Skip to content
This repository was archived by the owner on Jun 2, 2023. It is now read-only.

[UPD] Handled upn.#374

Merged
geoperez merged 1 commit intomasterfrom
issue343-UnableToChangeExpiredPassword
Oct 14, 2019
Merged

[UPD] Handled upn.#374
geoperez merged 1 commit intomasterfrom
issue343-UnableToChangeExpiredPassword

Conversation

@Serk352
Copy link
Copy Markdown
Contributor

@Serk352 Serk352 commented Oct 14, 2019

Handling missed @ in upn.

Fixes #343

@Serk352
[UPD] Handled upn.
1d3c076 
Handling missed @ in upn.
@Serk352 Serk352 added bug Something doesn't work! enhancement Nice to have. labels Oct 14, 2019
@Serk352 Serk352 added this to the 4.0.0 milestone Oct 14, 2019
@Serk352 Serk352 requested a review from geoperez October 14, 2019 19:12
@Serk352 Serk352 self-assigned this Oct 14, 2019
@geoperez geoperez merged commit 4ce1f4a into master Oct 14, 2019
@geoperez geoperez deleted the issue343-UnableToChangeExpiredPassword branch October 14, 2019 19:15
lukedaemon
lukedaemon reviewed Oct 14, 2019
View reviewed changes
Comment thread src/Unosquare.PassCore.PasswordProvider/PasswordChangeProvider.cs
return true;

var tmpAuthority = upn?.Split('@').Last();
var tmpAuthority = upn?.Contains('@') == true ? upn.Split('@').Last() : string.Empty;
Copy link
Copy Markdown

@lukedaemon lukedaemon Oct 14, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a note regarding this change.
As written in #343, when the user's UPN suffix is different by AD domain:

  • UPN suffix = domain.com
  • AD domain = domain.local

...using...

var tmpAuthority = upn?.Split('@').Last();

OR

var tmpAuthority = upn?.Contains('@') == true ? upn.Split('@').Last() : string.Empty;

produces the same results: tmpAuthority = domain.com; but then, the LogonUser(...) function will always return 1326 (ERROR_LOGON_FAILURE) even if the end-user has "Must change password at next logon" flag selected - so it should return 1907 (ERROR_PASSWORD_MUST_CHANGE) or its password is expired - so it should return 1330 (ERROR_PASSWORD_EXPIRED).

According to this Microsoft Docs article LogonUserA function:

BOOL LogonUserA(
  LPCSTR  lpszUsername,
  LPCSTR  lpszDomain,
  LPCSTR  lpszPassword,
  DWORD   dwLogonType,
  DWORD   dwLogonProvider,
  PHANDLE phToken
);

lpszUsername

A pointer to a null-terminated string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal name (UPN) format, User@DNSDomainName, the lpszDomain parameter must be NULL.

If the above is correct, when UPN is used, the domain must be NULL, so the tmpAuthority should be removed and LogonUser(...) like:

if (LogonUser(upn, string.Empty, currentPassword, LogonTypes.Network, LogonProviders.Default, out _))
   return true;

What about ?

Copy link
Copy Markdown
Contributor Author

@Serk352 Serk352 Oct 14, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, I miss that. I will work on this and let you know when it's finished.

Copy link
Copy Markdown

@lukedaemon lukedaemon Oct 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much @Serk352.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@lukedaemon lukedaemon lukedaemon left review comments

@geoperez geoperez geoperez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Serk352 Serk352

Labels

bug Something doesn't work! enhancement Nice to have.

Projects

None yet

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

Unable to change expired password

3 participants

@Serk352 @geoperez @lukedaemon