3

我正在尝试使用 NetValidatePasswordPolicy API 评估是否满足密码复杂性规则。我为此找到了很多样本​​,但没有一个对我有用。

我尝试了不同的方法来使用 APINetValidatePasswordResetNetValidatePasswordChangeParameter,但结果总是一样的。

我的问题是,API 只测试密码长度。如果密码太短,我会收到错误 2245(这意味着密码太短),但是当我输入一个完全不符合复杂性规则的较长密码时,我会返回一个成功代码(而不是PasswordNotComplexEnough)。

有没有人得到这个 API 功能的工作?请帮助并感谢您的支持。

下面是不起作用的代码。我在两个不同的系统上尝试过。一种是连接到 Active Directory 域的 Windows 8。另一个是同域的域服务器(运行 Windows Server 2008 R2)。

#pragma once
#include <windows.h> 
#include <lm.h> 
#include <stdio.h> 
#include <vcclr.h>
#pragma comment(lib, "Netapi32.lib") 

using namespace System;
using namespace System::Runtime::InteropServices;

namespace PasswordPolicyCheck {


    public ref class srPasswordValidator 
    { 
    //public : static const int PasswordValidationSuccess = NERR_Success;
    //public: static const int PasswordAccountLockedOut = NERR_AccountLockedOut;
    //public: static const int PasswordTooRecent = NERR_PasswordTooRecent;
    //public: static const int PasswordBadPassword = NERR_BadPassword;
    //public: static const int PasswordHistConfilct = NERR_PasswordHistConflict;
    //public: static const int PasswordTooShort = NERR_PasswordTooShort;
    //public: static const int PasswordTooLong = NERR_PasswordTooLong;
    //public: static const int PasswordNotComplexEnough = NERR_PasswordNotComplexEnough;
    //public: static const int PasswordFlterError = NERR_PasswordFilterError;

        public :int ValidatePassword(String^ userName, String^ password, String^ domainController) 
        { 

            LPWSTR wzPwd = static_cast<LPWSTR>(Marshal::StringToBSTR(password).ToPointer()); 
            LPWSTR wzUser = static_cast<LPWSTR>(Marshal::StringToBSTR(userName).ToPointer()); 
            LPWSTR  wzServer = static_cast<LPWSTR>(Marshal::StringToBSTR(domainController).ToPointer()); 

            NET_VALIDATE_OUTPUT_ARG* Output = NULL; 
            NET_VALIDATE_PASSWORD_RESET_INPUT_ARG Input = {0}; 
            //NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG Input = {0}; 

            Input.ClearLockout = true;
            Input.PasswordMustChangeAtNextLogon = false;
            Input.UserAccountName = wzUser;
            Input.ClearPassword = wzPwd;
            //Input.PasswordMatch = TRUE;

            /*NET_VALIDATE_PASSWORD_HASH PasswordHistory;
            size_t lLength = wcslen(wPassword);
            PasswordHistory.Length = lLength;
            PasswordHistory.Hash = new BYTE[lLength];
            memcpy(PasswordHistory.Hash, wPassword, lLength);
            Input.HashedPassword = PasswordHistory;
            Input.InputPersistedFields.PresentFields = NET_VALIDATE_PASSWORD_HISTORY | NET_VALIDATE_PASSWORD_HISTORY_LENGTH;*/

            DWORD dwErr = NetValidatePasswordPolicy (wzServer, NULL, _NET_VALIDATE_PASSWORD_TYPE::NetValidatePasswordReset, &Input, (void **) &Output); 
            int ReturnValue = Output->ValidationStatus;
            NetValidatePasswordPolicyFree ((void **) &Output); 
            return ReturnValue;
        } 
    }; 

}
4

0 回答 0