* Sync up to trunk head (r64921).

[reactos.git] / dll / win32 / advapi32 / sec / cred.c
diff --git a/dll/win32/advapi32/sec/cred.c b/dll/win32/advapi32/sec/cred.c

index eaea16f..69639a4 100644 (file)
--- a/dll/win32/advapi32/sec/cred.c
+++ b/dll/win32/advapi32/sec/cred.c
@@ -19,6 +19,9 @@
   */
  
  #include <advapi32.h>
+
+#include <wincred.h>
+
  WINE_DEFAULT_DEBUG_CHANNEL(cred);
  
  /* the size of the ARC4 key used to encrypt the password data */
@@ -186,7 +189,6 @@ static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential,
          else if (ret != ERROR_SUCCESS)
              return ret;
          credential->CredentialBlobSize = count;
-        buffer += count;
      }
  
      /* FIXME: Attributes */
@@ -234,15 +236,13 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                                             DWORD *len)
  {
      OSStatus status;
-    UInt32 i;
-    UInt32 cred_blob_len;
+    UInt32 i, cred_blob_len;
      void *cred_blob;
-    LPWSTR domain = NULL;
-    LPWSTR user = NULL;
+    WCHAR *user = NULL;
      BOOL user_name_present = FALSE;
      SecKeychainAttributeInfo info;
      SecKeychainAttributeList *attr_list;
-    UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr,
+    UInt32 info_tags[] = { kSecServiceItemAttr, kSecAccountItemAttr,
                             kSecCommentItemAttr, kSecCreationDateItemAttr };
      info.count = sizeof(info_tags)/sizeof(info_tags[0]);
      info.tag = info_tags;
@@ -269,6 +269,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
      if (!user_name_present)
      {
          WARN("no kSecAccountItemAttr for item\n");
+        SecKeychainItemFreeAttributesAndData(attr_list, cred_blob);
          return ERROR_NOT_FOUND;
      }
  
@@ -291,8 +292,8 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
      {
          switch (attr_list->attr[i].tag)
          {
-            case kSecServerItemAttr:
-                TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list->attr[i].length,
+            case kSecServiceItemAttr:
+                TRACE("kSecServiceItemAttr: %.*s\n", (int)attr_list->attr[i].length,
                        (char *)attr_list->attr[i].data);
                  if (!attr_list->attr[i].data) continue;
                  if (buffer)
@@ -321,7 +322,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                  if (!attr_list->attr[i].data) continue;
                  str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
                                                attr_list->attr[i].length, NULL, 0);
-                user = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+                user = heap_alloc((str_len + 1) * sizeof(WCHAR));
                  MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
                                      attr_list->attr[i].length, user, str_len);
                  user[str_len] = '\0';
@@ -349,20 +350,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                      *len += (str_len + 1) * sizeof(WCHAR);
                  }
                  break;
-            case kSecSecurityDomainItemAttr:
-            {
-                INT str_len;
-                TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list->attr[i].length,
-                      (char *)attr_list->attr[i].data);
-                if (!attr_list->attr[i].data) continue;
-                str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
-                                              attr_list->attr[i].length, NULL, 0);
-                domain = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
-                MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data,
-                                    attr_list->attr[i].length, domain, str_len);
-                domain[str_len] = '\0';
-                break;
-            }
              case kSecCreationDateItemAttr:
                  TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length,
                        (char *)attr_list->attr[i].data);
@@ -379,6 +366,9 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
                      credential->LastWritten.dwHighDateTime = win_time.u.HighPart;
                  }
                  break;
+            default:
+                FIXME("unhandled attribute %lu\n", attr_list->attr[i].tag);
+                break;
          }
      }
  
@@ -387,18 +377,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
          INT str_len;
          if (buffer)
              credential->UserName = (LPWSTR)buffer;
-        if (domain)
-        {
-            str_len = strlenW(domain);
-            *len += (str_len + 1) * sizeof(WCHAR);
-            if (buffer)
-            {
-                memcpy(credential->UserName, domain, str_len * sizeof(WCHAR));
-                /* FIXME: figure out when to use an '@' */
-                credential->UserName[str_len] = '\\';
-                buffer += (str_len + 1) * sizeof(WCHAR);
-            }
-        }
          str_len = strlenW(user);
          *len += (str_len + 1) * sizeof(WCHAR);
          if (buffer)
@@ -408,8 +386,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
              TRACE("UserName = %s\n", debugstr_w(credential->UserName));
          }
      }
-    HeapFree(GetProcessHeap(), 0, user);
-    HeapFree(GetProcessHeap(), 0, domain);
+    heap_free(user);
  
      if (cred_blob)
      {
@@ -420,7 +397,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
              str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len,
                                            (LPWSTR)buffer, 0xffff);
              credential->CredentialBlobSize = str_len * sizeof(WCHAR);
-            buffer += str_len * sizeof(WCHAR);
              *len += str_len * sizeof(WCHAR);
          }
          else
@@ -448,7 +424,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
      key.Length = key.MaximumLength = KEY_SIZE;
      key.Buffer = (unsigned char *)key_data;
  
-    encrypted_credential_blob = HeapAlloc(GetProcessHeap(), 0, credential_blob_size);
+    encrypted_credential_blob = heap_alloc(credential_blob_size);
      if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY;
  
      memcpy(encrypted_credential_blob, credential_blob, credential_blob_size);
@@ -457,7 +433,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type,
      SystemFunction032(&data, &key);
  
      ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, encrypted_credential_blob, credential_blob_size);
-    HeapFree(GetProcessHeap(), 0, encrypted_credential_blob);
+    heap_free(encrypted_credential_blob);
  
      return ret;
  }
@@ -470,10 +446,10 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
  
      GetSystemTimeAsFileTime(&LastWritten);
  
-    ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (LPVOID)&credential->Flags,
+    ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (const BYTE*)&credential->Flags,
                           sizeof(credential->Flags));
      if (ret != ERROR_SUCCESS) return ret;
-    ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (LPVOID)&credential->Type,
+    ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (const BYTE*)&credential->Type,
                           sizeof(credential->Type));
      if (ret != ERROR_SUCCESS) return ret;
      ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName,
@@ -488,7 +464,7 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential,
      ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten,
                           sizeof(LastWritten));
      if (ret != ERROR_SUCCESS) return ret;
-    ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (LPVOID)&credential->Persist,
+    ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (const BYTE*)&credential->Persist,
                           sizeof(credential->Persist));
      if (ret != ERROR_SUCCESS) return ret;
      /* FIXME: Attributes */
@@ -518,15 +494,8 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
  {
      OSStatus status;
      SecKeychainItemRef keychain_item;
-    char *username;
-    char *domain = NULL;
-    char *password;
-    char *servername;
-    UInt32 userlen;
-    UInt32 domainlen = 0;
-    UInt32 pwlen;
-    UInt32 serverlen;
-    LPCWSTR p;
+    char *username, *password, *servername;
+    UInt32 userlen, pwlen, serverlen;
      SecKeychainAttribute attrs[1];
      SecKeychainAttributeList attr_list;
  
@@ -539,61 +508,36 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
      if (credential->AttributeCount)
          FIXME("custom attributes not supported\n");
  
-    p = strchrW(credential->UserName, '\\');
-    if (p)
-    {
-        domainlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName,
-                                        p - credential->UserName, NULL, 0, NULL, NULL);
-        domain = HeapAlloc(GetProcessHeap(), 0, (domainlen + 1) * sizeof(*domain));
-        WideCharToMultiByte(CP_UTF8, 0, credential->UserName, p - credential->UserName,
-                            domain, domainlen, NULL, NULL);
-        domain[domainlen] = '\0';
-        p++;
-    }
-    else
-        p = credential->UserName;
-    userlen = WideCharToMultiByte(CP_UTF8, 0, p, -1, NULL, 0, NULL, NULL);
-    username = HeapAlloc(GetProcessHeap(), 0, userlen * sizeof(*username));
-    WideCharToMultiByte(CP_UTF8, 0, p, -1, username, userlen, NULL, NULL);
+    userlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, NULL, 0, NULL, NULL);
+    username = heap_alloc(userlen * sizeof(*username));
+    WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, username, userlen, NULL, NULL);
  
      serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL);
-    servername = HeapAlloc(GetProcessHeap(), 0, serverlen * sizeof(*servername));
+    servername = heap_alloc(serverlen * sizeof(*servername));
      WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL);
      pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
                                  credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL);
-    password = HeapAlloc(GetProcessHeap(), 0, pwlen * sizeof(*domain));
+    password = heap_alloc(pwlen * sizeof(*password));
      WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob,
                          credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL);
  
-    TRACE("adding server %s, domain %s, username %s using Keychain\n", servername, domain, username);
-    status = SecKeychainAddInternetPassword(NULL, strlen(servername), servername,
-                                            strlen(domain), domain, strlen(username),
-                                            username, 0, NULL, 0,
-                                            0 /* no protocol */,
-                                            kSecAuthenticationTypeDefault,
-                                            strlen(password), password, &keychain_item);
+    TRACE("adding server %s, username %s using Keychain\n", servername, username);
+    status = SecKeychainAddGenericPassword(NULL, strlen(servername), servername, strlen(username),
+                                           username, strlen(password), password, &keychain_item);
      if (status != noErr)
-        ERR("SecKeychainAddInternetPassword returned %ld\n", status);
+        ERR("SecKeychainAddGenericPassword returned %ld\n", status);
      if (status == errSecDuplicateItem)
      {
-        SecKeychainItemRef keychain_item;
-
-        status = SecKeychainFindInternetPassword(NULL, strlen(servername), servername,
-                                                 strlen(domain), domain,
-                                                 strlen(username), username,
-                                                 0, NULL /* any path */, 0,
-                                                 0 /* any protocol */,
-                                                 0 /* any authentication type */,
-                                                 0, NULL, &keychain_item);
+        status = SecKeychainFindGenericPassword(NULL, strlen(servername), servername, strlen(username),
+                                                username, NULL, NULL, &keychain_item);
          if (status != noErr)
-            ERR("SecKeychainFindInternetPassword returned %ld\n", status);
+            ERR("SecKeychainFindGenericPassword returned %ld\n", status);
      }
-    HeapFree(GetProcessHeap(), 0, domain);
-    HeapFree(GetProcessHeap(), 0, username);
-    HeapFree(GetProcessHeap(), 0, servername);
+    heap_free(username);
+    heap_free(servername);
      if (status != noErr)
      {
-        HeapFree(GetProcessHeap(), 0, password);
+        heap_free(password);
          return ERROR_GEN_FAILURE;
      }
      if (credential->Comment)
@@ -603,7 +547,7 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
          attrs[0].tag = kSecCommentItemAttr;
          attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL);
          if (attrs[0].length) attrs[0].length--;
-        attrs[0].data = HeapAlloc(GetProcessHeap(), 0, attrs[0].length);
+        attrs[0].data = heap_alloc(attrs[0].length);
          WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL);
      }
      else
@@ -615,10 +559,12 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b
                                                      preserve_blob ? 0 : strlen(password),
                                                      preserve_blob ? NULL : password);
      if (credential->Comment)
-        HeapFree(GetProcessHeap(), 0, attrs[0].data);
-    HeapFree(GetProcessHeap(), 0, password);
+        heap_free(attrs[0].data);
+    heap_free(password);
      /* FIXME: set TargetAlias attribute */
      CFRelease(keychain_item);
+    if (status != noErr)
+        return ERROR_GEN_FAILURE;
      return ERROR_SUCCESS;
  }
  #endif
@@ -698,7 +644,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
          len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]);
      }
  
-    key_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    key_name = heap_alloc(len * sizeof(WCHAR));
      if (!key_name) return NULL;
  
      strcpyW(key_name, prefix);
@@ -710,7 +656,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type)
      return key_name;
  }
  
-static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
+static BOOL registry_credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
  {
      LPWSTR target_name;
      DWORD ret;
@@ -726,13 +672,13 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
      else if (type != REG_SZ)
          return FALSE;
  
-    target_name = HeapAlloc(GetProcessHeap(), 0, count);
+    target_name = heap_alloc(count);
      if (!target_name)
          return FALSE;
      ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count);
      if (ret != ERROR_SUCCESS || type != REG_SZ)
      {
-        HeapFree(GetProcessHeap(), 0, target_name);
+        heap_free(target_name);
          return FALSE;
      }
  
@@ -740,17 +686,17 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter)
            debugstr_w(target_name));
  
      p = strchrW(filter, '*');
-    ret = CompareStringW(GetThreadLocale(), 0, filter,
+    ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
                           (p && !p[1] ? p - filter : -1), target_name,
                           (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
  
-    HeapFree(GetProcessHeap(), 0, target_name);
+    heap_free(target_name);
      return ret;
  }
  
  static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
                                              LPWSTR target_name,
-                                            DWORD target_name_len, BYTE key_data[KEY_SIZE],
+                                            DWORD target_name_len, const BYTE key_data[KEY_SIZE],
                                              PCREDENTIALW *credentials, char **buffer,
                                              DWORD *len, DWORD *count)
  {
@@ -766,18 +712,12 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
              break;
          }
          else if (ret != ERROR_SUCCESS)
-        {
-            ret = ERROR_SUCCESS;
              continue;
-        }
          TRACE("target_name = %s\n", debugstr_w(target_name));
          ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred);
          if (ret != ERROR_SUCCESS)
-        {
-            ret = ERROR_SUCCESS;
              continue;
-        }
-        if (!credential_matches_filter(hkeyCred, filter))
+        if (!registry_credential_matches_filter(hkeyCred, filter))
          {
              RegCloseKey(hkeyCred);
              continue;
@@ -801,6 +741,30 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter,
  }
  
  #ifdef __APPLE__
+static BOOL mac_credential_matches_filter(void *data, UInt32 data_len, const WCHAR *filter)
+{
+    int len;
+    WCHAR *target_name;
+    const WCHAR *p;
+    BOOL ret;
+
+    if (!filter) return TRUE;
+
+    len = MultiByteToWideChar(CP_UTF8, 0, data, data_len, NULL, 0);
+    if (!(target_name = heap_alloc((len + 1) * sizeof(WCHAR)))) return FALSE;
+    MultiByteToWideChar(CP_UTF8, 0, data, data_len, target_name, len);
+    target_name[len] = 0;
+
+    TRACE("comparing filter %s to target name %s\n", debugstr_w(filter), debugstr_w(target_name));
+
+    p = strchrW(filter, '*');
+    ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter,
+                         (p && !p[1] ? p - filter : -1), target_name,
+                         (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL;
+    heap_free(target_name);
+    return ret;
+}
+
  static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials,
                                         char *buffer, DWORD *len, DWORD *count)
  {
@@ -813,14 +777,16 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials
      SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed);
      SecKeychainSetUserInteractionAllowed(false);
  
-    status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+    status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
      if (status == noErr)
      {
          while (SecKeychainSearchCopyNext(search, &item) == noErr)
          {
              SecKeychainAttributeInfo info;
              SecKeychainAttributeList *attr_list;
-            UInt32 info_tags[] = { kSecServerItemAttr };
+            UInt32 info_tags[] = { kSecServiceItemAttr };
+            BOOL match;
+
              info.count = sizeof(info_tags)/sizeof(info_tags[0]);
              info.tag = info_tags;
              info.format = NULL;
@@ -837,10 +803,15 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials
              }
              else
                  *len += sizeof(CREDENTIALW);
-            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) continue;
-            TRACE("server item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
-            /* FIXME: filter based on attr_list->attr[0].data */
+            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
+            {
+                SecKeychainItemFreeAttributesAndData(attr_list, NULL);
+                continue;
+            }
+            TRACE("service item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data);
+            match = mac_credential_matches_filter(attr_list->attr[0].data, attr_list->attr[0].length, filter);
              SecKeychainItemFreeAttributesAndData(attr_list, NULL);
+            if (!match) continue;
              ret = mac_read_credential_from_item(item, FALSE,
                                                  buffer ? credentials[*count] : NULL,
                                                  buffer ? buffer + sizeof(CREDENTIALW) : NULL,
@@ -864,7 +835,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
  {
      OSStatus status;
      SecKeychainSearchRef search;
-    status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+    status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
      if (status == noErr)
      {
          SecKeychainItemRef item;
@@ -872,7 +843,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
          {
              SecKeychainAttributeInfo info;
              SecKeychainAttributeList *attr_list;
-            UInt32 info_tags[] = { kSecServerItemAttr };
+            UInt32 info_tags[] = { kSecServiceItemAttr };
              LPWSTR target_name;
              INT str_len;
              info.count = sizeof(info_tags)/sizeof(info_tags[0]);
@@ -884,23 +855,23 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
                  WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
                  continue;
              }
-            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
+            if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
              {
                  CFRelease(item);
                  continue;
              }
              str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
-            target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+            target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
              MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
              /* nul terminate */
              target_name[str_len] = '\0';
              if (strcmpiW(TargetName, target_name))
              {
                  CFRelease(item);
-                HeapFree(GetProcessHeap(), 0, target_name);
+                heap_free(target_name);
                  continue;
              }
-            HeapFree(GetProcessHeap(), 0, target_name);
+            heap_free(target_name);
              SecKeychainItemFreeAttributesAndData(attr_list, NULL);
              SecKeychainItemDelete(item);
              CFRelease(item);
@@ -921,7 +892,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName)
   *
   */
  
-static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, INT len)
+static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, DWORD len)
  {
      char *buffer;
      INT string_len;
@@ -1113,7 +1084,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
      }
  
      len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
-    TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    TargetNameW = heap_alloc(len * sizeof(WCHAR));
      if (!TargetNameW)
      {
          SetLastError(ERROR_OUTOFMEMORY);
@@ -1123,7 +1094,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags)
  
      ret = CredDeleteW(TargetNameW, Type, Flags);
  
-    HeapFree(GetProcessHeap(), 0, TargetNameW);
+    heap_free(TargetNameW);
  
      return ret;
  }
@@ -1178,7 +1149,7 @@ BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags)
  
      key_name = get_key_name_for_target(TargetName, Type);
      ret = RegDeleteKeyW(hkeyMgr, key_name);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
      RegCloseKey(hkeyMgr);
      if (ret != ERROR_SUCCESS)
      {
@@ -1207,7 +1178,7 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
      if (Filter)
      {
          len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0);
-        FilterW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+        FilterW = heap_alloc(len * sizeof(WCHAR));
          if (!FilterW)
          {
              SetLastError(ERROR_OUTOFMEMORY);
@@ -1220,16 +1191,16 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count,
  
      if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW))
      {
-        HeapFree(GetProcessHeap(), 0, FilterW);
+        heap_free(FilterW);
          return FALSE;
      }
-    HeapFree(GetProcessHeap(), 0, FilterW);
+    heap_free(FilterW);
  
      len = *Count * sizeof(PCREDENTIALA);
      for (i = 0; i < *Count; i++)
          len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
  
-    *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
+    *Credentials = heap_alloc(len);
      if (!*Credentials)
      {
          CredFree(CredentialsW);
@@ -1298,7 +1269,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
          return FALSE;
      }
  
-    target_name = HeapAlloc(GetProcessHeap(), 0, (target_name_len+1)*sizeof(WCHAR));
+    target_name = heap_alloc((target_name_len+1)*sizeof(WCHAR));
      if (!target_name)
      {
          RegCloseKey(hkeyMgr);
@@ -1318,7 +1289,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
          ret = ERROR_NOT_FOUND;
      if (ret != ERROR_SUCCESS)
      {
-        HeapFree(GetProcessHeap(), 0, target_name);
+        heap_free(target_name);
          RegCloseKey(hkeyMgr);
          SetLastError(ret);
          return FALSE;
@@ -1327,7 +1298,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
  
      if (ret == ERROR_SUCCESS)
      {
-        buffer = HeapAlloc(GetProcessHeap(), 0, len);
+        buffer = heap_alloc(len);
          *Credentials = (PCREDENTIALW *)buffer;
          if (buffer)
          {
@@ -1347,7 +1318,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
              ret = ERROR_OUTOFMEMORY;
      }
  
-    HeapFree(GetProcessHeap(), 0, target_name);
+    heap_free(target_name);
      RegCloseKey(hkeyMgr);
  
      if (ret != ERROR_SUCCESS)
@@ -1363,7 +1334,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count,
   */
  VOID WINAPI CredFree(PVOID Buffer)
  {
-    HeapFree(GetProcessHeap(), 0, Buffer);
+    heap_free(Buffer);
  }
  
  /******************************************************************************
@@ -1384,7 +1355,7 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *
      }
  
      len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0);
-    TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+    TargetNameW = heap_alloc(len * sizeof(WCHAR));
      if (!TargetNameW)
      {
          SetLastError(ERROR_OUTOFMEMORY);
@@ -1394,13 +1365,13 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA *
  
      if (!CredReadW(TargetNameW, Type, Flags, &CredentialW))
      {
-        HeapFree(GetProcessHeap(), 0, TargetNameW);
+        heap_free(TargetNameW);
          return FALSE;
      }
-    HeapFree(GetProcessHeap(), 0, TargetNameW);
+    heap_free(TargetNameW);
  
      len = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, 0);
-    *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+    *Credential = heap_alloc(len);
      if (!*Credential)
      {
          SetLastError(ERROR_OUTOFMEMORY);
@@ -1452,7 +1423,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
      {
          OSStatus status;
          SecKeychainSearchRef search;
-        status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search);
+        status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search);
          if (status == noErr)
          {
              SecKeychainItemRef item;
@@ -1460,7 +1431,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
              {
                  SecKeychainAttributeInfo info;
                  SecKeychainAttributeList *attr_list;
-                UInt32 info_tags[] = { kSecServerItemAttr };
+                UInt32 info_tags[] = { kSecServiceItemAttr };
                  LPWSTR target_name;
                  INT str_len;
                  info.count = sizeof(info_tags)/sizeof(info_tags[0]);
@@ -1473,28 +1444,28 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
                      WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
                      continue;
                  }
-                if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr)
+                if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr)
                  {
                      CFRelease(item);
                      continue;
                  }
                  str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0);
-                target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR));
+                target_name = heap_alloc((str_len + 1) * sizeof(WCHAR));
                  MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len);
                  /* nul terminate */
                  target_name[str_len] = '\0';
                  if (strcmpiW(TargetName, target_name))
                  {
                      CFRelease(item);
-                    HeapFree(GetProcessHeap(), 0, target_name);
+                    heap_free(target_name);
                      continue;
                  }
-                HeapFree(GetProcessHeap(), 0, target_name);
+                heap_free(target_name);
                  SecKeychainItemFreeAttributesAndData(attr_list, NULL);
                  ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len);
                  if (ret == ERROR_SUCCESS)
                  {
-                    *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+                    *Credential = heap_alloc(len);
                      if (*Credential)
                      {
                          len = sizeof(**Credential);
@@ -1537,7 +1508,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
  
      key_name = get_key_name_for_target(TargetName, Type);
      ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
      if (ret != ERROR_SUCCESS)
      {
          TRACE("credentials for target name %s not found\n", debugstr_w(TargetName));
@@ -1549,7 +1520,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW
      ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len);
      if (ret == ERROR_SUCCESS)
      {
-        *Credential = HeapAlloc(GetProcessHeap(), 0, len);
+        *Credential = heap_alloc(len);
          if (*Credential)
          {
              len = sizeof(**Credential);
@@ -1578,7 +1549,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
                                         DWORD Flags, DWORD *Size, PCREDENTIALA **Credentials)
  {
      PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW;
-    INT len, i;
+    INT len;
+    DWORD i;
      WCHAR *buffer, *end;
      BOOL ret;
      PCREDENTIALW* CredentialsW;
@@ -1611,7 +1583,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
      if (TargetInformation->PackageName)
          len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, NULL, 0) * sizeof(WCHAR);
  
-    TargetInformationW = HeapAlloc(GetProcessHeap(), 0, len);
+    TargetInformationW = heap_alloc(len);
      if (!TargetInformationW)
      {
          SetLastError(ERROR_OUTOFMEMORY);
@@ -1671,8 +1643,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
      if (TargetInformation->PackageName)
      {
          TargetInformationW->PackageName = buffer;
-        buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
-                                      TargetInformationW->PackageName, end - buffer);
+        MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1,
+                            TargetInformationW->PackageName, end - buffer);
      } else
          TargetInformationW->PackageName = NULL;
  
@@ -1682,7 +1654,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
  
      ret = CredReadDomainCredentialsW(TargetInformationW, Flags, Size, &CredentialsW);
  
-    HeapFree(GetProcessHeap(), 0, TargetInformationW);
+    heap_free(TargetInformationW);
  
      if (ret)
      {
@@ -1693,7 +1665,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf
          for (i = 0; i < *Size; i++)
              len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0);
  
-        *Credentials = HeapAlloc(GetProcessHeap(), 0, len);
+        *Credentials = heap_alloc(len);
          if (!*Credentials)
          {
              CredFree(CredentialsW);
@@ -1755,7 +1727,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
      }
  
      len = convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, 0);
-    CredentialW = HeapAlloc(GetProcessHeap(), 0, len);
+    CredentialW = heap_alloc(len);
      if (!CredentialW)
      {
          SetLastError(ERROR_OUTOFMEMORY);
@@ -1766,7 +1738,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags)
  
      ret = CredWriteW(CredentialW, Flags);
  
-    HeapFree(GetProcessHeap(), 0, CredentialW);
+    heap_free(CredentialW);
  
      return ret;
  }
@@ -1804,13 +1776,19 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
          return FALSE;
      }
  
+    TRACE("Credential->Flags = 0x%08x\n", Credential->Flags);
+    TRACE("Credential->Type = %u\n", Credential->Type);
      TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName));
+    TRACE("Credential->Comment = %s\n", debugstr_w(Credential->Comment));
+    TRACE("Credential->Persist = %u\n", Credential->Persist);
+    TRACE("Credential->TargetAlias = %s\n", debugstr_w(Credential->TargetAlias));
      TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName));
  
      if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD)
      {
          if (!Credential->UserName ||
-            (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@')))
+            (Credential->Persist == CRED_PERSIST_ENTERPRISE &&
+            (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@'))))
          {
              ERR("bad username %s\n", debugstr_w(Credential->UserName));
              SetLastError(ERROR_BAD_USERNAME);
@@ -1853,7 +1831,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
      ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL,
                            Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE,
                            KEY_READ|KEY_WRITE, NULL, &hkeyCred, NULL);
-    HeapFree(GetProcessHeap(), 0, key_name);
+    heap_free(key_name);
      if (ret != ERROR_SUCCESS)
      {
          TRACE("credentials for target name %s not found\n",
@@ -1879,7 +1857,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags)
  /******************************************************************************
   * CredGetSessionTypes [ADVAPI32.@]
   */
-BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
+WINADVAPI BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists)
  {
      TRACE("(%u, %p)\n", persistCount, persists);
  
@@ -1909,20 +1887,20 @@ BOOL WINAPI CredMarshalCredentialA( CRED_MARSHAL_TYPE type, PVOID cred, LPSTR *o
      if ((ret = CredMarshalCredentialW( type, cred, &outW )))
      {
          int len = WideCharToMultiByte( CP_ACP, 0, outW, -1, NULL, 0, NULL, NULL );
-        if (!(*out = HeapAlloc( GetProcessHeap(), 0, len )))
+        if (!(*out = heap_alloc( len )))
          {
-            HeapFree( GetProcessHeap(), 0, outW );
+            heap_free( outW );
              return FALSE;
          }
          WideCharToMultiByte( CP_ACP, 0, outW, -1, *out, len, NULL, NULL );
-        HeapFree( GetProcessHeap(), 0, outW );
+        heap_free( outW );
      }
      return ret;
  }
  
  static UINT cred_encode( const char *bin, unsigned int len, WCHAR *cred )
  {
-    static char enc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789#-";
+    static const char enc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789#-";
      UINT n = 0, x;
  
      while (len > 0)
@@ -1972,25 +1950,20 @@ BOOL WINAPI CredMarshalCredentialW( CRED_MARSHAL_TYPE type, PVOID cred, LPWSTR *
      {
      case CertCredential:
      {
-        char hash[CERT_HASH_LENGTH + 2];
-
-        memcpy( hash, cert->rgbHashOfCert, sizeof(cert->rgbHashOfCert) );
-        memset( hash + sizeof(cert->rgbHashOfCert), 0, sizeof(hash) - sizeof(cert->rgbHashOfCert) );
-
-        size = sizeof(hash) * 4 / 3;
-        if (!(p = HeapAlloc( GetProcessHeap(), 0, (size + 4) * sizeof(WCHAR) ))) return FALSE;
+        size = (sizeof(cert->rgbHashOfCert) + 2) * 4 / 3;
+        if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
          p[0] = '@';
          p[1] = '@';
          p[2] = 'A' + type;
-        len = cred_encode( (const char *)hash, sizeof(hash), p + 3 );
-        p[len] = 0;
+        len = cred_encode( (const char *)cert->rgbHashOfCert, sizeof(cert->rgbHashOfCert), p + 3 );
+        p[len + 3] = 0;
          break;
      }
      case UsernameTargetCredential:
      {
          len = strlenW( target->UserName );
          size = (sizeof(DWORD) + len * sizeof(WCHAR) + 2) * 4 / 3;
-        if (!(p = HeapAlloc( GetProcessHeap(), 0, (size + 4) * sizeof(WCHAR) ))) return FALSE;
+        if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE;
          p[0] = '@';
          p[1] = '@';
          p[2] = 'A' + type;
@@ -2010,24 +1983,25 @@ BOOL WINAPI CredMarshalCredentialW( CRED_MARSHAL_TYPE type, PVOID cred, LPWSTR *
      return TRUE;
  }
  
-BOOL
-WINAPI
-CredWriteDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
-                            PCREDENTIALW Credential,
-                            DWORD Flags)
+/******************************************************************************
+ * CredUnmarshalCredentialA [ADVAPI32.@]
+ */
+BOOL WINAPI CredUnmarshalCredentialA( LPCSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
  {
-    WARN("Not implemented\n");
-    return FALSE;
-}
+    BOOL ret;
+    WCHAR *credW = NULL;
  
-BOOL
-WINAPI
-CredWriteDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInfo,
-                            PCREDENTIALA Credential,
-                            DWORD Flags)
-{
-    WARN("Not implemented\n");
-    return FALSE;
+    TRACE("%s, %p, %p\n", debugstr_a(cred), type, out);
+
+    if (cred)
+    {
+        int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 );
+        if (!(credW = heap_alloc( len * sizeof(WCHAR) ))) return FALSE;
+        MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len );
+    }
+    ret = CredUnmarshalCredentialW( credW, type, out );
+    heap_free( credW );
+    return ret;
  }
  
  static inline char char_decode( WCHAR c )
@@ -2068,7 +2042,6 @@ static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
  
          buf[i + 0] = (c1 << 6) | c0;
          buf[i + 1] = (c2 << 4) | (c1 >> 2);
-        buf[i + 2] = c2 >> 4;
      }
      else if (len == 2)
      {
@@ -2076,16 +2049,10 @@ static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf )
          if ((c1 = char_decode( p[1] )) > 63) return FALSE;
  
          buf[i + 0] = (c1 << 6) | c0;
-        buf[i + 1] = c1 >> 2;
-        buf[i + 2] = 0;
      }
      else if (len == 1)
      {
-        if ((c0 = char_decode( p[0] )) > 63) return FALSE;
-
-        buf[i + 0] = c0;
-        buf[i + 1] = 0;
-        buf[i + 2] = 0;
+        return FALSE;
      }
      return TRUE;
  }
@@ -2099,17 +2066,19 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
  
      TRACE("%s, %p, %p\n", debugstr_w(cred), type, out);
  
-    if (!cred || cred[0] != '@' || cred[1] != '@' || !cred[2] || !cred[3])
+    if (!cred || cred[0] != '@' || cred[1] != '@' ||
+        char_decode( cred[2] ) > 63)
      {
          SetLastError( ERROR_INVALID_PARAMETER );
          return FALSE;
      }
      len = strlenW( cred + 3 );
-    switch (cred[2] - 'A')
+    *type = char_decode( cred[2] );
+    switch (*type)
      {
      case CertCredential:
      {
-        char hash[CERT_HASH_LENGTH + 2];
+        char hash[CERT_HASH_LENGTH];
          CERT_CREDENTIAL_INFO *cert;
  
          if (len != 27 || !cred_decode( cred + 3, len, hash ))
@@ -2117,34 +2086,32 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
              SetLastError( ERROR_INVALID_PARAMETER );
              return FALSE;
          }
-        if (!(cert = HeapAlloc( GetProcessHeap(), 0, sizeof(*cert) ))) return FALSE;
+        if (!(cert = heap_alloc( sizeof(*cert) ))) return FALSE;
          memcpy( cert->rgbHashOfCert, hash, sizeof(cert->rgbHashOfCert) );
          cert->cbSize = sizeof(*cert);
-        *type = CertCredential;
          *out = cert;
          break;
      }
      case UsernameTargetCredential:
      {
          USERNAME_TARGET_CREDENTIAL_INFO *target;
-        ULONGLONG size = 0;
+        DWORD size;
  
          if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) ||
-            !size || size % sizeof(WCHAR) || size > INT_MAX)
+            size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3)
          {
              SetLastError( ERROR_INVALID_PARAMETER );
              return FALSE;
          }
          buflen = sizeof(*target) + size + sizeof(WCHAR);
-        if (!(target = HeapAlloc( GetProcessHeap(), 0, buflen ))) return FALSE;
+        if (!(target = heap_alloc( buflen ))) return FALSE;
          if (!cred_decode( cred + 9, len - 6, (char *)(target + 1) ))
          {
-            HeapFree( GetProcessHeap(), 0, target );
+            heap_free( target );
              return FALSE;
          }
          target->UserName = (WCHAR *)(target + 1);
          target->UserName[size / sizeof(WCHAR)] = 0;
-        *type = UsernameTargetCredential;
          *out = target;
          break;
      }
@@ -2152,34 +2119,13 @@ BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVO
          FIXME("BinaryBlobCredential not implemented\n");
          return FALSE;
      default:
-        WARN("unhandled type %u\n", cred[2] - 'A');
+        WARN("unhandled type %u\n", *type);
+        SetLastError( ERROR_INVALID_PARAMETER );
          return FALSE;
      }
      return TRUE;
  }
  
-/******************************************************************************
- * CredUnmarshalCredentialA [ADVAPI32.@]
- */
-BOOL WINAPI CredUnmarshalCredentialA( LPCSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out )
-{
-    BOOL ret;
-    WCHAR *credW = NULL;
-
-    TRACE("%s, %p, %p\n", debugstr_a(cred), type, out);
-
-    if (cred)
-    {
-        int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 );
-        if (!(credW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return FALSE;
-        MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len );
-    }
-    ret = CredUnmarshalCredentialW( credW, type, out );
-    HeapFree( GetProcessHeap(), 0, credW );
-    return ret;
-}
-
-
  /******************************************************************************
   * CredIsMarshaledCredentialW [ADVAPI32.@]
   *
@@ -2198,7 +2144,7 @@ BOOL WINAPI CredIsMarshaledCredentialW(LPCWSTR name)
  
      if (name && name[0] == '@' && name[1] == '@' && name[2] > 'A' && name[3])
      {
-        char hash[CERT_HASH_LENGTH + 2];
+        char hash[CERT_HASH_LENGTH];
          int len = strlenW(name + 3 );
          DWORD size;
  
@@ -2237,11 +2183,11 @@ BOOL WINAPI CredIsMarshaledCredentialA(LPCSTR name)
      if (name)
      {
          len = MultiByteToWideChar(CP_ACP, 0, name, -1, NULL, 0);
-        nameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+        nameW = heap_alloc(len * sizeof(WCHAR));
          MultiByteToWideChar(CP_ACP, 0, name, -1, nameW, len);
      }
  
      res = CredIsMarshaledCredentialW(nameW);
-    HeapFree(GetProcessHeap(), 0, nameW);
+    heap_free(nameW);
      return res;
  }