[ekohl] 59628: [SAMLIB] SamSetInformationUser: Add password length checks. - Ros-diffs

3 Aug 2013

Author: ekohl
Date: Sat Aug  3 16:40:00 2013
New Revision: 59628
URL: http://svn.reactos.org/svn/reactos?rev=59628&view=rev
Log:
[SAMLIB]
SamSetInformationUser: Add password length checks.
Modified:
    trunk/reactos/dll/win32/samlib/samlib.c
Modified: trunk/reactos/dll/win32/samlib/samlib.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samlib/samlib.c?r...
==============================================================================

--- trunk/reactos/dll/win32/samlib/samlib.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samlib/samlib.c	[iso-8859-1] Sat Aug  3 16:40:00 2013
@@ -113,6 +113,42 @@
NTSTATUS
+SampCheckPassword(IN SAMPR_HANDLE UserHandle,
+                  IN PUNICODE_STRING Password)
+{
+    USER_DOMAIN_PASSWORD_INFORMATION DomainPasswordInformation;
+    ULONG PasswordLength;
+    NTSTATUS Status;
+
+    TRACE("(%p %p)\n", UserHandle, Password);
+
+    /* Get the domain password information */
+    Status = SamrGetUserDomainPasswordInformation(UserHandle,
+                                                  &DomainPasswordInformation);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("SamrGetUserDomainPasswordInformation failed (Status 0x%08lx)\n", Status);
+        return Status;
+    }
+
+    PasswordLength = (ULONG)(Password->Length / sizeof(WCHAR));
+
+    /* Fail if the password is too short or too long */
+    if ((PasswordLength < DomainPasswordInformation.MinPasswordLength) ||
+        (PasswordLength > 256))
+        return STATUS_PASSWORD_RESTRICTION;
+
+    /* Check the password complexity */
+    if (DomainPasswordInformation.PasswordProperties & DOMAIN_PASSWORD_COMPLEX)
+    {
+        /* FIXME */
+    }
+
+    return STATUS_SUCCESS;
+}
+
+
+NTSTATUS
 NTAPI
 SamAddMemberToAlias(IN SAM_HANDLE AliasHandle,
                     IN PSID MemberId)
@@ -1725,6 +1761,7 @@
 {
     PSAMPR_USER_SET_PASSWORD_INFORMATION PasswordBuffer;
     SAMPR_USER_INTERNAL1_INFORMATION Internal1Buffer;
+    PUSER_ALL_INFORMATION AllBuffer;
     OEM_STRING LmPwdString;
     CHAR LmPwdBuffer[15];
     NTSTATUS Status;
@@ -1735,6 +1772,14 @@
     if (UserInformationClass == UserSetPasswordInformation)
     {
         PasswordBuffer = (PSAMPR_USER_SET_PASSWORD_INFORMATION)Buffer;
+
+        Status = SampCheckPassword(UserHandle,
+                                   (PUNICODE_STRING)&PasswordBuffer->Password);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SampCheckPassword failed (Status 0x%08lx)\n", Status);
+            return Status;
+        }
/* Calculate the NT hash value of the passord */
         Status = SystemFunction007((PUNICODE_STRING)&PasswordBuffer->Password,
@@ -1784,6 +1829,21 @@
         {
             TRACE("SamrSetInformation() failed (Status 0x%08lx)\n", Status);
             return Status;
+        }
+    }
+    else if (UserInformationClass == UserAllInformation)
+    {
+        AllBuffer = (PUSER_ALL_INFORMATION)Buffer;
+
+        if (AllBuffer->WhichFields & (USER_ALL_LMPASSWORDPRESENT | USER_ALL_NTPASSWORDPRESENT))
+        {
+            Status = SampCheckPassword(UserHandle,
+                                       &AllBuffer->NtPassword);
+            if (!NT_SUCCESS(Status))
+            {
+                TRACE("SampCheckPassword failed (Status 0x%08lx)\n", Status);
+                return Status;
+            }
         }
     }

    