2 * Credential Management APIs
4 * Copyright 2007 Robert Shearman for CodeWeavers
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
31 # include <Security/SecKeychain.h>
32 # include <Security/SecKeychainItem.h>
33 # include <Security/SecKeychainSearch.h>
38 #include "wine/unicode.h"
39 #include "wine/debug.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(cred
);
43 /* the size of the ARC4 key used to encrypt the password data */
46 static const WCHAR wszCredentialManagerKey
[] = {'S','o','f','t','w','a','r','e','\\','W','i','n','e','\\',
47 'C','r','e','d','e','n','t','i','a','l',' ','M','a','n','a','g','e','r',0};
48 static const WCHAR wszEncryptionKeyValue
[] = {'E','n','c','r','y','p','t','i','o','n','K','e','y',0};
50 static const WCHAR wszFlagsValue
[] = {'F','l','a','g','s',0};
51 static const WCHAR wszTypeValue
[] = {'T','y','p','e',0};
52 static const WCHAR wszCommentValue
[] = {'C','o','m','m','e','n','t',0};
53 static const WCHAR wszLastWrittenValue
[] = {'L','a','s','t','W','r','i','t','t','e','n',0};
54 static const WCHAR wszPersistValue
[] = {'P','e','r','s','i','s','t',0};
55 static const WCHAR wszTargetAliasValue
[] = {'T','a','r','g','e','t','A','l','i','a','s',0};
56 static const WCHAR wszUserNameValue
[] = {'U','s','e','r','N','a','m','e',0};
57 static const WCHAR wszPasswordValue
[] = {'P','a','s','s','w','o','r','d',0};
59 static DWORD
read_credential_blob(HKEY hkey
, const BYTE key_data
[KEY_SIZE
],
60 LPBYTE credential_blob
,
61 DWORD
*credential_blob_size
)
66 *credential_blob_size
= 0;
67 ret
= RegQueryValueExW(hkey
, wszPasswordValue
, 0, &type
, NULL
, credential_blob_size
);
68 if (ret
!= ERROR_SUCCESS
)
70 else if (type
!= REG_BINARY
)
71 return ERROR_REGISTRY_CORRUPT
;
77 ret
= RegQueryValueExW(hkey
, wszPasswordValue
, 0, &type
, credential_blob
,
78 credential_blob_size
);
79 if (ret
!= ERROR_SUCCESS
)
81 else if (type
!= REG_BINARY
)
82 return ERROR_REGISTRY_CORRUPT
;
84 key
.Length
= key
.MaximumLength
= KEY_SIZE
;
85 key
.Buffer
= (unsigned char *)key_data
;
87 data
.Length
= data
.MaximumLength
= *credential_blob_size
;
88 data
.Buffer
= credential_blob
;
89 SystemFunction032(&data
, &key
);
94 static DWORD
registry_read_credential(HKEY hkey
, PCREDENTIALW credential
,
95 const BYTE key_data
[KEY_SIZE
],
96 char *buffer
, DWORD
*len
)
102 ret
= RegQueryValueExW(hkey
, NULL
, 0, &type
, NULL
, &count
);
103 if (ret
!= ERROR_SUCCESS
)
105 else if (type
!= REG_SZ
)
106 return ERROR_REGISTRY_CORRUPT
;
110 credential
->TargetName
= (LPWSTR
)buffer
;
111 ret
= RegQueryValueExW(hkey
, NULL
, 0, &type
, (LPVOID
)credential
->TargetName
,
113 if (ret
!= ERROR_SUCCESS
|| type
!= REG_SZ
) return ret
;
117 ret
= RegQueryValueExW(hkey
, wszCommentValue
, 0, &type
, NULL
, &count
);
118 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
120 else if (type
!= REG_SZ
)
121 return ERROR_REGISTRY_CORRUPT
;
125 credential
->Comment
= (LPWSTR
)buffer
;
126 ret
= RegQueryValueExW(hkey
, wszCommentValue
, 0, &type
, (LPVOID
)credential
->Comment
,
128 if (ret
== ERROR_FILE_NOT_FOUND
)
129 credential
->Comment
= NULL
;
130 else if (ret
!= ERROR_SUCCESS
)
132 else if (type
!= REG_SZ
)
133 return ERROR_REGISTRY_CORRUPT
;
138 ret
= RegQueryValueExW(hkey
, wszTargetAliasValue
, 0, &type
, NULL
, &count
);
139 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
141 else if (type
!= REG_SZ
)
142 return ERROR_REGISTRY_CORRUPT
;
146 credential
->TargetAlias
= (LPWSTR
)buffer
;
147 ret
= RegQueryValueExW(hkey
, wszTargetAliasValue
, 0, &type
, (LPVOID
)credential
->TargetAlias
,
149 if (ret
== ERROR_FILE_NOT_FOUND
)
150 credential
->TargetAlias
= NULL
;
151 else if (ret
!= ERROR_SUCCESS
)
153 else if (type
!= REG_SZ
)
154 return ERROR_REGISTRY_CORRUPT
;
159 ret
= RegQueryValueExW(hkey
, wszUserNameValue
, 0, &type
, NULL
, &count
);
160 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
162 else if (type
!= REG_SZ
)
163 return ERROR_REGISTRY_CORRUPT
;
167 credential
->UserName
= (LPWSTR
)buffer
;
168 ret
= RegQueryValueExW(hkey
, wszUserNameValue
, 0, &type
, (LPVOID
)credential
->UserName
,
170 if (ret
== ERROR_FILE_NOT_FOUND
)
171 credential
->UserName
= NULL
;
172 else if (ret
!= ERROR_SUCCESS
)
174 else if (type
!= REG_SZ
)
175 return ERROR_REGISTRY_CORRUPT
;
180 ret
= read_credential_blob(hkey
, key_data
, NULL
, &count
);
181 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
186 credential
->CredentialBlob
= (LPBYTE
)buffer
;
187 ret
= read_credential_blob(hkey
, key_data
, credential
->CredentialBlob
, &count
);
188 if (ret
== ERROR_FILE_NOT_FOUND
)
189 credential
->CredentialBlob
= NULL
;
190 else if (ret
!= ERROR_SUCCESS
)
192 credential
->CredentialBlobSize
= count
;
196 /* FIXME: Attributes */
199 credential
->AttributeCount
= 0;
200 credential
->Attributes
= NULL
;
203 if (!credential
) return ERROR_SUCCESS
;
205 count
= sizeof(credential
->Flags
);
206 ret
= RegQueryValueExW(hkey
, wszFlagsValue
, NULL
, &type
, (LPVOID
)&credential
->Flags
,
208 if (ret
!= ERROR_SUCCESS
)
210 else if (type
!= REG_DWORD
)
211 return ERROR_REGISTRY_CORRUPT
;
212 count
= sizeof(credential
->Type
);
213 ret
= RegQueryValueExW(hkey
, wszTypeValue
, NULL
, &type
, (LPVOID
)&credential
->Type
,
215 if (ret
!= ERROR_SUCCESS
)
217 else if (type
!= REG_DWORD
)
218 return ERROR_REGISTRY_CORRUPT
;
220 count
= sizeof(credential
->LastWritten
);
221 ret
= RegQueryValueExW(hkey
, wszLastWrittenValue
, NULL
, &type
, (LPVOID
)&credential
->LastWritten
,
223 if (ret
!= ERROR_SUCCESS
)
225 else if (type
!= REG_BINARY
)
226 return ERROR_REGISTRY_CORRUPT
;
227 count
= sizeof(credential
->Persist
);
228 ret
= RegQueryValueExW(hkey
, wszPersistValue
, NULL
, &type
, (LPVOID
)&credential
->Persist
,
230 if (ret
== ERROR_SUCCESS
&& type
!= REG_DWORD
)
231 return ERROR_REGISTRY_CORRUPT
;
236 static DWORD
mac_read_credential_from_item(SecKeychainItemRef item
, BOOL require_password
,
237 PCREDENTIALW credential
, char *buffer
,
242 UInt32 cred_blob_len
;
244 LPWSTR domain
= NULL
;
246 BOOL user_name_present
= FALSE
;
247 SecKeychainAttributeInfo info
;
248 SecKeychainAttributeList
*attr_list
;
249 UInt32 info_tags
[] = { kSecServerItemAttr
, kSecSecurityDomainItemAttr
, kSecAccountItemAttr
,
250 kSecCommentItemAttr
, kSecCreationDateItemAttr
};
251 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
252 info
.tag
= info_tags
;
254 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, &cred_blob_len
, &cred_blob
);
255 if (status
== errSecAuthFailed
&& !require_password
)
259 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, &cred_blob_len
, NULL
);
263 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
264 return ERROR_NOT_FOUND
;
267 for (i
= 0; i
< attr_list
->count
; i
++)
268 if (attr_list
->attr
[i
].tag
== kSecAccountItemAttr
&& attr_list
->attr
[i
].data
)
270 user_name_present
= TRUE
;
273 if (!user_name_present
)
275 WARN("no kSecAccountItemAttr for item\n");
276 return ERROR_NOT_FOUND
;
281 credential
->Flags
= 0;
282 credential
->Type
= CRED_TYPE_DOMAIN_PASSWORD
;
283 credential
->TargetName
= NULL
;
284 credential
->Comment
= NULL
;
285 memset(&credential
->LastWritten
, 0, sizeof(credential
->LastWritten
));
286 credential
->CredentialBlobSize
= 0;
287 credential
->CredentialBlob
= NULL
;
288 credential
->Persist
= CRED_PERSIST_LOCAL_MACHINE
;
289 credential
->AttributeCount
= 0;
290 credential
->Attributes
= NULL
;
291 credential
->TargetAlias
= NULL
;
292 credential
->UserName
= NULL
;
294 for (i
= 0; i
< attr_list
->count
; i
++)
296 switch (attr_list
->attr
[i
].tag
)
298 case kSecServerItemAttr
:
299 TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
300 (char *)attr_list
->attr
[i
].data
);
301 if (!attr_list
->attr
[i
].data
) continue;
305 credential
->TargetName
= (LPWSTR
)buffer
;
306 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
307 attr_list
->attr
[i
].length
, (LPWSTR
)buffer
, 0xffff);
308 credential
->TargetName
[str_len
] = '\0';
309 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
310 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
315 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
316 attr_list
->attr
[i
].length
, NULL
, 0);
317 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
320 case kSecAccountItemAttr
:
323 TRACE("kSecAccountItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
324 (char *)attr_list
->attr
[i
].data
);
325 if (!attr_list
->attr
[i
].data
) continue;
326 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
327 attr_list
->attr
[i
].length
, NULL
, 0);
328 user
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
329 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
330 attr_list
->attr
[i
].length
, user
, str_len
);
331 user
[str_len
] = '\0';
334 case kSecCommentItemAttr
:
335 TRACE("kSecCommentItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
336 (char *)attr_list
->attr
[i
].data
);
337 if (!attr_list
->attr
[i
].data
) continue;
341 credential
->Comment
= (LPWSTR
)buffer
;
342 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
343 attr_list
->attr
[i
].length
, (LPWSTR
)buffer
, 0xffff);
344 credential
->Comment
[str_len
] = '\0';
345 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
346 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
351 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
352 attr_list
->attr
[i
].length
, NULL
, 0);
353 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
356 case kSecSecurityDomainItemAttr
:
359 TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
360 (char *)attr_list
->attr
[i
].data
);
361 if (!attr_list
->attr
[i
].data
) continue;
362 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
363 attr_list
->attr
[i
].length
, NULL
, 0);
364 domain
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
365 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
366 attr_list
->attr
[i
].length
, domain
, str_len
);
367 domain
[str_len
] = '\0';
370 case kSecCreationDateItemAttr
:
371 TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
372 (char *)attr_list
->attr
[i
].data
);
375 LARGE_INTEGER win_time
;
378 memset(&tm
, 0, sizeof(tm
));
379 strptime(attr_list
->attr
[i
].data
, "%Y%m%d%H%M%SZ", &tm
);
381 RtlSecondsSince1970ToTime(time
, &win_time
);
382 credential
->LastWritten
.dwLowDateTime
= win_time
.u
.LowPart
;
383 credential
->LastWritten
.dwHighDateTime
= win_time
.u
.HighPart
;
393 credential
->UserName
= (LPWSTR
)buffer
;
396 str_len
= strlenW(domain
);
397 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
400 memcpy(credential
->UserName
, domain
, str_len
* sizeof(WCHAR
));
401 /* FIXME: figure out when to use an '@' */
402 credential
->UserName
[str_len
] = '\\';
403 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
406 str_len
= strlenW(user
);
407 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
410 memcpy(buffer
, user
, (str_len
+ 1) * sizeof(WCHAR
));
411 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
412 TRACE("UserName = %s\n", debugstr_w(credential
->UserName
));
415 HeapFree(GetProcessHeap(), 0, user
);
416 HeapFree(GetProcessHeap(), 0, domain
);
423 credential
->CredentialBlob
= (BYTE
*)buffer
;
424 str_len
= MultiByteToWideChar(CP_UTF8
, 0, cred_blob
, cred_blob_len
,
425 (LPWSTR
)buffer
, 0xffff);
426 credential
->CredentialBlobSize
= str_len
* sizeof(WCHAR
);
427 buffer
+= str_len
* sizeof(WCHAR
);
428 *len
+= str_len
* sizeof(WCHAR
);
433 str_len
= MultiByteToWideChar(CP_UTF8
, 0, cred_blob
, cred_blob_len
,
435 *len
+= str_len
* sizeof(WCHAR
);
438 SecKeychainItemFreeAttributesAndData(attr_list
, cred_blob
);
439 return ERROR_SUCCESS
;
443 static DWORD
write_credential_blob(HKEY hkey
, LPCWSTR target_name
, DWORD type
,
444 const BYTE key_data
[KEY_SIZE
],
445 const BYTE
*credential_blob
, DWORD credential_blob_size
)
447 LPBYTE encrypted_credential_blob
;
452 key
.Length
= key
.MaximumLength
= KEY_SIZE
;
453 key
.Buffer
= (unsigned char *)key_data
;
455 encrypted_credential_blob
= HeapAlloc(GetProcessHeap(), 0, credential_blob_size
);
456 if (!encrypted_credential_blob
) return ERROR_OUTOFMEMORY
;
458 memcpy(encrypted_credential_blob
, credential_blob
, credential_blob_size
);
459 data
.Length
= data
.MaximumLength
= credential_blob_size
;
460 data
.Buffer
= encrypted_credential_blob
;
461 SystemFunction032(&data
, &key
);
463 ret
= RegSetValueExW(hkey
, wszPasswordValue
, 0, REG_BINARY
, encrypted_credential_blob
, credential_blob_size
);
464 HeapFree(GetProcessHeap(), 0, encrypted_credential_blob
);
469 static DWORD
registry_write_credential(HKEY hkey
, const CREDENTIALW
*credential
,
470 const BYTE key_data
[KEY_SIZE
], BOOL preserve_blob
)
473 FILETIME LastWritten
;
475 GetSystemTimeAsFileTime(&LastWritten
);
477 ret
= RegSetValueExW(hkey
, wszFlagsValue
, 0, REG_DWORD
, (const BYTE
*)&credential
->Flags
,
478 sizeof(credential
->Flags
));
479 if (ret
!= ERROR_SUCCESS
) return ret
;
480 ret
= RegSetValueExW(hkey
, wszTypeValue
, 0, REG_DWORD
, (const BYTE
*)&credential
->Type
,
481 sizeof(credential
->Type
));
482 if (ret
!= ERROR_SUCCESS
) return ret
;
483 ret
= RegSetValueExW(hkey
, NULL
, 0, REG_SZ
, (LPVOID
)credential
->TargetName
,
484 sizeof(WCHAR
)*(strlenW(credential
->TargetName
)+1));
485 if (ret
!= ERROR_SUCCESS
) return ret
;
486 if (credential
->Comment
)
488 ret
= RegSetValueExW(hkey
, wszCommentValue
, 0, REG_SZ
, (LPVOID
)credential
->Comment
,
489 sizeof(WCHAR
)*(strlenW(credential
->Comment
)+1));
490 if (ret
!= ERROR_SUCCESS
) return ret
;
492 ret
= RegSetValueExW(hkey
, wszLastWrittenValue
, 0, REG_BINARY
, (LPVOID
)&LastWritten
,
493 sizeof(LastWritten
));
494 if (ret
!= ERROR_SUCCESS
) return ret
;
495 ret
= RegSetValueExW(hkey
, wszPersistValue
, 0, REG_DWORD
, (const BYTE
*)&credential
->Persist
,
496 sizeof(credential
->Persist
));
497 if (ret
!= ERROR_SUCCESS
) return ret
;
498 /* FIXME: Attributes */
499 if (credential
->TargetAlias
)
501 ret
= RegSetValueExW(hkey
, wszTargetAliasValue
, 0, REG_SZ
, (LPVOID
)credential
->TargetAlias
,
502 sizeof(WCHAR
)*(strlenW(credential
->TargetAlias
)+1));
503 if (ret
!= ERROR_SUCCESS
) return ret
;
505 if (credential
->UserName
)
507 ret
= RegSetValueExW(hkey
, wszUserNameValue
, 0, REG_SZ
, (LPVOID
)credential
->UserName
,
508 sizeof(WCHAR
)*(strlenW(credential
->UserName
)+1));
509 if (ret
!= ERROR_SUCCESS
) return ret
;
513 ret
= write_credential_blob(hkey
, credential
->TargetName
, credential
->Type
,
514 key_data
, credential
->CredentialBlob
,
515 credential
->CredentialBlobSize
);
521 static DWORD
mac_write_credential(const CREDENTIALW
*credential
, BOOL preserve_blob
)
524 SecKeychainItemRef keychain_item
;
530 UInt32 domainlen
= 0;
534 SecKeychainAttribute attrs
[1];
535 SecKeychainAttributeList attr_list
;
537 if (credential
->Flags
)
538 FIXME("Flags 0x%x not written\n", credential
->Flags
);
539 if (credential
->Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
540 FIXME("credential type of %d not supported\n", credential
->Type
);
541 if (credential
->Persist
!= CRED_PERSIST_LOCAL_MACHINE
)
542 FIXME("persist value of %d not supported\n", credential
->Persist
);
543 if (credential
->AttributeCount
)
544 FIXME("custom attributes not supported\n");
546 p
= strchrW(credential
->UserName
, '\\');
549 domainlen
= WideCharToMultiByte(CP_UTF8
, 0, credential
->UserName
,
550 p
- credential
->UserName
, NULL
, 0, NULL
, NULL
);
551 domain
= HeapAlloc(GetProcessHeap(), 0, (domainlen
+ 1) * sizeof(*domain
));
552 WideCharToMultiByte(CP_UTF8
, 0, credential
->UserName
, p
- credential
->UserName
,
553 domain
, domainlen
, NULL
, NULL
);
554 domain
[domainlen
] = '\0';
558 p
= credential
->UserName
;
559 userlen
= WideCharToMultiByte(CP_UTF8
, 0, p
, -1, NULL
, 0, NULL
, NULL
);
560 username
= HeapAlloc(GetProcessHeap(), 0, userlen
* sizeof(*username
));
561 WideCharToMultiByte(CP_UTF8
, 0, p
, -1, username
, userlen
, NULL
, NULL
);
563 serverlen
= WideCharToMultiByte(CP_UTF8
, 0, credential
->TargetName
, -1, NULL
, 0, NULL
, NULL
);
564 servername
= HeapAlloc(GetProcessHeap(), 0, serverlen
* sizeof(*servername
));
565 WideCharToMultiByte(CP_UTF8
, 0, credential
->TargetName
, -1, servername
, serverlen
, NULL
, NULL
);
566 pwlen
= WideCharToMultiByte(CP_UTF8
, 0, (LPCWSTR
)credential
->CredentialBlob
,
567 credential
->CredentialBlobSize
/ sizeof(WCHAR
), NULL
, 0, NULL
, NULL
);
568 password
= HeapAlloc(GetProcessHeap(), 0, pwlen
* sizeof(*domain
));
569 WideCharToMultiByte(CP_UTF8
, 0, (LPCWSTR
)credential
->CredentialBlob
,
570 credential
->CredentialBlobSize
/ sizeof(WCHAR
), password
, pwlen
, NULL
, NULL
);
572 TRACE("adding server %s, domain %s, username %s using Keychain\n", servername
, domain
, username
);
573 status
= SecKeychainAddInternetPassword(NULL
, strlen(servername
), servername
,
574 strlen(domain
), domain
, strlen(username
),
575 username
, 0, NULL
, 0,
577 kSecAuthenticationTypeDefault
,
578 strlen(password
), password
, &keychain_item
);
580 ERR("SecKeychainAddInternetPassword returned %ld\n", status
);
581 if (status
== errSecDuplicateItem
)
583 SecKeychainItemRef keychain_item
;
585 status
= SecKeychainFindInternetPassword(NULL
, strlen(servername
), servername
,
586 strlen(domain
), domain
,
587 strlen(username
), username
,
588 0, NULL
/* any path */, 0,
589 0 /* any protocol */,
590 0 /* any authentication type */,
591 0, NULL
, &keychain_item
);
593 ERR("SecKeychainFindInternetPassword returned %ld\n", status
);
595 HeapFree(GetProcessHeap(), 0, domain
);
596 HeapFree(GetProcessHeap(), 0, username
);
597 HeapFree(GetProcessHeap(), 0, servername
);
600 HeapFree(GetProcessHeap(), 0, password
);
601 return ERROR_GEN_FAILURE
;
603 if (credential
->Comment
)
606 attr_list
.attr
= attrs
;
607 attrs
[0].tag
= kSecCommentItemAttr
;
608 attrs
[0].length
= WideCharToMultiByte(CP_UTF8
, 0, credential
->Comment
, -1, NULL
, 0, NULL
, NULL
);
609 if (attrs
[0].length
) attrs
[0].length
--;
610 attrs
[0].data
= HeapAlloc(GetProcessHeap(), 0, attrs
[0].length
);
611 WideCharToMultiByte(CP_UTF8
, 0, credential
->Comment
, -1, attrs
[0].data
, attrs
[0].length
, NULL
, NULL
);
616 attr_list
.attr
= NULL
;
618 status
= SecKeychainItemModifyAttributesAndData(keychain_item
, &attr_list
,
619 preserve_blob
? 0 : strlen(password
),
620 preserve_blob
? NULL
: password
);
621 if (credential
->Comment
)
622 HeapFree(GetProcessHeap(), 0, attrs
[0].data
);
623 HeapFree(GetProcessHeap(), 0, password
);
624 /* FIXME: set TargetAlias attribute */
625 CFRelease(keychain_item
);
626 return ERROR_SUCCESS
;
630 static DWORD
open_cred_mgr_key(HKEY
*hkey
, BOOL open_for_write
)
632 return RegCreateKeyExW(HKEY_CURRENT_USER
, wszCredentialManagerKey
, 0,
633 NULL
, REG_OPTION_NON_VOLATILE
,
634 KEY_READ
| (open_for_write
? KEY_WRITE
: 0), NULL
, hkey
, NULL
);
637 static DWORD
get_cred_mgr_encryption_key(HKEY hkeyMgr
, BYTE key_data
[KEY_SIZE
])
639 static const BYTE my_key_data
[KEY_SIZE
] = { 0 };
647 memcpy(key_data
, my_key_data
, KEY_SIZE
);
650 ret
= RegQueryValueExW(hkeyMgr
, wszEncryptionKeyValue
, NULL
, &type
, key_data
,
652 if (ret
== ERROR_SUCCESS
)
654 if (type
!= REG_BINARY
)
655 return ERROR_REGISTRY_CORRUPT
;
657 return ERROR_SUCCESS
;
659 if (ret
!= ERROR_FILE_NOT_FOUND
)
662 GetSystemTimeAsFileTime(&ft
);
663 seed
= ft
.dwLowDateTime
;
664 value
= RtlUniform(&seed
);
665 *(DWORD
*)key_data
= value
;
666 seed
= ft
.dwHighDateTime
;
667 value
= RtlUniform(&seed
);
668 *(DWORD
*)(key_data
+ 4) = value
;
670 ret
= RegSetValueExW(hkeyMgr
, wszEncryptionKeyValue
, 0, REG_BINARY
,
672 if (ret
== ERROR_ACCESS_DENIED
)
674 ret
= open_cred_mgr_key(&hkeyMgr
, TRUE
);
675 if (ret
== ERROR_SUCCESS
)
677 ret
= RegSetValueExW(hkeyMgr
, wszEncryptionKeyValue
, 0, REG_BINARY
,
679 RegCloseKey(hkeyMgr
);
685 static LPWSTR
get_key_name_for_target(LPCWSTR target_name
, DWORD type
)
687 static const WCHAR wszGenericPrefix
[] = {'G','e','n','e','r','i','c',':',' ',0};
688 static const WCHAR wszDomPasswdPrefix
[] = {'D','o','m','P','a','s','s','w','d',':',' ',0};
690 LPCWSTR prefix
= NULL
;
693 len
= strlenW(target_name
);
694 if (type
== CRED_TYPE_GENERIC
)
696 prefix
= wszGenericPrefix
;
697 len
+= sizeof(wszGenericPrefix
)/sizeof(wszGenericPrefix
[0]);
701 prefix
= wszDomPasswdPrefix
;
702 len
+= sizeof(wszDomPasswdPrefix
)/sizeof(wszDomPasswdPrefix
[0]);
705 key_name
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
706 if (!key_name
) return NULL
;
708 strcpyW(key_name
, prefix
);
709 strcatW(key_name
, target_name
);
711 for (p
= key_name
; *p
; p
++)
712 if (*p
== '\\') *p
= '_';
717 static BOOL
credential_matches_filter(HKEY hkeyCred
, LPCWSTR filter
)
725 if (!filter
) return TRUE
;
727 ret
= RegQueryValueExW(hkeyCred
, NULL
, 0, &type
, NULL
, &count
);
728 if (ret
!= ERROR_SUCCESS
)
730 else if (type
!= REG_SZ
)
733 target_name
= HeapAlloc(GetProcessHeap(), 0, count
);
736 ret
= RegQueryValueExW(hkeyCred
, NULL
, 0, &type
, (LPVOID
)target_name
, &count
);
737 if (ret
!= ERROR_SUCCESS
|| type
!= REG_SZ
)
739 HeapFree(GetProcessHeap(), 0, target_name
);
743 TRACE("comparing filter %s to target name %s\n", debugstr_w(filter
),
744 debugstr_w(target_name
));
746 p
= strchrW(filter
, '*');
747 ret
= CompareStringW(GetThreadLocale(), 0, filter
,
748 (p
&& !p
[1] ? p
- filter
: -1), target_name
,
749 (p
&& !p
[1] ? p
- filter
: -1)) == CSTR_EQUAL
;
751 HeapFree(GetProcessHeap(), 0, target_name
);
755 static DWORD
registry_enumerate_credentials(HKEY hkeyMgr
, LPCWSTR filter
,
757 DWORD target_name_len
, const BYTE key_data
[KEY_SIZE
],
758 PCREDENTIALW
*credentials
, char **buffer
,
759 DWORD
*len
, DWORD
*count
)
766 ret
= RegEnumKeyW(hkeyMgr
, i
, target_name
, target_name_len
+1);
767 if (ret
== ERROR_NO_MORE_ITEMS
)
772 else if (ret
!= ERROR_SUCCESS
)
777 TRACE("target_name = %s\n", debugstr_w(target_name
));
778 ret
= RegOpenKeyExW(hkeyMgr
, target_name
, 0, KEY_QUERY_VALUE
, &hkeyCred
);
779 if (ret
!= ERROR_SUCCESS
)
784 if (!credential_matches_filter(hkeyCred
, filter
))
786 RegCloseKey(hkeyCred
);
791 *len
= sizeof(CREDENTIALW
);
792 credentials
[*count
] = (PCREDENTIALW
)*buffer
;
795 *len
+= sizeof(CREDENTIALW
);
796 ret
= registry_read_credential(hkeyCred
, buffer
? credentials
[*count
] : NULL
,
797 key_data
, buffer
? *buffer
+ sizeof(CREDENTIALW
) : NULL
,
799 RegCloseKey(hkeyCred
);
800 if (ret
!= ERROR_SUCCESS
) break;
801 if (buffer
) *buffer
+= *len
;
808 static DWORD
mac_enumerate_credentials(LPCWSTR filter
, PCREDENTIALW
*credentials
,
809 char *buffer
, DWORD
*len
, DWORD
*count
)
811 SecKeychainSearchRef search
;
812 SecKeychainItemRef item
;
814 Boolean saved_user_interaction_allowed
;
817 SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed
);
818 SecKeychainSetUserInteractionAllowed(false);
820 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
823 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
825 SecKeychainAttributeInfo info
;
826 SecKeychainAttributeList
*attr_list
;
827 UInt32 info_tags
[] = { kSecServerItemAttr
};
828 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
829 info
.tag
= info_tags
;
831 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
834 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
839 *len
= sizeof(CREDENTIALW
);
840 credentials
[*count
] = (PCREDENTIALW
)buffer
;
843 *len
+= sizeof(CREDENTIALW
);
844 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
) continue;
845 TRACE("server item: %.*s\n", (int)attr_list
->attr
[0].length
, (char *)attr_list
->attr
[0].data
);
846 /* FIXME: filter based on attr_list->attr[0].data */
847 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
848 ret
= mac_read_credential_from_item(item
, FALSE
,
849 buffer
? credentials
[*count
] : NULL
,
850 buffer
? buffer
+ sizeof(CREDENTIALW
) : NULL
,
853 if (ret
== ERROR_SUCCESS
)
856 if (buffer
) buffer
+= *len
;
862 ERR("SecKeychainSearchCreateFromAttributes returned status %ld\n", status
);
863 SecKeychainSetUserInteractionAllowed(saved_user_interaction_allowed
);
864 return ERROR_SUCCESS
;
867 static DWORD
mac_delete_credential(LPCWSTR TargetName
)
870 SecKeychainSearchRef search
;
871 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
874 SecKeychainItemRef item
;
875 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
877 SecKeychainAttributeInfo info
;
878 SecKeychainAttributeList
*attr_list
;
879 UInt32 info_tags
[] = { kSecServerItemAttr
};
882 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
883 info
.tag
= info_tags
;
885 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
888 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
891 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
)
896 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, NULL
, 0);
897 target_name
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
898 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, target_name
, str_len
);
900 target_name
[str_len
] = '\0';
901 if (strcmpiW(TargetName
, target_name
))
904 HeapFree(GetProcessHeap(), 0, target_name
);
907 HeapFree(GetProcessHeap(), 0, target_name
);
908 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
909 SecKeychainItemDelete(item
);
913 return ERROR_SUCCESS
;
917 return ERROR_NOT_FOUND
;
921 /******************************************************************************
922 * convert_PCREDENTIALW_to_PCREDENTIALA [internal]
924 * convert a Credential struct from UNICODE to ANSI and return the needed size in Bytes
928 static INT
convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW
*CredentialW
, PCREDENTIALA CredentialA
, DWORD len
)
932 INT needed
= sizeof(CREDENTIALA
);
936 if (CredentialW
->TargetName
)
937 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetName
, -1, NULL
, 0, NULL
, NULL
);
938 if (CredentialW
->Comment
)
939 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->Comment
, -1, NULL
, 0, NULL
, NULL
);
940 needed
+= CredentialW
->CredentialBlobSize
;
941 if (CredentialW
->TargetAlias
)
942 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetAlias
, -1, NULL
, 0, NULL
, NULL
);
943 if (CredentialW
->UserName
)
944 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->UserName
, -1, NULL
, 0, NULL
, NULL
);
950 buffer
= (char *)CredentialA
+ sizeof(CREDENTIALA
);
951 len
-= sizeof(CREDENTIALA
);
952 CredentialA
->Flags
= CredentialW
->Flags
;
953 CredentialA
->Type
= CredentialW
->Type
;
955 if (CredentialW
->TargetName
)
957 CredentialA
->TargetName
= buffer
;
958 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetName
, -1, buffer
, len
, NULL
, NULL
);
959 buffer
+= string_len
;
960 needed
+= string_len
;
964 CredentialA
->TargetName
= NULL
;
965 if (CredentialW
->Comment
)
967 CredentialA
->Comment
= buffer
;
968 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->Comment
, -1, buffer
, len
, NULL
, NULL
);
969 buffer
+= string_len
;
970 needed
+= string_len
;
974 CredentialA
->Comment
= NULL
;
975 CredentialA
->LastWritten
= CredentialW
->LastWritten
;
976 CredentialA
->CredentialBlobSize
= CredentialW
->CredentialBlobSize
;
977 if (CredentialW
->CredentialBlobSize
&& (CredentialW
->CredentialBlobSize
<= len
))
979 CredentialA
->CredentialBlob
=(LPBYTE
)buffer
;
980 memcpy(CredentialA
->CredentialBlob
, CredentialW
->CredentialBlob
,
981 CredentialW
->CredentialBlobSize
);
982 buffer
+= CredentialW
->CredentialBlobSize
;
983 needed
+= CredentialW
->CredentialBlobSize
;
984 len
-= CredentialW
->CredentialBlobSize
;
987 CredentialA
->CredentialBlob
= NULL
;
988 CredentialA
->Persist
= CredentialW
->Persist
;
989 CredentialA
->AttributeCount
= 0;
990 CredentialA
->Attributes
= NULL
; /* FIXME */
991 if (CredentialW
->TargetAlias
)
993 CredentialA
->TargetAlias
= buffer
;
994 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetAlias
, -1, buffer
, len
, NULL
, NULL
);
995 buffer
+= string_len
;
996 needed
+= string_len
;
1000 CredentialA
->TargetAlias
= NULL
;
1001 if (CredentialW
->UserName
)
1003 CredentialA
->UserName
= buffer
;
1004 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->UserName
, -1, buffer
, len
, NULL
, NULL
);
1005 needed
+= string_len
;
1008 CredentialA
->UserName
= NULL
;
1013 /******************************************************************************
1014 * convert_PCREDENTIALA_to_PCREDENTIALW [internal]
1016 * convert a Credential struct from ANSI to UNICODE and return the needed size in Bytes
1019 static INT
convert_PCREDENTIALA_to_PCREDENTIALW(const CREDENTIALA
*CredentialA
, PCREDENTIALW CredentialW
, INT len
)
1023 INT needed
= sizeof(CREDENTIALW
);
1027 if (CredentialA
->TargetName
)
1028 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetName
, -1, NULL
, 0);
1029 if (CredentialA
->Comment
)
1030 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->Comment
, -1, NULL
, 0);
1031 needed
+= CredentialA
->CredentialBlobSize
;
1032 if (CredentialA
->TargetAlias
)
1033 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetAlias
, -1, NULL
, 0);
1034 if (CredentialA
->UserName
)
1035 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->UserName
, -1, NULL
, 0);
1040 buffer
= (char *)CredentialW
+ sizeof(CREDENTIALW
);
1041 len
-= sizeof(CREDENTIALW
);
1042 CredentialW
->Flags
= CredentialA
->Flags
;
1043 CredentialW
->Type
= CredentialA
->Type
;
1044 if (CredentialA
->TargetName
)
1046 CredentialW
->TargetName
= (LPWSTR
)buffer
;
1047 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetName
, -1, CredentialW
->TargetName
, len
/ sizeof(WCHAR
));
1048 buffer
+= sizeof(WCHAR
) * string_len
;
1049 needed
+= sizeof(WCHAR
) * string_len
;
1050 len
-= sizeof(WCHAR
) * string_len
;
1053 CredentialW
->TargetName
= NULL
;
1054 if (CredentialA
->Comment
)
1056 CredentialW
->Comment
= (LPWSTR
)buffer
;
1057 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->Comment
, -1, CredentialW
->Comment
, len
/ sizeof(WCHAR
));
1058 buffer
+= sizeof(WCHAR
) * string_len
;
1059 needed
+= sizeof(WCHAR
) * string_len
;
1060 len
-= sizeof(WCHAR
) * string_len
;
1063 CredentialW
->Comment
= NULL
;
1064 CredentialW
->LastWritten
= CredentialA
->LastWritten
;
1065 CredentialW
->CredentialBlobSize
= CredentialA
->CredentialBlobSize
;
1066 if (CredentialA
->CredentialBlobSize
)
1068 CredentialW
->CredentialBlob
=(LPBYTE
)buffer
;
1069 memcpy(CredentialW
->CredentialBlob
, CredentialA
->CredentialBlob
,
1070 CredentialA
->CredentialBlobSize
);
1071 buffer
+= CredentialA
->CredentialBlobSize
;
1072 needed
+= CredentialA
->CredentialBlobSize
;
1073 len
-= CredentialA
->CredentialBlobSize
;
1076 CredentialW
->CredentialBlob
= NULL
;
1077 CredentialW
->Persist
= CredentialA
->Persist
;
1078 CredentialW
->AttributeCount
= 0;
1079 CredentialW
->Attributes
= NULL
; /* FIXME */
1080 if (CredentialA
->TargetAlias
)
1082 CredentialW
->TargetAlias
= (LPWSTR
)buffer
;
1083 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetAlias
, -1, CredentialW
->TargetAlias
, len
/ sizeof(WCHAR
));
1084 buffer
+= sizeof(WCHAR
) * string_len
;
1085 needed
+= sizeof(WCHAR
) * string_len
;
1086 len
-= sizeof(WCHAR
) * string_len
;
1089 CredentialW
->TargetAlias
= NULL
;
1090 if (CredentialA
->UserName
)
1092 CredentialW
->UserName
= (LPWSTR
)buffer
;
1093 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->UserName
, -1, CredentialW
->UserName
, len
/ sizeof(WCHAR
));
1094 needed
+= sizeof(WCHAR
) * string_len
;
1097 CredentialW
->UserName
= NULL
;
1102 /******************************************************************************
1103 * CredDeleteA [ADVAPI32.@]
1105 BOOL WINAPI
CredDeleteA(LPCSTR TargetName
, DWORD Type
, DWORD Flags
)
1111 TRACE("(%s, %d, 0x%x)\n", debugstr_a(TargetName
), Type
, Flags
);
1115 SetLastError(ERROR_INVALID_PARAMETER
);
1119 len
= MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, NULL
, 0);
1120 TargetNameW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1123 SetLastError(ERROR_OUTOFMEMORY
);
1126 MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, TargetNameW
, len
);
1128 ret
= CredDeleteW(TargetNameW
, Type
, Flags
);
1130 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1135 /******************************************************************************
1136 * CredDeleteW [ADVAPI32.@]
1138 BOOL WINAPI
CredDeleteW(LPCWSTR TargetName
, DWORD Type
, DWORD Flags
)
1144 TRACE("(%s, %d, 0x%x)\n", debugstr_w(TargetName
), Type
, Flags
);
1148 SetLastError(ERROR_INVALID_PARAMETER
);
1152 if (Type
!= CRED_TYPE_GENERIC
&& Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1154 FIXME("unhandled type %d\n", Type
);
1155 SetLastError(ERROR_INVALID_PARAMETER
);
1161 FIXME("unhandled flags 0x%x\n", Flags
);
1162 SetLastError(ERROR_INVALID_FLAGS
);
1167 if (Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1169 ret
= mac_delete_credential(TargetName
);
1170 if (ret
== ERROR_SUCCESS
)
1175 ret
= open_cred_mgr_key(&hkeyMgr
, TRUE
);
1176 if (ret
!= ERROR_SUCCESS
)
1178 WARN("couldn't open/create manager key, error %d\n", ret
);
1179 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1183 key_name
= get_key_name_for_target(TargetName
, Type
);
1184 ret
= RegDeleteKeyW(hkeyMgr
, key_name
);
1185 HeapFree(GetProcessHeap(), 0, key_name
);
1186 RegCloseKey(hkeyMgr
);
1187 if (ret
!= ERROR_SUCCESS
)
1189 SetLastError(ERROR_NOT_FOUND
);
1196 /******************************************************************************
1197 * CredEnumerateA [ADVAPI32.@]
1199 BOOL WINAPI
CredEnumerateA(LPCSTR Filter
, DWORD Flags
, DWORD
*Count
,
1200 PCREDENTIALA
**Credentials
)
1203 PCREDENTIALW
*CredentialsW
;
1209 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_a(Filter
), Flags
, Count
, Credentials
);
1213 len
= MultiByteToWideChar(CP_ACP
, 0, Filter
, -1, NULL
, 0);
1214 FilterW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1217 SetLastError(ERROR_OUTOFMEMORY
);
1220 MultiByteToWideChar(CP_ACP
, 0, Filter
, -1, FilterW
, len
);
1225 if (!CredEnumerateW(FilterW
, Flags
, Count
, &CredentialsW
))
1227 HeapFree(GetProcessHeap(), 0, FilterW
);
1230 HeapFree(GetProcessHeap(), 0, FilterW
);
1232 len
= *Count
* sizeof(PCREDENTIALA
);
1233 for (i
= 0; i
< *Count
; i
++)
1234 len
+= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], NULL
, 0);
1236 *Credentials
= HeapAlloc(GetProcessHeap(), 0, len
);
1239 CredFree(CredentialsW
);
1240 SetLastError(ERROR_OUTOFMEMORY
);
1244 buffer
= (char *)&(*Credentials
)[*Count
];
1245 len
-= *Count
* sizeof(PCREDENTIALA
);
1246 for (i
= 0; i
< *Count
; i
++)
1248 (*Credentials
)[i
] = (PCREDENTIALA
)buffer
;
1249 needed
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], (*Credentials
)[i
], len
);
1254 CredFree(CredentialsW
);
1259 /******************************************************************************
1260 * CredEnumerateW [ADVAPI32.@]
1262 BOOL WINAPI
CredEnumerateW(LPCWSTR Filter
, DWORD Flags
, DWORD
*Count
,
1263 PCREDENTIALW
**Credentials
)
1268 DWORD target_name_len
;
1271 BYTE key_data
[KEY_SIZE
];
1273 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_w(Filter
), Flags
, Count
, Credentials
);
1277 SetLastError(ERROR_INVALID_FLAGS
);
1281 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1282 if (ret
!= ERROR_SUCCESS
)
1284 WARN("couldn't open/create manager key, error %d\n", ret
);
1285 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1289 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1290 if (ret
!= ERROR_SUCCESS
)
1292 RegCloseKey(hkeyMgr
);
1297 ret
= RegQueryInfoKeyW(hkeyMgr
, NULL
, NULL
, NULL
, NULL
, &target_name_len
, NULL
, NULL
, NULL
, NULL
, NULL
, NULL
);
1298 if (ret
!= ERROR_SUCCESS
)
1300 RegCloseKey(hkeyMgr
);
1305 target_name
= HeapAlloc(GetProcessHeap(), 0, (target_name_len
+1)*sizeof(WCHAR
));
1308 RegCloseKey(hkeyMgr
);
1309 SetLastError(ERROR_OUTOFMEMORY
);
1315 ret
= registry_enumerate_credentials(hkeyMgr
, Filter
, target_name
, target_name_len
,
1316 key_data
, NULL
, NULL
, &len
, Count
);
1318 if (ret
== ERROR_SUCCESS
)
1319 ret
= mac_enumerate_credentials(Filter
, NULL
, NULL
, &len
, Count
);
1321 if (ret
== ERROR_SUCCESS
&& *Count
== 0)
1322 ret
= ERROR_NOT_FOUND
;
1323 if (ret
!= ERROR_SUCCESS
)
1325 HeapFree(GetProcessHeap(), 0, target_name
);
1326 RegCloseKey(hkeyMgr
);
1330 len
+= *Count
* sizeof(PCREDENTIALW
);
1332 if (ret
== ERROR_SUCCESS
)
1334 buffer
= HeapAlloc(GetProcessHeap(), 0, len
);
1335 *Credentials
= (PCREDENTIALW
*)buffer
;
1338 buffer
+= *Count
* sizeof(PCREDENTIALW
);
1340 ret
= registry_enumerate_credentials(hkeyMgr
, Filter
, target_name
,
1341 target_name_len
, key_data
,
1342 *Credentials
, &buffer
, &len
,
1345 if (ret
== ERROR_SUCCESS
)
1346 ret
= mac_enumerate_credentials(Filter
, *Credentials
,
1347 buffer
, &len
, Count
);
1351 ret
= ERROR_OUTOFMEMORY
;
1354 HeapFree(GetProcessHeap(), 0, target_name
);
1355 RegCloseKey(hkeyMgr
);
1357 if (ret
!= ERROR_SUCCESS
)
1365 /******************************************************************************
1366 * CredFree [ADVAPI32.@]
1368 VOID WINAPI
CredFree(PVOID Buffer
)
1370 HeapFree(GetProcessHeap(), 0, Buffer
);
1373 /******************************************************************************
1374 * CredReadA [ADVAPI32.@]
1376 BOOL WINAPI
CredReadA(LPCSTR TargetName
, DWORD Type
, DWORD Flags
, PCREDENTIALA
*Credential
)
1379 PCREDENTIALW CredentialW
;
1382 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_a(TargetName
), Type
, Flags
, Credential
);
1386 SetLastError(ERROR_INVALID_PARAMETER
);
1390 len
= MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, NULL
, 0);
1391 TargetNameW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1394 SetLastError(ERROR_OUTOFMEMORY
);
1397 MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, TargetNameW
, len
);
1399 if (!CredReadW(TargetNameW
, Type
, Flags
, &CredentialW
))
1401 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1404 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1406 len
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW
, NULL
, 0);
1407 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1410 SetLastError(ERROR_OUTOFMEMORY
);
1413 convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW
, *Credential
, len
);
1415 CredFree(CredentialW
);
1420 /******************************************************************************
1421 * CredReadW [ADVAPI32.@]
1423 BOOL WINAPI
CredReadW(LPCWSTR TargetName
, DWORD Type
, DWORD Flags
, PCREDENTIALW
*Credential
)
1430 BYTE key_data
[KEY_SIZE
];
1432 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_w(TargetName
), Type
, Flags
, Credential
);
1436 SetLastError(ERROR_INVALID_PARAMETER
);
1440 if (Type
!= CRED_TYPE_GENERIC
&& Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1442 FIXME("unhandled type %d\n", Type
);
1443 SetLastError(ERROR_INVALID_PARAMETER
);
1449 FIXME("unhandled flags 0x%x\n", Flags
);
1450 SetLastError(ERROR_INVALID_FLAGS
);
1455 if (Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1458 SecKeychainSearchRef search
;
1459 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
1460 if (status
== noErr
)
1462 SecKeychainItemRef item
;
1463 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
1465 SecKeychainAttributeInfo info
;
1466 SecKeychainAttributeList
*attr_list
;
1467 UInt32 info_tags
[] = { kSecServerItemAttr
};
1470 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
1471 info
.tag
= info_tags
;
1473 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
1474 len
= sizeof(**Credential
);
1475 if (status
!= noErr
)
1477 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
1480 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
)
1485 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, NULL
, 0);
1486 target_name
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
1487 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, target_name
, str_len
);
1489 target_name
[str_len
] = '\0';
1490 if (strcmpiW(TargetName
, target_name
))
1493 HeapFree(GetProcessHeap(), 0, target_name
);
1496 HeapFree(GetProcessHeap(), 0, target_name
);
1497 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
1498 ret
= mac_read_credential_from_item(item
, TRUE
, NULL
, NULL
, &len
);
1499 if (ret
== ERROR_SUCCESS
)
1501 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1504 len
= sizeof(**Credential
);
1505 ret
= mac_read_credential_from_item(item
, TRUE
, *Credential
,
1506 (char *)(*Credential
+ 1), &len
);
1509 ret
= ERROR_OUTOFMEMORY
;
1512 if (ret
!= ERROR_SUCCESS
)
1526 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1527 if (ret
!= ERROR_SUCCESS
)
1529 WARN("couldn't open/create manager key, error %d\n", ret
);
1530 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1534 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1535 if (ret
!= ERROR_SUCCESS
)
1537 RegCloseKey(hkeyMgr
);
1542 key_name
= get_key_name_for_target(TargetName
, Type
);
1543 ret
= RegOpenKeyExW(hkeyMgr
, key_name
, 0, KEY_QUERY_VALUE
, &hkeyCred
);
1544 HeapFree(GetProcessHeap(), 0, key_name
);
1545 if (ret
!= ERROR_SUCCESS
)
1547 TRACE("credentials for target name %s not found\n", debugstr_w(TargetName
));
1548 SetLastError(ERROR_NOT_FOUND
);
1552 len
= sizeof(**Credential
);
1553 ret
= registry_read_credential(hkeyCred
, NULL
, key_data
, NULL
, &len
);
1554 if (ret
== ERROR_SUCCESS
)
1556 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1559 len
= sizeof(**Credential
);
1560 ret
= registry_read_credential(hkeyCred
, *Credential
, key_data
,
1561 (char *)(*Credential
+ 1), &len
);
1564 ret
= ERROR_OUTOFMEMORY
;
1567 RegCloseKey(hkeyCred
);
1568 RegCloseKey(hkeyMgr
);
1570 if (ret
!= ERROR_SUCCESS
)
1578 /******************************************************************************
1579 * CredReadDomainCredentialsA [ADVAPI32.@]
1581 BOOL WINAPI
CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInformation
,
1582 DWORD Flags
, DWORD
*Size
, PCREDENTIALA
**Credentials
)
1584 PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW
;
1587 WCHAR
*buffer
, *end
;
1589 PCREDENTIALW
* CredentialsW
;
1591 TRACE("(%p, 0x%x, %p, %p)\n", TargetInformation
, Flags
, Size
, Credentials
);
1593 /* follow Windows behavior - do not test for NULL, initialize early */
1595 *Credentials
= NULL
;
1597 if (!TargetInformation
)
1599 SetLastError(ERROR_INVALID_PARAMETER
);
1603 len
= sizeof(*TargetInformationW
);
1604 if (TargetInformation
->TargetName
)
1605 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->TargetName
, -1, NULL
, 0) * sizeof(WCHAR
);
1606 if (TargetInformation
->NetbiosServerName
)
1607 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosServerName
, -1, NULL
, 0) * sizeof(WCHAR
);
1608 if (TargetInformation
->DnsServerName
)
1609 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsServerName
, -1, NULL
, 0) * sizeof(WCHAR
);
1610 if (TargetInformation
->NetbiosDomainName
)
1611 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosDomainName
, -1, NULL
, 0) * sizeof(WCHAR
);
1612 if (TargetInformation
->DnsDomainName
)
1613 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsDomainName
, -1, NULL
, 0) * sizeof(WCHAR
);
1614 if (TargetInformation
->DnsTreeName
)
1615 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsTreeName
, -1, NULL
, 0) * sizeof(WCHAR
);
1616 if (TargetInformation
->PackageName
)
1617 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->PackageName
, -1, NULL
, 0) * sizeof(WCHAR
);
1619 TargetInformationW
= HeapAlloc(GetProcessHeap(), 0, len
);
1620 if (!TargetInformationW
)
1622 SetLastError(ERROR_OUTOFMEMORY
);
1625 buffer
= (WCHAR
*)(TargetInformationW
+ 1);
1626 end
= (WCHAR
*)((char *)TargetInformationW
+ len
);
1628 if (TargetInformation
->TargetName
)
1630 TargetInformationW
->TargetName
= buffer
;
1631 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->TargetName
, -1,
1632 TargetInformationW
->TargetName
, end
- buffer
);
1634 TargetInformationW
->TargetName
= NULL
;
1636 if (TargetInformation
->NetbiosServerName
)
1638 TargetInformationW
->NetbiosServerName
= buffer
;
1639 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosServerName
, -1,
1640 TargetInformationW
->NetbiosServerName
, end
- buffer
);
1642 TargetInformationW
->NetbiosServerName
= NULL
;
1644 if (TargetInformation
->DnsServerName
)
1646 TargetInformationW
->DnsServerName
= buffer
;
1647 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsServerName
, -1,
1648 TargetInformationW
->DnsServerName
, end
- buffer
);
1650 TargetInformationW
->DnsServerName
= NULL
;
1652 if (TargetInformation
->NetbiosDomainName
)
1654 TargetInformationW
->NetbiosDomainName
= buffer
;
1655 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosDomainName
, -1,
1656 TargetInformationW
->NetbiosDomainName
, end
- buffer
);
1658 TargetInformationW
->NetbiosDomainName
= NULL
;
1660 if (TargetInformation
->DnsDomainName
)
1662 TargetInformationW
->DnsDomainName
= buffer
;
1663 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsDomainName
, -1,
1664 TargetInformationW
->DnsDomainName
, end
- buffer
);
1666 TargetInformationW
->DnsDomainName
= NULL
;
1668 if (TargetInformation
->DnsTreeName
)
1670 TargetInformationW
->DnsTreeName
= buffer
;
1671 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsTreeName
, -1,
1672 TargetInformationW
->DnsTreeName
, end
- buffer
);
1674 TargetInformationW
->DnsTreeName
= NULL
;
1676 if (TargetInformation
->PackageName
)
1678 TargetInformationW
->PackageName
= buffer
;
1679 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->PackageName
, -1,
1680 TargetInformationW
->PackageName
, end
- buffer
);
1682 TargetInformationW
->PackageName
= NULL
;
1684 TargetInformationW
->Flags
= TargetInformation
->Flags
;
1685 TargetInformationW
->CredTypeCount
= TargetInformation
->CredTypeCount
;
1686 TargetInformationW
->CredTypes
= TargetInformation
->CredTypes
;
1688 ret
= CredReadDomainCredentialsW(TargetInformationW
, Flags
, Size
, &CredentialsW
);
1690 HeapFree(GetProcessHeap(), 0, TargetInformationW
);
1697 len
= *Size
* sizeof(PCREDENTIALA
);
1698 for (i
= 0; i
< *Size
; i
++)
1699 len
+= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], NULL
, 0);
1701 *Credentials
= HeapAlloc(GetProcessHeap(), 0, len
);
1704 CredFree(CredentialsW
);
1705 SetLastError(ERROR_OUTOFMEMORY
);
1709 buf
= (char *)&(*Credentials
)[*Size
];
1710 len
-= *Size
* sizeof(PCREDENTIALA
);
1711 for (i
= 0; i
< *Size
; i
++)
1713 (*Credentials
)[i
] = (PCREDENTIALA
)buf
;
1714 needed
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], (*Credentials
)[i
], len
);
1719 CredFree(CredentialsW
);
1724 /******************************************************************************
1725 * CredReadDomainCredentialsW [ADVAPI32.@]
1727 BOOL WINAPI
CredReadDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInformation
, DWORD Flags
,
1728 DWORD
*Size
, PCREDENTIALW
**Credentials
)
1730 FIXME("(%p, 0x%x, %p, %p) stub\n", TargetInformation
, Flags
, Size
, Credentials
);
1732 /* follow Windows behavior - do not test for NULL, initialize early */
1734 *Credentials
= NULL
;
1735 if (!TargetInformation
)
1737 SetLastError(ERROR_INVALID_PARAMETER
);
1741 SetLastError(ERROR_NOT_FOUND
);
1745 /******************************************************************************
1746 * CredWriteA [ADVAPI32.@]
1748 BOOL WINAPI
CredWriteA(PCREDENTIALA Credential
, DWORD Flags
)
1752 PCREDENTIALW CredentialW
;
1754 TRACE("(%p, 0x%x)\n", Credential
, Flags
);
1756 if (!Credential
|| !Credential
->TargetName
)
1758 SetLastError(ERROR_INVALID_PARAMETER
);
1762 len
= convert_PCREDENTIALA_to_PCREDENTIALW(Credential
, NULL
, 0);
1763 CredentialW
= HeapAlloc(GetProcessHeap(), 0, len
);
1766 SetLastError(ERROR_OUTOFMEMORY
);
1770 convert_PCREDENTIALA_to_PCREDENTIALW(Credential
, CredentialW
, len
);
1772 ret
= CredWriteW(CredentialW
, Flags
);
1774 HeapFree(GetProcessHeap(), 0, CredentialW
);
1779 /******************************************************************************
1780 * CredWriteW [ADVAPI32.@]
1782 BOOL WINAPI
CredWriteW(PCREDENTIALW Credential
, DWORD Flags
)
1788 BYTE key_data
[KEY_SIZE
];
1790 TRACE("(%p, 0x%x)\n", Credential
, Flags
);
1792 if (!Credential
|| !Credential
->TargetName
)
1794 SetLastError(ERROR_INVALID_PARAMETER
);
1798 if (Flags
& ~CRED_PRESERVE_CREDENTIAL_BLOB
)
1800 FIXME("unhandled flags 0x%x\n", Flags
);
1801 SetLastError(ERROR_INVALID_FLAGS
);
1805 if (Credential
->Type
!= CRED_TYPE_GENERIC
&& Credential
->Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1807 FIXME("unhandled type %d\n", Credential
->Type
);
1808 SetLastError(ERROR_INVALID_PARAMETER
);
1812 TRACE("Credential->TargetName = %s\n", debugstr_w(Credential
->TargetName
));
1813 TRACE("Credential->UserName = %s\n", debugstr_w(Credential
->UserName
));
1815 if (Credential
->Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1817 if (!Credential
->UserName
||
1818 (!strchrW(Credential
->UserName
, '\\') && !strchrW(Credential
->UserName
, '@')))
1820 ERR("bad username %s\n", debugstr_w(Credential
->UserName
));
1821 SetLastError(ERROR_BAD_USERNAME
);
1827 if (!Credential
->AttributeCount
&&
1828 Credential
->Type
== CRED_TYPE_DOMAIN_PASSWORD
&&
1829 (Credential
->Persist
== CRED_PERSIST_LOCAL_MACHINE
|| Credential
->Persist
== CRED_PERSIST_ENTERPRISE
))
1831 ret
= mac_write_credential(Credential
, Flags
& CRED_PRESERVE_CREDENTIAL_BLOB
);
1832 if (ret
!= ERROR_SUCCESS
)
1841 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1842 if (ret
!= ERROR_SUCCESS
)
1844 WARN("couldn't open/create manager key, error %d\n", ret
);
1845 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1849 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1850 if (ret
!= ERROR_SUCCESS
)
1852 RegCloseKey(hkeyMgr
);
1857 key_name
= get_key_name_for_target(Credential
->TargetName
, Credential
->Type
);
1858 ret
= RegCreateKeyExW(hkeyMgr
, key_name
, 0, NULL
,
1859 Credential
->Persist
== CRED_PERSIST_SESSION
? REG_OPTION_VOLATILE
: REG_OPTION_NON_VOLATILE
,
1860 KEY_READ
|KEY_WRITE
, NULL
, &hkeyCred
, NULL
);
1861 HeapFree(GetProcessHeap(), 0, key_name
);
1862 if (ret
!= ERROR_SUCCESS
)
1864 TRACE("credentials for target name %s not found\n",
1865 debugstr_w(Credential
->TargetName
));
1866 SetLastError(ERROR_NOT_FOUND
);
1870 ret
= registry_write_credential(hkeyCred
, Credential
, key_data
,
1871 Flags
& CRED_PRESERVE_CREDENTIAL_BLOB
);
1873 RegCloseKey(hkeyCred
);
1874 RegCloseKey(hkeyMgr
);
1876 if (ret
!= ERROR_SUCCESS
)
1884 /******************************************************************************
1885 * CredGetSessionTypes [ADVAPI32.@]
1887 WINADVAPI BOOL WINAPI
CredGetSessionTypes(DWORD persistCount
, LPDWORD persists
)
1889 TRACE("(%u, %p)\n", persistCount
, persists
);
1891 memset(persists
, CRED_PERSIST_NONE
, persistCount
*sizeof(*persists
));
1892 if (CRED_TYPE_GENERIC
< persistCount
)
1894 persists
[CRED_TYPE_GENERIC
] = CRED_PERSIST_ENTERPRISE
;
1896 if (CRED_TYPE_DOMAIN_PASSWORD
< persistCount
)
1898 persists
[CRED_TYPE_DOMAIN_PASSWORD
] = CRED_PERSIST_ENTERPRISE
;