mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 01:55:19 +00:00
[SYSSETUP][INF] Add lockout setup to the security profile
This commit is contained in:
parent
83f3bd8bd6
commit
c0caa5c0ae
3 changed files with 153 additions and 0 deletions
|
@ -19,6 +19,7 @@
|
|||
#include <debug.h>
|
||||
|
||||
#define TICKS_PER_DAY -864000000000LL
|
||||
#define TICKS_PER_SECOND -600000000LL
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
|
@ -962,6 +963,145 @@ done:
|
|||
}
|
||||
|
||||
|
||||
static
|
||||
VOID
|
||||
ApplyLockoutSettings(
|
||||
_In_ HINF hSecurityInf,
|
||||
_In_ PWSTR pszSectionName)
|
||||
{
|
||||
INFCONTEXT InfContext;
|
||||
DOMAIN_LOCKOUT_INFORMATION LockoutInfo;
|
||||
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
|
||||
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
LSA_HANDLE PolicyHandle = NULL;
|
||||
SAM_HANDLE ServerHandle = NULL;
|
||||
SAM_HANDLE DomainHandle = NULL;
|
||||
INT nValue;
|
||||
NTSTATUS Status;
|
||||
|
||||
DPRINT("ApplyLockoutSettings()\n");
|
||||
|
||||
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
|
||||
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
|
||||
|
||||
Status = LsaOpenPolicy(NULL,
|
||||
&ObjectAttributes,
|
||||
POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
|
||||
&PolicyHandle);
|
||||
if (Status != STATUS_SUCCESS)
|
||||
{
|
||||
DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
|
||||
return;
|
||||
}
|
||||
|
||||
Status = LsaQueryInformationPolicy(PolicyHandle,
|
||||
PolicyAccountDomainInformation,
|
||||
(PVOID *)&OrigInfo);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
Status = SamConnect(NULL,
|
||||
&ServerHandle,
|
||||
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
Status = SamOpenDomain(ServerHandle,
|
||||
DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
|
||||
OrigInfo->DomainSid,
|
||||
&DomainHandle);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
Status = SamQueryInformationDomain(DomainHandle,
|
||||
DomainLockoutInformation,
|
||||
(PVOID*)&LockoutInfo);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (SetupFindFirstLineW(hSecurityInf,
|
||||
pszSectionName,
|
||||
L"LockoutBadCount",
|
||||
&InfContext))
|
||||
{
|
||||
if (SetupGetIntField(&InfContext, 1, &nValue))
|
||||
{
|
||||
if (nValue >= 0)
|
||||
{
|
||||
LockoutInfo.LockoutThreshold = nValue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (SetupFindFirstLineW(hSecurityInf,
|
||||
pszSectionName,
|
||||
L"ResetLockoutCount",
|
||||
&InfContext))
|
||||
{
|
||||
if (SetupGetIntField(&InfContext, 1, &nValue))
|
||||
{
|
||||
if (nValue >= 0)
|
||||
{
|
||||
LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (SetupFindFirstLineW(hSecurityInf,
|
||||
pszSectionName,
|
||||
L"LockoutDuration",
|
||||
&InfContext))
|
||||
{
|
||||
if (SetupGetIntField(&InfContext, 1, &nValue))
|
||||
{
|
||||
if (nValue == -1)
|
||||
{
|
||||
LockoutInfo.LockoutDuration.QuadPart = 0x8000000000000000LL;
|
||||
}
|
||||
else if ((nValue >= 0) && (nValue < 100000))
|
||||
{
|
||||
LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Status = SamSetInformationDomain(DomainHandle,
|
||||
DomainLockoutInformation,
|
||||
(PVOID*)&LockoutInfo);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
if (DomainHandle != NULL)
|
||||
SamCloseHandle(DomainHandle);
|
||||
|
||||
if (ServerHandle != NULL)
|
||||
SamCloseHandle(ServerHandle);
|
||||
|
||||
if (OrigInfo != NULL)
|
||||
LsaFreeMemory(OrigInfo);
|
||||
|
||||
if (PolicyHandle != NULL)
|
||||
LsaClose(PolicyHandle);
|
||||
}
|
||||
|
||||
|
||||
static
|
||||
VOID
|
||||
ApplyAuditEvents(
|
||||
|
@ -1129,6 +1269,7 @@ InstallSecurity(VOID)
|
|||
ApplyEventlogSettings(hSecurityInf, L"System Log", L"System");
|
||||
|
||||
ApplyPasswordSettings(hSecurityInf, L"System Access");
|
||||
ApplyLockoutSettings(hSecurityInf, L"System Access");
|
||||
|
||||
ApplyAuditEvents(hSecurityInf);
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
Signature = "$Windows NT$"
|
||||
|
||||
[System Access]
|
||||
; Password Options
|
||||
MinimumPasswordAge = 0
|
||||
MaximumPasswordAge = 42
|
||||
MinimumPasswordLength = 0
|
||||
|
@ -13,6 +14,11 @@ PasswordHistorySize = 0
|
|||
RequireLogonToChangePassword = 0
|
||||
ClearTextPassword = 0
|
||||
|
||||
; Lockout Options
|
||||
LockoutBadCount = 0
|
||||
;ResetLockoutCount = 30
|
||||
;LockoutDuration = 30
|
||||
|
||||
[Application Log]
|
||||
MaximumLogSize = 16384
|
||||
AuditLogRetentionPeriod = 0
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
Signature = "$Windows NT$"
|
||||
|
||||
[System Access]
|
||||
; Password Options
|
||||
MinimumPasswordAge = 0
|
||||
MaximumPasswordAge = 42
|
||||
MinimumPasswordLength = 0
|
||||
|
@ -13,6 +14,11 @@ PasswordHistorySize = 0
|
|||
RequireLogonToChangePassword = 0
|
||||
ClearTextPassword = 0
|
||||
|
||||
; Lockout Options
|
||||
LockoutBadCount = 0
|
||||
;ResetLockoutCount = 30
|
||||
;LockoutDuration = 30
|
||||
|
||||
[Application Log]
|
||||
MaximumLogSize = 512
|
||||
AuditLogRetentionPeriod = 1
|
||||
|
|
Loading…
Reference in a new issue