123 lines
2.5 KiB
C++
123 lines
2.5 KiB
C++
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) 1998, Microsoft Corp. All rights reserved.
|
|
//
|
|
// FILE
|
|
//
|
|
// lockout.cpp
|
|
//
|
|
// SYNOPSIS
|
|
//
|
|
// Defines the account lockout API.
|
|
//
|
|
// MODIFICATION HISTORY
|
|
//
|
|
// 10/21/1998 Original version.
|
|
// 11/10/1998 Do not revoke dialin privilege.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <ias.h>
|
|
#include <iastlb.h>
|
|
#include <iaslsa.h>
|
|
#include <acctinfo.h>
|
|
#include <lockout.h>
|
|
|
|
DWORD
|
|
WINAPI
|
|
AccountLockoutInitialize( VOID )
|
|
{
|
|
AccountInfo::initialize();
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
VOID
|
|
WINAPI
|
|
AccountLockoutShutdown( VOID )
|
|
{
|
|
AccountInfo::finalize();
|
|
}
|
|
|
|
BOOL
|
|
WINAPI
|
|
AccountLockoutOpenAndQuery(
|
|
IN PCWSTR pszUser,
|
|
IN PCWSTR pszDomain,
|
|
OUT PHANDLE phAccount
|
|
)
|
|
{
|
|
// Check the arguments.
|
|
if (phAccount == NULL) { return ERROR_INVALID_PARAMETER; }
|
|
|
|
// Open the AccountInfo object for this user.
|
|
AccountInfo* info = AccountInfo::open(pszDomain, pszUser);
|
|
|
|
// Return it to the caller as an opaque handle.
|
|
*phAccount = (HANDLE)info;
|
|
|
|
// If the info doesn't exist, it's not an error; it just means account
|
|
// lockout is disabled.
|
|
return info && info->isLockedOut() ? TRUE : FALSE;
|
|
}
|
|
|
|
VOID
|
|
WINAPI
|
|
AccountLockoutUpdatePass(
|
|
IN HANDLE hAccount
|
|
)
|
|
{
|
|
if (hAccount)
|
|
{
|
|
// The logon succeeded, so reset the lockout count.
|
|
((AccountInfo*)hAccount)->reset();
|
|
}
|
|
}
|
|
|
|
VOID
|
|
WINAPI
|
|
AccountLockoutUpdateFail(
|
|
IN HANDLE hAccount
|
|
)
|
|
{
|
|
if (hAccount)
|
|
{
|
|
IASTraceString("Authentication failed; incrementing lockout count.");
|
|
|
|
AccountInfo* info = (AccountInfo*)hAccount;
|
|
|
|
// Is this the first denial ?
|
|
if (info->isClean())
|
|
{
|
|
IASTraceString("Validating account name for new entry.");
|
|
|
|
// Yes, so make sure it's a valid account. We don't want to create a
|
|
// lot of registry keys for bogus accounts.
|
|
DWORD status = IASValidateUserName(
|
|
info->getUserName(),
|
|
info->getDomain()
|
|
);
|
|
|
|
if (status != NO_ERROR)
|
|
{
|
|
IASTraceFailure("IASValidateUserName", status);
|
|
return;
|
|
}
|
|
|
|
IASTraceString("Account name is valid.");
|
|
}
|
|
|
|
// Bump up the denial count.
|
|
info->incrementDenials();
|
|
}
|
|
}
|
|
|
|
VOID
|
|
WINAPI
|
|
AccountLockoutClose(
|
|
IN HANDLE hAccount
|
|
)
|
|
{
|
|
AccountInfo::close((AccountInfo*)hAccount);
|
|
}
|