2 * Credential Management APIs
4 * Copyright 2007 Robert Shearman for CodeWeavers
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
29 #include "../crypt/crypt.h"
31 #include "wine/unicode.h"
32 #include "wine/debug.h"
34 WINE_DEFAULT_DEBUG_CHANNEL(cred
);
36 /* the size of the ARC4 key used to encrypt the password data */
39 static const WCHAR wszCredentialManagerKey
[] = {'S','o','f','t','w','a','r','e','\\','W','i','n','e','\\',
40 'C','r','e','d','e','n','t','i','a','l',' ','M','a','n','a','g','e','r',0};
41 static const WCHAR wszEncryptionKeyValue
[] = {'E','n','c','r','y','p','t','i','o','n','K','e','y',0};
43 static const WCHAR wszFlagsValue
[] = {'F','l','a','g','s',0};
44 static const WCHAR wszTypeValue
[] = {'T','y','p','e',0};
45 static const WCHAR wszCommentValue
[] = {'C','o','m','m','e','n','t',0};
46 static const WCHAR wszLastWrittenValue
[] = {'L','a','s','t','W','r','i','t','t','e','n',0};
47 static const WCHAR wszPersistValue
[] = {'P','e','r','s','i','s','t',0};
48 static const WCHAR wszTargetAliasValue
[] = {'T','a','r','g','e','t','A','l','i','a','s',0};
49 static const WCHAR wszUserNameValue
[] = {'U','s','e','r','N','a','m','e',0};
50 static const WCHAR wszPasswordValue
[] = {'P','a','s','s','w','o','r','d',0};
52 static DWORD
read_credential_blob(HKEY hkey
, const BYTE key_data
[KEY_SIZE
],
53 LPBYTE credential_blob
,
54 DWORD
*credential_blob_size
)
59 *credential_blob_size
= 0;
60 ret
= RegQueryValueExW(hkey
, wszPasswordValue
, 0, &type
, NULL
, credential_blob_size
);
61 if (ret
!= ERROR_SUCCESS
)
63 else if (type
!= REG_BINARY
)
64 return ERROR_REGISTRY_CORRUPT
;
70 ret
= RegQueryValueExW(hkey
, wszPasswordValue
, 0, &type
, credential_blob
,
71 credential_blob_size
);
72 if (ret
!= ERROR_SUCCESS
)
74 else if (type
!= REG_BINARY
)
75 return ERROR_REGISTRY_CORRUPT
;
77 key
.Length
= key
.MaximumLength
= KEY_SIZE
;
78 key
.Buffer
= (unsigned char *)key_data
;
80 data
.Length
= data
.MaximumLength
= *credential_blob_size
;
81 data
.Buffer
= credential_blob
;
82 SystemFunction032(&data
, &key
);
87 static DWORD
registry_read_credential(HKEY hkey
, PCREDENTIALW credential
,
88 const BYTE key_data
[KEY_SIZE
],
89 char *buffer
, DWORD
*len
)
95 ret
= RegQueryValueExW(hkey
, NULL
, 0, &type
, NULL
, &count
);
96 if (ret
!= ERROR_SUCCESS
)
98 else if (type
!= REG_SZ
)
99 return ERROR_REGISTRY_CORRUPT
;
103 credential
->TargetName
= (LPWSTR
)buffer
;
104 ret
= RegQueryValueExW(hkey
, NULL
, 0, &type
, (LPVOID
)credential
->TargetName
,
106 if (ret
!= ERROR_SUCCESS
|| type
!= REG_SZ
) return ret
;
110 ret
= RegQueryValueExW(hkey
, wszCommentValue
, 0, &type
, NULL
, &count
);
111 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
113 else if (type
!= REG_SZ
)
114 return ERROR_REGISTRY_CORRUPT
;
118 credential
->Comment
= (LPWSTR
)buffer
;
119 ret
= RegQueryValueExW(hkey
, wszCommentValue
, 0, &type
, (LPVOID
)credential
->Comment
,
121 if (ret
== ERROR_FILE_NOT_FOUND
)
122 credential
->Comment
= NULL
;
123 else if (ret
!= ERROR_SUCCESS
)
125 else if (type
!= REG_SZ
)
126 return ERROR_REGISTRY_CORRUPT
;
131 ret
= RegQueryValueExW(hkey
, wszTargetAliasValue
, 0, &type
, NULL
, &count
);
132 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
134 else if (type
!= REG_SZ
)
135 return ERROR_REGISTRY_CORRUPT
;
139 credential
->TargetAlias
= (LPWSTR
)buffer
;
140 ret
= RegQueryValueExW(hkey
, wszTargetAliasValue
, 0, &type
, (LPVOID
)credential
->TargetAlias
,
142 if (ret
== ERROR_FILE_NOT_FOUND
)
143 credential
->TargetAlias
= NULL
;
144 else if (ret
!= ERROR_SUCCESS
)
146 else if (type
!= REG_SZ
)
147 return ERROR_REGISTRY_CORRUPT
;
152 ret
= RegQueryValueExW(hkey
, wszUserNameValue
, 0, &type
, NULL
, &count
);
153 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
155 else if (type
!= REG_SZ
)
156 return ERROR_REGISTRY_CORRUPT
;
160 credential
->UserName
= (LPWSTR
)buffer
;
161 ret
= RegQueryValueExW(hkey
, wszUserNameValue
, 0, &type
, (LPVOID
)credential
->UserName
,
163 if (ret
== ERROR_FILE_NOT_FOUND
)
164 credential
->UserName
= NULL
;
165 else if (ret
!= ERROR_SUCCESS
)
167 else if (type
!= REG_SZ
)
168 return ERROR_REGISTRY_CORRUPT
;
173 ret
= read_credential_blob(hkey
, key_data
, NULL
, &count
);
174 if (ret
!= ERROR_FILE_NOT_FOUND
&& ret
!= ERROR_SUCCESS
)
179 credential
->CredentialBlob
= (LPBYTE
)buffer
;
180 ret
= read_credential_blob(hkey
, key_data
, credential
->CredentialBlob
, &count
);
181 if (ret
== ERROR_FILE_NOT_FOUND
)
182 credential
->CredentialBlob
= NULL
;
183 else if (ret
!= ERROR_SUCCESS
)
185 credential
->CredentialBlobSize
= count
;
189 /* FIXME: Attributes */
192 credential
->AttributeCount
= 0;
193 credential
->Attributes
= NULL
;
196 if (!credential
) return ERROR_SUCCESS
;
198 count
= sizeof(credential
->Flags
);
199 ret
= RegQueryValueExW(hkey
, wszFlagsValue
, NULL
, &type
, (LPVOID
)&credential
->Flags
,
201 if (ret
!= ERROR_SUCCESS
)
203 else if (type
!= REG_DWORD
)
204 return ERROR_REGISTRY_CORRUPT
;
205 count
= sizeof(credential
->Type
);
206 ret
= RegQueryValueExW(hkey
, wszTypeValue
, NULL
, &type
, (LPVOID
)&credential
->Type
,
208 if (ret
!= ERROR_SUCCESS
)
210 else if (type
!= REG_DWORD
)
211 return ERROR_REGISTRY_CORRUPT
;
213 count
= sizeof(credential
->LastWritten
);
214 ret
= RegQueryValueExW(hkey
, wszLastWrittenValue
, NULL
, &type
, (LPVOID
)&credential
->LastWritten
,
216 if (ret
!= ERROR_SUCCESS
)
218 else if (type
!= REG_BINARY
)
219 return ERROR_REGISTRY_CORRUPT
;
220 count
= sizeof(credential
->Persist
);
221 ret
= RegQueryValueExW(hkey
, wszPersistValue
, NULL
, &type
, (LPVOID
)&credential
->Persist
,
223 if (ret
== ERROR_SUCCESS
&& type
!= REG_DWORD
)
224 return ERROR_REGISTRY_CORRUPT
;
229 static DWORD
mac_read_credential_from_item(SecKeychainItemRef item
, BOOL require_password
,
230 PCREDENTIALW credential
, char *buffer
,
235 UInt32 cred_blob_len
;
237 LPWSTR domain
= NULL
;
239 BOOL user_name_present
= FALSE
;
240 SecKeychainAttributeInfo info
;
241 SecKeychainAttributeList
*attr_list
;
242 UInt32 info_tags
[] = { kSecServerItemAttr
, kSecSecurityDomainItemAttr
, kSecAccountItemAttr
,
243 kSecCommentItemAttr
, kSecCreationDateItemAttr
};
244 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
245 info
.tag
= info_tags
;
247 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, &cred_blob_len
, &cred_blob
);
248 if (status
== errSecAuthFailed
&& !require_password
)
252 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, &cred_blob_len
, NULL
);
256 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
257 return ERROR_NOT_FOUND
;
260 for (i
= 0; i
< attr_list
->count
; i
++)
261 if (attr_list
->attr
[i
].tag
== kSecAccountItemAttr
&& attr_list
->attr
[i
].data
)
263 user_name_present
= TRUE
;
266 if (!user_name_present
)
268 WARN("no kSecAccountItemAttr for item\n");
269 return ERROR_NOT_FOUND
;
274 credential
->Flags
= 0;
275 credential
->Type
= CRED_TYPE_DOMAIN_PASSWORD
;
276 credential
->TargetName
= NULL
;
277 credential
->Comment
= NULL
;
278 memset(&credential
->LastWritten
, 0, sizeof(credential
->LastWritten
));
279 credential
->CredentialBlobSize
= 0;
280 credential
->CredentialBlob
= NULL
;
281 credential
->Persist
= CRED_PERSIST_LOCAL_MACHINE
;
282 credential
->AttributeCount
= 0;
283 credential
->Attributes
= NULL
;
284 credential
->TargetAlias
= NULL
;
285 credential
->UserName
= NULL
;
287 for (i
= 0; i
< attr_list
->count
; i
++)
289 switch (attr_list
->attr
[i
].tag
)
291 case kSecServerItemAttr
:
292 TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
293 (char *)attr_list
->attr
[i
].data
);
294 if (!attr_list
->attr
[i
].data
) continue;
298 credential
->TargetName
= (LPWSTR
)buffer
;
299 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
300 attr_list
->attr
[i
].length
, (LPWSTR
)buffer
, 0xffff);
301 credential
->TargetName
[str_len
] = '\0';
302 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
303 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
308 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
309 attr_list
->attr
[i
].length
, NULL
, 0);
310 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
313 case kSecAccountItemAttr
:
316 TRACE("kSecAccountItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
317 (char *)attr_list
->attr
[i
].data
);
318 if (!attr_list
->attr
[i
].data
) continue;
319 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
320 attr_list
->attr
[i
].length
, NULL
, 0);
321 user
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
322 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
323 attr_list
->attr
[i
].length
, user
, str_len
);
324 user
[str_len
] = '\0';
327 case kSecCommentItemAttr
:
328 TRACE("kSecCommentItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
329 (char *)attr_list
->attr
[i
].data
);
330 if (!attr_list
->attr
[i
].data
) continue;
334 credential
->Comment
= (LPWSTR
)buffer
;
335 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
336 attr_list
->attr
[i
].length
, (LPWSTR
)buffer
, 0xffff);
337 credential
->Comment
[str_len
] = '\0';
338 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
339 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
344 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
345 attr_list
->attr
[i
].length
, NULL
, 0);
346 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
349 case kSecSecurityDomainItemAttr
:
352 TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
353 (char *)attr_list
->attr
[i
].data
);
354 if (!attr_list
->attr
[i
].data
) continue;
355 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
356 attr_list
->attr
[i
].length
, NULL
, 0);
357 domain
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
358 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[i
].data
,
359 attr_list
->attr
[i
].length
, domain
, str_len
);
360 domain
[str_len
] = '\0';
363 case kSecCreationDateItemAttr
:
364 TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list
->attr
[i
].length
,
365 (char *)attr_list
->attr
[i
].data
);
368 LARGE_INTEGER win_time
;
371 memset(&tm
, 0, sizeof(tm
));
372 strptime(attr_list
->attr
[i
].data
, "%Y%m%d%H%M%SZ", &tm
);
374 RtlSecondsSince1970ToTime(time
, &win_time
);
375 credential
->LastWritten
.dwLowDateTime
= win_time
.u
.LowPart
;
376 credential
->LastWritten
.dwHighDateTime
= win_time
.u
.HighPart
;
386 credential
->UserName
= (LPWSTR
)buffer
;
389 str_len
= strlenW(domain
);
390 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
393 memcpy(credential
->UserName
, domain
, str_len
* sizeof(WCHAR
));
394 /* FIXME: figure out when to use an '@' */
395 credential
->UserName
[str_len
] = '\\';
396 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
399 str_len
= strlenW(user
);
400 *len
+= (str_len
+ 1) * sizeof(WCHAR
);
403 memcpy(buffer
, user
, (str_len
+ 1) * sizeof(WCHAR
));
404 buffer
+= (str_len
+ 1) * sizeof(WCHAR
);
405 TRACE("UserName = %s\n", debugstr_w(credential
->UserName
));
408 HeapFree(GetProcessHeap(), 0, user
);
409 HeapFree(GetProcessHeap(), 0, domain
);
416 credential
->CredentialBlob
= (BYTE
*)buffer
;
417 str_len
= MultiByteToWideChar(CP_UTF8
, 0, cred_blob
, cred_blob_len
,
418 (LPWSTR
)buffer
, 0xffff);
419 credential
->CredentialBlobSize
= str_len
* sizeof(WCHAR
);
420 buffer
+= str_len
* sizeof(WCHAR
);
421 *len
+= str_len
* sizeof(WCHAR
);
426 str_len
= MultiByteToWideChar(CP_UTF8
, 0, cred_blob
, cred_blob_len
,
428 *len
+= str_len
* sizeof(WCHAR
);
431 SecKeychainItemFreeAttributesAndData(attr_list
, cred_blob
);
432 return ERROR_SUCCESS
;
436 static DWORD
write_credential_blob(HKEY hkey
, LPCWSTR target_name
, DWORD type
,
437 const BYTE key_data
[KEY_SIZE
],
438 const BYTE
*credential_blob
, DWORD credential_blob_size
)
440 LPBYTE encrypted_credential_blob
;
445 key
.Length
= key
.MaximumLength
= KEY_SIZE
;
446 key
.Buffer
= (unsigned char *)key_data
;
448 encrypted_credential_blob
= HeapAlloc(GetProcessHeap(), 0, credential_blob_size
);
449 if (!encrypted_credential_blob
) return ERROR_OUTOFMEMORY
;
451 memcpy(encrypted_credential_blob
, credential_blob
, credential_blob_size
);
452 data
.Length
= data
.MaximumLength
= credential_blob_size
;
453 data
.Buffer
= encrypted_credential_blob
;
454 SystemFunction032(&data
, &key
);
456 ret
= RegSetValueExW(hkey
, wszPasswordValue
, 0, REG_BINARY
, encrypted_credential_blob
, credential_blob_size
);
457 HeapFree(GetProcessHeap(), 0, encrypted_credential_blob
);
462 static DWORD
registry_write_credential(HKEY hkey
, const CREDENTIALW
*credential
,
463 const BYTE key_data
[KEY_SIZE
], BOOL preserve_blob
)
466 FILETIME LastWritten
;
468 GetSystemTimeAsFileTime(&LastWritten
);
470 ret
= RegSetValueExW(hkey
, wszFlagsValue
, 0, REG_DWORD
, (LPVOID
)&credential
->Flags
,
471 sizeof(credential
->Flags
));
472 if (ret
!= ERROR_SUCCESS
) return ret
;
473 ret
= RegSetValueExW(hkey
, wszTypeValue
, 0, REG_DWORD
, (LPVOID
)&credential
->Type
,
474 sizeof(credential
->Type
));
475 if (ret
!= ERROR_SUCCESS
) return ret
;
476 ret
= RegSetValueExW(hkey
, NULL
, 0, REG_SZ
, (LPVOID
)credential
->TargetName
,
477 sizeof(WCHAR
)*(strlenW(credential
->TargetName
)+1));
478 if (ret
!= ERROR_SUCCESS
) return ret
;
479 if (credential
->Comment
)
481 ret
= RegSetValueExW(hkey
, wszCommentValue
, 0, REG_SZ
, (LPVOID
)credential
->Comment
,
482 sizeof(WCHAR
)*(strlenW(credential
->Comment
)+1));
483 if (ret
!= ERROR_SUCCESS
) return ret
;
485 ret
= RegSetValueExW(hkey
, wszLastWrittenValue
, 0, REG_BINARY
, (LPVOID
)&LastWritten
,
486 sizeof(LastWritten
));
487 if (ret
!= ERROR_SUCCESS
) return ret
;
488 ret
= RegSetValueExW(hkey
, wszPersistValue
, 0, REG_DWORD
, (LPVOID
)&credential
->Persist
,
489 sizeof(credential
->Persist
));
490 if (ret
!= ERROR_SUCCESS
) return ret
;
491 /* FIXME: Attributes */
492 if (credential
->TargetAlias
)
494 ret
= RegSetValueExW(hkey
, wszTargetAliasValue
, 0, REG_SZ
, (LPVOID
)credential
->TargetAlias
,
495 sizeof(WCHAR
)*(strlenW(credential
->TargetAlias
)+1));
496 if (ret
!= ERROR_SUCCESS
) return ret
;
498 if (credential
->UserName
)
500 ret
= RegSetValueExW(hkey
, wszUserNameValue
, 0, REG_SZ
, (LPVOID
)credential
->UserName
,
501 sizeof(WCHAR
)*(strlenW(credential
->UserName
)+1));
502 if (ret
!= ERROR_SUCCESS
) return ret
;
506 ret
= write_credential_blob(hkey
, credential
->TargetName
, credential
->Type
,
507 key_data
, credential
->CredentialBlob
,
508 credential
->CredentialBlobSize
);
514 static DWORD
mac_write_credential(const CREDENTIALW
*credential
, BOOL preserve_blob
)
517 SecKeychainItemRef keychain_item
;
523 UInt32 domainlen
= 0;
527 SecKeychainAttribute attrs
[1];
528 SecKeychainAttributeList attr_list
;
530 if (credential
->Flags
)
531 FIXME("Flags 0x%x not written\n", credential
->Flags
);
532 if (credential
->Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
533 FIXME("credential type of %d not supported\n", credential
->Type
);
534 if (credential
->Persist
!= CRED_PERSIST_LOCAL_MACHINE
)
535 FIXME("persist value of %d not supported\n", credential
->Persist
);
536 if (credential
->AttributeCount
)
537 FIXME("custom attributes not supported\n");
539 p
= strchrW(credential
->UserName
, '\\');
542 domainlen
= WideCharToMultiByte(CP_UTF8
, 0, credential
->UserName
,
543 p
- credential
->UserName
, NULL
, 0, NULL
, NULL
);
544 domain
= HeapAlloc(GetProcessHeap(), 0, (domainlen
+ 1) * sizeof(*domain
));
545 WideCharToMultiByte(CP_UTF8
, 0, credential
->UserName
, p
- credential
->UserName
,
546 domain
, domainlen
, NULL
, NULL
);
547 domain
[domainlen
] = '\0';
551 p
= credential
->UserName
;
552 userlen
= WideCharToMultiByte(CP_UTF8
, 0, p
, -1, NULL
, 0, NULL
, NULL
);
553 username
= HeapAlloc(GetProcessHeap(), 0, userlen
* sizeof(*username
));
554 WideCharToMultiByte(CP_UTF8
, 0, p
, -1, username
, userlen
, NULL
, NULL
);
556 serverlen
= WideCharToMultiByte(CP_UTF8
, 0, credential
->TargetName
, -1, NULL
, 0, NULL
, NULL
);
557 servername
= HeapAlloc(GetProcessHeap(), 0, serverlen
* sizeof(*servername
));
558 WideCharToMultiByte(CP_UTF8
, 0, credential
->TargetName
, -1, servername
, serverlen
, NULL
, NULL
);
559 pwlen
= WideCharToMultiByte(CP_UTF8
, 0, (LPCWSTR
)credential
->CredentialBlob
,
560 credential
->CredentialBlobSize
/ sizeof(WCHAR
), NULL
, 0, NULL
, NULL
);
561 password
= HeapAlloc(GetProcessHeap(), 0, pwlen
* sizeof(*domain
));
562 WideCharToMultiByte(CP_UTF8
, 0, (LPCWSTR
)credential
->CredentialBlob
,
563 credential
->CredentialBlobSize
/ sizeof(WCHAR
), password
, pwlen
, NULL
, NULL
);
565 TRACE("adding server %s, domain %s, username %s using Keychain\n", servername
, domain
, username
);
566 status
= SecKeychainAddInternetPassword(NULL
, strlen(servername
), servername
,
567 strlen(domain
), domain
, strlen(username
),
568 username
, 0, NULL
, 0,
570 kSecAuthenticationTypeDefault
,
571 strlen(password
), password
, &keychain_item
);
573 ERR("SecKeychainAddInternetPassword returned %ld\n", status
);
574 if (status
== errSecDuplicateItem
)
576 SecKeychainItemRef keychain_item
;
578 status
= SecKeychainFindInternetPassword(NULL
, strlen(servername
), servername
,
579 strlen(domain
), domain
,
580 strlen(username
), username
,
581 0, NULL
/* any path */, 0,
582 0 /* any protocol */,
583 0 /* any authentication type */,
584 0, NULL
, &keychain_item
);
586 ERR("SecKeychainFindInternetPassword returned %ld\n", status
);
588 HeapFree(GetProcessHeap(), 0, domain
);
589 HeapFree(GetProcessHeap(), 0, username
);
590 HeapFree(GetProcessHeap(), 0, servername
);
593 HeapFree(GetProcessHeap(), 0, password
);
594 return ERROR_GEN_FAILURE
;
596 if (credential
->Comment
)
599 attr_list
.attr
= attrs
;
600 attrs
[0].tag
= kSecCommentItemAttr
;
601 attrs
[0].length
= WideCharToMultiByte(CP_UTF8
, 0, credential
->Comment
, -1, NULL
, 0, NULL
, NULL
);
602 if (attrs
[0].length
) attrs
[0].length
--;
603 attrs
[0].data
= HeapAlloc(GetProcessHeap(), 0, attrs
[0].length
);
604 WideCharToMultiByte(CP_UTF8
, 0, credential
->Comment
, -1, attrs
[0].data
, attrs
[0].length
, NULL
, NULL
);
609 attr_list
.attr
= NULL
;
611 status
= SecKeychainItemModifyAttributesAndData(keychain_item
, &attr_list
,
612 preserve_blob
? 0 : strlen(password
),
613 preserve_blob
? NULL
: password
);
614 if (credential
->Comment
)
615 HeapFree(GetProcessHeap(), 0, attrs
[0].data
);
616 HeapFree(GetProcessHeap(), 0, password
);
617 /* FIXME: set TargetAlias attribute */
618 CFRelease(keychain_item
);
619 return ERROR_SUCCESS
;
623 static DWORD
open_cred_mgr_key(HKEY
*hkey
, BOOL open_for_write
)
625 return RegCreateKeyExW(HKEY_CURRENT_USER
, wszCredentialManagerKey
, 0,
626 NULL
, REG_OPTION_NON_VOLATILE
,
627 KEY_READ
| (open_for_write
? KEY_WRITE
: 0), NULL
, hkey
, NULL
);
630 static DWORD
get_cred_mgr_encryption_key(HKEY hkeyMgr
, BYTE key_data
[KEY_SIZE
])
632 static const BYTE my_key_data
[KEY_SIZE
] = { 0 };
640 memcpy(key_data
, my_key_data
, KEY_SIZE
);
643 ret
= RegQueryValueExW(hkeyMgr
, wszEncryptionKeyValue
, NULL
, &type
, key_data
,
645 if (ret
== ERROR_SUCCESS
)
647 if (type
!= REG_BINARY
)
648 return ERROR_REGISTRY_CORRUPT
;
650 return ERROR_SUCCESS
;
652 if (ret
!= ERROR_FILE_NOT_FOUND
)
655 GetSystemTimeAsFileTime(&ft
);
656 seed
= ft
.dwLowDateTime
;
657 value
= RtlUniform(&seed
);
658 *(DWORD
*)key_data
= value
;
659 seed
= ft
.dwHighDateTime
;
660 value
= RtlUniform(&seed
);
661 *(DWORD
*)(key_data
+ 4) = value
;
663 ret
= RegSetValueExW(hkeyMgr
, wszEncryptionKeyValue
, 0, REG_BINARY
,
665 if (ret
== ERROR_ACCESS_DENIED
)
667 ret
= open_cred_mgr_key(&hkeyMgr
, TRUE
);
668 if (ret
== ERROR_SUCCESS
)
670 ret
= RegSetValueExW(hkeyMgr
, wszEncryptionKeyValue
, 0, REG_BINARY
,
672 RegCloseKey(hkeyMgr
);
678 static LPWSTR
get_key_name_for_target(LPCWSTR target_name
, DWORD type
)
680 static const WCHAR wszGenericPrefix
[] = {'G','e','n','e','r','i','c',':',' ',0};
681 static const WCHAR wszDomPasswdPrefix
[] = {'D','o','m','P','a','s','s','w','d',':',' ',0};
683 LPCWSTR prefix
= NULL
;
686 len
= strlenW(target_name
);
687 if (type
== CRED_TYPE_GENERIC
)
689 prefix
= wszGenericPrefix
;
690 len
+= sizeof(wszGenericPrefix
)/sizeof(wszGenericPrefix
[0]);
694 prefix
= wszDomPasswdPrefix
;
695 len
+= sizeof(wszDomPasswdPrefix
)/sizeof(wszDomPasswdPrefix
[0]);
698 key_name
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
699 if (!key_name
) return NULL
;
701 strcpyW(key_name
, prefix
);
702 strcatW(key_name
, target_name
);
704 for (p
= key_name
; *p
; p
++)
705 if (*p
== '\\') *p
= '_';
710 static BOOL
credential_matches_filter(HKEY hkeyCred
, LPCWSTR filter
)
718 if (!filter
) return TRUE
;
720 ret
= RegQueryValueExW(hkeyCred
, NULL
, 0, &type
, NULL
, &count
);
721 if (ret
!= ERROR_SUCCESS
)
723 else if (type
!= REG_SZ
)
726 target_name
= HeapAlloc(GetProcessHeap(), 0, count
);
729 ret
= RegQueryValueExW(hkeyCred
, NULL
, 0, &type
, (LPVOID
)target_name
, &count
);
730 if (ret
!= ERROR_SUCCESS
|| type
!= REG_SZ
)
732 HeapFree(GetProcessHeap(), 0, target_name
);
736 TRACE("comparing filter %s to target name %s\n", debugstr_w(filter
),
737 debugstr_w(target_name
));
739 p
= strchrW(filter
, '*');
740 ret
= CompareStringW(GetThreadLocale(), 0, filter
,
741 (p
&& !p
[1] ? p
- filter
: -1), target_name
,
742 (p
&& !p
[1] ? p
- filter
: -1)) == CSTR_EQUAL
;
744 HeapFree(GetProcessHeap(), 0, target_name
);
748 static DWORD
registry_enumerate_credentials(HKEY hkeyMgr
, LPCWSTR filter
,
750 DWORD target_name_len
, BYTE key_data
[KEY_SIZE
],
751 PCREDENTIALW
*credentials
, char **buffer
,
752 DWORD
*len
, DWORD
*count
)
759 ret
= RegEnumKeyW(hkeyMgr
, i
, target_name
, target_name_len
+1);
760 if (ret
== ERROR_NO_MORE_ITEMS
)
765 else if (ret
!= ERROR_SUCCESS
)
770 TRACE("target_name = %s\n", debugstr_w(target_name
));
771 ret
= RegOpenKeyExW(hkeyMgr
, target_name
, 0, KEY_QUERY_VALUE
, &hkeyCred
);
772 if (ret
!= ERROR_SUCCESS
)
777 if (!credential_matches_filter(hkeyCred
, filter
))
779 RegCloseKey(hkeyCred
);
784 *len
= sizeof(CREDENTIALW
);
785 credentials
[*count
] = (PCREDENTIALW
)*buffer
;
788 *len
+= sizeof(CREDENTIALW
);
789 ret
= registry_read_credential(hkeyCred
, buffer
? credentials
[*count
] : NULL
,
790 key_data
, buffer
? *buffer
+ sizeof(CREDENTIALW
) : NULL
,
792 RegCloseKey(hkeyCred
);
793 if (ret
!= ERROR_SUCCESS
) break;
794 if (buffer
) *buffer
+= *len
;
801 static DWORD
mac_enumerate_credentials(LPCWSTR filter
, PCREDENTIALW
*credentials
,
802 char *buffer
, DWORD
*len
, DWORD
*count
)
804 SecKeychainSearchRef search
;
805 SecKeychainItemRef item
;
807 Boolean saved_user_interaction_allowed
;
810 SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed
);
811 SecKeychainSetUserInteractionAllowed(false);
813 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
816 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
818 SecKeychainAttributeInfo info
;
819 SecKeychainAttributeList
*attr_list
;
820 UInt32 info_tags
[] = { kSecServerItemAttr
};
821 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
822 info
.tag
= info_tags
;
824 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
827 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
832 *len
= sizeof(CREDENTIALW
);
833 credentials
[*count
] = (PCREDENTIALW
)buffer
;
836 *len
+= sizeof(CREDENTIALW
);
837 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
) continue;
838 TRACE("server item: %.*s\n", (int)attr_list
->attr
[0].length
, (char *)attr_list
->attr
[0].data
);
839 /* FIXME: filter based on attr_list->attr[0].data */
840 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
841 ret
= mac_read_credential_from_item(item
, FALSE
,
842 buffer
? credentials
[*count
] : NULL
,
843 buffer
? buffer
+ sizeof(CREDENTIALW
) : NULL
,
846 if (ret
== ERROR_SUCCESS
)
849 if (buffer
) buffer
+= *len
;
855 ERR("SecKeychainSearchCreateFromAttributes returned status %ld\n", status
);
856 SecKeychainSetUserInteractionAllowed(saved_user_interaction_allowed
);
857 return ERROR_SUCCESS
;
860 static DWORD
mac_delete_credential(LPCWSTR TargetName
)
863 SecKeychainSearchRef search
;
864 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
867 SecKeychainItemRef item
;
868 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
870 SecKeychainAttributeInfo info
;
871 SecKeychainAttributeList
*attr_list
;
872 UInt32 info_tags
[] = { kSecServerItemAttr
};
875 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
876 info
.tag
= info_tags
;
878 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
881 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
884 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
)
889 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, NULL
, 0);
890 target_name
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
891 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, target_name
, str_len
);
893 target_name
[str_len
] = '\0';
894 if (strcmpiW(TargetName
, target_name
))
897 HeapFree(GetProcessHeap(), 0, target_name
);
900 HeapFree(GetProcessHeap(), 0, target_name
);
901 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
902 SecKeychainItemDelete(item
);
906 return ERROR_SUCCESS
;
910 return ERROR_NOT_FOUND
;
914 /******************************************************************************
915 * convert_PCREDENTIALW_to_PCREDENTIALA [internal]
917 * convert a Credential struct from UNICODE to ANSI and return the needed size in Bytes
921 static INT
convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW
*CredentialW
, PCREDENTIALA CredentialA
, INT len
)
925 INT needed
= sizeof(CREDENTIALA
);
929 if (CredentialW
->TargetName
)
930 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetName
, -1, NULL
, 0, NULL
, NULL
);
931 if (CredentialW
->Comment
)
932 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->Comment
, -1, NULL
, 0, NULL
, NULL
);
933 needed
+= CredentialW
->CredentialBlobSize
;
934 if (CredentialW
->TargetAlias
)
935 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetAlias
, -1, NULL
, 0, NULL
, NULL
);
936 if (CredentialW
->UserName
)
937 needed
+= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->UserName
, -1, NULL
, 0, NULL
, NULL
);
943 buffer
= (char *)CredentialA
+ sizeof(CREDENTIALA
);
944 len
-= sizeof(CREDENTIALA
);
945 CredentialA
->Flags
= CredentialW
->Flags
;
946 CredentialA
->Type
= CredentialW
->Type
;
948 if (CredentialW
->TargetName
)
950 CredentialA
->TargetName
= buffer
;
951 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetName
, -1, buffer
, len
, NULL
, NULL
);
952 buffer
+= string_len
;
953 needed
+= string_len
;
957 CredentialA
->TargetName
= NULL
;
958 if (CredentialW
->Comment
)
960 CredentialA
->Comment
= buffer
;
961 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->Comment
, -1, buffer
, len
, NULL
, NULL
);
962 buffer
+= string_len
;
963 needed
+= string_len
;
967 CredentialA
->Comment
= NULL
;
968 CredentialA
->LastWritten
= CredentialW
->LastWritten
;
969 CredentialA
->CredentialBlobSize
= CredentialW
->CredentialBlobSize
;
970 if (CredentialW
->CredentialBlobSize
&& (CredentialW
->CredentialBlobSize
<= len
))
972 CredentialA
->CredentialBlob
=(LPBYTE
)buffer
;
973 memcpy(CredentialA
->CredentialBlob
, CredentialW
->CredentialBlob
,
974 CredentialW
->CredentialBlobSize
);
975 buffer
+= CredentialW
->CredentialBlobSize
;
976 needed
+= CredentialW
->CredentialBlobSize
;
977 len
-= CredentialW
->CredentialBlobSize
;
980 CredentialA
->CredentialBlob
= NULL
;
981 CredentialA
->Persist
= CredentialW
->Persist
;
982 CredentialA
->AttributeCount
= 0;
983 CredentialA
->Attributes
= NULL
; /* FIXME */
984 if (CredentialW
->TargetAlias
)
986 CredentialA
->TargetAlias
= buffer
;
987 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->TargetAlias
, -1, buffer
, len
, NULL
, NULL
);
988 buffer
+= string_len
;
989 needed
+= string_len
;
993 CredentialA
->TargetAlias
= NULL
;
994 if (CredentialW
->UserName
)
996 CredentialA
->UserName
= buffer
;
997 string_len
= WideCharToMultiByte(CP_ACP
, 0, CredentialW
->UserName
, -1, buffer
, len
, NULL
, NULL
);
998 needed
+= string_len
;
1001 CredentialA
->UserName
= NULL
;
1006 /******************************************************************************
1007 * convert_PCREDENTIALA_to_PCREDENTIALW [internal]
1009 * convert a Credential struct from ANSI to UNICODE and return the needed size in Bytes
1012 static INT
convert_PCREDENTIALA_to_PCREDENTIALW(const CREDENTIALA
*CredentialA
, PCREDENTIALW CredentialW
, INT len
)
1016 INT needed
= sizeof(CREDENTIALW
);
1020 if (CredentialA
->TargetName
)
1021 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetName
, -1, NULL
, 0);
1022 if (CredentialA
->Comment
)
1023 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->Comment
, -1, NULL
, 0);
1024 needed
+= CredentialA
->CredentialBlobSize
;
1025 if (CredentialA
->TargetAlias
)
1026 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetAlias
, -1, NULL
, 0);
1027 if (CredentialA
->UserName
)
1028 needed
+= sizeof(WCHAR
) * MultiByteToWideChar(CP_ACP
, 0, CredentialA
->UserName
, -1, NULL
, 0);
1033 buffer
= (char *)CredentialW
+ sizeof(CREDENTIALW
);
1034 len
-= sizeof(CREDENTIALW
);
1035 CredentialW
->Flags
= CredentialA
->Flags
;
1036 CredentialW
->Type
= CredentialA
->Type
;
1037 if (CredentialA
->TargetName
)
1039 CredentialW
->TargetName
= (LPWSTR
)buffer
;
1040 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetName
, -1, CredentialW
->TargetName
, len
/ sizeof(WCHAR
));
1041 buffer
+= sizeof(WCHAR
) * string_len
;
1042 needed
+= sizeof(WCHAR
) * string_len
;
1043 len
-= sizeof(WCHAR
) * string_len
;
1046 CredentialW
->TargetName
= NULL
;
1047 if (CredentialA
->Comment
)
1049 CredentialW
->Comment
= (LPWSTR
)buffer
;
1050 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->Comment
, -1, CredentialW
->Comment
, len
/ sizeof(WCHAR
));
1051 buffer
+= sizeof(WCHAR
) * string_len
;
1052 needed
+= sizeof(WCHAR
) * string_len
;
1053 len
-= sizeof(WCHAR
) * string_len
;
1056 CredentialW
->Comment
= NULL
;
1057 CredentialW
->LastWritten
= CredentialA
->LastWritten
;
1058 CredentialW
->CredentialBlobSize
= CredentialA
->CredentialBlobSize
;
1059 if (CredentialA
->CredentialBlobSize
)
1061 CredentialW
->CredentialBlob
=(LPBYTE
)buffer
;
1062 memcpy(CredentialW
->CredentialBlob
, CredentialA
->CredentialBlob
,
1063 CredentialA
->CredentialBlobSize
);
1064 buffer
+= CredentialA
->CredentialBlobSize
;
1065 needed
+= CredentialA
->CredentialBlobSize
;
1066 len
-= CredentialA
->CredentialBlobSize
;
1069 CredentialW
->CredentialBlob
= NULL
;
1070 CredentialW
->Persist
= CredentialA
->Persist
;
1071 CredentialW
->AttributeCount
= 0;
1072 CredentialW
->Attributes
= NULL
; /* FIXME */
1073 if (CredentialA
->TargetAlias
)
1075 CredentialW
->TargetAlias
= (LPWSTR
)buffer
;
1076 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->TargetAlias
, -1, CredentialW
->TargetAlias
, len
/ sizeof(WCHAR
));
1077 buffer
+= sizeof(WCHAR
) * string_len
;
1078 needed
+= sizeof(WCHAR
) * string_len
;
1079 len
-= sizeof(WCHAR
) * string_len
;
1082 CredentialW
->TargetAlias
= NULL
;
1083 if (CredentialA
->UserName
)
1085 CredentialW
->UserName
= (LPWSTR
)buffer
;
1086 string_len
= MultiByteToWideChar(CP_ACP
, 0, CredentialA
->UserName
, -1, CredentialW
->UserName
, len
/ sizeof(WCHAR
));
1087 needed
+= sizeof(WCHAR
) * string_len
;
1090 CredentialW
->UserName
= NULL
;
1095 /******************************************************************************
1096 * CredDeleteA [ADVAPI32.@]
1098 BOOL WINAPI
CredDeleteA(LPCSTR TargetName
, DWORD Type
, DWORD Flags
)
1104 TRACE("(%s, %d, 0x%x)\n", debugstr_a(TargetName
), Type
, Flags
);
1108 SetLastError(ERROR_INVALID_PARAMETER
);
1112 len
= MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, NULL
, 0);
1113 TargetNameW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1116 SetLastError(ERROR_OUTOFMEMORY
);
1119 MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, TargetNameW
, len
);
1121 ret
= CredDeleteW(TargetNameW
, Type
, Flags
);
1123 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1128 /******************************************************************************
1129 * CredDeleteW [ADVAPI32.@]
1131 BOOL WINAPI
CredDeleteW(LPCWSTR TargetName
, DWORD Type
, DWORD Flags
)
1137 TRACE("(%s, %d, 0x%x)\n", debugstr_w(TargetName
), Type
, Flags
);
1141 SetLastError(ERROR_INVALID_PARAMETER
);
1145 if (Type
!= CRED_TYPE_GENERIC
&& Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1147 FIXME("unhandled type %d\n", Type
);
1148 SetLastError(ERROR_INVALID_PARAMETER
);
1154 FIXME("unhandled flags 0x%x\n", Flags
);
1155 SetLastError(ERROR_INVALID_FLAGS
);
1160 if (Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1162 ret
= mac_delete_credential(TargetName
);
1163 if (ret
== ERROR_SUCCESS
)
1168 ret
= open_cred_mgr_key(&hkeyMgr
, TRUE
);
1169 if (ret
!= ERROR_SUCCESS
)
1171 WARN("couldn't open/create manager key, error %d\n", ret
);
1172 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1176 key_name
= get_key_name_for_target(TargetName
, Type
);
1177 ret
= RegDeleteKeyW(hkeyMgr
, key_name
);
1178 HeapFree(GetProcessHeap(), 0, key_name
);
1179 RegCloseKey(hkeyMgr
);
1180 if (ret
!= ERROR_SUCCESS
)
1182 SetLastError(ERROR_NOT_FOUND
);
1189 /******************************************************************************
1190 * CredEnumerateA [ADVAPI32.@]
1192 BOOL WINAPI
CredEnumerateA(LPCSTR Filter
, DWORD Flags
, DWORD
*Count
,
1193 PCREDENTIALA
**Credentials
)
1196 PCREDENTIALW
*CredentialsW
;
1202 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_a(Filter
), Flags
, Count
, Credentials
);
1206 len
= MultiByteToWideChar(CP_ACP
, 0, Filter
, -1, NULL
, 0);
1207 FilterW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1210 SetLastError(ERROR_OUTOFMEMORY
);
1213 MultiByteToWideChar(CP_ACP
, 0, Filter
, -1, FilterW
, len
);
1218 if (!CredEnumerateW(FilterW
, Flags
, Count
, &CredentialsW
))
1220 HeapFree(GetProcessHeap(), 0, FilterW
);
1223 HeapFree(GetProcessHeap(), 0, FilterW
);
1225 len
= *Count
* sizeof(PCREDENTIALA
);
1226 for (i
= 0; i
< *Count
; i
++)
1227 len
+= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], NULL
, 0);
1229 *Credentials
= HeapAlloc(GetProcessHeap(), 0, len
);
1232 CredFree(CredentialsW
);
1233 SetLastError(ERROR_OUTOFMEMORY
);
1237 buffer
= (char *)&(*Credentials
)[*Count
];
1238 len
-= *Count
* sizeof(PCREDENTIALA
);
1239 for (i
= 0; i
< *Count
; i
++)
1241 (*Credentials
)[i
] = (PCREDENTIALA
)buffer
;
1242 needed
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], (*Credentials
)[i
], len
);
1247 CredFree(CredentialsW
);
1252 /******************************************************************************
1253 * CredEnumerateW [ADVAPI32.@]
1255 BOOL WINAPI
CredEnumerateW(LPCWSTR Filter
, DWORD Flags
, DWORD
*Count
,
1256 PCREDENTIALW
**Credentials
)
1261 DWORD target_name_len
;
1264 BYTE key_data
[KEY_SIZE
];
1266 TRACE("(%s, 0x%x, %p, %p)\n", debugstr_w(Filter
), Flags
, Count
, Credentials
);
1270 SetLastError(ERROR_INVALID_FLAGS
);
1274 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1275 if (ret
!= ERROR_SUCCESS
)
1277 WARN("couldn't open/create manager key, error %d\n", ret
);
1278 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1282 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1283 if (ret
!= ERROR_SUCCESS
)
1285 RegCloseKey(hkeyMgr
);
1290 ret
= RegQueryInfoKeyW(hkeyMgr
, NULL
, NULL
, NULL
, NULL
, &target_name_len
, NULL
, NULL
, NULL
, NULL
, NULL
, NULL
);
1291 if (ret
!= ERROR_SUCCESS
)
1293 RegCloseKey(hkeyMgr
);
1298 target_name
= HeapAlloc(GetProcessHeap(), 0, (target_name_len
+1)*sizeof(WCHAR
));
1301 RegCloseKey(hkeyMgr
);
1302 SetLastError(ERROR_OUTOFMEMORY
);
1308 ret
= registry_enumerate_credentials(hkeyMgr
, Filter
, target_name
, target_name_len
,
1309 key_data
, NULL
, NULL
, &len
, Count
);
1311 if (ret
== ERROR_SUCCESS
)
1312 ret
= mac_enumerate_credentials(Filter
, NULL
, NULL
, &len
, Count
);
1314 if (ret
== ERROR_SUCCESS
&& *Count
== 0)
1315 ret
= ERROR_NOT_FOUND
;
1316 if (ret
!= ERROR_SUCCESS
)
1318 HeapFree(GetProcessHeap(), 0, target_name
);
1319 RegCloseKey(hkeyMgr
);
1323 len
+= *Count
* sizeof(PCREDENTIALW
);
1325 if (ret
== ERROR_SUCCESS
)
1327 buffer
= HeapAlloc(GetProcessHeap(), 0, len
);
1328 *Credentials
= (PCREDENTIALW
*)buffer
;
1331 buffer
+= *Count
* sizeof(PCREDENTIALW
);
1333 ret
= registry_enumerate_credentials(hkeyMgr
, Filter
, target_name
,
1334 target_name_len
, key_data
,
1335 *Credentials
, &buffer
, &len
,
1338 if (ret
== ERROR_SUCCESS
)
1339 ret
= mac_enumerate_credentials(Filter
, *Credentials
,
1340 buffer
, &len
, Count
);
1344 ret
= ERROR_OUTOFMEMORY
;
1347 HeapFree(GetProcessHeap(), 0, target_name
);
1348 RegCloseKey(hkeyMgr
);
1350 if (ret
!= ERROR_SUCCESS
)
1358 /******************************************************************************
1359 * CredFree [ADVAPI32.@]
1361 VOID WINAPI
CredFree(PVOID Buffer
)
1363 HeapFree(GetProcessHeap(), 0, Buffer
);
1366 /******************************************************************************
1367 * CredReadA [ADVAPI32.@]
1369 BOOL WINAPI
CredReadA(LPCSTR TargetName
, DWORD Type
, DWORD Flags
, PCREDENTIALA
*Credential
)
1372 PCREDENTIALW CredentialW
;
1375 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_a(TargetName
), Type
, Flags
, Credential
);
1379 SetLastError(ERROR_INVALID_PARAMETER
);
1383 len
= MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, NULL
, 0);
1384 TargetNameW
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
1387 SetLastError(ERROR_OUTOFMEMORY
);
1390 MultiByteToWideChar(CP_ACP
, 0, TargetName
, -1, TargetNameW
, len
);
1392 if (!CredReadW(TargetNameW
, Type
, Flags
, &CredentialW
))
1394 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1397 HeapFree(GetProcessHeap(), 0, TargetNameW
);
1399 len
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW
, NULL
, 0);
1400 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1403 SetLastError(ERROR_OUTOFMEMORY
);
1406 convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW
, *Credential
, len
);
1408 CredFree(CredentialW
);
1413 /******************************************************************************
1414 * CredReadW [ADVAPI32.@]
1416 BOOL WINAPI
CredReadW(LPCWSTR TargetName
, DWORD Type
, DWORD Flags
, PCREDENTIALW
*Credential
)
1423 BYTE key_data
[KEY_SIZE
];
1425 TRACE("(%s, %d, 0x%x, %p)\n", debugstr_w(TargetName
), Type
, Flags
, Credential
);
1429 SetLastError(ERROR_INVALID_PARAMETER
);
1433 if (Type
!= CRED_TYPE_GENERIC
&& Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1435 FIXME("unhandled type %d\n", Type
);
1436 SetLastError(ERROR_INVALID_PARAMETER
);
1442 FIXME("unhandled flags 0x%x\n", Flags
);
1443 SetLastError(ERROR_INVALID_FLAGS
);
1448 if (Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1451 SecKeychainSearchRef search
;
1452 status
= SecKeychainSearchCreateFromAttributes(NULL
, kSecInternetPasswordItemClass
, NULL
, &search
);
1453 if (status
== noErr
)
1455 SecKeychainItemRef item
;
1456 while (SecKeychainSearchCopyNext(search
, &item
) == noErr
)
1458 SecKeychainAttributeInfo info
;
1459 SecKeychainAttributeList
*attr_list
;
1460 UInt32 info_tags
[] = { kSecServerItemAttr
};
1463 info
.count
= sizeof(info_tags
)/sizeof(info_tags
[0]);
1464 info
.tag
= info_tags
;
1466 status
= SecKeychainItemCopyAttributesAndData(item
, &info
, NULL
, &attr_list
, NULL
, NULL
);
1467 len
= sizeof(**Credential
);
1468 if (status
!= noErr
)
1470 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status
);
1473 if (attr_list
->count
!= 1 || attr_list
->attr
[0].tag
!= kSecServerItemAttr
)
1478 str_len
= MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, NULL
, 0);
1479 target_name
= HeapAlloc(GetProcessHeap(), 0, (str_len
+ 1) * sizeof(WCHAR
));
1480 MultiByteToWideChar(CP_UTF8
, 0, attr_list
->attr
[0].data
, attr_list
->attr
[0].length
, target_name
, str_len
);
1482 target_name
[str_len
] = '\0';
1483 if (strcmpiW(TargetName
, target_name
))
1486 HeapFree(GetProcessHeap(), 0, target_name
);
1489 HeapFree(GetProcessHeap(), 0, target_name
);
1490 SecKeychainItemFreeAttributesAndData(attr_list
, NULL
);
1491 ret
= mac_read_credential_from_item(item
, TRUE
, NULL
, NULL
, &len
);
1492 if (ret
== ERROR_SUCCESS
)
1494 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1497 len
= sizeof(**Credential
);
1498 ret
= mac_read_credential_from_item(item
, TRUE
, *Credential
,
1499 (char *)(*Credential
+ 1), &len
);
1502 ret
= ERROR_OUTOFMEMORY
;
1505 if (ret
!= ERROR_SUCCESS
)
1519 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1520 if (ret
!= ERROR_SUCCESS
)
1522 WARN("couldn't open/create manager key, error %d\n", ret
);
1523 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1527 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1528 if (ret
!= ERROR_SUCCESS
)
1530 RegCloseKey(hkeyMgr
);
1535 key_name
= get_key_name_for_target(TargetName
, Type
);
1536 ret
= RegOpenKeyExW(hkeyMgr
, key_name
, 0, KEY_QUERY_VALUE
, &hkeyCred
);
1537 HeapFree(GetProcessHeap(), 0, key_name
);
1538 if (ret
!= ERROR_SUCCESS
)
1540 TRACE("credentials for target name %s not found\n", debugstr_w(TargetName
));
1541 SetLastError(ERROR_NOT_FOUND
);
1545 len
= sizeof(**Credential
);
1546 ret
= registry_read_credential(hkeyCred
, NULL
, key_data
, NULL
, &len
);
1547 if (ret
== ERROR_SUCCESS
)
1549 *Credential
= HeapAlloc(GetProcessHeap(), 0, len
);
1552 len
= sizeof(**Credential
);
1553 ret
= registry_read_credential(hkeyCred
, *Credential
, key_data
,
1554 (char *)(*Credential
+ 1), &len
);
1557 ret
= ERROR_OUTOFMEMORY
;
1560 RegCloseKey(hkeyCred
);
1561 RegCloseKey(hkeyMgr
);
1563 if (ret
!= ERROR_SUCCESS
)
1571 /******************************************************************************
1572 * CredReadDomainCredentialsA [ADVAPI32.@]
1574 BOOL WINAPI
CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInformation
,
1575 DWORD Flags
, DWORD
*Size
, PCREDENTIALA
**Credentials
)
1577 PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW
;
1579 WCHAR
*buffer
, *end
;
1581 PCREDENTIALW
* CredentialsW
;
1583 TRACE("(%p, 0x%x, %p, %p)\n", TargetInformation
, Flags
, Size
, Credentials
);
1585 /* follow Windows behavior - do not test for NULL, initialize early */
1587 *Credentials
= NULL
;
1589 if (!TargetInformation
)
1591 SetLastError(ERROR_INVALID_PARAMETER
);
1595 len
= sizeof(*TargetInformationW
);
1596 if (TargetInformation
->TargetName
)
1597 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->TargetName
, -1, NULL
, 0) * sizeof(WCHAR
);
1598 if (TargetInformation
->NetbiosServerName
)
1599 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosServerName
, -1, NULL
, 0) * sizeof(WCHAR
);
1600 if (TargetInformation
->DnsServerName
)
1601 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsServerName
, -1, NULL
, 0) * sizeof(WCHAR
);
1602 if (TargetInformation
->NetbiosDomainName
)
1603 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosDomainName
, -1, NULL
, 0) * sizeof(WCHAR
);
1604 if (TargetInformation
->DnsDomainName
)
1605 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsDomainName
, -1, NULL
, 0) * sizeof(WCHAR
);
1606 if (TargetInformation
->DnsTreeName
)
1607 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsTreeName
, -1, NULL
, 0) * sizeof(WCHAR
);
1608 if (TargetInformation
->PackageName
)
1609 len
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->PackageName
, -1, NULL
, 0) * sizeof(WCHAR
);
1611 TargetInformationW
= HeapAlloc(GetProcessHeap(), 0, len
);
1612 if (!TargetInformationW
)
1614 SetLastError(ERROR_OUTOFMEMORY
);
1617 buffer
= (WCHAR
*)(TargetInformationW
+ 1);
1618 end
= (WCHAR
*)((char *)TargetInformationW
+ len
);
1620 if (TargetInformation
->TargetName
)
1622 TargetInformationW
->TargetName
= buffer
;
1623 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->TargetName
, -1,
1624 TargetInformationW
->TargetName
, end
- buffer
);
1626 TargetInformationW
->TargetName
= NULL
;
1628 if (TargetInformation
->NetbiosServerName
)
1630 TargetInformationW
->NetbiosServerName
= buffer
;
1631 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosServerName
, -1,
1632 TargetInformationW
->NetbiosServerName
, end
- buffer
);
1634 TargetInformationW
->NetbiosServerName
= NULL
;
1636 if (TargetInformation
->DnsServerName
)
1638 TargetInformationW
->DnsServerName
= buffer
;
1639 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsServerName
, -1,
1640 TargetInformationW
->DnsServerName
, end
- buffer
);
1642 TargetInformationW
->DnsServerName
= NULL
;
1644 if (TargetInformation
->NetbiosDomainName
)
1646 TargetInformationW
->NetbiosDomainName
= buffer
;
1647 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->NetbiosDomainName
, -1,
1648 TargetInformationW
->NetbiosDomainName
, end
- buffer
);
1650 TargetInformationW
->NetbiosDomainName
= NULL
;
1652 if (TargetInformation
->DnsDomainName
)
1654 TargetInformationW
->DnsDomainName
= buffer
;
1655 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsDomainName
, -1,
1656 TargetInformationW
->DnsDomainName
, end
- buffer
);
1658 TargetInformationW
->DnsDomainName
= NULL
;
1660 if (TargetInformation
->DnsTreeName
)
1662 TargetInformationW
->DnsTreeName
= buffer
;
1663 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->DnsTreeName
, -1,
1664 TargetInformationW
->DnsTreeName
, end
- buffer
);
1666 TargetInformationW
->DnsTreeName
= NULL
;
1668 if (TargetInformation
->PackageName
)
1670 TargetInformationW
->PackageName
= buffer
;
1671 buffer
+= MultiByteToWideChar(CP_ACP
, 0, TargetInformation
->PackageName
, -1,
1672 TargetInformationW
->PackageName
, end
- buffer
);
1674 TargetInformationW
->PackageName
= NULL
;
1676 TargetInformationW
->Flags
= TargetInformation
->Flags
;
1677 TargetInformationW
->CredTypeCount
= TargetInformation
->CredTypeCount
;
1678 TargetInformationW
->CredTypes
= TargetInformation
->CredTypes
;
1680 ret
= CredReadDomainCredentialsW(TargetInformationW
, Flags
, Size
, &CredentialsW
);
1682 HeapFree(GetProcessHeap(), 0, TargetInformationW
);
1689 len
= *Size
* sizeof(PCREDENTIALA
);
1690 for (i
= 0; i
< *Size
; i
++)
1691 len
+= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], NULL
, 0);
1693 *Credentials
= HeapAlloc(GetProcessHeap(), 0, len
);
1696 CredFree(CredentialsW
);
1697 SetLastError(ERROR_OUTOFMEMORY
);
1701 buf
= (char *)&(*Credentials
)[*Size
];
1702 len
-= *Size
* sizeof(PCREDENTIALA
);
1703 for (i
= 0; i
< *Size
; i
++)
1705 (*Credentials
)[i
] = (PCREDENTIALA
)buf
;
1706 needed
= convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW
[i
], (*Credentials
)[i
], len
);
1711 CredFree(CredentialsW
);
1716 /******************************************************************************
1717 * CredReadDomainCredentialsW [ADVAPI32.@]
1719 BOOL WINAPI
CredReadDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInformation
, DWORD Flags
,
1720 DWORD
*Size
, PCREDENTIALW
**Credentials
)
1722 FIXME("(%p, 0x%x, %p, %p) stub\n", TargetInformation
, Flags
, Size
, Credentials
);
1724 /* follow Windows behavior - do not test for NULL, initialize early */
1726 *Credentials
= NULL
;
1727 if (!TargetInformation
)
1729 SetLastError(ERROR_INVALID_PARAMETER
);
1733 SetLastError(ERROR_NOT_FOUND
);
1737 /******************************************************************************
1738 * CredWriteA [ADVAPI32.@]
1740 BOOL WINAPI
CredWriteA(PCREDENTIALA Credential
, DWORD Flags
)
1744 PCREDENTIALW CredentialW
;
1746 TRACE("(%p, 0x%x)\n", Credential
, Flags
);
1748 if (!Credential
|| !Credential
->TargetName
)
1750 SetLastError(ERROR_INVALID_PARAMETER
);
1754 len
= convert_PCREDENTIALA_to_PCREDENTIALW(Credential
, NULL
, 0);
1755 CredentialW
= HeapAlloc(GetProcessHeap(), 0, len
);
1758 SetLastError(ERROR_OUTOFMEMORY
);
1762 convert_PCREDENTIALA_to_PCREDENTIALW(Credential
, CredentialW
, len
);
1764 ret
= CredWriteW(CredentialW
, Flags
);
1766 HeapFree(GetProcessHeap(), 0, CredentialW
);
1771 /******************************************************************************
1772 * CredWriteW [ADVAPI32.@]
1774 BOOL WINAPI
CredWriteW(PCREDENTIALW Credential
, DWORD Flags
)
1780 BYTE key_data
[KEY_SIZE
];
1782 TRACE("(%p, 0x%x)\n", Credential
, Flags
);
1784 if (!Credential
|| !Credential
->TargetName
)
1786 SetLastError(ERROR_INVALID_PARAMETER
);
1790 if (Flags
& ~CRED_PRESERVE_CREDENTIAL_BLOB
)
1792 FIXME("unhandled flags 0x%x\n", Flags
);
1793 SetLastError(ERROR_INVALID_FLAGS
);
1797 if (Credential
->Type
!= CRED_TYPE_GENERIC
&& Credential
->Type
!= CRED_TYPE_DOMAIN_PASSWORD
)
1799 FIXME("unhandled type %d\n", Credential
->Type
);
1800 SetLastError(ERROR_INVALID_PARAMETER
);
1804 TRACE("Credential->TargetName = %s\n", debugstr_w(Credential
->TargetName
));
1805 TRACE("Credential->UserName = %s\n", debugstr_w(Credential
->UserName
));
1807 if (Credential
->Type
== CRED_TYPE_DOMAIN_PASSWORD
)
1809 if (!Credential
->UserName
||
1810 (!strchrW(Credential
->UserName
, '\\') && !strchrW(Credential
->UserName
, '@')))
1812 ERR("bad username %s\n", debugstr_w(Credential
->UserName
));
1813 SetLastError(ERROR_BAD_USERNAME
);
1819 if (!Credential
->AttributeCount
&&
1820 Credential
->Type
== CRED_TYPE_DOMAIN_PASSWORD
&&
1821 (Credential
->Persist
== CRED_PERSIST_LOCAL_MACHINE
|| Credential
->Persist
== CRED_PERSIST_ENTERPRISE
))
1823 ret
= mac_write_credential(Credential
, Flags
& CRED_PRESERVE_CREDENTIAL_BLOB
);
1824 if (ret
!= ERROR_SUCCESS
)
1833 ret
= open_cred_mgr_key(&hkeyMgr
, FALSE
);
1834 if (ret
!= ERROR_SUCCESS
)
1836 WARN("couldn't open/create manager key, error %d\n", ret
);
1837 SetLastError(ERROR_NO_SUCH_LOGON_SESSION
);
1841 ret
= get_cred_mgr_encryption_key(hkeyMgr
, key_data
);
1842 if (ret
!= ERROR_SUCCESS
)
1844 RegCloseKey(hkeyMgr
);
1849 key_name
= get_key_name_for_target(Credential
->TargetName
, Credential
->Type
);
1850 ret
= RegCreateKeyExW(hkeyMgr
, key_name
, 0, NULL
,
1851 Credential
->Persist
== CRED_PERSIST_SESSION
? REG_OPTION_VOLATILE
: REG_OPTION_NON_VOLATILE
,
1852 KEY_READ
|KEY_WRITE
, NULL
, &hkeyCred
, NULL
);
1853 HeapFree(GetProcessHeap(), 0, key_name
);
1854 if (ret
!= ERROR_SUCCESS
)
1856 TRACE("credentials for target name %s not found\n",
1857 debugstr_w(Credential
->TargetName
));
1858 SetLastError(ERROR_NOT_FOUND
);
1862 ret
= registry_write_credential(hkeyCred
, Credential
, key_data
,
1863 Flags
& CRED_PRESERVE_CREDENTIAL_BLOB
);
1865 RegCloseKey(hkeyCred
);
1866 RegCloseKey(hkeyMgr
);
1868 if (ret
!= ERROR_SUCCESS
)
1876 /******************************************************************************
1877 * CredGetSessionTypes [ADVAPI32.@]
1879 BOOL WINAPI
CredGetSessionTypes(DWORD persistCount
, LPDWORD persists
)
1881 TRACE("(%u, %p)\n", persistCount
, persists
);
1883 memset(persists
, CRED_PERSIST_NONE
, persistCount
*sizeof(*persists
));
1884 if (CRED_TYPE_GENERIC
< persistCount
)
1886 persists
[CRED_TYPE_GENERIC
] = CRED_PERSIST_ENTERPRISE
;
1888 if (CRED_TYPE_DOMAIN_PASSWORD
< persistCount
)
1890 persists
[CRED_TYPE_DOMAIN_PASSWORD
] = CRED_PERSIST_ENTERPRISE
;
1898 CredWriteDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInfo
,
1899 PCREDENTIALW Credential
,
1902 WARN("Not implemented\n");
1908 CredWriteDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInfo
,
1909 PCREDENTIALA Credential
,
1912 WARN("Not implemented\n");
1918 CredUnmarshalCredentialW(LPCWSTR MarshaledCredential
,
1919 PCRED_MARSHAL_TYPE CredType
,
1922 WARN("Not implemented\n");
1928 CredUnmarshalCredentialA(LPCSTR MarshaledCredential
,
1929 PCRED_MARSHAL_TYPE CredType
,
1932 WARN("Not implemented\n");