Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/src/advapi32/cred.c@ 21362

Visit:

Last change on this file since 21362 was 21362, checked in by vladest, 15 years ago

ADVAPI32:

added cred.c, recuired for security interface
added some externals, required for security interface

File size: 57.8 KB

Line
1	/*
2	* Credential Management APIs
3	*
4	* Copyright 2007 Robert Shearman for CodeWeavers
5	*
6	* This library is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU Lesser General Public
8	* License as published by the Free Software Foundation; either
9	* version 2.1 of the License, or (at your option) any later version.
10	*
11	* This library is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14	* Lesser General Public License for more details.
15	*
16	* You should have received a copy of the GNU Lesser General Public
17	* License along with this library; if not, write to the Free Software
18	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19	*/
20
21	#include <stdarg.h>
22	#include <time.h>
23
24	#include "windef.h"
25	#include "winbase.h"
26	#include "winreg.h"
27	#include "wincred.h"
28	#include "winternl.h"
29
30	#ifdef __APPLE__
31	# include <Security/SecKeychain.h>
32	# include <Security/SecKeychainItem.h>
33	# include <Security/SecKeychainSearch.h>
34	#endif
35
36	#include "crypt.h"
37
38	#include "wine/unicode.h"
39	#include "wine/debug.h"
40	#include "winerror.h"
41	WINE_DEFAULT_DEBUG_CHANNEL(cred);
42
43	/* the size of the ARC4 key used to encrypt the password data */
44	#define KEY_SIZE 8
45
46	static const WCHAR wszCredentialManagerKey[] = {'S','o','f','t','w','a','r','e','\\','W','i','n','e','\\',
47	'C','r','e','d','e','n','t','i','a','l',' ','M','a','n','a','g','e','r',0};
48	static const WCHAR wszEncryptionKeyValue[] = {'E','n','c','r','y','p','t','i','o','n','K','e','y',0};
49
50	static const WCHAR wszFlagsValue[] = {'F','l','a','g','s',0};
51	static const WCHAR wszTypeValue[] = {'T','y','p','e',0};
52	static const WCHAR wszCommentValue[] = {'C','o','m','m','e','n','t',0};
53	static const WCHAR wszLastWrittenValue[] = {'L','a','s','t','W','r','i','t','t','e','n',0};
54	static const WCHAR wszPersistValue[] = {'P','e','r','s','i','s','t',0};
55	static const WCHAR wszTargetAliasValue[] = {'T','a','r','g','e','t','A','l','i','a','s',0};
56	static const WCHAR wszUserNameValue[] = {'U','s','e','r','N','a','m','e',0};
57	static const WCHAR wszPasswordValue[] = {'P','a','s','s','w','o','r','d',0};
58
59	static DWORD read_credential_blob(HKEY hkey, const BYTE key_data[KEY_SIZE],
60	LPBYTE credential_blob,
61	DWORD *credential_blob_size)
62	{
63	DWORD ret;
64	DWORD type;
65
66	*credential_blob_size = 0;
67	ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, NULL, credential_blob_size);
68	if (ret != ERROR_SUCCESS)
69	return ret;
70	else if (type != REG_BINARY)
71	return ERROR_REGISTRY_CORRUPT;
72	if (credential_blob)
73	{
74	struct ustring data;
75	struct ustring key;
76
77	ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, (LPVOID)credential_blob,
78	credential_blob_size);
79	if (ret != ERROR_SUCCESS)
80	return ret;
81	else if (type != REG_BINARY)
82	return ERROR_REGISTRY_CORRUPT;
83
84	key.Length = key.MaximumLength = KEY_SIZE;
85	key.Buffer = (unsigned char *)key_data;
86
87	data.Length = data.MaximumLength = *credential_blob_size;
88	data.Buffer = credential_blob;
89	SystemFunction032(&data, &key);
90	}
91	return ERROR_SUCCESS;
92	}
93
94	static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential,
95	const BYTE key_data[KEY_SIZE],
96	char buffer, DWORD len)
97	{
98	DWORD type;
99	DWORD ret;
100	DWORD count;
101
102	ret = RegQueryValueExW(hkey, NULL, 0, &type, NULL, &count);
103	if (ret != ERROR_SUCCESS)
104	return ret;
105	else if (type != REG_SZ)
106	return ERROR_REGISTRY_CORRUPT;
107	*len += count;
108	if (credential)
109	{
110	credential->TargetName = (LPWSTR)buffer;
111	ret = RegQueryValueExW(hkey, NULL, 0, &type, (LPVOID)credential->TargetName,
112	&count);
113	if (ret != ERROR_SUCCESS \|\| type != REG_SZ) return ret;
114	buffer += count;
115	}
116
117	ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, NULL, &count);
118	if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
119	return ret;
120	else if (type != REG_SZ)
121	return ERROR_REGISTRY_CORRUPT;
122	*len += count;
123	if (credential)
124	{
125	credential->Comment = (LPWSTR)buffer;
126	ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, (LPVOID)credential->Comment,
127	&count);
128	if (ret == ERROR_FILE_NOT_FOUND)
129	credential->Comment = NULL;
130	else if (ret != ERROR_SUCCESS)
131	return ret;
132	else if (type != REG_SZ)
133	return ERROR_REGISTRY_CORRUPT;
134	else
135	buffer += count;
136	}
137
138	ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, NULL, &count);
139	if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
140	return ret;
141	else if (type != REG_SZ)
142	return ERROR_REGISTRY_CORRUPT;
143	*len += count;
144	if (credential)
145	{
146	credential->TargetAlias = (LPWSTR)buffer;
147	ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, (LPVOID)credential->TargetAlias,
148	&count);
149	if (ret == ERROR_FILE_NOT_FOUND)
150	credential->TargetAlias = NULL;
151	else if (ret != ERROR_SUCCESS)
152	return ret;
153	else if (type != REG_SZ)
154	return ERROR_REGISTRY_CORRUPT;
155	else
156	buffer += count;
157	}
158
159	ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, NULL, &count);
160	if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
161	return ret;
162	else if (type != REG_SZ)
163	return ERROR_REGISTRY_CORRUPT;
164	*len += count;
165	if (credential)
166	{
167	credential->UserName = (LPWSTR)buffer;
168	ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, (LPVOID)credential->UserName,
169	&count);
170	if (ret == ERROR_FILE_NOT_FOUND)
171	credential->UserName = NULL;
172	else if (ret != ERROR_SUCCESS)
173	return ret;
174	else if (type != REG_SZ)
175	return ERROR_REGISTRY_CORRUPT;
176	else
177	buffer += count;
178	}
179
180	ret = read_credential_blob(hkey, key_data, NULL, &count);
181	if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
182	return ret;
183	*len += count;
184	if (credential)
185	{
186	credential->CredentialBlob = (LPBYTE)buffer;
187	ret = read_credential_blob(hkey, key_data, credential->CredentialBlob, &count);
188	if (ret == ERROR_FILE_NOT_FOUND)
189	credential->CredentialBlob = NULL;
190	else if (ret != ERROR_SUCCESS)
191	return ret;
192	credential->CredentialBlobSize = count;
193	buffer += count;
194	}
195
196	/* FIXME: Attributes */
197	if (credential)
198	{
199	credential->AttributeCount = 0;
200	credential->Attributes = NULL;
201	}
202
203	if (!credential) return ERROR_SUCCESS;
204
205	count = sizeof(credential->Flags);
206	ret = RegQueryValueExW(hkey, wszFlagsValue, NULL, &type, (LPVOID)&credential->Flags,
207	&count);
208	if (ret != ERROR_SUCCESS)
209	return ret;
210	else if (type != REG_DWORD)
211	return ERROR_REGISTRY_CORRUPT;
212	count = sizeof(credential->Type);
213	ret = RegQueryValueExW(hkey, wszTypeValue, NULL, &type, (LPVOID)&credential->Type,
214	&count);
215	if (ret != ERROR_SUCCESS)
216	return ret;
217	else if (type != REG_DWORD)
218	return ERROR_REGISTRY_CORRUPT;
219
220	count = sizeof(credential->LastWritten);
221	ret = RegQueryValueExW(hkey, wszLastWrittenValue, NULL, &type, (LPVOID)&credential->LastWritten,
222	&count);
223	if (ret != ERROR_SUCCESS)
224	return ret;
225	else if (type != REG_BINARY)
226	return ERROR_REGISTRY_CORRUPT;
227	count = sizeof(credential->Persist);
228	ret = RegQueryValueExW(hkey, wszPersistValue, NULL, &type, (LPVOID)&credential->Persist,
229	&count);
230	if (ret == ERROR_SUCCESS && type != REG_DWORD)
231	return ERROR_REGISTRY_CORRUPT;
232	return ret;
233	}
234
235	#ifdef __APPLE__
236	static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require_password,
237	PCREDENTIALW credential, char *buffer,
238	DWORD *len)
239	{
240	OSStatus status;
241	UInt32 i;
242	UInt32 cred_blob_len;
243	void *cred_blob;
244	LPWSTR domain = NULL;
245	LPWSTR user = NULL;
246	BOOL user_name_present = FALSE;
247	SecKeychainAttributeInfo info;
248	SecKeychainAttributeList *attr_list;
249	UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr,
250	kSecCommentItemAttr, kSecCreationDateItemAttr };
251	info.count = sizeof(info_tags)/sizeof(info_tags[0]);
252	info.tag = info_tags;
253	info.format = NULL;
254	status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, &cred_blob);
255	if (status == errSecAuthFailed && !require_password)
256	{
257	cred_blob_len = 0;
258	cred_blob = NULL;
259	status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, NULL);
260	}
261	if (status != noErr)
262	{
263	WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
264	return ERROR_NOT_FOUND;
265	}
266
267	for (i = 0; i < attr_list->count; i++)
268	if (attr_list->attr[i].tag == kSecAccountItemAttr && attr_list->attr[i].data)
269	{
270	user_name_present = TRUE;
271	break;
272	}
273	if (!user_name_present)
274	{
275	WARN("no kSecAccountItemAttr for item\n");
276	return ERROR_NOT_FOUND;
277	}
278
279	if (buffer)
280	{
281	credential->Flags = 0;
282	credential->Type = CRED_TYPE_DOMAIN_PASSWORD;
283	credential->TargetName = NULL;
284	credential->Comment = NULL;
285	memset(&credential->LastWritten, 0, sizeof(credential->LastWritten));
286	credential->CredentialBlobSize = 0;
287	credential->CredentialBlob = NULL;
288	credential->Persist = CRED_PERSIST_LOCAL_MACHINE;
289	credential->AttributeCount = 0;
290	credential->Attributes = NULL;
291	credential->TargetAlias = NULL;
292	credential->UserName = NULL;
293	}
294	for (i = 0; i < attr_list->count; i++)
295	{
296	switch (attr_list->attr[i].tag)
297	{
298	case kSecServerItemAttr:
299	TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list->attr[i].length,
300	(char *)attr_list->attr[i].data);
301	if (!attr_list->attr[i].data) continue;
302	if (buffer)
303	{
304	INT str_len;
305	credential->TargetName = (LPWSTR)buffer;
306	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
307	attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
308	credential->TargetName[str_len] = '\0';
309	buffer += (str_len + 1) * sizeof(WCHAR);
310	len += (str_len + 1) sizeof(WCHAR);
311	}
312	else
313	{
314	INT str_len;
315	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
316	attr_list->attr[i].length, NULL, 0);
317	len += (str_len + 1) sizeof(WCHAR);
318	}
319	break;
320	case kSecAccountItemAttr:
321	{
322	INT str_len;
323	TRACE("kSecAccountItemAttr: %.*s\n", (int)attr_list->attr[i].length,
324	(char *)attr_list->attr[i].data);
325	if (!attr_list->attr[i].data) continue;
326	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
327	attr_list->attr[i].length, NULL, 0);
328	user = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
329	MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
330	attr_list->attr[i].length, user, str_len);
331	user[str_len] = '\0';
332	break;
333	}
334	case kSecCommentItemAttr:
335	TRACE("kSecCommentItemAttr: %.*s\n", (int)attr_list->attr[i].length,
336	(char *)attr_list->attr[i].data);
337	if (!attr_list->attr[i].data) continue;
338	if (buffer)
339	{
340	INT str_len;
341	credential->Comment = (LPWSTR)buffer;
342	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
343	attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
344	credential->Comment[str_len] = '\0';
345	buffer += (str_len + 1) * sizeof(WCHAR);
346	len += (str_len + 1) sizeof(WCHAR);
347	}
348	else
349	{
350	INT str_len;
351	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
352	attr_list->attr[i].length, NULL, 0);
353	len += (str_len + 1) sizeof(WCHAR);
354	}
355	break;
356	case kSecSecurityDomainItemAttr:
357	{
358	INT str_len;
359	TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list->attr[i].length,
360	(char *)attr_list->attr[i].data);
361	if (!attr_list->attr[i].data) continue;
362	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
363	attr_list->attr[i].length, NULL, 0);
364	domain = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
365	MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
366	attr_list->attr[i].length, domain, str_len);
367	domain[str_len] = '\0';
368	break;
369	}
370	case kSecCreationDateItemAttr:
371	TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length,
372	(char *)attr_list->attr[i].data);
373	if (buffer)
374	{
375	LARGE_INTEGER win_time;
376	struct tm tm;
377	time_t time;
378	memset(&tm, 0, sizeof(tm));
379	strptime(attr_list->attr[i].data, "%Y%m%d%H%M%SZ", &tm);
380	time = mktime(&tm);
381	RtlSecondsSince1970ToTime(time, &win_time);
382	credential->LastWritten.dwLowDateTime = win_time.u.LowPart;
383	credential->LastWritten.dwHighDateTime = win_time.u.HighPart;
384	}
385	break;
386	}
387	}
388
389	if (user)
390	{
391	INT str_len;
392	if (buffer)
393	credential->UserName = (LPWSTR)buffer;
394	if (domain)
395	{
396	str_len = strlenW(domain);
397	len += (str_len + 1) sizeof(WCHAR);
398	if (buffer)
399	{
400	memcpy(credential->UserName, domain, str_len * sizeof(WCHAR));
401	/* FIXME: figure out when to use an '@' */
402	credential->UserName[str_len] = '\\';
403	buffer += (str_len + 1) * sizeof(WCHAR);
404	}
405	}
406	str_len = strlenW(user);
407	len += (str_len + 1) sizeof(WCHAR);
408	if (buffer)
409	{
410	memcpy(buffer, user, (str_len + 1) * sizeof(WCHAR));
411	buffer += (str_len + 1) * sizeof(WCHAR);
412	TRACE("UserName = %s\n", debugstr_w(credential->UserName));
413	}
414	}
415	HeapFree(GetProcessHeap(), 0, user);
416	HeapFree(GetProcessHeap(), 0, domain);
417
418	if (cred_blob)
419	{
420	if (buffer)
421	{
422	INT str_len;
423	credential->CredentialBlob = (BYTE *)buffer;
424	str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
425	(LPWSTR)buffer, 0xffff);
426	credential->CredentialBlobSize = str_len * sizeof(WCHAR);
427	buffer += str_len * sizeof(WCHAR);
428	len += str_len sizeof(WCHAR);
429	}
430	else
431	{
432	INT str_len;
433	str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
434	NULL, 0);
435	len += str_len sizeof(WCHAR);
436	}
437	}
438	SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
439	return ERROR_SUCCESS;
440	}
441	#endif
442
443	static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
444	const BYTE key_data[KEY_SIZE],
445	const BYTE *credential_blob, DWORD credential_blob_size)
446	{
447	LPBYTE encrypted_credential_blob;
448	struct ustring data;
449	struct ustring key;
450	DWORD ret;
451
452	key.Length = key.MaximumLength = KEY_SIZE;
453	key.Buffer = (unsigned char *)key_data;
454
455	encrypted_credential_blob = HeapAlloc(GetProcessHeap(), 0, credential_blob_size);
456	if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY;
457
458	memcpy(encrypted_credential_blob, credential_blob, credential_blob_size);
459	data.Length = data.MaximumLength = credential_blob_size;
460	data.Buffer = encrypted_credential_blob;
461	SystemFunction032(&data, &key);
462
463	ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, (LPVOID)encrypted_credential_blob, credential_blob_size);
464	HeapFree(GetProcessHeap(), 0, encrypted_credential_blob);
465
466	return ret;
467	}
468
469	static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
470	const BYTE key_data[KEY_SIZE], BOOL preserve_blob)
471	{
472	DWORD ret;
473	FILETIME LastWritten;
474
475	GetSystemTimeAsFileTime(&LastWritten);
476
477	ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (LPVOID)&credential->Flags,
478	sizeof(credential->Flags));
479	if (ret != ERROR_SUCCESS) return ret;
480	ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (LPVOID)&credential->Type,
481	sizeof(credential->Type));
482	if (ret != ERROR_SUCCESS) return ret;
483	ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName,
484	sizeof(WCHAR)*(strlenW(credential->TargetName)+1));
485	if (ret != ERROR_SUCCESS) return ret;
486	if (credential->Comment)
487	{
488	ret = RegSetValueExW(hkey, wszCommentValue, 0, REG_SZ, (LPVOID)credential->Comment,
489	sizeof(WCHAR)*(strlenW(credential->Comment)+1));
490	if (ret != ERROR_SUCCESS) return ret;
491	}
492	ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten,
493	sizeof(LastWritten));
494	if (ret != ERROR_SUCCESS) return ret;
495	ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (LPVOID)&credential->Persist,
496	sizeof(credential->Persist));
497	if (ret != ERROR_SUCCESS) return ret;
498	/* FIXME: Attributes */
499	if (credential->TargetAlias)
500	{
501	ret = RegSetValueExW(hkey, wszTargetAliasValue, 0, REG_SZ, (LPVOID)credential->TargetAlias,
502	sizeof(WCHAR)*(strlenW(credential->TargetAlias)+1));
503	if (ret != ERROR_SUCCESS) return ret;
504	}
505	if (credential->UserName)
506	{
507	ret = RegSetValueExW(hkey, wszUserNameValue, 0, REG_SZ, (LPVOID)credential->UserName,
508	sizeof(WCHAR)*(strlenW(credential->UserName)+1));
509	if (ret != ERROR_SUCCESS) return ret;
510	}
511	if (!preserve_blob)
512	{
513	ret = write_credential_blob(hkey, credential->TargetName, credential->Type,
514	key_data, credential->CredentialBlob,
515	credential->CredentialBlobSize);
516	}
517	return ret;
518	}
519
520	#ifdef __APPLE__
521	static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_blob)
522	{
523	OSStatus status;
524	SecKeychainItemRef keychain_item;
525	char *username;
526	char *domain = NULL;
527	char *password;
528	char *servername;
529	UInt32 userlen;
530	UInt32 domainlen = 0;
531	UInt32 pwlen;
532	UInt32 serverlen;
533	LPCWSTR p;
534	SecKeychainAttribute attrs[1];
535	SecKeychainAttributeList attr_list;
536
537	if (credential->Flags)
538	FIXME("Flags 0x%x not written\n", credential->Flags);
539	if (credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
540	FIXME("credential type of %d not supported\n", credential->Type);
541	if (credential->Persist != CRED_PERSIST_LOCAL_MACHINE)
542	FIXME("persist value of %d not supported\n", credential->Persist);
543	if (credential->AttributeCount)
544	FIXME("custom attributes not supported\n");
545
546	p = strchrW(credential->UserName, '\\');
547	if (p)
548	{
549	domainlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName,
550	p - credential->UserName, NULL, 0, NULL, NULL);
551	domain = HeapAlloc(GetProcessHeap(), 0, (domainlen + 1) * sizeof(*domain));
552	WideCharToMultiByte(CP_UTF8, 0, credential->UserName, p - credential->UserName,
553	domain, domainlen, NULL, NULL);
554	domain[domainlen] = '\0';
555	p++;
556	}
557	else
558	p = credential->UserName;
559	userlen = WideCharToMultiByte(CP_UTF8, 0, p, -1, NULL, 0, NULL, NULL);
560	username = HeapAlloc(GetProcessHeap(), 0, userlen * sizeof(*username));
561	WideCharToMultiByte(CP_UTF8, 0, p, -1, username, userlen, NULL, NULL);
562
563	serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL);
564	servername = HeapAlloc(GetProcessHeap(), 0, serverlen * sizeof(*servername));
565	WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL);
566	pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
567	credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL);
568	password = HeapAlloc(GetProcessHeap(), 0, pwlen * sizeof(*domain));
569	WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
570	credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL);
571
572	TRACE("adding server %s, domain %s, username %s using Keychain\n", servername, domain, username);
573	status = SecKeychainAddInternetPassword(NULL, strlen(servername), servername,
574	strlen(domain), domain, strlen(username),
575	username, 0, NULL, 0,
576	0 /* no protocol */,
577	kSecAuthenticationTypeDefault,
578	strlen(password), password, &keychain_item);
579	if (status != noErr)
580	ERR("SecKeychainAddInternetPassword returned %ld\n", status);
581	if (status == errSecDuplicateItem)
582	{
583	SecKeychainItemRef keychain_item;
584
585	status = SecKeychainFindInternetPassword(NULL, strlen(servername), servername,
586	strlen(domain), domain,
587	strlen(username), username,
588	0, NULL /* any path */, 0,
589	0 /* any protocol */,
590	0 /* any authentication type */,
591	0, NULL, &keychain_item);
592	if (status != noErr)
593	ERR("SecKeychainFindInternetPassword returned %ld\n", status);
594	}
595	HeapFree(GetProcessHeap(), 0, domain);
596	HeapFree(GetProcessHeap(), 0, username);
597	HeapFree(GetProcessHeap(), 0, servername);
598	if (status != noErr)
599	{
600	HeapFree(GetProcessHeap(), 0, password);
601	return ERROR_GEN_FAILURE;
602	}
603	if (credential->Comment)
604	{
605	attr_list.count = 1;
606	attr_list.attr = attrs;
607	attrs[0].tag = kSecCommentItemAttr;
608	attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL);
609	if (attrs[0].length) attrs[0].length--;
610	attrs[0].data = HeapAlloc(GetProcessHeap(), 0, attrs[0].length);
611	WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL);
612	}
613	else
614	{
615	attr_list.count = 0;
616	attr_list.attr = NULL;
617	}
618	status = SecKeychainItemModifyAttributesAndData(keychain_item, &attr_list,
619	preserve_blob ? 0 : strlen(password),
620	preserve_blob ? NULL : password);
621	if (credential->Comment)
622	HeapFree(GetProcessHeap(), 0, attrs[0].data);
623	HeapFree(GetProcessHeap(), 0, password);
624	/* FIXME: set TargetAlias attribute */
625	CFRelease(keychain_item);
626	return ERROR_SUCCESS;
627	}
628	#endif
629
630	static DWORD open_cred_mgr_key(HKEY *hkey, BOOL open_for_write)
631	{
632	return RegCreateKeyExW(HKEY_CURRENT_USER, wszCredentialManagerKey, 0,
633	NULL, REG_OPTION_NON_VOLATILE,
634	KEY_READ \| (open_for_write ? KEY_WRITE : 0), NULL, hkey, NULL);
635	}
636
637	static DWORD get_cred_mgr_encryption_key(HKEY hkeyMgr, BYTE key_data[KEY_SIZE])
638	{
639	static const BYTE my_key_data[KEY_SIZE] = { 0 };
640	DWORD type;
641	DWORD count;
642	FILETIME ft;
643	ULONG seed;
644	ULONG value;
645	DWORD ret;
646
647	memcpy(key_data, my_key_data, KEY_SIZE);
648
649	count = KEY_SIZE;
650	ret = RegQueryValueExW(hkeyMgr, wszEncryptionKeyValue, NULL, &type, (LPVOID)key_data,
651	&count);
652	if (ret == ERROR_SUCCESS)
653	{
654	if (type != REG_BINARY)
655	return ERROR_REGISTRY_CORRUPT;
656	else
657	return ERROR_SUCCESS;
658	}
659	if (ret != ERROR_FILE_NOT_FOUND)
660	return ret;
661
662	GetSystemTimeAsFileTime(&ft);
663	seed = ft.dwLowDateTime;
664	value = RtlUniform(&seed);
665	(DWORD )key_data = value;
666	seed = ft.dwHighDateTime;
667	value = RtlUniform(&seed);
668	(DWORD )(key_data + 4) = value;
669
670	ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
671	(LPVOID)key_data, KEY_SIZE);
672	if (ret == ERROR_ACCESS_DENIED)
673	{
674	ret = open_cred_mgr_key(&hkeyMgr, TRUE);
675	if (ret == ERROR_SUCCESS)
676	{
677	ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
678	(LPVOID)key_data, KEY_SIZE);
679	RegCloseKey(hkeyMgr);
680	}
681	}
682	return ret;
683	}
684
685	static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
686	{
687	static const WCHAR wszGenericPrefix[] = {'G','e','n','e','r','i','c',':',' ',0};
688	static const WCHAR wszDomPasswdPrefix[] = {'D','o','m','P','a','s','s','w','d',':',' ',0};
689	INT len;
690	LPCWSTR prefix = NULL;
691	LPWSTR key_name, p;
692
693	len = strlenW(target_name);
694	if (type == CRED_TYPE_GENERIC)
695	{
696	prefix = wszGenericPrefix;
697	len += sizeof(wszGenericPrefix)/sizeof(wszGenericPrefix[0]);
698	}
699	else
700	{
701	prefix = wszDomPasswdPrefix;
702	len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]);
703	}
704
705	key_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
706	if (!key_name) return NULL;
707
708	strcpyW(key_name, prefix);
709	strcatW(key_name, target_name);
710
711	for (p = key_name; *p; p++)
712	if (p == '\\') p = '_';
713
714	return key_name;
715	}
716
717	static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
718	{
719	LPWSTR target_name;
720	DWORD ret;
721	DWORD type;
722	DWORD count;
723	LPCWSTR p;
724
725	if (!filter) return TRUE;
726
727	ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, NULL, &count);
728	if (ret != ERROR_SUCCESS)
729	return FALSE;
730	else if (type != REG_SZ)
731	return FALSE;
732
733	target_name = HeapAlloc(GetProcessHeap(), 0, count);
734	if (!target_name)
735	return FALSE;
736	ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count);
737	if (ret != ERROR_SUCCESS \|\| type != REG_SZ)
738	{
739	HeapFree(GetProcessHeap(), 0, target_name);
740	return FALSE;
741	}
742
743	TRACE("comparing filter %s to target name %s\n", debugstr_w(filter),
744	debugstr_w(target_name));
745
746	p = strchrW(filter, '*');
747	ret = CompareStringW(GetThreadLocale(), 0, filter,
748	(p && !p[1] ? p - filter : -1), target_name,
749	(p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
750
751	HeapFree(GetProcessHeap(), 0, target_name);
752	return ret;
753	}
754
755	static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
756	LPWSTR target_name,
757	DWORD target_name_len, BYTE key_data[KEY_SIZE],
758	PCREDENTIALW credentials, char *buffer,
759	DWORD len, DWORD count)
760	{
761	DWORD i;
762	DWORD ret;
763	for (i = 0;; i++)
764	{
765	HKEY hkeyCred;
766	ret = RegEnumKeyW(hkeyMgr, i, target_name, target_name_len+1);
767	if (ret == ERROR_NO_MORE_ITEMS)
768	{
769	ret = ERROR_SUCCESS;
770	break;
771	}
772	else if (ret != ERROR_SUCCESS)
773	{
774	ret = ERROR_SUCCESS;
775	continue;
776	}
777	TRACE("target_name = %s\n", debugstr_w(target_name));
778	ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred);
779	if (ret != ERROR_SUCCESS)
780	{
781	ret = ERROR_SUCCESS;
782	continue;
783	}
784	if (!credential_matches_filter(hkeyCred, filter))
785	{
786	RegCloseKey(hkeyCred);
787	continue;
788	}
789	if (buffer)
790	{
791	*len = sizeof(CREDENTIALW);
792	credentials[count] = (PCREDENTIALW)buffer;
793	}
794	else
795	*len += sizeof(CREDENTIALW);
796	ret = registry_read_credential(hkeyCred, buffer ? credentials[*count] : NULL,
797	key_data, buffer ? *buffer + sizeof(CREDENTIALW) : NULL,
798	len);
799	RegCloseKey(hkeyCred);
800	if (ret != ERROR_SUCCESS) break;
801	if (buffer) buffer += len;
802	(*count)++;
803	}
804	return ret;
805	}
806
807	#ifdef __APPLE__
808	static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials,
809	char buffer, DWORD len, DWORD *count)
810	{
811	SecKeychainSearchRef search;
812	SecKeychainItemRef item;
813	OSStatus status;
814	Boolean saved_user_interaction_allowed;
815	DWORD ret;
816
817	SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed);
818	SecKeychainSetUserInteractionAllowed(false);
819
820	status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
821	if (status == noErr)
822	{
823	while (SecKeychainSearchCopyNext(search, &item) == noErr)
824	{
825	SecKeychainAttributeInfo info;
826	SecKeychainAttributeList *attr_list;
827	UInt32 info_tags[] = { kSecServerItemAttr };
828	info.count = sizeof(info_tags)/sizeof(info_tags[0]);
829	info.tag = info_tags;
830	info.format = NULL;
831	status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
832	if (status != noErr)
833	{
834	WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
835	continue;
836	}
837	if (buffer)
838	{
839	*len = sizeof(CREDENTIALW);
840	credentials[*count] = (PCREDENTIALW)buffer;
841	}
842	else
843	*len += sizeof(CREDENTIALW);
844	if (attr_list->count != 1 \|\| attr_list->attr[0].tag != kSecServerItemAttr) continue;
845	TRACE("server item: %.s\n", (int)attr_list->attr[0].length, (char )attr_list->attr[0].data);
846	/* FIXME: filter based on attr_list->attr[0].data */
847	SecKeychainItemFreeAttributesAndData(attr_list, NULL);
848	ret = mac_read_credential_from_item(item, FALSE,
849	buffer ? credentials[*count] : NULL,
850	buffer ? buffer + sizeof(CREDENTIALW) : NULL,
851	len);
852	CFRelease(item);
853	if (ret == ERROR_SUCCESS)
854	{
855	(*count)++;
856	if (buffer) buffer += *len;
857	}
858	}
859	CFRelease(search);
860	}
861	else
862	ERR("SecKeychainSearchCreateFromAttributes returned status %ld\n", status);
863	SecKeychainSetUserInteractionAllowed(saved_user_interaction_allowed);
864	return ERROR_SUCCESS;
865	}
866
867	static DWORD mac_delete_credential(LPCWSTR TargetName)
868	{
869	OSStatus status;
870	SecKeychainSearchRef search;
871	status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
872	if (status == noErr)
873	{
874	SecKeychainItemRef item;
875	while (SecKeychainSearchCopyNext(search, &item) == noErr)
876	{
877	SecKeychainAttributeInfo info;
878	SecKeychainAttributeList *attr_list;
879	UInt32 info_tags[] = { kSecServerItemAttr };
880	LPWSTR target_name;
881	INT str_len;
882	info.count = sizeof(info_tags)/sizeof(info_tags[0]);
883	info.tag = info_tags;
884	info.format = NULL;
885	status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
886	if (status != noErr)
887	{
888	WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
889	continue;
890	}
891	if (attr_list->count != 1 \|\| attr_list->attr[0].tag != kSecServerItemAttr)
892	{
893	CFRelease(item);
894	continue;
895	}
896	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
897	target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
898	MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
899	/* nul terminate */
900	target_name[str_len] = '\0';
901	if (strcmpiW(TargetName, target_name))
902	{
903	CFRelease(item);
904	HeapFree(GetProcessHeap(), 0, target_name);
905	continue;
906	}
907	HeapFree(GetProcessHeap(), 0, target_name);
908	SecKeychainItemFreeAttributesAndData(attr_list, NULL);
909	SecKeychainItemDelete(item);
910	CFRelease(item);
911	CFRelease(search);
912
913	return ERROR_SUCCESS;
914	}
915	CFRelease(search);
916	}
917	return ERROR_NOT_FOUND;
918	}
919	#endif
920
921	static void convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW CredentialW, PCREDENTIALA CredentialA, DWORD len)
922	{
923	char buffer = (char )CredentialA + sizeof(CREDENTIALA);
924	INT string_len;
925
926	*len += sizeof(CREDENTIALA);
927	if (!CredentialA)
928	{
929	if (CredentialW->TargetName) *len += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, NULL, 0, NULL, NULL);
930	if (CredentialW->Comment) *len += WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, NULL, 0, NULL, NULL);
931	*len += CredentialW->CredentialBlobSize;
932	if (CredentialW->TargetAlias) *len += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, NULL, 0, NULL, NULL);
933	if (CredentialW->UserName) *len += WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, NULL, 0, NULL, NULL);
934
935	return;
936	}
937
938	CredentialA->Flags = CredentialW->Flags;
939	CredentialA->Type = CredentialW->Type;
940	if (CredentialW->TargetName)
941	{
942	CredentialA->TargetName = buffer;
943	string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, CredentialA->TargetName, -1, NULL, NULL);
944	buffer += string_len;
945	*len += string_len;
946	}
947	else
948	CredentialA->TargetName = NULL;
949	if (CredentialW->Comment)
950	{
951	CredentialA->Comment = buffer;
952	string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, CredentialA->Comment, -1, NULL, NULL);
953	buffer += string_len;
954	*len += string_len;
955	}
956	else
957	CredentialA->Comment = NULL;
958	CredentialA->LastWritten = CredentialW->LastWritten;
959	CredentialA->CredentialBlobSize = CredentialW->CredentialBlobSize;
960	if (CredentialW->CredentialBlobSize)
961	{
962	CredentialA->CredentialBlob =(LPBYTE)buffer;
963	memcpy(CredentialA->CredentialBlob, CredentialW->CredentialBlob,
964	CredentialW->CredentialBlobSize);
965	buffer += CredentialW->CredentialBlobSize;
966	*len += CredentialW->CredentialBlobSize;
967	}
968	else
969	CredentialA->CredentialBlob = NULL;
970	CredentialA->Persist = CredentialW->Persist;
971	CredentialA->AttributeCount = 0;
972	CredentialA->Attributes = NULL; /* FIXME */
973	if (CredentialW->TargetAlias)
974	{
975	CredentialA->TargetAlias = buffer;
976	string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, CredentialA->TargetAlias, -1, NULL, NULL);
977	buffer += string_len;
978	*len += string_len;
979	}
980	else
981	CredentialA->TargetAlias = NULL;
982	if (CredentialW->UserName)
983	{
984	CredentialA->UserName = buffer;
985	string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, CredentialA->UserName, -1, NULL, NULL);
986	buffer += string_len;
987	*len += string_len;
988	}
989	else
990	CredentialA->UserName = NULL;
991	}
992
993	static void convert_PCREDENTIALA_to_PCREDENTIALW(const CREDENTIALA CredentialA, PCREDENTIALW CredentialW, DWORD len)
994	{
995	char buffer = (char )CredentialW + sizeof(CREDENTIALW);
996	INT string_len;
997
998	*len += sizeof(CREDENTIALW);
999	if (!CredentialW)
1000	{
1001	if (CredentialA->TargetName) len += sizeof(WCHAR) MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, NULL, 0);
1002	if (CredentialA->Comment) len += sizeof(WCHAR) MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, NULL, 0);
1003	*len += CredentialA->CredentialBlobSize;
1004	if (CredentialA->TargetAlias) len += sizeof(WCHAR) MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, NULL, 0);
1005	if (CredentialA->UserName) len += sizeof(WCHAR) MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, NULL, 0);
1006
1007	return;
1008	}
1009
1010	CredentialW->Flags = CredentialA->Flags;
1011	CredentialW->Type = CredentialA->Type;
1012	if (CredentialA->TargetName)
1013	{
1014	CredentialW->TargetName = (LPWSTR)buffer;
1015	string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, CredentialW->TargetName, -1);
1016	buffer += sizeof(WCHAR) * string_len;
1017	len += sizeof(WCHAR) string_len;
1018	}
1019	else
1020	CredentialW->TargetName = NULL;
1021	if (CredentialA->Comment)
1022	{
1023	CredentialW->Comment = (LPWSTR)buffer;
1024	string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, CredentialW->Comment, -1);
1025	buffer += sizeof(WCHAR) * string_len;
1026	len += sizeof(WCHAR) string_len;
1027	}
1028	else
1029	CredentialW->Comment = NULL;
1030	CredentialW->LastWritten = CredentialA->LastWritten;
1031	CredentialW->CredentialBlobSize = CredentialA->CredentialBlobSize;
1032	if (CredentialA->CredentialBlobSize)
1033	{
1034	CredentialW->CredentialBlob =(LPBYTE)buffer;
1035	memcpy(CredentialW->CredentialBlob, CredentialA->CredentialBlob,
1036	CredentialA->CredentialBlobSize);
1037	buffer += CredentialA->CredentialBlobSize;
1038	*len += CredentialA->CredentialBlobSize;
1039	}
1040	else
1041	CredentialW->CredentialBlob = NULL;
1042	CredentialW->Persist = CredentialA->Persist;
1043	CredentialW->AttributeCount = 0;
1044	CredentialW->Attributes = NULL; /* FIXME */
1045	if (CredentialA->TargetAlias)
1046	{
1047	CredentialW->TargetAlias = (LPWSTR)buffer;
1048	string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, CredentialW->TargetAlias, -1);
1049	buffer += sizeof(WCHAR) * string_len;
1050	len += sizeof(WCHAR) string_len;
1051	}
1052	else
1053	CredentialW->TargetAlias = NULL;
1054	if (CredentialA->UserName)
1055	{
1056	CredentialW->UserName = (LPWSTR)buffer;
1057	string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, CredentialW->UserName, -1);
1058	buffer += sizeof(WCHAR) * string_len;
1059	len += sizeof(WCHAR) string_len;
1060	}
1061	else
1062	CredentialW->UserName = NULL;
1063	}
1064
1065	/******************************************************************************
1066	* CredDeleteA [ADVAPI32.@]
1067	*/
1068	BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
1069	{
1070	LPWSTR TargetNameW;
1071	DWORD len;
1072	BOOL ret;
1073
1074	TRACE("(%s, %d, 0x%x)\n", debugstr_a(TargetName), Type, Flags);
1075
1076	if (!TargetName)
1077	{
1078	SetLastError(ERROR_INVALID_PARAMETER);
1079	return FALSE;
1080	}
1081
1082	len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1083	TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1084	if (!TargetNameW)
1085	{
1086	SetLastError(ERROR_OUTOFMEMORY);
1087	return FALSE;
1088	}
1089	MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1090
1091	ret = CredDeleteW(TargetNameW, Type, Flags);
1092
1093	HeapFree(GetProcessHeap(), 0, TargetNameW);
1094
1095	return ret;
1096	}
1097
1098	/******************************************************************************
1099	* CredDeleteW [ADVAPI32.@]
1100	*/
1101	BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags)
1102	{
1103	HKEY hkeyMgr;
1104	DWORD ret;
1105	LPWSTR key_name;
1106
1107	TRACE("(%s, %d, 0x%x)\n", debugstr_w(TargetName), Type, Flags);
1108
1109	if (!TargetName)
1110	{
1111	SetLastError(ERROR_INVALID_PARAMETER);
1112	return FALSE;
1113	}
1114
1115	if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1116	{
1117	FIXME("unhandled type %d\n", Type);
1118	SetLastError(ERROR_INVALID_PARAMETER);
1119	return FALSE;
1120	}
1121
1122	if (Flags)
1123	{
1124	FIXME("unhandled flags 0x%x\n", Flags);
1125	SetLastError(ERROR_INVALID_FLAGS);
1126	return FALSE;
1127	}
1128
1129	#ifdef __APPLE__
1130	if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1131	{
1132	ret = mac_delete_credential(TargetName);
1133	if (ret == ERROR_SUCCESS)
1134	return TRUE;
1135	}
1136	#endif
1137
1138	ret = open_cred_mgr_key(&hkeyMgr, TRUE);
1139	if (ret != ERROR_SUCCESS)
1140	{
1141	WARN("couldn't open/create manager key, error %d\n", ret);
1142	SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1143	return FALSE;
1144	}
1145
1146	key_name = get_key_name_for_target(TargetName, Type);
1147	ret = RegDeleteKeyW(hkeyMgr, key_name);
1148	HeapFree(GetProcessHeap(), 0, key_name);
1149	RegCloseKey(hkeyMgr);
1150	if (ret != ERROR_SUCCESS)
1151	{
1152	SetLastError(ERROR_NOT_FOUND);
1153	return FALSE;
1154	}
1155
1156	return TRUE;
1157	}
1158
1159	/******************************************************************************
1160	* CredEnumerateA [ADVAPI32.@]
1161	*/
1162	BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
1163	PCREDENTIALA **Credentials)
1164	{
1165	LPWSTR FilterW;
1166	PCREDENTIALW *CredentialsW;
1167	DWORD i;
1168	DWORD len;
1169	char *buffer;
1170
1171	TRACE("(%s, 0x%x, %p, %p)\n", debugstr_a(Filter), Flags, Count, Credentials);
1172
1173	if (Filter)
1174	{
1175	len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0);
1176	FilterW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1177	if (!FilterW)
1178	{
1179	SetLastError(ERROR_OUTOFMEMORY);
1180	return FALSE;
1181	}
1182	MultiByteToWideChar(CP_ACP, 0, Filter, -1, FilterW, len);
1183	}
1184	else
1185	FilterW = NULL;
1186
1187	if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW))
1188	{
1189	HeapFree(GetProcessHeap(), 0, FilterW);
1190	return FALSE;
1191	}
1192	HeapFree(GetProcessHeap(), 0, FilterW);
1193
1194	len = Count sizeof(PCREDENTIALA);
1195	for (i = 0; i < *Count; i++)
1196	convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, &len);
1197
1198	*Credentials = HeapAlloc(GetProcessHeap(), 0, len);
1199	if (!*Credentials)
1200	{
1201	CredFree(CredentialsW);
1202	SetLastError(ERROR_OUTOFMEMORY);
1203	return FALSE;
1204	}
1205
1206	buffer = (char )&(Credentials)[*Count];
1207	for (i = 0; i < *Count; i++)
1208	{
1209	len = 0;
1210	(*Credentials)[i] = (PCREDENTIALA)buffer;
1211	convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], (*Credentials)[i], &len);
1212	buffer += len;
1213	}
1214
1215	CredFree(CredentialsW);
1216
1217	return TRUE;
1218	}
1219
1220	/******************************************************************************
1221	* CredEnumerateW [ADVAPI32.@]
1222	*/
1223	BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
1224	PCREDENTIALW **Credentials)
1225	{
1226	HKEY hkeyMgr;
1227	DWORD ret;
1228	LPWSTR target_name;
1229	DWORD target_name_len;
1230	DWORD len;
1231	char *buffer;
1232	BYTE key_data[KEY_SIZE];
1233
1234	TRACE("(%s, 0x%x, %p, %p)\n", debugstr_w(Filter), Flags, Count, Credentials);
1235
1236	if (Flags)
1237	{
1238	SetLastError(ERROR_INVALID_FLAGS);
1239	return FALSE;
1240	}
1241
1242	ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1243	if (ret != ERROR_SUCCESS)
1244	{
1245	WARN("couldn't open/create manager key, error %d\n", ret);
1246	SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1247	return FALSE;
1248	}
1249
1250	ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1251	if (ret != ERROR_SUCCESS)
1252	{
1253	RegCloseKey(hkeyMgr);
1254	SetLastError(ret);
1255	return FALSE;
1256	}
1257
1258	ret = RegQueryInfoKeyW(hkeyMgr, NULL, NULL, NULL, NULL, &target_name_len, NULL, NULL, NULL, NULL, NULL, NULL);
1259	if (ret != ERROR_SUCCESS)
1260	{
1261	RegCloseKey(hkeyMgr);
1262	SetLastError(ret);
1263	return FALSE;
1264	}
1265
1266	target_name = HeapAlloc(GetProcessHeap(), 0, (target_name_len+1)*sizeof(WCHAR));
1267	if (!target_name)
1268	{
1269	RegCloseKey(hkeyMgr);
1270	SetLastError(ERROR_OUTOFMEMORY);
1271	return FALSE;
1272	}
1273
1274	*Count = 0;
1275	len = 0;
1276	ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name, target_name_len,
1277	key_data, NULL, NULL, &len, Count);
1278	#ifdef __APPLE__
1279	if (ret == ERROR_SUCCESS)
1280	ret = mac_enumerate_credentials(Filter, NULL, NULL, &len, Count);
1281	#endif
1282	if (ret == ERROR_SUCCESS && *Count == 0)
1283	ret = ERROR_NOT_FOUND;
1284	if (ret != ERROR_SUCCESS)
1285	{
1286	HeapFree(GetProcessHeap(), 0, target_name);
1287	RegCloseKey(hkeyMgr);
1288	SetLastError(ret);
1289	return FALSE;
1290	}
1291	len += Count sizeof(PCREDENTIALW);
1292
1293	if (ret == ERROR_SUCCESS)
1294	{
1295	buffer = HeapAlloc(GetProcessHeap(), 0, len);
1296	Credentials = (PCREDENTIALW )buffer;
1297	if (buffer)
1298	{
1299	buffer += Count sizeof(PCREDENTIALW);
1300	*Count = 0;
1301	ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name,
1302	target_name_len, key_data,
1303	*Credentials, &buffer, &len,
1304	Count);
1305	#ifdef __APPLE__
1306	if (ret == ERROR_SUCCESS)
1307	ret = mac_enumerate_credentials(Filter, *Credentials,
1308	buffer, &len, Count);
1309	#endif
1310	}
1311	else
1312	ret = ERROR_OUTOFMEMORY;
1313	}
1314
1315	HeapFree(GetProcessHeap(), 0, target_name);
1316	RegCloseKey(hkeyMgr);
1317
1318	if (ret != ERROR_SUCCESS)
1319	{
1320	SetLastError(ret);
1321	return FALSE;
1322	}
1323	return TRUE;
1324	}
1325
1326	/******************************************************************************
1327	* CredFree [ADVAPI32.@]
1328	*/
1329	VOID WINAPI CredFree(PVOID Buffer)
1330	{
1331	HeapFree(GetProcessHeap(), 0, Buffer);
1332	}
1333
1334	/******************************************************************************
1335	* CredReadA [ADVAPI32.@]
1336	*/
1337	BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *Credential)
1338	{
1339	LPWSTR TargetNameW;
1340	PCREDENTIALW CredentialW;
1341	DWORD len;
1342
1343	TRACE("(%s, %d, 0x%x, %p)\n", debugstr_a(TargetName), Type, Flags, Credential);
1344
1345	if (!TargetName)
1346	{
1347	SetLastError(ERROR_INVALID_PARAMETER);
1348	return FALSE;
1349	}
1350
1351	len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1352	TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1353	if (!TargetNameW)
1354	{
1355	SetLastError(ERROR_OUTOFMEMORY);
1356	return FALSE;
1357	}
1358	MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1359
1360	if (!CredReadW(TargetNameW, Type, Flags, &CredentialW))
1361	{
1362	HeapFree(GetProcessHeap(), 0, TargetNameW);
1363	return FALSE;
1364	}
1365	HeapFree(GetProcessHeap(), 0, TargetNameW);
1366
1367	len = 0;
1368	convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, &len);
1369	*Credential = HeapAlloc(GetProcessHeap(), 0, len);
1370	if (!*Credential)
1371	{
1372	SetLastError(ERROR_OUTOFMEMORY);
1373	return FALSE;
1374	}
1375	len = 0;
1376	convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, *Credential, &len);
1377
1378	CredFree(CredentialW);
1379
1380	return TRUE;
1381	}
1382
1383	/******************************************************************************
1384	* CredReadW [ADVAPI32.@]
1385	*/
1386	BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW *Credential)
1387	{
1388	HKEY hkeyMgr;
1389	HKEY hkeyCred;
1390	DWORD ret;
1391	LPWSTR key_name;
1392	DWORD len;
1393	BYTE key_data[KEY_SIZE];
1394
1395	TRACE("(%s, %d, 0x%x, %p)\n", debugstr_w(TargetName), Type, Flags, Credential);
1396
1397	if (!TargetName)
1398	{
1399	SetLastError(ERROR_INVALID_PARAMETER);
1400	return FALSE;
1401	}
1402
1403	if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1404	{
1405	FIXME("unhandled type %d\n", Type);
1406	SetLastError(ERROR_INVALID_PARAMETER);
1407	return FALSE;
1408	}
1409
1410	if (Flags)
1411	{
1412	FIXME("unhandled flags 0x%x\n", Flags);
1413	SetLastError(ERROR_INVALID_FLAGS);
1414	return FALSE;
1415	}
1416
1417	#ifdef __APPLE__
1418	if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1419	{
1420	OSStatus status;
1421	SecKeychainSearchRef search;
1422	status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
1423	if (status == noErr)
1424	{
1425	SecKeychainItemRef item;
1426	while (SecKeychainSearchCopyNext(search, &item) == noErr)
1427	{
1428	SecKeychainAttributeInfo info;
1429	SecKeychainAttributeList *attr_list;
1430	UInt32 info_tags[] = { kSecServerItemAttr };
1431	LPWSTR target_name;
1432	INT str_len;
1433	info.count = sizeof(info_tags)/sizeof(info_tags[0]);
1434	info.tag = info_tags;
1435	info.format = NULL;
1436	status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
1437	len = sizeof(**Credential);
1438	if (status != noErr)
1439	{
1440	WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
1441	continue;
1442	}
1443	if (attr_list->count != 1 \|\| attr_list->attr[0].tag != kSecServerItemAttr)
1444	{
1445	CFRelease(item);
1446	continue;
1447	}
1448	str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
1449	target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
1450	MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
1451	/* nul terminate */
1452	target_name[str_len] = '\0';
1453	if (strcmpiW(TargetName, target_name))
1454	{
1455	CFRelease(item);
1456	HeapFree(GetProcessHeap(), 0, target_name);
1457	continue;
1458	}
1459	HeapFree(GetProcessHeap(), 0, target_name);
1460	SecKeychainItemFreeAttributesAndData(attr_list, NULL);
1461	ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len);
1462	if (ret == ERROR_SUCCESS)
1463	{
1464	*Credential = HeapAlloc(GetProcessHeap(), 0, len);
1465	if (*Credential)
1466	{
1467	len = sizeof(**Credential);
1468	ret = mac_read_credential_from_item(item, TRUE, *Credential,
1469	(char )(Credential + 1), &len);
1470	}
1471	else
1472	ret = ERROR_OUTOFMEMORY;
1473	CFRelease(item);
1474	CFRelease(search);
1475	if (ret != ERROR_SUCCESS)
1476	{
1477	SetLastError(ret);
1478	return FALSE;
1479	}
1480	return TRUE;
1481	}
1482	CFRelease(item);
1483	}
1484	CFRelease(search);
1485	}
1486	}
1487	#endif
1488
1489	ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1490	if (ret != ERROR_SUCCESS)
1491	{
1492	WARN("couldn't open/create manager key, error %d\n", ret);
1493	SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1494	return FALSE;
1495	}
1496
1497	ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1498	if (ret != ERROR_SUCCESS)
1499	{
1500	RegCloseKey(hkeyMgr);
1501	SetLastError(ret);
1502	return FALSE;
1503	}
1504
1505	key_name = get_key_name_for_target(TargetName, Type);
1506	ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred);
1507	HeapFree(GetProcessHeap(), 0, key_name);
1508	if (ret != ERROR_SUCCESS)
1509	{
1510	TRACE("credentials for target name %s not found\n", debugstr_w(TargetName));
1511	SetLastError(ERROR_NOT_FOUND);
1512	return FALSE;
1513	}
1514
1515	len = sizeof(**Credential);
1516	ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len);
1517	if (ret == ERROR_SUCCESS)
1518	{
1519	*Credential = HeapAlloc(GetProcessHeap(), 0, len);
1520	if (*Credential)
1521	{
1522	len = sizeof(**Credential);
1523	ret = registry_read_credential(hkeyCred, *Credential, key_data,
1524	(char )(Credential + 1), &len);
1525	}
1526	else
1527	ret = ERROR_OUTOFMEMORY;
1528	}
1529
1530	RegCloseKey(hkeyCred);
1531	RegCloseKey(hkeyMgr);
1532
1533	if (ret != ERROR_SUCCESS)
1534	{
1535	SetLastError(ret);
1536	return FALSE;
1537	}
1538	return TRUE;
1539	}
1540
1541	/******************************************************************************
1542	* CredWriteA [ADVAPI32.@]
1543	*/
1544	BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
1545	{
1546	BOOL ret;
1547	DWORD len;
1548	PCREDENTIALW CredentialW;
1549
1550	TRACE("(%p, 0x%x)\n", Credential, Flags);
1551
1552	if (!Credential \|\| !Credential->TargetName)
1553	{
1554	SetLastError(ERROR_INVALID_PARAMETER);
1555	return FALSE;
1556	}
1557
1558	len = 0;
1559	convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, &len);
1560	CredentialW = HeapAlloc(GetProcessHeap(), 0, len);
1561	if (!CredentialW)
1562	{
1563	SetLastError(ERROR_OUTOFMEMORY);
1564	return FALSE;
1565	}
1566	len = 0;
1567	convert_PCREDENTIALA_to_PCREDENTIALW(Credential, CredentialW, &len);
1568
1569	ret = CredWriteW(CredentialW, Flags);
1570
1571	HeapFree(GetProcessHeap(), 0, CredentialW);
1572
1573	return ret;
1574	}
1575
1576	/******************************************************************************
1577	* CredWriteW [ADVAPI32.@]
1578	*/
1579	BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
1580	{
1581	HKEY hkeyMgr;
1582	HKEY hkeyCred;
1583	DWORD ret;
1584	LPWSTR key_name;
1585	BYTE key_data[KEY_SIZE];
1586
1587	TRACE("(%p, 0x%x)\n", Credential, Flags);
1588
1589	if (!Credential \|\| !Credential->TargetName)
1590	{
1591	SetLastError(ERROR_INVALID_PARAMETER);
1592	return FALSE;
1593	}
1594
1595	if (Flags & ~CRED_PRESERVE_CREDENTIAL_BLOB)
1596	{
1597	FIXME("unhandled flags 0x%x\n", Flags);
1598	SetLastError(ERROR_INVALID_FLAGS);
1599	return FALSE;
1600	}
1601
1602	if (Credential->Type != CRED_TYPE_GENERIC && Credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
1603	{
1604	FIXME("unhandled type %d\n", Credential->Type);
1605	SetLastError(ERROR_INVALID_PARAMETER);
1606	return FALSE;
1607	}
1608
1609	TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName));
1610	TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName));
1611
1612	if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD)
1613	{
1614	if (!Credential->UserName \|\|
1615	(!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@')))
1616	{
1617	ERR("bad username %s\n", debugstr_w(Credential->UserName));
1618	SetLastError(ERROR_BAD_USERNAME);
1619	return FALSE;
1620	}
1621	}
1622
1623	#ifdef __APPLE__
1624	if (!Credential->AttributeCount &&
1625	Credential->Type == CRED_TYPE_DOMAIN_PASSWORD &&
1626	(Credential->Persist == CRED_PERSIST_LOCAL_MACHINE \|\| Credential->Persist == CRED_PERSIST_ENTERPRISE))
1627	{
1628	ret = mac_write_credential(Credential, Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1629	if (ret != ERROR_SUCCESS)
1630	{
1631	SetLastError(ret);
1632	return FALSE;
1633	}
1634	return TRUE;
1635	}
1636	#endif
1637
1638	ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1639	if (ret != ERROR_SUCCESS)
1640	{
1641	WARN("couldn't open/create manager key, error %d\n", ret);
1642	SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1643	return FALSE;
1644	}
1645
1646	ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1647	if (ret != ERROR_SUCCESS)
1648	{
1649	RegCloseKey(hkeyMgr);
1650	SetLastError(ret);
1651	return FALSE;
1652	}
1653
1654	key_name = get_key_name_for_target(Credential->TargetName, Credential->Type);
1655	ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL,
1656	Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE,
1657	KEY_READ\|KEY_WRITE, NULL, &hkeyCred, NULL);
1658	HeapFree(GetProcessHeap(), 0, key_name);
1659	if (ret != ERROR_SUCCESS)
1660	{
1661	TRACE("credentials for target name %s not found\n",
1662	debugstr_w(Credential->TargetName));
1663	SetLastError(ERROR_NOT_FOUND);
1664	return FALSE;
1665	}
1666
1667	ret = registry_write_credential(hkeyCred, Credential, key_data,
1668	Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1669
1670	RegCloseKey(hkeyCred);
1671	RegCloseKey(hkeyMgr);
1672
1673	if (ret != ERROR_SUCCESS)
1674	{
1675	SetLastError(ret);
1676	return FALSE;
1677	}
1678	return TRUE;
1679	}
1680
1681	/******************************************************************************
1682	* CredGetSessionTypes [ADVAPI32.@]
1683	*/
1684	WINADVAPI BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
1685	{
1686	TRACE("(%u, %p)\n", persistCount, persists);
1687
1688	memset(persists, CRED_PERSIST_NONE, persistCountsizeof(persists));
1689	if (CRED_TYPE_GENERIC < persistCount)
1690	{
1691	persists[CRED_TYPE_GENERIC] = CRED_PERSIST_ENTERPRISE;
1692
1693	if (CRED_TYPE_DOMAIN_PASSWORD < persistCount)
1694	{
1695	persists[CRED_TYPE_DOMAIN_PASSWORD] = CRED_PERSIST_ENTERPRISE;
1696	}
1697	}
1698	return TRUE;
1699	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: