* Sync up to trunk head (r64921).
[reactos.git] / dll / win32 / advapi32 / sec / cred.c
index cd74a6a..69639a4 100644 (file)
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-#include <stdarg.h>
-#include <time.h>
+#include <advapi32.h>
 
-#include "windef.h"
-#include "winbase.h"
-#include "winreg.h"
-#include "wincred.h"
-#include "winternl.h"
-#include "../crypt/crypt.h"
-
-#include "wine/unicode.h"
-#include "wine/debug.h"
+#include <wincred.h>
 
 WINE_DEFAULT_DEBUG_CHANNEL(cred);
 
@@ -198,7 +189,6 @@ static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential,
         else if (ret != ERROR_SUCCESS)
             return ret;
         credential->CredentialBlobSize = count;
-        buffer += count;
     }
 
     /* FIXME: Attributes */
@@ -246,15 +236,13 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                                            DWORD *len)
 {
     OSStatus status;
-    UInt32 i;
-    UInt32 cred_blob_len;
+    UInt32 i, cred_blob_len;
     void *cred_blob;
-    LPWSTR domain = NULL;
-    LPWSTR user = NULL;
+    WCHAR *user = NULL;
     BOOL user_name_present = FALSE;
     SecKeychainAttributeInfo info;
     SecKeychainAttributeList *attr_list;
-    UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr,
+    UInt32 info_tags[] = { kSecServiceItemAttr, kSecAccountItemAttr,
                            kSecCommentItemAttr, kSecCreationDateItemAttr };
     info.count = sizeof(info_tags)/sizeof(info_tags[0]);
     info.tag = info_tags;
@@ -281,6 +269,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
     if (!user_name_present)
     {
         WARN("no kSecAccountItemAttr for item\n");
+        SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
         return ERROR_NOT_FOUND;
     }
 
@@ -303,8 +292,8 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
     {
         switch (attr_list->attr[i].tag)
         {
-            case kSecServerItemAttr:
-                TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list->attr[i].length,
+            case kSecServiceItemAttr:
+                TRACE("kSecServiceItemAttr: %.*s\n", (int)attr_list->attr[i].length,
                       (char *)attr_list->attr[i].data);
                 if (!attr_list->attr[i].data) continue;
                 if (buffer)
@@ -333,7 +322,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                 if (!attr_list->attr[i].data) continue;
                 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
                                               attr_list->attr[i].length, NULL, 0);
-                user = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+                user = heap_alloc((str_len + 1) * sizeof(WCHAR));
                 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
                                     attr_list->attr[i].length, user, str_len);
                 user[str_len] = '\0';
@@ -361,20 +350,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                     *len += (str_len + 1) * sizeof(WCHAR);
                 }
                 break;
-            case kSecSecurityDomainItemAttr:
-            {
-                INT str_len;
-                TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list->attr[i].length,
-                      (char *)attr_list->attr[i].data);
-                if (!attr_list->attr[i].data) continue;
-                str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
-                                              attr_list->attr[i].length, NULL, 0);
-                domain = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
-                MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
-                                    attr_list->attr[i].length, domain, str_len);
-                domain[str_len] = '\0';
-                break;
-            }
             case kSecCreationDateItemAttr:
                 TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length,
                       (char *)attr_list->attr[i].data);
@@ -391,6 +366,9 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                     credential->LastWritten.dwHighDateTime = win_time.u.HighPart;
                 }
                 break;
+            default:
+                FIXME("unhandled attribute %lu\n", attr_list->attr[i].tag);
+                break;
         }
     }
 
@@ -399,18 +377,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
         INT str_len;
         if (buffer)
             credential->UserName = (LPWSTR)buffer;
-        if (domain)
-        {
-            str_len = strlenW(domain);
-            *len += (str_len + 1) * sizeof(WCHAR);
-            if (buffer)
-            {
-                memcpy(credential->UserName, domain, str_len * sizeof(WCHAR));
-                /* FIXME: figure out when to use an '@' */
-                credential->UserName[str_len] = '\\';
-                buffer += (str_len + 1) * sizeof(WCHAR);
-            }
-        }
         str_len = strlenW(user);
         *len += (str_len + 1) * sizeof(WCHAR);
         if (buffer)
@@ -420,8 +386,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
             TRACE("UserName = %s\n", debugstr_w(credential->UserName));
         }
     }
-    HeapFree(GetProcessHeap(), 0, user);
-    HeapFree(GetProcessHeap(), 0, domain);
+    heap_free(user);
 
     if (cred_blob)
     {
@@ -432,7 +397,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
             str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
                                           (LPWSTR)buffer, 0xffff);
             credential->CredentialBlobSize = str_len * sizeof(WCHAR);
-            buffer += str_len * sizeof(WCHAR);
             *len += str_len * sizeof(WCHAR);
         }
         else
@@ -460,7 +424,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
     key.Length = key.MaximumLength = KEY_SIZE;
     key.Buffer = (unsigned char *)key_data;
 
-    encrypted_credential_blob = HeapAlloc(GetProcessHeap(), 0, credential_blob_size);
+    encrypted_credential_blob = heap_alloc(credential_blob_size);
     if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY;
 
     memcpy(encrypted_credential_blob, credential_blob, credential_blob_size);
@@ -469,7 +433,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
     SystemFunction032(&data, &key);
 
     ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, encrypted_credential_blob, credential_blob_size);
-    HeapFree(GetProcessHeap(), 0, encrypted_credential_blob);
+    heap_free(encrypted_credential_blob);
 
     return ret;
 }
@@ -482,10 +446,10 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
 
     GetSystemTimeAsFileTime(&LastWritten);
 
-    ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (LPVOID)&credential->Flags,
+    ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (const BYTE*)&credential->Flags,
                          sizeof(credential->Flags));
     if (ret != ERROR_SUCCESS) return ret;
-    ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (LPVOID)&credential->Type,
+    ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (const BYTE*)&credential->Type,
                          sizeof(credential->Type));
     if (ret != ERROR_SUCCESS) return ret;
     ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName,
@@ -500,7 +464,7 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
     ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten,
                          sizeof(LastWritten));
     if (ret != ERROR_SUCCESS) return ret;
-    ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (LPVOID)&credential->Persist,
+    ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (const BYTE*)&credential->Persist,
                          sizeof(credential->Persist));
     if (ret != ERROR_SUCCESS) return ret;
     /* FIXME: Attributes */
@@ -530,15 +494,8 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
 {
     OSStatus status;
     SecKeychainItemRef keychain_item;
-    char *username;
-    char *domain = NULL;
-    char *password;
-    char *servername;
-    UInt32 userlen;
-    UInt32 domainlen = 0;
-    UInt32 pwlen;
-    UInt32 serverlen;
-    LPCWSTR p;
+    char *username, *password, *servername;
+    UInt32 userlen, pwlen, serverlen;
     SecKeychainAttribute attrs[1];
     SecKeychainAttributeList attr_list;
 
@@ -551,61 +508,36 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
     if (credential->AttributeCount)
         FIXME("custom attributes not supported\n");
 
-    p = strchrW(credential->UserName, '\\');
-    if (p)
-    {
-        domainlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName,
-                                        p - credential->UserName, NULL, 0, NULL, NULL);
-        domain = HeapAlloc(GetProcessHeap(), 0, (domainlen + 1) * sizeof(*domain));
-        WideCharToMultiByte(CP_UTF8, 0, credential->UserName, p - credential->UserName,
-                            domain, domainlen, NULL, NULL);
-        domain[domainlen] = '\0';
-        p++;
-    }
-    else
-        p = credential->UserName;
-    userlen = WideCharToMultiByte(CP_UTF8, 0, p, -1, NULL, 0, NULL, NULL);
-    username = HeapAlloc(GetProcessHeap(), 0, userlen * sizeof(*username));
-    WideCharToMultiByte(CP_UTF8, 0, p, -1, username, userlen, NULL, NULL);
+    userlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, NULL, 0, NULL, NULL);
+    username = heap_alloc(userlen * sizeof(*username));
+    WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, username, userlen, NULL, NULL);
 
     serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL);
-    servername = HeapAlloc(GetProcessHeap(), 0, serverlen * sizeof(*servername));
+    servername = heap_alloc(serverlen * sizeof(*servername));
     WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL);
     pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
                                 credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL);
-    password = HeapAlloc(GetProcessHeap(), 0, pwlen * sizeof(*domain));
+    password = heap_alloc(pwlen * sizeof(*password));
     WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
                         credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL);
 
-    TRACE("adding server %s, domain %s, username %s using Keychain\n", servername, domain, username);
-    status = SecKeychainAddInternetPassword(NULL, strlen(servername), servername,
-                                            strlen(domain), domain, strlen(username),
-                                            username, 0, NULL, 0,
-                                            0 /* no protocol */,
-                                            kSecAuthenticationTypeDefault,
-                                            strlen(password), password, &keychain_item);
+    TRACE("adding server %s, username %s using Keychain\n", servername, username);
+    status = SecKeychainAddGenericPassword(NULL, strlen(servername), servername, strlen(username),
+                                           username, strlen(password), password, &keychain_item);
     if (status != noErr)
-        ERR("SecKeychainAddInternetPassword returned %ld\n", status);
+        ERR("SecKeychainAddGenericPassword returned %ld\n", status);
     if (status == errSecDuplicateItem)
     {
-        SecKeychainItemRef keychain_item;
-
-        status = SecKeychainFindInternetPassword(NULL, strlen(servername), servername,
-                                                 strlen(domain), domain,
-                                                 strlen(username), username,
-                                                 0, NULL /* any path */, 0,
-                                                 0 /* any protocol */,
-                                                 0 /* any authentication type */,
-                                                 0, NULL, &keychain_item);
+        status = SecKeychainFindGenericPassword(NULL, strlen(servername), servername, strlen(username),
+                                                username, NULL, NULL, &keychain_item);
         if (status != noErr)
-            ERR("SecKeychainFindInternetPassword returned %ld\n", status);
+            ERR("SecKeychainFindGenericPassword returned %ld\n", status);
     }
-    HeapFree(GetProcessHeap(), 0, domain);
-    HeapFree(GetProcessHeap(), 0, username);
-    HeapFree(GetProcessHeap(), 0, servername);
+    heap_free(username);
+    heap_free(servername);
     if (status != noErr)
     {
-        HeapFree(GetProcessHeap(), 0, password);
+        heap_free(password);
         return ERROR_GEN_FAILURE;
     }
     if (credential->Comment)
@@ -615,7 +547,7 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
         attrs[0].tag = kSecCommentItemAttr;
         attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL);
         if (attrs[0].length) attrs[0].length--;
-        attrs[0].data = HeapAlloc(GetProcessHeap(), 0, attrs[0].length);
+        attrs[0].data = heap_alloc(attrs[0].length);
         WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL);
     }
     else
@@ -627,10 +559,12 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
                                                     preserve_blob ? 0 : strlen(password),
                                                     preserve_blob ? NULL : password);
     if (credential->Comment)
-        HeapFree(GetProcessHeap(), 0, attrs[0].data);
-    HeapFree(GetProcessHeap(), 0, password);
+        heap_free(attrs[0].data);
+    heap_free(password);
     /* FIXME: set TargetAlias attribute */
     CFRelease(keychain_item);
+    if (status != noErr)
+        return ERROR_GEN_FAILURE;
     return ERROR_SUCCESS;
 }
 #endif
@@ -710,7 +644,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
         len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]);
     }
 
-    key_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    key_name = heap_alloc(len * sizeof(WCHAR));
     if (!key_name) return NULL;
 
     strcpyW(key_name, prefix);
@@ -722,7 +656,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
     return key_name;
 }
 
-static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
+static BOOL registry_credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
 {
     LPWSTR target_name;
     DWORD ret;
@@ -738,13 +672,13 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
     else if (type != REG_SZ)
         return FALSE;
 
-    target_name = HeapAlloc(GetProcessHeap(), 0, count);
+    target_name = heap_alloc(count);
     if (!target_name)
         return FALSE;
     ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count);
     if (ret != ERROR_SUCCESS || type != REG_SZ)
     {
-        HeapFree(GetProcessHeap(), 0, target_name);
+        heap_free(target_name);
         return FALSE;
     }
 
@@ -752,17 +686,17 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
           debugstr_w(target_name));
 
     p = strchrW(filter, '*');
-    ret = CompareStringW(GetThreadLocale(), 0, filter,
+    ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
                          (p && !p[1] ? p - filter : -1), target_name,
                          (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
 
-    HeapFree(GetProcessHeap(), 0, target_name);
+    heap_free(target_name);
     return ret;
 }
 
 static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
                                             LPWSTR target_name,
-                                            DWORD target_name_len, BYTE key_data[KEY_SIZE],
+                                            DWORD target_name_len, const BYTE key_data[KEY_SIZE],
                                             PCREDENTIALW *credentials, char **buffer,
                                             DWORD *len, DWORD *count)
 {
@@ -778,18 +712,12 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
             break;
         }
         else if (ret != ERROR_SUCCESS)
-        {
-            ret = ERROR_SUCCESS;
             continue;
-        }
         TRACE("target_name = %s\n", debugstr_w(target_name));
         ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred);
         if (ret != ERROR_SUCCESS)
-        {
-            ret = ERROR_SUCCESS;
             continue;
-        }
-        if (!credential_matches_filter(hkeyCred, filter))
+        if (!registry_credential_matches_filter(hkeyCred, filter))
         {
             RegCloseKey(hkeyCred);
             continue;
@@ -813,6 +741,30 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
 }
 
 #ifdef __APPLE__
+static BOOL mac_credential_matches_filter(void *data, UInt32 data_len, const WCHAR *filter)
+{
+    int len;
+    WCHAR *target_name;
+    const WCHAR *p;
+    BOOL ret;
+
+    if (!filter) return TRUE;
+
+    len = MultiByteToWideChar(CP_UTF8, 0, data, data_len, NULL, 0);
+    if (!(target_name = heap_alloc((len + 1) * sizeof(WCHAR)))) return FALSE;
+    MultiByteToWideChar(CP_UTF8, 0, data, data_len, target_name, len);
+    target_name[len] = 0;
+
+    TRACE("comparing filter %s to target name %s\n", debugstr_w(filter), debugstr_w(target_name));
+
+    p = strchrW(filter, '*');
+    ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
+                         (p && !p[1] ? p - filter : -1), target_name,
+                         (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
+    heap_free(target_name);
+    return ret;
+}
+
 static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials,
                                        char *buffer, DWORD *len, DWORD *count)
 {
@@ -825,14 +777,16 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials
     SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed);
     SecKeychainSetUserInteractionAllowed(false);
 
-    status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+    status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
     if (status == noErr)
     {
         while (SecKeychainSearchCopyNext(search, &item) == noErr)
         {
             SecKeychainAttributeInfo info;
             SecKeychainAttributeList *attr_list;
-            UInt32 info_tags[] = { kSecServerItemAttr };
+            UInt32 info_tags[] = { kSecServiceItemAttr };
+            BOOL match;
+
             info.count = sizeof(info_tags)/sizeof(info_tags[0]);
             info.tag = info_tags;
             info.format = NULL;
@@ -849,10 +803,15 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials
             }
             else
                 *len += sizeof(CREDENTIALW);
-            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) continue;
-            TRACE("server item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
-            /* FIXME: filter based on attr_list->attr[0].data */
+            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
+            {
+                SecKeychainItemFreeAttributesAndData(attr_list, NULL);
+                continue;
+            }
+            TRACE("service item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
+            match = mac_credential_matches_filter(attr_list->attr[0].data, attr_list->attr[0].length, filter);
             SecKeychainItemFreeAttributesAndData(attr_list, NULL);
+            if (!match) continue;
             ret = mac_read_credential_from_item(item, FALSE,
                                                 buffer ? credentials[*count] : NULL,
                                                 buffer ? buffer + sizeof(CREDENTIALW) : NULL,
@@ -876,7 +835,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
 {
     OSStatus status;
     SecKeychainSearchRef search;
-    status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+    status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
     if (status == noErr)
     {
         SecKeychainItemRef item;
@@ -884,7 +843,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
         {
             SecKeychainAttributeInfo info;
             SecKeychainAttributeList *attr_list;
-            UInt32 info_tags[] = { kSecServerItemAttr };
+            UInt32 info_tags[] = { kSecServiceItemAttr };
             LPWSTR target_name;
             INT str_len;
             info.count = sizeof(info_tags)/sizeof(info_tags[0]);
@@ -896,23 +855,23 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
                 WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
                 continue;
             }
-            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
+            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
             {
                 CFRelease(item);
                 continue;
             }
             str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
-            target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+            target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
             MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
             /* nul terminate */
             target_name[str_len] = '\0';
             if (strcmpiW(TargetName, target_name))
             {
                 CFRelease(item);
-                HeapFree(GetProcessHeap(), 0, target_name);
+                heap_free(target_name);
                 continue;
             }
-            HeapFree(GetProcessHeap(), 0, target_name);
+            heap_free(target_name);
             SecKeychainItemFreeAttributesAndData(attr_list, NULL);
             SecKeychainItemDelete(item);
             CFRelease(item);
@@ -933,7 +892,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
  *
  */
 
-static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, INT len)
+static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, DWORD len)
 {
     char *buffer;
     INT string_len;
@@ -1125,7 +1084,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
     }
 
     len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
-    TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    TargetNameW = heap_alloc(len * sizeof(WCHAR));
     if (!TargetNameW)
     {
         SetLastError(ERROR_OUTOFMEMORY);
@@ -1135,7 +1094,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
 
     ret = CredDeleteW(TargetNameW, Type, Flags);
 
-    HeapFree(GetProcessHeap(), 0, TargetNameW);
+    heap_free(TargetNameW);
 
     return ret;
 }
@@ -1190,7 +1149,7 @@ BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags)
 
     key_name = get_key_name_for_target(TargetName, Type);
     ret = RegDeleteKeyW(hkeyMgr, key_name);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
     RegCloseKey(hkeyMgr);
     if (ret != ERROR_SUCCESS)
     {
@@ -1219,7 +1178,7 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
     if (Filter)
     {
         len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0);
-        FilterW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+        FilterW = heap_alloc(len * sizeof(WCHAR));
         if (!FilterW)
         {
             SetLastError(ERROR_OUTOFMEMORY);
@@ -1232,16 +1191,16 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
 
     if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW))
     {
-        HeapFree(GetProcessHeap(), 0, FilterW);
+        heap_free(FilterW);
         return FALSE;
     }
-    HeapFree(GetProcessHeap(), 0, FilterW);
+    heap_free(FilterW);
 
     len = *Count * sizeof(PCREDENTIALA);
     for (i = 0; i < *Count; i++)
         len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
 
-    *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
+    *Credentials = heap_alloc(len);
     if (!*Credentials)
     {
         CredFree(CredentialsW);
@@ -1310,7 +1269,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
         return FALSE;
     }
 
-    target_name = HeapAlloc(GetProcessHeap(), 0, (target_name_len+1)*sizeof(WCHAR));
+    target_name = heap_alloc((target_name_len+1)*sizeof(WCHAR));
     if (!target_name)
     {
         RegCloseKey(hkeyMgr);
@@ -1330,7 +1289,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
         ret = ERROR_NOT_FOUND;
     if (ret != ERROR_SUCCESS)
     {
-        HeapFree(GetProcessHeap(), 0, target_name);
+        heap_free(target_name);
         RegCloseKey(hkeyMgr);
         SetLastError(ret);
         return FALSE;
@@ -1339,7 +1298,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
 
     if (ret == ERROR_SUCCESS)
     {
-        buffer = HeapAlloc(GetProcessHeap(), 0, len);
+        buffer = heap_alloc(len);
         *Credentials = (PCREDENTIALW *)buffer;
         if (buffer)
         {
@@ -1359,7 +1318,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
             ret = ERROR_OUTOFMEMORY;
     }
 
-    HeapFree(GetProcessHeap(), 0, target_name);
+    heap_free(target_name);
     RegCloseKey(hkeyMgr);
 
     if (ret != ERROR_SUCCESS)
@@ -1375,7 +1334,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
  */
 VOID WINAPI CredFree(PVOID Buffer)
 {
-    HeapFree(GetProcessHeap(), 0, Buffer);
+    heap_free(Buffer);
 }
 
 /******************************************************************************
@@ -1396,7 +1355,7 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *
     }
 
     len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
-    TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    TargetNameW = heap_alloc(len * sizeof(WCHAR));
     if (!TargetNameW)
     {
         SetLastError(ERROR_OUTOFMEMORY);
@@ -1406,13 +1365,13 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *
 
     if (!CredReadW(TargetNameW, Type, Flags, &CredentialW))
     {
-        HeapFree(GetProcessHeap(), 0, TargetNameW);
+        heap_free(TargetNameW);
         return FALSE;
     }
-    HeapFree(GetProcessHeap(), 0, TargetNameW);
+    heap_free(TargetNameW);
 
     len = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, 0);
-    *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+    *Credential = heap_alloc(len);
     if (!*Credential)
     {
         SetLastError(ERROR_OUTOFMEMORY);
@@ -1464,7 +1423,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
     {
         OSStatus status;
         SecKeychainSearchRef search;
-        status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+        status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
         if (status == noErr)
         {
             SecKeychainItemRef item;
@@ -1472,7 +1431,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
             {
                 SecKeychainAttributeInfo info;
                 SecKeychainAttributeList *attr_list;
-                UInt32 info_tags[] = { kSecServerItemAttr };
+                UInt32 info_tags[] = { kSecServiceItemAttr };
                 LPWSTR target_name;
                 INT str_len;
                 info.count = sizeof(info_tags)/sizeof(info_tags[0]);
@@ -1485,28 +1444,28 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
                     WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
                     continue;
                 }
-                if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
+                if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
                 {
                     CFRelease(item);
                     continue;
                 }
                 str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
-                target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+                target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
                 MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
                 /* nul terminate */
                 target_name[str_len] = '\0';
                 if (strcmpiW(TargetName, target_name))
                 {
                     CFRelease(item);
-                    HeapFree(GetProcessHeap(), 0, target_name);
+                    heap_free(target_name);
                     continue;
                 }
-                HeapFree(GetProcessHeap(), 0, target_name);
+                heap_free(target_name);
                 SecKeychainItemFreeAttributesAndData(attr_list, NULL);
                 ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len);
                 if (ret == ERROR_SUCCESS)
                 {
-                    *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+                    *Credential = heap_alloc(len);
                     if (*Credential)
                     {
                         len = sizeof(**Credential);
@@ -1549,7 +1508,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
 
     key_name = get_key_name_for_target(TargetName, Type);
     ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
     if (ret != ERROR_SUCCESS)
     {
         TRACE("credentials for target name %s not found\n", debugstr_w(TargetName));
@@ -1561,7 +1520,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
     ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len);
     if (ret == ERROR_SUCCESS)
     {
-        *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+        *Credential = heap_alloc(len);
         if (*Credential)
         {
             len = sizeof(**Credential);
@@ -1590,7 +1549,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
                                        DWORD Flags, DWORD *Size, PCREDENTIALA **Credentials)
 {
     PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW;
-    INT len, i;
+    INT len;
+    DWORD i;
     WCHAR *buffer, *end;
     BOOL ret;
     PCREDENTIALW* CredentialsW;
@@ -1623,7 +1583,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
     if (TargetInformation->PackageName)
         len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, NULL, 0) * sizeof(WCHAR);
 
-    TargetInformationW = HeapAlloc(GetProcessHeap(), 0, len);
+    TargetInformationW = heap_alloc(len);
     if (!TargetInformationW)
     {
         SetLastError(ERROR_OUTOFMEMORY);
@@ -1683,8 +1643,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
     if (TargetInformation->PackageName)
     {
         TargetInformationW->PackageName = buffer;
-        buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
-                                      TargetInformationW->PackageName, end - buffer);
+        MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
+                            TargetInformationW->PackageName, end - buffer);
     } else
         TargetInformationW->PackageName = NULL;
 
@@ -1694,7 +1654,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
 
     ret = CredReadDomainCredentialsW(TargetInformationW, Flags, Size, &CredentialsW);
 
-    HeapFree(GetProcessHeap(), 0, TargetInformationW);
+    heap_free(TargetInformationW);
 
     if (ret)
     {
@@ -1705,7 +1665,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
         for (i = 0; i < *Size; i++)
             len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
 
-        *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
+        *Credentials = heap_alloc(len);
         if (!*Credentials)
         {
             CredFree(CredentialsW);
@@ -1767,7 +1727,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
     }
 
     len = convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, 0);
-    CredentialW = HeapAlloc(GetProcessHeap(), 0, len);
+    CredentialW = heap_alloc(len);
     if (!CredentialW)
     {
         SetLastError(ERROR_OUTOFMEMORY);
@@ -1778,7 +1738,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
 
     ret = CredWriteW(CredentialW, Flags);
 
-    HeapFree(GetProcessHeap(), 0, CredentialW);
+    heap_free(CredentialW);
 
     return ret;
 }
@@ -1816,13 +1776,19 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
         return FALSE;
     }
 
+    TRACE("Credential->Flags = 0x%08x\n", Credential->Flags);
+    TRACE("Credential->Type = %u\n", Credential->Type);
     TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName));
+    TRACE("Credential->Comment = %s\n", debugstr_w(Credential->Comment));
+    TRACE("Credential->Persist = %u\n", Credential->Persist);
+    TRACE("Credential->TargetAlias = %s\n", debugstr_w(Credential->TargetAlias));
     TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName));
 
     if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD)
     {
         if (!Credential->UserName ||
-            (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@')))
+            (Credential->Persist == CRED_PERSIST_ENTERPRISE &&
+            (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@'))))
         {
             ERR("bad username %s\n", debugstr_w(Credential->UserName));
             SetLastError(ERROR_BAD_USERNAME);
@@ -1865,7 +1831,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
     ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL,
                           Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE,
                           KEY_READ|KEY_WRITE, NULL, &hkeyCred, NULL);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
     if (ret != ERROR_SUCCESS)
     {
         TRACE("credentials for target name %s not found\n",
@@ -1891,7 +1857,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
 /******************************************************************************
  * CredGetSessionTypes [ADVAPI32.@]
  */
-BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
+WINADVAPI BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
 {
     TRACE("(%u, %p)\n", persistCount, persists);
 
@@ -1908,42 +1874,320 @@ BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
     return TRUE;
 }
 
-BOOL
-WINAPI
-CredWriteDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
-                            PCREDENTIALW Credential,
-                            DWORD Flags)
+/******************************************************************************
+ * CredMarshalCredentialA [ADVAPI32.@]
+ */
+BOOL WINAPI CredMarshalCredentialA( CRED_MARSHAL_TYPE type, PVOID cred, LPSTR *out )
 {
-    WARN("Not implemented\n");
-    return FALSE;
+    BOOL ret;
+    WCHAR *outW;
+
+    TRACE("%u, %p, %p\n", type, cred, out);
+
+    if ((ret = CredMarshalCredentialW( type, cred, &outW )))
+    {
+        int len = WideCharToMultiByte( CP_ACP, 0, outW, -1, NULL, 0, NULL, NULL );
+        if (!(*out = heap_alloc( len )))
+        {
+            heap_free( outW );
+            return FALSE;
+        }
+        WideCharToMultiByte( CP_ACP, 0, outW, -1, *out, len, NULL, NULL );
+        heap_free( outW );
+    }
+    return ret;
 }
 
-BOOL
-WINAPI
-CredWriteDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInfo,
-                            PCREDENTIALA Credential,
-                            DWORD Flags)
+static UINT cred_encode( const char *bin, unsigned int len, WCHAR *cred )
 {
-    WARN("Not implemented\n");
-    return FALSE;
+    static const char enc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789#-";
+    UINT n = 0, x;
+
+    while (len > 0)
+    {
+        cred[n++] = enc[bin[0] & 0x3f];
+        x = (bin[0] & 0xc0) >> 6;
+        if (len == 1)
+        {
+            cred[n++] = enc[x];
+            break;
+        }
+        cred[n++] = enc[((bin[1] & 0xf) << 2) | x];
+        x = (bin[1] & 0xf0) >> 4;
+        if (len == 2)
+        {
+            cred[n++] = enc[x];
+            break;
+        }
+        cred[n++] = enc[((bin[2] & 0x3) << 4) | x];
+        cred[n++] = enc[(bin[2] & 0xfc) >> 2];
+        bin += 3;
+        len -= 3;
+    }
+    return n;
 }
 
-BOOL
-WINAPI
-CredUnmarshalCredentialW(LPCWSTR MarshaledCredential,
-                         PCRED_MARSHAL_TYPE CredType,
-                         PVOID *Credential)
+/******************************************************************************
+ * CredMarshalCredentialW [ADVAPI32.@]
+ */
+BOOL WINAPI CredMarshalCredentialW( CRED_MARSHAL_TYPE type, PVOID cred, LPWSTR *out )
 {
-    WARN("Not implemented\n");
-    return FALSE;
+    CERT_CREDENTIAL_INFO *cert = cred;
+    USERNAME_TARGET_CREDENTIAL_INFO *target = cred;
+    DWORD len, size;
+    WCHAR *p;
+
+    TRACE("%u, %p, %p\n", type, cred, out);
+
+    if (!cred || (type == CertCredential && cert->cbSize < sizeof(*cert)) ||
+        (type != CertCredential && type != UsernameTargetCredential && type != BinaryBlobCredential) ||
+        (type == UsernameTargetCredential && (!target->UserName || !target->UserName[0])))
+    {
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+    switch (type)
+    {
+    case CertCredential:
+    {
+        size = (sizeof(cert->rgbHashOfCert) + 2) * 4 / 3;
+        if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
+        p[0] = '@';
+        p[1] = '@';
+        p[2] = 'A' + type;
+        len = cred_encode( (const char *)cert->rgbHashOfCert, sizeof(cert->rgbHashOfCert), p + 3 );
+        p[len + 3] = 0;
+        break;
+    }
+    case UsernameTargetCredential:
+    {
+        len = strlenW( target->UserName );
+        size = (sizeof(DWORD) + len * sizeof(WCHAR) + 2) * 4 / 3;
+        if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
+        p[0] = '@';
+        p[1] = '@';
+        p[2] = 'A' + type;
+        size = len * sizeof(WCHAR);
+        len = cred_encode( (const char *)&size, sizeof(DWORD), p + 3 );
+        len += cred_encode( (const char *)target->UserName, size, p + 3 + len );
+        p[len + 3] = 0;
+        break;
+    }
+    case BinaryBlobCredential:
+        FIXME("BinaryBlobCredential not implemented\n");
+        return FALSE;
+    default:
+        return FALSE;
+    }
+    *out = p;
+    return TRUE;
+}
+
+/******************************************************************************
+ * CredUnmarshalCredentialA [ADVAPI32.@]
+ */
+BOOL WINAPI CredUnmarshalCredentialA( LPCSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
+{
+    BOOL ret;
+    WCHAR *credW = NULL;
+
+    TRACE("%s, %p, %p\n", debugstr_a(cred), type, out);
+
+    if (cred)
+    {
+        int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 );
+        if (!(credW = heap_alloc( len * sizeof(WCHAR) ))) return FALSE;
+        MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len );
+    }
+    ret = CredUnmarshalCredentialW( credW, type, out );
+    heap_free( credW );
+    return ret;
+}
+
+static inline char char_decode( WCHAR c )
+{
+    if (c >= 'A' && c <= 'Z') return c - 'A';
+    if (c >= 'a' && c <= 'z') return c - 'a' + 26;
+    if (c >= '0' && c <= '9') return c - '0' + 52;
+    if (c == '#') return 62;
+    if (c == '-') return 63;
+    return 64;
+}
+
+static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
+{
+    unsigned int i = 0;
+    char c0, c1, c2, c3;
+    const WCHAR *p = cred;
+
+    while (len >= 4)
+    {
+        if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+        if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+        if ((c2 = char_decode( p[2] )) > 63) return FALSE;
+        if ((c3 = char_decode( p[3] )) > 63) return FALSE;
+
+        buf[i + 0] = (c1 << 6) | c0;
+        buf[i + 1] = (c2 << 4) | (c1 >> 2);
+        buf[i + 2] = (c3 << 2) | (c2 >> 4);
+        len -= 4;
+        i += 3;
+        p += 4;
+    }
+    if (len == 3)
+    {
+        if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+        if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+        if ((c2 = char_decode( p[2] )) > 63) return FALSE;
+
+        buf[i + 0] = (c1 << 6) | c0;
+        buf[i + 1] = (c2 << 4) | (c1 >> 2);
+    }
+    else if (len == 2)
+    {
+        if ((c0 = char_decode( p[0] )) > 63) return FALSE;
+        if ((c1 = char_decode( p[1] )) > 63) return FALSE;
+
+        buf[i + 0] = (c1 << 6) | c0;
+    }
+    else if (len == 1)
+    {
+        return FALSE;
+    }
+    return TRUE;
+}
+
+/******************************************************************************
+ * CredUnmarshalCredentialW [ADVAPI32.@]
+ */
+BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
+{
+    unsigned int len, buflen;
+
+    TRACE("%s, %p, %p\n", debugstr_w(cred), type, out);
+
+    if (!cred || cred[0] != '@' || cred[1] != '@' ||
+        char_decode( cred[2] ) > 63)
+    {
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+    len = strlenW( cred + 3 );
+    *type = char_decode( cred[2] );
+    switch (*type)
+    {
+    case CertCredential:
+    {
+        char hash[CERT_HASH_LENGTH];
+        CERT_CREDENTIAL_INFO *cert;
+
+        if (len != 27 || !cred_decode( cred + 3, len, hash ))
+        {
+            SetLastError( ERROR_INVALID_PARAMETER );
+            return FALSE;
+        }
+        if (!(cert = heap_alloc( sizeof(*cert) ))) return FALSE;
+        memcpy( cert->rgbHashOfCert, hash, sizeof(cert->rgbHashOfCert) );
+        cert->cbSize = sizeof(*cert);
+        *out = cert;
+        break;
+    }
+    case UsernameTargetCredential:
+    {
+        USERNAME_TARGET_CREDENTIAL_INFO *target;
+        DWORD size;
+
+        if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
+            size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
+        {
+            SetLastError( ERROR_INVALID_PARAMETER );
+            return FALSE;
+        }
+        buflen = sizeof(*target) + size + sizeof(WCHAR);
+        if (!(target = heap_alloc( buflen ))) return FALSE;
+        if (!cred_decode( cred + 9, len - 6, (char *)(target + 1) ))
+        {
+            heap_free( target );
+            return FALSE;
+        }
+        target->UserName = (WCHAR *)(target + 1);
+        target->UserName[size / sizeof(WCHAR)] = 0;
+        *out = target;
+        break;
+    }
+    case BinaryBlobCredential:
+        FIXME("BinaryBlobCredential not implemented\n");
+        return FALSE;
+    default:
+        WARN("unhandled type %u\n", *type);
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+    return TRUE;
 }
 
-BOOL
-WINAPI
-CredUnmarshalCredentialA(LPCSTR MarshaledCredential,
-                         PCRED_MARSHAL_TYPE CredType,
-                         PVOID *Credential)
+/******************************************************************************
+ * CredIsMarshaledCredentialW [ADVAPI32.@]
+ *
+ * Check, if the name parameter is a marshaled credential, hash or binary blob
+ *
+ * PARAMS
+ *  name    the name to check
+ *
+ * RETURNS
+ *  TRUE:  the name parameter is a marshaled credential, hash or binary blob
+ *  FALSE: the name is a plain username
+ */
+BOOL WINAPI CredIsMarshaledCredentialW(LPCWSTR name)
 {
-    WARN("Not implemented\n");
+    TRACE("(%s)\n", debugstr_w(name));
+
+    if (name && name[0] == '@' && name[1] == '@' && name[2] > 'A' && name[3])
+    {
+        char hash[CERT_HASH_LENGTH];
+        int len = strlenW(name + 3 );
+        DWORD size;
+
+        if ((name[2] - 'A') == CertCredential && (len == 27) && cred_decode(name + 3, len, hash))
+            return TRUE;
+
+        if (((name[2] - 'A') == UsernameTargetCredential) &&
+            (len >= 9) && cred_decode(name + 3, 6, (char *)&size) && size)
+            return TRUE;
+
+        if ((name[2] - 'A') == BinaryBlobCredential)
+            FIXME("BinaryBlobCredential not checked\n");
+
+        if ((name[2] - 'A') > BinaryBlobCredential)
+            TRACE("unknown type: %d\n", (name[2] - 'A'));
+    }
+
+    SetLastError(ERROR_INVALID_PARAMETER);
     return FALSE;
 }
+
+/******************************************************************************
+ * CredIsMarshaledCredentialA [ADVAPI32.@]
+ *
+ * See CredIsMarshaledCredentialW
+ *
+ */
+BOOL WINAPI CredIsMarshaledCredentialA(LPCSTR name)
+{
+    LPWSTR nameW = NULL;
+    BOOL res;
+    int len;
+
+    TRACE("(%s)\n", debugstr_a(name));
+
+    if (name)
+    {
+        len = MultiByteToWideChar(CP_ACP, 0, name, -1, NULL, 0);
+        nameW = heap_alloc(len * sizeof(WCHAR));
+        MultiByteToWideChar(CP_ACP, 0, name, -1, nameW, len);
+    }
+
+    res = CredIsMarshaledCredentialW(nameW);
+    heap_free(nameW);
+    return res;
+}