswd[0]=0; return FALSE; } else if ((ch==0)||(ch==224)) { // probably function or cursor key, skip this and next character ch=_getch(); } else if (ch==27) { // escape key, skip } else { szPasswd[i++] = ch; if (!bQuiet) { _putch(CH_ASTERISK); } } } szPasswd[i] = 0; printf("\n"); return TRUE; } void PrintChangePasswordErrorMessage(NET_API_STATUS status) { /* In contrast to the documentation on NetUserChangePassword (SDK 4.0 and VC++ 4.2), other error codes in addition to the listed NET_API_STATUS are returned. Therefore I decided to list all possible errors from winerror.h which have to do with passwords. */ switch (status) { case NERR_Success: // nothing to do break; case ERROR_ACCESS_DENIED: printf("Error: The user does not have access to the requested information.\n"); break; case NERR_InvalidComputer: printf("Error: The computer name is invalid.\n"); break; case NERR_NotPrimary: printf("Error: The operation is allowed only on the primary domain controller of the domain.\n"); break; case NERR_UserNotFound: printf("Error: The user name could not be found.\n"); break; case NERR_PasswordTooShort: printf("Error: The password is shorter than required.\n"); break; case ERROR_INVALID_PASSWORD: printf("Error: The specified network password is not correct.\n"); break; case ERROR_INVALID_PASSWORDNAME: printf("Error: The format of the specified password is invalid.\n"); break; case ERROR_NULL_LM_PASSWORD: printf("Error: The NT password is too complex to be converted to a LAN Manager password.\n"); break; case ERROR_WRONG_PASSWORD: printf("Error: Unable to update the password. The value provided as the current password is incorrect.\n"); break; case ERROR_ILL_FORMED_PASSWORD: printf("Error: Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.\n"); break; case ERROR_PASSWORD_RESTRICTION: printf("Error: Unable to update the password because a password update rule has been violated.\n"); break; case ERROR_LOGON_FAILURE: printf("Error: Logon failure: unknown user name or bad password.\n"); break; case ERROR_PASSWORD_EXPIRED: printf("Error: Logon failure: the specified account password has expired.\n"); break; case ERROR_NT_CROSS_ENCRYPTION_REQUIRED: printf("Error: A cross-encrypted password is necessary to change a user password.\n"); break; case ERROR_LM_CROSS_ENCRYPTION_REQUIRED: printf("Error: A cross-encrypted password is necessary to change this user password.\n"); break; case ERROR_NO_SUCH_DOMAIN: printf("Error: The specified domain did not exist.\n"); break; default: printf("Error: Undocumented error code %i.",status); } } int main(int argc, char *argv[]) { NET_API_STATUS status; if (!TestWinVersion()) return RETVAL_INVALID_CMDLINE; bIsAdmin=QueryIfUserIsAdmin(); ProcessCmdLine(argc, argv); if (bInstallSecurity||bRemoveSecurity||bCleanRegistry) { if (SetSecurityOptions()) { return RETVAL_SUCCESS; } else { return RETVAL_REGISTRY_ERROR; } } ReadSecurityOptions(); GetUserAndDomain(); if (bUserSpecified) { strcpy(szAccountName,szSpecifiedAccountName); } if (bDomainSpecified) { strcpy(szDomainName,szSpecifiedDomainName); } GetUserFullName(); if (bInfo) { printf("Changing password for user '%s'",szAccountName); if (strlen(szFullAccountName)>0) { printf(" (%s)",szFullAccountName); } printf("\non domain or machine '%s'...\n",szDomainName); } if (!bPasswordsSpecified) { if (!GetPassword("Old password: ",szOldPassword)) { return RETVAL_BREAK; } if (!GetPassword("New password: ",szNewPassword)) { return RETVAL_BREAK; } if (!bForce) { if (!CheckPassword()) { return RETVAL_INVALID_PASSWORD; } } if (!GetPassword("Verification: ",szVerification)) { return RETVAL_BREAK; } if (strcmp(szNewPassword,szVerification)!=0) { printf("Password verification failed!\n"); return RETVAL_VERIFY_ERROR; } } else { if (!bForce) { if (!CheckPassword()) { return RETVAL_INVALID_PASSWORD; } } } toUnicode(szOldPassword,wszOldPassword); toUnicode(szNewPassword,wszNewPassword); status=NetUserChangePassword(wszDomainName, wszAccountName, wszOldPassword, wszNewPassword); if (status==NERR_Success) { return RETVAL_SUCCESS; } else { PrintChangePasswordErrorMessage(status); return RETVAL_CHANGE_ERROR; } } ./passwd.exe000005 401040 4001001 00000126000 06306671564 016514 0ustar00AdministratorsDomnen-BenutzerMZ@ !L!This program cannot be run in DOS mode. $PELrs3 jx2@ P0t$.textij `.rdatan@@.datata(r@.idata@.reloc @B!SV$ !WU>u]_^[!ht@Vku6$VhT@P$ P]_^[!3ۍD$UhPz te|$+эD$\ Ph@uU$Vh0@P.$ PN3]_^[!U]_^[!́+VW@+|$ȃL$QX$ ++|$<ȃL$5} D$P'M+@;+@=x@t @h@GD$P @} D$PM+@;M+@@ȃ;++@D@D} D$P6M+@;+@ȃD$D$rM?]_^[Ë@@@>@M@@@@Ath@ 3ø̋D$SV3WP3h<@ t$ tw2}ru0~>O9@uj8j .j$뼃t/t$=tt>G9@uj*3_^[h8@> _^[̋D$w=wV=+w==2w)=,=-=.U=jw=K;=w=n!===/ Ph@@ h@ hx@ h<@ h@ h@ h@ h@ hp@ h,@ hd@ h@ h@t h@f h @X h@J hd@< VW9u_^L$ x@D$PQ=@==@0= @#0=@t'@++@ȃ=@t'@++p@ȃK= @tIh@@hH@N +Ith@h@@. hp@h @ =@h@@h@=u_^h@h@u_^Ã= @uu_^h0@h@u_^ø@0@:u tP:Qu u3t/hП@[ _^Ã= @ubu_^jd@@h@+Q5Ah@@@jjjdh@+Qh@jjh@h@hp@h@u3_^P_^b_^́D$D$AL$QhPAL$T$D$QhRjPAL$ T$D$QL$Rhp@Ph@QjA@+VWhhp@@Q5Ah@p@jjhh@+Qhp@jjh@h@juOD$ @Pjhp@Qu3|$t,D$jjhh@H$jQjjAL$Q`_^́3D$SD$VD$ WL$UD$QD$hD$AP-AՅu 3]_^[ÍD$ L$$T$PhQjRAL$QAu 3]_^[ÍD$PjjjL$ jjjh j jQAu 3]_^[339|$$v*l$(AEL$PQӅu F;t$$rD$PA]_^[ht@6D$P)h|@D$P %A%A%A%AVWt$ F @t F _^ètBV V= FPa }FtP FF _^ËD$ L$,VD$BD$ QD$D$D$ T$0RP L$xD$D$^ ÍD$PjC ^ UWVSu }X@xu; t.F'G8t,A<ɀ A,A<ɀ A8t43ۋ t'FG8tPS؃8t[^_SVt$ W|$U3]_^[Ë\$Ot,CHCx 3A SvtEE< uыE]_^[;u3]_^[;u3ËL$PD$T$PQR̋D$j@L$PQ Q=L$r-=s+ȋą@P̋L$WSV|$tiqtOL$F8tt F8t u^[_3ÊF8u~at(8uĊAtf8t3^[_G^[_Ë^[_UWV}׋3tOO;s &'FO^_SVWU39-`@u)\$À;ta| z @8u]_^[Ë\$jj`@jjShP tNV]t?j`@VUjShPt!++ȃU]_^[UW}3AOE G8t3_̋L$SA=w@3fJ#D$[Ê3ۊڡ@DXtT$D$ L$ L$D$ L$jjQPD$Pju3[ËD$%#D$[̡p@th@h@h@h@ËD$jjP2 ̋D$jjP ̃=@SVt$ WuVAPA@|$\$@u?=l@t$=h@;=l@rtЃ;=l@sh @h@;h(@h$@)u@VA_^[VW|$t$ ;vtЃ;w_^VWh@L$D$PQh@[ h@W;_^SVt$ WU9=@~j3P3ҋ @3fQtF3ۊF-t+u3ۊF3=@~ jSw @3fYtDFlC3ۊ^NjŃ-u]_^[]_^[̋D$PF̃=`@S\$uA|Z [Á}0=@~ jS @3fYu[Ê3Ҋѡ@DPtL$D$ \$ \$D$ L$jj`@QPD$PhRu[Ãu 3D$[33ɊD$L$[ ̃=8@SVWUt3]8@_8@^[Ã= @u ]_^[Ã= @uD$ @PQ3Aj @QA5AD$L$P @UQRօt?9|$t9f9l$u9|$t3ۊ\$&u'D$PFt33ɊH 8@D$ @PQA]_^[̋L$VWQ tafI33@f9t Gp@r_^t _^E@ t _^E@t E@_^ÍE@_^t3fAv@5 t3fAt@!t3fAr@ 3fAp@tuxu3_^̊D$ $@D$u 5 $@t#D$jT$PjRQAt 3D$ødUjh@hDZ@Pd%SVWeA3ҋȊԁ@ @@ʉ @'u jE%%Ad@ <@t =d@u j,Т@Ԣ@PȢ@PĢ@P P'EEEPEP<ËeEPEE_d^[]̃=H@tb'D$P'hD@̃Vt$t>D$L$PQV, tL$PD$PQ], ^VH@jP A^SVWU|$9=P@ǃP@ǃ 4D1trtuj2j2;tW2PAu A3W1tU0]_^[Ë]_D03^[ø]@ @_^[Vt$F t+t'FPf FF^Vt$u j^V5t^F @tFP2^3^SVt$ W3F Ȁu<t5F+؅~*SPFP-2 ;uF tF N FF_^[j ̃SVW3U3\$9`@~[3t$T@ (t;A t4uQt!CutQuD$G;=`@|t$ÃtD$]_^[SVt$WU~F "@tFF Ff F 3F F FF u&@tئ@u W4u V3F tuF+@FHۉF~"SFPW0 C ]_F ^[ø@tNjσP@@ t jjW2 D$ND$SPW=0 ;t]N _^[ËD$]%_^[à ]_F ^[́H$PS$TVD$WUD$<t$Xl$X|$X|$$ |x3@3L$<(@ȃL$<$@@D$L3D$HD$0D$4t$8r˃ c3@@$@@L΀A91)*u*$dPi D$4؃D$0D$0ˍLQЉL$03*u$$dP DˍlA˃I.3@@$@@$`86ux4u$`cD$<3 @D$8DAt)D$$$\PQR$l $`D$$$\PQR $`$`D$$]_^[Hà ԃρ˃C53\A@$A@0u$dPEPD$\P06D$H)D$L @D$XD$UW0utݍ$dP]D$u T@D$|$D$8Ktf?t Ku+|$$dPt:Ht3tD$88L$D$88L$sP@D$+эyUD$@ @|$dPL$( tfD$HD$@ƀt<4D$DD$@ƀtD$0D$4D$DQD$t1$dPD$ T$$D$@ D$D' t3@$dPtD$ T$ D+@$dPtD$ T$ }D$D$ @t/|$ (||$sD$L$ ؃D$(فL$,D$L$ D$(L$,u d$(d$,}|$,u|$(uD$4$WD$M|$,u|$(t[D$@L$,D$D$(T$ T$|$ WRQP.X0L$,D$(T$WRQP#.D$(9T$,~\$DD$L$됍$W+|$D$D$80uGL$D$0u gu$d$dHPL$PD$LT$TT$XPUQL$\RQ@tuD$XP$@guuD$XP@|$X-uD$YD$|$+эyGD$\D$XD$,|$u P@D$|$Kt ?tGKu+|$|$H@t3tD$-tD$+ t D$ D$4D$0++D$4 D$(uD$$$\T$(PQRj XD$$$\T$4PD$QRPyt$uD$$$\T$(PQRj0 |$8tR~N\$GD$ÍL$fPQQ+~DL$$$\QRPD$ PL$,L$,uD$$$\T$PQWRD$$$\T$(PQRj q9@|8@8@8@;9@B9@{9@W:@8@8@8@8@8@:@I9@E:@J:@O:@:@u:@:@:@:@(<@b;@:@;@:@;@;@ <@#<@:@|<@<@#?@   ̋T$BHBxL$ 3A L$RQD$ uSVt$ W|$U\$l$ O~USV }u]_^[SVt$ W|$U\$l$ O~UFSQG }u]_^[̋D$A̋D$AQ̋D$fAVt$F @t F ^ÃF u V'FFNPVQR) FtltgV ‚u3N@tP@Ȋ@$t FJu>u+_^̡@@L$PQVWt$ v3_^Åu|$w V#utV*u3_^Vt$;5@wPuVH@jPA^̃@SVWUuLD$5 APjh@jjօt/D$Pjh@j$At3]_^[Ë5 A@u-T$,u`@L$$D$ \$QL$PSQR]_^[ã@ux33\$(;up@D$ jL$ jPQj SAt>Uj+t-D$ UL$ VPQjSAtL$$QPD$ VP$AV]_^[VWt$ FPu3_^Á@u3 ئ@u^@F t3_^Í<@?uhu3_^ËF_FFN ^3_^̃|$Vt$ t,F t5Vf FF^F t Vl^̃=`@Vu `@=`@} `@j`@P)T@u)`@jj{)T@u j@3T@L P|3@Ƌ΃P@ȃtu F@r^=@t)̋D$L$ ȋL$ u D$S؋D$d$؋D$[jjjjjhh@(A @jjjjjh@h@(A$@á$@t tPA @t tPAUSVWUjjhM@u+]_^[]ËL$AtD$T$SVWD$PjhM@d5d%D$ Xp t.;t$$t(4v L$H |uhD@Td _^[3d yM@uQ R 9QuSQ(@ SQ(@MKCk Y[̋D$VWPT:P/u@_^Ãu_^Ë5@L$ @x @ @; @~" @ I<@@ @ Iu=@=u @p=u @]=u @J=u @7=u @$=u @=u @@Pj҃=@@@P҃_5@^ËL$QA_^̺8@L$9 t @@8@;w+#̃<@SVW3U:t:=tF+р:uPТ@؅u j -<@ŀ}t^+щL$}=t=Qu j ++;ȃl$}u<@P<@]_^[̃VWh`@Vj0Ad@5@8t5d@D$ L$PQjjV^D$D$ Pu j D$ L$T$PQPWVD$H=Ȣ@_Ģ@^̋L$ST$Vt$ WD$U|$t T$D$>"tFt@F3ۊѩ@t t@F t t u˄uNPtL@FF>"t0t*3Ҋѩ@t tF@t@F>"ut@>"uF3> t uF>|$t T$D$T$ 3>\uFE>\t>"u$ut V:"u3ۃMtt\@MutOu tF tAt7t!3ۊѩ@tF@@FPo3ۊѩ@tFFWt@|$t T$T$ ]_^[̃SVW3U35A9ȩ@u6;Ët ȩ@"8A؅t ȩ@ 3]_^[Ã=ȩ@u֋u 3]_^[f?tf>uf>u+jjFjjVWjjAtAU؅t2jjUSVWjjAu SI3W<A]_^[W<A3]_^[Ã=ȩ@u{u8A؅u 3]_^[Ë;tE}uE}u+EUaD$uS4A3]_^[Ë|$S4AD$]_^[3]_^[̋D$SVWUP;-Ԫ@u 3]_^[Åu_3]_^[D$@9(0D$=@rD$PUDACЩ@3@󫪃|$t$8D$t,Ft%33Ҋ;rѩ@A3F;s>uԸѩ@@=rU-Ԫ@MЩ@3@󫪋L$It1Nt*33ۊ;r@ѩ@B3ۊ^;s>u@rU-Ԫ@ت@D$@@@@@]_^I3Z[J3Ԫ@@]_ت@3^[AAÃ=@t3]_^[ø]_^[@D$u@%LAu@%HAu@p@̋D$-w3ɊW@$W@3øøøøàW@W@W@W@W@W3Щ@@󫪣@@_Ԫ@ت@AAj9̃DSVWUh/u jo5P@P@ ;v%3ɺ NFVP@;wD$P\Af|$B|$DD$D0x>|95P@}]T@htAEP@ ;v 3ɈH@@ U;w95P@|5P@3~D t4t.u QTAtŋ̓P@ ʉQEG;|3,A<=P@?uSGtFPӃt(UTAt%/uO@uO O@OF|P@PPA]_^[Djhj@AH@u3@uH@P`A3øVC20XC00USVWU] E@EEEECs {ta v|tEVUkT]^] t3x<{S-kVSb vjDC T{ v4롸UkjS"]]_^[]UL$)APAP]̡H@t u.=L@u%h@th́3ɸ@S$VWU9t A=@r9@=H@_=H@u =L@I$hP-0AjՅut@$f$$+у]_^[̹@T$t ;s @;w @u3ËD$ʁD$ +щD ̋L$D$+ ȋD$ QƁyu@=@ u j~SV\$ WU=@w}T L73;r4t/3Ɋ7;v"SPP' 7F@|339o~LL73;r4t/3Ɋ7;v"SPP 7F9w?9=@1@39t9N un6@ug Z@ +]_J^(X[]=@(\7w_^[]=@(\7w_^[ËV J|G;~8D>uG;j h+ PPXA;N ;}1UAUT;ωƅBƂ|ԉ5@}8D>t G|N F }~ ы ˆXN(\ ]_)X^[3]_^[3]_^[̋D$ST$VWHU8;w34:;s)P @H+]_^[π9t4*;t$Mu-M9uAC9t;s1;uX+;w3ۊ*;r=3]_^[Í4*;s +ډ0X @HU+]_^[ÍhX;v@*;w3Mu"M9uAC9t;s"+;w3ۊ;w3]_^[3]_^[Í4*;s +ډ0X @HU+]_^[̋T$3@@9t!@@rr$w@ ËŴ@@Árw @@SVWU33ۺP@*tH;s#Mt ;rE+*tui GP@r]_^[htBP@P@ ;v#3ɺ H@P3;w]_^[̋L$SV; P@WswP@4<2uU=L@u=t tt -\$SjdA"\$SjdA\$SjdA\$_03^[ø_@ @^[̋L$VW; P@sfP@4@tB8t==L@u&t t tjj jjjjdA_03^ø_@ @^ËL$; P@sP@@t@ @̋T$9P@vS‹ʃP@D$t8RPtAuAt$@ @@ ̋T$9P@SVWUƒP@D$ƒL$D$D+3$4t$ ;u 3]_^[è t jjR D$L$AD$$0+$0;|$$+$0;sC< u FGGǍL$$+=|ՍD$$j+L$(D$T$PWQL$,RlAt=D$D$ ;}9D$j$4PU RQlAtD$D$D$ AD$|$ |$tG|$u#@ D$]_@^[ËD$P;]_^[ËD$L$D @t$08u 3]_^[ø]@@_^[ËD$ ]+_^[ø]@ @_^[̋L$SV9 P@WP@4D2tiQu_@ ^[ËL$T$QjRPxAظuAtP_^[Ë_d0^[ø_@ @^[V@t$hkFt N FN FFFFF^̋T$;P@r3˃P@3D@̋L$u3Ã=`@u+f|$ v@*ÊD$ ÍD$@D$PjRp@QjL$ Qh PAt|$t@*SVD$ uL$D$3؋D$ Aȋ\$T$D$ ud$ȋD$r;T$wr;D$ vN3ҋ^[SD$ uL$D$ 3D$3Pȋ\$T$ D$ ud$d$r;T$ wr;D$v+D$T$+D$T$ ؃[̋D$9P@SVWU+P@D$$E@T$(L$,D$@@Ht@< tBIED$D D$jPQRMRpAuLAu]@_@ ^[Ãmu 3]_^[P]_^[ËD$MD$D)|$tT$(: u|$(D$ljD$;<< tFL$I;vN9 u  FjD$L$PUD$jQPpAu AD$|$uX|$tQEDHt|$ u > GD$MD.;|$(u |$ u D$$jjP9 |$ t G;t$&ED@u+|$(|$D$]_^[3]_^[ø]@ @_^[̃3D$SD$ VWt$0UƀtD$( D$(2u@u =\@tˀƃt+t0t5]@@_^[D$D$@D$D$80w3ɊDs@$0s@]@@_^[D$D$D$D$%=tctU2= th=tW = t`=t1=t<=tI]@@_^[D$&D$D$D$D$t@#D$GetLastActivePopupGetActiveWindowMessageBoxAuser32.dll0L@M@M@Password found in dictionary %s. Dictionary file %s not found. rPart of your full account name found in password. Password found in part of your full account name. The password must contain characters out of at least %d of the following classes: upper and lower case letters, digits and non alphanumeric characters. The password must have at least %d characters. Cannot reuse the old password. Passwords longer than %d characters are not supported. K@x@Ȓ@@h@Could not secure the registry key! DictionaryFilesAccountNameComparisonMinClassesMinPasswordLengthSOFTWARE\Utilities\passwd -l (length) set a minimum length for new passwords (default: 6) -d (dictionary) rejects passwords found dictionaries (default: none) -a (no account) do not compare password and account name (default: yes) -s (no specials) no upper case, digits or non alphanumeric characters are needed (default: needed) -clean built-in security options, removes all registry entries -(in)secure/-clean must be the first parameter on the command line (C) 1997 by Alexander Frink (Alexander.Frink@Uni-Mainz.DE) All rights reserved. sets (default) or removes checking for 'good' passwords (valid only for passwords changed with %s, administrators only) change password on the command line -q (quiet) suppress display of * while entering passwords -i (info) print account and domain information -p (passwords) specify old and new password on the command line -u (user) change password for any other user (default: you) -d (domain) select a different domain/machine (default: your domain) -f (force) allows insecure passwords (administrators only) Admin: %s -secure [-l minlen] [-d dictfile] [-a] [-s] | -insecure | -clean Usage: %s [-q] [-i] [-p oldpass newpass] [-u user] [-d domain] [-f] /clean-clean/insecure-insecureError: Administrative privilege is needed for this option. /secure-secureError: This program cannot run on Windows 3.x or Windows 95. %sError: Undocumented error code %i.Error: The specified domain did not exist. Error: A cross-encrypted password is necessary to change this user password. Error: A cross-encrypted password is necessary to change a user password. Error: Logon failure: the specified account password has expired. Error: Logon failure: unknown user name or bad password. Error: Unable to update the password because a password update rule has been violated. Error: Unable to update the password. The value provided for the new password contains values that are not allowed in passwords. Error: Unable to update the password. The value provided as the current password is incorrect. Error: The NT password is too complex to be converted to a LAN Manager password. Error: The format of the specified password is invalid. Error: The specified network password is not correct. Error: The password is shorter than required. Error: The user name could not be found. Error: The operation is allowed only on the primary domain controller of the domain. Error: The computer name is invalid. Error: The user does not have access to the requested information. Password verification failed! Verification: New password: Old password: on domain or machine '%s'... (%s)Changing password for user '%s'Error: Warning: @@ ((((( H . 5/?GGGwHHHIIIKKKsMMMtOOOuPPPQQQvRRRSSS1!x2@y3#z4${5%|6^}7&~8*9(0)-_=+ qQwWeErRtTyYuUiI oOpP[{]} aAsSdD fF!gG"hH#jJ $kK %lL &;:''"(`~)\|zZ,xX-cC.vV/bB0nN1mM 2,<3.>4/?5*r ;T^h<U_i=V`j>Wak?Xbl@YcmAZdnB[eoC\fpD]gqG7wH8I9-K4s5M6t+O1uP2Q3vR0S.-@@ @`@`@   `y!@~ڣ @ڣ AϢ[@~QQ^ _j21~ @Ԃ@ @ @X@(@@؁@@x@@@@@xЀ@y@z@@@@@@        ! 5A CPR S WY l m pr   )    w@w@w@w@w@w@P&t`p*@P^  4lFVht  :R 0f@Tr4Lr`p*@P^  4lFVht  :R 0f@Tr4Lr`?RegSetKeySecurityIsValidSecurityDescriptor\SetSecurityDescriptorDaclInitializeSecurityDescriptorAddAccessAllowedAceInitializeAclGetSidSubAuthorityInitializeSidRegCloseKeyARegSetValueExARegCreateKeyExARegDeleteKeyA6RegQueryValueExA.RegOpenKeyExALookupAccountSidAGetTokenInformationOpenProcessTokenkFreeSidiEqualSid AllocateAndInitializeSidADVAPI32.dllNetUserChangePassword1NetApiBufferFreeNetUserGetInfoKNetGetDCNameNETAPI32.dllKGetVersionMultiByteToWideCharGetCurrentProcessiWideCharToMultiByteCloseHandlejExitProcessATerminateProcessSetConsoleModeReadConsoleInputAGetConsoleModekWriteConsoleAGetCommandLineAmHeapFreeGetLastErrorLCMapStringALCMapStringWgHeapAlloc*GetStringTypeA-GetStringTypeW0CreateFileARtlUnwindKUnhandledExceptionFilterGetModuleFileNameAFreeEnvironmentStringsAGetEnvironmentStringsFreeEnvironmentStringsWGetEnvironmentStringsWGetCPInfoGetACPGetOEMCPSetHandleCountGetFileType)GetStdHandle'GetStartupInfoAkHeapDestroyiHeapCreateYVirtualFreevWriteFileVVirtualAlloc$SetStdHandleFlushFileBuffersSetFilePointerReadFileGetProcAddressLoadLibraryA SetEndOfFileKERNEL32.dllD+0G000 11182f22222363H3O3\3333334424O4444445505H5555@666666666777 71777>7Y7_7{77777777778%8/8:8O8W8]8c8i8888888888 99$919F9O9a9z9999999999:+:B:d:{:::::::;;#;0;;;;#>.>>>>> ?? ?@?l?????? $$0(0,0004080<0@00000,1O1K2Y2g2u2222222222333+3]3q3~3333333344444494F4K4Y4e4j44444444 5"5=5B5T5Y5^5p5|55555556)6/686R6i6n6y6~6666666667Q7X77777818Q8n8t8z88~9;;<<<1=<=A=N=S=========>> >>>0>;>s>>>>> ? ?u????0 0e0t0{000000000,1=1E1w111111112292M2g22222222 333&3G3L3R3X3334&4:4N44444!6.6z677e7}7J8\8x888999j:q:+;;{>>>>@,000000000000000000011 1$1(1,1014181<1@1D1H1L1P1T1X1"383334)45<5@5D5H5L5P5T5X5\5`555555677797F7^7g777777 8:8o8888a999::&:.:K:S:n:s:::::;;];i;v;;2<<>>>???%?+?3?=?C?U?d?w????????P, 00!010;0U00011K1T1Y1_1j111+2o2T3u3333334b444444 525h5555556*6<6^6|6666666666727E7O7Z7d7o7x7777777777778L8R8v8888899=9T9q9~9999 ::%:,:!;0;E;i;;;;;;;;2<@<<<< ==!=)=G=b=n=v===========> >>>>>>>>>??$?8?|???`040000111122m224444445 5>55555 6#6C6R6a6~6666677&767I7[7e77777777788979Z9i9999 :(:=:l::::::6;L;s;;;;;;<=====>>:?D????p00#0-000 1r1|111111)2y2034383<3@3444444I5|555555$616c6t666667'7.747?7E7M7V7^7c7k7p777778888888%9G9Z9999 00 000l4p4t4x4|4@00D6P6T666;< <<<$<,<4<<?@passwd - Win32 Release!C:\MSDEV\projects\passwd\passwd.c#C:\MSDEV\projects\passwd\readme.txt%C:\MSDEV\projects\passwd\addition.txtC:\MSDEV\projects\passwd\reg.cC:\MSDEV\projects\passwd\user.c C:\MSDEV\projects\passwd\check.c"C:\MSDEV\projects\passwd\globals.cpasswd - Win32 Debug!C:\MSDEV\projects\passwd\passwd.c#C:\MSDEV\projects\passwd\readme.txt%C:\MSDEV\projects\passwd\addition.txtC:\MSDEV\projects\passwd\reg.cC:\MSDEV\projects\passwd\user.c C:\MSDEV\projects\passwd\check.c"C:\MSDEV\projects\passwd\globals.cpasswd - Win32 Debugpasswd - Win32 Releasepasswd - Win32 Release passwd.makCProjectpasswd - Win32 Releasepasswd - Win32 Releasepasswd - Win32 DebugSSBR CTargetItemSSBR .\passwd.c CFileItemSSBR .\readme.txt CFileItemSSBR.\addition.txt CFileItemSSBR.\reg.c CFileItemSSBR.\user.c CFileItemSSBR .\check.c CFileItemSSBR .\globals.c CFileItemSSBRdepCDependencyContainerSSBRcheck.hCDependencyFileSSBR globals.hCDependencyFileSSBRpasswd.hCDependencyFileSSBRreg.hCDependencyFileSSBRuser.hCDependencyFileSSBRDJWdepCDependencyContainerSSBRcheck.hCDependencyFileSSBR globals.hCDependencyFileSSBRpasswd.hCDependencyFileSSBRreg.hCDependencyFileSSBRuser.hCDependencyFileSSBRDJWDJWDJW00BCDEFGHIJ ./README.TXT000005 401040 4001001 00000022435 06300442566 016045 0ustar00AdministratorsDomnen-BenutzerPASSWD - CHANGE PASSWORD ON THE COMMAND LINE AND IN BATCH FILES --------------------------------------------------------------- A utility for Windows NT written by Alexander Frink Hermann Schauss Str. 8 D-65232 Taunusstein Germany e-mail: Alexander.Frink@Uni-Mainz.DE February 1997 Contents -------- (a) Introduction (b) Legal stuff (c) Implemented and tested platforms (d) Installation (e) Usage (f) Feedback (a) Introduction ---------------- An increasing number of users, who have been familiar for a long time with command line oriented operating systems like Unix or VMS, and who now have to switch to Windows NT for several reasons they may or may not be responsible for, are frustated of doing everything by clicking with the mouse or using weird keyboard shortcuts, which makes it nearly impossible to seriously automate tasks. Further, one can notice an upcoming popularity of Telnet based Windows NT servers, which replace Unix and VMS machines. Users on these machines may never log on directly to such a server via the well-known CTRL-ALT-DEL logon procedure. These users cannot renounce of doing at least basic tasks on the command line. One of these tasks should be regular password changing. The designated procedure for doing this in Windows NT is to press CTRL-ALT-DEL and choose 'Change Password...', but no command line alternative is available. Windows 95 has a 'net password' command, which is missing in Windows NT. The 'net user' command allows changing passwords, but execution is restricted to users with administrative privileges. This utility offers the possibility for any user to change his password on the command line or from within a batch file. You can even change passwords for other users than yourself (or yourself on a different domain or workstation), as long as you know the current password. (b) Legal stuff --------------- Disclaimer: This program is provided "as is" and comes without any warranty of any kind, either expressed or implied, including but not limited to fitness for a particular purpose or a particular system. In no case shall the author be liable for any damage or unwanted behavior of any computer hardware and/or software, including but not limited to data loss or time spent to recover your system. Do not test this program on your production machines without a backup you know you can restore! Using this program: This program is intended as freeware. This means that anybody - privat users, companies or educational institutions - may USE it WITHOUT A FEE. However, users in a COMMERCIAL environment are encouraged to support the development of free software by sending me any amount of money you believe this utility is worth for your needs. Distributing this program: This program may be COPIED FREELY, as long as no fee is taken for the distribution other than usual online/download charges or material costs. COMMERCIAL distributors of Shareware CDs must ask the author for written permission. Source code: I decided to not include the source code, since some parts are based on source code by other authors, who allow using this code for own programs but not redistributing it. If you want to port this utility to other NT platforms, have any wishes for tailoring this product for your needs, or just want to make sure that this program is not a Trojan Horse which collects your passwords and sends them to me by e-mail, contact me. I may decide to consider you as a co-author then. (c) Implemented and tested platforms ------------------------------------ This program is compiled for Intel machines only. I have access to a DEC Alpha machine, but no C compiler running at the moment. However, it is possible to use it with the FX32 emulator. The program runs on Windows NT, NOT on Windows 95. It has been tested on NT 4.0 only. However, I see no reason why it should not work on NT 3.51. I would appreciate feedback. Passwords can be changed for local users on a NT Workstation/standalone NT Server as well as for domain users from any Workstation in the domain, any standalone Servers and the Domain Controller(s) itself where the user can log on. I have not tested a workgroup environment, please give me feedback as well. (d) Installation ---------------- No installation steps are necessary to use this utility. However, for easy use, it is recommended that either you copy the file 'passwd.exe' to any directory in your path, or you add the directory where 'passwd.exe' resides to your path. If you are using NTFS, make sure to give at least READ (RX) permission for anybody else than yourself to prevent tampering by installing a Trojan Horse instead of the original program. If you are using FAT, you have to trust all your users. No special privileges (user rights) are needed to run this program. (e) Usage --------- 'passwd' is easy to use: simple type 'passwd' on the command line. It will prompt you for your current password (to prevent that someone changes your password while you have left the room and you forgot to lock your workstation), and twice for the new password (to prevent typing errors since you don't see what you type in). - By default, 'passwd' displays a '*' for each character you type in. - You can delete the last character(s) by pressing the Backspace key - You can press CTRL-C at any time before pressing ENTER at the 'Verification:' prompt to stop 'passwd'. - Moving around with the cursor keys is NOT supported. Further, 'passwd' has several command line options: -q quiet mode: This switch suppresses the display of a '*' for each character typed in, so if somebody is watching you while you have to change your password, he won't even have a clue how long your password is (and was). -i info mode: This switch displays the username and the domain, for which the password will be changed. This is useful if you work under several accounts and don't have a 'whoami' utility at hand. -p oldpass newpass passwords: You can use this switch to supply the old and new password directly on the command line, you will not be prompted for a verification. This non-interactive mode can be used in a batch file. However, make sure nobody is watching you while you type in your passwords on the command line, and don't leave any batch files world readable! THIS IS A BIG SECURITY ISSUE AND MAY UNDERMINE YOUR SYSTEM! -u user set user: Change the password for a different user, not yourself. This is POSSIBLE WITHOUT SPECIAL PRIVILEGES, unless the 'Users must log on in order to change password' option in User Manager is checked. All you have to know is the password of the specified user. -d domain set domain: Set password for a different domain or machine than the one you are currently logged on to. Especially useful in conjunction with the -u switch. See notes above. You can set a NULL password interactively if allowed by the system, but not with the -p switch. You can use either -switch or /switch and can combine several switches (e.g. passwd -iq). 'oldpass', 'newpass', 'user' and 'domain' must follow the corresponding switch with a blank. Type 'passwd -?' on the command line to get a short usage reminder. RETURN VALUES ------------- 'passwd' delivers the following return values which can be tested with IF ERRORLEVEL... Value Interpretation 0 The password was changed successfully. 1 An invalid command line was specified. 2 The user has stopped execution with CTRL-C. 3 The 'Verification:' did not match the 'New Password:'. 4 The Windows NT API call for password changing failed. This may include, but is not limited to: - the old password is not correct - the new password is too short - you are not allowed to change your password ... In case of return value 4, an error message is printed. These come from and are sometimes not very clear. Use your imagination! Further, in case the password could not be changed, you will notice a delay of several seconds before the message is printed. I assume this is a security feature to prevent bulk password changing attacks. Changing the password with the usual CTRL-ALT-DEL dialog shows the same behavior. (f) Feedback ------------ If you have any suggestions, ideas for improvements, problems or anything else, send an e-mail to Alexander.Frink@Uni-Mainz.DE or snailmail to Alexander Frink Hermann Schauss Str. 8 D-65232 Taunusstein Germany ./reg.c000005 401040 4001001 00000016451 06306636764 015444 0ustar00AdministratorsDomnen-Benutzer#include #include #include #include #include #include "globals.h" #include "reg.h" #define SZ_SD_BUF 100 #define SZ_SID_BUF 75 #define SZ_ACL_BUF 250 BOOL bRemoveSecurity=FALSE; BOOL bCleanRegistry=FALSE; UCHAR ucAbsSDBuf [SZ_SD_BUF] = ""; UCHAR ucAdmSIDBuf [SZ_SID_BUF] = ""; UCHAR ucSysSIDBuf [SZ_SID_BUF] = ""; UCHAR ucEvrSIDBuf [SZ_SID_BUF] = ""; UCHAR ucACLBuf [SZ_ACL_BUF] = ""; DWORD dwSID = SZ_SID_BUF; DWORD dwDACL = SZ_ACL_BUF; PSECURITY_DESCRIPTOR psdAbsoluteSD = (PSECURITY_DESCRIPTOR)&ucAbsSDBuf; PSID psidAdministrators = (PSID)&ucAdmSIDBuf; PSID psidSystem = (PSID)&ucSysSIDBuf; PSID psidEveryone = (PSID)&ucEvrSIDBuf; PACL pNewDACL = (PACL)&ucACLBuf; BOOL ApplySecurityDescriptor(HKEY hKey) { LONG lRv; SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY; SID_IDENTIFIER_AUTHORITY siaWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; InitializeSid(psidAdministrators, &siaNtAuthority,2); InitializeSid(psidSystem, &siaNtAuthority,1); InitializeSid(psidEveryone, &siaWorldSidAuthority,1); *(GetSidSubAuthority(psidAdministrators,0)) = SECURITY_BUILTIN_DOMAIN_RID; *(GetSidSubAuthority(psidAdministrators,1)) = DOMAIN_ALIAS_RID_ADMINS; *(GetSidSubAuthority(psidSystem,0)) = SECURITY_LOCAL_SYSTEM_RID; *(GetSidSubAuthority(psidEveryone,0)) = SECURITY_WORLD_RID; if (!InitializeAcl(pNewDACL, dwDACL, ACL_REVISION)) return FALSE; if (!AddAccessAllowedAce(pNewDACL, ACL_REVISION, KEY_ALL_ACCESS, psidAdministrators)) return FALSE; if (!AddAccessAllowedAce(pNewDACL, ACL_REVISION, KEY_ALL_ACCESS, psidSystem)) return FALSE; if (!AddAccessAllowedAce(pNewDACL, ACL_REVISION, KEY_READ, psidEveryone)) return FALSE; if (!InitializeSecurityDescriptor(psdAbsoluteSD, SECURITY_DESCRIPTOR_REVISION)) return FALSE; if (!SetSecurityDescriptorDacl(psdAbsoluteSD, TRUE, // fDaclPresent flag pNewDACL, FALSE)) // not a default DACL return FALSE; if (!IsValidSecurityDescriptor(psdAbsoluteSD)) return FALSE; lRv=RegSetKeySecurity(hKey, (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION), psdAbsoluteSD); if (lRv!=ERROR_SUCCESS) return FALSE; return TRUE; } BOOL SetSecurityOptions(void) { LONG lRv; DWORD dwDisposition; HKEY hKey; if (bCleanRegistry) { return RegDeleteKey(REGKEY_PASSWD,REGSUBKEY_PASSWD)==ERROR_SUCCESS; } if (bRemoveSecurity) { dwMinPasswordLength=0; dwMinClasses=0; dwAccountCheck=0; szDictionaryFiles[0]=0; } lRv=RegCreateKeyEx(REGKEY_PASSWD, TEXT(REGSUBKEY_PASSWD), 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &dwDisposition); if (lRv!=ERROR_SUCCESS) return FALSE; // TODO: set permissions on registry key!!! lRv=RegSetValueEx(hKey, TEXT(REGVALUE_MIN_PASSWORD_LENGTH), 0, REG_DWORD, (LPBYTE) &dwMinPasswordLength, sizeof(DWORD)); if (lRv!=ERROR_SUCCESS) { RegCloseKey(hKey); return FALSE; } lRv=RegSetValueEx(hKey, TEXT(REGVALUE_MIN_CLASSES), 0, REG_DWORD, (LPBYTE) &dwMinClasses, sizeof(DWORD)); if (lRv!=ERROR_SUCCESS) { RegCloseKey(hKey); return FALSE; } lRv=RegSetValueEx(hKey, TEXT(REGVALUE_ACCOUNT_CHECK), 0, REG_DWORD, (LPBYTE) &dwAccountCheck, sizeof(DWORD)); if (lRv!=ERROR_SUCCESS) { RegCloseKey(hKey); return FALSE; } lRv=RegSetValueEx(hKey, TEXT(REGVALUE_DICTIONARY_FILES), 0, REG_SZ, (LPBYTE) szDictionaryFiles, strlen(szDictionaryFiles)+1); if (lRv!=ERROR_SUCCESS) { RegCloseKey(hKey); return FALSE; } // try to secure to registry key if (!ApplySecurityDescriptor(hKey)) { PrintWarningMessage("Could not secure the registry key!\n"); return FALSE; } RegCloseKey(hKey); return TRUE; } void ReadSecurityOptions(void) { LONG lRv; HKEY hKey; DWORD dwType; DWORD dwData; DWORD dwSize; dwMinPasswordLength=DEFAULT_MIN_PASSWORD_LENGTH; dwMinClasses=DEFAULT_MIN_CLASSES; dwAccountCheck=DEFAULT_ACCOUNT_CHECK; szDictionaryFiles[0]=0; bCleanRegistry=FALSE; lRv=RegOpenKeyEx(REGKEY_PASSWD, TEXT(REGSUBKEY_PASSWD), 0, KEY_QUERY_VALUE, &hKey); if (lRv!=ERROR_SUCCESS) { bCleanRegistry=TRUE; return; } dwSize=sizeof(DWORD); lRv=RegQueryValueEx(hKey, TEXT(REGVALUE_MIN_PASSWORD_LENGTH), 0, &dwType, (LPBYTE) &dwData, &dwSize); if ((lRv==ERROR_SUCCESS)&&(dwType==REG_DWORD)) { dwMinPasswordLength=dwData; } dwSize=sizeof(DWORD); lRv=RegQueryValueEx(hKey, TEXT(REGVALUE_MIN_CLASSES), 0, &dwType, (LPBYTE) &dwData, &dwSize); if ((lRv==ERROR_SUCCESS)&&(dwType==REG_DWORD)) { dwMinClasses=dwData; } dwSize=sizeof(DWORD); lRv=RegQueryValueEx(hKey, TEXT(REGVALUE_ACCOUNT_CHECK), 0, &dwType, (LPBYTE) &dwData, &dwSize); if ((lRv==ERROR_SUCCESS)&&(dwType==REG_DWORD)) { dwAccountCheck=dwData; } dwSize=MAXPATHLEN; lRv=RegQueryValueEx(hKey, TEXT(REGVALUE_DICTIONARY_FILES), 0, &dwType, (LPBYTE) szDictionaryFiles, &dwSize); if ((lRv!=ERROR_SUCCESS)||(dwType!=REG_SZ)) { szDictionaryFiles[0]=0; } RegCloseKey(hKey); } ./reg.h000005 401040 4001001 00000001243 06306631460 015426 0ustar00AdministratorsDomnen-Benutzer#define REGKEY_PASSWD HKEY_LOCAL_MACHINE #define REGSUBKEY_PASSWD "SOFTWARE\\Utilities\\passwd" #define REGVALUE_MIN_PASSWORD_LENGTH "MinPasswordLength" #define REGVALUE_MIN_CLASSES "MinClasses" #define REGVALUE_ACCOUNT_CHECK "AccountNameComparison" #define REGVALUE_DICTIONARY_FILES "DictionaryFiles" #ifdef __cplusplus extern "C" BOOL bRemoveSecurity; extern "C" BOOL bCleanRegistry; #else extern BOOL bRemoveSecurity; extern BOOL bCleanRegistry; #endif #ifdef __cplusplus extern "C" { #endif BOOL SetSecurityOptions(void); void ReadSecurityOptions(void); #ifdef __cplusplus } #endif ./user.c000005 401040 4001001 00000005733 06306654546 015644 0ustar00AdministratorsDomnen-Benutzer#include #include #include #include #include "globals.h" #include "user.h" PBYTE DomainControllerName; void GetUserAndDomain(void) { HANDLE hProcess, hAccessToken; UCHAR InfoBuffer[1000]; PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer; DWORD dwInfoBufferSize, dwAccountSize = MAXNAMELEN, dwDomainSize = MAXNAMELEN; SID_NAME_USE snu; hProcess = GetCurrentProcess(); OpenProcessToken(hProcess,TOKEN_READ,&hAccessToken); GetTokenInformation(hAccessToken, TokenUser, InfoBuffer, 1000, &dwInfoBufferSize); LookupAccountSid(NULL, pTokenUser->User.Sid, szAccountName, &dwAccountSize, szDomainName, &dwDomainSize, &snu); } void GetUserFullName(void) { PUSER_INFO_2 pUInfo2; szFullAccountName[0]=0; toUnicode(szAccountName,wszAccountName); toUnicode(szDomainName,wszDomainName); if (NetGetDCName(NULL,wszDomainName,&DomainControllerName)!=NERR_Success) return; if (NetUserGetInfo((LPWSTR) DomainControllerName, wszAccountName, 2, (LPBYTE *) &pUInfo2)!=NERR_Success) return; if (pUInfo2!=NULL) { fromUnicode(pUInfo2->usri2_full_name,szFullAccountName); NetApiBufferFree(pUInfo2); } } BOOL QueryIfUserIsAdmin(void) { /* BOOL QueryIfUserIsAdmin(void) returns TRUE if user is an admin FALSE if user is not an admin This code is taken from knowledge base article Q118626 */ HANDLE hAccessToken; UCHAR InfoBuffer[1024]; PTOKEN_GROUPS ptgGroups = (PTOKEN_GROUPS)InfoBuffer; DWORD dwInfoBufferSize; PSID psidAdministrators; SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY; UINT x; BOOL bSuccess; if (!OpenProcessToken(GetCurrentProcess(),TOKEN_READ,&hAccessToken)) { return(FALSE); } bSuccess = GetTokenInformation(hAccessToken,TokenGroups,InfoBuffer, 1024, &dwInfoBufferSize); CloseHandle(hAccessToken); if(!bSuccess) { return FALSE; } if (!AllocateAndInitializeSid(&siaNtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdministrators)) { return FALSE; } // assume that we don't find the admin SID. bSuccess = FALSE; for (x=0;xGroupCount;x++) { if (EqualSid(psidAdministrators, ptgGroups->Groups[x].Sid)) { bSuccess = TRUE; break; } } FreeSid(psidAdministrators); return bSuccess; } ./user.h000005 401040 4001001 00000000256 06306365072 015635 0ustar00AdministratorsDomnen-Benutzer#ifdef __cplusplus extern "C" { #endif void GetUserAndDomain(void); void GetUserFullName(void); BOOL QueryIfUserIsAdmin(void); #ifdef __cplusplus } #endif