X-Git-Url: https://git.reactos.org/?p=reactos.git;a=blobdiff_plain;f=dll%2Fwin32%2Fadvapi32%2Fsec%2Fcred.c;h=69639a4ffb10645164dcb361033bfb25b5f486fe;hp=3c5b7821d855a7d0588c4162a6265f37dd054b4f;hb=121e60dbda9f161d02983d430dc1341c4ee6874d;hpb=24087a3b01587f200479465f1f8dbd06a1ce3f1b diff --git a/dll/win32/advapi32/sec/cred.c b/dll/win32/advapi32/sec/cred.c index 3c5b7821d85..69639a4ffb1 100644 --- a/dll/win32/advapi32/sec/cred.c +++ b/dll/win32/advapi32/sec/cred.c @@ -19,6 +19,9 @@ */ #include + +#include + WINE_DEFAULT_DEBUG_CHANNEL(cred); /* the size of the ARC4 key used to encrypt the password data */ @@ -186,7 +189,6 @@ static DWORD registry_read_credential(HKEY hkey, PCREDENTIALW credential, else if (ret != ERROR_SUCCESS) return ret; credential->CredentialBlobSize = count; - buffer += count; } /* FIXME: Attributes */ @@ -234,15 +236,13 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require DWORD *len) { OSStatus status; - UInt32 i; - UInt32 cred_blob_len; + UInt32 i, cred_blob_len; void *cred_blob; - LPWSTR domain = NULL; - LPWSTR user = NULL; + WCHAR *user = NULL; BOOL user_name_present = FALSE; SecKeychainAttributeInfo info; SecKeychainAttributeList *attr_list; - UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr, + UInt32 info_tags[] = { kSecServiceItemAttr, kSecAccountItemAttr, kSecCommentItemAttr, kSecCreationDateItemAttr }; info.count = sizeof(info_tags)/sizeof(info_tags[0]); info.tag = info_tags; @@ -269,6 +269,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require if (!user_name_present) { WARN("no kSecAccountItemAttr for item\n"); + SecKeychainItemFreeAttributesAndData(attr_list, cred_blob); return ERROR_NOT_FOUND; } @@ -291,8 +292,8 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require { switch (attr_list->attr[i].tag) { - case kSecServerItemAttr: - TRACE("kSecServerItemAttr: %.*s\n", (int)attr_list->attr[i].length, + case kSecServiceItemAttr: + TRACE("kSecServiceItemAttr: %.*s\n", (int)attr_list->attr[i].length, (char *)attr_list->attr[i].data); if (!attr_list->attr[i].data) continue; if (buffer) @@ -321,7 +322,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require if (!attr_list->attr[i].data) continue; str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data, attr_list->attr[i].length, NULL, 0); - user = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR)); + user = heap_alloc((str_len + 1) * sizeof(WCHAR)); MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data, attr_list->attr[i].length, user, str_len); user[str_len] = '\0'; @@ -349,20 +350,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require *len += (str_len + 1) * sizeof(WCHAR); } break; - case kSecSecurityDomainItemAttr: - { - INT str_len; - TRACE("kSecSecurityDomainItemAttr: %.*s\n", (int)attr_list->attr[i].length, - (char *)attr_list->attr[i].data); - if (!attr_list->attr[i].data) continue; - str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data, - attr_list->attr[i].length, NULL, 0); - domain = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR)); - MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[i].data, - attr_list->attr[i].length, domain, str_len); - domain[str_len] = '\0'; - break; - } case kSecCreationDateItemAttr: TRACE("kSecCreationDateItemAttr: %.*s\n", (int)attr_list->attr[i].length, (char *)attr_list->attr[i].data); @@ -379,6 +366,9 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require credential->LastWritten.dwHighDateTime = win_time.u.HighPart; } break; + default: + FIXME("unhandled attribute %lu\n", attr_list->attr[i].tag); + break; } } @@ -387,18 +377,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require INT str_len; if (buffer) credential->UserName = (LPWSTR)buffer; - if (domain) - { - str_len = strlenW(domain); - *len += (str_len + 1) * sizeof(WCHAR); - if (buffer) - { - memcpy(credential->UserName, domain, str_len * sizeof(WCHAR)); - /* FIXME: figure out when to use an '@' */ - credential->UserName[str_len] = '\\'; - buffer += (str_len + 1) * sizeof(WCHAR); - } - } str_len = strlenW(user); *len += (str_len + 1) * sizeof(WCHAR); if (buffer) @@ -408,8 +386,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require TRACE("UserName = %s\n", debugstr_w(credential->UserName)); } } - HeapFree(GetProcessHeap(), 0, user); - HeapFree(GetProcessHeap(), 0, domain); + heap_free(user); if (cred_blob) { @@ -420,7 +397,6 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require str_len = MultiByteToWideChar(CP_UTF8, 0, cred_blob, cred_blob_len, (LPWSTR)buffer, 0xffff); credential->CredentialBlobSize = str_len * sizeof(WCHAR); - buffer += str_len * sizeof(WCHAR); *len += str_len * sizeof(WCHAR); } else @@ -448,7 +424,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type, key.Length = key.MaximumLength = KEY_SIZE; key.Buffer = (unsigned char *)key_data; - encrypted_credential_blob = HeapAlloc(GetProcessHeap(), 0, credential_blob_size); + encrypted_credential_blob = heap_alloc(credential_blob_size); if (!encrypted_credential_blob) return ERROR_OUTOFMEMORY; memcpy(encrypted_credential_blob, credential_blob, credential_blob_size); @@ -457,7 +433,7 @@ static DWORD write_credential_blob(HKEY hkey, LPCWSTR target_name, DWORD type, SystemFunction032(&data, &key); ret = RegSetValueExW(hkey, wszPasswordValue, 0, REG_BINARY, encrypted_credential_blob, credential_blob_size); - HeapFree(GetProcessHeap(), 0, encrypted_credential_blob); + heap_free(encrypted_credential_blob); return ret; } @@ -470,10 +446,10 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential, GetSystemTimeAsFileTime(&LastWritten); - ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (LPVOID)&credential->Flags, + ret = RegSetValueExW(hkey, wszFlagsValue, 0, REG_DWORD, (const BYTE*)&credential->Flags, sizeof(credential->Flags)); if (ret != ERROR_SUCCESS) return ret; - ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (LPVOID)&credential->Type, + ret = RegSetValueExW(hkey, wszTypeValue, 0, REG_DWORD, (const BYTE*)&credential->Type, sizeof(credential->Type)); if (ret != ERROR_SUCCESS) return ret; ret = RegSetValueExW(hkey, NULL, 0, REG_SZ, (LPVOID)credential->TargetName, @@ -488,7 +464,7 @@ static DWORD registry_write_credential(HKEY hkey, const CREDENTIALW *credential, ret = RegSetValueExW(hkey, wszLastWrittenValue, 0, REG_BINARY, (LPVOID)&LastWritten, sizeof(LastWritten)); if (ret != ERROR_SUCCESS) return ret; - ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (LPVOID)&credential->Persist, + ret = RegSetValueExW(hkey, wszPersistValue, 0, REG_DWORD, (const BYTE*)&credential->Persist, sizeof(credential->Persist)); if (ret != ERROR_SUCCESS) return ret; /* FIXME: Attributes */ @@ -518,15 +494,8 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b { OSStatus status; SecKeychainItemRef keychain_item; - char *username; - char *domain = NULL; - char *password; - char *servername; - UInt32 userlen; - UInt32 domainlen = 0; - UInt32 pwlen; - UInt32 serverlen; - LPCWSTR p; + char *username, *password, *servername; + UInt32 userlen, pwlen, serverlen; SecKeychainAttribute attrs[1]; SecKeychainAttributeList attr_list; @@ -539,61 +508,36 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b if (credential->AttributeCount) FIXME("custom attributes not supported\n"); - p = strchrW(credential->UserName, '\\'); - if (p) - { - domainlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName, - p - credential->UserName, NULL, 0, NULL, NULL); - domain = HeapAlloc(GetProcessHeap(), 0, (domainlen + 1) * sizeof(*domain)); - WideCharToMultiByte(CP_UTF8, 0, credential->UserName, p - credential->UserName, - domain, domainlen, NULL, NULL); - domain[domainlen] = '\0'; - p++; - } - else - p = credential->UserName; - userlen = WideCharToMultiByte(CP_UTF8, 0, p, -1, NULL, 0, NULL, NULL); - username = HeapAlloc(GetProcessHeap(), 0, userlen * sizeof(*username)); - WideCharToMultiByte(CP_UTF8, 0, p, -1, username, userlen, NULL, NULL); + userlen = WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, NULL, 0, NULL, NULL); + username = heap_alloc(userlen * sizeof(*username)); + WideCharToMultiByte(CP_UTF8, 0, credential->UserName, -1, username, userlen, NULL, NULL); serverlen = WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, NULL, 0, NULL, NULL); - servername = HeapAlloc(GetProcessHeap(), 0, serverlen * sizeof(*servername)); + servername = heap_alloc(serverlen * sizeof(*servername)); WideCharToMultiByte(CP_UTF8, 0, credential->TargetName, -1, servername, serverlen, NULL, NULL); pwlen = WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob, credential->CredentialBlobSize / sizeof(WCHAR), NULL, 0, NULL, NULL); - password = HeapAlloc(GetProcessHeap(), 0, pwlen * sizeof(*domain)); + password = heap_alloc(pwlen * sizeof(*password)); WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)credential->CredentialBlob, credential->CredentialBlobSize / sizeof(WCHAR), password, pwlen, NULL, NULL); - TRACE("adding server %s, domain %s, username %s using Keychain\n", servername, domain, username); - status = SecKeychainAddInternetPassword(NULL, strlen(servername), servername, - strlen(domain), domain, strlen(username), - username, 0, NULL, 0, - 0 /* no protocol */, - kSecAuthenticationTypeDefault, - strlen(password), password, &keychain_item); + TRACE("adding server %s, username %s using Keychain\n", servername, username); + status = SecKeychainAddGenericPassword(NULL, strlen(servername), servername, strlen(username), + username, strlen(password), password, &keychain_item); if (status != noErr) - ERR("SecKeychainAddInternetPassword returned %ld\n", status); + ERR("SecKeychainAddGenericPassword returned %ld\n", status); if (status == errSecDuplicateItem) { - SecKeychainItemRef keychain_item; - - status = SecKeychainFindInternetPassword(NULL, strlen(servername), servername, - strlen(domain), domain, - strlen(username), username, - 0, NULL /* any path */, 0, - 0 /* any protocol */, - 0 /* any authentication type */, - 0, NULL, &keychain_item); + status = SecKeychainFindGenericPassword(NULL, strlen(servername), servername, strlen(username), + username, NULL, NULL, &keychain_item); if (status != noErr) - ERR("SecKeychainFindInternetPassword returned %ld\n", status); + ERR("SecKeychainFindGenericPassword returned %ld\n", status); } - HeapFree(GetProcessHeap(), 0, domain); - HeapFree(GetProcessHeap(), 0, username); - HeapFree(GetProcessHeap(), 0, servername); + heap_free(username); + heap_free(servername); if (status != noErr) { - HeapFree(GetProcessHeap(), 0, password); + heap_free(password); return ERROR_GEN_FAILURE; } if (credential->Comment) @@ -603,7 +547,7 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b attrs[0].tag = kSecCommentItemAttr; attrs[0].length = WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, NULL, 0, NULL, NULL); if (attrs[0].length) attrs[0].length--; - attrs[0].data = HeapAlloc(GetProcessHeap(), 0, attrs[0].length); + attrs[0].data = heap_alloc(attrs[0].length); WideCharToMultiByte(CP_UTF8, 0, credential->Comment, -1, attrs[0].data, attrs[0].length, NULL, NULL); } else @@ -615,10 +559,12 @@ static DWORD mac_write_credential(const CREDENTIALW *credential, BOOL preserve_b preserve_blob ? 0 : strlen(password), preserve_blob ? NULL : password); if (credential->Comment) - HeapFree(GetProcessHeap(), 0, attrs[0].data); - HeapFree(GetProcessHeap(), 0, password); + heap_free(attrs[0].data); + heap_free(password); /* FIXME: set TargetAlias attribute */ CFRelease(keychain_item); + if (status != noErr) + return ERROR_GEN_FAILURE; return ERROR_SUCCESS; } #endif @@ -698,7 +644,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type) len += sizeof(wszDomPasswdPrefix)/sizeof(wszDomPasswdPrefix[0]); } - key_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + key_name = heap_alloc(len * sizeof(WCHAR)); if (!key_name) return NULL; strcpyW(key_name, prefix); @@ -710,7 +656,7 @@ static LPWSTR get_key_name_for_target(LPCWSTR target_name, DWORD type) return key_name; } -static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter) +static BOOL registry_credential_matches_filter(HKEY hkeyCred, LPCWSTR filter) { LPWSTR target_name; DWORD ret; @@ -726,13 +672,13 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter) else if (type != REG_SZ) return FALSE; - target_name = HeapAlloc(GetProcessHeap(), 0, count); + target_name = heap_alloc(count); if (!target_name) return FALSE; ret = RegQueryValueExW(hkeyCred, NULL, 0, &type, (LPVOID)target_name, &count); if (ret != ERROR_SUCCESS || type != REG_SZ) { - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); return FALSE; } @@ -740,17 +686,17 @@ static BOOL credential_matches_filter(HKEY hkeyCred, LPCWSTR filter) debugstr_w(target_name)); p = strchrW(filter, '*'); - ret = CompareStringW(GetThreadLocale(), 0, filter, + ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter, (p && !p[1] ? p - filter : -1), target_name, (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL; - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); return ret; } static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter, LPWSTR target_name, - DWORD target_name_len, BYTE key_data[KEY_SIZE], + DWORD target_name_len, const BYTE key_data[KEY_SIZE], PCREDENTIALW *credentials, char **buffer, DWORD *len, DWORD *count) { @@ -766,18 +712,12 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter, break; } else if (ret != ERROR_SUCCESS) - { - ret = ERROR_SUCCESS; continue; - } TRACE("target_name = %s\n", debugstr_w(target_name)); ret = RegOpenKeyExW(hkeyMgr, target_name, 0, KEY_QUERY_VALUE, &hkeyCred); if (ret != ERROR_SUCCESS) - { - ret = ERROR_SUCCESS; continue; - } - if (!credential_matches_filter(hkeyCred, filter)) + if (!registry_credential_matches_filter(hkeyCred, filter)) { RegCloseKey(hkeyCred); continue; @@ -801,6 +741,30 @@ static DWORD registry_enumerate_credentials(HKEY hkeyMgr, LPCWSTR filter, } #ifdef __APPLE__ +static BOOL mac_credential_matches_filter(void *data, UInt32 data_len, const WCHAR *filter) +{ + int len; + WCHAR *target_name; + const WCHAR *p; + BOOL ret; + + if (!filter) return TRUE; + + len = MultiByteToWideChar(CP_UTF8, 0, data, data_len, NULL, 0); + if (!(target_name = heap_alloc((len + 1) * sizeof(WCHAR)))) return FALSE; + MultiByteToWideChar(CP_UTF8, 0, data, data_len, target_name, len); + target_name[len] = 0; + + TRACE("comparing filter %s to target name %s\n", debugstr_w(filter), debugstr_w(target_name)); + + p = strchrW(filter, '*'); + ret = CompareStringW(GetThreadLocale(), NORM_IGNORECASE, filter, + (p && !p[1] ? p - filter : -1), target_name, + (p && !p[1] ? p - filter : -1)) == CSTR_EQUAL; + heap_free(target_name); + return ret; +} + static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials, char *buffer, DWORD *len, DWORD *count) { @@ -813,14 +777,16 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials SecKeychainGetUserInteractionAllowed(&saved_user_interaction_allowed); SecKeychainSetUserInteractionAllowed(false); - status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search); + status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search); if (status == noErr) { while (SecKeychainSearchCopyNext(search, &item) == noErr) { SecKeychainAttributeInfo info; SecKeychainAttributeList *attr_list; - UInt32 info_tags[] = { kSecServerItemAttr }; + UInt32 info_tags[] = { kSecServiceItemAttr }; + BOOL match; + info.count = sizeof(info_tags)/sizeof(info_tags[0]); info.tag = info_tags; info.format = NULL; @@ -837,10 +803,15 @@ static DWORD mac_enumerate_credentials(LPCWSTR filter, PCREDENTIALW *credentials } else *len += sizeof(CREDENTIALW); - if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) continue; - TRACE("server item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data); - /* FIXME: filter based on attr_list->attr[0].data */ + if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr) + { + SecKeychainItemFreeAttributesAndData(attr_list, NULL); + continue; + } + TRACE("service item: %.*s\n", (int)attr_list->attr[0].length, (char *)attr_list->attr[0].data); + match = mac_credential_matches_filter(attr_list->attr[0].data, attr_list->attr[0].length, filter); SecKeychainItemFreeAttributesAndData(attr_list, NULL); + if (!match) continue; ret = mac_read_credential_from_item(item, FALSE, buffer ? credentials[*count] : NULL, buffer ? buffer + sizeof(CREDENTIALW) : NULL, @@ -864,7 +835,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName) { OSStatus status; SecKeychainSearchRef search; - status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search); + status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search); if (status == noErr) { SecKeychainItemRef item; @@ -872,7 +843,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName) { SecKeychainAttributeInfo info; SecKeychainAttributeList *attr_list; - UInt32 info_tags[] = { kSecServerItemAttr }; + UInt32 info_tags[] = { kSecServiceItemAttr }; LPWSTR target_name; INT str_len; info.count = sizeof(info_tags)/sizeof(info_tags[0]); @@ -884,23 +855,23 @@ static DWORD mac_delete_credential(LPCWSTR TargetName) WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status); continue; } - if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) + if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr) { CFRelease(item); continue; } str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0); - target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR)); + target_name = heap_alloc((str_len + 1) * sizeof(WCHAR)); MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len); /* nul terminate */ target_name[str_len] = '\0'; if (strcmpiW(TargetName, target_name)) { CFRelease(item); - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); continue; } - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); SecKeychainItemFreeAttributesAndData(attr_list, NULL); SecKeychainItemDelete(item); CFRelease(item); @@ -921,7 +892,7 @@ static DWORD mac_delete_credential(LPCWSTR TargetName) * */ -static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, INT len) +static INT convert_PCREDENTIALW_to_PCREDENTIALA(const CREDENTIALW *CredentialW, PCREDENTIALA CredentialA, DWORD len) { char *buffer; INT string_len; @@ -1113,7 +1084,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags) } len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0); - TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + TargetNameW = heap_alloc(len * sizeof(WCHAR)); if (!TargetNameW) { SetLastError(ERROR_OUTOFMEMORY); @@ -1123,7 +1094,7 @@ BOOL WINAPI CredDeleteA(LPCSTR TargetName, DWORD Type, DWORD Flags) ret = CredDeleteW(TargetNameW, Type, Flags); - HeapFree(GetProcessHeap(), 0, TargetNameW); + heap_free(TargetNameW); return ret; } @@ -1178,7 +1149,7 @@ BOOL WINAPI CredDeleteW(LPCWSTR TargetName, DWORD Type, DWORD Flags) key_name = get_key_name_for_target(TargetName, Type); ret = RegDeleteKeyW(hkeyMgr, key_name); - HeapFree(GetProcessHeap(), 0, key_name); + heap_free(key_name); RegCloseKey(hkeyMgr); if (ret != ERROR_SUCCESS) { @@ -1207,7 +1178,7 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count, if (Filter) { len = MultiByteToWideChar(CP_ACP, 0, Filter, -1, NULL, 0); - FilterW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + FilterW = heap_alloc(len * sizeof(WCHAR)); if (!FilterW) { SetLastError(ERROR_OUTOFMEMORY); @@ -1220,16 +1191,16 @@ BOOL WINAPI CredEnumerateA(LPCSTR Filter, DWORD Flags, DWORD *Count, if (!CredEnumerateW(FilterW, Flags, Count, &CredentialsW)) { - HeapFree(GetProcessHeap(), 0, FilterW); + heap_free(FilterW); return FALSE; } - HeapFree(GetProcessHeap(), 0, FilterW); + heap_free(FilterW); len = *Count * sizeof(PCREDENTIALA); for (i = 0; i < *Count; i++) len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0); - *Credentials = HeapAlloc(GetProcessHeap(), 0, len); + *Credentials = heap_alloc(len); if (!*Credentials) { CredFree(CredentialsW); @@ -1298,7 +1269,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count, return FALSE; } - target_name = HeapAlloc(GetProcessHeap(), 0, (target_name_len+1)*sizeof(WCHAR)); + target_name = heap_alloc((target_name_len+1)*sizeof(WCHAR)); if (!target_name) { RegCloseKey(hkeyMgr); @@ -1318,7 +1289,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count, ret = ERROR_NOT_FOUND; if (ret != ERROR_SUCCESS) { - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); RegCloseKey(hkeyMgr); SetLastError(ret); return FALSE; @@ -1327,7 +1298,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count, if (ret == ERROR_SUCCESS) { - buffer = HeapAlloc(GetProcessHeap(), 0, len); + buffer = heap_alloc(len); *Credentials = (PCREDENTIALW *)buffer; if (buffer) { @@ -1347,7 +1318,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count, ret = ERROR_OUTOFMEMORY; } - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); RegCloseKey(hkeyMgr); if (ret != ERROR_SUCCESS) @@ -1363,7 +1334,7 @@ BOOL WINAPI CredEnumerateW(LPCWSTR Filter, DWORD Flags, DWORD *Count, */ VOID WINAPI CredFree(PVOID Buffer) { - HeapFree(GetProcessHeap(), 0, Buffer); + heap_free(Buffer); } /****************************************************************************** @@ -1384,7 +1355,7 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA * } len = MultiByteToWideChar(CP_ACP, 0, TargetName, -1, NULL, 0); - TargetNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + TargetNameW = heap_alloc(len * sizeof(WCHAR)); if (!TargetNameW) { SetLastError(ERROR_OUTOFMEMORY); @@ -1394,13 +1365,13 @@ BOOL WINAPI CredReadA(LPCSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALA * if (!CredReadW(TargetNameW, Type, Flags, &CredentialW)) { - HeapFree(GetProcessHeap(), 0, TargetNameW); + heap_free(TargetNameW); return FALSE; } - HeapFree(GetProcessHeap(), 0, TargetNameW); + heap_free(TargetNameW); len = convert_PCREDENTIALW_to_PCREDENTIALA(CredentialW, NULL, 0); - *Credential = HeapAlloc(GetProcessHeap(), 0, len); + *Credential = heap_alloc(len); if (!*Credential) { SetLastError(ERROR_OUTOFMEMORY); @@ -1452,7 +1423,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW { OSStatus status; SecKeychainSearchRef search; - status = SecKeychainSearchCreateFromAttributes(NULL, kSecInternetPasswordItemClass, NULL, &search); + status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, NULL, &search); if (status == noErr) { SecKeychainItemRef item; @@ -1460,7 +1431,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW { SecKeychainAttributeInfo info; SecKeychainAttributeList *attr_list; - UInt32 info_tags[] = { kSecServerItemAttr }; + UInt32 info_tags[] = { kSecServiceItemAttr }; LPWSTR target_name; INT str_len; info.count = sizeof(info_tags)/sizeof(info_tags[0]); @@ -1473,28 +1444,28 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status); continue; } - if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServerItemAttr) + if (attr_list->count != 1 || attr_list->attr[0].tag != kSecServiceItemAttr) { CFRelease(item); continue; } str_len = MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, NULL, 0); - target_name = HeapAlloc(GetProcessHeap(), 0, (str_len + 1) * sizeof(WCHAR)); + target_name = heap_alloc((str_len + 1) * sizeof(WCHAR)); MultiByteToWideChar(CP_UTF8, 0, attr_list->attr[0].data, attr_list->attr[0].length, target_name, str_len); /* nul terminate */ target_name[str_len] = '\0'; if (strcmpiW(TargetName, target_name)) { CFRelease(item); - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); continue; } - HeapFree(GetProcessHeap(), 0, target_name); + heap_free(target_name); SecKeychainItemFreeAttributesAndData(attr_list, NULL); ret = mac_read_credential_from_item(item, TRUE, NULL, NULL, &len); if (ret == ERROR_SUCCESS) { - *Credential = HeapAlloc(GetProcessHeap(), 0, len); + *Credential = heap_alloc(len); if (*Credential) { len = sizeof(**Credential); @@ -1537,7 +1508,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW key_name = get_key_name_for_target(TargetName, Type); ret = RegOpenKeyExW(hkeyMgr, key_name, 0, KEY_QUERY_VALUE, &hkeyCred); - HeapFree(GetProcessHeap(), 0, key_name); + heap_free(key_name); if (ret != ERROR_SUCCESS) { TRACE("credentials for target name %s not found\n", debugstr_w(TargetName)); @@ -1549,7 +1520,7 @@ BOOL WINAPI CredReadW(LPCWSTR TargetName, DWORD Type, DWORD Flags, PCREDENTIALW ret = registry_read_credential(hkeyCred, NULL, key_data, NULL, &len); if (ret == ERROR_SUCCESS) { - *Credential = HeapAlloc(GetProcessHeap(), 0, len); + *Credential = heap_alloc(len); if (*Credential) { len = sizeof(**Credential); @@ -1578,7 +1549,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf DWORD Flags, DWORD *Size, PCREDENTIALA **Credentials) { PCREDENTIAL_TARGET_INFORMATIONW TargetInformationW; - INT len, i; + INT len; + DWORD i; WCHAR *buffer, *end; BOOL ret; PCREDENTIALW* CredentialsW; @@ -1611,7 +1583,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf if (TargetInformation->PackageName) len += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, NULL, 0) * sizeof(WCHAR); - TargetInformationW = HeapAlloc(GetProcessHeap(), 0, len); + TargetInformationW = heap_alloc(len); if (!TargetInformationW) { SetLastError(ERROR_OUTOFMEMORY); @@ -1671,8 +1643,8 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf if (TargetInformation->PackageName) { TargetInformationW->PackageName = buffer; - buffer += MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, - TargetInformationW->PackageName, end - buffer); + MultiByteToWideChar(CP_ACP, 0, TargetInformation->PackageName, -1, + TargetInformationW->PackageName, end - buffer); } else TargetInformationW->PackageName = NULL; @@ -1682,7 +1654,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf ret = CredReadDomainCredentialsW(TargetInformationW, Flags, Size, &CredentialsW); - HeapFree(GetProcessHeap(), 0, TargetInformationW); + heap_free(TargetInformationW); if (ret) { @@ -1693,7 +1665,7 @@ BOOL WINAPI CredReadDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInf for (i = 0; i < *Size; i++) len += convert_PCREDENTIALW_to_PCREDENTIALA(CredentialsW[i], NULL, 0); - *Credentials = HeapAlloc(GetProcessHeap(), 0, len); + *Credentials = heap_alloc(len); if (!*Credentials) { CredFree(CredentialsW); @@ -1755,7 +1727,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags) } len = convert_PCREDENTIALA_to_PCREDENTIALW(Credential, NULL, 0); - CredentialW = HeapAlloc(GetProcessHeap(), 0, len); + CredentialW = heap_alloc(len); if (!CredentialW) { SetLastError(ERROR_OUTOFMEMORY); @@ -1766,7 +1738,7 @@ BOOL WINAPI CredWriteA(PCREDENTIALA Credential, DWORD Flags) ret = CredWriteW(CredentialW, Flags); - HeapFree(GetProcessHeap(), 0, CredentialW); + heap_free(CredentialW); return ret; } @@ -1804,13 +1776,19 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags) return FALSE; } + TRACE("Credential->Flags = 0x%08x\n", Credential->Flags); + TRACE("Credential->Type = %u\n", Credential->Type); TRACE("Credential->TargetName = %s\n", debugstr_w(Credential->TargetName)); + TRACE("Credential->Comment = %s\n", debugstr_w(Credential->Comment)); + TRACE("Credential->Persist = %u\n", Credential->Persist); + TRACE("Credential->TargetAlias = %s\n", debugstr_w(Credential->TargetAlias)); TRACE("Credential->UserName = %s\n", debugstr_w(Credential->UserName)); if (Credential->Type == CRED_TYPE_DOMAIN_PASSWORD) { if (!Credential->UserName || - (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@'))) + (Credential->Persist == CRED_PERSIST_ENTERPRISE && + (!strchrW(Credential->UserName, '\\') && !strchrW(Credential->UserName, '@')))) { ERR("bad username %s\n", debugstr_w(Credential->UserName)); SetLastError(ERROR_BAD_USERNAME); @@ -1853,7 +1831,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags) ret = RegCreateKeyExW(hkeyMgr, key_name, 0, NULL, Credential->Persist == CRED_PERSIST_SESSION ? REG_OPTION_VOLATILE : REG_OPTION_NON_VOLATILE, KEY_READ|KEY_WRITE, NULL, &hkeyCred, NULL); - HeapFree(GetProcessHeap(), 0, key_name); + heap_free(key_name); if (ret != ERROR_SUCCESS) { TRACE("credentials for target name %s not found\n", @@ -1879,7 +1857,7 @@ BOOL WINAPI CredWriteW(PCREDENTIALW Credential, DWORD Flags) /****************************************************************************** * CredGetSessionTypes [ADVAPI32.@] */ -BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists) +WINADVAPI BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists) { TRACE("(%u, %p)\n", persistCount, persists); @@ -1896,42 +1874,320 @@ BOOL WINAPI CredGetSessionTypes(DWORD persistCount, LPDWORD persists) return TRUE; } -BOOL -WINAPI -CredWriteDomainCredentialsW(PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, - PCREDENTIALW Credential, - DWORD Flags) +/****************************************************************************** + * CredMarshalCredentialA [ADVAPI32.@] + */ +BOOL WINAPI CredMarshalCredentialA( CRED_MARSHAL_TYPE type, PVOID cred, LPSTR *out ) { - WARN("Not implemented\n"); - return FALSE; + BOOL ret; + WCHAR *outW; + + TRACE("%u, %p, %p\n", type, cred, out); + + if ((ret = CredMarshalCredentialW( type, cred, &outW ))) + { + int len = WideCharToMultiByte( CP_ACP, 0, outW, -1, NULL, 0, NULL, NULL ); + if (!(*out = heap_alloc( len ))) + { + heap_free( outW ); + return FALSE; + } + WideCharToMultiByte( CP_ACP, 0, outW, -1, *out, len, NULL, NULL ); + heap_free( outW ); + } + return ret; } -BOOL -WINAPI -CredWriteDomainCredentialsA(PCREDENTIAL_TARGET_INFORMATIONA TargetInfo, - PCREDENTIALA Credential, - DWORD Flags) +static UINT cred_encode( const char *bin, unsigned int len, WCHAR *cred ) { - WARN("Not implemented\n"); - return FALSE; + static const char enc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789#-"; + UINT n = 0, x; + + while (len > 0) + { + cred[n++] = enc[bin[0] & 0x3f]; + x = (bin[0] & 0xc0) >> 6; + if (len == 1) + { + cred[n++] = enc[x]; + break; + } + cred[n++] = enc[((bin[1] & 0xf) << 2) | x]; + x = (bin[1] & 0xf0) >> 4; + if (len == 2) + { + cred[n++] = enc[x]; + break; + } + cred[n++] = enc[((bin[2] & 0x3) << 4) | x]; + cred[n++] = enc[(bin[2] & 0xfc) >> 2]; + bin += 3; + len -= 3; + } + return n; } -BOOL -WINAPI -CredUnmarshalCredentialW(LPCWSTR MarshaledCredential, - PCRED_MARSHAL_TYPE CredType, - PVOID *Credential) +/****************************************************************************** + * CredMarshalCredentialW [ADVAPI32.@] + */ +BOOL WINAPI CredMarshalCredentialW( CRED_MARSHAL_TYPE type, PVOID cred, LPWSTR *out ) { - WARN("Not implemented\n"); - return FALSE; + CERT_CREDENTIAL_INFO *cert = cred; + USERNAME_TARGET_CREDENTIAL_INFO *target = cred; + DWORD len, size; + WCHAR *p; + + TRACE("%u, %p, %p\n", type, cred, out); + + if (!cred || (type == CertCredential && cert->cbSize < sizeof(*cert)) || + (type != CertCredential && type != UsernameTargetCredential && type != BinaryBlobCredential) || + (type == UsernameTargetCredential && (!target->UserName || !target->UserName[0]))) + { + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + switch (type) + { + case CertCredential: + { + size = (sizeof(cert->rgbHashOfCert) + 2) * 4 / 3; + if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE; + p[0] = '@'; + p[1] = '@'; + p[2] = 'A' + type; + len = cred_encode( (const char *)cert->rgbHashOfCert, sizeof(cert->rgbHashOfCert), p + 3 ); + p[len + 3] = 0; + break; + } + case UsernameTargetCredential: + { + len = strlenW( target->UserName ); + size = (sizeof(DWORD) + len * sizeof(WCHAR) + 2) * 4 / 3; + if (!(p = heap_alloc( (size + 4) * sizeof(WCHAR) ))) return FALSE; + p[0] = '@'; + p[1] = '@'; + p[2] = 'A' + type; + size = len * sizeof(WCHAR); + len = cred_encode( (const char *)&size, sizeof(DWORD), p + 3 ); + len += cred_encode( (const char *)target->UserName, size, p + 3 + len ); + p[len + 3] = 0; + break; + } + case BinaryBlobCredential: + FIXME("BinaryBlobCredential not implemented\n"); + return FALSE; + default: + return FALSE; + } + *out = p; + return TRUE; } -BOOL -WINAPI -CredUnmarshalCredentialA(LPCSTR MarshaledCredential, - PCRED_MARSHAL_TYPE CredType, - PVOID *Credential) +/****************************************************************************** + * CredUnmarshalCredentialA [ADVAPI32.@] + */ +BOOL WINAPI CredUnmarshalCredentialA( LPCSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out ) { - WARN("Not implemented\n"); + BOOL ret; + WCHAR *credW = NULL; + + TRACE("%s, %p, %p\n", debugstr_a(cred), type, out); + + if (cred) + { + int len = MultiByteToWideChar( CP_ACP, 0, cred, -1, NULL, 0 ); + if (!(credW = heap_alloc( len * sizeof(WCHAR) ))) return FALSE; + MultiByteToWideChar( CP_ACP, 0, cred, -1, credW, len ); + } + ret = CredUnmarshalCredentialW( credW, type, out ); + heap_free( credW ); + return ret; +} + +static inline char char_decode( WCHAR c ) +{ + if (c >= 'A' && c <= 'Z') return c - 'A'; + if (c >= 'a' && c <= 'z') return c - 'a' + 26; + if (c >= '0' && c <= '9') return c - '0' + 52; + if (c == '#') return 62; + if (c == '-') return 63; + return 64; +} + +static BOOL cred_decode( const WCHAR *cred, unsigned int len, char *buf ) +{ + unsigned int i = 0; + char c0, c1, c2, c3; + const WCHAR *p = cred; + + while (len >= 4) + { + if ((c0 = char_decode( p[0] )) > 63) return FALSE; + if ((c1 = char_decode( p[1] )) > 63) return FALSE; + if ((c2 = char_decode( p[2] )) > 63) return FALSE; + if ((c3 = char_decode( p[3] )) > 63) return FALSE; + + buf[i + 0] = (c1 << 6) | c0; + buf[i + 1] = (c2 << 4) | (c1 >> 2); + buf[i + 2] = (c3 << 2) | (c2 >> 4); + len -= 4; + i += 3; + p += 4; + } + if (len == 3) + { + if ((c0 = char_decode( p[0] )) > 63) return FALSE; + if ((c1 = char_decode( p[1] )) > 63) return FALSE; + if ((c2 = char_decode( p[2] )) > 63) return FALSE; + + buf[i + 0] = (c1 << 6) | c0; + buf[i + 1] = (c2 << 4) | (c1 >> 2); + } + else if (len == 2) + { + if ((c0 = char_decode( p[0] )) > 63) return FALSE; + if ((c1 = char_decode( p[1] )) > 63) return FALSE; + + buf[i + 0] = (c1 << 6) | c0; + } + else if (len == 1) + { + return FALSE; + } + return TRUE; +} + +/****************************************************************************** + * CredUnmarshalCredentialW [ADVAPI32.@] + */ +BOOL WINAPI CredUnmarshalCredentialW( LPCWSTR cred, PCRED_MARSHAL_TYPE type, PVOID *out ) +{ + unsigned int len, buflen; + + TRACE("%s, %p, %p\n", debugstr_w(cred), type, out); + + if (!cred || cred[0] != '@' || cred[1] != '@' || + char_decode( cred[2] ) > 63) + { + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + len = strlenW( cred + 3 ); + *type = char_decode( cred[2] ); + switch (*type) + { + case CertCredential: + { + char hash[CERT_HASH_LENGTH]; + CERT_CREDENTIAL_INFO *cert; + + if (len != 27 || !cred_decode( cred + 3, len, hash )) + { + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + if (!(cert = heap_alloc( sizeof(*cert) ))) return FALSE; + memcpy( cert->rgbHashOfCert, hash, sizeof(cert->rgbHashOfCert) ); + cert->cbSize = sizeof(*cert); + *out = cert; + break; + } + case UsernameTargetCredential: + { + USERNAME_TARGET_CREDENTIAL_INFO *target; + DWORD size; + + if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || + size % sizeof(WCHAR) || len - 6 != (size * 4 + 2) / 3) + { + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + buflen = sizeof(*target) + size + sizeof(WCHAR); + if (!(target = heap_alloc( buflen ))) return FALSE; + if (!cred_decode( cred + 9, len - 6, (char *)(target + 1) )) + { + heap_free( target ); + return FALSE; + } + target->UserName = (WCHAR *)(target + 1); + target->UserName[size / sizeof(WCHAR)] = 0; + *out = target; + break; + } + case BinaryBlobCredential: + FIXME("BinaryBlobCredential not implemented\n"); + return FALSE; + default: + WARN("unhandled type %u\n", *type); + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + return TRUE; +} + +/****************************************************************************** + * CredIsMarshaledCredentialW [ADVAPI32.@] + * + * Check, if the name parameter is a marshaled credential, hash or binary blob + * + * PARAMS + * name the name to check + * + * RETURNS + * TRUE: the name parameter is a marshaled credential, hash or binary blob + * FALSE: the name is a plain username + */ +BOOL WINAPI CredIsMarshaledCredentialW(LPCWSTR name) +{ + TRACE("(%s)\n", debugstr_w(name)); + + if (name && name[0] == '@' && name[1] == '@' && name[2] > 'A' && name[3]) + { + char hash[CERT_HASH_LENGTH]; + int len = strlenW(name + 3 ); + DWORD size; + + if ((name[2] - 'A') == CertCredential && (len == 27) && cred_decode(name + 3, len, hash)) + return TRUE; + + if (((name[2] - 'A') == UsernameTargetCredential) && + (len >= 9) && cred_decode(name + 3, 6, (char *)&size) && size) + return TRUE; + + if ((name[2] - 'A') == BinaryBlobCredential) + FIXME("BinaryBlobCredential not checked\n"); + + if ((name[2] - 'A') > BinaryBlobCredential) + TRACE("unknown type: %d\n", (name[2] - 'A')); + } + + SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } + +/****************************************************************************** + * CredIsMarshaledCredentialA [ADVAPI32.@] + * + * See CredIsMarshaledCredentialW + * + */ +BOOL WINAPI CredIsMarshaledCredentialA(LPCSTR name) +{ + LPWSTR nameW = NULL; + BOOL res; + int len; + + TRACE("(%s)\n", debugstr_a(name)); + + if (name) + { + len = MultiByteToWideChar(CP_ACP, 0, name, -1, NULL, 0); + nameW = heap_alloc(len * sizeof(WCHAR)); + MultiByteToWideChar(CP_ACP, 0, name, -1, nameW, len); + } + + res = CredIsMarshaledCredentialW(nameW); + heap_free(nameW); + return res; +}