Author: ekohl Date: Mon May 27 12:48:59 2013 New Revision: 59087
URL: http://svn.reactos.org/svn/reactos?rev=59087&view=rev Log: [SAMSRV] SampSetUserPassword: - Update the password history only if the new password hash is not the empty password hash. - Set the empty LM or NT password hash if the password is not present in order to keep both password hashes synchronized.
Modified: trunk/reactos/dll/win32/samsrv/user.c
Modified: trunk/reactos/dll/win32/samsrv/user.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/user.c?rev... ============================================================================== --- trunk/reactos/dll/win32/samsrv/user.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/user.c [iso-8859-1] Mon May 27 12:48:59 2013 @@ -397,79 +397,157 @@ ULONG CurrentHistoryLength; ULONG MaxHistoryLength = 3; ULONG Length = 0; + BOOLEAN UseNtPassword; + BOOLEAN UseLmPassword; NTSTATUS Status;
- /* Get the size of the NT history */ - SampGetObjectAttribute(UserObject, - L"NTPwdHistory", - NULL, - NULL, - &Length); - - CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD); - if (CurrentHistoryLength < MaxHistoryLength) - { - NtHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_NT_OWF_PASSWORD); - } - else - { - NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD); - } - - /* Allocate the history buffer */ - NtHistory = midl_user_allocate(NtHistoryLength); - if (NtHistory == NULL) - return STATUS_INSUFFICIENT_RESOURCES; - - if (Length > 0) - { - /* Get the history */ - Status = SampGetObjectAttribute(UserObject, + UseNtPassword = + ((memcmp(NtPassword, &EmptyNtHash, sizeof(ENCRYPTED_NT_OWF_PASSWORD)) != 0) && + (NtPasswordPresent != FALSE)); + + UseLmPassword = + ((memcmp(LmPassword, &EmptyLmHash, sizeof(ENCRYPTED_LM_OWF_PASSWORD)) != 0) && + (LmPasswordPresent != FALSE)); + + /* Update the NT password history only if we have a new non-empty NT password */ + if (UseNtPassword) + { + /* Get the size of the NT history */ + SampGetObjectAttribute(UserObject, + L"NTPwdHistory", + NULL, + NULL, + &Length); + + CurrentHistoryLength = Length / sizeof(ENCRYPTED_NT_OWF_PASSWORD); + if (CurrentHistoryLength < MaxHistoryLength) + { + NtHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_NT_OWF_PASSWORD); + } + else + { + NtHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_NT_OWF_PASSWORD); + } + + /* Allocate the history buffer */ + NtHistory = midl_user_allocate(NtHistoryLength); + if (NtHistory == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + if (Length > 0) + { + /* Get the history */ + Status = SampGetObjectAttribute(UserObject, + L"NTPwdHistory", + NULL, + NtHistory, + &Length); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Move the old passwords down by one entry */ + if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD)) + { + MoveMemory(&(NtHistory[1]), + &(NtHistory[0]), + NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD)); + } + + /* Add the new password to the top of the history */ + if (NtPasswordPresent) + { + CopyMemory(&(NtHistory[0]), + NtPassword, + sizeof(ENCRYPTED_NT_OWF_PASSWORD)); + } + else + { + ZeroMemory(&(NtHistory[0]), + sizeof(ENCRYPTED_NT_OWF_PASSWORD)); + } + + /* Set the history */ + Status = SampSetObjectAttribute(UserObject, L"NTPwdHistory", - NULL, - NtHistory, - &Length); - if (!NT_SUCCESS(Status)) - goto done; - } - - /* Get the size of the LM history */ - Length = 0; - SampGetObjectAttribute(UserObject, - L"LMPwdHistory", - NULL, - NULL, - &Length); - - CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD); - if (CurrentHistoryLength < MaxHistoryLength) - { - LmHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_LM_OWF_PASSWORD); - } - else - { - LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD); - } - - /* Allocate the history buffer */ - LmHistory = midl_user_allocate(LmHistoryLength); - if (LmHistory == NULL) - return STATUS_INSUFFICIENT_RESOURCES; - - if (Length > 0) - { - /* Get the history */ - Status = SampGetObjectAttribute(UserObject, + REG_BINARY, + (PVOID)NtHistory, + NtHistoryLength); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Update the LM password history only if we have a new non-empty LM password */ + if (UseLmPassword) + { + /* Get the size of the LM history */ + Length = 0; + SampGetObjectAttribute(UserObject, + L"LMPwdHistory", + NULL, + NULL, + &Length); + + CurrentHistoryLength = Length / sizeof(ENCRYPTED_LM_OWF_PASSWORD); + if (CurrentHistoryLength < MaxHistoryLength) + { + LmHistoryLength = (CurrentHistoryLength + 1) * sizeof(ENCRYPTED_LM_OWF_PASSWORD); + } + else + { + LmHistoryLength = MaxHistoryLength * sizeof(ENCRYPTED_LM_OWF_PASSWORD); + } + + /* Allocate the history buffer */ + LmHistory = midl_user_allocate(LmHistoryLength); + if (LmHistory == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + if (Length > 0) + { + /* Get the history */ + Status = SampGetObjectAttribute(UserObject, + L"LMPwdHistory", + NULL, + LmHistory, + &Length); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Move the old passwords down by one entry */ + if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD)) + { + MoveMemory(&(LmHistory[1]), + &(LmHistory[0]), + LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD)); + } + + /* Add the new password to the top of the history */ + if (LmPasswordPresent) + { + CopyMemory(&(LmHistory[0]), + LmPassword, + sizeof(ENCRYPTED_LM_OWF_PASSWORD)); + } + else + { + ZeroMemory(&(LmHistory[0]), + sizeof(ENCRYPTED_LM_OWF_PASSWORD)); + } + + /* Set the LM password history */ + Status = SampSetObjectAttribute(UserObject, L"LMPwdHistory", - NULL, - LmHistory, - &Length); - if (!NT_SUCCESS(Status)) - goto done; - } - - /* Set the new password */ - if (NtPasswordPresent) + REG_BINARY, + (PVOID)LmHistory, + LmHistoryLength); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Set the new NT password */ + if (UseNtPassword) { Status = SampSetObjectAttribute(UserObject, L"NTPwd", @@ -484,13 +562,14 @@ Status = SampSetObjectAttribute(UserObject, L"NTPwd", REG_BINARY, - NULL, - 0); - if (!NT_SUCCESS(Status)) - goto done; - } - - if (LmPasswordPresent) + &EmptyNtHash, + sizeof(ENCRYPTED_NT_OWF_PASSWORD)); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Set the new LM password */ + if (UseLmPassword) { Status = SampSetObjectAttribute(UserObject, L"LMPwd", @@ -505,71 +584,11 @@ Status = SampSetObjectAttribute(UserObject, L"LMPwd", REG_BINARY, - NULL, - 0); - if (!NT_SUCCESS(Status)) - goto done; - } - - /* Move the old passwords down by one entry */ - if (NtHistoryLength > sizeof(ENCRYPTED_NT_OWF_PASSWORD)) - { - MoveMemory(&(NtHistory[1]), - &(NtHistory[0]), - NtHistoryLength - sizeof(ENCRYPTED_NT_OWF_PASSWORD)); - } - - /* Add the new password on top of the history */ - if (NtPasswordPresent) - { - CopyMemory(&(NtHistory[0]), - NtPassword, - sizeof(ENCRYPTED_NT_OWF_PASSWORD)); - } - else - { - ZeroMemory(&(NtHistory[0]), - sizeof(ENCRYPTED_NT_OWF_PASSWORD)); - } - - /* Set the history */ - Status = SampSetObjectAttribute(UserObject, - L"NTPwdHistory", - REG_BINARY, - (PVOID)NtHistory, - NtHistoryLength); - if (!NT_SUCCESS(Status)) - goto done; - - /* Move the old passwords down by one entry */ - if (LmHistoryLength > sizeof(ENCRYPTED_LM_OWF_PASSWORD)) - { - MoveMemory(&(LmHistory[1]), - &(LmHistory[0]), - LmHistoryLength - sizeof(ENCRYPTED_LM_OWF_PASSWORD)); - } - - /* Add the new password on top of the history */ - if (LmPasswordPresent) - { - CopyMemory(&(LmHistory[0]), - LmPassword, - sizeof(ENCRYPTED_LM_OWF_PASSWORD)); - } - else - { - ZeroMemory(&(LmHistory[0]), - sizeof(ENCRYPTED_LM_OWF_PASSWORD)); - } - - /* Set the LM password history */ - Status = SampSetObjectAttribute(UserObject, - L"LMPwdHistory", - REG_BINARY, - (PVOID)LmHistory, - LmHistoryLength); - if (!NT_SUCCESS(Status)) - goto done; + &EmptyLmHash, + sizeof(ENCRYPTED_LM_OWF_PASSWORD)); + if (!NT_SUCCESS(Status)) + goto done; + }
done: if (NtHistory != NULL)