Re: Password Filter
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/09/04
- Next message: Joe Richards [MVP]: "Re: objectSID"
- Previous message: Joe Richards [MVP]: "Re: REMOVAL OF ACTIVE DIRECTORY IN SERVER 2000"
- In reply to: Derek Melber [MVP]: "Password Filter"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 09 May 2004 15:40:24 -0400
The part of passfilt that is important to you is really a rather trivial piece
and has the info you are asking for and is in c....
cchPassword has the size of the password in characters.
dwUpper has the number of uppercase chars
dwLower has the number of lowercase chars
dwNum has the number of numbers and special chars though it would be trivial to
break that out.
The hard part would be passing in the values you want for those things assuming
you want it to be dynamic as it requires going off and reading something. I
would recommend trying to read once, storing in memory somewhere (caching it),
and then mostly using that, but then occasionally refressing your cache... Why?
Because of performance and you want to read occasionally in case someone updated
the values.
joe
BOOL
NTAPI
PasswordFilter(
PUNICODE_STRING UserName,
PUNICODE_STRING FullName,
PUNICODE_STRING Password,
BOOL SetOperation
)
/*++
Routine Description:
This (optional) routine is notified of a password change.
Arguments:
UserName - Name of user whose password changed
FullName - Full name of the user whose password changed
NewPassword - Cleartext new password for the user
SetOperation - TRUE if the password was SET rather than CHANGED
Return Value:
TRUE if the specified Password is suitable (complex, long, etc).
The system will continue to evaluate the password update request
through any other installed password change packages.
FALSE if the specified Password is unsuitable. The password change
on the specified account will fail.
--*/
{
BOOL bComplex = FALSE; // assume the password in not complex enough
DWORD cchPassword;
PWORD CharType;
DWORD i;
DWORD dwNum = 0;
DWORD dwUpper = 0;
DWORD dwLower = 0;
//
// check if the password is complex enough for our liking by
// checking that at least two of the four character types are
// present.
//
CharType = HeapAlloc(GetProcessHeap(), 0, Password->Length);
if(CharType == NULL) return FALSE;
cchPassword = Password->Length / sizeof(WCHAR);
if(GetStringTypeW(
CT_CTYPE1,
Password->Buffer,
cchPassword,
CharType
)) {
for(i = 0 ; i < cchPassword ; i++) {
//
// keep track of what type of characters we have encountered
//
if(CharType[i] & C1_DIGIT) {
dwNum = 1;
continue;
}
if(CharType[i] & C1_UPPER) {
dwUpper = 1;
continue;
}
if(CharType[i] & C1_LOWER) {
dwLower = 1;
continue;
}
if(!(CharType[i] & (C1_ALPHA | C1_DIGIT) )) {
//
// any other character types make the password complex
//
dwNum = 2;
break;
}
} // for
//
// Indicate whether we encountered enough password complexity
//
if( (dwNum + dwUpper + dwLower) >= 2 )
bComplex = TRUE;
ZeroMemory( CharType, Password->Length );
} // if
HeapFree(GetProcessHeap(), 0, CharType);
return bComplex;
}
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Derek Melber [MVP] wrote: > I am looking for a good location and example for a password filter file > for Windows Server 2003 or 2000 Active Directory. I have the > passfilt.dll code, but this is rather cumbersome. I just need the code > (preferably in C) to control the following: > > Min Password length > # of types of characters > > Thanks > > -- > Derek Melber > BrainCore.Net > derekm@braincore.net <mailto:derekm@braincore.net>
- Next message: Joe Richards [MVP]: "Re: objectSID"
- Previous message: Joe Richards [MVP]: "Re: REMOVAL OF ACTIVE DIRECTORY IN SERVER 2000"
- In reply to: Derek Melber [MVP]: "Password Filter"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
