27 May
2013
27 May
'13
12:49 p.m.
Author: ekohl
Date: Mon May 27 12:48:59 2013
New Revision: 59087
URL: http://svn.reactos.org/svn/reactos?rev=59087&view=rev
Log:
[SAMSRV]
SampSetUserPassword:
- Update the password history only if the new password hash is not the empty password
hash.
- Set the empty LM or NT password hash if the password is not present in order to keep
both password hashes synchronized.
Modified:
trunk/reactos/dll/win32/samsrv/user.c
Modified: trunk/reactos/dll/win32/samsrv/user.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/user.c?re…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/user.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/user.c [iso-8859-1] Mon May 27 12:48:59 2013
@@ -397,79 +397,157 @@
ULONG CurrentHistoryLength;
ULONG MaxHistoryLength = 3;
ULONG Length = 0;
+ BOOLEAN UseNtPassword;
+ BOOLEAN UseLmPassword;
NTSTATUS Status;
- /* Get the size of the NT history */
- SampGetObjectAttribute(UserObject,
- L"NTPwdHistory",
- NULL,
- NULL,
- &Length);
-
- CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD);
- if (CurrentHistoryLength < MaxHistoryLength)
- {
- NtHistoryLength = (CurrentHistoryLength + 1) *
sizeof(ENCRYPTED_NT_OWF_PASSWORD);
- }
- else
- {
- NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
- }
-
- /* Allocate the history buffer */
- NtHistory = midl_user_allocate(NtHistoryLength);
- if (NtHistory == NULL)
- return STATUS_INSUFFICIENT_RESOURCES;
-
- if (Length > 0)
- {
- /* Get the history */
- Status = SampGetObjectAttribute(UserObject,
+ UseNtPassword =
+ ((memcmp(NtPassword, &EmptyNtHash, sizeof(ENCRYPTED_NT_OWF_PASSWORD)) != 0)
&&
+ (NtPasswordPresent != FALSE));
+
+ UseLmPassword =
+ ((memcmp(LmPassword, &EmptyLmHash, sizeof(ENCRYPTED_LM_OWF_PASSWORD)) != 0)
&&
+ (LmPasswordPresent != FALSE));
+
+ /* Update the NT password history only if we have a new non-empty NT password */
+ if (UseNtPassword)
+ {
+ /* Get the size of the NT history */
+ SampGetObjectAttribute(UserObject,
+ L"NTPwdHistory",
+ NULL,
+ NULL,
+ &Length);
+
+ CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+ if (CurrentHistoryLength < MaxHistoryLength)
+ {
+ NtHistoryLength = (CurrentHistoryLength + 1) *
sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+ }
+ else
+ {
+ NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+ }
+
+ /* Allocate the history buffer */
+ NtHistory = midl_user_allocate(NtHistoryLength);
+ if (NtHistory == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ if (Length > 0)
+ {
+ /* Get the history */
+ Status = SampGetObjectAttribute(UserObject,
+ L"NTPwdHistory",
+ NULL,
+ NtHistory,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Move the old passwords down by one entry */
+ if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD))
+ {
+ MoveMemory(&(NtHistory[1]),
+ &(NtHistory[0]),
+ NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD));
+ }
+
+ /* Add the new password to the top of the history */
+ if (NtPasswordPresent)
+ {
+ CopyMemory(&(NtHistory[0]),
+ NtPassword,
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD));
+ }
+ else
+ {
+ ZeroMemory(&(NtHistory[0]),
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD));
+ }
+
+ /* Set the history */
+ Status = SampSetObjectAttribute(UserObject,
L"NTPwdHistory",
- NULL,
- NtHistory,
- &Length);
- if (!NT_SUCCESS(Status))
- goto done;
- }
-
- /* Get the size of the LM history */
- Length = 0;
- SampGetObjectAttribute(UserObject,
- L"LMPwdHistory",
- NULL,
- NULL,
- &Length);
-
- CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD);
- if (CurrentHistoryLength < MaxHistoryLength)
- {
- LmHistoryLength = (CurrentHistoryLength + 1) *
sizeof(ENCRYPTED_LM_OWF_PASSWORD);
- }
- else
- {
- LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD);
- }
-
- /* Allocate the history buffer */
- LmHistory = midl_user_allocate(LmHistoryLength);
- if (LmHistory == NULL)
- return STATUS_INSUFFICIENT_RESOURCES;
-
- if (Length > 0)
- {
- /* Get the history */
- Status = SampGetObjectAttribute(UserObject,
+ REG_BINARY,
+ (PVOID)NtHistory,
+ NtHistoryLength);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Update the LM password history only if we have a new non-empty LM password */
+ if (UseLmPassword)
+ {
+ /* Get the size of the LM history */
+ Length = 0;
+ SampGetObjectAttribute(UserObject,
+ L"LMPwdHistory",
+ NULL,
+ NULL,
+ &Length);
+
+ CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD);
+ if (CurrentHistoryLength < MaxHistoryLength)
+ {
+ LmHistoryLength = (CurrentHistoryLength + 1) *
sizeof(ENCRYPTED_LM_OWF_PASSWORD);
+ }
+ else
+ {
+ LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD);
+ }
+
+ /* Allocate the history buffer */
+ LmHistory = midl_user_allocate(LmHistoryLength);
+ if (LmHistory == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ if (Length > 0)
+ {
+ /* Get the history */
+ Status = SampGetObjectAttribute(UserObject,
+ L"LMPwdHistory",
+ NULL,
+ LmHistory,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Move the old passwords down by one entry */
+ if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD))
+ {
+ MoveMemory(&(LmHistory[1]),
+ &(LmHistory[0]),
+ LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ }
+
+ /* Add the new password to the top of the history */
+ if (LmPasswordPresent)
+ {
+ CopyMemory(&(LmHistory[0]),
+ LmPassword,
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ }
+ else
+ {
+ ZeroMemory(&(LmHistory[0]),
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ }
+
+ /* Set the LM password history */
+ Status = SampSetObjectAttribute(UserObject,
L"LMPwdHistory",
- NULL,
- LmHistory,
- &Length);
- if (!NT_SUCCESS(Status))
- goto done;
- }
-
- /* Set the new password */
- if (NtPasswordPresent)
+ REG_BINARY,
+ (PVOID)LmHistory,
+ LmHistoryLength);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Set the new NT password */
+ if (UseNtPassword)
{
Status = SampSetObjectAttribute(UserObject,
L"NTPwd",
@@ -484,13 +562,14 @@
Status = SampSetObjectAttribute(UserObject,
L"NTPwd",
REG_BINARY,
- NULL,
- 0);
- if (!NT_SUCCESS(Status))
- goto done;
- }
-
- if (LmPasswordPresent)
+ &EmptyNtHash,
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD));
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Set the new LM password */
+ if (UseLmPassword)
{
Status = SampSetObjectAttribute(UserObject,
L"LMPwd",
@@ -505,71 +584,11 @@
Status = SampSetObjectAttribute(UserObject,
L"LMPwd",
REG_BINARY,
- NULL,
- 0);
- if (!NT_SUCCESS(Status))
- goto done;
- }
-
- /* Move the old passwords down by one entry */
- if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD))
- {
- MoveMemory(&(NtHistory[1]),
- &(NtHistory[0]),
- NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD));
- }
-
- /* Add the new password on top of the history */
- if (NtPasswordPresent)
- {
- CopyMemory(&(NtHistory[0]),
- NtPassword,
- sizeof(ENCRYPTED_NT_OWF_PASSWORD));
- }
- else
- {
- ZeroMemory(&(NtHistory[0]),
- sizeof(ENCRYPTED_NT_OWF_PASSWORD));
- }
-
- /* Set the history */
- Status = SampSetObjectAttribute(UserObject,
- L"NTPwdHistory",
- REG_BINARY,
- (PVOID)NtHistory,
- NtHistoryLength);
- if (!NT_SUCCESS(Status))
- goto done;
-
- /* Move the old passwords down by one entry */
- if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD))
- {
- MoveMemory(&(LmHistory[1]),
- &(LmHistory[0]),
- LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD));
- }
-
- /* Add the new password on top of the history */
- if (LmPasswordPresent)
- {
- CopyMemory(&(LmHistory[0]),
- LmPassword,
- sizeof(ENCRYPTED_LM_OWF_PASSWORD));
- }
- else
- {
- ZeroMemory(&(LmHistory[0]),
- sizeof(ENCRYPTED_LM_OWF_PASSWORD));
- }
-
- /* Set the LM password history */
- Status = SampSetObjectAttribute(UserObject,
- L"LMPwdHistory",
- REG_BINARY,
- (PVOID)LmHistory,
- LmHistoryLength);
- if (!NT_SUCCESS(Status))
- goto done;
+ &EmptyLmHash,
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
done:
if (NtHistory != NULL)