PSAM_PASSWORD_FILTER_ROUTINE callback function (ntsecapi.h)
The PasswordFilter function is implemented by a password filter DLL. The value returned by this function determines whether the new password is accepted by the system. All of the password filters installed on a system must return TRUE for the password change to take effect.
Syntax
PSAM_PASSWORD_FILTER_ROUTINE PsamPasswordFilterRoutine;
BOOLEAN PsamPasswordFilterRoutine(
[in] PUNICODE_STRING AccountName,
[in] PUNICODE_STRING FullName,
[in] PUNICODE_STRING Password,
[in] BOOLEAN SetOperation
)
{...}
Parameters
[in] AccountName
Pointer to a UNICODE_STRING that represents the name of the user whose password changed.
[in] FullName
Pointer to a UNICODE_STRING that represents the full name of the user whose password changed.
[in] Password
Pointer to a UNICODE_STRING that represents the new plaintext password. When you have finished using the password, clear it from memory by calling the SecureZeroMemory function. For more information on protecting the password, see Handling Passwords.
[in] SetOperation
TRUE if the password was set rather than changed.
Return value
Return code | Description |
---|---|
|
Return TRUE if the new password is valid with respect to the password policy implemented in the password filter DLL. When TRUE is returned, the Local Security Authority (LSA) continues to evaluate the password by calling any other password filters installed on the system. |
|
Return FALSE if the new password is not valid with respect to the password policy implemented in the password filter DLL. When FALSE is returned, the LSA returns the ERROR_ILL_FORMED_PASSWORD (1324) status code to the source of the password change request. |
Remarks
Password change requests may be made when users specify a new password, accounts are created and when administrators override a password.
This function must use the __stdcall calling convention and must be exported by the DLL.
When the PasswordFilter routine is running, processing is blocked until the routine is finished. When appropriate, move any lengthy processing to a separate thread prior to returning from this routine.
This function is called only for password filters that are installed and registered on a system.
Any process exception that is not handled within this function may cause security-related failures system-wide. Structured exception handling should be used when appropriate.
For information about | See |
---|---|
Programming issues when implementing a password filter DLL | Password Filter Programming Considerations |
How to install and register your own password filter DLL | Installing and Registering a Password Filter DLL |
The password filter DLL provided by Microsoft | Strong Password Enforcement and Passfilt.dll |
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Target Platform | Windows |
Header | ntsecapi.h |