+ BOOL ret;
+ WCHAR *credW = NULL;
+
+ TRACE("%s, %p, %p\n", debugstr_a(cred), type, out);
+
+ if (cred)
+ {
+ int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 );
+ if (!(credW = heap_alloc( len * sizeof(WCHAR) ))) return FALSE;
+ MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len );
+ }
+ ret = CredUnmarshalCredentialW( credW, type, out );
+ heap_free( credW );
+ return ret;
+}
+
+static inline char char_decode( WCHAR c )
+{
+ if (c >= 'A' && c <= 'Z') return c - 'A';
+ if (c >= 'a' && c <= 'z') return c - 'a' + 26;
+ if (c >= '0' && c <= '9') return c - '0' + 52;
+ if (c == '#') return 62;
+ if (c == '-') return 63;
+ return 64;
+}
+
+static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
+{
+ unsigned int i = 0;
+ char c0, c1, c2, c3;
+ const WCHAR *p = cred;
+
+ while (len >= 4)
+ {
+ if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+ if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+ if ((c2 = char_decode( p[2] )) > 63) return FALSE;
+ if ((c3 = char_decode( p[3] )) > 63) return FALSE;
+
+ buf[i + 0] = (c1 << 6) | c0;
+ buf[i + 1] = (c2 << 4) | (c1 >> 2);
+ buf[i + 2] = (c3 << 2) | (c2 >> 4);
+ len -= 4;
+ i += 3;
+ p += 4;
+ }
+ if (len == 3)
+ {
+ if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+ if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+ if ((c2 = char_decode( p[2] )) > 63) return FALSE;
+
+ buf[i + 0] = (c1 << 6) | c0;
+ buf[i + 1] = (c2 << 4) | (c1 >> 2);
+ }
+ else if (len == 2)
+ {
+ if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+ if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+
+ buf[i + 0] = (c1 << 6) | c0;
+ }
+ else if (len == 1)
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/******************************************************************************
+ * CredUnmarshalCredentialW [ADVAPI32.@]
+ */
+BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
+{
+ unsigned int len, buflen;
+
+ TRACE("%s, %p, %p\n", debugstr_w(cred), type, out);
+
+ if (!cred || cred[0] != '@' || cred[1] != '@' ||
+ char_decode( cred[2] ) > 63)
+ {
+ SetLastError( ERROR_INVALID_PARAMETER );
+ return FALSE;
+ }
+ len = strlenW( cred + 3 );
+ *type = char_decode( cred[2] );
+ switch (*type)
+ {
+ case CertCredential:
+ {
+ char hash[CERT_HASH_LENGTH];
+ CERT_CREDENTIAL_INFO *cert;
+
+ if (len != 27 || !cred_decode( cred + 3, len, hash ))
+ {
+ SetLastError( ERROR_INVALID_PARAMETER );
+ return FALSE;
+ }
+ if (!(cert = heap_alloc( sizeof(*cert) ))) return FALSE;
+ memcpy( cert->rgbHashOfCert, hash, sizeof(cert->rgbHashOfCert) );
+ cert->cbSize = sizeof(*cert);
+ *out = cert;
+ break;
+ }
+ case UsernameTargetCredential:
+ {
+ USERNAME_TARGET_CREDENTIAL_INFO *target;
+ DWORD size;
+
+ if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
+ size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
+ {
+ SetLastError( ERROR_INVALID_PARAMETER );
+ return FALSE;
+ }
+ buflen = sizeof(*target) + size + sizeof(WCHAR);
+ if (!(target = heap_alloc( buflen ))) return FALSE;
+ if (!cred_decode( cred + 9, len - 6, (char *)(target + 1) ))
+ {
+ heap_free( target );
+ return FALSE;
+ }
+ target->UserName = (WCHAR *)(target + 1);
+ target->UserName[size / sizeof(WCHAR)] = 0;
+ *out = target;
+ break;
+ }
+ case BinaryBlobCredential:
+ FIXME("BinaryBlobCredential not implemented\n");
+ return FALSE;
+ default:
+ WARN("unhandled type %u\n", *type);
+ SetLastError( ERROR_INVALID_PARAMETER );
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/******************************************************************************
+ * CredIsMarshaledCredentialW [ADVAPI32.@]
+ *
+ * Check, if the name parameter is a marshaled credential, hash or binary blob
+ *
+ * PARAMS
+ * name the name to check
+ *
+ * RETURNS
+ * TRUE: the name parameter is a marshaled credential, hash or binary blob
+ * FALSE: the name is a plain username
+ */
+BOOL WINAPI CredIsMarshaledCredentialW(LPCWSTR name)
+{
+ TRACE("(%s)\n", debugstr_w(name));
+
+ if (name && name[0] == '@' && name[1] == '@' && name[2] > 'A' && name[3])
+ {
+ char hash[CERT_HASH_LENGTH];
+ int len = strlenW(name + 3 );
+ DWORD size;
+
+ if ((name[2] - 'A') == CertCredential && (len == 27) && cred_decode(name + 3, len, hash))
+ return TRUE;
+
+ if (((name[2] - 'A') == UsernameTargetCredential) &&
+ (len >= 9) && cred_decode(name + 3, 6, (char *)&size) && size)
+ return TRUE;
+
+ if ((name[2] - 'A') == BinaryBlobCredential)
+ FIXME("BinaryBlobCredential not checked\n");
+
+ if ((name[2] - 'A') > BinaryBlobCredential)
+ TRACE("unknown type: %d\n", (name[2] - 'A'));
+ }
+
+ SetLastError(ERROR_INVALID_PARAMETER);