/*++ Copyright (c) 1994 Microsoft Corporation Module Name: password.c Abstract: functions to display & set the password policy for this workstation Author: Bob Watson (a-robw) Revision History: 23 Dec 94 --*/ #include #include #include #include #include #include #include #include #include #include #include #include "c2funcs.h" #include "c2funres.h" // define action codes here. They are only meaningful in the // context of this module. #define AC_PW_LENGTH_NOCHANGE 0 #define AC_PW_LENGTH_UPDATE 1 #define SECURE C2DLL_C2 static LONG GetWorkstationMinPasswordLength ( ) { SAM_HANDLE hsamObject; SAM_HANDLE hsamDomain; PSID psidDomain; SAM_ENUMERATE_HANDLE hSamEnum; PSAM_RID_ENUMERATION pRidEnum; PVOID pvEnumBuffer; ULONG ulEnumCount; LONG lRetPwLen = -1; // init to error value NTSTATUS ntstat; PDOMAIN_PASSWORD_INFORMATION pdpiData; SET_WAIT_CURSOR; // connect to SAM on this machine ntstat = SamConnect((PUNICODE_STRING)NULL, &hsamObject, SAM_SERVER_ALL_ACCESS, (POBJECT_ATTRIBUTES)NULL); if (ntstat == STATUS_SUCCESS) { // Ask SAM for the domains on this server. hSamEnum = 0; ntstat = SamEnumerateDomainsInSamServer( hsamObject, &hSamEnum, &pvEnumBuffer, 1024, &ulEnumCount); if ((ntstat == STATUS_SUCCESS) || (ntstat == STATUS_MORE_ENTRIES)) { // look up only the first entry pRidEnum = (PSAM_RID_ENUMERATION) pvEnumBuffer; // get SID of domain ntstat = SamLookupDomainInSamServer ( hsamObject, &pRidEnum->Name, &psidDomain); if (ntstat == STATUS_SUCCESS) { // open handle to this domain ntstat = SamOpenDomain ( hsamObject, DOMAIN_EXECUTE, psidDomain, &hsamDomain); if (ntstat == STATUS_SUCCESS) { // get password policy for this domain pdpiData = NULL; ntstat = SamQueryInformationDomain ( hsamDomain, DomainPasswordInformation, (PVOID *)&pdpiData); if (ntstat == STATUS_SUCCESS) { // evaluate password length here lRetPwLen = (LONG)pdpiData->MinPasswordLength; ntstat = SamFreeMemory (pdpiData); } // close handle SamCloseHandle (hsamDomain); } } SamFreeMemory(pvEnumBuffer); } SamCloseHandle (hsamObject); } else { lRetPwLen = -1; } SetLastError (RtlNtStatusToDosError(ntstat)); SET_ARROW_CURSOR; return lRetPwLen; } static BOOL SetWorkstationMinPasswordLength ( LONG lMinLength ) { SAM_HANDLE hsamObject; SAM_HANDLE hsamDomain; PSID psidDomain; SAM_ENUMERATE_HANDLE hSamEnum; PSAM_RID_ENUMERATION pRidEnum; PVOID pvEnumBuffer; ULONG ulEnumCount; BOOL bReturn = FALSE; // assume error until everything works NTSTATUS ntstat; PDOMAIN_PASSWORD_INFORMATION pdpiData; SET_WAIT_CURSOR; // connect to SAM on this machine if (EnableSecurityPriv()) { ntstat = SamConnect((PUNICODE_STRING)NULL, &hsamObject, STANDARD_RIGHTS_WRITE | SAM_SERVER_ALL_ACCESS, (POBJECT_ATTRIBUTES)NULL); if (ntstat == STATUS_SUCCESS) { // Ask SAM for the domains on this server. hSamEnum = 0; ntstat = SamEnumerateDomainsInSamServer( hsamObject, &hSamEnum, &pvEnumBuffer, 1024, &ulEnumCount); if ((ntstat == STATUS_SUCCESS) || (ntstat == STATUS_MORE_ENTRIES)) { // look up only the first entry pRidEnum = (PSAM_RID_ENUMERATION) pvEnumBuffer; // get SID of domain ntstat = SamLookupDomainInSamServer ( hsamObject, &pRidEnum->Name, &psidDomain); if (ntstat == STATUS_SUCCESS) { // open handle to this domain ntstat = SamOpenDomain ( hsamObject, STANDARD_RIGHTS_WRITE | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP | DOMAIN_WRITE_PASSWORD_PARAMS, psidDomain, &hsamDomain); if (ntstat == STATUS_SUCCESS) { // get password policy for this domain pdpiData = NULL; ntstat = SamQueryInformationDomain ( hsamDomain, DomainPasswordInformation, (PVOID *)&pdpiData); if (ntstat == STATUS_SUCCESS) { // evaluate password length here lMinLength &= 0x000000FF; // make it reallly short pdpiData->MinPasswordLength = (USHORT)lMinLength; ntstat = SamSetInformationDomain ( hsamDomain, DomainPasswordInformation, (PVOID)pdpiData); if (ntstat == STATUS_SUCCESS) { bReturn = TRUE; } ntstat = SamFreeMemory (pdpiData); } // close handle SamCloseHandle (hsamDomain); } } SamFreeMemory(pvEnumBuffer); } SamCloseHandle (hsamObject); } SetLastError (RtlNtStatusToDosError(ntstat)); } SET_ARROW_CURSOR; return bReturn; } BOOL CALLBACK C2PasswordLengthDlgProc( IN HWND hDlg, // window handle of the dialog box IN UINT message, // type of message IN WPARAM wParam, IN LPARAM lParam ) /*++ Routine Description: Window procedure for Password Length Dialog Box Arguments: Standard DlgProc arguments ReturnValue: TRUE the message was handled by this routine FALSE DefDialogProc should handle the message --*/ { static PLONG plNewLength; // save address of caller's data block DWORD dwLogSetting = 0; int nButton; int nState; LONG lPasswordLength; TCHAR szPasswordLength[4]; switch (message) { case WM_INITDIALOG: // save the pointer to the new value plNewLength = (PLONG)lParam; // set the correct radio button lPasswordLength = GetWorkstationMinPasswordLength(); if (lPasswordLength > 0) { nButton = IDC_MIN_PASSWORD_LENGTH; EnableWindow (GetDlgItem(hDlg, IDC_PASSWORD_LENGTH_EDIT), TRUE); _stprintf (szPasswordLength, TEXT("%2d"), lPasswordLength); SetDlgItemText (hDlg, IDC_PASSWORD_LENGTH_EDIT, szPasswordLength); } else { nButton = IDC_ALLOW_BLANK_PASSWORD; EnableWindow (GetDlgItem(hDlg, IDC_PASSWORD_LENGTH_EDIT), FALSE); } CheckRadioButton (hDlg, IDC_ALLOW_BLANK_PASSWORD, IDC_MIN_PASSWORD_LENGTH, nButton); // set text limits on edit boxes SendDlgItemMessage (hDlg, IDC_PASSWORD_LENGTH_EDIT, EM_LIMITTEXT, (WPARAM)2, 0); SetFocus (GetDlgItem (hDlg, IDOK)); // set focus to OK Button return FALSE; // we don't want Windows to set the focus case WM_COMMAND: switch (LOWORD(wParam)){ case IDOK: if (HIWORD(wParam) == BN_CLICKED) { if (IsDlgButtonChecked (hDlg, IDC_ALLOW_BLANK_PASSWORD) == CHECKED) { *plNewLength = 0; EndDialog (hDlg, (int)LOWORD(wParam)); } else { GetDlgItemText (hDlg, IDC_PASSWORD_LENGTH_EDIT, szPasswordLength, 4); lPasswordLength = _tcstol(szPasswordLength, NULL, 10); // make sure it's a valid length if ((lPasswordLength > 0) && (lPasswordLength <= 14)) { *plNewLength = lPasswordLength; // then there's text so exit EndDialog (hDlg, (int)LOWORD(wParam)); } else { // an incorrect entry is in the edit box so display message MessageBeep (MB_ICONASTERISK); DisplayDllMessageBox (hDlg, IDS_PASSWORD_INVALID_LEN, IDS_PASSWORD_CAPTION, MBOK_INFO); SetFocus (GetDlgItem (hDlg, IDC_PASSWORD_LENGTH_EDIT)); } } return TRUE; } else { return FALSE; } case IDCANCEL: if (HIWORD(wParam) == BN_CLICKED) { // exit and return button that caused exit EndDialog (hDlg, (int)LOWORD(wParam)); return TRUE; } else { return FALSE; } case IDC_C2: if (HIWORD(wParam) == BN_CLICKED) { nState = ENABLED; CheckRadioButton (hDlg, IDC_ALLOW_BLANK_PASSWORD, IDC_MIN_PASSWORD_LENGTH, IDC_MIN_PASSWORD_LENGTH); // en/disable edit windows EnableWindow (GetDlgItem(hDlg, IDC_PASSWORD_LENGTH_EDIT), TRUE); // if there is no text in both of the edit fields // then display information message lPasswordLength = SendDlgItemMessage (hDlg, IDC_PASSWORD_LENGTH_EDIT, WM_GETTEXTLENGTH, 0, 0); if (lPasswordLength == 0) { // no value so use 6 for starters SetDlgItemText (hDlg, IDC_PASSWORD_LENGTH_EDIT, TEXT("6")); SetFocus (GetDlgItem (hDlg, IDC_PASSWORD_LENGTH_EDIT)); } return TRUE; } else { return FALSE; } case IDC_ALLOW_BLANK_PASSWORD: case IDC_MIN_PASSWORD_LENGTH: // check correct button CheckRadioButton (hDlg, IDC_ALLOW_BLANK_PASSWORD, IDC_MIN_PASSWORD_LENGTH, LOWORD(wParam)); // enable or disable the edit window if (LOWORD(wParam) == IDC_MIN_PASSWORD_LENGTH) { nState = ENABLED; } else { nState = DISABLED; } EnableWindow (GetDlgItem(hDlg, IDC_PASSWORD_LENGTH_EDIT), nState); return TRUE; case IDC_HELP: PostMessage (GetParent(hDlg), UM_SHOW_CONTEXT_HELP, 0, 0); return TRUE; default: return FALSE; } default: return (FALSE); // Didn't process the message } } LONG C2QueryPasswordLength ( IN LPARAM lParam ) /*++ Routine Description: Function called to find out the current state of this configuration item. This function reads the current state of the item and sets the C2 Compliance flag and the Status string to reflect the current value of the configuration item. Arguments: Pointer to the Dll data block passed as an LPARAM. ReturnValue: ERROR_SUCCESS if the function succeeds otherwise a WIN32 error is returned if an error occurs --*/ { PC2DLL_DATA pC2Data; LONG lPasswordLength; if (lParam != 0) { pC2Data = (PC2DLL_DATA)lParam; lPasswordLength = GetWorkstationMinPasswordLength(); if (lPasswordLength > 0) { pC2Data->lC2Compliance = SECURE; _stprintf (pC2Data->szStatusName, GetStringResource (GetDllInstance(), IDS_PASSWORD_NOT_BLANK), lPasswordLength); } else if (lPasswordLength == 0) { pC2Data->lC2Compliance = C2DLL_NOT_SECURE; _stprintf (pC2Data->szStatusName, GetStringResource (GetDllInstance(), IDS_PASSWORD_CAN_BE_BLANK)); } else { pC2Data->lC2Compliance = C2DLL_NOT_SECURE; _stprintf (pC2Data->szStatusName, GetStringResource (GetDllInstance(), IDS_UNABLE_READ)); } } else { return ERROR_BAD_ARGUMENTS; } return ERROR_SUCCESS; } LONG C2SetPasswordLength ( IN LPARAM lParam ) /*++ Routine Description: Function called to change the current state of this configuration item based on an action code passed in the DLL data block. If this function successfully sets the state of the configuration item, then the C2 Compliance flag and the Status string to reflect the new value of the configuration item. Arguments: Pointer to the Dll data block passed as an LPARAM. ReturnValue: ERROR_SUCCESS if the function succeeds otherwise a WIN32 error is returned if an error occurs --*/ { PC2DLL_DATA pC2Data; LONG lPasswordLength = 0; if (lParam != 0) { pC2Data = (PC2DLL_DATA)lParam; if (pC2Data->lActionCode == AC_PW_LENGTH_UPDATE) { if (SetWorkstationMinPasswordLength (pC2Data->lActionValue)) { lPasswordLength = pC2Data->lActionValue; if (lPasswordLength > 0) { pC2Data->lC2Compliance = SECURE; _stprintf (pC2Data->szStatusName, GetStringResource (GetDllInstance(), IDS_PASSWORD_NOT_BLANK), lPasswordLength); } else { pC2Data->lC2Compliance = C2DLL_NOT_SECURE; _stprintf (pC2Data->szStatusName, GetStringResource (GetDllInstance(), IDS_PASSWORD_CAN_BE_BLANK)); } } else { DisplayDllMessageBox ( pC2Data->hWnd, IDS_PASSWORD_ERROR_NO_SET, IDS_PASSWORD_CAPTION, MBOK_EXCLAIM); } pC2Data->lActionCode = 0; pC2Data->lActionValue = 0; } } else { return ERROR_BAD_ARGUMENTS; } return ERROR_SUCCESS; } LONG C2DisplayPasswordLength ( IN LPARAM lParam ) /*++ Routine Description: Function called to display more information on the configuration item and provide the user with the option to change the current setting (if appropriate). If the User "OK's" out of the UI, then the action code field in the DLL data block is set to the appropriate (and configuration item-specific) action code so the "Set" function can be called to perform the desired action. If the user Cancels out of the UI, then the Action code field is set to 0 (no action) and no action is performed. Arguments: Pointer to the Dll data block passed as an LPARAM. ReturnValue: ERROR_SUCCESS if the function succeeds otherwise a WIN32 error is returned if an error occurs --*/ { PC2DLL_DATA pC2Data; LONG lNewValue = 0; if (lParam != 0) { pC2Data = (PC2DLL_DATA)lParam; if (DialogBoxParam ( GetDllInstance(), MAKEINTRESOURCE (IDD_PASSWORD_LENGTH), pC2Data->hWnd, C2PasswordLengthDlgProc, (LPARAM)&lNewValue) == IDOK) { pC2Data->lActionValue = lNewValue; pC2Data->lActionCode = AC_PW_LENGTH_UPDATE; } else { // no action pC2Data->lActionCode = AC_PW_LENGTH_NOCHANGE; } } else { return ERROR_BAD_ARGUMENTS; } return ERROR_SUCCESS; }