Sync up to trunk head.
[reactos.git] / dll / win32 / advapi32 / sec / cred.c
1 /*
2 * Credential Management APIs
3 *
4 * Copyright 2007 Robert Shearman for CodeWeavers
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22 #include <time.h>
23
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winreg.h"
27 #include "wincred.h"
28 #include "winternl.h"
29 #include "../crypt/crypt.h"
30
31 #include "wine/unicode.h"
32 #include "wine/debug.h"
33
34 WINE_DEFAULT_DEBUG_CHANNEL(cred);
35
36 /* the size of the ARC4 key used to encrypt the password data */
37 #define KEY_SIZE 8
38
39 static const WCHAR wszCredentialManagerKey[] = {'S','o','f','t','w','a','r','e','\\','W','i','n','e','\\',
40 'C','r','e','d','e','n','t','i','a','l',' ','M','a','n','a','g','e','r',0};
41 static const WCHAR wszEncryptionKeyValue[] = {'E','n','c','r','y','p','t','i','o','n','K','e','y',0};
42
43 static const WCHAR wszFlagsValue[] = {'F','l','a','g','s',0};
44 static const WCHAR wszTypeValue[] = {'T','y','p','e',0};
45 static const WCHAR wszCommentValue[] = {'C','o','m','m','e','n','t',0};
46 static const WCHAR wszLastWrittenValue[] = {'L','a','s','t','W','r','i','t','t','e','n',0};
47 static const WCHAR wszPersistValue[] = {'P','e','r','s','i','s','t',0};
48 static const WCHAR wszTargetAliasValue[] = {'T','a','r','g','e','t','A','l','i','a','s',0};
49 static const WCHAR wszUserNameValue[] = {'U','s','e','r','N','a','m','e',0};
50 static const WCHAR wszPasswordValue[] = {'P','a','s','s','w','o','r','d',0};
51
52 static DWORD read_credential_blob(HKEY hkey, const BYTE key_data[KEY_SIZE],
53 LPBYTE credential_blob,
54 DWORD *credential_blob_size)
55 {
56 DWORD ret;
57 DWORD type;
58
59 *credential_blob_size = 0;
60 ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, NULL, credential_blob_size);
61 if (ret != ERROR_SUCCESS)
62 return ret;
63 else if (type != REG_BINARY)
64 return ERROR_REGISTRY_CORRUPT;
65 if (credential_blob)
66 {
67 struct ustring data;
68 struct ustring key;
69
70 ret = RegQueryValueExW(hkey, wszPasswordValue, 0, &type, credential_blob,
71 credential_blob_size);
72 if (ret != ERROR_SUCCESS)
73 return ret;
74 else if (type != REG_BINARY)
75 return ERROR_REGISTRY_CORRUPT;
76
77 key.Length = key.MaximumLength = KEY_SIZE;
78 key.Buffer = (unsigned char *)key_data;
79
80 data.Length = data.MaximumLength = *credential_blob_size;
81 data.Buffer = credential_blob;
82 SystemFunction032(&data, &key);
83 }
84 return ERROR_SUCCESS;
85 }
86
87 static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential,
88 const BYTE key_data[KEY_SIZE],
89 char *buffer, DWORD *len)
90 {
91 DWORD type;
92 DWORD ret;
93 DWORD count;
94
95 ret = RegQueryValueExW(hkey, NULL, 0, &type, NULL, &count);
96 if (ret != ERROR_SUCCESS)
97 return ret;
98 else if (type != REG_SZ)
99 return ERROR_REGISTRY_CORRUPT;
100 *len += count;
101 if (credential)
102 {
103 credential->TargetName = (LPWSTR)buffer;
104 ret = RegQueryValueExW(hkey, NULL, 0, &type, (LPVOID)credential->TargetName,
105 &count);
106 if (ret != ERROR_SUCCESS || type != REG_SZ) return ret;
107 buffer += count;
108 }
109
110 ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, NULL, &count);
111 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
112 return ret;
113 else if (type != REG_SZ)
114 return ERROR_REGISTRY_CORRUPT;
115 *len += count;
116 if (credential)
117 {
118 credential->Comment = (LPWSTR)buffer;
119 ret = RegQueryValueExW(hkey, wszCommentValue, 0, &type, (LPVOID)credential->Comment,
120 &count);
121 if (ret == ERROR_FILE_NOT_FOUND)
122 credential->Comment = NULL;
123 else if (ret != ERROR_SUCCESS)
124 return ret;
125 else if (type != REG_SZ)
126 return ERROR_REGISTRY_CORRUPT;
127 else
128 buffer += count;
129 }
130
131 ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, NULL, &count);
132 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
133 return ret;
134 else if (type != REG_SZ)
135 return ERROR_REGISTRY_CORRUPT;
136 *len += count;
137 if (credential)
138 {
139 credential->TargetAlias = (LPWSTR)buffer;
140 ret = RegQueryValueExW(hkey, wszTargetAliasValue, 0, &type, (LPVOID)credential->TargetAlias,
141 &count);
142 if (ret == ERROR_FILE_NOT_FOUND)
143 credential->TargetAlias = NULL;
144 else if (ret != ERROR_SUCCESS)
145 return ret;
146 else if (type != REG_SZ)
147 return ERROR_REGISTRY_CORRUPT;
148 else
149 buffer += count;
150 }
151
152 ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, NULL, &count);
153 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
154 return ret;
155 else if (type != REG_SZ)
156 return ERROR_REGISTRY_CORRUPT;
157 *len += count;
158 if (credential)
159 {
160 credential->UserName = (LPWSTR)buffer;
161 ret = RegQueryValueExW(hkey, wszUserNameValue, 0, &type, (LPVOID)credential->UserName,
162 &count);
163 if (ret == ERROR_FILE_NOT_FOUND)
164 credential->UserName = NULL;
165 else if (ret != ERROR_SUCCESS)
166 return ret;
167 else if (type != REG_SZ)
168 return ERROR_REGISTRY_CORRUPT;
169 else
170 buffer += count;
171 }
172
173 ret = read_credential_blob(hkey, key_data, NULL, &count);
174 if (ret != ERROR_FILE_NOT_FOUND && ret != ERROR_SUCCESS)
175 return ret;
176 *len += count;
177 if (credential)
178 {
179 credential->CredentialBlob = (LPBYTE)buffer;
180 ret = read_credential_blob(hkey, key_data, credential->CredentialBlob, &count);
181 if (ret == ERROR_FILE_NOT_FOUND)
182 credential->CredentialBlob = NULL;
183 else if (ret != ERROR_SUCCESS)
184 return ret;
185 credential->CredentialBlobSize = count;
186 buffer += count;
187 }
188
189 /* FIXME: Attributes */
190 if (credential)
191 {
192 credential->AttributeCount = 0;
193 credential->Attributes = NULL;
194 }
195
196 if (!credential) return ERROR_SUCCESS;
197
198 count = sizeof(credential->Flags);
199 ret = RegQueryValueExW(hkey, wszFlagsValue, NULL, &type, (LPVOID)&credential->Flags,
200 &count);
201 if (ret != ERROR_SUCCESS)
202 return ret;
203 else if (type != REG_DWORD)
204 return ERROR_REGISTRY_CORRUPT;
205 count = sizeof(credential->Type);
206 ret = RegQueryValueExW(hkey, wszTypeValue, NULL, &type, (LPVOID)&credential->Type,
207 &count);
208 if (ret != ERROR_SUCCESS)
209 return ret;
210 else if (type != REG_DWORD)
211 return ERROR_REGISTRY_CORRUPT;
212
213 count = sizeof(credential->LastWritten);
214 ret = RegQueryValueExW(hkey, wszLastWrittenValue, NULL, &type, (LPVOID)&credential->LastWritten,
215 &count);
216 if (ret != ERROR_SUCCESS)
217 return ret;
218 else if (type != REG_BINARY)
219 return ERROR_REGISTRY_CORRUPT;
220 count = sizeof(credential->Persist);
221 ret = RegQueryValueExW(hkey, wszPersistValue, NULL, &type, (LPVOID)&credential->Persist,
222 &count);
223 if (ret == ERROR_SUCCESS && type != REG_DWORD)
224 return ERROR_REGISTRY_CORRUPT;
225 return ret;
226 }
227
228 #ifdef __APPLE__
229 static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require_password,
230 PCREDENTIALW credential, char *buffer,
231 DWORD *len)
232 {
233 OSStatus status;
234 UInt32 i;
235 UInt32 cred_blob_len;
236 void *cred_blob;
237 LPWSTR domain = NULL;
238 LPWSTR user = NULL;
239 BOOL user_name_present = FALSE;
240 SecKeychainAttributeInfo info;
241 SecKeychainAttributeList *attr_list;
242 UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr,
243 kSecCommentItemAttr, kSecCreationDateItemAttr };
244 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
245 info.tag = info_tags;
246 info.format = NULL;
247 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, &cred_blob);
248 if (status == errSecAuthFailed && !require_password)
249 {
250 cred_blob_len = 0;
251 cred_blob = NULL;
252 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, &cred_blob_len, NULL);
253 }
254 if (status != noErr)
255 {
256 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
257 return ERROR_NOT_FOUND;
258 }
259
260 for (i = 0; i < attr_list->count; i++)
261 if (attr_list->attr[i].tag == kSecAccountItemAttr && attr_list->attr[i].data)
262 {
263 user_name_present = TRUE;
264 break;
265 }
266 if (!user_name_present)
267 {
268 WARN("no kSecAccountItemAttr for item\n");
269 return ERROR_NOT_FOUND;
270 }
271
272 if (buffer)
273 {
274 credential->Flags = 0;
275 credential->Type = CRED_TYPE_DOMAIN_PASSWORD;
276 credential->TargetName = NULL;
277 credential->Comment = NULL;
278 memset(&credential->LastWritten, 0, sizeof(credential->LastWritten));
279 credential->CredentialBlobSize = 0;
280 credential->CredentialBlob = NULL;
281 credential->Persist = CRED_PERSIST_LOCAL_MACHINE;
282 credential->AttributeCount = 0;
283 credential->Attributes = NULL;
284 credential->TargetAlias = NULL;
285 credential->UserName = NULL;
286 }
287 for (i = 0; i < attr_list->count; i++)
288 {
289 switch (attr_list->attr[i].tag)
290 {
291 case kSecServerItemAttr:
292 TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list->attr[i].length,
293 (char *)attr_list->attr[i].data);
294 if (!attr_list->attr[i].data) continue;
295 if (buffer)
296 {
297 INT str_len;
298 credential->TargetName = (LPWSTR)buffer;
299 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
300 attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
301 credential->TargetName[str_len] = '\0';
302 buffer += (str_len + 1) * sizeof(WCHAR);
303 *len += (str_len + 1) * sizeof(WCHAR);
304 }
305 else
306 {
307 INT str_len;
308 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
309 attr_list->attr[i].length, NULL, 0);
310 *len += (str_len + 1) * sizeof(WCHAR);
311 }
312 break;
313 case kSecAccountItemAttr:
314 {
315 INT str_len;
316 TRACE("kSecAccountItemAttr: %.*s\n", (int)attr_list->attr[i].length,
317 (char *)attr_list->attr[i].data);
318 if (!attr_list->attr[i].data) continue;
319 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
320 attr_list->attr[i].length, NULL, 0);
321 user = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
322 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
323 attr_list->attr[i].length, user, str_len);
324 user[str_len] = '\0';
325 break;
326 }
327 case kSecCommentItemAttr:
328 TRACE("kSecCommentItemAttr: %.*s\n", (int)attr_list->attr[i].length,
329 (char *)attr_list->attr[i].data);
330 if (!attr_list->attr[i].data) continue;
331 if (buffer)
332 {
333 INT str_len;
334 credential->Comment = (LPWSTR)buffer;
335 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
336 attr_list->attr[i].length, (LPWSTR)buffer, 0xffff);
337 credential->Comment[str_len] = '\0';
338 buffer += (str_len + 1) * sizeof(WCHAR);
339 *len += (str_len + 1) * sizeof(WCHAR);
340 }
341 else
342 {
343 INT str_len;
344 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
345 attr_list->attr[i].length, NULL, 0);
346 *len += (str_len + 1) * sizeof(WCHAR);
347 }
348 break;
349 case kSecSecurityDomainItemAttr:
350 {
351 INT str_len;
352 TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list->attr[i].length,
353 (char *)attr_list->attr[i].data);
354 if (!attr_list->attr[i].data) continue;
355 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
356 attr_list->attr[i].length, NULL, 0);
357 domain = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
358 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
359 attr_list->attr[i].length, domain, str_len);
360 domain[str_len] = '\0';
361 break;
362 }
363 case kSecCreationDateItemAttr:
364 TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length,
365 (char *)attr_list->attr[i].data);
366 if (buffer)
367 {
368 LARGE_INTEGER win_time;
369 struct tm tm;
370 time_t time;
371 memset(&tm, 0, sizeof(tm));
372 strptime(attr_list->attr[i].data, "%Y%m%d%H%M%SZ", &tm);
373 time = mktime(&tm);
374 RtlSecondsSince1970ToTime(time, &win_time);
375 credential->LastWritten.dwLowDateTime = win_time.u.LowPart;
376 credential->LastWritten.dwHighDateTime = win_time.u.HighPart;
377 }
378 break;
379 }
380 }
381
382 if (user)
383 {
384 INT str_len;
385 if (buffer)
386 credential->UserName = (LPWSTR)buffer;
387 if (domain)
388 {
389 str_len = strlenW(domain);
390 *len += (str_len + 1) * sizeof(WCHAR);
391 if (buffer)
392 {
393 memcpy(credential->UserName, domain, str_len * sizeof(WCHAR));
394 /* FIXME: figure out when to use an '@' */
395 credential->UserName[str_len] = '\\';
396 buffer += (str_len + 1) * sizeof(WCHAR);
397 }
398 }
399 str_len = strlenW(user);
400 *len += (str_len + 1) * sizeof(WCHAR);
401 if (buffer)
402 {
403 memcpy(buffer, user, (str_len + 1) * sizeof(WCHAR));
404 buffer += (str_len + 1) * sizeof(WCHAR);
405 TRACE("UserName = %s\n", debugstr_w(credential->UserName));
406 }
407 }
408 HeapFree(GetProcessHeap(), 0, user);
409 HeapFree(GetProcessHeap(), 0, domain);
410
411 if (cred_blob)
412 {
413 if (buffer)
414 {
415 INT str_len;
416 credential->CredentialBlob = (BYTE *)buffer;
417 str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
418 (LPWSTR)buffer, 0xffff);
419 credential->CredentialBlobSize = str_len * sizeof(WCHAR);
420 buffer += str_len * sizeof(WCHAR);
421 *len += str_len * sizeof(WCHAR);
422 }
423 else
424 {
425 INT str_len;
426 str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
427 NULL, 0);
428 *len += str_len * sizeof(WCHAR);
429 }
430 }
431 SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
432 return ERROR_SUCCESS;
433 }
434 #endif
435
436 static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
437 const BYTE key_data[KEY_SIZE],
438 const BYTE *credential_blob, DWORD credential_blob_size)
439 {
440 LPBYTE encrypted_credential_blob;
441 struct ustring data;
442 struct ustring key;
443 DWORD ret;
444
445 key.Length = key.MaximumLength = KEY_SIZE;
446 key.Buffer = (unsigned char *)key_data;
447
448 encrypted_credential_blob = HeapAlloc(GetProcessHeap(), 0, credential_blob_size);
449 if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY;
450
451 memcpy(encrypted_credential_blob, credential_blob, credential_blob_size);
452 data.Length = data.MaximumLength = credential_blob_size;
453 data.Buffer = encrypted_credential_blob;
454 SystemFunction032(&data, &key);
455
456 ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, encrypted_credential_blob, credential_blob_size);
457 HeapFree(GetProcessHeap(), 0, encrypted_credential_blob);
458
459 return ret;
460 }
461
462 static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
463 const BYTE key_data[KEY_SIZE], BOOL preserve_blob)
464 {
465 DWORD ret;
466 FILETIME LastWritten;
467
468 GetSystemTimeAsFileTime(&LastWritten);
469
470 ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (LPVOID)&credential->Flags,
471 sizeof(credential->Flags));
472 if (ret != ERROR_SUCCESS) return ret;
473 ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (LPVOID)&credential->Type,
474 sizeof(credential->Type));
475 if (ret != ERROR_SUCCESS) return ret;
476 ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName,
477 sizeof(WCHAR)*(strlenW(credential->TargetName)+1));
478 if (ret != ERROR_SUCCESS) return ret;
479 if (credential->Comment)
480 {
481 ret = RegSetValueExW(hkey, wszCommentValue, 0, REG_SZ, (LPVOID)credential->Comment,
482 sizeof(WCHAR)*(strlenW(credential->Comment)+1));
483 if (ret != ERROR_SUCCESS) return ret;
484 }
485 ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten,
486 sizeof(LastWritten));
487 if (ret != ERROR_SUCCESS) return ret;
488 ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (LPVOID)&credential->Persist,
489 sizeof(credential->Persist));
490 if (ret != ERROR_SUCCESS) return ret;
491 /* FIXME: Attributes */
492 if (credential->TargetAlias)
493 {
494 ret = RegSetValueExW(hkey, wszTargetAliasValue, 0, REG_SZ, (LPVOID)credential->TargetAlias,
495 sizeof(WCHAR)*(strlenW(credential->TargetAlias)+1));
496 if (ret != ERROR_SUCCESS) return ret;
497 }
498 if (credential->UserName)
499 {
500 ret = RegSetValueExW(hkey, wszUserNameValue, 0, REG_SZ, (LPVOID)credential->UserName,
501 sizeof(WCHAR)*(strlenW(credential->UserName)+1));
502 if (ret != ERROR_SUCCESS) return ret;
503 }
504 if (!preserve_blob)
505 {
506 ret = write_credential_blob(hkey, credential->TargetName, credential->Type,
507 key_data, credential->CredentialBlob,
508 credential->CredentialBlobSize);
509 }
510 return ret;
511 }
512
513 #ifdef __APPLE__
514 static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_blob)
515 {
516 OSStatus status;
517 SecKeychainItemRef keychain_item;
518 char *username;
519 char *domain = NULL;
520 char *password;
521 char *servername;
522 UInt32 userlen;
523 UInt32 domainlen = 0;
524 UInt32 pwlen;
525 UInt32 serverlen;
526 LPCWSTR p;
527 SecKeychainAttribute attrs[1];
528 SecKeychainAttributeList attr_list;
529
530 if (credential->Flags)
531 FIXME("Flags 0x%x not written\n", credential->Flags);
532 if (credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
533 FIXME("credential type of %d not supported\n", credential->Type);
534 if (credential->Persist != CRED_PERSIST_LOCAL_MACHINE)
535 FIXME("persist value of %d not supported\n", credential->Persist);
536 if (credential->AttributeCount)
537 FIXME("custom attributes not supported\n");
538
539 p = strchrW(credential->UserName, '\\');
540 if (p)
541 {
542 domainlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName,
543 p - credential->UserName, NULL, 0, NULL, NULL);
544 domain = HeapAlloc(GetProcessHeap(), 0, (domainlen + 1) * sizeof(*domain));
545 WideCharToMultiByte(CP_UTF8, 0, credential->UserName, p - credential->UserName,
546 domain, domainlen, NULL, NULL);
547 domain[domainlen] = '\0';
548 p++;
549 }
550 else
551 p = credential->UserName;
552 userlen = WideCharToMultiByte(CP_UTF8, 0, p, -1, NULL, 0, NULL, NULL);
553 username = HeapAlloc(GetProcessHeap(), 0, userlen * sizeof(*username));
554 WideCharToMultiByte(CP_UTF8, 0, p, -1, username, userlen, NULL, NULL);
555
556 serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL);
557 servername = HeapAlloc(GetProcessHeap(), 0, serverlen * sizeof(*servername));
558 WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL);
559 pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
560 credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL);
561 password = HeapAlloc(GetProcessHeap(), 0, pwlen * sizeof(*domain));
562 WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
563 credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL);
564
565 TRACE("adding server %s, domain %s, username %s using Keychain\n", servername, domain, username);
566 status = SecKeychainAddInternetPassword(NULL, strlen(servername), servername,
567 strlen(domain), domain, strlen(username),
568 username, 0, NULL, 0,
569 0 /* no protocol */,
570 kSecAuthenticationTypeDefault,
571 strlen(password), password, &keychain_item);
572 if (status != noErr)
573 ERR("SecKeychainAddInternetPassword returned %ld\n", status);
574 if (status == errSecDuplicateItem)
575 {
576 SecKeychainItemRef keychain_item;
577
578 status = SecKeychainFindInternetPassword(NULL, strlen(servername), servername,
579 strlen(domain), domain,
580 strlen(username), username,
581 0, NULL /* any path */, 0,
582 0 /* any protocol */,
583 0 /* any authentication type */,
584 0, NULL, &keychain_item);
585 if (status != noErr)
586 ERR("SecKeychainFindInternetPassword returned %ld\n", status);
587 }
588 HeapFree(GetProcessHeap(), 0, domain);
589 HeapFree(GetProcessHeap(), 0, username);
590 HeapFree(GetProcessHeap(), 0, servername);
591 if (status != noErr)
592 {
593 HeapFree(GetProcessHeap(), 0, password);
594 return ERROR_GEN_FAILURE;
595 }
596 if (credential->Comment)
597 {
598 attr_list.count = 1;
599 attr_list.attr = attrs;
600 attrs[0].tag = kSecCommentItemAttr;
601 attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL);
602 if (attrs[0].length) attrs[0].length--;
603 attrs[0].data = HeapAlloc(GetProcessHeap(), 0, attrs[0].length);
604 WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL);
605 }
606 else
607 {
608 attr_list.count = 0;
609 attr_list.attr = NULL;
610 }
611 status = SecKeychainItemModifyAttributesAndData(keychain_item, &attr_list,
612 preserve_blob ? 0 : strlen(password),
613 preserve_blob ? NULL : password);
614 if (credential->Comment)
615 HeapFree(GetProcessHeap(), 0, attrs[0].data);
616 HeapFree(GetProcessHeap(), 0, password);
617 /* FIXME: set TargetAlias attribute */
618 CFRelease(keychain_item);
619 return ERROR_SUCCESS;
620 }
621 #endif
622
623 static DWORD open_cred_mgr_key(HKEY *hkey, BOOL open_for_write)
624 {
625 return RegCreateKeyExW(HKEY_CURRENT_USER, wszCredentialManagerKey, 0,
626 NULL, REG_OPTION_NON_VOLATILE,
627 KEY_READ | (open_for_write ? KEY_WRITE : 0), NULL, hkey, NULL);
628 }
629
630 static DWORD get_cred_mgr_encryption_key(HKEY hkeyMgr, BYTE key_data[KEY_SIZE])
631 {
632 static const BYTE my_key_data[KEY_SIZE] = { 0 };
633 DWORD type;
634 DWORD count;
635 FILETIME ft;
636 ULONG seed;
637 ULONG value;
638 DWORD ret;
639
640 memcpy(key_data, my_key_data, KEY_SIZE);
641
642 count = KEY_SIZE;
643 ret = RegQueryValueExW(hkeyMgr, wszEncryptionKeyValue, NULL, &type, key_data,
644 &count);
645 if (ret == ERROR_SUCCESS)
646 {
647 if (type != REG_BINARY)
648 return ERROR_REGISTRY_CORRUPT;
649 else
650 return ERROR_SUCCESS;
651 }
652 if (ret != ERROR_FILE_NOT_FOUND)
653 return ret;
654
655 GetSystemTimeAsFileTime(&ft);
656 seed = ft.dwLowDateTime;
657 value = RtlUniform(&seed);
658 *(DWORD *)key_data = value;
659 seed = ft.dwHighDateTime;
660 value = RtlUniform(&seed);
661 *(DWORD *)(key_data + 4) = value;
662
663 ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
664 key_data, KEY_SIZE);
665 if (ret == ERROR_ACCESS_DENIED)
666 {
667 ret = open_cred_mgr_key(&hkeyMgr, TRUE);
668 if (ret == ERROR_SUCCESS)
669 {
670 ret = RegSetValueExW(hkeyMgr, wszEncryptionKeyValue, 0, REG_BINARY,
671 key_data, KEY_SIZE);
672 RegCloseKey(hkeyMgr);
673 }
674 }
675 return ret;
676 }
677
678 static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
679 {
680 static const WCHAR wszGenericPrefix[] = {'G','e','n','e','r','i','c',':',' ',0};
681 static const WCHAR wszDomPasswdPrefix[] = {'D','o','m','P','a','s','s','w','d',':',' ',0};
682 INT len;
683 LPCWSTR prefix = NULL;
684 LPWSTR key_name, p;
685
686 len = strlenW(target_name);
687 if (type == CRED_TYPE_GENERIC)
688 {
689 prefix = wszGenericPrefix;
690 len += sizeof(wszGenericPrefix)/sizeof(wszGenericPrefix[0]);
691 }
692 else
693 {
694 prefix = wszDomPasswdPrefix;
695 len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]);
696 }
697
698 key_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
699 if (!key_name) return NULL;
700
701 strcpyW(key_name, prefix);
702 strcatW(key_name, target_name);
703
704 for (p = key_name; *p; p++)
705 if (*p == '\\') *p = '_';
706
707 return key_name;
708 }
709
710 static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
711 {
712 LPWSTR target_name;
713 DWORD ret;
714 DWORD type;
715 DWORD count;
716 LPCWSTR p;
717
718 if (!filter) return TRUE;
719
720 ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, NULL, &count);
721 if (ret != ERROR_SUCCESS)
722 return FALSE;
723 else if (type != REG_SZ)
724 return FALSE;
725
726 target_name = HeapAlloc(GetProcessHeap(), 0, count);
727 if (!target_name)
728 return FALSE;
729 ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count);
730 if (ret != ERROR_SUCCESS || type != REG_SZ)
731 {
732 HeapFree(GetProcessHeap(), 0, target_name);
733 return FALSE;
734 }
735
736 TRACE("comparing filter %s to target name %s\n", debugstr_w(filter),
737 debugstr_w(target_name));
738
739 p = strchrW(filter, '*');
740 ret = CompareStringW(GetThreadLocale(), 0, filter,
741 (p && !p[1] ? p - filter : -1), target_name,
742 (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
743
744 HeapFree(GetProcessHeap(), 0, target_name);
745 return ret;
746 }
747
748 static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
749 LPWSTR target_name,
750 DWORD target_name_len, BYTE key_data[KEY_SIZE],
751 PCREDENTIALW *credentials, char **buffer,
752 DWORD *len, DWORD *count)
753 {
754 DWORD i;
755 DWORD ret;
756 for (i = 0;; i++)
757 {
758 HKEY hkeyCred;
759 ret = RegEnumKeyW(hkeyMgr, i, target_name, target_name_len+1);
760 if (ret == ERROR_NO_MORE_ITEMS)
761 {
762 ret = ERROR_SUCCESS;
763 break;
764 }
765 else if (ret != ERROR_SUCCESS)
766 {
767 ret = ERROR_SUCCESS;
768 continue;
769 }
770 TRACE("target_name = %s\n", debugstr_w(target_name));
771 ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred);
772 if (ret != ERROR_SUCCESS)
773 {
774 ret = ERROR_SUCCESS;
775 continue;
776 }
777 if (!credential_matches_filter(hkeyCred, filter))
778 {
779 RegCloseKey(hkeyCred);
780 continue;
781 }
782 if (buffer)
783 {
784 *len = sizeof(CREDENTIALW);
785 credentials[*count] = (PCREDENTIALW)*buffer;
786 }
787 else
788 *len += sizeof(CREDENTIALW);
789 ret = registry_read_credential(hkeyCred, buffer ? credentials[*count] : NULL,
790 key_data, buffer ? *buffer + sizeof(CREDENTIALW) : NULL,
791 len);
792 RegCloseKey(hkeyCred);
793 if (ret != ERROR_SUCCESS) break;
794 if (buffer) *buffer += *len;
795 (*count)++;
796 }
797 return ret;
798 }
799
800 #ifdef __APPLE__
801 static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials,
802 char *buffer, DWORD *len, DWORD *count)
803 {
804 SecKeychainSearchRef search;
805 SecKeychainItemRef item;
806 OSStatus status;
807 Boolean saved_user_interaction_allowed;
808 DWORD ret;
809
810 SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed);
811 SecKeychainSetUserInteractionAllowed(false);
812
813 status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
814 if (status == noErr)
815 {
816 while (SecKeychainSearchCopyNext(search, &item) == noErr)
817 {
818 SecKeychainAttributeInfo info;
819 SecKeychainAttributeList *attr_list;
820 UInt32 info_tags[] = { kSecServerItemAttr };
821 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
822 info.tag = info_tags;
823 info.format = NULL;
824 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
825 if (status != noErr)
826 {
827 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
828 continue;
829 }
830 if (buffer)
831 {
832 *len = sizeof(CREDENTIALW);
833 credentials[*count] = (PCREDENTIALW)buffer;
834 }
835 else
836 *len += sizeof(CREDENTIALW);
837 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) continue;
838 TRACE("server item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
839 /* FIXME: filter based on attr_list->attr[0].data */
840 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
841 ret = mac_read_credential_from_item(item, FALSE,
842 buffer ? credentials[*count] : NULL,
843 buffer ? buffer + sizeof(CREDENTIALW) : NULL,
844 len);
845 CFRelease(item);
846 if (ret == ERROR_SUCCESS)
847 {
848 (*count)++;
849 if (buffer) buffer += *len;
850 }
851 }
852 CFRelease(search);
853 }
854 else
855 ERR("SecKeychainSearchCreateFromAttributes returned status %ld\n", status);
856 SecKeychainSetUserInteractionAllowed(saved_user_interaction_allowed);
857 return ERROR_SUCCESS;
858 }
859
860 static DWORD mac_delete_credential(LPCWSTR TargetName)
861 {
862 OSStatus status;
863 SecKeychainSearchRef search;
864 status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
865 if (status == noErr)
866 {
867 SecKeychainItemRef item;
868 while (SecKeychainSearchCopyNext(search, &item) == noErr)
869 {
870 SecKeychainAttributeInfo info;
871 SecKeychainAttributeList *attr_list;
872 UInt32 info_tags[] = { kSecServerItemAttr };
873 LPWSTR target_name;
874 INT str_len;
875 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
876 info.tag = info_tags;
877 info.format = NULL;
878 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
879 if (status != noErr)
880 {
881 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
882 continue;
883 }
884 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
885 {
886 CFRelease(item);
887 continue;
888 }
889 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
890 target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
891 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
892 /* nul terminate */
893 target_name[str_len] = '\0';
894 if (strcmpiW(TargetName, target_name))
895 {
896 CFRelease(item);
897 HeapFree(GetProcessHeap(), 0, target_name);
898 continue;
899 }
900 HeapFree(GetProcessHeap(), 0, target_name);
901 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
902 SecKeychainItemDelete(item);
903 CFRelease(item);
904 CFRelease(search);
905
906 return ERROR_SUCCESS;
907 }
908 CFRelease(search);
909 }
910 return ERROR_NOT_FOUND;
911 }
912 #endif
913
914 /******************************************************************************
915 * convert_PCREDENTIALW_to_PCREDENTIALA [internal]
916 *
917 * convert a Credential struct from UNICODE to ANSI and return the needed size in Bytes
918 *
919 */
920
921 static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, INT len)
922 {
923 char *buffer;
924 INT string_len;
925 INT needed = sizeof(CREDENTIALA);
926
927 if (!CredentialA)
928 {
929 if (CredentialW->TargetName)
930 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, NULL, 0, NULL, NULL);
931 if (CredentialW->Comment)
932 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, NULL, 0, NULL, NULL);
933 needed += CredentialW->CredentialBlobSize;
934 if (CredentialW->TargetAlias)
935 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, NULL, 0, NULL, NULL);
936 if (CredentialW->UserName)
937 needed += WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, NULL, 0, NULL, NULL);
938
939 return needed;
940 }
941
942
943 buffer = (char *)CredentialA + sizeof(CREDENTIALA);
944 len -= sizeof(CREDENTIALA);
945 CredentialA->Flags = CredentialW->Flags;
946 CredentialA->Type = CredentialW->Type;
947
948 if (CredentialW->TargetName)
949 {
950 CredentialA->TargetName = buffer;
951 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetName, -1, buffer, len, NULL, NULL);
952 buffer += string_len;
953 needed += string_len;
954 len -= string_len;
955 }
956 else
957 CredentialA->TargetName = NULL;
958 if (CredentialW->Comment)
959 {
960 CredentialA->Comment = buffer;
961 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->Comment, -1, buffer, len, NULL, NULL);
962 buffer += string_len;
963 needed += string_len;
964 len -= string_len;
965 }
966 else
967 CredentialA->Comment = NULL;
968 CredentialA->LastWritten = CredentialW->LastWritten;
969 CredentialA->CredentialBlobSize = CredentialW->CredentialBlobSize;
970 if (CredentialW->CredentialBlobSize && (CredentialW->CredentialBlobSize <= len))
971 {
972 CredentialA->CredentialBlob =(LPBYTE)buffer;
973 memcpy(CredentialA->CredentialBlob, CredentialW->CredentialBlob,
974 CredentialW->CredentialBlobSize);
975 buffer += CredentialW->CredentialBlobSize;
976 needed += CredentialW->CredentialBlobSize;
977 len -= CredentialW->CredentialBlobSize;
978 }
979 else
980 CredentialA->CredentialBlob = NULL;
981 CredentialA->Persist = CredentialW->Persist;
982 CredentialA->AttributeCount = 0;
983 CredentialA->Attributes = NULL; /* FIXME */
984 if (CredentialW->TargetAlias)
985 {
986 CredentialA->TargetAlias = buffer;
987 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->TargetAlias, -1, buffer, len, NULL, NULL);
988 buffer += string_len;
989 needed += string_len;
990 len -= string_len;
991 }
992 else
993 CredentialA->TargetAlias = NULL;
994 if (CredentialW->UserName)
995 {
996 CredentialA->UserName = buffer;
997 string_len = WideCharToMultiByte(CP_ACP, 0, CredentialW->UserName, -1, buffer, len, NULL, NULL);
998 needed += string_len;
999 }
1000 else
1001 CredentialA->UserName = NULL;
1002
1003 return needed;
1004 }
1005
1006 /******************************************************************************
1007 * convert_PCREDENTIALA_to_PCREDENTIALW [internal]
1008 *
1009 * convert a Credential struct from ANSI to UNICODE and return the needed size in Bytes
1010 *
1011 */
1012 static INT convert_PCREDENTIALA_to_PCREDENTIALW(const CREDENTIALA *CredentialA, PCREDENTIALW CredentialW, INT len)
1013 {
1014 char *buffer;
1015 INT string_len;
1016 INT needed = sizeof(CREDENTIALW);
1017
1018 if (!CredentialW)
1019 {
1020 if (CredentialA->TargetName)
1021 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, NULL, 0);
1022 if (CredentialA->Comment)
1023 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, NULL, 0);
1024 needed += CredentialA->CredentialBlobSize;
1025 if (CredentialA->TargetAlias)
1026 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, NULL, 0);
1027 if (CredentialA->UserName)
1028 needed += sizeof(WCHAR) * MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, NULL, 0);
1029
1030 return needed;
1031 }
1032
1033 buffer = (char *)CredentialW + sizeof(CREDENTIALW);
1034 len -= sizeof(CREDENTIALW);
1035 CredentialW->Flags = CredentialA->Flags;
1036 CredentialW->Type = CredentialA->Type;
1037 if (CredentialA->TargetName)
1038 {
1039 CredentialW->TargetName = (LPWSTR)buffer;
1040 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetName, -1, CredentialW->TargetName, len / sizeof(WCHAR));
1041 buffer += sizeof(WCHAR) * string_len;
1042 needed += sizeof(WCHAR) * string_len;
1043 len -= sizeof(WCHAR) * string_len;
1044 }
1045 else
1046 CredentialW->TargetName = NULL;
1047 if (CredentialA->Comment)
1048 {
1049 CredentialW->Comment = (LPWSTR)buffer;
1050 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->Comment, -1, CredentialW->Comment, len / sizeof(WCHAR));
1051 buffer += sizeof(WCHAR) * string_len;
1052 needed += sizeof(WCHAR) * string_len;
1053 len -= sizeof(WCHAR) * string_len;
1054 }
1055 else
1056 CredentialW->Comment = NULL;
1057 CredentialW->LastWritten = CredentialA->LastWritten;
1058 CredentialW->CredentialBlobSize = CredentialA->CredentialBlobSize;
1059 if (CredentialA->CredentialBlobSize)
1060 {
1061 CredentialW->CredentialBlob =(LPBYTE)buffer;
1062 memcpy(CredentialW->CredentialBlob, CredentialA->CredentialBlob,
1063 CredentialA->CredentialBlobSize);
1064 buffer += CredentialA->CredentialBlobSize;
1065 needed += CredentialA->CredentialBlobSize;
1066 len -= CredentialA->CredentialBlobSize;
1067 }
1068 else
1069 CredentialW->CredentialBlob = NULL;
1070 CredentialW->Persist = CredentialA->Persist;
1071 CredentialW->AttributeCount = 0;
1072 CredentialW->Attributes = NULL; /* FIXME */
1073 if (CredentialA->TargetAlias)
1074 {
1075 CredentialW->TargetAlias = (LPWSTR)buffer;
1076 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->TargetAlias, -1, CredentialW->TargetAlias, len / sizeof(WCHAR));
1077 buffer += sizeof(WCHAR) * string_len;
1078 needed += sizeof(WCHAR) * string_len;
1079 len -= sizeof(WCHAR) * string_len;
1080 }
1081 else
1082 CredentialW->TargetAlias = NULL;
1083 if (CredentialA->UserName)
1084 {
1085 CredentialW->UserName = (LPWSTR)buffer;
1086 string_len = MultiByteToWideChar(CP_ACP, 0, CredentialA->UserName, -1, CredentialW->UserName, len / sizeof(WCHAR));
1087 needed += sizeof(WCHAR) * string_len;
1088 }
1089 else
1090 CredentialW->UserName = NULL;
1091
1092 return needed;
1093 }
1094
1095 /******************************************************************************
1096 * CredDeleteA [ADVAPI32.@]
1097 */
1098 BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
1099 {
1100 LPWSTR TargetNameW;
1101 DWORD len;
1102 BOOL ret;
1103
1104 TRACE("(%s, %d, 0x%x)\n", debugstr_a(TargetName), Type, Flags);
1105
1106 if (!TargetName)
1107 {
1108 SetLastError(ERROR_INVALID_PARAMETER);
1109 return FALSE;
1110 }
1111
1112 len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1113 TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1114 if (!TargetNameW)
1115 {
1116 SetLastError(ERROR_OUTOFMEMORY);
1117 return FALSE;
1118 }
1119 MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1120
1121 ret = CredDeleteW(TargetNameW, Type, Flags);
1122
1123 HeapFree(GetProcessHeap(), 0, TargetNameW);
1124
1125 return ret;
1126 }
1127
1128 /******************************************************************************
1129 * CredDeleteW [ADVAPI32.@]
1130 */
1131 BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags)
1132 {
1133 HKEY hkeyMgr;
1134 DWORD ret;
1135 LPWSTR key_name;
1136
1137 TRACE("(%s, %d, 0x%x)\n", debugstr_w(TargetName), Type, Flags);
1138
1139 if (!TargetName)
1140 {
1141 SetLastError(ERROR_INVALID_PARAMETER);
1142 return FALSE;
1143 }
1144
1145 if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1146 {
1147 FIXME("unhandled type %d\n", Type);
1148 SetLastError(ERROR_INVALID_PARAMETER);
1149 return FALSE;
1150 }
1151
1152 if (Flags)
1153 {
1154 FIXME("unhandled flags 0x%x\n", Flags);
1155 SetLastError(ERROR_INVALID_FLAGS);
1156 return FALSE;
1157 }
1158
1159 #ifdef __APPLE__
1160 if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1161 {
1162 ret = mac_delete_credential(TargetName);
1163 if (ret == ERROR_SUCCESS)
1164 return TRUE;
1165 }
1166 #endif
1167
1168 ret = open_cred_mgr_key(&hkeyMgr, TRUE);
1169 if (ret != ERROR_SUCCESS)
1170 {
1171 WARN("couldn't open/create manager key, error %d\n", ret);
1172 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1173 return FALSE;
1174 }
1175
1176 key_name = get_key_name_for_target(TargetName, Type);
1177 ret = RegDeleteKeyW(hkeyMgr, key_name);
1178 HeapFree(GetProcessHeap(), 0, key_name);
1179 RegCloseKey(hkeyMgr);
1180 if (ret != ERROR_SUCCESS)
1181 {
1182 SetLastError(ERROR_NOT_FOUND);
1183 return FALSE;
1184 }
1185
1186 return TRUE;
1187 }
1188
1189 /******************************************************************************
1190 * CredEnumerateA [ADVAPI32.@]
1191 */
1192 BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
1193 PCREDENTIALA **Credentials)
1194 {
1195 LPWSTR FilterW;
1196 PCREDENTIALW *CredentialsW;
1197 DWORD i;
1198 INT len;
1199 INT needed;
1200 char *buffer;
1201
1202 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_a(Filter), Flags, Count, Credentials);
1203
1204 if (Filter)
1205 {
1206 len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0);
1207 FilterW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1208 if (!FilterW)
1209 {
1210 SetLastError(ERROR_OUTOFMEMORY);
1211 return FALSE;
1212 }
1213 MultiByteToWideChar(CP_ACP, 0, Filter, -1, FilterW, len);
1214 }
1215 else
1216 FilterW = NULL;
1217
1218 if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW))
1219 {
1220 HeapFree(GetProcessHeap(), 0, FilterW);
1221 return FALSE;
1222 }
1223 HeapFree(GetProcessHeap(), 0, FilterW);
1224
1225 len = *Count * sizeof(PCREDENTIALA);
1226 for (i = 0; i < *Count; i++)
1227 len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
1228
1229 *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
1230 if (!*Credentials)
1231 {
1232 CredFree(CredentialsW);
1233 SetLastError(ERROR_OUTOFMEMORY);
1234 return FALSE;
1235 }
1236
1237 buffer = (char *)&(*Credentials)[*Count];
1238 len -= *Count * sizeof(PCREDENTIALA);
1239 for (i = 0; i < *Count; i++)
1240 {
1241 (*Credentials)[i] = (PCREDENTIALA)buffer;
1242 needed = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], (*Credentials)[i], len);
1243 buffer += needed;
1244 len -= needed;
1245 }
1246
1247 CredFree(CredentialsW);
1248
1249 return TRUE;
1250 }
1251
1252 /******************************************************************************
1253 * CredEnumerateW [ADVAPI32.@]
1254 */
1255 BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
1256 PCREDENTIALW **Credentials)
1257 {
1258 HKEY hkeyMgr;
1259 DWORD ret;
1260 LPWSTR target_name;
1261 DWORD target_name_len;
1262 DWORD len;
1263 char *buffer;
1264 BYTE key_data[KEY_SIZE];
1265
1266 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_w(Filter), Flags, Count, Credentials);
1267
1268 if (Flags)
1269 {
1270 SetLastError(ERROR_INVALID_FLAGS);
1271 return FALSE;
1272 }
1273
1274 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1275 if (ret != ERROR_SUCCESS)
1276 {
1277 WARN("couldn't open/create manager key, error %d\n", ret);
1278 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1279 return FALSE;
1280 }
1281
1282 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1283 if (ret != ERROR_SUCCESS)
1284 {
1285 RegCloseKey(hkeyMgr);
1286 SetLastError(ret);
1287 return FALSE;
1288 }
1289
1290 ret = RegQueryInfoKeyW(hkeyMgr, NULL, NULL, NULL, NULL, &target_name_len, NULL, NULL, NULL, NULL, NULL, NULL);
1291 if (ret != ERROR_SUCCESS)
1292 {
1293 RegCloseKey(hkeyMgr);
1294 SetLastError(ret);
1295 return FALSE;
1296 }
1297
1298 target_name = HeapAlloc(GetProcessHeap(), 0, (target_name_len+1)*sizeof(WCHAR));
1299 if (!target_name)
1300 {
1301 RegCloseKey(hkeyMgr);
1302 SetLastError(ERROR_OUTOFMEMORY);
1303 return FALSE;
1304 }
1305
1306 *Count = 0;
1307 len = 0;
1308 ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name, target_name_len,
1309 key_data, NULL, NULL, &len, Count);
1310 #ifdef __APPLE__
1311 if (ret == ERROR_SUCCESS)
1312 ret = mac_enumerate_credentials(Filter, NULL, NULL, &len, Count);
1313 #endif
1314 if (ret == ERROR_SUCCESS && *Count == 0)
1315 ret = ERROR_NOT_FOUND;
1316 if (ret != ERROR_SUCCESS)
1317 {
1318 HeapFree(GetProcessHeap(), 0, target_name);
1319 RegCloseKey(hkeyMgr);
1320 SetLastError(ret);
1321 return FALSE;
1322 }
1323 len += *Count * sizeof(PCREDENTIALW);
1324
1325 if (ret == ERROR_SUCCESS)
1326 {
1327 buffer = HeapAlloc(GetProcessHeap(), 0, len);
1328 *Credentials = (PCREDENTIALW *)buffer;
1329 if (buffer)
1330 {
1331 buffer += *Count * sizeof(PCREDENTIALW);
1332 *Count = 0;
1333 ret = registry_enumerate_credentials(hkeyMgr, Filter, target_name,
1334 target_name_len, key_data,
1335 *Credentials, &buffer, &len,
1336 Count);
1337 #ifdef __APPLE__
1338 if (ret == ERROR_SUCCESS)
1339 ret = mac_enumerate_credentials(Filter, *Credentials,
1340 buffer, &len, Count);
1341 #endif
1342 }
1343 else
1344 ret = ERROR_OUTOFMEMORY;
1345 }
1346
1347 HeapFree(GetProcessHeap(), 0, target_name);
1348 RegCloseKey(hkeyMgr);
1349
1350 if (ret != ERROR_SUCCESS)
1351 {
1352 SetLastError(ret);
1353 return FALSE;
1354 }
1355 return TRUE;
1356 }
1357
1358 /******************************************************************************
1359 * CredFree [ADVAPI32.@]
1360 */
1361 VOID WINAPI CredFree(PVOID Buffer)
1362 {
1363 HeapFree(GetProcessHeap(), 0, Buffer);
1364 }
1365
1366 /******************************************************************************
1367 * CredReadA [ADVAPI32.@]
1368 */
1369 BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *Credential)
1370 {
1371 LPWSTR TargetNameW;
1372 PCREDENTIALW CredentialW;
1373 INT len;
1374
1375 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_a(TargetName), Type, Flags, Credential);
1376
1377 if (!TargetName)
1378 {
1379 SetLastError(ERROR_INVALID_PARAMETER);
1380 return FALSE;
1381 }
1382
1383 len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
1384 TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
1385 if (!TargetNameW)
1386 {
1387 SetLastError(ERROR_OUTOFMEMORY);
1388 return FALSE;
1389 }
1390 MultiByteToWideChar(CP_ACP, 0, TargetName, -1, TargetNameW, len);
1391
1392 if (!CredReadW(TargetNameW, Type, Flags, &CredentialW))
1393 {
1394 HeapFree(GetProcessHeap(), 0, TargetNameW);
1395 return FALSE;
1396 }
1397 HeapFree(GetProcessHeap(), 0, TargetNameW);
1398
1399 len = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, 0);
1400 *Credential = HeapAlloc(GetProcessHeap(), 0, len);
1401 if (!*Credential)
1402 {
1403 SetLastError(ERROR_OUTOFMEMORY);
1404 return FALSE;
1405 }
1406 convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, *Credential, len);
1407
1408 CredFree(CredentialW);
1409
1410 return TRUE;
1411 }
1412
1413 /******************************************************************************
1414 * CredReadW [ADVAPI32.@]
1415 */
1416 BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW *Credential)
1417 {
1418 HKEY hkeyMgr;
1419 HKEY hkeyCred;
1420 DWORD ret;
1421 LPWSTR key_name;
1422 DWORD len;
1423 BYTE key_data[KEY_SIZE];
1424
1425 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_w(TargetName), Type, Flags, Credential);
1426
1427 if (!TargetName)
1428 {
1429 SetLastError(ERROR_INVALID_PARAMETER);
1430 return FALSE;
1431 }
1432
1433 if (Type != CRED_TYPE_GENERIC && Type != CRED_TYPE_DOMAIN_PASSWORD)
1434 {
1435 FIXME("unhandled type %d\n", Type);
1436 SetLastError(ERROR_INVALID_PARAMETER);
1437 return FALSE;
1438 }
1439
1440 if (Flags)
1441 {
1442 FIXME("unhandled flags 0x%x\n", Flags);
1443 SetLastError(ERROR_INVALID_FLAGS);
1444 return FALSE;
1445 }
1446
1447 #ifdef __APPLE__
1448 if (Type == CRED_TYPE_DOMAIN_PASSWORD)
1449 {
1450 OSStatus status;
1451 SecKeychainSearchRef search;
1452 status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
1453 if (status == noErr)
1454 {
1455 SecKeychainItemRef item;
1456 while (SecKeychainSearchCopyNext(search, &item) == noErr)
1457 {
1458 SecKeychainAttributeInfo info;
1459 SecKeychainAttributeList *attr_list;
1460 UInt32 info_tags[] = { kSecServerItemAttr };
1461 LPWSTR target_name;
1462 INT str_len;
1463 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
1464 info.tag = info_tags;
1465 info.format = NULL;
1466 status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attr_list, NULL, NULL);
1467 len = sizeof(**Credential);
1468 if (status != noErr)
1469 {
1470 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
1471 continue;
1472 }
1473 if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
1474 {
1475 CFRelease(item);
1476 continue;
1477 }
1478 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
1479 target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
1480 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
1481 /* nul terminate */
1482 target_name[str_len] = '\0';
1483 if (strcmpiW(TargetName, target_name))
1484 {
1485 CFRelease(item);
1486 HeapFree(GetProcessHeap(), 0, target_name);
1487 continue;
1488 }
1489 HeapFree(GetProcessHeap(), 0, target_name);
1490 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
1491 ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len);
1492 if (ret == ERROR_SUCCESS)
1493 {
1494 *Credential = HeapAlloc(GetProcessHeap(), 0, len);
1495 if (*Credential)
1496 {
1497 len = sizeof(**Credential);
1498 ret = mac_read_credential_from_item(item, TRUE, *Credential,
1499 (char *)(*Credential + 1), &len);
1500 }
1501 else
1502 ret = ERROR_OUTOFMEMORY;
1503 CFRelease(item);
1504 CFRelease(search);
1505 if (ret != ERROR_SUCCESS)
1506 {
1507 SetLastError(ret);
1508 return FALSE;
1509 }
1510 return TRUE;
1511 }
1512 CFRelease(item);
1513 }
1514 CFRelease(search);
1515 }
1516 }
1517 #endif
1518
1519 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1520 if (ret != ERROR_SUCCESS)
1521 {
1522 WARN("couldn't open/create manager key, error %d\n", ret);
1523 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1524 return FALSE;
1525 }
1526
1527 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1528 if (ret != ERROR_SUCCESS)
1529 {
1530 RegCloseKey(hkeyMgr);
1531 SetLastError(ret);
1532 return FALSE;
1533 }
1534
1535 key_name = get_key_name_for_target(TargetName, Type);
1536 ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred);
1537 HeapFree(GetProcessHeap(), 0, key_name);
1538 if (ret != ERROR_SUCCESS)
1539 {
1540 TRACE("credentials for target name %s not found\n", debugstr_w(TargetName));
1541 SetLastError(ERROR_NOT_FOUND);
1542 return FALSE;
1543 }
1544
1545 len = sizeof(**Credential);
1546 ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len);
1547 if (ret == ERROR_SUCCESS)
1548 {
1549 *Credential = HeapAlloc(GetProcessHeap(), 0, len);
1550 if (*Credential)
1551 {
1552 len = sizeof(**Credential);
1553 ret = registry_read_credential(hkeyCred, *Credential, key_data,
1554 (char *)(*Credential + 1), &len);
1555 }
1556 else
1557 ret = ERROR_OUTOFMEMORY;
1558 }
1559
1560 RegCloseKey(hkeyCred);
1561 RegCloseKey(hkeyMgr);
1562
1563 if (ret != ERROR_SUCCESS)
1564 {
1565 SetLastError(ret);
1566 return FALSE;
1567 }
1568 return TRUE;
1569 }
1570
1571 /******************************************************************************
1572 * CredReadDomainCredentialsA [ADVAPI32.@]
1573 */
1574 BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInformation,
1575 DWORD Flags, DWORD *Size, PCREDENTIALA **Credentials)
1576 {
1577 PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW;
1578 INT len, i;
1579 WCHAR *buffer, *end;
1580 BOOL ret;
1581 PCREDENTIALW* CredentialsW;
1582
1583 TRACE("(%p, 0x%x, %p, %p)\n", TargetInformation, Flags, Size, Credentials);
1584
1585 /* follow Windows behavior - do not test for NULL, initialize early */
1586 *Size = 0;
1587 *Credentials = NULL;
1588
1589 if (!TargetInformation)
1590 {
1591 SetLastError(ERROR_INVALID_PARAMETER);
1592 return FALSE;
1593 }
1594
1595 len = sizeof(*TargetInformationW);
1596 if (TargetInformation->TargetName)
1597 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->TargetName, -1, NULL, 0) * sizeof(WCHAR);
1598 if (TargetInformation->NetbiosServerName)
1599 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosServerName, -1, NULL, 0) * sizeof(WCHAR);
1600 if (TargetInformation->DnsServerName)
1601 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsServerName, -1, NULL, 0) * sizeof(WCHAR);
1602 if (TargetInformation->NetbiosDomainName)
1603 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosDomainName, -1, NULL, 0) * sizeof(WCHAR);
1604 if (TargetInformation->DnsDomainName)
1605 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsDomainName, -1, NULL, 0) * sizeof(WCHAR);
1606 if (TargetInformation->DnsTreeName)
1607 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsTreeName, -1, NULL, 0) * sizeof(WCHAR);
1608 if (TargetInformation->PackageName)
1609 len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, NULL, 0) * sizeof(WCHAR);
1610
1611 TargetInformationW = HeapAlloc(GetProcessHeap(), 0, len);
1612 if (!TargetInformationW)
1613 {
1614 SetLastError(ERROR_OUTOFMEMORY);
1615 return FALSE;
1616 }
1617 buffer = (WCHAR*)(TargetInformationW + 1);
1618 end = (WCHAR *)((char *)TargetInformationW + len);
1619
1620 if (TargetInformation->TargetName)
1621 {
1622 TargetInformationW->TargetName = buffer;
1623 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->TargetName, -1,
1624 TargetInformationW->TargetName, end - buffer);
1625 } else
1626 TargetInformationW->TargetName = NULL;
1627
1628 if (TargetInformation->NetbiosServerName)
1629 {
1630 TargetInformationW->NetbiosServerName = buffer;
1631 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosServerName, -1,
1632 TargetInformationW->NetbiosServerName, end - buffer);
1633 } else
1634 TargetInformationW->NetbiosServerName = NULL;
1635
1636 if (TargetInformation->DnsServerName)
1637 {
1638 TargetInformationW->DnsServerName = buffer;
1639 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsServerName, -1,
1640 TargetInformationW->DnsServerName, end - buffer);
1641 } else
1642 TargetInformationW->DnsServerName = NULL;
1643
1644 if (TargetInformation->NetbiosDomainName)
1645 {
1646 TargetInformationW->NetbiosDomainName = buffer;
1647 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->NetbiosDomainName, -1,
1648 TargetInformationW->NetbiosDomainName, end - buffer);
1649 } else
1650 TargetInformationW->NetbiosDomainName = NULL;
1651
1652 if (TargetInformation->DnsDomainName)
1653 {
1654 TargetInformationW->DnsDomainName = buffer;
1655 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsDomainName, -1,
1656 TargetInformationW->DnsDomainName, end - buffer);
1657 } else
1658 TargetInformationW->DnsDomainName = NULL;
1659
1660 if (TargetInformation->DnsTreeName)
1661 {
1662 TargetInformationW->DnsTreeName = buffer;
1663 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->DnsTreeName, -1,
1664 TargetInformationW->DnsTreeName, end - buffer);
1665 } else
1666 TargetInformationW->DnsTreeName = NULL;
1667
1668 if (TargetInformation->PackageName)
1669 {
1670 TargetInformationW->PackageName = buffer;
1671 buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
1672 TargetInformationW->PackageName, end - buffer);
1673 } else
1674 TargetInformationW->PackageName = NULL;
1675
1676 TargetInformationW->Flags = TargetInformation->Flags;
1677 TargetInformationW->CredTypeCount = TargetInformation->CredTypeCount;
1678 TargetInformationW->CredTypes = TargetInformation->CredTypes;
1679
1680 ret = CredReadDomainCredentialsW(TargetInformationW, Flags, Size, &CredentialsW);
1681
1682 HeapFree(GetProcessHeap(), 0, TargetInformationW);
1683
1684 if (ret)
1685 {
1686 char *buf;
1687 INT needed;
1688
1689 len = *Size * sizeof(PCREDENTIALA);
1690 for (i = 0; i < *Size; i++)
1691 len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
1692
1693 *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
1694 if (!*Credentials)
1695 {
1696 CredFree(CredentialsW);
1697 SetLastError(ERROR_OUTOFMEMORY);
1698 return FALSE;
1699 }
1700
1701 buf = (char *)&(*Credentials)[*Size];
1702 len -= *Size * sizeof(PCREDENTIALA);
1703 for (i = 0; i < *Size; i++)
1704 {
1705 (*Credentials)[i] = (PCREDENTIALA)buf;
1706 needed = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], (*Credentials)[i], len);
1707 buf += needed;
1708 len -= needed;
1709 }
1710
1711 CredFree(CredentialsW);
1712 }
1713 return ret;
1714 }
1715
1716 /******************************************************************************
1717 * CredReadDomainCredentialsW [ADVAPI32.@]
1718 */
1719 BOOL WINAPI CredReadDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInformation, DWORD Flags,
1720 DWORD *Size, PCREDENTIALW **Credentials)
1721 {
1722 FIXME("(%p, 0x%x, %p, %p) stub\n", TargetInformation, Flags, Size, Credentials);
1723
1724 /* follow Windows behavior - do not test for NULL, initialize early */
1725 *Size = 0;
1726 *Credentials = NULL;
1727 if (!TargetInformation)
1728 {
1729 SetLastError(ERROR_INVALID_PARAMETER);
1730 return FALSE;
1731 }
1732
1733 SetLastError(ERROR_NOT_FOUND);
1734 return FALSE;
1735 }
1736
1737 /******************************************************************************
1738 * CredWriteA [ADVAPI32.@]
1739 */
1740 BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
1741 {
1742 BOOL ret;
1743 INT len;
1744 PCREDENTIALW CredentialW;
1745
1746 TRACE("(%p, 0x%x)\n", Credential, Flags);
1747
1748 if (!Credential || !Credential->TargetName)
1749 {
1750 SetLastError(ERROR_INVALID_PARAMETER);
1751 return FALSE;
1752 }
1753
1754 len = convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, 0);
1755 CredentialW = HeapAlloc(GetProcessHeap(), 0, len);
1756 if (!CredentialW)
1757 {
1758 SetLastError(ERROR_OUTOFMEMORY);
1759 return FALSE;
1760 }
1761
1762 convert_PCREDENTIALA_to_PCREDENTIALW(Credential, CredentialW, len);
1763
1764 ret = CredWriteW(CredentialW, Flags);
1765
1766 HeapFree(GetProcessHeap(), 0, CredentialW);
1767
1768 return ret;
1769 }
1770
1771 /******************************************************************************
1772 * CredWriteW [ADVAPI32.@]
1773 */
1774 BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
1775 {
1776 HKEY hkeyMgr;
1777 HKEY hkeyCred;
1778 DWORD ret;
1779 LPWSTR key_name;
1780 BYTE key_data[KEY_SIZE];
1781
1782 TRACE("(%p, 0x%x)\n", Credential, Flags);
1783
1784 if (!Credential || !Credential->TargetName)
1785 {
1786 SetLastError(ERROR_INVALID_PARAMETER);
1787 return FALSE;
1788 }
1789
1790 if (Flags & ~CRED_PRESERVE_CREDENTIAL_BLOB)
1791 {
1792 FIXME("unhandled flags 0x%x\n", Flags);
1793 SetLastError(ERROR_INVALID_FLAGS);
1794 return FALSE;
1795 }
1796
1797 if (Credential->Type != CRED_TYPE_GENERIC && Credential->Type != CRED_TYPE_DOMAIN_PASSWORD)
1798 {
1799 FIXME("unhandled type %d\n", Credential->Type);
1800 SetLastError(ERROR_INVALID_PARAMETER);
1801 return FALSE;
1802 }
1803
1804 TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName));
1805 TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName));
1806
1807 if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD)
1808 {
1809 if (!Credential->UserName ||
1810 (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@')))
1811 {
1812 ERR("bad username %s\n", debugstr_w(Credential->UserName));
1813 SetLastError(ERROR_BAD_USERNAME);
1814 return FALSE;
1815 }
1816 }
1817
1818 #ifdef __APPLE__
1819 if (!Credential->AttributeCount &&
1820 Credential->Type == CRED_TYPE_DOMAIN_PASSWORD &&
1821 (Credential->Persist == CRED_PERSIST_LOCAL_MACHINE || Credential->Persist == CRED_PERSIST_ENTERPRISE))
1822 {
1823 ret = mac_write_credential(Credential, Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1824 if (ret != ERROR_SUCCESS)
1825 {
1826 SetLastError(ret);
1827 return FALSE;
1828 }
1829 return TRUE;
1830 }
1831 #endif
1832
1833 ret = open_cred_mgr_key(&hkeyMgr, FALSE);
1834 if (ret != ERROR_SUCCESS)
1835 {
1836 WARN("couldn't open/create manager key, error %d\n", ret);
1837 SetLastError(ERROR_NO_SUCH_LOGON_SESSION);
1838 return FALSE;
1839 }
1840
1841 ret = get_cred_mgr_encryption_key(hkeyMgr, key_data);
1842 if (ret != ERROR_SUCCESS)
1843 {
1844 RegCloseKey(hkeyMgr);
1845 SetLastError(ret);
1846 return FALSE;
1847 }
1848
1849 key_name = get_key_name_for_target(Credential->TargetName, Credential->Type);
1850 ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL,
1851 Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE,
1852 KEY_READ|KEY_WRITE, NULL, &hkeyCred, NULL);
1853 HeapFree(GetProcessHeap(), 0, key_name);
1854 if (ret != ERROR_SUCCESS)
1855 {
1856 TRACE("credentials for target name %s not found\n",
1857 debugstr_w(Credential->TargetName));
1858 SetLastError(ERROR_NOT_FOUND);
1859 return FALSE;
1860 }
1861
1862 ret = registry_write_credential(hkeyCred, Credential, key_data,
1863 Flags & CRED_PRESERVE_CREDENTIAL_BLOB);
1864
1865 RegCloseKey(hkeyCred);
1866 RegCloseKey(hkeyMgr);
1867
1868 if (ret != ERROR_SUCCESS)
1869 {
1870 SetLastError(ret);
1871 return FALSE;
1872 }
1873 return TRUE;
1874 }
1875
1876 /******************************************************************************
1877 * CredGetSessionTypes [ADVAPI32.@]
1878 */
1879 BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
1880 {
1881 TRACE("(%u, %p)\n", persistCount, persists);
1882
1883 memset(persists, CRED_PERSIST_NONE, persistCount*sizeof(*persists));
1884 if (CRED_TYPE_GENERIC < persistCount)
1885 {
1886 persists[CRED_TYPE_GENERIC] = CRED_PERSIST_ENTERPRISE;
1887
1888 if (CRED_TYPE_DOMAIN_PASSWORD < persistCount)
1889 {
1890 persists[CRED_TYPE_DOMAIN_PASSWORD] = CRED_PERSIST_ENTERPRISE;
1891 }
1892 }
1893 return TRUE;
1894 }
1895
1896 BOOL
1897 WINAPI
1898 CredWriteDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
1899 PCREDENTIALW Credential,
1900 DWORD Flags)
1901 {
1902 WARN("Not implemented\n");
1903 return FALSE;
1904 }
1905
1906 BOOL
1907 WINAPI
1908 CredWriteDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInfo,
1909 PCREDENTIALA Credential,
1910 DWORD Flags)
1911 {
1912 WARN("Not implemented\n");
1913 return FALSE;
1914 }
1915
1916 BOOL
1917 WINAPI
1918 CredUnmarshalCredentialW(LPCWSTR MarshaledCredential,
1919 PCRED_MARSHAL_TYPE CredType,
1920 PVOID *Credential)
1921 {
1922 WARN("Not implemented\n");
1923 return FALSE;
1924 }
1925
1926 BOOL
1927 WINAPI
1928 CredUnmarshalCredentialA(LPCSTR MarshaledCredential,
1929 PCRED_MARSHAL_TYPE CredType,
1930 PVOID *Credential)
1931 {
1932 WARN("Not implemented\n");
1933 return FALSE;
1934 }