diff --git a/.gitignore b/.gitignore index 20d7fc8..94616b3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ chntpw-source-080526.zip -/chntpw-source-110511.zip -/chntpw-source-140201.zip diff --git a/chntpw-080526-detect-failure-to-write-key.patch b/chntpw-080526-detect-failure-to-write-key.patch new file mode 100644 index 0000000..ea17219 --- /dev/null +++ b/chntpw-080526-detect-failure-to-write-key.patch @@ -0,0 +1,77 @@ +From jim@meyering.net Mon Jul 20 20:12:31 2009 +Return-Path: jim@meyering.net +X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, + UNPARSEABLE_RELAY autolearn=ham version=3.2.5 +Received: from mail.corp.redhat.com [10.5.5.51] + by amd.home.annexia.org with IMAP (fetchmail-6.3.8) + for (single-drop); Mon, 20 Jul 2009 20:12:31 +0100 (BST) +Received: from zmta03.collab.prod.int.phx2.redhat.com (LHLO + zmta03.collab.prod.int.phx2.redhat.com) (10.5.5.33) by + mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) +Received: from localhost (localhost.localdomain [127.0.0.1]) + by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 3C1A04E4EC + for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) +Received: from zmta03.collab.prod.int.phx2.redhat.com ([127.0.0.1]) + by localhost (zmta03.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id a+PpYwgPRjqW for ; + Mon, 20 Jul 2009 15:12:17 -0400 (EDT) +Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) + by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 130A44E4D6 + for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) +Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) + by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KJCGMZ001977 + for ; Mon, 20 Jul 2009 15:12:16 -0400 +Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) + by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KJCF82022169 + for ; Mon, 20 Jul 2009 15:12:15 -0400 +Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) + id 36C5D38154; Mon, 20 Jul 2009 21:12:15 +0200 (CEST) +From: Jim Meyering +To: "Richard W. M. Jones" +Subject: chntpw [PATCH] detect/diagnose failure to write key +Date: Mon, 20 Jul 2009 21:12:15 +0200 +Message-ID: <873a8r88z4.fsf@meyering.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 +Status: RO +Content-Length: 938 +Lines: 34 + +Hi Rich, here's another. + +>From 057c832cf924cabf887e59d1c1f2127cd4619572 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 20 Jul 2009 15:09:26 -0400 +Subject: [PATCH] detect/diagnose failure to write key + +* ntreg.c (export_key): Detect stream write failure. +--- + ntreg.c | 9 ++++++++- + 1 files changed, 8 insertions(+), 1 deletions(-) + +diff --git a/ntreg.c b/ntreg.c +index 21cd3e3..cdb6503 100644 +--- a/ntreg.c ++++ b/ntreg.c +@@ -2735,7 +2735,14 @@ void export_key(struct hive *hdesc, int nkofs, char *name, char *filename, char + fprintf(file, "Windows Registry Editor Version 5.00\r\n\r\n"); + export_subkey(hdesc, nkofs, name, prefix, file); + +- fclose(file); ++ if (ferror (file)) { ++ printf("failed to write file '%s'\n", filename); ++ fclose (file); ++ return; ++ } ++ if (fclose(file)) ++ printf("failed to write file '%s': %s\n", filename, ++ strerror(errno)); + } + + +-- +1.6.2.5 + diff --git a/chntpw-080526-get_abs_path.patch b/chntpw-080526-get_abs_path.patch new file mode 100644 index 0000000..4a754cd --- /dev/null +++ b/chntpw-080526-get_abs_path.patch @@ -0,0 +1,29 @@ +diff -ur chntpw-080526/ntreg.c chntpw-080526.get_abs_path/ntreg.c +--- chntpw-080526/ntreg.c 2009-06-08 14:32:00.000000000 +0100 ++++ chntpw-080526.get_abs_path/ntreg.c 2009-06-08 14:30:08.000000000 +0100 +@@ -1193,7 +1193,7 @@ + { + /* int newnkofs; */ + struct nk_key *key; +- char tmp[ABSPATHLEN+1]; ++ char tmp[ABSPATHLEN]; + + maxlen = (maxlen < ABSPATHLEN ? maxlen : ABSPATHLEN); + +@@ -1209,6 +1209,7 @@ + } + + strncpy(tmp,path,ABSPATHLEN-1); ++ tmp[ABSPATHLEN-1] = '\0'; + + if ( (strlen(path) + key->len_name) >= maxlen-6) { + snprintf(path,maxlen,"(...)%s",tmp); +@@ -1216,7 +1217,7 @@ + } + *path = '\\'; + memcpy(path+1,key->keyname,key->len_name); +- strncpy(path+key->len_name+1,tmp,maxlen); ++ strcpy(path+key->len_name+1,tmp); + return(get_abs_path(hdesc, key->ofs_parent+0x1004, path, maxlen)); /* go back one more */ + } + diff --git a/chntpw-080526-keyname-overflow.patch b/chntpw-080526-keyname-overflow.patch new file mode 100644 index 0000000..345a4cf --- /dev/null +++ b/chntpw-080526-keyname-overflow.patch @@ -0,0 +1,22 @@ +diff -ur chntpw-080526/ntreg.c chntpw-080526.keyname/ntreg.c +--- chntpw-080526/ntreg.c 2008-05-26 20:59:44.000000000 +0100 ++++ chntpw-080526.keyname/ntreg.c 2009-06-08 12:00:00.000000000 +0100 +@@ -2607,7 +2607,6 @@ + int count = 0; + int countri = 0; + int len, byte; +- char keyname[128]; + char path[1024]; + char *value; + struct nk_key *key; +@@ -2626,10 +2625,6 @@ + + // get the key + key = (struct nk_key *)(hdesc->buffer + nkofs); +- strncpy(keyname, key->keyname, key->len_name); +- keyname[key->len_name] = '\0'; +- printf("Exporting key '%s' with %d subkeys and %d values...\n", +- keyname, key->no_subkeys, key->no_values); + + *path = 0; + get_abs_path(hdesc, nkofs, path, 1024); diff --git a/chntpw-080526-no-value.patch b/chntpw-080526-no-value.patch new file mode 100644 index 0000000..5bb2048 --- /dev/null +++ b/chntpw-080526-no-value.patch @@ -0,0 +1,41 @@ +diff -ur chntpw-080526/ntreg.c chntpw-080526.novalue/ntreg.c +--- chntpw-080526/ntreg.c 2009-06-08 14:44:09.000000000 +0100 ++++ chntpw-080526.novalue/ntreg.c 2009-06-08 14:43:48.000000000 +0100 +@@ -2667,21 +2667,23 @@ + value = (char *)get_val_data(hdesc, nkofs, vex.name, vex.type, TPF_VK_EXACT); + len = get_val_len(hdesc, nkofs, vex.name, TPF_VK_EXACT); + +- if (vex.type == REG_BINARY) { +- fprintf(file, "\"%s\"=hex:", vex.name); +- } else { +- fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); +- } +- byte = 0; +- while (byte < len) { /* go byte by byte.. probably slow.. */ +- fprintf(file, "%02x,", (unsigned char)value[byte]); +- byte++; +- if (!(byte % 20)) fprintf(file, "\\\r\n "); +- } +- fprintf(file, "%02x\r\n", (unsigned char)value[byte]); +- } ++ if (value && len >= 0) { ++ if (vex.type == REG_BINARY) { ++ fprintf(file, "\"%s\"=hex:", vex.name); ++ } else { ++ fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); ++ } ++ byte = 0; ++ while (byte < len) { /* go byte by byte.. probably slow.. */ ++ fprintf(file, "%02x,", (unsigned char)value[byte]); ++ byte++; ++ if (!(byte % 20)) fprintf(file, "\\\r\n "); ++ } ++ fprintf(file, "%02x\r\n", (unsigned char)value[byte]); + +- FREE(vex.name); ++ FREE(vex.name); ++ } ++ } + } + } + diff --git a/chntpw-140201-port-to-gcrypt-debian.patch b/chntpw-080526-port-to-gcrypt-debian.patch similarity index 74% rename from chntpw-140201-port-to-gcrypt-debian.patch rename to chntpw-080526-port-to-gcrypt-debian.patch index 45adefb..217341d 100644 --- a/chntpw-140201-port-to-gcrypt-debian.patch +++ b/chntpw-080526-port-to-gcrypt-debian.patch @@ -1,36 +1,39 @@ -01_port_to_gcrypt.patch -Paul Wise -Placed in the public domain -Port to libgcrypt to avoid GPL/OpenSSL incompatibility -Forwarded to Petter Nordahl-Hagen -Updated by Philippe Coval for debian +Original patch from Debian: +http://patch-tracking.debian.net/patch/series/view/chntpw/0.99.5-0+nmu1/01_port_to_gcrypt.patch ---- a/chntpw.c -+++ b/chntpw.c -@@ -16,6 +16,7 @@ - * 2010-jun: Syskey not visible in menu, but is selectable (2) - * 2010-apr: Interactive menu adapts to show most relevant - * selections based on what is loaded -+ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian] - * 2008-mar: Minor other tweaks - * 2008-mar: Interactive reg ed moved out of this file, into edlib.c - * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev -@@ -79,8 +80,14 @@ - */ +Written by Paul Wise. + +Ported to Fedora build by Richard W.M. Jones. + +Also compiles the program as 64 bit. I see no reason why the '-m32' +flag was supplied. Building on 64 bit produces a working program +as far as I can tell. + +diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c +--- chntpw-080526.orig/chntpw.c 2008-05-26 20:59:44.000000000 +0100 ++++ chntpw-080526.gcrypt/chntpw.c 2009-06-09 12:39:58.037690367 +0100 +@@ -61,12 +61,19 @@ + #include + #include - #ifdef DOCRYPTO +#if defined(USEOPENSSL) #include #include +-#define uchar u_char + #define MD4Init MD4_Init + #define MD4Update MD4_Update + #define MD4Final MD4_Final +#elif defined(USELIBGCRYPT) + #include +#else + #error No DES encryption and MD4 hashing library found +#endif - #endif ++ ++#define uchar u_char - #define uchar u_char -@@ -155,7 +162,9 @@ + #include "ntreg.h" + #include "sam.h" +@@ -138,7 +145,9 @@ for (i=0;i<8;i++) { key[i] = (key[i]<<1); } @@ -40,7 +43,7 @@ Updated by Philippe Coval for debian } /* -@@ -200,6 +209,7 @@ +@@ -183,6 +192,7 @@ void E1(uchar *k, uchar *d, uchar *out) { @@ -48,7 +51,7 @@ Updated by Philippe Coval for debian des_key_schedule ks; des_cblock deskey; -@@ -210,6 +220,15 @@ +@@ -193,6 +203,15 @@ des_set_key((des_cblock *)deskey,ks); #endif /* __FreeBsd__ */ des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); @@ -63,33 +66,35 @@ Updated by Philippe Coval for debian +#endif } - #endif /* DOCRYPTO */ -@@ -343,9 +362,16 @@ - int i; - char md4[32],lanman[32]; - char newunipw[34], despw[20], newlanpw[16], newlandes[20]; + +@@ -500,10 +519,18 @@ + int dontchange = 0; + struct user_V *v; + +#ifdef USEOPENSSL des_key_schedule ks1, ks2; des_cblock deskey1, deskey2; + MD4_CTX context; +#elif defined(USELIBGCRYPT) + gcry_cipher_hd_t ks1, ks2; + uchar deskey1[8], deskey2[8]; ++ + unsigned char *p; + gcry_md_hd_t context; +#endif unsigned char digest[16]; - uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25}; - #endif -@@ -460,6 +486,7 @@ + unsigned short acb; + +@@ -617,6 +644,7 @@ + hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); } - #ifdef DOCRYPTO +#if defined(USEOPENSSL) /* Get the two decrpt keys. */ sid_to_key1(rid,(unsigned char *)deskey1); des_set_key((des_cblock *)deskey1,ks1); -@@ -477,6 +504,25 @@ +@@ -634,6 +662,25 @@ (des_cblock *)lanman, ks1, DES_DECRYPT); des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), (des_cblock *)&lanman[8], ks2, DES_DECRYPT); @@ -115,7 +120,7 @@ Updated by Philippe Coval for debian if (gverbose) { hexprnt("MD4 hash : ",(unsigned char *)md4,16); -@@ -544,9 +590,17 @@ +@@ -689,9 +736,17 @@ /* printf("Ucase Lanman: %s\n",newlanpw); */ @@ -133,7 +138,7 @@ Updated by Philippe Coval for debian if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); -@@ -555,6 +609,7 @@ +@@ -700,6 +755,7 @@ if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); @@ -141,7 +146,7 @@ Updated by Philippe Coval for debian /* Encrypt the NT md4 password hash as two 8 byte blocks. */ des_ecb_encrypt((des_cblock *)digest, (des_cblock *)despw, ks1, DES_ENCRYPT); -@@ -565,6 +620,18 @@ +@@ -710,6 +766,18 @@ (des_cblock *)newlandes, ks1, DES_ENCRYPT); des_ecb_encrypt((des_cblock *)(lanman+8), (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); @@ -160,9 +165,11 @@ Updated by Philippe Coval for debian if (gverbose) { hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); ---- a/Makefile -+++ b/Makefile -@@ -2,28 +2,10 @@ +diff -ur chntpw-080526.orig/Makefile chntpw-080526.gcrypt/Makefile +--- chntpw-080526.orig/Makefile 2008-05-26 20:59:44.000000000 +0100 ++++ chntpw-080526.gcrypt/Makefile 2009-06-09 12:45:07.798728999 +0100 +@@ -1,28 +1,11 @@ + # # Makefile for the Offline NT Password Editor # -# @@ -178,7 +185,7 @@ Updated by Philippe Coval for debian +CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) -# Force 32 bit --CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 -OSSLLIB=$(OSSLPATH)/lib - -# 64 bit if default for compiler setup @@ -187,9 +194,8 @@ Updated by Philippe Coval for debian - - -# This is to link with whatever we have, SSL crypto lib we put in static --#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a --LIBS=-L$(OSSLLIB) +-LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +LIBS=$(shell libgcrypt-config --libs) + all: chntpw chntpw.static cpnt reged reged.static - all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static diff --git a/chntpw-080526-reged-no-deref-null.patch b/chntpw-080526-reged-no-deref-null.patch new file mode 100644 index 0000000..9bd681e --- /dev/null +++ b/chntpw-080526-reged-no-deref-null.patch @@ -0,0 +1,70 @@ +From jim@meyering.net Wed Jul 22 13:41:58 2009 +Return-Path: jim@meyering.net +X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, + UNPARSEABLE_RELAY autolearn=ham version=3.2.5 +Received: from mail.corp.redhat.com [10.5.5.51] + by amd.home.annexia.org with IMAP (fetchmail-6.3.8) + for (single-drop); Wed, 22 Jul 2009 13:41:58 +0100 (BST) +Received: from zmta01.collab.prod.int.phx2.redhat.com (LHLO + zmta01.collab.prod.int.phx2.redhat.com) (10.5.5.31) by + mail06.corp.redhat.com with LMTP; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) +Received: from localhost (localhost.localdomain [127.0.0.1]) + by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 52E8193C42 + for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) +Received: from zmta01.collab.prod.int.phx2.redhat.com ([127.0.0.1]) + by localhost (zmta01.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id i+F0NOkWPqt0 for ; + Wed, 22 Jul 2009 08:41:25 -0400 (EDT) +Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) + by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 29C8193C01 + for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) +Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) + by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6MCfOiN011483 + for ; Wed, 22 Jul 2009 08:41:24 -0400 +Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) + by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6MCfNP5023290 + for ; Wed, 22 Jul 2009 08:41:23 -0400 +Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) + id 38377558B9; Wed, 22 Jul 2009 14:41:23 +0200 (CEST) +From: Jim Meyering +To: "Richard W. M. Jones" +Subject: [PATCH] "reged -e" should not dereference NULL +Date: Wed, 22 Jul 2009 14:41:23 +0200 +Message-ID: <87y6qg51qk.fsf@meyering.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 +Status: RO +Content-Length: 871 +Lines: 27 + + +>From d9203daf8e29290ca82b2433722e9e56cd0ab73f Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Wed, 22 Jul 2009 14:25:14 +0200 +Subject: [PATCH] "reged -e" should not dereference NULL + +* reged.c (main): Diagnose a missing hive file name with -e. +--- + reged.c | 30 +++++++++++++++++------------- + 1 files changed, 17 insertions(+), 13 deletions(-) + +diff --git a/reged.c b/reged.c +index cf395bc..f99f94e 100644 +--- a/reged.c ++++ b/reged.c +@@ -99,6 +99,11 @@ int main(int argc, char **argv) + } + if (edit) { /* Call editor. Rest of arguments are considered hives to load */ + hivename = argv[optind+no_hives]; ++ if (!hivename) { ++ fprintf(stderr,"with -e you must specify at least one hive file name\n"); ++ usage(); ++ exit(1); ++ } + do { + if (!(hive[no_hives] = openHive(hivename, + HMODE_RW|mode))) { + diff --git a/chntpw-080526-robustness.patch b/chntpw-080526-robustness.patch new file mode 100644 index 0000000..531bf52 --- /dev/null +++ b/chntpw-080526-robustness.patch @@ -0,0 +1,182 @@ +From jim@meyering.net Mon Jul 20 16:46:56 2009 +Return-Path: jim@meyering.net +X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, + UNPARSEABLE_RELAY autolearn=ham version=3.2.5 +Received: from mail.corp.redhat.com [10.5.5.51] + by amd.home.annexia.org with IMAP (fetchmail-6.3.8) + for (single-drop); Mon, 20 Jul 2009 16:46:56 +0100 (BST) +Received: from zmta02.collab.prod.int.phx2.redhat.com (LHLO + zmta02.collab.prod.int.phx2.redhat.com) (10.5.5.32) by + mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) +Received: from localhost (localhost.localdomain [127.0.0.1]) + by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 27CD09E195 + for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) +Received: from zmta02.collab.prod.int.phx2.redhat.com ([127.0.0.1]) + by localhost (zmta02.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id TTbuqA5poqWA for ; + Mon, 20 Jul 2009 11:31:43 -0400 (EDT) +Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) + by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 087319E193 + for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) +Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) + by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KFVfBF002494 + for ; Mon, 20 Jul 2009 11:31:42 -0400 +Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) + by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KFVeiP013799 + for ; Mon, 20 Jul 2009 11:31:41 -0400 +Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) + id D157838154; Mon, 20 Jul 2009 17:31:40 +0200 (CEST) +From: Jim Meyering +To: "Richard W. M. Jones" +Subject: chntpw patches +Date: Mon, 20 Jul 2009 17:31:40 +0200 +Message-ID: <87my6z8j6r.fsf@meyering.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 +Status: RO +Content-Length: 4197 +Lines: 140 + +Hi Rich, + +The first two were spotted via inspection. +The 3rd one was to address this: + + $ : > j && valgrind ./reged -e j + ~/w/co/chntpw: + ==16084== Memcheck, a memory error detector. + ==16084== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. + ==16084== Using LibVEX rev 1884, a library for dynamic binary translation. + ==16084== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. + ==16084== Using valgrind-3.4.1, a dynamic binary instrumentation framework. + ==16084== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. + ==16084== For more details, rerun with: -v + ==16084== + reged version 0.1 080526, (c) Petter N Hagen + ==16084== Invalid read of size 4 + ==16084== at 0x407D09: openHive (ntreg.c:2856) + ==16084== by 0x4011E3: main (reged.c:103) + ==16084== Address 0x4c230d8 is 0 bytes after a block of size 0 alloc'd + ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) + ==16084== by 0x407C5C: openHive (ntreg.c:2840) + ==16084== by 0x4011E3: main (reged.c:103) + openHive(j): File does not seem to be a registry hive! + Simple registry editor. ? for help. + ==16084== + ==16084== Invalid read of size 2 + ==16084== at 0x403C4D: get_abs_path (ntreg.c:1204) + ==16084== by 0x408D57: regedit_interactive (edlib.c:379) + ==16084== by 0x401277: main (reged.c:111) + ==16084== Address 0x4c230dc is 4 bytes after a block of size 0 alloc'd + ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) + ==16084== by 0x407C5C: openHive (ntreg.c:2840) + ==16084== by 0x4011E3: main (reged.c:103) + get_abs_path: Not a 'nk' node! + + > + + + +>From 5c287bb158db10af96b1f1f67d4df49a47323b94 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 20 Jul 2009 09:57:13 -0400 +Subject: [PATCH 1/3] improved robustness + +* ntreg.c (fmyinput): Don't clobber ibuf[-1] upon NUL input. +--- + ntreg.c | 8 +++++--- + 1 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/ntreg.c b/ntreg.c +index e27a5b9..1b84410 100644 +--- a/ntreg.c ++++ b/ntreg.c +@@ -82,14 +82,16 @@ char *str_dup( const char *str ) + + int fmyinput(char *prmpt, char *ibuf, int maxlen) + { +- ++ int len; + printf("%s",prmpt); + + fgets(ibuf,maxlen+1,stdin); ++ len = strlen(ibuf); + +- ibuf[strlen(ibuf)-1] = 0; ++ if (len) ++ ibuf[len-1] = 0; + +- return(strlen(ibuf)); ++ return len; + } + + /* Print len number of hexbytes */ +-- +1.6.2.5 + + +>From b9bfb44aa1bff1f9b7badf65425f8190352966a0 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 20 Jul 2009 10:04:23 -0400 +Subject: [PATCH 2/3] robustness: avoid low-memory segfault + +* ntreg.c (convert_string): Don't segfault upon low memory. +--- + ntreg.c | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +diff --git a/ntreg.c b/ntreg.c +index 1b84410..08f9124 100644 +--- a/ntreg.c ++++ b/ntreg.c +@@ -2585,7 +2585,10 @@ char * convert_string(void *string, int len) + int i, k; + int reallen = len / 2; + char *cstring = (char *)malloc(reallen); +- ++ if (cstring == NULL) { ++ printf("FATAL! convert_string: malloc() failed! Out of memory?\n"); ++ abort(); ++ } + for(i = 0, k = 0; i < len; i += 2, k++) + { + cstring[k] = ((char *)string)[i]; +-- +1.6.2.5 + + +>From 81ae3189a8dffcdb3db7229cbe992ed12b8d1327 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 20 Jul 2009 11:04:38 -0400 +Subject: [PATCH 3/3] robustness: avoid malfunction for too-small hive file + +* ntreg.c (openHive): Don't read uninitialized when file is too small. +--- + ntreg.c | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/ntreg.c b/ntreg.c +index 08f9124..be6b680 100644 +--- a/ntreg.c ++++ b/ntreg.c +@@ -2847,6 +2847,14 @@ struct hive *openHive(char *filename, int mode) + return(NULL); + } + ++ if (r < sizeof (*hdesc)) { ++ fprintf(stderr, ++ "file is too small; got %d bytes while expecting %d or more\n", ++ r, sizeof (*hdesc)); ++ closeHive(hdesc); ++ return(NULL); ++ } ++ + /* Now run through file, tallying all pages */ + /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ + +-- +1.6.2.5 + diff --git a/chntpw-110511-detect-failure-to-write-key.patch b/chntpw-110511-detect-failure-to-write-key.patch deleted file mode 100644 index 818639d..0000000 --- a/chntpw-110511-detect-failure-to-write-key.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c ---- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/ntreg.c 2011-11-01 13:45:02.550421729 -0700 -@@ -3389,7 +3389,14 @@ - - fprintf(file,"\r\n"); /* Must end file with an empty line, windows does that */ - -- fclose(file); -+ if (ferror (file)) { -+ printf("failed to write file '%s'\n", filename); -+ fclose (file); -+ return; -+ } -+ if (fclose(file)) -+ printf("failed to write file '%s': %s\n", filename, -+ strerror(errno)); - } - - /* ================================================================ */ diff --git a/chntpw-110511-reged-no-deref-null.patch b/chntpw-110511-reged-no-deref-null.patch deleted file mode 100644 index 0193cd4..0000000 --- a/chntpw-110511-reged-no-deref-null.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur chntpw-110511.orig/reged.c chntpw-110511/reged.c ---- chntpw-110511.orig/reged.c 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/reged.c 2011-11-01 13:46:55.569625286 -0700 -@@ -167,6 +167,11 @@ - - if (edit) { /* Call editor. Rest of arguments are considered hives to load */ - hivename = argv[optind+no_hives]; -+ if (!hivename) { -+ fprintf(stderr,"with -e you must specify at least one hive file name\n"); -+ usage(); -+ exit(1); -+ } - do { - if (!(hive[no_hives] = openHive(hivename, - HMODE_RW|mode))) { diff --git a/chntpw-110511-robustness.patch b/chntpw-110511-robustness.patch deleted file mode 100644 index ea2363f..0000000 --- a/chntpw-110511-robustness.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/ntreg.c 2011-12-18 17:09:06.290818997 -0800 -@@ -190,14 +190,18 @@ - - int fmyinput(char *prmpt, char *ibuf, int maxlen) - { -- -+ int len; - printf("%s",prmpt); - - fgets(ibuf,maxlen+1,stdin); -+ len = strlen(ibuf); - -- ibuf[strlen(ibuf)-1] = 0; -+ if (len) { -+ ibuf[len-1] = 0; -+ --len; -+ } - -- return(strlen(ibuf)); -+ return len; - } - - /* Print len number of hexbytes */ -@@ -4119,6 +4123,14 @@ - closeHive(hdesc); - return(NULL); - } -+ -+ if (r < sizeof (*hdesc)) { -+ fprintf(stderr, -+ "file is too small; got %d bytes while expecting %d or more\n", -+ r, sizeof (*hdesc)); -+ closeHive(hdesc); -+ return(NULL); -+ } - - /* Now run through file, tallying all pages */ - /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ diff --git a/chntpw-140201-fix-bogus-errno-use.patch b/chntpw-140201-fix-bogus-errno-use.patch deleted file mode 100644 index ff7c846..0000000 --- a/chntpw-140201-fix-bogus-errno-use.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -u chntpw-140201.orig/ntreg.c chntpw-140201/ntreg.c ---- chntpw-140201.orig/ntreg.c 2019-06-22 13:09:59.583717369 -0700 -+++ chntpw-140201/ntreg.c 2019-06-22 13:16:26.714726148 -0700 -@@ -4241,10 +4241,13 @@ - do { /* On some platforms read may not block, and read in chunks. handle that */ - r = read(hdesc->filedesc, hdesc->buffer + rt, hdesc->size - rt); - rt += r; -- } while ( !errno && (rt < hdesc->size) ); -+ } while ( r > 0 && (rt < hdesc->size) ); - -- if (errno) { -- perror("openHive(): read error: "); -+ if (r <= 0) { -+ if (r < 0) -+ perror("openHive(): read error"); -+ else -+ fprintf(stderr, "openHive(): read error: unexpected EOF\n"); - closeHive(hdesc); - return(NULL); - } -@@ -4255,10 +4258,10 @@ - return(NULL); - } - -- if (r < sizeof (*hdesc)) { -+ if (rt < sizeof (*hdesc)) { - fprintf(stderr, -- "file is too small; got %d bytes while expecting %d or more\n", -- r, sizeof (*hdesc)); -+ "file is too small; got %d bytes while expecting %zu or more\n", -+ rt, sizeof (*hdesc)); - closeHive(hdesc); - return(NULL); - } diff --git a/chntpw-140201-get_abs_path.patch b/chntpw-140201-get_abs_path.patch deleted file mode 100644 index c9f1a3d..0000000 --- a/chntpw-140201-get_abs_path.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- chntpw-140201/ntreg.c.orig 2014-02-01 08:54:37.000000000 -0800 -+++ chntpw-140201/ntreg.c 2018-07-02 16:10:39.625152640 -0700 -@@ -1511,6 +1511,7 @@ - } - - strncpy(tmp,path,ABSPATHLEN-1); -+ tmp[ABSPATHLEN-1] = '\0'; - - if (key->type & 0x20) - keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-140201-hexdump-pointer-type.patch b/chntpw-140201-hexdump-pointer-type.patch deleted file mode 100644 index a8924bc..0000000 --- a/chntpw-140201-hexdump-pointer-type.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -urN chntpw-140201.orig/libsam.c chntpw-140201/libsam.c ---- chntpw-140201.orig/libsam.c 2014-02-01 08:54:37.000000000 -0800 -+++ chntpw-140201/libsam.c 2024-08-03 15:31:41.817601486 -0700 -@@ -511,7 +511,7 @@ - - if (gverbose) printf("put_grp_members_sid: ajusted: mofs = %x, mlen = %x (%d)\n", mofs + 0x34 ,mlen,mlen); - -- if (gverbose) hexdump(&c->data, 0, c->len, 1); -+ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); - - /* Get total size of new SID data */ - -@@ -539,7 +539,7 @@ - cd->members_len = sidlen; /* Update member count in C struct */ - cd->grp_members = i; - -- if (gverbose) hexdump(&c->data, 0, c->len, 1); -+ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); - - if (!put_buf2val(hdesc, c, 0, g, 0, TPF_VK_EXACT)) { - fprintf(stderr,"put_grp_members_sid: could not write back group info in value %s\n",g); diff --git a/chntpw-chntpw.8 b/chntpw-chntpw.8 new file mode 100644 index 0000000..8b0ec85 --- /dev/null +++ b/chntpw-chntpw.8 @@ -0,0 +1,96 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHNTPW 8 "30th May 2002" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +chntpw \- utility to overwrite Windows NT/2000 SAM passwords +.SH SYNOPSIS +.B chntpw +.RI [ options ] +.RI < samfile > +.RI [ systemfile ] +.RI [ securityfile ] +.RI [ otherreghive ] +.RI [...] +.br +.SH DESCRIPTION +This manual page documents briefly the +.B chntpw +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B chntpw +is a utility to view some information and change user passwords +in a Windows NT/2000 SAM userdatabase file. It is not necessary to +know the old passwords to reset them. In addition it contains a +simple registry editor (same size data writes) +and hex-editor with which the information contained in a registry +file can be browsed and modified. +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-u username +Username to change. Default is Administrator +.TP +.B \-l +List all users in the SAM database. +.TP +.B \-i +Interactive: list all users (as per \-l) and then ask for the +user to change. +.TP +.B \-e +Registry editor with limited capabilities. +.TP +.B \-d +Use buffer debugger. +.TP +.B \-t +Show hexdumps of structs/segments (deprecated debug function). +.SH EXAMPLES +.TP +.B chntpw sam system +Opens registry hives +.B sam +and +.B system +and change administrator account. This will work even if the name +has been changed or it has been localized (since different language +versions of NT use different administrator names). +.TP +.B chntpw -u jabbathehutt mysam +Prompts for password for +.B jabbathehutt +and changes it in the +.B mysam +registry file, if found (otherwise do nothing) +.SH SEE ALSO +If you are looking for an automated procedure for password +recovery, you might look at the bootdisks provided by the +upstream author at +.BR http://home.eunet.no/~pnordahl/ntpasswd/ +.br +There is more information on how this program works available at +.IR /usr/share/doc/chntpw . +This information includes in-depth information on how the +registry works, what are syskeys and some other issues. +.SH AUTHOR +This manual page was written by +Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.8 b/chntpw.8 deleted file mode 100644 index f92440b..0000000 --- a/chntpw.8 +++ /dev/null @@ -1,157 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH CHNTPW 8 "13th March 2010" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -chntpw \- utility to overwrite passwords of Windows systems -.SH SYNOPSIS -.B chntpw -.RI [ options ] -.RI < samfile > -.RI [ systemfile ] -.RI [ securityfile ] -.RI [ otherreghive ] -.RI [...] -.br -.SH DESCRIPTION -This manual page documents briefly the -.B chntpw -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. -.PP -.B chntpw -is a utility to view some information and reset user passwords -in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows -Operating System (in NT3.x and later versions). This file is usually located at -\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to -know the previous passwords to reset them. In addition it contains a simple -registry editor and ahex-editor with which the information contained in a -registry file can be browsed and modified. - -This program should be able to handle both 32 and 64 bit Microsoft Windows and -all versions from NT3.x up to Win8.1. - - -.SH OPTIONS -.TP -.B \-h -Show a summary of options. -.TP -.B \-u username -Username or username ID (RID) to change. The default is 'Administrator'. -.TP -.B \-l -List all users in the SAM database and exit. -.TP -.B \-i -Interactive Menu system: list all users (as per \-l option) and then ask for the -user to change. -.TP -.B \-e -Registry editor with limited capabilities (but it does include write support). For a -slightly more powerful editor see -.B reged - -.TP -.B \-d -Use buffer debugger instead (hex editor) - -.B \-L -Log all changed filenames to /tmp/changed. When this option is set the -program automatically saves the changes in the hive files without prompting the -user. - -Be careful when using the \fB-L\fR option as a root user in a multiuser system. -The filename is fixed and this can be used by malicious users (dropping a -symlink with the same name) to overwrite system files. - -.TP -.B \-N -Do not allocate more information, only allow the editing of existing values -with same size. -.TP -.B \-E -Do not expand the hive file (safe mode). -.TP -.B \-v -Print verbose information and debug messages. - - - - - -.SH EXAMPLES -.TP -.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/ -Mount the Windows file system and enters the directory -.B \\\\WINDOWS\\\\system32\\\\config -where Windows stores the SAM database. -.TP -.B chntpw SAM system -Opens registry hives -.B SAM -and -.B system -and change administrator account. This will work even if the name -has been changed or it has been localized (since different language -versions of NT use different administrator names). -.TP -.B chntpw -l SAM -Lists the users defined in the -.B SAM -registry file. -.TP -.B chntpw -u jabbathehutt SAM -Prompts for password for -.B jabbathehutt -and changes it in the -.B SAM -registry file, if found (otherwise do nothing). - -.SH KNOWN BUGS - -This program uses undocumented structures in the SAM database. Use with -caution (i.e. make sure you make a backup of the file before any changes -are done). - -Password changing is only possible if the program has been specifically -compiled with some cryptographic functions. This feature, however, only -works properly in Windows NT and Windows 2000 systems. It might not -work properly in Windows XP, Vista, Win7, Win8 and later systems. - -In the Debian distribution this feature is not enabled. - -.SH SEE ALSO -.B reged, samusrgrp, sampasswd - -If you are looking for an automated procedure for password -recovery, you might want to check the bootdisks (can be used in CD -and USB drives) provided by the upstream author at -.BR http://pogostick.net/~pnh/ntpasswd/ - -.br -You will find more information available on how this program works, including -in-depth details on how the registry works, in the text files -.IR /usr/share/doc/chntpw/README.txt -and -.IR /usr/share/doc/chntpw/MANUAL.txt - -.SH AUTHOR -This program was written by Petter N Hagen. - -This manual page was written by Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.spec b/chntpw.spec index 120ca06..beeea4e 100644 --- a/chntpw.spec +++ b/chntpw.spec @@ -1,221 +1,91 @@ Name: chntpw # Version is taken from HISTORY.txt -Version: 1.00 -Release: 20.140201%{?dist} +Version: 0.99.6 +Release: 13%{?dist} Summary: Change passwords in Windows SAM files -# Automatically converted from old format: GPLv2 - review is highly recommended. -License: GPL-2.0-only -URL: http://pogostick.net/~pnh/ntpasswd/ -Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip +Group: Applications/Engineering +License: GPLv2 +URL: http://home.eunet.no/~pnordahl/ntpasswd/ +Source0: http://home.eunet.no/~pnordahl/ntpasswd/chntpw-source-080526.zip Source2: chntpw-README.Dist -# The man pages are borrowed from Debian -Source10: chntpw.8 -Source11: reged.8 -Source12: sampasswd.8 -Source13: samusrgrp.8 +# The man page is borrowed from Debian +Source3: chntpw-chntpw.8 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: gcc BuildRequires: libgcrypt-devel -BuildRequires: make # Patches sent upstream on 2009-06-08. -Patch1: chntpw-140201-get_abs_path.patch +Patch0: chntpw-080526-keyname-overflow.patch +Patch1: chntpw-080526-get_abs_path.patch +Patch2: chntpw-080526-no-value.patch # Patch from Debian (RHBZ#504595). -Patch3: chntpw-140201-port-to-gcrypt-debian.patch +Patch3: chntpw-080526-port-to-gcrypt-debian.patch # Patches from Jim Meyering to improve robustness of the code. -Patch4: chntpw-110511-robustness.patch +Patch4: chntpw-080526-robustness.patch Patch5: chntpw-080526-correct-test-for-failing-open-syscall.patch -Patch6: chntpw-110511-detect-failure-to-write-key.patch -Patch7: chntpw-110511-reged-no-deref-null.patch - -# Patch derived from Oleg Samarin (RHBZ#1645886) -Patch8: chntpw-140201-fix-bogus-errno-use.patch - -# Cast around new GCC error for mismatched pointer arguments -Patch9: chntpw-140201-hexdump-pointer-type.patch +Patch6: chntpw-080526-detect-failure-to-write-key.patch +Patch7: chntpw-080526-reged-no-deref-null.patch %description This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. You do not need to know the old password to set a new one. It works offline, that -is, you have to shutdown your computer and boot off a floppy disk or CD +is, you have to shutdown your computer and boot off a floppydisk or CD or another system. Will detect and offer to unlock locked or disabled out user accounts! There is also a registry editor and other registry -utilities that works under Linux/Unix, and can be used for other things +utilities that works under linux/unix, and can be used for other things than password editing. %prep -%setup -q -n %{name}-140201 +%setup -q -n %{name}-080526 cp -p %{SOURCE2} README.Dist sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol touch -c -r WinReg.txt WinReg.txt.eol mv WinReg.txt.eol WinReg.txt -%patch -P1 -p1 -%patch -P3 -p1 -%patch -P4 -p1 -%patch -P5 -p1 -%patch -P6 -p1 -%patch -P7 -p1 -%patch -P8 -p1 -%patch -P9 -p1 +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build -make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" \ - chntpw cpnt reged sampasswd samusrgrp +make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" chntpw cpnt reged %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_bindir} -cp chntpw cpnt reged sampasswd samusrgrp $RPM_BUILD_ROOT%{_bindir} +cp chntpw $RPM_BUILD_ROOT%{_bindir} +cp cpnt $RPM_BUILD_ROOT%{_bindir} +cp reged $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/ -cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ - $RPM_BUILD_ROOT%{_mandir}/man8/ +cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +%clean +rm -rf $RPM_BUILD_ROOT + %files +%defattr(-,root,root,-) %doc GPL.txt LGPL.txt README.txt regedit.txt WinReg.txt HISTORY.txt %doc README.Dist %{_bindir}/chntpw %{_bindir}/cpnt %{_bindir}/reged -%{_bindir}/sampasswd -%{_bindir}/samusrgrp -%{_mandir}/man8/*.8* +%{_mandir}/man8/%{name}.8* %changelog -* Wed Jul 23 2025 Fedora Release Engineering - 1.00-20.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Thu Jan 16 2025 Fedora Release Engineering - 1.00-19.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Sat Aug 03 2024 Conrad Meyer - 1.00-18.140201 -- Add fix for rhbz# 2300591. - -* Mon Jul 29 2024 Miroslav Suchý - 1.00-17.140201 -- convert license to SPDX - -* Wed Jul 17 2024 Fedora Release Engineering - 1.00-16.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Tue Jan 23 2024 Fedora Release Engineering - 1.00-15.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 1.00-14.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jul 19 2023 Fedora Release Engineering - 1.00-13.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Wed Jan 18 2023 Fedora Release Engineering - 1.00-12.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Jul 20 2022 Fedora Release Engineering - 1.00-11.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jan 19 2022 Fedora Release Engineering - 1.00-10.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Wed Jul 21 2021 Fedora Release Engineering - 1.00-9.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Tue Jan 26 2021 Fedora Release Engineering - 1.00-8.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Mon Jul 27 2020 Fedora Release Engineering - 1.00-7.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jan 28 2020 Fedora Release Engineering - 1.00-6.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Wed Jul 24 2019 Fedora Release Engineering - 1.00-5.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sat Jun 22 2019 Conrad Meyer - 1.00-4.140201 -- Add fix for rhbz# 1645886. Thanks Oleg Samarin. - -* Thu Jan 31 2019 Fedora Release Engineering - 1.00-3.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Thu Jul 19 2018 Conrad Meyer - 1.00-2.140201 -- Add missing GCC BR after removal from buildroot -- Unfuck version number bumped incorrectly by RE - -* Thu Jul 12 2018 Fedora Release Engineering - 1.00-1.140201 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jul 02 2018 Conrad Meyer - 1.00-0.140201 -- Update to latest upstream, 1.00 / 140201 -- Rebase patches as needed -- Import additional and enhanced manual pages from Debian -- Adds two new binaries: sampasswd and samusrgrp -- Clean up rpmlint warnings (tabs, spelling, log date) - -* Wed Feb 07 2018 Fedora Release Engineering - 0.99.6-30.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Aug 02 2017 Fedora Release Engineering - 0.99.6-29.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.99.6-28.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Fri Feb 10 2017 Fedora Release Engineering - 0.99.6-27.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Wed Feb 03 2016 Fedora Release Engineering - 0.99.6-26.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jun 17 2015 Fedora Release Engineering - 0.99.6-25.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Sat Aug 16 2014 Fedora Release Engineering - 0.99.6-24.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 0.99.6-23.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed Apr 23 2014 Tomáš Mráz - 0.99.6-22.110511 -- Rebuild for new libgcrypt - -* Sat Aug 03 2013 Fedora Release Engineering - 0.99.6-21.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed Feb 13 2013 Fedora Release Engineering - 0.99.6-20.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jul 18 2012 Fedora Release Engineering - 0.99.6-19.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jan 12 2012 Fedora Release Engineering - 0.99.6-18.110511 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Sun Dec 18 2011 Conrad Meyer - 0.99.6-17.110511 -- Fix 'robustness' patch (#755622) - -* Tue Nov 1 2011 Conrad Meyer - 0.99.6-16.110511 -- Update to latest upstream (110511) (#750005). -- Update fedora patches to apply cleanly, dropping useless hunks - as needed. -- Add upstream version to "Release" tag, so that people can - actually tell which version of upstream we're shipping from the - rpm version. - -* Tue Feb 08 2011 Fedora Release Engineering - 0.99.6-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Jun 7 2010 Conrad Meyer - 0.99.6-14 -- Upstream changed hosts; fixed URL and Source0. - * Fri Jul 24 2009 Fedora Release Engineering - 0.99.6-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild @@ -239,7 +109,7 @@ cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ * Thu Jan 15 2009 Tomas Mraz - 0.99.6-6 - rebuild with new openssl -* Sun Oct 12 2008 Conrad Meyer - 0.99.6-5 +* Sun Oct 11 2008 Conrad Meyer - 0.99.6-5 - Bump because force-tag was removed. Please add it back. * Sat Oct 11 2008 Conrad Meyer - 0.99.6-4 diff --git a/reged.8 b/reged.8 deleted file mode 100644 index 36ecff4..0000000 --- a/reged.8 +++ /dev/null @@ -1,120 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH REGED 8 "6th August 2014" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -reged \- utility to export/import and edit a Windows registry hives -.SH SYNOPSIS -.B reged -.RI [ options ] -.RI -x - -.B reged -.RI [ options ] -.RI -I - -.B reged -.RI [ options ] -.RI -e - - -.br -.SH DESCRIPTION -This manual page documents briefly the -.B reged -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. - -.PP -.B reged -is the an interactive command line utility that can be used to -export, import or edit a Microsoft Windows registry hive. - -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-x -Export parts of a hive file to a text registry (.reg) file. -Prefixstring indicates the part of the registry hive to dump (for example -HKEY_LOCAL_MACHINE\\SOFTWARE). The parameter defines the key to dump -(recursively). You can use \\ or \\\\ to list all the keys in the hive file. - -Only one hive file and one .reg file can be defined. - -.TP -.B \-I -Import the content of the input.reg file into the registry file. The value - can be any valid prefix, for example is -HKEY_LOCAL_MACHINE\\SOFTWARE. - -Only one .reg and one hive file supported at the same time - -.TP -.B \-e ... -Interactive edit one or more registry files. - -.TP -.B \-L -Log all changed filenames to /tmp/changed. When this option is set the -program automatically saves the changes in the hive files without prompting the -user. - -Be careful when using the \fB-L\fR option as a root user in a multiuser system. -The filename is fixed and this can be used by malicious users (dropping a -symlink with the same name) to overwrite system files. - - -.TP -.B \-C -Automatically save all changes. Do not prompt the user. - -.TP -.B \-N -Do not allocate more information, only allow the editing of existing values with same size. - -.TP -.B \-E -Do not expand the hive file (safe mode). - -.TP -.B \-t -Print debug information of allocated blocks. - -.TP -.B \-v -Print verbose information and debug messages. - -.SH KNOWN BUGS - -There are many \fBunknown\fR bugs. If you find bugs please report them to the author. - -.SH SEE ALSO -.B chntpwd, samusrgrp, sampasswd -.br -You will find more information available on how this program works, in the -text files -.IR /usr/share/doc/chntpw/README.txt -and -.IR /usr/share/doc/chntpw/MANUAL.txt - -.SH AUTHOR -This program was written by Petter N Hagen. - -This manual page was written by Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/sampasswd.8 b/sampasswd.8 deleted file mode 100644 index 78257c2..0000000 --- a/sampasswd.8 +++ /dev/null @@ -1,120 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH SAMPASSWD 8 "6th August 2014" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -sampasswd \- reset passwords of users in the SAM user database -.SH SYNOPSIS -.B sampasswd -.RI [ options ] -.RI -u user -.RI < samfile > -.br -.SH DESCRIPTION -This manual page documents briefly the -.B sampasswd -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. - -.PP -.B sampasswd -is a non-interactive command line utility that can reset a user's -password and/or the user's account bits from the SAM user database file of a -Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). -This file is usually located at -\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows -Operating System - -On success, the program does not output any informatin and the exit code is 0. - -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-r -Reset the user's password. -.TP -.B \-a -Reset all the users. If this option is used there is no need to specify the next option. -.TP -.B \-u -User to change. The user value can be provided as a username, or a RID number in -hexadecimal (if the username is preceded with '0x'). Usernames including -international characters will probably not work. -.TP -.B \-l -Lists the users in the SAM database. -.TP -.B \-H -Output human readable output. The program by default will print a parsable table unless -this option is used. -.TP -.B \-N -Do not allocate more information, only allow the editing of existing values with same size. -.TP -.B \-E -Do not expand the hive file (safe mode). -.TP -.B \-t -Print debug information of allocated blocks. -.TP -.B \-v -Print verbose information and debug messages. - -.SH EXAMPLES -.TP -.B sampasswd -r -u theboss -Reset the password of a user named 'theboss', if found. - -.TP -.B sampasswd -r -u 0x3ea -Reset the password of the user with RID '0x3a'. - -.TP -.B samusrgrp -r -a -Reset the password of all the users in the Administrator's group (0x220) - -.TP -.B samusrgrp -r -f -Reset the password of the administrative users with the lowest RID number. -This does not include the built-in administrator (0x1f4) unless no other -administrative user can be found in the database file. - - -.SH KNOWN BUGS - -If the username includes international (non-ASCII) characters the program -will not (usually) find it. Use the RID number instead. - -.SH SEE ALSO -.B chntpwd, reged, samusrgrp -.br -You will find more information available on how this program works, in the -text files -.IR /usr/share/doc/chntpw/README.txt -and -.IR /usr/share/doc/chntpw/MANUAL.txt - -More documentation is available at the upstream's author site: -.BR http://pogostick.net/~pnh/ntpasswd/ - -.SH AUTHOR -This program was written by Petter N Hagen. - -This manual page was written by Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/samusrgrp.8 b/samusrgrp.8 deleted file mode 100644 index 773448b..0000000 --- a/samusrgrp.8 +++ /dev/null @@ -1,130 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH SAMUSRGRP 8 "6th August 2014" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -samusrgrp \- add or remove users from groups in SAM database files -.SH SYNOPSIS -.B samusrgrp -.RI [ options ] -.RI < samfile > -.br -.SH DESCRIPTION -This manual page documents briefly the -.B samusrgrp -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. -.PP -.B samusrgrp -is a non-interactive command line utility that can add or remove -a user from a local group that exists in the SAM user database of a -Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). -This file is usually located at -\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows -Operating System - -On success, the program does not output any informatin and the exit code is 0. - -The binary program supports multiple names. If it is called named -.B samusrtogrp -it will assume \fB-a\fR mode (add user). If it is called named -.B samusrfromgrp -it will assume \fB-r\fR mode (remove user). - -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-a -The user is added to the group. This option has to be followed -by \-u and \-g . -.TP -.B \-r -The user is removed from the group. This option has to be followed -by \-u and \-g . -.TP -.B \-u -User to change. The user value can be provided as a username, or a RID number in -hexadecimal (if the username is preceded with '0x'). Usernames including -international characters will probably not work. -.TP -.B \-g -Group to change. The group can only be given as a group number, in hexadecimal, preceded with -with '0x'. -.TP -.B \-l -Lists the groups in the SAM database. -.TP -.B \-L -Lists the groups in the SAM database as well as their members. -.TP -.B \-s -Print the machine SID. -.TP -.B \-H -Output human readable output. The program by default will print a parsable table unless -this option is used. -.TP -.B \-N -Do not allocate more information, only allow the editing of existing values -with same size. -.TP -.B \-E -Do not expand the hive file (safe mode). -.TP -.B \-t -Print debug information of allocated blocks. -.TP -.B \-v -Print verbose information and debug messages. - -.SH EXAMPLES -.TP -.B samusrgrp -a -u theboss -g 0x220 SAMFILE -Adds a user named 'theboss' to the group 0x220 (Administrators) - -.TP -.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE -Adds a user with the id '0x3aa' to the group 0x221 (Users) - -.TP -.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE -Remove a user with the id '0x3ff' from the group 0x221 (Users) - -.SH KNOWN BUGS - -If the username includes international (non-ASCII) characters the program -will not (usually) find it. Use the RID number instead. - -.SH SEE ALSO -.B chntpwd, reged, sampasswd -.br -You will find more information available on how this program works, in the -text files -.IR /usr/share/doc/chntpw/README.txt -and -.IR /usr/share/doc/chntpw/MANUAL.txt - -More documentation is available at the upstream's author site: -.BR http://pogostick.net/~pnh/ntpasswd/ - -.SH AUTHOR -This program was written by Petter N Hagen. - -This manual page was written by Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/sources b/sources index e597fc8..954d9c8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (chntpw-source-140201.zip) = a26d747f6e077d1bb3e9b8077781f8c37dd978e07b7426495862f15c9004572b706c34736fc4d1ed8856b1a43335d726b4d87c688f7f9a11fd6cc3a74d71a7fa +09addfe7ae469677da39ed66d83858d3 chntpw-source-080526.zip