Chntpw ng 1.01

Makefile

@@ -28,38 +28,38 @@ LIBS=-L$(OSSLLIB)
 
 all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static samunlock samunlock.static
 
-chntpw: chntpw.o ntreg.o edlib.o libsam.o
-	$(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS)
+chntpw: chntpw.o ntreg.o edlib.o libsam.o unicode.o
+	$(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o unicode.o $(LIBS)
 
-chntpw.static: chntpw.o ntreg.o edlib.o libsam.o
-	$(CC) -static $(CFLAGS) -o chntpw.static chntpw.o ntreg.o edlib.o libsam.o $(LIBS)
+chntpw.static: chntpw.o ntreg.o edlib.o libsam.o unicode.o
+	$(CC) -static $(CFLAGS) -o chntpw.static chntpw.o ntreg.o edlib.o libsam.o unicode.o $(LIBS)
 
 cpnt: cpnt.o
 	$(CC) $(CFLAGS) -o cpnt cpnt.o $(LIBS)
 
-reged: reged.o ntreg.o edlib.o
-	$(CC) $(CFLAGS) -o reged reged.o ntreg.o edlib.o
+reged: reged.o ntreg.o edlib.o unicode.o
+	$(CC) $(CFLAGS) -o reged reged.o ntreg.o edlib.o unicode.o
 
-reged.static: reged.o ntreg.o edlib.o
-	$(CC) -static $(CFLAGS) -o reged.static reged.o ntreg.o edlib.o
+reged.static: reged.o ntreg.o edlib.o unicode.o
+	$(CC) -static $(CFLAGS) -o reged.static reged.o ntreg.o edlib.o unicode.o
 
-samusrgrp.static: samusrgrp.o ntreg.o libsam.o
-	$(CC) -static $(CFLAGS) -o samusrgrp.static samusrgrp.o ntreg.o libsam.o 
+samusrgrp.static: samusrgrp.o ntreg.o libsam.o unicode.o
+	$(CC) -static $(CFLAGS) -o samusrgrp.static samusrgrp.o ntreg.o libsam.o unicode.o
 
-samusrgrp: samusrgrp.o ntreg.o libsam.o
-	$(CC) $(CFLAGS) -o samusrgrp samusrgrp.o ntreg.o libsam.o 
+samusrgrp: samusrgrp.o ntreg.o libsam.o unicode.o
+	$(CC) $(CFLAGS) -o samusrgrp samusrgrp.o ntreg.o libsam.o unicode.o
 
-sampasswd: sampasswd.o ntreg.o libsam.o
-	$(CC) $(CFLAGS) -o sampasswd sampasswd.o ntreg.o libsam.o 
+sampasswd: sampasswd.o ntreg.o libsam.o unicode.o unicode.o
+	$(CC) $(CFLAGS) -o sampasswd sampasswd.o ntreg.o libsam.o unicode.o
 
-sampasswd.static: sampasswd.o ntreg.o libsam.o
-	$(CC) -static $(CFLAGS) -o sampasswd.static sampasswd.o ntreg.o libsam.o 
+sampasswd.static: sampasswd.o ntreg.o libsam.o unicode.o
+	$(CC) -static $(CFLAGS) -o sampasswd.static sampasswd.o ntreg.o libsam.o unicode.o
 
-samunlock: samunlock.o ntreg.o libsam.o
-	$(CC) $(CFLAGS) -o samunlock samunlock.o ntreg.o libsam.o
+samunlock: samunlock.o ntreg.o libsam.o unicode.o
+	$(CC) $(CFLAGS) -o samunlock samunlock.o ntreg.o libsam.o unicode.o
 
-samunlock.static: samunlock.o ntreg.o libsam.o
-	$(CC) -static $(CFLAGS) -o samunlock.static samunlock.o ntreg.o libsam.o
+samunlock.static: samunlock.o ntreg.o libsam.o unicode.o
+	$(CC) -static $(CFLAGS) -o samunlock.static samunlock.o ntreg.o libsam.o unicode.o
 
 #ts: ts.o ntreg.o
 #	$(CC) $(CFLAGS) -nostdlib -o ts ts.o ntreg.o $(LIBS)

libsam.c

@@ -511,7 +511,7 @@ int sam_put_grp_members_sid(struct hive *hdesc, int grp, struct sid_array *sarra
 
      if (gverbose) printf("put_grp_members_sid: ajusted: mofs = %x, mlen = %x (%d)\n", mofs + 0x34 ,mlen,mlen);
 
-     if (gverbose) hexdump(&c->data, 0, c->len, 1);
+     if (gverbose) hexdump((char *)&c->data, 0, c->len, 1);
 
     /* Get total size of new SID data */
 
@@ -528,7 +528,7 @@ int sam_put_grp_members_sid(struct hive *hdesc, int grp, struct sid_array *sarra
     sidptr = &cd->data[mofs];
 
     for (i = 0; sarray[i].sidptr; i++) {
-      if (gverbose) printf("  copying : %d len %x, at %x\n",i,sarray[i].len, sidptr);
+      if (gverbose) printf("  copying : %d len %x, at %x\n",i,sarray[i].len, (unsigned int)sidptr);
       str = sam_sid_to_string(sarray[i].sidptr);
       if (gverbose) printf("  Member # %d = <%s>\n", i, str);
       FREE(str);      
@@ -539,7 +539,7 @@ int sam_put_grp_members_sid(struct hive *hdesc, int grp, struct sid_array *sarra
     cd->members_len = sidlen;  /* Update member count in C struct */
     cd->grp_members = i;
 
-    if (gverbose) hexdump(&c->data, 0, c->len, 1);
+    if (gverbose) hexdump((char *)&c->data, 0, c->len, 1);
 
     if (!put_buf2val(hdesc, c, 0, g, 0, TPF_VK_EXACT)) {
       fprintf(stderr,"put_grp_members_sid: could not write back group info in value %s\n",g);
@@ -839,6 +839,163 @@ int sam_put_user_grpids(struct hive *hdesc, int rid, struct keyval *val)
 
 /********* GROUP / USER MANIPULATION ROUTINES **************/
 
+/* Add SID to a group
+ * SID = any SID
+ * grp = group ID
+ * return true if success
+ */
+
+int sam_add_sid_to_grp(struct hive *hdesc, struct sid_binary * sid, int grp)
+{
+    struct sid_array *sarray, *narray;
+    struct sid_binary *usid = sid;
+    int members, newmembers;
+    char *str;
+    int o, n, hit, c;
+
+    if (!sid || !grp || (hdesc->type !=HTYPE_SAM) ) return(0);
+
+    str = sam_sid_to_string(usid);
+    if (gverbose) printf("sam_add_sid_to_grp: user SID is <%s>\n", str);
+    free(str);
+
+    /* Just add SID to group, SID without RID situation like AD users
+     */
+
+    members = sam_get_grp_members_sid(hdesc, grp, &sarray);
+
+    if (!sarray) {
+      printf("sam_add_sid_to_grp: group # %x not found!\n",grp);
+      return(0);
+    }
+
+    if (gverbose) printf("add_user_to_grp: grp memberlist BEFORE:\n");
+    for (o = 0; sarray[o].sidptr; o++)
+    {
+        str = sam_sid_to_string(sarray[o].sidptr);
+        if (gverbose) printf("  Member # %d = <%s>\n", o, str);
+        FREE(str);
+    }
+
+    newmembers = members + 1;
+    ALLOC(narray, sizeof(struct sid_array) * (newmembers + 2), 1);  /* Add one entry size */
+
+    if (gverbose) printf("members = %d\n", members);
+
+    hit = 0;
+    for (o = 0, n = 0; o <= members; o++, n++) {
+      c = sam_sid_cmp(sarray[o].sidptr, usid);     /* Compare slot with new SID */
+      if (gverbose) printf("sam_sid_cmp returns %d\n",c);
+      if (c == 0) {
+        newmembers--;                   /* Already there, don't change anything */
+        hit = 1;
+      }
+      if (!hit && ((c > 0) || !sarray[o].sidptr)) {              /* Next is higher, insert new SID */
+        if (gverbose) printf("  -- add\n");
+        narray[n].len = usid->sections * 4 + 8;     /* Hmm */
+        narray[n].sidptr = usid;
+        n++;
+        hit = 1;
+      }
+      narray[n].len = sarray[o].len;
+      narray[n].sidptr = sarray[o].sidptr;
+    }
+
+    if (gverbose) printf("sam_add_sid_to_grp: grp memberlist AFTER:\n");
+
+    for (o = 0; narray[o].sidptr; o++)
+    {
+        str = sam_sid_to_string(narray[o].sidptr);
+        if (gverbose) printf("  Member # %u = <%s>\n", o, str);
+        FREE(str);
+    }
+
+    if ( !sam_put_grp_members_sid(hdesc, grp, narray) )
+    {
+        fprintf(stderr,"sam_add_sid_to_grp: failed storing groups user list\n");
+        sam_free_sid_array(narray);
+        FREE(sarray);
+        return(0);
+    }
+    sam_free_sid_array(narray);
+    FREE(sarray);     /* Pointers was copied to narray, and freed above, just free the array here */
+
+    return(1);
+}
+
+/* Remove SID from a group
+ * SID = any SID
+ * grp = group ID
+ * return true if success
+ */
+
+int sam_remove_sid_from_grp(struct hive *hdesc, struct sid_binary * sid, int grp)
+{
+    struct sid_array *sarray, *narray;
+    struct sid_binary *usid = sid;
+    int members, newmembers;
+    char *str;
+    int o, n, hit, c;
+
+    if (!sid || !grp || (hdesc->type !=HTYPE_SAM) ) return(0);
+
+    members = sam_get_grp_members_sid(hdesc, grp, &sarray);
+
+    if (!sarray) {
+      printf("sam_remove_sid_from_grp: group # %x not found!\n",grp);
+      return(0);
+    }
+
+    /* Remove the user SID from the groups list of members */
+
+    if (gverbose) printf("sam_remove_sid_from_grp: grp memberlist BEFORE:\n");
+    for (o = 0; sarray[o].sidptr; o++)
+    {
+        str = sam_sid_to_string(sarray[o].sidptr);
+        if (gverbose) printf("  Member # %d = <%s>\n", o, str);
+        FREE(str);
+    }
+
+    newmembers = members;
+    ALLOC(narray, sizeof(struct sid_array) * (newmembers + 2), 1);
+
+    if (gverbose) printf("members = %d\n", members);
+
+    hit = 0;
+    for (o = 0, n = 0; o <= members; o++, n++) {
+      c = sam_sid_cmp(sarray[o].sidptr, usid);     /* Compare slot with new SID */
+      if (gverbose) printf("sid_cmp returns %d\n",c);
+      if (c == 0) {
+        newmembers--;                   /* Found, skip copy and decrease list size */
+        hit = 1;
+        n--;
+      } else {
+        narray[n].len = sarray[o].len;        /* Copy entry */
+        narray[n].sidptr = sarray[o].sidptr;
+      }
+    }
+    if (!hit) fprintf(stderr, "sam_remove_sid_from_grp: NOTE: user not in groups list of users, may mean user was not member at all. Does not matter, continuing.\n");
+
+    if (gverbose) printf("sam_remove_sid_from_grp: grp memberlist AFTER:\n");
+    for (o = 0; narray[o].sidptr; o++)
+    {
+        str = sam_sid_to_string(narray[o].sidptr);
+        if (gverbose) printf("  Member # %u = <%s>\n", o, str);
+        FREE(str);
+    }
+
+    if ( !sam_put_grp_members_sid(hdesc, grp, narray) )
+    {
+        fprintf(stderr,"sam_remove_sid_from_grp: failed storing groups user list\n");
+        sam_free_sid_array(narray);
+        FREE(sarray);
+        return(0);
+    }
+    sam_free_sid_array(narray);
+    FREE(sarray);     /* Pointers was copied to narray, and freed above, just free the array here */
+
+    return(1);
+}
 
 /* Add user to a group
  * rid = user RID

ntreg.c

@@ -81,6 +81,7 @@
 #include <unistd.h>
 #include <inttypes.h>
 #include <stdarg.h>
+#include "unicode.h"
 
 #include "ntreg.h"
 
@@ -306,11 +307,19 @@ int get_int( char *array )
 
 void cheap_uni2ascii(char *src, char *dest, int l)
 {
-
-   for (; l > 0; l -=2) {
-      *dest = *src;
-      dest++; src +=2;
-   }
+    uint8_t utf8[5];
+    uint16_t* usc = (uint16_t*)src;
+    int8_t  ret_code;
+
+    for (int a = 0; a < l/2; ++a)
+    {
+        ret_code = ucs2_to_utf8(usc[a], utf8);
+        if ( ret_code > 0 )
+        {
+            memcpy(dest, utf8, ret_code);
+            dest+= ret_code;
+        }
+    }
    *dest = 0;
 }
 
@@ -319,11 +328,19 @@ void cheap_uni2ascii(char *src, char *dest, int l)
 
 void cheap_ascii2uni(char *src, char *dest, int l)
 {
-   for (; l > 0; l--) {
-      *dest++ = *src++;
-      *dest++ = 0;
-
-   }
+    uint16_t* dest_16   = (uint16_t *)dest;
+    char* src_origin    = src;
+    int32_t return_unicode;
+    uint32_t num        = 0;
+    do {
+        src = src_origin; //move start byte pointer
+        return_unicode = utf8_to_ucs2((const uint8_t *)src, (const uint8_t **)&src_origin);
+        if ( ( return_unicode < 0xFFFF ) && ( return_unicode > 0 ) )
+        {
+            dest_16[num] = (uint16_t)return_unicode;
+            num++;
+        }
+    } while (src != src_origin);
 }
 
 void skipspace(char **c)

sam.h

@@ -281,6 +281,8 @@ int sam_get_grp_members_sid(struct hive *hdesc, int grp, struct sid_array **sarr
 int sam_put_grp_members_sid(struct hive *hdesc, int grp, struct sid_array *sarray);
 struct keyval *sam_get_user_grpids(struct hive *hdesc, int rid);
 int sam_put_user_grpids(struct hive *hdesc, int rid, struct keyval *val);
+int sam_add_sid_to_grp(struct hive *hdesc, struct sid_binary * sid, int grp);
+int sam_remove_sid_from_grp(struct hive *hdesc, struct sid_binary * sid, int grp);
 int sam_add_user_to_grp(struct hive *hdesc, int rid, int grp);
 int sam_remove_user_from_grp(struct hive *hdesc, int rid, int grp);
 char *sam_get_username(struct hive *hdesc, int rid);