archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/auth/lockkey.cpp

373 lines
9.4 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // lockkey.cpp
  8. //
  9. // SYNOPSIS
  10. //
  11. // Defines the class LockoutKey.
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 10/21/1998 Original version.
  16. // 11/04/1998 Fix bug in computing key expiration.
  17. // 01/14/1999 Move initialization code out of constructor.
  18. //
  19. ///////////////////////////////////////////////////////////////////////////////
  21. #include <ias.h>
  22. #include <lm.h>
  23. #include <lockkey.h>
  24. #include <yvals.h>
  26. //////////
  27. // Registry key and value names.
  28. //////////
  29. const WCHAR KEY_NAME_ACCOUNT_LOCKOUT[] = L"SYSTEM\\CurrentControlSet\\Services\\RemoteAccess\\Parameters\\AccountLockout";
  30. const WCHAR VALUE_NAME_LOCKOUT_COUNT[] = L"MaxDenials";
  31. const WCHAR VALUE_NAME_RESET_TIME[] = L"ResetTime (mins)";
  33. //////////
  34. // Registry value defaults.
  35. //////////
  36. const DWORD DEFAULT_LOCKOUT_COUNT = 0;
  37. const DWORD DEFAULT_RESET_TIME = 48 * 60; // 48 hours.
  39. /////////
  40. // Helper function that reads a DWORD registry value. If the value isn't set
  41. // or is corrupt, then a default value is written to the registry.
  42. /////////
  43. DWORD
  44. WINAPI
  45. RegQueryDWORDWithDefault(
  46. HKEY hKey,
  47. PCWSTR lpValueName,
  48. DWORD dwDefault
  49. )
  50. {
  51. LONG result;
  52. DWORD type, data, cb;
  54. cb = sizeof(DWORD);
  55. result = RegQueryValueExW(
  56. hKey,
  57. lpValueName,
  58. NULL,
  59. &type,
  60. (LPBYTE)&data,
  61. &cb
  62. );
  64. if (result == NO_ERROR && type == REG_DWORD && cb == sizeof(DWORD))
  65. {
  66. return data;
  67. }
  69. if (result == NO_ERROR || result == ERROR_FILE_NOT_FOUND)
  70. {
  71. RegSetValueExW(
  72. hKey,
  73. lpValueName,
  74. 0,
  75. REG_DWORD,
  76. (CONST BYTE*)&dwDefault,
  77. sizeof(DWORD)
  78. );
  79. }
  81. return dwDefault;
  82. }
  84. LockoutKey::LockoutKey() throw ()
  85. : maxDenials(DEFAULT_LOCKOUT_COUNT),
  86. refCount(0),
  87. hLockout(NULL),
  88. hChangeEvent(NULL),
  89. hRegisterWait(NULL),
  90. ttl(DEFAULT_RESET_TIME),
  91. lastCollection(0)
  92. { }
  94. void LockoutKey::initialize() throw ()
  95. {
  96. IASGlobalLockSentry sentry;
  98. if (refCount == 0)
  99. {
  100. // Create or open the lockout key.
  101. LONG result;
  102. DWORD disposition;
  103. result = RegCreateKeyEx(
  104. HKEY_LOCAL_MACHINE,
  105. KEY_NAME_ACCOUNT_LOCKOUT,
  106. NULL,
  107. NULL,
  108. REG_OPTION_NON_VOLATILE,
  109. KEY_ALL_ACCESS,
  110. NULL,
  111. &hLockout,
  112. &disposition
  113. );
  115. // Event used for signalling changes to the registry.
  116. hChangeEvent = CreateEventW(NULL, FALSE, FALSE, NULL);
  118. // Register for change notifications.
  119. RegNotifyChangeKeyValue(
  120. hLockout,
  121. FALSE,
  122. REG_NOTIFY_CHANGE_LAST_SET,
  123. hChangeEvent,
  124. TRUE
  125. );
  127. // Read the initial values.
  128. readValues();
  130. // Register the event.
  131. RegisterWaitForSingleObject(
  132. &hRegisterWait,
  133. hChangeEvent,
  134. onChange,
  135. this,
  136. INFINITE,
  137. 0
  138. );
  139. }
  141. ++refCount;
  142. }
  144. void LockoutKey::finalize() throw ()
  145. {
  146. IASGlobalLockSentry sentry;
  148. if (--refCount == 0)
  149. {
  150. UnregisterWait(hRegisterWait);
  152. if (hLockout) { RegCloseKey(hLockout); }
  154. CloseHandle(hChangeEvent);
  155. }
  156. }
  158. HKEY LockoutKey::createEntry(PCWSTR subKeyName) throw ()
  159. {
  160. HKEY hKey = NULL;
  161. DWORD disposition;
  162. RegCreateKeyEx(
  163. hLockout,
  164. subKeyName,
  165. NULL,
  166. NULL,
  167. REG_OPTION_NON_VOLATILE,
  168. KEY_ALL_ACCESS,
  169. NULL,
  170. &hKey,
  171. &disposition
  172. );
  174. // Whenever we grow the registry, we'll also clean up old entries.
  175. if (ttl) { collectGarbage(); }
  177. return hKey;
  178. }
  180. HKEY LockoutKey::openEntry(PCWSTR subKeyName) throw ()
  181. {
  182. LONG result;
  183. HKEY hKey = NULL;
  184. result = RegOpenKeyEx(
  185. hLockout,
  186. subKeyName,
  187. 0,
  188. KEY_ALL_ACCESS,
  189. &hKey
  190. );
  192. if (result == NO_ERROR && ttl)
  193. {
  194. // We retrieved a key, but we need to make sure it hasn't expired.
  195. ULARGE_INTEGER lastWritten;
  196. result = RegQueryInfoKey(
  197. hKey,
  198. NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
  199. (LPFILETIME)&lastWritten
  200. );
  201. if (result == NO_ERROR)
  202. {
  203. ULARGE_INTEGER now;
  204. GetSystemTimeAsFileTime((LPFILETIME)&now);
  206. if (now.QuadPart - lastWritten.QuadPart >= ttl)
  207. {
  208. // It's expired, so close the key ...
  209. RegCloseKey(hKey);
  210. hKey = NULL;
  212. // ... and delete.
  213. deleteEntry(subKeyName);
  214. }
  215. }
  216. }
  218. return hKey;
  219. }
  221. void LockoutKey::clear() throw ()
  222. {
  223. // Get the number of sub-keys.
  224. LONG result;
  225. DWORD index;
  226. result = RegQueryInfoKey(
  227. hLockout,
  228. NULL, NULL, NULL,
  229. &index,
  230. NULL, NULL, NULL, NULL, NULL, NULL, NULL
  231. );
  232. if (result != NO_ERROR) { return; }
  234. // Iterate through the keys in reverse order so we can delete them
  235. // without throwing off the indices.
  236. while (index)
  237. {
  238. --index;
  240. WCHAR name[DNLEN + UNLEN + 2];
  241. DWORD cbName = sizeof(name) / sizeof(WCHAR);
  242. result = RegEnumKeyEx(
  243. hLockout,
  244. index,
  245. name,
  246. &cbName,
  247. NULL,
  248. NULL,
  249. NULL,
  250. NULL
  251. );
  253. if (result == NO_ERROR) { RegDeleteKey(hLockout, name); }
  254. }
  255. }
  257. void LockoutKey::collectGarbage() throw ()
  258. {
  259. // Flag that indicates whether another thread is collecting.
  260. static LONG inProgress;
  262. // Save the TTL to a local variable, so we don't have to worry about it
  263. // changing will we're executing.
  264. ULONGLONG localTTL = ttl;
  266. // If the reset time is not configured, then bail.
  267. if (localTTL == 0) { return; }
  269. // We won't collect more frequently than the TTL.
  270. ULARGE_INTEGER now;
  271. GetSystemTimeAsFileTime((LPFILETIME)&now);
  272. if (now.QuadPart - lastCollection < localTTL) { return; }
  274. // If another thread is alreay collecting, then bail.
  275. if (InterlockedExchange(&inProgress, 1)) { return; }
  277. // Save the new collection time.
  278. lastCollection = now.QuadPart;
  280. // Get the number of sub-keys.
  281. LONG result;
  282. DWORD index;
  283. result = RegQueryInfoKey(
  284. hLockout,
  285. NULL, NULL, NULL,
  286. &index,
  287. NULL, NULL, NULL, NULL, NULL, NULL, NULL
  288. );
  289. if (result == NO_ERROR)
  290. {
  291. // We iterate through the keys in reverse order so we can delete them
  292. // without throwing off the indices.
  293. while (index)
  294. {
  295. --index;
  297. // Get the lastWritten time for the key ...
  298. WCHAR name[DNLEN + UNLEN + 2];
  299. DWORD cbName = sizeof(name) / sizeof(WCHAR);
  300. ULARGE_INTEGER lastWritten;
  301. result = RegEnumKeyEx(
  302. hLockout,
  303. index,
  304. name,
  305. &cbName,
  306. NULL,
  307. NULL,
  308. NULL,
  309. (LPFILETIME)&lastWritten
  310. );
  312. // ... and delete if it's expired.
  313. if (result == NO_ERROR &&
  314. now.QuadPart - lastWritten.QuadPart >= localTTL)
  315. {
  316. RegDeleteKey(hLockout, name);
  317. }
  318. }
  319. }
  321. // Collection is no longer in progress.
  322. InterlockedExchange(&inProgress, 0);
  323. }
  325. void LockoutKey::readValues() throw ()
  326. {
  327. /////////
  328. // Note: This isn't synchronized. The side-effects of an inconsistent state
  329. // are pretty minor, so we'll just take our chances.
  330. /////////
  332. // Read max. denials.
  333. maxDenials = RegQueryDWORDWithDefault(
  334. hLockout,
  335. VALUE_NAME_LOCKOUT_COUNT,
  336. DEFAULT_LOCKOUT_COUNT
  337. );
  339. // Read Time-To-Live.
  340. ULONGLONG newTTL = RegQueryDWORDWithDefault(
  341. hLockout,
  342. VALUE_NAME_RESET_TIME,
  343. DEFAULT_RESET_TIME
  344. );
  345. newTTL *= 600000000ui64;
  346. ttl = newTTL;
  348. if (maxDenials == 0)
  349. {
  350. // If account lockout is disabled, clean up all the keys.
  351. clear();
  352. }
  353. else
  354. {
  355. // Otherwise, the TTL may have changed, so collect garbage.
  356. collectGarbage();
  357. }
  358. }
  360. VOID NTAPI LockoutKey::onChange(PVOID context, BOOLEAN flag) throw ()
  361. {
  362. // Re-read the values.
  363. ((LockoutKey*)context)->readValues();
  365. // Re-register the notification.
  366. RegNotifyChangeKeyValue(
  367. ((LockoutKey*)context)->hLockout,
  368. FALSE,
  369. REG_NOTIFY_CHANGE_LAST_SET,
  370. ((LockoutKey*)context)->hChangeEvent,
  371. TRUE
  372. );
  373. }