Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 1998, Microsoft Corp. All rights reserved.
//
// FILE
//
// lockout.cpp
//
// SYNOPSIS
//
// Defines the account lockout API.
//
// MODIFICATION HISTORY
//
// 10/21/1998 Original version.
// 11/10/1998 Do not revoke dialin privilege.
//
///////////////////////////////////////////////////////////////////////////////
#include <ias.h>
#include <iastlb.h>
#include <iaslsa.h>
#include <acctinfo.h>
#include <lockout.h>
DWORD WINAPI AccountLockoutInitialize( VOID ) { AccountInfo::initialize();
return NO_ERROR; }
VOID WINAPI AccountLockoutShutdown( VOID ) { AccountInfo::finalize(); }
BOOL WINAPI AccountLockoutOpenAndQuery( IN PCWSTR pszUser, IN PCWSTR pszDomain, OUT PHANDLE phAccount ) { // Check the arguments.
if (phAccount == NULL) { return ERROR_INVALID_PARAMETER; }
// Open the AccountInfo object for this user.
AccountInfo* info = AccountInfo::open(pszDomain, pszUser);
// Return it to the caller as an opaque handle.
*phAccount = (HANDLE)info;
// If the info doesn't exist, it's not an error; it just means account
// lockout is disabled.
return info && info->isLockedOut() ? TRUE : FALSE; }
VOID WINAPI AccountLockoutUpdatePass( IN HANDLE hAccount ) { if (hAccount) { // The logon succeeded, so reset the lockout count.
((AccountInfo*)hAccount)->reset(); } }
VOID WINAPI AccountLockoutUpdateFail( IN HANDLE hAccount ) { if (hAccount) { IASTraceString("Authentication failed; incrementing lockout count.");
AccountInfo* info = (AccountInfo*)hAccount;
// Is this the first denial ?
if (info->isClean()) { IASTraceString("Validating account name for new entry.");
// Yes, so make sure it's a valid account. We don't want to create a
// lot of registry keys for bogus accounts.
DWORD status = IASValidateUserName( info->getUserName(), info->getDomain() );
if (status != NO_ERROR) { IASTraceFailure("IASValidateUserName", status); return; }
IASTraceString("Account name is valid."); }
// Bump up the denial count.
info->incrementDenials(); } }
VOID WINAPI AccountLockoutClose( IN HANDLE hAccount ) { AccountInfo::close((AccountInfo*)hAccount); }
|