Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-06-10 20:34:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SAMSRV]

Browse source 
SamrChangePasswordUser:
- Check the MinPasswordAge before trying to change the password.
- Set the PasswordLastSet time if the password has been changed successfully.
- Set the BadPasswordCount and LastBadPasswordTime if the caller tried to set a bad password. 

svn path=/trunk/; revision=59560
This commit is contained in:
Eric Kohl 2013-07-22 21:27:33 +00:00
parent c26bb48e2d
commit c9c250aca3
1 changed files with 91 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

112
reactos/dll/win32/samsrv/samrpc.c
View file

@ -7475,9 +7475,15 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
PENCRYPTED_LM_OWF_PASSWORD NewLmPassword; PENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
PENCRYPTED_NT_OWF_PASSWORD OldNtPassword; PENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
PENCRYPTED_NT_OWF_PASSWORD NewNtPassword; PENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
BOOLEAN StoredLmPresent = FALSE;
BOOLEAN StoredNtPresent = FALSE;
BOOLEAN StoredLmEmpty = TRUE;
BOOLEAN StoredNtEmpty = TRUE;
PSAM_DB_OBJECT UserObject; PSAM_DB_OBJECT UserObject;
ULONG Length; ULONG Length;
SAM_USER_FIXED_DATA FixedUserData; SAM_USER_FIXED_DATA UserFixedData;
SAM_DOMAIN_FIXED_DATA DomainFixedData;
LARGE_INTEGER SystemTime;
NTSTATUS Status; NTSTATUS Status;
TRACE("(%p %u %p %p %u %p %p %u %p %u %p)\n", TRACE("(%p %u %p %p %u %p %p %u %p %u %p)\n",
@ -7496,6 +7502,14 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
return Status; return Status;
} }
/* Get the current time */
Status = NtQuerySystemTime(&SystemTime);
if (!NT_SUCCESS(Status))
{
TRACE("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
return Status;
}
/* Retrieve the LM password */ /* Retrieve the LM password */
Length = sizeof(ENCRYPTED_LM_OWF_PASSWORD); Length = sizeof(ENCRYPTED_LM_OWF_PASSWORD);
Status = SampGetObjectAttribute(UserObject, Status = SampGetObjectAttribute(UserObject,
@ -7503,9 +7517,16 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
NULL, NULL,
&StoredLmPassword, &StoredLmPassword,
&Length); &Length);
if (!NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
if (Length == sizeof(ENCRYPTED_LM_OWF_PASSWORD))
{
StoredLmPresent = TRUE;
if (!RtlEqualMemory(&StoredLmPassword,
&EmptyLmHash,
sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
StoredLmEmpty = FALSE;
}
} }
/* Retrieve the NT password */ /* Retrieve the NT password */
@ -7515,9 +7536,52 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
NULL, NULL,
&StoredNtPassword, &StoredNtPassword,
&Length); &Length);
if (NT_SUCCESS(Status))
{
if (Length == sizeof(ENCRYPTED_NT_OWF_PASSWORD))
{
StoredNtPresent = TRUE;
if (!RtlEqualMemory(&StoredNtPassword,
&EmptyNtHash,
sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
StoredNtEmpty = FALSE;
}
}
/* Retrieve the fixed size user data */
Length = sizeof(SAM_USER_FIXED_DATA);
Status = SampGetObjectAttribute(UserObject,
L"F",
NULL,
&UserFixedData,
&Length);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("SampGetObjectAttribute failed to retrieve the fixed user data (Status 0x%08lx)\n", Status);
return Status;
}
/* Check if we can change the password at this time */
if ((StoredNtEmpty == FALSE) || (StoredNtEmpty == FALSE))
{
/* Get fixed domain data */
Length = sizeof(SAM_DOMAIN_FIXED_DATA);
Status = SampGetObjectAttribute(UserObject->ParentObject,
L"F",
NULL,
&DomainFixedData,
&Length);
if (!NT_SUCCESS(Status))
{
TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status);
return Status;
}
if (DomainFixedData.MinPasswordAge.QuadPart > 0)
{
if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart))
return STATUS_ACCOUNT_RESTRICTION;
}
} }
/* FIXME: Decrypt passwords */ /* FIXME: Decrypt passwords */
@ -7588,28 +7652,34 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
LmPresent); LmPresent);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
/* Get the fixed size user data */ /* Update PasswordLastSet */
Length = sizeof(SAM_USER_FIXED_DATA); UserFixedData.PasswordLastSet.QuadPart = SystemTime.QuadPart;
Status = SampGetObjectAttribute(UserObject,
L"F",
NULL,
&FixedUserData,
&Length);
if (NT_SUCCESS(Status))
{
/* Update PasswordLastSet */
NtQuerySystemTime(&FixedUserData.PasswordLastSet);
/* Set the fixed size user data */ /* Set the fixed size user data */
Status = SampSetObjectAttribute(UserObject, Length = sizeof(SAM_USER_FIXED_DATA);
L"F", Status = SampSetObjectAttribute(UserObject,
REG_BINARY, L"F",
&FixedUserData, REG_BINARY,
Length); &UserFixedData,
} Length);
} }
} }
if (Status == STATUS_WRONG_PASSWORD)
{
/* Update BadPasswordCount and LastBadPasswordTime */
UserFixedData.BadPasswordCount++;
UserFixedData.LastBadPasswordTime.QuadPart = SystemTime.QuadPart;
/* Set the fixed size user data */
Length = sizeof(SAM_USER_FIXED_DATA);
Status = SampSetObjectAttribute(UserObject,
L"F",
REG_BINARY,
&UserFixedData,
Length);
}
return Status; return Status;
} }