archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/gina/msgina/lockout.c

190 lines
5.0 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: lockout.c
  3. *
  4. * Copyright (c) 1991, Microsoft Corporation
  5. *
  6. * Implements account lockout support functions.
  7. *
  8. * History:
  9. * 05-27-92 Davidc Created.
  10. \***************************************************************************/
  12. #include "msgina.h"
  13. #pragma hdrstop
  16. #define INDEX_WRAP(i) ((i + LOCKOUT_BAD_LOGON_COUNT) % LOCKOUT_BAD_LOGON_COUNT)
  18. #define TERMSERV_EVENTSOURCE L"TermService"
  20. // Also defined in icaevent.mc
  21. #define EVENT_EXCEEDED_MAX_LOGON_ATTEMPTS 0x400003F4L
  24. /***************************************************************************\
  25. * FUNCTION: LockoutInitialize
  26. *
  27. * PURPOSE: Initializes any data used by lockout functions
  28. *
  29. * RETURNS: TRUE
  30. *
  31. * HISTORY:
  32. *
  33. * 05-27-92 Davidc Created.
  34. *
  35. \***************************************************************************/
  37. BOOL
  38. LockoutInitialize(
  39. PGLOBALS pGlobals
  40. )
  41. {
  42. PLOCKOUT_DATA pLockoutData = &pGlobals->LockoutData;
  44. pLockoutData->ConsecutiveFailedLogons = 0;
  45. pLockoutData->FailedLogonIndex = 0;
  47. return(TRUE);
  48. }
  51. /***************************************************************************\
  52. * FUNCTION: LockoutHandleFailedLogon
  53. *
  54. * PURPOSE: Implements account lockout restrictions if failed logons
  55. * have exceeded a limit frequency.
  56. * Account lockout is implemented by imposing an additional delay
  57. * in a failed logon when the various failed logon conditions are met.
  58. *
  59. * RETURNS: TRUE
  60. *
  61. * NOTES: This routine may not return for some time. (typically 30 seconds)
  62. *
  63. * HISTORY:
  64. *
  65. * 05-27-92 Davidc Created.
  66. *
  67. \***************************************************************************/
  69. BOOL
  70. LockoutHandleFailedLogon(
  71. PGLOBALS pGlobals
  72. )
  73. {
  74. PLOCKOUT_DATA pLockoutData = &pGlobals->LockoutData;
  75. ULONG Index = pLockoutData->FailedLogonIndex;
  77. //
  78. // Up our bad logon count
  79. //
  81. pLockoutData->ConsecutiveFailedLogons ++;
  83. //
  84. // See if we have reached our bad logon limit.
  85. //
  87. if (pLockoutData->ConsecutiveFailedLogons > LOCKOUT_BAD_LOGON_COUNT) {
  89. ULONG ElapsedSecondsFirstFailure;
  90. ULONG ElapsedSecondsNow;
  91. BOOLEAN Result;
  93. if ((NtCurrentPeb()->SessionId != 0) && (!IsActiveConsoleSession())) {
  94. //
  95. // Forcibly terminate the remote session is we exceed the maximum
  96. // allowed failed logon attempts
  97. //
  99. HANDLE hEventLogSource= RegisterEventSource(NULL,TERMSERV_EVENTSOURCE);
  100. if (hEventLogSource != NULL)
  101. {
  102. PWSTR Strings[ 1 ];
  103. Strings[0] = pGlobals->MuGlobals.ClientName;
  105. ReportEvent(hEventLogSource,
  106. EVENTLOG_INFORMATION_TYPE,
  107. 0,
  108. EVENT_EXCEEDED_MAX_LOGON_ATTEMPTS,
  109. NULL,
  110. 1,
  111. 0,
  112. Strings,
  113. NULL);
  115. DeregisterEventSource(hEventLogSource);
  116. }
  118. TerminateProcess( GetCurrentProcess(), 0 );
  119. }
  121. //
  122. // Limit the count so we don't have any wrap-round problems
  123. // (32-bits - that's a lot of failed logons I know)
  124. //
  126. pLockoutData->ConsecutiveFailedLogons = LOCKOUT_BAD_LOGON_COUNT + 1;
  128. //
  129. // If the first logon in our list occurred too recently, insert
  130. // the appropriate delay
  131. //
  133. Result = RtlTimeToSecondsSince1980(&pLockoutData->FailedLogonTimes[Index],
  134. &ElapsedSecondsFirstFailure);
  135. ASSERT(Result);
  137. Result = RtlTimeToSecondsSince1980(&pGlobals->LogonTime,
  138. &ElapsedSecondsNow);
  139. ASSERT(Result);
  142. if ((ElapsedSecondsNow - ElapsedSecondsFirstFailure) < LOCKOUT_BAD_LOGON_PERIOD) {
  144. SetupCursor(TRUE);
  146. Sleep(LOCKOUT_BAD_LOGON_DELAY * 1000);
  148. SetupCursor(FALSE);
  149. }
  150. }
  152. //
  153. // Add this failed logon to the array
  154. //
  156. pLockoutData->FailedLogonTimes[Index] = pGlobals->LogonTime;
  157. pLockoutData->FailedLogonIndex = INDEX_WRAP(pLockoutData->FailedLogonIndex+1);
  160. return(TRUE);
  161. }
  164. /***************************************************************************\
  165. * FUNCTION: LockoutHandleSuccessfulLogon
  166. *
  167. * PURPOSE: Resets account lockout statistics since a successful logon occurred.
  168. *
  169. * RETURNS: TRUE
  170. *
  171. * HISTORY:
  172. *
  173. * 05-27-92 Davidc Created.
  174. *
  175. \***************************************************************************/
  177. BOOL
  178. LockoutHandleSuccessfulLogon(
  179. PGLOBALS pGlobals
  180. )
  181. {
  182. //
  183. // Reset our bad logon count
  184. //
  186. pGlobals->LockoutData.ConsecutiveFailedLogons = 0;
  188. return(TRUE);
  189. }