+static
+VOID
+ApplyPasswordSettings(
+ _In_ HINF hSecurityInf,
+ _In_ PWSTR pszSectionName)
+{
+ INFCONTEXT InfContext;
+ DOMAIN_PASSWORD_INFORMATION PasswordInfo;
+ PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ LSA_HANDLE PolicyHandle = NULL;
+ SAM_HANDLE ServerHandle = NULL;
+ SAM_HANDLE DomainHandle = NULL;
+ INT nValue;
+ NTSTATUS Status;
+
+ DPRINT("ApplyPasswordSettings()\n");
+
+ memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+ ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
+
+ Status = LsaOpenPolicy(NULL,
+ &ObjectAttributes,
+ POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
+ &PolicyHandle);
+ if (Status != STATUS_SUCCESS)
+ {
+ DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
+ return;
+ }
+
+ Status = LsaQueryInformationPolicy(PolicyHandle,
+ PolicyAccountDomainInformation,
+ (PVOID *)&OrigInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamOpenDomain(ServerHandle,
+ DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
+ OrigInfo->DomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamQueryInformationDomain(DomainHandle,
+ DomainPasswordInformation,
+ (PVOID*)&PasswordInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart);
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"MaximumPasswordAge",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ DPRINT("Value: %ld\n", nValue);
+ if (nValue == -1)
+ {
+ PasswordInfo.MaxPasswordAge.QuadPart = 0x8000000000000000;
+ }
+ else if ((nValue >= 1) && (nValue < 1000))
+ {
+ PasswordInfo.MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
+ }
+ DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart);
+ }
+ }
+
+ DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart);
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"MinimumPasswordAge",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ DPRINT("Wert: %ld\n", nValue);
+ if ((nValue >= 0) && (nValue < 1000))
+ {
+ if (PasswordInfo.MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY)
+ PasswordInfo.MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
+ }
+ DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart);
+ }
+ }
+
+ DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo.MinPasswordLength);
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"MinimumPasswordLength",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ DPRINT("Value: %ld\n", nValue);
+ if ((nValue >= 0) && (nValue <= 65535))
+ {
+ PasswordInfo.MinPasswordLength = nValue;
+ }
+ DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo.MinPasswordLength);
+ }
+ }
+
+ DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo.PasswordHistoryLength);
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"PasswordHistorySize",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ DPRINT("Value: %ld\n", nValue);
+ if ((nValue >= 0) && (nValue <= 65535))
+ {
+ PasswordInfo.PasswordHistoryLength = nValue;
+ }
+ DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo.PasswordHistoryLength);
+ }
+ }
+
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"PasswordComplexity",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ if (nValue == 0)
+ {
+ PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX;
+ }
+ else
+ {
+ PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_COMPLEX;
+ }
+ }
+ }
+
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"ClearTextPassword",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ if (nValue == 0)
+ {
+ PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT;
+ }
+ else
+ {
+ PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT;
+ }
+ }
+ }
+
+ /* Windows ignores the RequireLogonToChangePassword option */
+
+ Status = SamSetInformationDomain(DomainHandle,
+ DomainPasswordInformation,
+ (PVOID*)&PasswordInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamCloseHandle(DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamCloseHandle(ServerHandle);
+
+ if (OrigInfo != NULL)
+ LsaFreeMemory(OrigInfo);
+
+ if (PolicyHandle != NULL)
+ LsaClose(PolicyHandle);
+}
+
+