Skip to content

Instantly share code, notes, and snippets.

@UserExistsError
Created November 3, 2018 22:50
Show Gist options
  • Save UserExistsError/a1160b3d527092ce71396f2001860817 to your computer and use it in GitHub Desktop.
Save UserExistsError/a1160b3d527092ce71396f2001860817 to your computer and use it in GitHub Desktop.
#include <Windows.h>
#include <ntsecapi.h>
#include <ntstatus.h>
/*
Documentation
https://docs.microsoft.com/en-us/windows/desktop/SecMgmt/management-functions#password-filter-functions
*/
extern "C" __declspec(dllexport)
BOOLEAN WINAPI InitializeChangeNotify()
/* https://docs.microsoft.com/en-us/windows/desktop/api/Ntsecapi/nc-ntsecapi-psam_init_notification_routine */
{
return TRUE;
}
extern "C" __declspec(dllexport)
NTSTATUS WINAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING NewPassword)
/* https://docs.microsoft.com/en-us/windows/desktop/api/Ntsecapi/nc-ntsecapi-psam_password_notification_routine */
{
return STATUS_SUCCESS;
}
extern "C" __declspec(dllexport)
BOOLEAN WINAPI PasswordFilter(PUNICODE_STRING AccountName, PUNICODE_STRING FullName, PUNICODE_STRING Password, BOOLEAN SetOperation)
/* https://docs.microsoft.com/en-us/windows/desktop/api/Ntsecapi/nc-ntsecapi-psam_password_filter_routine */
{
if (Password == NULL)
return FALSE;
// Password->Length is size of Buffer in bytes
size_t length = Password->Length / sizeof(WCHAR);
// Note that minimum length check is already done by the password policy.
if (length < 8)
return FALSE;
WCHAR *banned[] = { L"Changeme5?", L"Password123!" };
for (size_t i = 0; i < sizeof(banned) / sizeof(banned[0]); i++) {
if (lstrlenW(banned[i]) == length) {
if (wcsncmp(Password->Buffer, banned[i], length) == 0)
return FALSE;
}
}
return TRUE;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
return TRUE;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment