Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-04 08:15:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SAMSRV]

Browse source 
SampSetUserPassword:
- Update the password history only if the new password hash is not the empty password hash.
- Set the empty LM or NT password hash if the password is not present in order to keep both password hashes synchronized.

svn path=/trunk/; revision=59087
This commit is contained in:
Eric Kohl 2013-05-27 12:48:59 +00:00
parent 8c5db4e1bf
commit 019335405c
1 changed files with 139 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

259
reactos/dll/win32/samsrv/user.c
View file

@ -397,79 +397,157 @@ SampSetUserPassword(IN PSAM_DB_OBJECT UserObject,
ULONG CurrentHistoryLength; ULONG CurrentHistoryLength;
ULONG MaxHistoryLength = 3; ULONG MaxHistoryLength = 3;
ULONG Length = 0; ULONG Length = 0;
BOOLEAN UseNtPassword;
BOOLEAN UseLmPassword;
NTSTATUS Status; NTSTATUS Status;
/* Get the size of the NT history */ UseNtPassword =
SampGetObjectAttribute(UserObject, ((memcmp(NtPassword, &EmptyNtHash, sizeof(ENCRYPTED_NT_OWF_PASSWORD)) != 0) &&
L"NTPwdHistory", (NtPasswordPresent != FALSE));
NULL,
NULL,
&Length);
CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD); UseLmPassword =
if (CurrentHistoryLength < MaxHistoryLength) ((memcmp(LmPassword, &EmptyLmHash, sizeof(ENCRYPTED_LM_OWF_PASSWORD)) != 0) &&
{ (LmPasswordPresent != FALSE));
NtHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
}
else
{
NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
}
/* Allocate the history buffer */ /* Update the NT password history only if we have a new non-empty NT password */
NtHistory = midl_user_allocate(NtHistoryLength); if (UseNtPassword)
if (NtHistory == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
if (Length > 0)
{ {
/* Get the history */ /* Get the size of the NT history */
Status = SampGetObjectAttribute(UserObject, SampGetObjectAttribute(UserObject,
L"NTPwdHistory",
NULL,
NULL,
&Length);
CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD);
if (CurrentHistoryLength < MaxHistoryLength)
{
NtHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
}
else
{
NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
}
/* Allocate the history buffer */
NtHistory = midl_user_allocate(NtHistoryLength);
if (NtHistory == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
if (Length > 0)
{
/* Get the history */
Status = SampGetObjectAttribute(UserObject,
L"NTPwdHistory",
NULL,
NtHistory,
&Length);
if (!NT_SUCCESS(Status))
goto done;
}
/* Move the old passwords down by one entry */
if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD))
{
MoveMemory(&(NtHistory[1]),
&(NtHistory[0]),
NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
/* Add the new password to the top of the history */
if (NtPasswordPresent)
{
CopyMemory(&(NtHistory[0]),
NtPassword,
sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
else
{
ZeroMemory(&(NtHistory[0]),
sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
/* Set the history */
Status = SampSetObjectAttribute(UserObject,
L"NTPwdHistory", L"NTPwdHistory",
NULL, REG_BINARY,
NtHistory, (PVOID)NtHistory,
&Length); NtHistoryLength);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
} }
/* Get the size of the LM history */ /* Update the LM password history only if we have a new non-empty LM password */
Length = 0; if (UseLmPassword)
SampGetObjectAttribute(UserObject,
L"LMPwdHistory",
NULL,
NULL,
&Length);
CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD);
if (CurrentHistoryLength < MaxHistoryLength)
{ {
LmHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_LM_OWF_PASSWORD); /* Get the size of the LM history */
} Length = 0;
else SampGetObjectAttribute(UserObject,
{ L"LMPwdHistory",
LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD); NULL,
} NULL,
&Length);
/* Allocate the history buffer */ CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD);
LmHistory = midl_user_allocate(LmHistoryLength); if (CurrentHistoryLength < MaxHistoryLength)
if (LmHistory == NULL) {
return STATUS_INSUFFICIENT_RESOURCES; LmHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_LM_OWF_PASSWORD);
}
else
{
LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD);
}
if (Length > 0) /* Allocate the history buffer */
{ LmHistory = midl_user_allocate(LmHistoryLength);
/* Get the history */ if (LmHistory == NULL)
Status = SampGetObjectAttribute(UserObject, return STATUS_INSUFFICIENT_RESOURCES;
if (Length > 0)
{
/* Get the history */
Status = SampGetObjectAttribute(UserObject,
L"LMPwdHistory",
NULL,
LmHistory,
&Length);
if (!NT_SUCCESS(Status))
goto done;
}
/* Move the old passwords down by one entry */
if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD))
{
MoveMemory(&(LmHistory[1]),
&(LmHistory[0]),
LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
/* Add the new password to the top of the history */
if (LmPasswordPresent)
{
CopyMemory(&(LmHistory[0]),
LmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
else
{
ZeroMemory(&(LmHistory[0]),
sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
/* Set the LM password history */
Status = SampSetObjectAttribute(UserObject,
L"LMPwdHistory", L"LMPwdHistory",
NULL, REG_BINARY,
LmHistory, (PVOID)LmHistory,
&Length); LmHistoryLength);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
} }
/* Set the new password */ /* Set the new NT password */
if (NtPasswordPresent) if (UseNtPassword)
{ {
Status = SampSetObjectAttribute(UserObject, Status = SampSetObjectAttribute(UserObject,
L"NTPwd", L"NTPwd",
@ -484,13 +562,14 @@ SampSetUserPassword(IN PSAM_DB_OBJECT UserObject,
Status = SampSetObjectAttribute(UserObject, Status = SampSetObjectAttribute(UserObject,
L"NTPwd", L"NTPwd",
REG_BINARY, REG_BINARY,
NULL, &EmptyNtHash,
0); sizeof(ENCRYPTED_NT_OWF_PASSWORD));
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
} }
if (LmPasswordPresent) /* Set the new LM password */
if (UseLmPassword)
{ {
Status = SampSetObjectAttribute(UserObject, Status = SampSetObjectAttribute(UserObject,
L"LMPwd", L"LMPwd",
@ -505,72 +584,12 @@ SampSetUserPassword(IN PSAM_DB_OBJECT UserObject,
Status = SampSetObjectAttribute(UserObject, Status = SampSetObjectAttribute(UserObject,
L"LMPwd", L"LMPwd",
REG_BINARY, REG_BINARY,
NULL, &EmptyLmHash,
0); sizeof(ENCRYPTED_LM_OWF_PASSWORD));
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
} }
/* Move the old passwords down by one entry */
if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD))
{
MoveMemory(&(NtHistory[1]),
&(NtHistory[0]),
NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
/* Add the new password on top of the history */
if (NtPasswordPresent)
{
CopyMemory(&(NtHistory[0]),
NtPassword,
sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
else
{
ZeroMemory(&(NtHistory[0]),
sizeof(ENCRYPTED_NT_OWF_PASSWORD));
}
/* Set the history */
Status = SampSetObjectAttribute(UserObject,
L"NTPwdHistory",
REG_BINARY,
(PVOID)NtHistory,
NtHistoryLength);
if (!NT_SUCCESS(Status))
goto done;
/* Move the old passwords down by one entry */
if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD))
{
MoveMemory(&(LmHistory[1]),
&(LmHistory[0]),
LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
/* Add the new password on top of the history */
if (LmPasswordPresent)
{
CopyMemory(&(LmHistory[0]),
LmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
else
{
ZeroMemory(&(LmHistory[0]),
sizeof(ENCRYPTED_LM_OWF_PASSWORD));
}
/* Set the LM password history */
Status = SampSetObjectAttribute(UserObject,
L"LMPwdHistory",
REG_BINARY,
(PVOID)LmHistory,
LmHistoryLength);
if (!NT_SUCCESS(Status))
goto done;
done: done:
if (NtHistory != NULL) if (NtHistory != NULL)
midl_user_free(NtHistory); midl_user_free(NtHistory);