Windows: How to get full users' accounts - c++

Is there any way to get users' system account? I want to make authorisation in my prog with Windows account. Trying to use Active Directory, but it only helps with names and other information, but what about passwords? I understand that I can't get passwords in free access, and I don't need this. But is there any way just to compare input string with real user's windows password?
Or is there any other way to embed authorisation into my program with windows users' accounts?

You may start with NetUserEnum, and with NetQueryDisplayInformation.
There is no way to determine password of a user.
You may use LogonUser API to authenticate users based on password they'd give on your logon window. You should not keep the password after this API succeeds - that's a breach of safety.
Use CredUIPromptForCredentials for asking the user credentials.

The easiest way is to observe that you are in fact running in a login session for the current user, so he does know his password. From there on, Windows will handle all authorisations automatically.

Related

How should I store sensitive user data to an aws cognito attibute

I have a web app that asks the user to enter a password for a third party service in order to connect to it. Ideally we would remember this password in order to avoid asking the user for the password on every login. Obviously, I do not want any access to the actual values of these passwords.
What is the best solution for this behaviour. Is this just simply a big no-no. Seems like there is probably a simple solution to this that I am just not aware of. I am considering using aws cognito for my user auth btw

Django Login form Using AD

I'm trying to create an App which has a log in page where user should be authenticated using azure AD. Basically the App has a log in form where user puts his id and password from ad and django should check with ad and allow him in or not. Later on ofc would like to add permission depending on AD group.
So far I searched a lot on the internet and found nothing. Could you guys help with some example or link to documentation what I could use.
First of all, I'd like to suggest that you don't do that.
What you are asking for is ROPC flow: https://joonasw.net/view/ropc-grant-flow-in-azure-ad.
Usage of this flow is not recommended unless this is for migrating a legacy application (which is the original purpose of ROPC).
It also won't work if the user has MFA, an expired password etc.
There is usually no reason why you'd want to handle user passwords when using a federated identity provider.

Allowing user to skip multi-factor authentication for 30 days from a device

I've inherited an app at my company (ReactJS/Django), and they've asked me to implement multi-factor authentication. I've got it wired up with django-mfa, and the authentication works great. Now, they've requested that if a user logs in with MFA, they will not be asked for MFA again on THAT device for 30 days.
At first, I thought no problem. You can do it with a cookie or whatever as you would any persistent session, and instead of using that to keep the user logged in, you can use it to determine whether or not to ask for MFA verification.
The obvious oversight I made in my haste is that theoretically you could have multiple users logged in to that same device. User A could log in with MFA. If you store a cookie with session information that allows User A to skip MFA, what happens when User B logs in?
I don't really know any obvious way around this. Is there a straight-forward or conventional way to manage multiple user sessions in a browser, or an alternative approach to this problem I'm missing?

Password Information

I want to get the various user account passwords which are stored in my computer programatically using Visual C++. Are there any APIs to help me do this?
There is no way to retrieve windows passwords nor passwords to most other programs via Win32 APIs.
For Windows passwords you typically have to ask the user to enter their username/password and verify it, all by using LogonUser.
For other programs they are usually stored on disk encrypted by the host application.
This is most definitely not allowed on Windows.
Consider the consequences of letting any given program obtain passwords. That would mean that programs like Solitaire would be able to get your password and use it in any number of nefarious ways. Worse, the program could use the password to access other machines in resources.
In short, it would throw security out the window
No. That would be a security hole. See this article.
It depends what passwords are you trying to get?
Some passwords can not be retrieved, like the Windows login passwords. Some other password are stored (plain or encrypted) somewhere in the disk or registry, depending on how the application stores them.
The Win32 API CredEnumerate, for example, can give you the user credentials (login and password) for some of the applications (Internet explorer passwords, ... etc).
You can only recover the hashed password, not the password itself.
I have no personal experience with this but I was once told that there are utilities out there (usually found on .ru sites ;)) that will do this sort of job for you. And that it's appalling to see how this happens, makes you paranoid. I can't however suggest a particular tool for doing this, but would like to oppose to all those that keep saying it's not possible.

Impersonating users to access hives - various methods, what are the practical issues?

I am designing a Service to run under LocalSystem account on Win2000, XP and Vista. It will need access to users registry hives, sometimes for extended periods of time, both when the users are logged-in, and also, when they are not logged-in (IF the profile is local. If the profile is Roaming and not loaded, I will not attempt to load it.)
If the user is logged-on, I can get the Users access token by various means (E.g. from its Explorer process, or by receiving Logon events from the Service Control Manager) then use ImpersonateLoggedOnUser and RegOpenCurrentUser to access the User's hive. However, what are the implications if the User selects LogOff from the start menu while I am impersonating and have his hive open? Will the logoff be prevented? Will my impersonation be terminated?
If the user is not logged on, I can use RegLoadKey to directly open the hive NTUSER.DAT. (Impossible for a logged-on user). But what are the implications of this if the user decides to log-on (I suppose the hive will be locked and the logon either prevented, or may experience difficulty?)
I will be setting up some test projects to explore these ideas however, regardless of their apparent results, these questions are theoretical in terms of what type of problems might, or would, be caused by the user loggin in/out during these actions by the service.
Caveat: ImpersonateLoggedOnUser can ONLY be used either for a logged-on user (token obtained from process or SCM event) OR for a user for which I have the plaintext password to call WinLogon and obtain a token - TRUE / FALSE ? In other words although I have maximum permissions as LocalSystem and am able to change the user's password or even delete the user's account, if the user is not logged-on, it is totally impossible to create a new token to impersonate the user without having the the password?
Apparently, there is some risk of damaging a user's profile if it is already loaded by another process when the user logs in. In that case, the system will try to create a new subdirectory for the user.