windows-nt/Source/XPSP1/NT/net/ias/providers/ntuser/auth/lockout.cpp
2020-09-26 16:20:57 +08:00

123 lines
2.5 KiB
C++

///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 1998, Microsoft Corp. All rights reserved.
//
// FILE
//
// lockout.cpp
//
// SYNOPSIS
//
// Defines the account lockout API.
//
// MODIFICATION HISTORY
//
// 10/21/1998 Original version.
// 11/10/1998 Do not revoke dialin privilege.
//
///////////////////////////////////////////////////////////////////////////////
#include <ias.h>
#include <iastlb.h>
#include <iaslsa.h>
#include <acctinfo.h>
#include <lockout.h>
DWORD
WINAPI
AccountLockoutInitialize( VOID )
{
AccountInfo::initialize();
return NO_ERROR;
}
VOID
WINAPI
AccountLockoutShutdown( VOID )
{
AccountInfo::finalize();
}
BOOL
WINAPI
AccountLockoutOpenAndQuery(
IN PCWSTR pszUser,
IN PCWSTR pszDomain,
OUT PHANDLE phAccount
)
{
// Check the arguments.
if (phAccount == NULL) { return ERROR_INVALID_PARAMETER; }
// Open the AccountInfo object for this user.
AccountInfo* info = AccountInfo::open(pszDomain, pszUser);
// Return it to the caller as an opaque handle.
*phAccount = (HANDLE)info;
// If the info doesn't exist, it's not an error; it just means account
// lockout is disabled.
return info && info->isLockedOut() ? TRUE : FALSE;
}
VOID
WINAPI
AccountLockoutUpdatePass(
IN HANDLE hAccount
)
{
if (hAccount)
{
// The logon succeeded, so reset the lockout count.
((AccountInfo*)hAccount)->reset();
}
}
VOID
WINAPI
AccountLockoutUpdateFail(
IN HANDLE hAccount
)
{
if (hAccount)
{
IASTraceString("Authentication failed; incrementing lockout count.");
AccountInfo* info = (AccountInfo*)hAccount;
// Is this the first denial ?
if (info->isClean())
{
IASTraceString("Validating account name for new entry.");
// Yes, so make sure it's a valid account. We don't want to create a
// lot of registry keys for bogus accounts.
DWORD status = IASValidateUserName(
info->getUserName(),
info->getDomain()
);
if (status != NO_ERROR)
{
IASTraceFailure("IASValidateUserName", status);
return;
}
IASTraceString("Account name is valid.");
}
// Bump up the denial count.
info->incrementDenials();
}
}
VOID
WINAPI
AccountLockoutClose(
IN HANDLE hAccount
)
{
AccountInfo::close((AccountInfo*)hAccount);
}