diff --git a/.gitignore b/.gitignore index 94616b3..20d7fc8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ chntpw-source-080526.zip +/chntpw-source-110511.zip +/chntpw-source-140201.zip diff --git a/chntpw-080526-detect-failure-to-write-key.patch b/chntpw-080526-detect-failure-to-write-key.patch deleted file mode 100644 index ea17219..0000000 --- a/chntpw-080526-detect-failure-to-write-key.patch +++ /dev/null @@ -1,77 +0,0 @@ -From jim@meyering.net Mon Jul 20 20:12:31 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Mon, 20 Jul 2009 20:12:31 +0100 (BST) -Received: from zmta03.collab.prod.int.phx2.redhat.com (LHLO - zmta03.collab.prod.int.phx2.redhat.com) (10.5.5.33) by - mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 3C1A04E4EC - for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from zmta03.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta03.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id a+PpYwgPRjqW for ; - Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 130A44E4D6 - for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KJCGMZ001977 - for ; Mon, 20 Jul 2009 15:12:16 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KJCF82022169 - for ; Mon, 20 Jul 2009 15:12:15 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id 36C5D38154; Mon, 20 Jul 2009 21:12:15 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: chntpw [PATCH] detect/diagnose failure to write key -Date: Mon, 20 Jul 2009 21:12:15 +0200 -Message-ID: <873a8r88z4.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 938 -Lines: 34 - -Hi Rich, here's another. - ->From 057c832cf924cabf887e59d1c1f2127cd4619572 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 15:09:26 -0400 -Subject: [PATCH] detect/diagnose failure to write key - -* ntreg.c (export_key): Detect stream write failure. ---- - ntreg.c | 9 ++++++++- - 1 files changed, 8 insertions(+), 1 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 21cd3e3..cdb6503 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2735,7 +2735,14 @@ void export_key(struct hive *hdesc, int nkofs, char *name, char *filename, char - fprintf(file, "Windows Registry Editor Version 5.00\r\n\r\n"); - export_subkey(hdesc, nkofs, name, prefix, file); - -- fclose(file); -+ if (ferror (file)) { -+ printf("failed to write file '%s'\n", filename); -+ fclose (file); -+ return; -+ } -+ if (fclose(file)) -+ printf("failed to write file '%s': %s\n", filename, -+ strerror(errno)); - } - - --- -1.6.2.5 - diff --git a/chntpw-080526-get_abs_path.patch b/chntpw-080526-get_abs_path.patch deleted file mode 100644 index 4a754cd..0000000 --- a/chntpw-080526-get_abs_path.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.get_abs_path/ntreg.c ---- chntpw-080526/ntreg.c 2009-06-08 14:32:00.000000000 +0100 -+++ chntpw-080526.get_abs_path/ntreg.c 2009-06-08 14:30:08.000000000 +0100 -@@ -1193,7 +1193,7 @@ - { - /* int newnkofs; */ - struct nk_key *key; -- char tmp[ABSPATHLEN+1]; -+ char tmp[ABSPATHLEN]; - - maxlen = (maxlen < ABSPATHLEN ? maxlen : ABSPATHLEN); - -@@ -1209,6 +1209,7 @@ - } - - strncpy(tmp,path,ABSPATHLEN-1); -+ tmp[ABSPATHLEN-1] = '\0'; - - if ( (strlen(path) + key->len_name) >= maxlen-6) { - snprintf(path,maxlen,"(...)%s",tmp); -@@ -1216,7 +1217,7 @@ - } - *path = '\\'; - memcpy(path+1,key->keyname,key->len_name); -- strncpy(path+key->len_name+1,tmp,maxlen); -+ strcpy(path+key->len_name+1,tmp); - return(get_abs_path(hdesc, key->ofs_parent+0x1004, path, maxlen)); /* go back one more */ - } - diff --git a/chntpw-080526-keyname-overflow.patch b/chntpw-080526-keyname-overflow.patch deleted file mode 100644 index 345a4cf..0000000 --- a/chntpw-080526-keyname-overflow.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.keyname/ntreg.c ---- chntpw-080526/ntreg.c 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.keyname/ntreg.c 2009-06-08 12:00:00.000000000 +0100 -@@ -2607,7 +2607,6 @@ - int count = 0; - int countri = 0; - int len, byte; -- char keyname[128]; - char path[1024]; - char *value; - struct nk_key *key; -@@ -2626,10 +2625,6 @@ - - // get the key - key = (struct nk_key *)(hdesc->buffer + nkofs); -- strncpy(keyname, key->keyname, key->len_name); -- keyname[key->len_name] = '\0'; -- printf("Exporting key '%s' with %d subkeys and %d values...\n", -- keyname, key->no_subkeys, key->no_values); - - *path = 0; - get_abs_path(hdesc, nkofs, path, 1024); diff --git a/chntpw-080526-no-value.patch b/chntpw-080526-no-value.patch deleted file mode 100644 index 5bb2048..0000000 --- a/chntpw-080526-no-value.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.novalue/ntreg.c ---- chntpw-080526/ntreg.c 2009-06-08 14:44:09.000000000 +0100 -+++ chntpw-080526.novalue/ntreg.c 2009-06-08 14:43:48.000000000 +0100 -@@ -2667,21 +2667,23 @@ - value = (char *)get_val_data(hdesc, nkofs, vex.name, vex.type, TPF_VK_EXACT); - len = get_val_len(hdesc, nkofs, vex.name, TPF_VK_EXACT); - -- if (vex.type == REG_BINARY) { -- fprintf(file, "\"%s\"=hex:", vex.name); -- } else { -- fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); -- } -- byte = 0; -- while (byte < len) { /* go byte by byte.. probably slow.. */ -- fprintf(file, "%02x,", (unsigned char)value[byte]); -- byte++; -- if (!(byte % 20)) fprintf(file, "\\\r\n "); -- } -- fprintf(file, "%02x\r\n", (unsigned char)value[byte]); -- } -+ if (value && len >= 0) { -+ if (vex.type == REG_BINARY) { -+ fprintf(file, "\"%s\"=hex:", vex.name); -+ } else { -+ fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); -+ } -+ byte = 0; -+ while (byte < len) { /* go byte by byte.. probably slow.. */ -+ fprintf(file, "%02x,", (unsigned char)value[byte]); -+ byte++; -+ if (!(byte % 20)) fprintf(file, "\\\r\n "); -+ } -+ fprintf(file, "%02x\r\n", (unsigned char)value[byte]); - -- FREE(vex.name); -+ FREE(vex.name); -+ } -+ } - } - } - diff --git a/chntpw-080526-reged-no-deref-null.patch b/chntpw-080526-reged-no-deref-null.patch deleted file mode 100644 index 9bd681e..0000000 --- a/chntpw-080526-reged-no-deref-null.patch +++ /dev/null @@ -1,70 +0,0 @@ -From jim@meyering.net Wed Jul 22 13:41:58 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Wed, 22 Jul 2009 13:41:58 +0100 (BST) -Received: from zmta01.collab.prod.int.phx2.redhat.com (LHLO - zmta01.collab.prod.int.phx2.redhat.com) (10.5.5.31) by - mail06.corp.redhat.com with LMTP; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 52E8193C42 - for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from zmta01.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta01.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id i+F0NOkWPqt0 for ; - Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 29C8193C01 - for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6MCfOiN011483 - for ; Wed, 22 Jul 2009 08:41:24 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6MCfNP5023290 - for ; Wed, 22 Jul 2009 08:41:23 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id 38377558B9; Wed, 22 Jul 2009 14:41:23 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: [PATCH] "reged -e" should not dereference NULL -Date: Wed, 22 Jul 2009 14:41:23 +0200 -Message-ID: <87y6qg51qk.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 871 -Lines: 27 - - ->From d9203daf8e29290ca82b2433722e9e56cd0ab73f Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Wed, 22 Jul 2009 14:25:14 +0200 -Subject: [PATCH] "reged -e" should not dereference NULL - -* reged.c (main): Diagnose a missing hive file name with -e. ---- - reged.c | 30 +++++++++++++++++------------- - 1 files changed, 17 insertions(+), 13 deletions(-) - -diff --git a/reged.c b/reged.c -index cf395bc..f99f94e 100644 ---- a/reged.c -+++ b/reged.c -@@ -99,6 +99,11 @@ int main(int argc, char **argv) - } - if (edit) { /* Call editor. Rest of arguments are considered hives to load */ - hivename = argv[optind+no_hives]; -+ if (!hivename) { -+ fprintf(stderr,"with -e you must specify at least one hive file name\n"); -+ usage(); -+ exit(1); -+ } - do { - if (!(hive[no_hives] = openHive(hivename, - HMODE_RW|mode))) { - diff --git a/chntpw-080526-robustness.patch b/chntpw-080526-robustness.patch deleted file mode 100644 index 531bf52..0000000 --- a/chntpw-080526-robustness.patch +++ /dev/null @@ -1,182 +0,0 @@ -From jim@meyering.net Mon Jul 20 16:46:56 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Mon, 20 Jul 2009 16:46:56 +0100 (BST) -Received: from zmta02.collab.prod.int.phx2.redhat.com (LHLO - zmta02.collab.prod.int.phx2.redhat.com) (10.5.5.32) by - mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 27CD09E195 - for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from zmta02.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta02.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id TTbuqA5poqWA for ; - Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 087319E193 - for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KFVfBF002494 - for ; Mon, 20 Jul 2009 11:31:42 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KFVeiP013799 - for ; Mon, 20 Jul 2009 11:31:41 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id D157838154; Mon, 20 Jul 2009 17:31:40 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: chntpw patches -Date: Mon, 20 Jul 2009 17:31:40 +0200 -Message-ID: <87my6z8j6r.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 4197 -Lines: 140 - -Hi Rich, - -The first two were spotted via inspection. -The 3rd one was to address this: - - $ : > j && valgrind ./reged -e j - ~/w/co/chntpw: - ==16084== Memcheck, a memory error detector. - ==16084== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. - ==16084== Using LibVEX rev 1884, a library for dynamic binary translation. - ==16084== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. - ==16084== Using valgrind-3.4.1, a dynamic binary instrumentation framework. - ==16084== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. - ==16084== For more details, rerun with: -v - ==16084== - reged version 0.1 080526, (c) Petter N Hagen - ==16084== Invalid read of size 4 - ==16084== at 0x407D09: openHive (ntreg.c:2856) - ==16084== by 0x4011E3: main (reged.c:103) - ==16084== Address 0x4c230d8 is 0 bytes after a block of size 0 alloc'd - ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) - ==16084== by 0x407C5C: openHive (ntreg.c:2840) - ==16084== by 0x4011E3: main (reged.c:103) - openHive(j): File does not seem to be a registry hive! - Simple registry editor. ? for help. - ==16084== - ==16084== Invalid read of size 2 - ==16084== at 0x403C4D: get_abs_path (ntreg.c:1204) - ==16084== by 0x408D57: regedit_interactive (edlib.c:379) - ==16084== by 0x401277: main (reged.c:111) - ==16084== Address 0x4c230dc is 4 bytes after a block of size 0 alloc'd - ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) - ==16084== by 0x407C5C: openHive (ntreg.c:2840) - ==16084== by 0x4011E3: main (reged.c:103) - get_abs_path: Not a 'nk' node! - - > - - - ->From 5c287bb158db10af96b1f1f67d4df49a47323b94 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 09:57:13 -0400 -Subject: [PATCH 1/3] improved robustness - -* ntreg.c (fmyinput): Don't clobber ibuf[-1] upon NUL input. ---- - ntreg.c | 8 +++++--- - 1 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index e27a5b9..1b84410 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -82,14 +82,16 @@ char *str_dup( const char *str ) - - int fmyinput(char *prmpt, char *ibuf, int maxlen) - { -- -+ int len; - printf("%s",prmpt); - - fgets(ibuf,maxlen+1,stdin); -+ len = strlen(ibuf); - -- ibuf[strlen(ibuf)-1] = 0; -+ if (len) -+ ibuf[len-1] = 0; - -- return(strlen(ibuf)); -+ return len; - } - - /* Print len number of hexbytes */ --- -1.6.2.5 - - ->From b9bfb44aa1bff1f9b7badf65425f8190352966a0 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 10:04:23 -0400 -Subject: [PATCH 2/3] robustness: avoid low-memory segfault - -* ntreg.c (convert_string): Don't segfault upon low memory. ---- - ntreg.c | 5 ++++- - 1 files changed, 4 insertions(+), 1 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 1b84410..08f9124 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2585,7 +2585,10 @@ char * convert_string(void *string, int len) - int i, k; - int reallen = len / 2; - char *cstring = (char *)malloc(reallen); -- -+ if (cstring == NULL) { -+ printf("FATAL! convert_string: malloc() failed! Out of memory?\n"); -+ abort(); -+ } - for(i = 0, k = 0; i < len; i += 2, k++) - { - cstring[k] = ((char *)string)[i]; --- -1.6.2.5 - - ->From 81ae3189a8dffcdb3db7229cbe992ed12b8d1327 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 11:04:38 -0400 -Subject: [PATCH 3/3] robustness: avoid malfunction for too-small hive file - -* ntreg.c (openHive): Don't read uninitialized when file is too small. ---- - ntreg.c | 8 ++++++++ - 1 files changed, 8 insertions(+), 0 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 08f9124..be6b680 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2847,6 +2847,14 @@ struct hive *openHive(char *filename, int mode) - return(NULL); - } - -+ if (r < sizeof (*hdesc)) { -+ fprintf(stderr, -+ "file is too small; got %d bytes while expecting %d or more\n", -+ r, sizeof (*hdesc)); -+ closeHive(hdesc); -+ return(NULL); -+ } -+ - /* Now run through file, tallying all pages */ - /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ - --- -1.6.2.5 - diff --git a/chntpw-110511-detect-failure-to-write-key.patch b/chntpw-110511-detect-failure-to-write-key.patch new file mode 100644 index 0000000..818639d --- /dev/null +++ b/chntpw-110511-detect-failure-to-write-key.patch @@ -0,0 +1,19 @@ +diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-11-01 13:45:02.550421729 -0700 +@@ -3389,7 +3389,14 @@ + + fprintf(file,"\r\n"); /* Must end file with an empty line, windows does that */ + +- fclose(file); ++ if (ferror (file)) { ++ printf("failed to write file '%s'\n", filename); ++ fclose (file); ++ return; ++ } ++ if (fclose(file)) ++ printf("failed to write file '%s': %s\n", filename, ++ strerror(errno)); + } + + /* ================================================================ */ diff --git a/chntpw-110511-reged-no-deref-null.patch b/chntpw-110511-reged-no-deref-null.patch new file mode 100644 index 0000000..0193cd4 --- /dev/null +++ b/chntpw-110511-reged-no-deref-null.patch @@ -0,0 +1,15 @@ +diff -ur chntpw-110511.orig/reged.c chntpw-110511/reged.c +--- chntpw-110511.orig/reged.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/reged.c 2011-11-01 13:46:55.569625286 -0700 +@@ -167,6 +167,11 @@ + + if (edit) { /* Call editor. Rest of arguments are considered hives to load */ + hivename = argv[optind+no_hives]; ++ if (!hivename) { ++ fprintf(stderr,"with -e you must specify at least one hive file name\n"); ++ usage(); ++ exit(1); ++ } + do { + if (!(hive[no_hives] = openHive(hivename, + HMODE_RW|mode))) { diff --git a/chntpw-110511-robustness.patch b/chntpw-110511-robustness.patch new file mode 100644 index 0000000..ea2363f --- /dev/null +++ b/chntpw-110511-robustness.patch @@ -0,0 +1,39 @@ +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-12-18 17:09:06.290818997 -0800 +@@ -190,14 +190,18 @@ + + int fmyinput(char *prmpt, char *ibuf, int maxlen) + { +- ++ int len; + printf("%s",prmpt); + + fgets(ibuf,maxlen+1,stdin); ++ len = strlen(ibuf); + +- ibuf[strlen(ibuf)-1] = 0; ++ if (len) { ++ ibuf[len-1] = 0; ++ --len; ++ } + +- return(strlen(ibuf)); ++ return len; + } + + /* Print len number of hexbytes */ +@@ -4119,6 +4123,14 @@ + closeHive(hdesc); + return(NULL); + } ++ ++ if (r < sizeof (*hdesc)) { ++ fprintf(stderr, ++ "file is too small; got %d bytes while expecting %d or more\n", ++ r, sizeof (*hdesc)); ++ closeHive(hdesc); ++ return(NULL); ++ } + + /* Now run through file, tallying all pages */ + /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ diff --git a/chntpw-140201-fix-bogus-errno-use.patch b/chntpw-140201-fix-bogus-errno-use.patch new file mode 100644 index 0000000..ff7c846 --- /dev/null +++ b/chntpw-140201-fix-bogus-errno-use.patch @@ -0,0 +1,34 @@ +diff -u chntpw-140201.orig/ntreg.c chntpw-140201/ntreg.c +--- chntpw-140201.orig/ntreg.c 2019-06-22 13:09:59.583717369 -0700 ++++ chntpw-140201/ntreg.c 2019-06-22 13:16:26.714726148 -0700 +@@ -4241,10 +4241,13 @@ + do { /* On some platforms read may not block, and read in chunks. handle that */ + r = read(hdesc->filedesc, hdesc->buffer + rt, hdesc->size - rt); + rt += r; +- } while ( !errno && (rt < hdesc->size) ); ++ } while ( r > 0 && (rt < hdesc->size) ); + +- if (errno) { +- perror("openHive(): read error: "); ++ if (r <= 0) { ++ if (r < 0) ++ perror("openHive(): read error"); ++ else ++ fprintf(stderr, "openHive(): read error: unexpected EOF\n"); + closeHive(hdesc); + return(NULL); + } +@@ -4255,10 +4258,10 @@ + return(NULL); + } + +- if (r < sizeof (*hdesc)) { ++ if (rt < sizeof (*hdesc)) { + fprintf(stderr, +- "file is too small; got %d bytes while expecting %d or more\n", +- r, sizeof (*hdesc)); ++ "file is too small; got %d bytes while expecting %zu or more\n", ++ rt, sizeof (*hdesc)); + closeHive(hdesc); + return(NULL); + } diff --git a/chntpw-140201-get_abs_path.patch b/chntpw-140201-get_abs_path.patch new file mode 100644 index 0000000..c9f1a3d --- /dev/null +++ b/chntpw-140201-get_abs_path.patch @@ -0,0 +1,10 @@ +--- chntpw-140201/ntreg.c.orig 2014-02-01 08:54:37.000000000 -0800 ++++ chntpw-140201/ntreg.c 2018-07-02 16:10:39.625152640 -0700 +@@ -1511,6 +1511,7 @@ + } + + strncpy(tmp,path,ABSPATHLEN-1); ++ tmp[ABSPATHLEN-1] = '\0'; + + if (key->type & 0x20) + keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-140201-hexdump-pointer-type.patch b/chntpw-140201-hexdump-pointer-type.patch new file mode 100644 index 0000000..a8924bc --- /dev/null +++ b/chntpw-140201-hexdump-pointer-type.patch @@ -0,0 +1,21 @@ +diff -urN chntpw-140201.orig/libsam.c chntpw-140201/libsam.c +--- chntpw-140201.orig/libsam.c 2014-02-01 08:54:37.000000000 -0800 ++++ chntpw-140201/libsam.c 2024-08-03 15:31:41.817601486 -0700 +@@ -511,7 +511,7 @@ + + if (gverbose) printf("put_grp_members_sid: ajusted: mofs = %x, mlen = %x (%d)\n", mofs + 0x34 ,mlen,mlen); + +- if (gverbose) hexdump(&c->data, 0, c->len, 1); ++ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); + + /* Get total size of new SID data */ + +@@ -539,7 +539,7 @@ + cd->members_len = sidlen; /* Update member count in C struct */ + cd->grp_members = i; + +- if (gverbose) hexdump(&c->data, 0, c->len, 1); ++ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); + + if (!put_buf2val(hdesc, c, 0, g, 0, TPF_VK_EXACT)) { + fprintf(stderr,"put_grp_members_sid: could not write back group info in value %s\n",g); diff --git a/chntpw-080526-port-to-gcrypt-debian.patch b/chntpw-140201-port-to-gcrypt-debian.patch similarity index 74% rename from chntpw-080526-port-to-gcrypt-debian.patch rename to chntpw-140201-port-to-gcrypt-debian.patch index 217341d..45adefb 100644 --- a/chntpw-080526-port-to-gcrypt-debian.patch +++ b/chntpw-140201-port-to-gcrypt-debian.patch @@ -1,39 +1,36 @@ -Original patch from Debian: -http://patch-tracking.debian.net/patch/series/view/chntpw/0.99.5-0+nmu1/01_port_to_gcrypt.patch +01_port_to_gcrypt.patch +Paul Wise +Placed in the public domain +Port to libgcrypt to avoid GPL/OpenSSL incompatibility +Forwarded to Petter Nordahl-Hagen +Updated by Philippe Coval for debian -Written by Paul Wise. - -Ported to Fedora build by Richard W.M. Jones. - -Also compiles the program as 64 bit. I see no reason why the '-m32' -flag was supplied. Building on 64 bit produces a working program -as far as I can tell. - -diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c ---- chntpw-080526.orig/chntpw.c 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.gcrypt/chntpw.c 2009-06-09 12:39:58.037690367 +0100 -@@ -61,12 +61,19 @@ - #include - #include +--- a/chntpw.c ++++ b/chntpw.c +@@ -16,6 +16,7 @@ + * 2010-jun: Syskey not visible in menu, but is selectable (2) + * 2010-apr: Interactive menu adapts to show most relevant + * selections based on what is loaded ++ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian] + * 2008-mar: Minor other tweaks + * 2008-mar: Interactive reg ed moved out of this file, into edlib.c + * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev +@@ -79,8 +80,14 @@ + */ + #ifdef DOCRYPTO +#if defined(USEOPENSSL) #include #include --#define uchar u_char - #define MD4Init MD4_Init - #define MD4Update MD4_Update - #define MD4Final MD4_Final +#elif defined(USELIBGCRYPT) + #include +#else + #error No DES encryption and MD4 hashing library found +#endif -+ -+#define uchar u_char + #endif - #include "ntreg.h" - #include "sam.h" -@@ -138,7 +145,9 @@ + #define uchar u_char +@@ -155,7 +162,9 @@ for (i=0;i<8;i++) { key[i] = (key[i]<<1); } @@ -43,7 +40,7 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c } /* -@@ -183,6 +192,7 @@ +@@ -200,6 +209,7 @@ void E1(uchar *k, uchar *d, uchar *out) { @@ -51,7 +48,7 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c des_key_schedule ks; des_cblock deskey; -@@ -193,6 +203,15 @@ +@@ -210,6 +220,15 @@ des_set_key((des_cblock *)deskey,ks); #endif /* __FreeBsd__ */ des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); @@ -66,35 +63,33 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c +#endif } - -@@ -500,10 +519,18 @@ - int dontchange = 0; - struct user_V *v; - + #endif /* DOCRYPTO */ +@@ -343,9 +362,16 @@ + int i; + char md4[32],lanman[32]; + char newunipw[34], despw[20], newlanpw[16], newlandes[20]; +#ifdef USEOPENSSL des_key_schedule ks1, ks2; des_cblock deskey1, deskey2; - MD4_CTX context; +#elif defined(USELIBGCRYPT) + gcry_cipher_hd_t ks1, ks2; + uchar deskey1[8], deskey2[8]; -+ + unsigned char *p; + gcry_md_hd_t context; +#endif unsigned char digest[16]; - unsigned short acb; - -@@ -617,6 +644,7 @@ - hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); + uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25}; + #endif +@@ -460,6 +486,7 @@ } + #ifdef DOCRYPTO +#if defined(USEOPENSSL) /* Get the two decrpt keys. */ sid_to_key1(rid,(unsigned char *)deskey1); des_set_key((des_cblock *)deskey1,ks1); -@@ -634,6 +662,25 @@ +@@ -477,6 +504,25 @@ (des_cblock *)lanman, ks1, DES_DECRYPT); des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), (des_cblock *)&lanman[8], ks2, DES_DECRYPT); @@ -120,7 +115,7 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c if (gverbose) { hexprnt("MD4 hash : ",(unsigned char *)md4,16); -@@ -689,9 +736,17 @@ +@@ -544,9 +590,17 @@ /* printf("Ucase Lanman: %s\n",newlanpw); */ @@ -138,7 +133,7 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); -@@ -700,6 +755,7 @@ +@@ -555,6 +609,7 @@ if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); @@ -146,7 +141,7 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c /* Encrypt the NT md4 password hash as two 8 byte blocks. */ des_ecb_encrypt((des_cblock *)digest, (des_cblock *)despw, ks1, DES_ENCRYPT); -@@ -710,6 +766,18 @@ +@@ -565,6 +620,18 @@ (des_cblock *)newlandes, ks1, DES_ENCRYPT); des_ecb_encrypt((des_cblock *)(lanman+8), (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); @@ -165,11 +160,9 @@ diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c if (gverbose) { hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); -diff -ur chntpw-080526.orig/Makefile chntpw-080526.gcrypt/Makefile ---- chntpw-080526.orig/Makefile 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.gcrypt/Makefile 2009-06-09 12:45:07.798728999 +0100 -@@ -1,28 +1,11 @@ - # +--- a/Makefile ++++ b/Makefile +@@ -2,28 +2,10 @@ # Makefile for the Offline NT Password Editor # -# @@ -185,7 +178,7 @@ diff -ur chntpw-080526.orig/Makefile chntpw-080526.gcrypt/Makefile +CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) -# Force 32 bit --CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 -OSSLLIB=$(OSSLPATH)/lib - -# 64 bit if default for compiler setup @@ -194,8 +187,9 @@ diff -ur chntpw-080526.orig/Makefile chntpw-080526.gcrypt/Makefile - - -# This is to link with whatever we have, SSL crypto lib we put in static --LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +-LIBS=-L$(OSSLLIB) +LIBS=$(shell libgcrypt-config --libs) - all: chntpw chntpw.static cpnt reged reged.static + all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static diff --git a/chntpw-chntpw.8 b/chntpw-chntpw.8 deleted file mode 100644 index 8b0ec85..0000000 --- a/chntpw-chntpw.8 +++ /dev/null @@ -1,96 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH CHNTPW 8 "30th May 2002" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -chntpw \- utility to overwrite Windows NT/2000 SAM passwords -.SH SYNOPSIS -.B chntpw -.RI [ options ] -.RI < samfile > -.RI [ systemfile ] -.RI [ securityfile ] -.RI [ otherreghive ] -.RI [...] -.br -.SH DESCRIPTION -This manual page documents briefly the -.B chntpw -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. -.PP -.B chntpw -is a utility to view some information and change user passwords -in a Windows NT/2000 SAM userdatabase file. It is not necessary to -know the old passwords to reset them. In addition it contains a -simple registry editor (same size data writes) -and hex-editor with which the information contained in a registry -file can be browsed and modified. -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-u username -Username to change. Default is Administrator -.TP -.B \-l -List all users in the SAM database. -.TP -.B \-i -Interactive: list all users (as per \-l) and then ask for the -user to change. -.TP -.B \-e -Registry editor with limited capabilities. -.TP -.B \-d -Use buffer debugger. -.TP -.B \-t -Show hexdumps of structs/segments (deprecated debug function). -.SH EXAMPLES -.TP -.B chntpw sam system -Opens registry hives -.B sam -and -.B system -and change administrator account. This will work even if the name -has been changed or it has been localized (since different language -versions of NT use different administrator names). -.TP -.B chntpw -u jabbathehutt mysam -Prompts for password for -.B jabbathehutt -and changes it in the -.B mysam -registry file, if found (otherwise do nothing) -.SH SEE ALSO -If you are looking for an automated procedure for password -recovery, you might look at the bootdisks provided by the -upstream author at -.BR http://home.eunet.no/~pnordahl/ntpasswd/ -.br -There is more information on how this program works available at -.IR /usr/share/doc/chntpw . -This information includes in-depth information on how the -registry works, what are syskeys and some other issues. -.SH AUTHOR -This manual page was written by -Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.8 b/chntpw.8 new file mode 100644 index 0000000..f92440b --- /dev/null +++ b/chntpw.8 @@ -0,0 +1,157 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHNTPW 8 "13th March 2010" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +chntpw \- utility to overwrite passwords of Windows systems +.SH SYNOPSIS +.B chntpw +.RI [ options ] +.RI < samfile > +.RI [ systemfile ] +.RI [ securityfile ] +.RI [ otherreghive ] +.RI [...] +.br +.SH DESCRIPTION +This manual page documents briefly the +.B chntpw +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B chntpw +is a utility to view some information and reset user passwords +in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows +Operating System (in NT3.x and later versions). This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to +know the previous passwords to reset them. In addition it contains a simple +registry editor and ahex-editor with which the information contained in a +registry file can be browsed and modified. + +This program should be able to handle both 32 and 64 bit Microsoft Windows and +all versions from NT3.x up to Win8.1. + + +.SH OPTIONS +.TP +.B \-h +Show a summary of options. +.TP +.B \-u username +Username or username ID (RID) to change. The default is 'Administrator'. +.TP +.B \-l +List all users in the SAM database and exit. +.TP +.B \-i +Interactive Menu system: list all users (as per \-l option) and then ask for the +user to change. +.TP +.B \-e +Registry editor with limited capabilities (but it does include write support). For a +slightly more powerful editor see +.B reged + +.TP +.B \-d +Use buffer debugger instead (hex editor) + +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-v +Print verbose information and debug messages. + + + + + +.SH EXAMPLES +.TP +.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/ +Mount the Windows file system and enters the directory +.B \\\\WINDOWS\\\\system32\\\\config +where Windows stores the SAM database. +.TP +.B chntpw SAM system +Opens registry hives +.B SAM +and +.B system +and change administrator account. This will work even if the name +has been changed or it has been localized (since different language +versions of NT use different administrator names). +.TP +.B chntpw -l SAM +Lists the users defined in the +.B SAM +registry file. +.TP +.B chntpw -u jabbathehutt SAM +Prompts for password for +.B jabbathehutt +and changes it in the +.B SAM +registry file, if found (otherwise do nothing). + +.SH KNOWN BUGS + +This program uses undocumented structures in the SAM database. Use with +caution (i.e. make sure you make a backup of the file before any changes +are done). + +Password changing is only possible if the program has been specifically +compiled with some cryptographic functions. This feature, however, only +works properly in Windows NT and Windows 2000 systems. It might not +work properly in Windows XP, Vista, Win7, Win8 and later systems. + +In the Debian distribution this feature is not enabled. + +.SH SEE ALSO +.B reged, samusrgrp, sampasswd + +If you are looking for an automated procedure for password +recovery, you might want to check the bootdisks (can be used in CD +and USB drives) provided by the upstream author at +.BR http://pogostick.net/~pnh/ntpasswd/ + +.br +You will find more information available on how this program works, including +in-depth details on how the registry works, in the text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.spec b/chntpw.spec index beeea4e..120ca06 100644 --- a/chntpw.spec +++ b/chntpw.spec @@ -1,91 +1,221 @@ Name: chntpw # Version is taken from HISTORY.txt -Version: 0.99.6 -Release: 13%{?dist} +Version: 1.00 +Release: 20.140201%{?dist} Summary: Change passwords in Windows SAM files -Group: Applications/Engineering -License: GPLv2 -URL: http://home.eunet.no/~pnordahl/ntpasswd/ -Source0: http://home.eunet.no/~pnordahl/ntpasswd/chntpw-source-080526.zip +# Automatically converted from old format: GPLv2 - review is highly recommended. +License: GPL-2.0-only +URL: http://pogostick.net/~pnh/ntpasswd/ +Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip Source2: chntpw-README.Dist -# The man page is borrowed from Debian -Source3: chntpw-chntpw.8 -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# The man pages are borrowed from Debian +Source10: chntpw.8 +Source11: reged.8 +Source12: sampasswd.8 +Source13: samusrgrp.8 +BuildRequires: gcc BuildRequires: libgcrypt-devel +BuildRequires: make # Patches sent upstream on 2009-06-08. -Patch0: chntpw-080526-keyname-overflow.patch -Patch1: chntpw-080526-get_abs_path.patch -Patch2: chntpw-080526-no-value.patch +Patch1: chntpw-140201-get_abs_path.patch # Patch from Debian (RHBZ#504595). -Patch3: chntpw-080526-port-to-gcrypt-debian.patch +Patch3: chntpw-140201-port-to-gcrypt-debian.patch # Patches from Jim Meyering to improve robustness of the code. -Patch4: chntpw-080526-robustness.patch +Patch4: chntpw-110511-robustness.patch Patch5: chntpw-080526-correct-test-for-failing-open-syscall.patch -Patch6: chntpw-080526-detect-failure-to-write-key.patch -Patch7: chntpw-080526-reged-no-deref-null.patch +Patch6: chntpw-110511-detect-failure-to-write-key.patch +Patch7: chntpw-110511-reged-no-deref-null.patch + +# Patch derived from Oleg Samarin (RHBZ#1645886) +Patch8: chntpw-140201-fix-bogus-errno-use.patch + +# Cast around new GCC error for mismatched pointer arguments +Patch9: chntpw-140201-hexdump-pointer-type.patch %description This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. You do not need to know the old password to set a new one. It works offline, that -is, you have to shutdown your computer and boot off a floppydisk or CD +is, you have to shutdown your computer and boot off a floppy disk or CD or another system. Will detect and offer to unlock locked or disabled out user accounts! There is also a registry editor and other registry -utilities that works under linux/unix, and can be used for other things +utilities that works under Linux/Unix, and can be used for other things than password editing. %prep -%setup -q -n %{name}-080526 +%setup -q -n %{name}-140201 cp -p %{SOURCE2} README.Dist sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol touch -c -r WinReg.txt WinReg.txt.eol mv WinReg.txt.eol WinReg.txt -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 +%patch -P8 -p1 +%patch -P9 -p1 %build -make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" chntpw cpnt reged +make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" \ + chntpw cpnt reged sampasswd samusrgrp %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_bindir} -cp chntpw $RPM_BUILD_ROOT%{_bindir} -cp cpnt $RPM_BUILD_ROOT%{_bindir} -cp reged $RPM_BUILD_ROOT%{_bindir} +cp chntpw cpnt reged sampasswd samusrgrp $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/ -cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + $RPM_BUILD_ROOT%{_mandir}/man8/ -%clean -rm -rf $RPM_BUILD_ROOT - %files -%defattr(-,root,root,-) %doc GPL.txt LGPL.txt README.txt regedit.txt WinReg.txt HISTORY.txt %doc README.Dist %{_bindir}/chntpw %{_bindir}/cpnt %{_bindir}/reged -%{_mandir}/man8/%{name}.8* +%{_bindir}/sampasswd +%{_bindir}/samusrgrp +%{_mandir}/man8/*.8* %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 1.00-20.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jan 16 2025 Fedora Release Engineering - 1.00-19.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sat Aug 03 2024 Conrad Meyer - 1.00-18.140201 +- Add fix for rhbz# 2300591. + +* Mon Jul 29 2024 Miroslav Suchý - 1.00-17.140201 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 1.00-16.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue Jan 23 2024 Fedora Release Engineering - 1.00-15.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.00-14.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 1.00-13.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 1.00-12.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 1.00-11.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 1.00-10.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 1.00-9.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.00-8.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 1.00-7.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 1.00-6.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 1.00-5.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jun 22 2019 Conrad Meyer - 1.00-4.140201 +- Add fix for rhbz# 1645886. Thanks Oleg Samarin. + +* Thu Jan 31 2019 Fedora Release Engineering - 1.00-3.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 19 2018 Conrad Meyer - 1.00-2.140201 +- Add missing GCC BR after removal from buildroot +- Unfuck version number bumped incorrectly by RE + +* Thu Jul 12 2018 Fedora Release Engineering - 1.00-1.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Conrad Meyer - 1.00-0.140201 +- Update to latest upstream, 1.00 / 140201 +- Rebase patches as needed +- Import additional and enhanced manual pages from Debian +- Adds two new binaries: sampasswd and samusrgrp +- Clean up rpmlint warnings (tabs, spelling, log date) + +* Wed Feb 07 2018 Fedora Release Engineering - 0.99.6-30.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.99.6-29.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.99.6-28.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.99.6-27.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.99.6-26.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.99.6-25.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 0.99.6-24.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.99.6-23.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 23 2014 Tomáš Mráz - 0.99.6-22.110511 +- Rebuild for new libgcrypt + +* Sat Aug 03 2013 Fedora Release Engineering - 0.99.6-21.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 13 2013 Fedora Release Engineering - 0.99.6-20.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jul 18 2012 Fedora Release Engineering - 0.99.6-19.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jan 12 2012 Fedora Release Engineering - 0.99.6-18.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sun Dec 18 2011 Conrad Meyer - 0.99.6-17.110511 +- Fix 'robustness' patch (#755622) + +* Tue Nov 1 2011 Conrad Meyer - 0.99.6-16.110511 +- Update to latest upstream (110511) (#750005). +- Update fedora patches to apply cleanly, dropping useless hunks + as needed. +- Add upstream version to "Release" tag, so that people can + actually tell which version of upstream we're shipping from the + rpm version. + +* Tue Feb 08 2011 Fedora Release Engineering - 0.99.6-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jun 7 2010 Conrad Meyer - 0.99.6-14 +- Upstream changed hosts; fixed URL and Source0. + * Fri Jul 24 2009 Fedora Release Engineering - 0.99.6-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild @@ -109,7 +239,7 @@ rm -rf $RPM_BUILD_ROOT * Thu Jan 15 2009 Tomas Mraz - 0.99.6-6 - rebuild with new openssl -* Sun Oct 11 2008 Conrad Meyer - 0.99.6-5 +* Sun Oct 12 2008 Conrad Meyer - 0.99.6-5 - Bump because force-tag was removed. Please add it back. * Sat Oct 11 2008 Conrad Meyer - 0.99.6-4 diff --git a/reged.8 b/reged.8 new file mode 100644 index 0000000..36ecff4 --- /dev/null +++ b/reged.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH REGED 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +reged \- utility to export/import and edit a Windows registry hives +.SH SYNOPSIS +.B reged +.RI [ options ] +.RI -x + +.B reged +.RI [ options ] +.RI -I + +.B reged +.RI [ options ] +.RI -e + + +.br +.SH DESCRIPTION +This manual page documents briefly the +.B reged +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B reged +is the an interactive command line utility that can be used to +export, import or edit a Microsoft Windows registry hive. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-x +Export parts of a hive file to a text registry (.reg) file. +Prefixstring indicates the part of the registry hive to dump (for example +HKEY_LOCAL_MACHINE\\SOFTWARE). The parameter defines the key to dump +(recursively). You can use \\ or \\\\ to list all the keys in the hive file. + +Only one hive file and one .reg file can be defined. + +.TP +.B \-I +Import the content of the input.reg file into the registry file. The value + can be any valid prefix, for example is +HKEY_LOCAL_MACHINE\\SOFTWARE. + +Only one .reg and one hive file supported at the same time + +.TP +.B \-e ... +Interactive edit one or more registry files. + +.TP +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + + +.TP +.B \-C +Automatically save all changes. Do not prompt the user. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. + +.TP +.B \-E +Do not expand the hive file (safe mode). + +.TP +.B \-t +Print debug information of allocated blocks. + +.TP +.B \-v +Print verbose information and debug messages. + +.SH KNOWN BUGS + +There are many \fBunknown\fR bugs. If you find bugs please report them to the author. + +.SH SEE ALSO +.B chntpwd, samusrgrp, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sampasswd.8 b/sampasswd.8 new file mode 100644 index 0000000..78257c2 --- /dev/null +++ b/sampasswd.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMPASSWD 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +sampasswd \- reset passwords of users in the SAM user database +.SH SYNOPSIS +.B sampasswd +.RI [ options ] +.RI -u user +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B sampasswd +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B sampasswd +is a non-interactive command line utility that can reset a user's +password and/or the user's account bits from the SAM user database file of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-r +Reset the user's password. +.TP +.B \-a +Reset all the users. If this option is used there is no need to specify the next option. +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-l +Lists the users in the SAM database. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B sampasswd -r -u theboss +Reset the password of a user named 'theboss', if found. + +.TP +.B sampasswd -r -u 0x3ea +Reset the password of the user with RID '0x3a'. + +.TP +.B samusrgrp -r -a +Reset the password of all the users in the Administrator's group (0x220) + +.TP +.B samusrgrp -r -f +Reset the password of the administrative users with the lowest RID number. +This does not include the built-in administrator (0x1f4) unless no other +administrative user can be found in the database file. + + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, samusrgrp +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/samusrgrp.8 b/samusrgrp.8 new file mode 100644 index 0000000..773448b --- /dev/null +++ b/samusrgrp.8 @@ -0,0 +1,130 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMUSRGRP 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +samusrgrp \- add or remove users from groups in SAM database files +.SH SYNOPSIS +.B samusrgrp +.RI [ options ] +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B samusrgrp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B samusrgrp +is a non-interactive command line utility that can add or remove +a user from a local group that exists in the SAM user database of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +The binary program supports multiple names. If it is called named +.B samusrtogrp +it will assume \fB-a\fR mode (add user). If it is called named +.B samusrfromgrp +it will assume \fB-r\fR mode (remove user). + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-a +The user is added to the group. This option has to be followed +by \-u and \-g . +.TP +.B \-r +The user is removed from the group. This option has to be followed +by \-u and \-g . +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-g +Group to change. The group can only be given as a group number, in hexadecimal, preceded with +with '0x'. +.TP +.B \-l +Lists the groups in the SAM database. +.TP +.B \-L +Lists the groups in the SAM database as well as their members. +.TP +.B \-s +Print the machine SID. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B samusrgrp -a -u theboss -g 0x220 SAMFILE +Adds a user named 'theboss' to the group 0x220 (Administrators) + +.TP +.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE +Adds a user with the id '0x3aa' to the group 0x221 (Users) + +.TP +.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE +Remove a user with the id '0x3ff' from the group 0x221 (Users) + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sources b/sources index 954d9c8..e597fc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -09addfe7ae469677da39ed66d83858d3 chntpw-source-080526.zip +SHA512 (chntpw-source-140201.zip) = a26d747f6e077d1bb3e9b8077781f8c37dd978e07b7426495862f15c9004572b706c34736fc4d1ed8856b1a43335d726b4d87c688f7f9a11fd6cc3a74d71a7fa