windows-Credential-Provider-library icon indicating copy to clipboard operation
windows-Credential-Provider-library copied to clipboard

Published 20 hours ago verified publisher icon DavidWeiss2

When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider, DomainPassword Expiry Scenario is not working and not displaying Password change UI.

Open Mahaboob-Aslam opened this issue 3 years ago • 0 comments

Hi, I am writing a Custom Windows Credential Provider using C++ on Windows 10, where I have implemented the domain password expiry in my code and I am able to change the Domain password looking into this blog. How can I handle password expiry in the credential provider? But there is one scenario, where in LOCK condition, CPUS_UNLOCK_WORKSTATION_condition, I am not able to load the Change Password UI for domain password expiry.

With this following code below:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_LOGIN_NAME, CPFS_HIDDEN );
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_PASSWORD,CPFS_HIDDEN );

for the above two statements, the code works fine and it hides the field components for Username and Passwords.

And I am facing problems for the below lines of code statements:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);		
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD_TEXT,CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD,CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_SUBMIT_BUTTON, CPFS_DISPLAY_IN_SELECTED_TILE);

I am not able to load these fields. these APIs are failing to load fields OldPasswordText, OldPassword, NewPasswordText, NewPassword, ConfirmPasswordText and ConfirmPassword and Submitbutton.

I am calling this function from Credential :: Initialize(). I am calling Initialize() function from ReportResult()

 Credential ::ReportResult()
 { 
   //with _cpus = CPUS_UNLOCK_WORKSTATION 
           if (ntsStatus == STATUS_PASSWORD_MUST_CHANGE || (ntsStatus == STATUS_ACCOUNT_RESTRICTION && ntsSubstatus 
           == STATUS_PASSWORD_EXPIRED))
          {
                  Initialize(_cpus, s_rgCredProvFieldDescriptors, s_rgFieldStatePairs, nullptr);
           }
 }

below lines of code are from logfiles, which I am providing for reference.

Initialize() FAILED SFI_OLDPASSWORD_TEXT: 183 where 183 is the value, I am getting from GetLastError() Initialize() FAILED SFI_OLDPASSWORD: 183 Initialize() FAILED SFI_OLDPASSWORD: 183 Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183 Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183 Initialize() FAILED SFI_NEWPASSWORD: 183 Initialize() FAILED SFI_CONFPASSWORD_TEXT: 183 Initialize() FAILED SFI_CONFPASSWORD: 183 Initialize() FAILED SFI_SUBMIT_BUTTON: 183

Help in resolving the issue, if i am doing anything wrong.

Regards Aslam

Mahaboob-Aslam avatar Jun 22 '21 13:06 Mahaboob-Aslam