Skip to content
This repository has been archived by the owner on Mar 25, 2022. It is now read-only.

When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider,Domain Password Expiry Scenario is not working and not displaying Password change UI. #10

Open
Mahaboob-Aslam opened this issue Jun 22, 2021 · 0 comments

Comments

@Mahaboob-Aslam
Copy link

Mahaboob-Aslam commented Jun 22, 2021

Hi,
I am writing a Custom Windows Credential Provider using C++ on Windows 10, where I have implemented the domain password expiry in my code and I am able to change the Domain password looking into this blog. How can I handle password expiry in the credential provider?
But there is one scenario, where in LOCK condition, CPUS_UNLOCK_WORKSTATION_condition, I am not able to load the Change Password UI for domain password expiry.

With this following code below:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_LOGIN_NAME, CPFS_HIDDEN );
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_PASSWORD,CPFS_HIDDEN );

for the above two statements, the code works fine and it hides the field components for Username and Passwords.

And I am facing problems for the below lines of code statements:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);		
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD_TEXT,CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD,CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_SUBMIT_BUTTON, CPFS_DISPLAY_IN_SELECTED_TILE);

I am not able to load these fields. these APIs are failing to load fields OldPasswordText, OldPassword, NewPasswordText, NewPassword, ConfirmPasswordText and ConfirmPassword and Submitbutton.

I am calling these above functions from Credential :: Initialize().
I am calling Initialize() function from

Credential ::ReportResult() 
{
        // _cpus = CPUS_UNLOCK_WORKSTATION** and with 
        if (ntsStatus == STATUS_PASSWORD_MUST_CHANGE || (ntsStatus == STATUS_ACCOUNT_RESTRICTION && ntsSubstatus == 
             STATUS_PASSWORD_EXPIRED))
        {
                  Initialize(_cpus, s_rgCredProvFieldDescriptors, s_rgFieldStatePairs, nullptr);
        }
}

below lines of code are from logfiles, which I am providing for reference.

Initialize() FAILED SFI_OLDPASSWORD_TEXT: 183 where 183 is the value, I am getting from GetLastError()
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD: 183
Initialize() FAILED SFI_CONFPASSWORD_TEXT: 183
Initialize() FAILED SFI_CONFPASSWORD: 183
Initialize() FAILED SFI_SUBMIT_BUTTON: 183

Help in resolving the issue, if i am doing anything wrong.

Regards
Aslam

@Mahaboob-Aslam Mahaboob-Aslam changed the title When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider, Password Expiry Scenario is not working and not displaying Password change UI. When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider,Domain Password Expiry Scenario is not working and not displaying Password change UI. Jun 23, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant