search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
d3d8: Get rid of the format switching code in d3d8_device_CopyRects().
[wine.git] / dlls / advapi32 / cred.c
blob10e58eb88b9b2d1ce2e5106fde6809bd78d47919
1 /*
2 * Credential Management APIs
3 *
4 * Copyright 2007 Robert Shearman for CodeWeavers
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22 #include <time.h>
23 #include <limits.h>
24
25 #ifdef __APPLE__
26 # include <Security/SecKeychain.h>
27 # include <Security/SecKeychainItem.h>
28 # include <Security/SecKeychainSearch.h>
29 #endif
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winreg.h"
34 #include "wincred.h"
35 #include "winternl.h"
36
37 #include "crypt.h"
38
39 #include "wine/unicode.h"
40 #include "wine/debug.h"
41
42 #include "advapi32_misc.h"
43
44 WINE_DEFAULT_DEBUG_CHANNEL(cred);
45
46 /* the size of the ARC4 key used to encrypt the password data */
47 #define KEY_SIZE 8
48
49 static const WCHAR wszCredentialManagerKey[] = {'S','o','f','t','w','a','r','e','\\','W','i','n','e','\\',
50 'C','r','e','d','e','n','t','i','a','l',' ','M','a','n','a','g','e','r',0};
51 static const WCHAR wszEncryptionKeyValue[] = {'E','n','c','r','y','p','t','i','o','n','K','e','y',0};
52
53 static const WCHAR wszFlagsValue[] = {'F','l','a','g','s',0};
54 static const WCHAR wszTypeValue[] = {'T','y','p','e',0};
55 static const WCHAR wszCommentValue[] = {'C','o','m','m','e','n','t',0};
56 static const WCHAR wszLastWrittenValue[] = {'L','a','s','t','W','r','i','t','t','e','n',0};
57 static const WCHAR wszPersistValue[] = {'P','e','r','s','i','s','t',0};
58 static const WCHAR wszTargetAliasValue[] = {'T','a','r','g','e','t','A','l','i','a','s',0};
59 static const WCHAR wszUserNameValue[] = {'U','s','e','r','N','a','m','e',0};
60 static const WCHAR wszPasswordValue[] = {'P','a','s','s','w','o','r','d',0};
61
62 static DWORD read_credential_blob(HKEY hkey, const BYTE key_data[KEY_SIZE],
63 LPBYTE credential_blob,
64 DWORD *credential_blob_size)
65 {
66 DWORD ret;
67 DWORD type;
68
69 *credential_blob_size = 0;
70 ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, NULL, credential_blob_size);
71 if (ret != ERROR_SUCCESS)
72 return ret;
73 else if (type != REG_BINARY)
74 return ERROR_REGISTRY_CORRUPT;
75 if (credential_blob)
76 {
77 struct ustring data;
78 struct ustring key;
79
80 ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, credential_blob,
81 credential_blob_size);
82 if (ret != ERROR_SUCCESS)
83 return ret;
84 else if (type != REG_BINARY)
85 return ERROR_REGISTRY_CORRUPT;
86
87 key.Length = key.MaximumLength = KEY_SIZE;
88 key.Buffer = (unsigned char *)key_data;
89
90 data.Length = data.MaximumLength = *credential_blob_size;
91 data.Buffer = credential_blob;
92 SystemFunction032(&data, &key);
93 }
94 return ERROR_SUCCESS;
95 }
96
97 static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential,
98 const BYTE key_data[KEY_SIZE],
99 char *buffer, DWORD *len)
100 {
101 DWORD type;
102 DWORD ret;
103 DWORD count;
104
105 ret = RegQueryValueExW(hkey, NULL, 0, &type, NULL, &count);
106 if (ret != ERROR_SUCCESS)
107 return ret;
108 else if (type != REG_SZ)
109 return ERROR_REGISTRY_CORRUPT;
110 *len += count;
111 if (credential)
112 {
113 credential->TargetName = (LPWSTR)buffer;
114 ret = RegQueryValueExW(hkey, NULL, 0, &type, (LPVOID)credential->TargetName,
115 &count);
116 if (ret != ERROR_SUCCESS || type != REG_SZ) return ret;
117 buffer += count;
118 }
119
120 ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, NULL, &count);
121 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
122 return ret;
123 else if (type != REG_SZ)
124 return ERROR_REGISTRY_CORRUPT;
125 *len += count;
126 if (credential)
127 {
128 credential->Comment = (LPWSTR)buffer;
129 ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, (LPVOID)credential->Comment,
130 &count);
131 if (ret == ERROR_FILE_NOT_FOUND)
132 credential->Comment = NULL;
133 else if (ret != ERROR_SUCCESS)
134 return ret;
135 else if (type != REG_SZ)
136 return ERROR_REGISTRY_CORRUPT;
137 else
138 buffer += count;
139 }
140
141 ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, NULL, &count);
142 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
143 return ret;
144 else if (type != REG_SZ)
145 return ERROR_REGISTRY_CORRUPT;
146 *len += count;
147 if (credential)
148 {
149 credential->TargetAlias = (LPWSTR)buffer;
150 ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, (LPVOID)credential->TargetAlias,
151 &count);
152 if (ret == ERROR_FILE_NOT_FOUND)
153 credential->TargetAlias = NULL;
154 else if (ret != ERROR_SUCCESS)
155 return ret;
156 else if (type != REG_SZ)
157 return ERROR_REGISTRY_CORRUPT;
158 else
159 buffer += count;
160 }
161
162 ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, NULL, &count);
163 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
164 return ret;
165 else if (type != REG_SZ)
166 return ERROR_REGISTRY_CORRUPT;
167 *len += count;
168 if (credential)
169 {
170 credential->UserName = (LPWSTR)buffer;
171 ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, (LPVOID)credential->UserName,
172 &count);
173 if (ret == ERROR_FILE_NOT_FOUND)
174 credential->UserName = NULL;
175 else if (ret != ERROR_SUCCESS)
176 return ret;
177 else if (type != REG_SZ)
178 return ERROR_REGISTRY_CORRUPT;
179 else
180 buffer += count;
181 }
182
183 ret = read_credential_blob(hkey, key_data, NULL, &count);
184 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
185 return ret;
186 *len += count;
187 if (credential)
188 {
189 credential->CredentialBlob = (LPBYTE)buffer;
190 ret = read_credential_blob(hkey, key_data, credential->CredentialBlob, &count);
191 if (ret == ERROR_FILE_NOT_FOUND)
192 credential->CredentialBlob = NULL;
193 else if (ret != ERROR_SUCCESS)
194 return ret;
195 credential->CredentialBlobSize = count;
196 }
197
198 /* FIXME: Attributes */
199 if (credential)
200 {
201 credential->AttributeCount = 0;
202 credential->Attributes = NULL;
203 }
204
205 if (!credential) return ERROR_SUCCESS;
206
207 count = sizeof(credential->Flags);
208 ret = RegQueryValueExW(hkey, wszFlagsValue, NULL, &type, (LPVOID)&credential->Flags,
209 &count);
210 if (ret != ERROR_SUCCESS)
211 return ret;
212 else if (type != REG_DWORD)
213 return ERROR_REGISTRY_CORRUPT;
214 count = sizeof(credential->Type);
215 ret = RegQueryValueExW(hkey, wszTypeValue, NULL, &type, (LPVOID)&credential->Type,
216 &count);
217 if (ret != ERROR_SUCCESS)
218 return ret;
219 else if (type != REG_DWORD)
220 return ERROR_REGISTRY_CORRUPT;
221
222 count = sizeof(credential->LastWritten);
223 ret = RegQueryValueExW(hkey, wszLastWrittenValue, NULL, &type, (LPVOID)&credential->LastWritten,
224 &count);
225 if (ret != ERROR_SUCCESS)
226 return ret;
227 else if (type != REG_BINARY)
228 return ERROR_REGISTRY_CORRUPT;
229 count = sizeof(credential->Persist);
230 ret = RegQueryValueExW(hkey, wszPersistValue, NULL, &type, (LPVOID)&credential->Persist,
231 &count);
232 if (ret == ERROR_SUCCESS && type != REG_DWORD)
233 return ERROR_REGISTRY_CORRUPT;
234 return ret;
235 }
236
237 #ifdef __APPLE__
238 static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require_password,
239 PCREDENTIALW credential, char *buffer,
240 DWORD *len)
241 {
242 OSStatus status;
243 UInt32 i, cred_blob_len;
244 void *cred_blob;
245 WCHAR *user = NULL;
246 BOOL user_name_present = FALSE;
247 SecKeychainAttributeInfo info;
248 SecKeychainAttributeList *attr_list;
249 UInt32 info_tags[] = { kSecServiceItemAttr, kSecAccountItemAttr,
250 kSecCommentItemAttr, kSecCreationDateItemAttr };
251 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
252 info.tag = info_tags;
253 info.format = NULL;
254 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, &cred_blob);
255 if (status == errSecAuthFailed && !require_password)
256 {
257 cred_blob_len = 0;
258 cred_blob = NULL;
259 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, NULL);
260 }
261 if (status != noErr)
262 {
263 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
264 return ERROR_NOT_FOUND;
265 }
266
267 for (i = 0; i < attr_list->count; i++)
268 if (attr_list->attr[i].tag == kSecAccountItemAttr && attr_list->attr[i].data)
269 {
270 user_name_present = TRUE;
271 break;
272 }
273 if (!user_name_present)
274 {
275 WARN("no kSecAccountItemAttr for item\n");
276 SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
277 return ERROR_NOT_FOUND;
278 }
279
280 if (buffer)
281 {
282 credential->Flags = 0;
283 credential->Type = CRED_TYPE_DOMAIN_PASSWORD;
284 credential->TargetName = NULL;
285 credential->Comment = NULL;
286 memset(&credential->LastWritten, 0, sizeof(credential->LastWritten));
287 credential->CredentialBlobSize = 0;
288 credential->CredentialBlob = NULL;
289 credential->Persist = CRED_PERSIST_LOCAL_MACHINE;
290 credential->AttributeCount = 0;
291 credential->Attributes = NULL;
292 credential->TargetAlias = NULL;
293 credential->UserName = NULL;
294 }
295 for (i = 0; i < attr_list->count; i++)
296 {
297 switch (attr_list->attr[i].tag)
298 {
299 case kSecServiceItemAttr:
300 TRACE("kSecServiceItemAttr: %.*s\n", (int)attr_list->attr[i].length,
301 (char *)attr_list->attr[i].data);
302 if (!attr_list->attr[i].data) continue;
303 if (buffer)
304 {
305 INT str_len;
306 credential->TargetName = (LPWSTR)buffer;
307 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
308 attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
309 credential->TargetName[str_len] = '\0';
310 buffer += (str_len + 1) * sizeof(WCHAR);
311 *len += (str_len + 1) * sizeof(WCHAR);
312 }
313 else
314 {
315 INT str_len;
316 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
317 attr_list->attr[i].length, NULL, 0);
318 *len += (str_len + 1) * sizeof(WCHAR);
319 }
320 break;
321 case kSecAccountItemAttr:
322 {
323 INT str_len;
324 TRACE("kSecAccountItemAttr: %.*s\n", (int)attr_list->attr[i].length,
325 (char *)attr_list->attr[i].data);
326 if (!attr_list->attr[i].data) continue;
327 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
328 attr_list->attr[i].length, NULL, 0);
329 user = heap_alloc((str_len + 1) * sizeof(WCHAR));
330 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
331 attr_list->attr[i].length, user, str_len);
332 user[str_len] = '\0';
333 break;
334 }
335 case kSecCommentItemAttr:
336 TRACE("kSecCommentItemAttr: %.*s\n", (int)attr_list->attr[i].length,
337 (char *)attr_list->attr[i].data);
338 if (!attr_list->attr[i].data) continue;
339 if (buffer)
340 {
341 INT str_len;
342 credential->Comment = (LPWSTR)buffer;
343 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
344 attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
345 credential->Comment[str_len] = '\0';
346 buffer += (str_len + 1) * sizeof(WCHAR);
347 *len += (str_len + 1) * sizeof(WCHAR);
348 }
349 else
350 {
351 INT str_len;
352 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
353 attr_list->attr[i].length, NULL, 0);
354 *len += (str_len + 1) * sizeof(WCHAR);
355 }
356 break;
357 case kSecCreationDateItemAttr:
358 TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length,
359 (char *)attr_list->attr[i].data);
360 if (buffer)
361 {
362 LARGE_INTEGER win_time;
363 struct tm tm;
364 time_t time;
365 memset(&tm, 0, sizeof(tm));
366 strptime(attr_list->attr[i].data, "%Y%m%d%H%M%SZ", &tm);
367 time = mktime(&tm);
368 RtlSecondsSince1970ToTime(time, &win_time);
369 credential->LastWritten.dwLowDateTime = win_time.u.LowPart;
370 credential->LastWritten.dwHighDateTime = win_time.u.HighPart;
371 }
372 break;
373 default:
374 FIXME("unhandled attribute %lu\n", attr_list->attr[i].tag);
375 break;
376 }
377 }
378
379 if (user)
380 {
381 INT str_len;
382 if (buffer)
383 credential->UserName = (LPWSTR)buffer;
384 str_len = strlenW(user);
385 *len += (str_len + 1) * sizeof(WCHAR);
386 if (buffer)
387 {
388 memcpy(buffer, user, (str_len + 1) * sizeof(WCHAR));
389 buffer += (str_len + 1) * sizeof(WCHAR);
390 TRACE("UserName = %s\n", debugstr_w(credential->UserName));
391 }
392 }
393 heap_free(user);
394
395 if (cred_blob)
396 {
397 if (buffer)
398 {
399 INT str_len;
400 credential->CredentialBlob = (BYTE *)buffer;
401 str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
402 (LPWSTR)buffer, 0xffff);
403 credential->CredentialBlobSize = str_len * sizeof(WCHAR);
404 *len += str_len * sizeof(WCHAR);
405 }
406 else
407 {
408 INT str_len;
409 str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
410 NULL, 0);
411 *len += str_len * sizeof(WCHAR);
412 }
413 }
414 SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
415 return ERROR_SUCCESS;
416 }
417 #endif
418
419 static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
420 const BYTE key_data[KEY_SIZE],
421 const BYTE *credential_blob, DWORD credential_blob_size)
422 {
423 LPBYTE encrypted_credential_blob;
424 struct ustring data;
425 struct ustring key;
426 DWORD ret;
427
428 key.Length = key.MaximumLength = KEY_SIZE;
429 key.Buffer = (unsigned char *)key_data;
430
431 encrypted_credential_blob = heap_alloc(credential_blob_size);
432 if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY;
433
434 memcpy(encrypted_credential_blob, credential_blob, credential_blob_size);
435 data.Length = data.MaximumLength = credential_blob_size;
436 data.Buffer = encrypted_credential_blob;
437 SystemFunction032(&data, &key);
438
439 ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, encrypted_credential_blob, credential_blob_size);
440 heap_free(encrypted_credential_blob);
441
442 return ret;
443 }
444
445 static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
446 const BYTE key_data[KEY_SIZE], BOOL preserve_blob)
447 {
448 DWORD ret;
449 FILETIME LastWritten;
450
451 GetSystemTimeAsFileTime(&LastWritten);
452
453 ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (const BYTE*)&credential->Flags,
454 sizeof(credential->Flags));
455 if (ret != ERROR_SUCCESS) return ret;
456 ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (const BYTE*)&credential->Type,
457 sizeof(credential->Type));
458 if (ret != ERROR_SUCCESS) return ret;
459 ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName,
460 sizeof(WCHAR)*(strlenW(credential->TargetName)+1));
461 if (ret != ERROR_SUCCESS) return ret;
462 if (credential->Comment)
463 {
464 ret = RegSetValueExW(hkey, wszCommentValue, 0, REG_SZ, (LPVOID)credential->Comment,
465 sizeof(WCHAR)*(strlenW(credential->Comment)+1));
466 if (ret != ERROR_SUCCESS) return ret;
467 }
468 ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten,
469 sizeof(LastWritten));
470 if (ret != ERROR_SUCCESS) return ret;
471 ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (const BYTE*)&credential->Persist,
472 sizeof(credential->Persist));
473 if (ret != ERROR_SUCCESS) return ret;
474 /* FIXME: Attributes */
475 if (credential->TargetAlias)
476 {
477 ret = RegSetValueExW(hkey, wszTargetAliasValue, 0, REG_SZ, (LPVOID)credential->TargetAlias,
478 sizeof(WCHAR)*(strlenW(credential->TargetAlias)+1));
479 if (ret != ERROR_SUCCESS) return ret;
480 }
481 if (credential->UserName)
482 {
483 ret = RegSetValueExW(hkey, wszUserNameValue, 0, REG_SZ, (LPVOID)credential->UserName,
484 sizeof(WCHAR)*(strlenW(credential->UserName)+1));
485 if (ret != ERROR_SUCCESS) return ret;
486 }
487 if (!preserve_blob)
488 {
489 ret = write_credential_blob(hkey, credential->TargetName, credential->Type,
490 key_data, credential->CredentialBlob,
491 credential->CredentialBlobSize);
492 }
493 return ret;
494 }
495
496 #ifdef __APPLE__
497 static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_blob)
498 {
499 OSStatus status;
500 SecKeychainItemRef keychain_item;
501 char *username, *password, *servername;
502 UInt32 userlen, pwlen, serverlen;
503 SecKeychainAttribute attrs[1];
504 SecKeychainAttributeList attr_list;
505
506 if (credential->Flags)
507 FIXME("Flags 0x%x not written\n", credential->Flags);
508 if (credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
509 FIXME("credential type of %d not supported\n", credential->Type);
510 if (credential->Persist != CRED_PERSIST_LOCAL_MACHINE)
511 FIXME("persist value of %d not supported\n", credential->Persist);
512 if (credential->AttributeCount)
513 FIXME("custom attributes not supported\n");
514
515 userlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, NULL, 0, NULL, NULL);
516 username = heap_alloc(userlen * sizeof(*username));
517 WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, username, userlen, NULL, NULL);
518
519 serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL);
520 servername = heap_alloc(serverlen * sizeof(*servername));
521 WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL);
522 pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
523 credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL);
524 password = heap_alloc(pwlen * sizeof(*password));
525 WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
526 credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL);
527
528 TRACE("adding server %s, username %s using Keychain\n", servername, username);
529 status = SecKeychainAddGenericPassword(NULL, strlen(servername), servername, strlen(username),
530 username, strlen(password), password, &keychain_item);
531 if (status != noErr)
532 ERR("SecKeychainAddGenericPassword returned %ld\n", status);
533 if (status == errSecDuplicateItem)
534 {
535 status = SecKeychainFindGenericPassword(NULL, strlen(servername), servername, strlen(username),
536 username, NULL, NULL, &keychain_item);
537 if (status != noErr)
538 ERR("SecKeychainFindGenericPassword returned %ld\n", status);
539 }
540 heap_free(username);
541 heap_free(servername);
542 if (status != noErr)
543 {
544 heap_free(password);
545 return ERROR_GEN_FAILURE;
546 }
547 if (credential->Comment)
548 {
549 attr_list.count = 1;
550 attr_list.attr = attrs;
551 attrs[0].tag = kSecCommentItemAttr;
552 attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL);
553 if (attrs[0].length) attrs[0].length--;
554 attrs[0].data = heap_alloc(attrs[0].length);
555 WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL);
556 }
557 else
558 {
559 attr_list.count = 0;
560 attr_list.attr = NULL;
561 }
562 status = SecKeychainItemModifyAttributesAndData(keychain_item, &attr_list,
563 preserve_blob ? 0 : strlen(password),
564 preserve_blob ? NULL : password);
565 if (credential->Comment)
566 heap_free(attrs[0].data);
567 heap_free(password);
568 /* FIXME: set TargetAlias attribute */
569 CFRelease(keychain_item);
570 if (status != noErr)
571 return ERROR_GEN_FAILURE;
572 return ERROR_SUCCESS;
573 }
574 #endif
575
576 static DWORD open_cred_mgr_key(HKEY *hkey, BOOL open_for_write)
577 {
578 return RegCreateKeyExW(HKEY_CURRENT_USER, wszCredentialManagerKey, 0,
579 NULL, REG_OPTION_NON_VOLATILE,
580 KEY_READ | (open_for_write ? KEY_WRITE : 0), NULL, hkey, NULL);
581 }
582
583 static DWORD get_cred_mgr_encryption_key(HKEY hkeyMgr, BYTE key_data[KEY_SIZE])
584 {
585 static const BYTE my_key_data[KEY_SIZE] = { 0 };
586 DWORD type;
587 DWORD count;
588 FILETIME ft;
589 ULONG seed;
590 ULONG value;
591 DWORD ret;
592
593 memcpy(key_data, my_key_data, KEY_SIZE);
594
595 count = KEY_SIZE;
596 ret = RegQueryValueExW(hkeyMgr, wszEncryptionKeyValue, NULL, &type, key_data,
597 &count);
598 if (ret == ERROR_SUCCESS)
599 {
600 if (type != REG_BINARY)
601 return ERROR_REGISTRY_CORRUPT;
602 else
603 return ERROR_SUCCESS;
604 }
605 if (ret != ERROR_FILE_NOT_FOUND)
606 return ret;
607
608 GetSystemTimeAsFileTime(&ft);
609 seed = ft.dwLowDateTime;
610 value = RtlUniform(&seed);
611 *(DWORD *)key_data = value;
612 seed = ft.dwHighDateTime;
613 value = RtlUniform(&seed);
614 *(DWORD *)(key_data + 4) = value;
615
616 ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
617 key_data, KEY_SIZE);
618 if (ret == ERROR_ACCESS_DENIED)
619 {
620 ret = open_cred_mgr_key(&hkeyMgr, TRUE);
621 if (ret == ERROR_SUCCESS)
622 {
623 ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
624 key_data, KEY_SIZE);
625 RegCloseKey(hkeyMgr);
626 }
627 }
628 return ret;
629 }
630
631 static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
632 {
633 static const WCHAR wszGenericPrefix[] = {'G','e','n','e','r','i','c',':',' ',0};
634 static const WCHAR wszDomPasswdPrefix[] = {'D','o','m','P','a','s','s','w','d',':',' ',0};
635 INT len;
636 LPCWSTR prefix = NULL;
637 LPWSTR key_name, p;
638
639 len = strlenW(target_name);
640 if (type == CRED_TYPE_GENERIC)
641 {
642 prefix = wszGenericPrefix;
643 len += sizeof(wszGenericPrefix)/sizeof(wszGenericPrefix[0]);
644 }
645 else
646 {
647 prefix = wszDomPasswdPrefix;
648 len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]);
649 }
650
651 key_name = heap_alloc(len * sizeof(WCHAR));
652 if (!key_name) return NULL;
653
654 strcpyW(key_name, prefix);
655 strcatW(key_name, target_name);
656
657 for (p = key_name; *p; p++)
658 if (*p == '\\') *p = '_';
659
660 return key_name;
661 }
662
663 static BOOL registry_credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
664 {
665 LPWSTR target_name;
666 DWORD ret;
667 DWORD type;
668 DWORD count;
669 LPCWSTR p;
670
671 if (!filter) return TRUE;
672
673 ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, NULL, &count);
674 if (ret != ERROR_SUCCESS)
675 return FALSE;
676 else if (type != REG_SZ)
677 return FALSE;
678
679 target_name = heap_alloc(count);
680 if (!target_name)
681 return FALSE;
682 ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count);
683 if (ret != ERROR_SUCCESS || type != REG_SZ)
684 {
685 heap_free(target_name);
686 return FALSE;
687 }
688
689 TRACE("comparing filter %s to target name %s\n", debugstr_w(filter),
690 debugstr_w(target_name));
691
692 p = strchrW(filter, '*');
693 ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
694 (p && !p[1] ? p - filter : -1), target_name,
695 (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
696
697 heap_free(target_name);
698 return ret;
699 }
700
701 static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
702 LPWSTR target_name,
703 DWORD target_name_len, const BYTE key_data[KEY_SIZE],
704 PCREDENTIALW *credentials, char **buffer,
705 DWORD *len, DWORD *count)
706 {
707 DWORD i;
708 DWORD ret;
709 for (i = 0;; i++)
710 {
711 HKEY hkeyCred;
712 ret = RegEnumKeyW(hkeyMgr, i, target_name, target_name_len+1);
713 if (ret == ERROR_NO_MORE_ITEMS)
714 {
715 ret = ERROR_SUCCESS;
716 break;
717 }
718 else if (ret != ERROR_SUCCESS)
719 continue;
720 TRACE("target_name = %s\n", debugstr_w(target_name));
721 ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred);
722 if (ret != ERROR_SUCCESS)
723 continue;
724 if (!registry_credential_matches_filter(hkeyCred, filter))
725 {
726 RegCloseKey(hkeyCred);
727 continue;
728 }
729 if (buffer)
730 {
731 *len = sizeof(CREDENTIALW);
732 credentials[*count] = (PCREDENTIALW)*buffer;
733 }
734 else
735 *len += sizeof(CREDENTIALW);
736 ret = registry_read_credential(hkeyCred, buffer ? credentials[*count] : NULL,
737 key_data, buffer ? *buffer + sizeof(CREDENTIALW) : NULL,
738 len);
739 RegCloseKey(hkeyCred);
740 if (ret != ERROR_SUCCESS) break;
741 if (buffer) *buffer += *len;
742 (*count)++;
743 }
744 return ret;
745 }
746
747 #ifdef __APPLE__
748 static BOOL mac_credential_matches_filter(void *data, UInt32 data_len, const WCHAR *filter)
749 {
750 int len;
751 WCHAR *target_name;
752 const WCHAR *p;
753 BOOL ret;
754
755 if (!filter) return TRUE;
756
757 len = MultiByteToWideChar(CP_UTF8, 0, data, data_len, NULL, 0);
758 if (!(target_name = heap_alloc((len + 1) * sizeof(WCHAR)))) return FALSE;
759 MultiByteToWideChar(CP_UTF8, 0, data, data_len, target_name, len);
760 target_name[len] = 0;
761
762 TRACE("comparing filter %s to target name %s\n", debugstr_w(filter), debugstr_w(target_name));
763
764 p = strchrW(filter, '*');
765 ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
766 (p && !p[1] ? p - filter : -1), target_name,
767 (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
768 heap_free(target_name);
769 return ret;
770 }
771
772 static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials,
773 char *buffer, DWORD *len, DWORD *count)
774 {
775 SecKeychainSearchRef search;
776 SecKeychainItemRef item;
777 OSStatus status;
778 Boolean saved_user_interaction_allowed;
779 DWORD ret;
780
781 SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed);
782 SecKeychainSetUserInteractionAllowed(false);
783
784 status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
785 if (status == noErr)
786 {
787 while (SecKeychainSearchCopyNext(search, &item) == noErr)
788 {
789 SecKeychainAttributeInfo info;
790 SecKeychainAttributeList *attr_list;
791 UInt32 info_tags[] = { kSecServiceItemAttr };
792 BOOL match;
793
794 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
795 info.tag = info_tags;
796 info.format = NULL;
797 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
798 if (status != noErr)
799 {
800 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
801 continue;
802 }
803 if (buffer)
804 {
805 *len = sizeof(CREDENTIALW);
806 credentials[*count] = (PCREDENTIALW)buffer;
807 }
808 else
809 *len += sizeof(CREDENTIALW);
810 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
811 {
812 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
813 continue;
814 }
815 TRACE("service item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
816 match = mac_credential_matches_filter(attr_list->attr[0].data, attr_list->attr[0].length, filter);
817 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
818 if (!match) continue;
819 ret = mac_read_credential_from_item(item, FALSE,
820 buffer ? credentials[*count] : NULL,
821 buffer ? buffer + sizeof(CREDENTIALW) : NULL,
822 len);
823 CFRelease(item);
824 if (ret == ERROR_SUCCESS)
825 {
826 (*count)++;
827 if (buffer) buffer += *len;
828 }
829 }
830 CFRelease(search);
831 }
832 else
833 ERR("SecKeychainSearchCreateFromAttributes returned status %ld\n", status);
834 SecKeychainSetUserInteractionAllowed(saved_user_interaction_allowed);
835 return ERROR_SUCCESS;
836 }
837
838 static DWORD mac_delete_credential(LPCWSTR TargetName)
839 {
840 OSStatus status;
841 SecKeychainSearchRef search;
842 status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
843 if (status == noErr)
844 {
845 SecKeychainItemRef item;
846 while (SecKeychainSearchCopyNext(search, &item) == noErr)
847 {
848 SecKeychainAttributeInfo info;
849 SecKeychainAttributeList *attr_list;
850 UInt32 info_tags[] = { kSecServiceItemAttr };
851 LPWSTR target_name;
852 INT str_len;
853 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
854 info.tag = info_tags;
855 info.format = NULL;
856 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
857 if (status != noErr)
858 {
859 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
860 continue;
861 }
862 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
863 {
864 CFRelease(item);
865 continue;
866 }
867 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
868 target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
869 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
870 /* nul terminate */
871 target_name[str_len] = '\0';
872 if (strcmpiW(TargetName, target_name))
873 {
874 CFRelease(item);
875 heap_free(target_name);
876 continue;
877 }
878 heap_free(target_name);
879 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
880 SecKeychainItemDelete(item);
881 CFRelease(item);
882 CFRelease(search);
883
884 return ERROR_SUCCESS;
885 }
886 CFRelease(search);
887 }
888 return ERROR_NOT_FOUND;
889 }
890 #endif
891
892 /******************************************************************************
893 * convert_PCREDENTIALW_to_PCREDENTIALA [internal]
894 *
895 * convert a Credential struct from UNICODE to ANSI and return the needed size in Bytes
896 *
897 */
898
899 static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, DWORD len)
900 {
901 char *buffer;
902 INT string_len;
903 INT needed = sizeof(CREDENTIALA);
904
905 if (!CredentialA)
906 {
907 if (CredentialW->TargetName)
908 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, NULL, 0, NULL, NULL);
909 if (CredentialW->Comment)
910 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, NULL, 0, NULL, NULL);
911 needed += CredentialW->CredentialBlobSize;
912 if (CredentialW->TargetAlias)
913 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, NULL, 0, NULL, NULL);
914 if (CredentialW->UserName)
915 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, NULL, 0, NULL, NULL);
916
917 return needed;
918 }
919
920
921 buffer = (char *)CredentialA + sizeof(CREDENTIALA);
922 len -= sizeof(CREDENTIALA);
923 CredentialA->Flags = CredentialW->Flags;
924 CredentialA->Type = CredentialW->Type;
925
926 if (CredentialW->TargetName)
927 {
928 CredentialA->TargetName = buffer;
929 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, buffer, len, NULL, NULL);
930 buffer += string_len;
931 needed += string_len;
932 len -= string_len;
933 }
934 else
935 CredentialA->TargetName = NULL;
936 if (CredentialW->Comment)
937 {
938 CredentialA->Comment = buffer;
939 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, buffer, len, NULL, NULL);
940 buffer += string_len;
941 needed += string_len;
942 len -= string_len;
943 }
944 else
945 CredentialA->Comment = NULL;
946 CredentialA->LastWritten = CredentialW->LastWritten;
947 CredentialA->CredentialBlobSize = CredentialW->CredentialBlobSize;
948 if (CredentialW->CredentialBlobSize && (CredentialW->CredentialBlobSize <= len))
949 {
950 CredentialA->CredentialBlob =(LPBYTE)buffer;
951 memcpy(CredentialA->CredentialBlob, CredentialW->CredentialBlob,
952 CredentialW->CredentialBlobSize);
953 buffer += CredentialW->CredentialBlobSize;
954 needed += CredentialW->CredentialBlobSize;
955 len -= CredentialW->CredentialBlobSize;
956 }
957 else
958 CredentialA->CredentialBlob = NULL;
959 CredentialA->Persist = CredentialW->Persist;
960 CredentialA->AttributeCount = 0;
961 CredentialA->Attributes = NULL; /* FIXME */
962 if (CredentialW->TargetAlias)
963 {
964 CredentialA->TargetAlias = buffer;
965 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, buffer, len, NULL, NULL);
966 buffer += string_len;
967 needed += string_len;
968 len -= string_len;
969 }
970 else
971 CredentialA->TargetAlias = NULL;
972 if (CredentialW->UserName)
973 {
974 CredentialA->UserName = buffer;
975 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, buffer, len, NULL, NULL);
976 needed += string_len;
977 }
978 else
979 CredentialA->UserName = NULL;
980
981 return needed;
982 }
983
984 /******************************************************************************
985 * convert_PCREDENTIALA_to_PCREDENTIALW [internal]
986 *
987 * convert a Credential struct from ANSI to UNICODE and return the needed size in Bytes
988 *
989 */
990 static INT convert_PCREDENTIALA_to_PCREDENTIALW(const CREDENTIALA *CredentialA, PCREDENTIALW CredentialW, INT len)
991 {
992 char *buffer;
993 INT string_len;
994 INT needed = sizeof(CREDENTIALW);
995
996 if (!CredentialW)
997 {
998 if (CredentialA->TargetName)
999 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, NULL, 0);
1000 if (CredentialA->Comment)
1001 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, NULL, 0);
1002 needed += CredentialA->CredentialBlobSize;
1003 if (CredentialA->TargetAlias)
1004 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, NULL, 0);
1005 if (CredentialA->UserName)
1006 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, NULL, 0);
1007
1008 return needed;
1009 }
1010
1011 buffer = (char *)CredentialW + sizeof(CREDENTIALW);
1012 len -= sizeof(CREDENTIALW);
1013 CredentialW->Flags = CredentialA->Flags;
1014 CredentialW->Type = CredentialA->Type;
1015 if (CredentialA->TargetName)
1016 {
1017 CredentialW->TargetName = (LPWSTR)buffer;
1018 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, CredentialW->TargetName, len / sizeof(WCHAR));
1019 buffer += sizeof(WCHAR) * string_len;
1020 needed += sizeof(WCHAR) * string_len;
1021 len -= sizeof(WCHAR) * string_len;
1022 }
1023 else
1024 CredentialW->TargetName = NULL;
1025 if (CredentialA->Comment)
1026 {
1027 CredentialW->Comment = (LPWSTR)buffer;
1028 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, CredentialW->Comment, len / sizeof(WCHAR));
1029 buffer += sizeof(WCHAR) * string_len;
1030 needed += sizeof(WCHAR) * string_len;
1031 len -= sizeof(WCHAR) * string_len;
1032 }
1033 else
1034 CredentialW->Comment = NULL;
1035 CredentialW->LastWritten = CredentialA->LastWritten;
1036 CredentialW->CredentialBlobSize = CredentialA->CredentialBlobSize;
1037 if (CredentialA->CredentialBlobSize)
1038 {
1039 CredentialW->CredentialBlob =(LPBYTE)buffer;
1040 memcpy(CredentialW->CredentialBlob, CredentialA->CredentialBlob,
1041 CredentialA->CredentialBlobSize);
1042 buffer += CredentialA->CredentialBlobSize;
1043 needed += CredentialA->CredentialBlobSize;
1044 len -= CredentialA->CredentialBlobSize;
1045 }
1046 else
1047 CredentialW->CredentialBlob = NULL;
1048 CredentialW->Persist = CredentialA->Persist;
1049 CredentialW->AttributeCount = 0;
1050 CredentialW->Attributes = NULL; /* FIXME */
1051 if (CredentialA->TargetAlias)
1052 {
1053 CredentialW->TargetAlias = (LPWSTR)buffer;
1054 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, CredentialW->TargetAlias, len / sizeof(WCHAR));
1055 buffer += sizeof(WCHAR) * string_len;
1056 needed += sizeof(WCHAR) * string_len;
1057 len -= sizeof(WCHAR) * string_len;
1058 }
1059 else
1060 CredentialW->TargetAlias = NULL;
1061 if (CredentialA->UserName)
1062 {
1063 CredentialW->UserName = (LPWSTR)buffer;
1064 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, CredentialW->UserName, len / sizeof(WCHAR));
1065 needed += sizeof(WCHAR) * string_len;
1066 }
1067 else
1068 CredentialW->UserName = NULL;
1069
1070 return needed;
1071 }
1072
1073 /******************************************************************************
1074 * CredDeleteA [ADVAPI32.@]
1075 */
1076 BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
1077 {
1078 LPWSTR TargetNameW;
1079 DWORD len;
1080 BOOL ret;
1081
1082 TRACE("(%s, %d, 0x%x)\n", debugstr_a(TargetName), Type, Flags);
1083
1084 if (!TargetName)
1085 {
1086 SetLastError(ERROR_INVALID_PARAMETER);
1087 return FALSE;
1088 }
1089
1090 len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1091 TargetNameW = heap_alloc(len * sizeof(WCHAR));
1092 if (!TargetNameW)
1093 {
1094 SetLastError(ERROR_OUTOFMEMORY);
1095 return FALSE;
1096 }
1097 MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1098
1099 ret = CredDeleteW(TargetNameW, Type, Flags);
1100
1101 heap_free(TargetNameW);
1102
1103 return ret;
1104 }
1105
1106 /******************************************************************************
1107 * CredDeleteW [ADVAPI32.@]
1108 */
1109 BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags)
1110 {
1111 HKEY hkeyMgr;
1112 DWORD ret;
1113 LPWSTR key_name;
1114
1115 TRACE("(%s, %d, 0x%x)\n", debugstr_w(TargetName), Type, Flags);
1116
1117 if (!TargetName)
1118 {
1119 SetLastError(ERROR_INVALID_PARAMETER);
1120 return FALSE;
1121 }
1122
1123 if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1124 {
1125 FIXME("unhandled type %d\n", Type);
1126 SetLastError(ERROR_INVALID_PARAMETER);
1127 return FALSE;
1128 }
1129
1130 if (Flags)
1131 {
1132 FIXME("unhandled flags 0x%x\n", Flags);
1133 SetLastError(ERROR_INVALID_FLAGS);
1134 return FALSE;
1135 }
1136
1137 #ifdef __APPLE__
1138 if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1139 {
1140 ret = mac_delete_credential(TargetName);
1141 if (ret == ERROR_SUCCESS)
1142 return TRUE;
1143 }
1144 #endif
1145
1146 ret = open_cred_mgr_key(&hkeyMgr, TRUE);
1147 if (ret != ERROR_SUCCESS)
1148 {
1149 WARN("couldn't open/create manager key, error %d\n", ret);
1150 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1151 return FALSE;
1152 }
1153
1154 key_name = get_key_name_for_target(TargetName, Type);
1155 ret = RegDeleteKeyW(hkeyMgr, key_name);
1156 heap_free(key_name);
1157 RegCloseKey(hkeyMgr);
1158 if (ret != ERROR_SUCCESS)
1159 {
1160 SetLastError(ERROR_NOT_FOUND);
1161 return FALSE;
1162 }
1163
1164 return TRUE;
1165 }
1166
1167 /******************************************************************************
1168 * CredEnumerateA [ADVAPI32.@]
1169 */
1170 BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
1171 PCREDENTIALA **Credentials)
1172 {
1173 LPWSTR FilterW;
1174 PCREDENTIALW *CredentialsW;
1175 DWORD i;
1176 INT len;
1177 INT needed;
1178 char *buffer;
1179
1180 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_a(Filter), Flags, Count, Credentials);
1181
1182 if (Filter)
1183 {
1184 len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0);
1185 FilterW = heap_alloc(len * sizeof(WCHAR));
1186 if (!FilterW)
1187 {
1188 SetLastError(ERROR_OUTOFMEMORY);
1189 return FALSE;
1190 }
1191 MultiByteToWideChar(CP_ACP, 0, Filter, -1, FilterW, len);
1192 }
1193 else
1194 FilterW = NULL;
1195
1196 if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW))
1197 {
1198 heap_free(FilterW);
1199 return FALSE;
1200 }
1201 heap_free(FilterW);
1202
1203 len = *Count * sizeof(PCREDENTIALA);
1204 for (i = 0; i < *Count; i++)
1205 len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
1206
1207 *Credentials = heap_alloc(len);
1208 if (!*Credentials)
1209 {
1210 CredFree(CredentialsW);
1211 SetLastError(ERROR_OUTOFMEMORY);
1212 return FALSE;
1213 }
1214
1215 buffer = (char *)&(*Credentials)[*Count];
1216 len -= *Count * sizeof(PCREDENTIALA);
1217 for (i = 0; i < *Count; i++)
1218 {
1219 (*Credentials)[i] = (PCREDENTIALA)buffer;
1220 needed = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], (*Credentials)[i], len);
1221 buffer += needed;
1222 len -= needed;
1223 }
1224
1225 CredFree(CredentialsW);
1226
1227 return TRUE;
1228 }
1229
1230 /******************************************************************************
1231 * CredEnumerateW [ADVAPI32.@]
1232 */
1233 BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
1234 PCREDENTIALW **Credentials)
1235 {
1236 HKEY hkeyMgr;
1237 DWORD ret;
1238 LPWSTR target_name;
1239 DWORD target_name_len;
1240 DWORD len;
1241 char *buffer;
1242 BYTE key_data[KEY_SIZE];
1243
1244 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_w(Filter), Flags, Count, Credentials);
1245
1246 if (Flags)
1247 {
1248 SetLastError(ERROR_INVALID_FLAGS);
1249 return FALSE;
1250 }
1251
1252 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1253 if (ret != ERROR_SUCCESS)
1254 {
1255 WARN("couldn't open/create manager key, error %d\n", ret);
1256 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1257 return FALSE;
1258 }
1259
1260 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1261 if (ret != ERROR_SUCCESS)
1262 {
1263 RegCloseKey(hkeyMgr);
1264 SetLastError(ret);
1265 return FALSE;
1266 }
1267
1268 ret = RegQueryInfoKeyW(hkeyMgr, NULL, NULL, NULL, NULL, &target_name_len, NULL, NULL, NULL, NULL, NULL, NULL);
1269 if (ret != ERROR_SUCCESS)
1270 {
1271 RegCloseKey(hkeyMgr);
1272 SetLastError(ret);
1273 return FALSE;
1274 }
1275
1276 target_name = heap_alloc((target_name_len+1)*sizeof(WCHAR));
1277 if (!target_name)
1278 {
1279 RegCloseKey(hkeyMgr);
1280 SetLastError(ERROR_OUTOFMEMORY);
1281 return FALSE;
1282 }
1283
1284 *Count = 0;
1285 len = 0;
1286 ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name, target_name_len,
1287 key_data, NULL, NULL, &len, Count);
1288 #ifdef __APPLE__
1289 if (ret == ERROR_SUCCESS)
1290 ret = mac_enumerate_credentials(Filter, NULL, NULL, &len, Count);
1291 #endif
1292 if (ret == ERROR_SUCCESS && *Count == 0)
1293 ret = ERROR_NOT_FOUND;
1294 if (ret != ERROR_SUCCESS)
1295 {
1296 heap_free(target_name);
1297 RegCloseKey(hkeyMgr);
1298 SetLastError(ret);
1299 return FALSE;
1300 }
1301 len += *Count * sizeof(PCREDENTIALW);
1302
1303 if (ret == ERROR_SUCCESS)
1304 {
1305 buffer = heap_alloc(len);
1306 *Credentials = (PCREDENTIALW *)buffer;
1307 if (buffer)
1308 {
1309 buffer += *Count * sizeof(PCREDENTIALW);
1310 *Count = 0;
1311 ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name,
1312 target_name_len, key_data,
1313 *Credentials, &buffer, &len,
1314 Count);
1315 #ifdef __APPLE__
1316 if (ret == ERROR_SUCCESS)
1317 ret = mac_enumerate_credentials(Filter, *Credentials,
1318 buffer, &len, Count);
1319 #endif
1320 }
1321 else
1322 ret = ERROR_OUTOFMEMORY;
1323 }
1324
1325 heap_free(target_name);
1326 RegCloseKey(hkeyMgr);
1327
1328 if (ret != ERROR_SUCCESS)
1329 {
1330 SetLastError(ret);
1331 return FALSE;
1332 }
1333 return TRUE;
1334 }
1335
1336 /******************************************************************************
1337 * CredFree [ADVAPI32.@]
1338 */
1339 VOID WINAPI CredFree(PVOID Buffer)
1340 {
1341 heap_free(Buffer);
1342 }
1343
1344 /******************************************************************************
1345 * CredReadA [ADVAPI32.@]
1346 */
1347 BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *Credential)
1348 {
1349 LPWSTR TargetNameW;
1350 PCREDENTIALW CredentialW;
1351 INT len;
1352
1353 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_a(TargetName), Type, Flags, Credential);
1354
1355 if (!TargetName)
1356 {
1357 SetLastError(ERROR_INVALID_PARAMETER);
1358 return FALSE;
1359 }
1360
1361 len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1362 TargetNameW = heap_alloc(len * sizeof(WCHAR));
1363 if (!TargetNameW)
1364 {
1365 SetLastError(ERROR_OUTOFMEMORY);
1366 return FALSE;
1367 }
1368 MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1369
1370 if (!CredReadW(TargetNameW, Type, Flags, &CredentialW))
1371 {
1372 heap_free(TargetNameW);
1373 return FALSE;
1374 }
1375 heap_free(TargetNameW);
1376
1377 len = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, 0);
1378 *Credential = heap_alloc(len);
1379 if (!*Credential)
1380 {
1381 SetLastError(ERROR_OUTOFMEMORY);
1382 return FALSE;
1383 }
1384 convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, *Credential, len);
1385
1386 CredFree(CredentialW);
1387
1388 return TRUE;
1389 }
1390
1391 /******************************************************************************
1392 * CredReadW [ADVAPI32.@]
1393 */
1394 BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW *Credential)
1395 {
1396 HKEY hkeyMgr;
1397 HKEY hkeyCred;
1398 DWORD ret;
1399 LPWSTR key_name;
1400 DWORD len;
1401 BYTE key_data[KEY_SIZE];
1402
1403 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_w(TargetName), Type, Flags, Credential);
1404
1405 if (!TargetName)
1406 {
1407 SetLastError(ERROR_INVALID_PARAMETER);
1408 return FALSE;
1409 }
1410
1411 if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1412 {
1413 FIXME("unhandled type %d\n", Type);
1414 SetLastError(ERROR_INVALID_PARAMETER);
1415 return FALSE;
1416 }
1417
1418 if (Flags)
1419 {
1420 FIXME("unhandled flags 0x%x\n", Flags);
1421 SetLastError(ERROR_INVALID_FLAGS);
1422 return FALSE;
1423 }
1424
1425 #ifdef __APPLE__
1426 if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1427 {
1428 OSStatus status;
1429 SecKeychainSearchRef search;
1430 status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
1431 if (status == noErr)
1432 {
1433 SecKeychainItemRef item;
1434 while (SecKeychainSearchCopyNext(search, &item) == noErr)
1435 {
1436 SecKeychainAttributeInfo info;
1437 SecKeychainAttributeList *attr_list;
1438 UInt32 info_tags[] = { kSecServiceItemAttr };
1439 LPWSTR target_name;
1440 INT str_len;
1441 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
1442 info.tag = info_tags;
1443 info.format = NULL;
1444 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
1445 len = sizeof(**Credential);
1446 if (status != noErr)
1447 {
1448 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
1449 continue;
1450 }
1451 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
1452 {
1453 CFRelease(item);
1454 continue;
1455 }
1456 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
1457 target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
1458 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
1459 /* nul terminate */
1460 target_name[str_len] = '\0';
1461 if (strcmpiW(TargetName, target_name))
1462 {
1463 CFRelease(item);
1464 heap_free(target_name);
1465 continue;
1466 }
1467 heap_free(target_name);
1468 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
1469 ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len);
1470 if (ret == ERROR_SUCCESS)
1471 {
1472 *Credential = heap_alloc(len);
1473 if (*Credential)
1474 {
1475 len = sizeof(**Credential);
1476 ret = mac_read_credential_from_item(item, TRUE, *Credential,
1477 (char *)(*Credential + 1), &len);
1478 }
1479 else
1480 ret = ERROR_OUTOFMEMORY;
1481 CFRelease(item);
1482 CFRelease(search);
1483 if (ret != ERROR_SUCCESS)
1484 {
1485 SetLastError(ret);
1486 return FALSE;
1487 }
1488 return TRUE;
1489 }
1490 CFRelease(item);
1491 }
1492 CFRelease(search);
1493 }
1494 }
1495 #endif
1496
1497 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1498 if (ret != ERROR_SUCCESS)
1499 {
1500 WARN("couldn't open/create manager key, error %d\n", ret);
1501 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1502 return FALSE;
1503 }
1504
1505 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1506 if (ret != ERROR_SUCCESS)
1507 {
1508 RegCloseKey(hkeyMgr);
1509 SetLastError(ret);
1510 return FALSE;
1511 }
1512
1513 key_name = get_key_name_for_target(TargetName, Type);
1514 ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred);
1515 heap_free(key_name);
1516 if (ret != ERROR_SUCCESS)
1517 {
1518 TRACE("credentials for target name %s not found\n", debugstr_w(TargetName));
1519 SetLastError(ERROR_NOT_FOUND);
1520 return FALSE;
1521 }
1522
1523 len = sizeof(**Credential);
1524 ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len);
1525 if (ret == ERROR_SUCCESS)
1526 {
1527 *Credential = heap_alloc(len);
1528 if (*Credential)
1529 {
1530 len = sizeof(**Credential);
1531 ret = registry_read_credential(hkeyCred, *Credential, key_data,
1532 (char *)(*Credential + 1), &len);
1533 }
1534 else
1535 ret = ERROR_OUTOFMEMORY;
1536 }
1537
1538 RegCloseKey(hkeyCred);
1539 RegCloseKey(hkeyMgr);
1540
1541 if (ret != ERROR_SUCCESS)
1542 {
1543 SetLastError(ret);
1544 return FALSE;
1545 }
1546 return TRUE;
1547 }
1548
1549 /******************************************************************************
1550 * CredReadDomainCredentialsA [ADVAPI32.@]
1551 */
1552 BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInformation,
1553 DWORD Flags, DWORD *Size, PCREDENTIALA **Credentials)
1554 {
1555 PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW;
1556 INT len;
1557 DWORD i;
1558 WCHAR *buffer, *end;
1559 BOOL ret;
1560 PCREDENTIALW* CredentialsW;
1561
1562 TRACE("(%p, 0x%x, %p, %p)\n", TargetInformation, Flags, Size, Credentials);
1563
1564 /* follow Windows behavior - do not test for NULL, initialize early */
1565 *Size = 0;
1566 *Credentials = NULL;
1567
1568 if (!TargetInformation)
1569 {
1570 SetLastError(ERROR_INVALID_PARAMETER);
1571 return FALSE;
1572 }
1573
1574 len = sizeof(*TargetInformationW);
1575 if (TargetInformation->TargetName)
1576 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->TargetName, -1, NULL, 0) * sizeof(WCHAR);
1577 if (TargetInformation->NetbiosServerName)
1578 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosServerName, -1, NULL, 0) * sizeof(WCHAR);
1579 if (TargetInformation->DnsServerName)
1580 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsServerName, -1, NULL, 0) * sizeof(WCHAR);
1581 if (TargetInformation->NetbiosDomainName)
1582 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosDomainName, -1, NULL, 0) * sizeof(WCHAR);
1583 if (TargetInformation->DnsDomainName)
1584 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsDomainName, -1, NULL, 0) * sizeof(WCHAR);
1585 if (TargetInformation->DnsTreeName)
1586 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsTreeName, -1, NULL, 0) * sizeof(WCHAR);
1587 if (TargetInformation->PackageName)
1588 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, NULL, 0) * sizeof(WCHAR);
1589
1590 TargetInformationW = heap_alloc(len);
1591 if (!TargetInformationW)
1592 {
1593 SetLastError(ERROR_OUTOFMEMORY);
1594 return FALSE;
1595 }
1596 buffer = (WCHAR*)(TargetInformationW + 1);
1597 end = (WCHAR *)((char *)TargetInformationW + len);
1598
1599 if (TargetInformation->TargetName)
1600 {
1601 TargetInformationW->TargetName = buffer;
1602 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->TargetName, -1,
1603 TargetInformationW->TargetName, end - buffer);
1604 } else
1605 TargetInformationW->TargetName = NULL;
1606
1607 if (TargetInformation->NetbiosServerName)
1608 {
1609 TargetInformationW->NetbiosServerName = buffer;
1610 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosServerName, -1,
1611 TargetInformationW->NetbiosServerName, end - buffer);
1612 } else
1613 TargetInformationW->NetbiosServerName = NULL;
1614
1615 if (TargetInformation->DnsServerName)
1616 {
1617 TargetInformationW->DnsServerName = buffer;
1618 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsServerName, -1,
1619 TargetInformationW->DnsServerName, end - buffer);
1620 } else
1621 TargetInformationW->DnsServerName = NULL;
1622
1623 if (TargetInformation->NetbiosDomainName)
1624 {
1625 TargetInformationW->NetbiosDomainName = buffer;
1626 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosDomainName, -1,
1627 TargetInformationW->NetbiosDomainName, end - buffer);
1628 } else
1629 TargetInformationW->NetbiosDomainName = NULL;
1630
1631 if (TargetInformation->DnsDomainName)
1632 {
1633 TargetInformationW->DnsDomainName = buffer;
1634 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsDomainName, -1,
1635 TargetInformationW->DnsDomainName, end - buffer);
1636 } else
1637 TargetInformationW->DnsDomainName = NULL;
1638
1639 if (TargetInformation->DnsTreeName)
1640 {
1641 TargetInformationW->DnsTreeName = buffer;
1642 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsTreeName, -1,
1643 TargetInformationW->DnsTreeName, end - buffer);
1644 } else
1645 TargetInformationW->DnsTreeName = NULL;
1646
1647 if (TargetInformation->PackageName)
1648 {
1649 TargetInformationW->PackageName = buffer;
1650 MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
1651 TargetInformationW->PackageName, end - buffer);
1652 } else
1653 TargetInformationW->PackageName = NULL;
1654
1655 TargetInformationW->Flags = TargetInformation->Flags;
1656 TargetInformationW->CredTypeCount = TargetInformation->CredTypeCount;
1657 TargetInformationW->CredTypes = TargetInformation->CredTypes;
1658
1659 ret = CredReadDomainCredentialsW(TargetInformationW, Flags, Size, &CredentialsW);
1660
1661 heap_free(TargetInformationW);
1662
1663 if (ret)
1664 {
1665 char *buf;
1666 INT needed;
1667
1668 len = *Size * sizeof(PCREDENTIALA);
1669 for (i = 0; i < *Size; i++)
1670 len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
1671
1672 *Credentials = heap_alloc(len);
1673 if (!*Credentials)
1674 {
1675 CredFree(CredentialsW);
1676 SetLastError(ERROR_OUTOFMEMORY);
1677 return FALSE;
1678 }
1679
1680 buf = (char *)&(*Credentials)[*Size];
1681 len -= *Size * sizeof(PCREDENTIALA);
1682 for (i = 0; i < *Size; i++)
1683 {
1684 (*Credentials)[i] = (PCREDENTIALA)buf;
1685 needed = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], (*Credentials)[i], len);
1686 buf += needed;
1687 len -= needed;
1688 }
1689
1690 CredFree(CredentialsW);
1691 }
1692 return ret;
1693 }
1694
1695 /******************************************************************************
1696 * CredReadDomainCredentialsW [ADVAPI32.@]
1697 */
1698 BOOL WINAPI CredReadDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInformation, DWORD Flags,
1699 DWORD *Size, PCREDENTIALW **Credentials)
1700 {
1701 FIXME("(%p, 0x%x, %p, %p) stub\n", TargetInformation, Flags, Size, Credentials);
1702
1703 /* follow Windows behavior - do not test for NULL, initialize early */
1704 *Size = 0;
1705 *Credentials = NULL;
1706 if (!TargetInformation)
1707 {
1708 SetLastError(ERROR_INVALID_PARAMETER);
1709 return FALSE;
1710 }
1711
1712 SetLastError(ERROR_NOT_FOUND);
1713 return FALSE;
1714 }
1715
1716 /******************************************************************************
1717 * CredWriteA [ADVAPI32.@]
1718 */
1719 BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
1720 {
1721 BOOL ret;
1722 INT len;
1723 PCREDENTIALW CredentialW;
1724
1725 TRACE("(%p, 0x%x)\n", Credential, Flags);
1726
1727 if (!Credential || !Credential->TargetName)
1728 {
1729 SetLastError(ERROR_INVALID_PARAMETER);
1730 return FALSE;
1731 }
1732
1733 len = convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, 0);
1734 CredentialW = heap_alloc(len);
1735 if (!CredentialW)
1736 {
1737 SetLastError(ERROR_OUTOFMEMORY);
1738 return FALSE;
1739 }
1740
1741 convert_PCREDENTIALA_to_PCREDENTIALW(Credential, CredentialW, len);
1742
1743 ret = CredWriteW(CredentialW, Flags);
1744
1745 heap_free(CredentialW);
1746
1747 return ret;
1748 }
1749
1750 /******************************************************************************
1751 * CredWriteW [ADVAPI32.@]
1752 */
1753 BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
1754 {
1755 HKEY hkeyMgr;
1756 HKEY hkeyCred;
1757 DWORD ret;
1758 LPWSTR key_name;
1759 BYTE key_data[KEY_SIZE];
1760
1761 TRACE("(%p, 0x%x)\n", Credential, Flags);
1762
1763 if (!Credential || !Credential->TargetName)
1764 {
1765 SetLastError(ERROR_INVALID_PARAMETER);
1766 return FALSE;
1767 }
1768
1769 if (Flags & ~CRED_PRESERVE_CREDENTIAL_BLOB)
1770 {
1771 FIXME("unhandled flags 0x%x\n", Flags);
1772 SetLastError(ERROR_INVALID_FLAGS);
1773 return FALSE;
1774 }
1775
1776 if (Credential->Type != CRED_TYPE_GENERIC && Credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
1777 {
1778 FIXME("unhandled type %d\n", Credential->Type);
1779 SetLastError(ERROR_INVALID_PARAMETER);
1780 return FALSE;
1781 }
1782
1783 TRACE("Credential->Flags = 0x%08x\n", Credential->Flags);
1784 TRACE("Credential->Type = %u\n", Credential->Type);
1785 TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName));
1786 TRACE("Credential->Comment = %s\n", debugstr_w(Credential->Comment));
1787 TRACE("Credential->Persist = %u\n", Credential->Persist);
1788 TRACE("Credential->TargetAlias = %s\n", debugstr_w(Credential->TargetAlias));
1789 TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName));
1790
1791 if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD)
1792 {
1793 if (!Credential->UserName ||
1794 (Credential->Persist == CRED_PERSIST_ENTERPRISE &&
1795 (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@'))))
1796 {
1797 ERR("bad username %s\n", debugstr_w(Credential->UserName));
1798 SetLastError(ERROR_BAD_USERNAME);
1799 return FALSE;
1800 }
1801 }
1802
1803 #ifdef __APPLE__
1804 if (!Credential->AttributeCount &&
1805 Credential->Type == CRED_TYPE_DOMAIN_PASSWORD &&
1806 (Credential->Persist == CRED_PERSIST_LOCAL_MACHINE || Credential->Persist == CRED_PERSIST_ENTERPRISE))
1807 {
1808 ret = mac_write_credential(Credential, Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1809 if (ret != ERROR_SUCCESS)
1810 {
1811 SetLastError(ret);
1812 return FALSE;
1813 }
1814 return TRUE;
1815 }
1816 #endif
1817
1818 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1819 if (ret != ERROR_SUCCESS)
1820 {
1821 WARN("couldn't open/create manager key, error %d\n", ret);
1822 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1823 return FALSE;
1824 }
1825
1826 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1827 if (ret != ERROR_SUCCESS)
1828 {
1829 RegCloseKey(hkeyMgr);
1830 SetLastError(ret);
1831 return FALSE;
1832 }
1833
1834 key_name = get_key_name_for_target(Credential->TargetName, Credential->Type);
1835 ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL,
1836 Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE,
1837 KEY_READ|KEY_WRITE, NULL, &hkeyCred, NULL);
1838 heap_free(key_name);
1839 if (ret != ERROR_SUCCESS)
1840 {
1841 TRACE("credentials for target name %s not found\n",
1842 debugstr_w(Credential->TargetName));
1843 SetLastError(ERROR_NOT_FOUND);
1844 return FALSE;
1845 }
1846
1847 ret = registry_write_credential(hkeyCred, Credential, key_data,
1848 Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1849
1850 RegCloseKey(hkeyCred);
1851 RegCloseKey(hkeyMgr);
1852
1853 if (ret != ERROR_SUCCESS)
1854 {
1855 SetLastError(ret);
1856 return FALSE;
1857 }
1858 return TRUE;
1859 }
1860
1861 /******************************************************************************
1862 * CredGetSessionTypes [ADVAPI32.@]
1863 */
1864 WINADVAPI BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
1865 {
1866 TRACE("(%u, %p)\n", persistCount, persists);
1867
1868 memset(persists, CRED_PERSIST_NONE, persistCount*sizeof(*persists));
1869 if (CRED_TYPE_GENERIC < persistCount)
1870 {
1871 persists[CRED_TYPE_GENERIC] = CRED_PERSIST_ENTERPRISE;
1872
1873 if (CRED_TYPE_DOMAIN_PASSWORD < persistCount)
1874 {
1875 persists[CRED_TYPE_DOMAIN_PASSWORD] = CRED_PERSIST_ENTERPRISE;
1876 }
1877 }
1878 return TRUE;
1879 }
1880
1881 /******************************************************************************
1882 * CredMarshalCredentialA [ADVAPI32.@]
1883 */
1884 BOOL WINAPI CredMarshalCredentialA( CRED_MARSHAL_TYPE type, PVOID cred, LPSTR *out )
1885 {
1886 BOOL ret;
1887 WCHAR *outW;
1888
1889 TRACE("%u, %p, %p\n", type, cred, out);
1890
1891 if ((ret = CredMarshalCredentialW( type, cred, &outW )))
1892 {
1893 int len = WideCharToMultiByte( CP_ACP, 0, outW, -1, NULL, 0, NULL, NULL );
1894 if (!(*out = heap_alloc( len )))
1895 {
1896 heap_free( outW );
1897 return FALSE;
1898 }
1899 WideCharToMultiByte( CP_ACP, 0, outW, -1, *out, len, NULL, NULL );
1900 heap_free( outW );
1901 }
1902 return ret;
1903 }
1904
1905 static UINT cred_encode( const char *bin, unsigned int len, WCHAR *cred )
1906 {
1907 static const char enc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789#-";
1908 UINT n = 0, x;
1909
1910 while (len > 0)
1911 {
1912 cred[n++] = enc[bin[0] & 0x3f];
1913 x = (bin[0] & 0xc0) >> 6;
1914 if (len == 1)
1915 {
1916 cred[n++] = enc[x];
1917 break;
1918 }
1919 cred[n++] = enc[((bin[1] & 0xf) << 2) | x];
1920 x = (bin[1] & 0xf0) >> 4;
1921 if (len == 2)
1922 {
1923 cred[n++] = enc[x];
1924 break;
1925 }
1926 cred[n++] = enc[((bin[2] & 0x3) << 4) | x];
1927 cred[n++] = enc[(bin[2] & 0xfc) >> 2];
1928 bin += 3;
1929 len -= 3;
1930 }
1931 return n;
1932 }
1933
1934 /******************************************************************************
1935 * CredMarshalCredentialW [ADVAPI32.@]
1936 */
1937 BOOL WINAPI CredMarshalCredentialW( CRED_MARSHAL_TYPE type, PVOID cred, LPWSTR *out )
1938 {
1939 CERT_CREDENTIAL_INFO *cert = cred;
1940 USERNAME_TARGET_CREDENTIAL_INFO *target = cred;
1941 DWORD len, size;
1942 WCHAR *p;
1943
1944 TRACE("%u, %p, %p\n", type, cred, out);
1945
1946 if (!cred || (type == CertCredential && cert->cbSize < sizeof(*cert)) ||
1947 (type != CertCredential && type != UsernameTargetCredential && type != BinaryBlobCredential) ||
1948 (type == UsernameTargetCredential && (!target->UserName || !target->UserName[0])))
1949 {
1950 SetLastError( ERROR_INVALID_PARAMETER );
1951 return FALSE;
1952 }
1953 switch (type)
1954 {
1955 case CertCredential:
1956 {
1957 size = (sizeof(cert->rgbHashOfCert) + 2) * 4 / 3;
1958 if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
1959 p[0] = '@';
1960 p[1] = '@';
1961 p[2] = 'A' + type;
1962 len = cred_encode( (const char *)cert->rgbHashOfCert, sizeof(cert->rgbHashOfCert), p + 3 );
1963 p[len + 3] = 0;
1964 break;
1965 }
1966 case UsernameTargetCredential:
1967 {
1968 len = strlenW( target->UserName );
1969 size = (sizeof(DWORD) + len * sizeof(WCHAR) + 2) * 4 / 3;
1970 if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
1971 p[0] = '@';
1972 p[1] = '@';
1973 p[2] = 'A' + type;
1974 size = len * sizeof(WCHAR);
1975 len = cred_encode( (const char *)&size, sizeof(DWORD), p + 3 );
1976 len += cred_encode( (const char *)target->UserName, size, p + 3 + len );
1977 p[len + 3] = 0;
1978 break;
1979 }
1980 case BinaryBlobCredential:
1981 FIXME("BinaryBlobCredential not implemented\n");
1982 return FALSE;
1983 default:
1984 return FALSE;
1985 }
1986 *out = p;
1987 return TRUE;
1988 }
1989
1990 /******************************************************************************
1991 * CredUnmarshalCredentialA [ADVAPI32.@]
1992 */
1993 BOOL WINAPI CredUnmarshalCredentialA( LPCSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
1994 {
1995 BOOL ret;
1996 WCHAR *credW = NULL;
1997
1998 TRACE("%s, %p, %p\n", debugstr_a(cred), type, out);
1999
2000 if (cred)
2001 {
2002 int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 );
2003 if (!(credW = heap_alloc( len * sizeof(WCHAR) ))) return FALSE;
2004 MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len );
2005 }
2006 ret = CredUnmarshalCredentialW( credW, type, out );
2007 heap_free( credW );
2008 return ret;
2009 }
2010
2011 static inline char char_decode( WCHAR c )
2012 {
2013 if (c >= 'A' && c <= 'Z') return c - 'A';
2014 if (c >= 'a' && c <= 'z') return c - 'a' + 26;
2015 if (c >= '0' && c <= '9') return c - '0' + 52;
2016 if (c == '#') return 62;
2017 if (c == '-') return 63;
2018 return 64;
2019 }
2020
2021 static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
2022 {
2023 unsigned int i = 0;
2024 char c0, c1, c2, c3;
2025 const WCHAR *p = cred;
2026
2027 while (len >= 4)
2028 {
2029 if ((c0 = char_decode( p[0] )) > 63) return FALSE;
2030 if ((c1 = char_decode( p[1] )) > 63) return FALSE;
2031 if ((c2 = char_decode( p[2] )) > 63) return FALSE;
2032 if ((c3 = char_decode( p[3] )) > 63) return FALSE;
2033
2034 buf[i + 0] = (c1 << 6) | c0;
2035 buf[i + 1] = (c2 << 4) | (c1 >> 2);
2036 buf[i + 2] = (c3 << 2) | (c2 >> 4);
2037 len -= 4;
2038 i += 3;
2039 p += 4;
2040 }
2041 if (len == 3)
2042 {
2043 if ((c0 = char_decode( p[0] )) > 63) return FALSE;
2044 if ((c1 = char_decode( p[1] )) > 63) return FALSE;
2045 if ((c2 = char_decode( p[2] )) > 63) return FALSE;
2046
2047 buf[i + 0] = (c1 << 6) | c0;
2048 buf[i + 1] = (c2 << 4) | (c1 >> 2);
2049 }
2050 else if (len == 2)
2051 {
2052 if ((c0 = char_decode( p[0] )) > 63) return FALSE;
2053 if ((c1 = char_decode( p[1] )) > 63) return FALSE;
2054
2055 buf[i + 0] = (c1 << 6) | c0;
2056 }
2057 else if (len == 1)
2058 {
2059 return FALSE;
2060 }
2061 return TRUE;
2062 }
2063
2064 /******************************************************************************
2065 * CredUnmarshalCredentialW [ADVAPI32.@]
2066 */
2067 BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
2068 {
2069 unsigned int len, buflen;
2070
2071 TRACE("%s, %p, %p\n", debugstr_w(cred), type, out);
2072
2073 if (!cred || cred[0] != '@' || cred[1] != '@' ||
2074 char_decode( cred[2] ) > 63)
2075 {
2076 SetLastError( ERROR_INVALID_PARAMETER );
2077 return FALSE;
2078 }
2079 len = strlenW( cred + 3 );
2080 *type = char_decode( cred[2] );
2081 switch (*type)
2082 {
2083 case CertCredential:
2084 {
2085 char hash[CERT_HASH_LENGTH];
2086 CERT_CREDENTIAL_INFO *cert;
2087
2088 if (len != 27 || !cred_decode( cred + 3, len, hash ))
2089 {
2090 SetLastError( ERROR_INVALID_PARAMETER );
2091 return FALSE;
2092 }
2093 if (!(cert = heap_alloc( sizeof(*cert) ))) return FALSE;
2094 memcpy( cert->rgbHashOfCert, hash, sizeof(cert->rgbHashOfCert) );
2095 cert->cbSize = sizeof(*cert);
2096 *out = cert;
2097 break;
2098 }
2099 case UsernameTargetCredential:
2100 {
2101 USERNAME_TARGET_CREDENTIAL_INFO *target;
2102 DWORD size;
2103
2104 if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
2105 size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
2106 {
2107 SetLastError( ERROR_INVALID_PARAMETER );
2108 return FALSE;
2109 }
2110 buflen = sizeof(*target) + size + sizeof(WCHAR);
2111 if (!(target = heap_alloc( buflen ))) return FALSE;
2112 if (!cred_decode( cred + 9, len - 6, (char *)(target + 1) ))
2113 {
2114 heap_free( target );
2115 return FALSE;
2116 }
2117 target->UserName = (WCHAR *)(target + 1);
2118 target->UserName[size / sizeof(WCHAR)] = 0;
2119 *out = target;
2120 break;
2121 }
2122 case BinaryBlobCredential:
2123 FIXME("BinaryBlobCredential not implemented\n");
2124 return FALSE;
2125 default:
2126 WARN("unhandled type %u\n", *type);
2127 SetLastError( ERROR_INVALID_PARAMETER );
2128 return FALSE;
2129 }
2130 return TRUE;
2131 }
2132
2133 /******************************************************************************
2134 * CredIsMarshaledCredentialW [ADVAPI32.@]
2135 *
2136 * Check, if the name parameter is a marshaled credential, hash or binary blob
2137 *
2138 * PARAMS
2139 * name the name to check
2140 *
2141 * RETURNS
2142 * TRUE: the name parameter is a marshaled credential, hash or binary blob
2143 * FALSE: the name is a plain username
2144 */
2145 BOOL WINAPI CredIsMarshaledCredentialW(LPCWSTR name)
2146 {
2147 TRACE("(%s)\n", debugstr_w(name));
2148
2149 if (name && name[0] == '@' && name[1] == '@' && name[2] > 'A' && name[3])
2150 {
2151 char hash[CERT_HASH_LENGTH];
2152 int len = strlenW(name + 3 );
2153 DWORD size;
2154
2155 if ((name[2] - 'A') == CertCredential && (len == 27) && cred_decode(name + 3, len, hash))
2156 return TRUE;
2157
2158 if (((name[2] - 'A') == UsernameTargetCredential) &&
2159 (len >= 9) && cred_decode(name + 3, 6, (char *)&size) && size)
2160 return TRUE;
2161
2162 if ((name[2] - 'A') == BinaryBlobCredential)
2163 FIXME("BinaryBlobCredential not checked\n");
2164
2165 if ((name[2] - 'A') > BinaryBlobCredential)
2166 TRACE("unknown type: %d\n", (name[2] - 'A'));
2167 }
2168
2169 SetLastError(ERROR_INVALID_PARAMETER);
2170 return FALSE;
2171 }
2172
2173 /******************************************************************************
2174 * CredIsMarshaledCredentialA [ADVAPI32.@]
2175 *
2176 * See CredIsMarshaledCredentialW
2177 *
2178 */
2179 BOOL WINAPI CredIsMarshaledCredentialA(LPCSTR name)
2180 {
2181 LPWSTR nameW = NULL;
2182 BOOL res;
2183 int len;
2184
2185 TRACE("(%s)\n", debugstr_a(name));
2186
2187 if (name)
2188 {
2189 len = MultiByteToWideChar(CP_ACP, 0, name, -1, NULL, 0);
2190 nameW = heap_alloc(len * sizeof(WCHAR));
2191 MultiByteToWideChar(CP_ACP, 0, name, -1, nameW, len);
2192 }
2193
2194 res = CredIsMarshaledCredentialW(nameW);
2195 heap_free(nameW);
2196 return res;
2197 }
Windows API implementation