Skip to content
This repository was archived by the owner on Mar 25, 2022. It is now read-only.
This repository was archived by the owner on Mar 25, 2022. It is now read-only.

When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider,Domain Password Expiry Scenario is not working and not displaying Password change UI. #10

Open
Open
When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider,Domain Password Expiry Scenario is not working and not displaying Password change UI.#10
@Mahaboob-Aslam

Description

@Mahaboob-Aslam
Mahaboob-Aslam
opened on Jun 22, 2021

Hi,
I am writing a Custom Windows Credential Provider using C++ on Windows 10, where I have implemented the domain password expiry in my code and I am able to change the Domain password looking into this blog. How can I handle password expiry in the credential provider?
But there is one scenario, where in LOCK condition, CPUS_UNLOCK_WORKSTATION_condition, I am not able to load the Change Password UI for domain password expiry.

With this following code below:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_LOGIN_NAME, CPFS_HIDDEN );
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_PASSWORD,CPFS_HIDDEN );

for the above two statements, the code works fine and it hides the field components for Username and Passwords.

And I am facing problems for the below lines of code statements:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);		
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD_TEXT,CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD,CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_SUBMIT_BUTTON, CPFS_DISPLAY_IN_SELECTED_TILE);

I am not able to load these fields. these APIs are failing to load fields OldPasswordText, OldPassword, NewPasswordText, NewPassword, ConfirmPasswordText and ConfirmPassword and Submitbutton.

I am calling these above functions from Credential :: Initialize().
I am calling Initialize() function from

Credential ::ReportResult() 
{
        // _cpus = CPUS_UNLOCK_WORKSTATION** and with 
        if (ntsStatus == STATUS_PASSWORD_MUST_CHANGE || (ntsStatus == STATUS_ACCOUNT_RESTRICTION && ntsSubstatus == 
             STATUS_PASSWORD_EXPIRED))
        {
                  Initialize(_cpus, s_rgCredProvFieldDescriptors, s_rgFieldStatePairs, nullptr);
        }
}

below lines of code are from logfiles, which I am providing for reference.

Initialize() FAILED SFI_OLDPASSWORD_TEXT: 183 where 183 is the value, I am getting from GetLastError()
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD: 183
Initialize() FAILED SFI_CONFPASSWORD_TEXT: 183
Initialize() FAILED SFI_CONFPASSWORD: 183
Initialize() FAILED SFI_SUBMIT_BUTTON: 183

Help in resolving the issue, if i am doing anything wrong.

Regards
Aslam

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions