1053 lines
27 KiB
C
1053 lines
27 KiB
C
/*++ BUILD Version: 0001 // Increment this if a change has global effects
|
|
|
|
Copyright (c) 2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
wincred.h
|
|
|
|
Abstract:
|
|
|
|
This module contains the public data structures and API definitions
|
|
needed for the Credential Manager.
|
|
|
|
|
|
Author:
|
|
|
|
Cliff Van Dyke (CliffV) 11-January-2000
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _WINCRED_H_
|
|
#define _WINCRED_H_
|
|
|
|
#if !defined(_ADVAPI32_)
|
|
#define WINADVAPI DECLSPEC_IMPORT
|
|
#else
|
|
#define WINADVAPI
|
|
#endif
|
|
|
|
#if !defined(CREDUIAPI)
|
|
#if !defined(_CREDUI_)
|
|
#define CREDUIAPI DECLSPEC_IMPORT
|
|
#else
|
|
#define CREDUIAPI
|
|
#endif
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
//
|
|
// Ensure PCtxtHandle is defined
|
|
//
|
|
|
|
#ifndef __SECHANDLE_DEFINED__
|
|
typedef struct _SecHandle
|
|
{
|
|
ULONG_PTR dwLower ;
|
|
ULONG_PTR dwUpper ;
|
|
} SecHandle, * PSecHandle ;
|
|
|
|
#define __SECHANDLE_DEFINED__
|
|
#endif // __SECHANDLE_DEFINED__
|
|
|
|
typedef PSecHandle PCtxtHandle;
|
|
|
|
|
|
|
|
//
|
|
// Ensure FILETIME is defined
|
|
//
|
|
|
|
#ifndef _WINBASE_
|
|
#ifndef _FILETIME_
|
|
#define _FILETIME_
|
|
typedef struct _FILETIME
|
|
{
|
|
DWORD dwLowDateTime;
|
|
DWORD dwHighDateTime;
|
|
} FILETIME;
|
|
|
|
typedef struct _FILETIME *PFILETIME;
|
|
|
|
typedef struct _FILETIME *LPFILETIME;
|
|
|
|
#endif // !_FILETIME
|
|
#endif // _WINBASE_
|
|
|
|
//
|
|
// Ensure NTSTATUS is defined
|
|
//
|
|
#ifndef _NTDEF_
|
|
typedef LONG NTSTATUS, *PNTSTATUS;
|
|
#endif
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Macros
|
|
//-----------------------------------------------------------------------------
|
|
|
|
//
|
|
// Macro to determine whether CredUIPromptForCredentials should be called upon a failed
|
|
// authentication attempt.
|
|
//
|
|
// Implemented as a macro so that the caller can delay load credui.dll only if this
|
|
// macro returns TRUE.
|
|
//
|
|
// Include only status codes that imply the username/password are wrong or that the
|
|
// password is expired. In the former case, asking for a another username or password
|
|
// is appropriate. In the later case, we put up a different dialog asking the
|
|
// user to change the password on the server.
|
|
//
|
|
// Don't include status codes such as ERROR_ACCOUNT_DISABLED, ERROR_ACCOUNT_RESTRICTION,
|
|
// ERROR_ACCOUNT_LOCKED_OUT, ERROR_ACCOUNT_EXPIRED, ERROR_LOGON_TYPE_NOT_GRANTED.
|
|
// For those, the user isn't going to have another account so prompting him
|
|
// won't help.
|
|
//
|
|
// STATUS_DOWNGRADE_DETECTED is included to handle the case where a corporate laptop
|
|
// is brought to another LAN. A downgrade attack will indeed be detected,
|
|
// but we want to popup UI to allow the user to connect to resources in the
|
|
// other LAN.
|
|
//
|
|
// Don't use the CREDUIP_* macros directly. Their definition is private to credui.dll.
|
|
//
|
|
|
|
// Don't require ntstatus.h
|
|
#define STATUS_LOGON_FAILURE ((NTSTATUS)0xC000006DL) // ntsubauth
|
|
#define STATUS_WRONG_PASSWORD ((NTSTATUS)0xC000006AL) // ntsubauth
|
|
#define STATUS_PASSWORD_EXPIRED ((NTSTATUS)0xC0000071L) // ntsubauth
|
|
#define STATUS_PASSWORD_MUST_CHANGE ((NTSTATUS)0xC0000224L) // ntsubauth
|
|
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
|
|
#define STATUS_DOWNGRADE_DETECTED ((NTSTATUS)0xC0000388L)
|
|
#define STATUS_AUTHENTICATION_FIREWALL_FAILED ((NTSTATUS)0xC0000413L)
|
|
#define STATUS_ACCOUNT_DISABLED ((NTSTATUS)0xC0000072L) // ntsubauth
|
|
#define STATUS_ACCOUNT_RESTRICTION ((NTSTATUS)0xC000006EL) // ntsubauth
|
|
#define STATUS_ACCOUNT_LOCKED_OUT ((NTSTATUS)0xC0000234L) // ntsubauth
|
|
#define STATUS_ACCOUNT_EXPIRED ((NTSTATUS)0xC0000193L) // ntsubauth
|
|
#define STATUS_LOGON_TYPE_NOT_GRANTED ((NTSTATUS)0xC000015BL)
|
|
|
|
// Don't require lmerr.h
|
|
#define NERR_BASE 2100
|
|
#define NERR_PasswordExpired (NERR_BASE+142) /* The password of this user has expired. */
|
|
|
|
#define CREDUIP_IS_USER_PASSWORD_ERROR( _Status ) ( \
|
|
(_Status) == ERROR_LOGON_FAILURE || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_LOGON_FAILURE ) || \
|
|
(_Status) == STATUS_LOGON_FAILURE || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_LOGON_FAILURE ) || \
|
|
(_Status) == ERROR_ACCESS_DENIED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_ACCESS_DENIED ) || \
|
|
(_Status) == STATUS_ACCESS_DENIED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_ACCESS_DENIED ) || \
|
|
(_Status) == ERROR_INVALID_PASSWORD || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_INVALID_PASSWORD ) || \
|
|
(_Status) == STATUS_WRONG_PASSWORD || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_WRONG_PASSWORD ) || \
|
|
(_Status) == SEC_E_NO_CREDENTIALS || \
|
|
(_Status) == SEC_E_LOGON_DENIED \
|
|
)
|
|
|
|
#define CREDUIP_IS_DOWNGRADE_ERROR( _Status ) ( \
|
|
(_Status) == ERROR_DOWNGRADE_DETECTED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_DOWNGRADE_DETECTED ) || \
|
|
(_Status) == STATUS_DOWNGRADE_DETECTED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_DOWNGRADE_DETECTED ) \
|
|
)
|
|
|
|
#define CREDUIP_IS_EXPIRED_ERROR( _Status ) ( \
|
|
(_Status) == ERROR_PASSWORD_EXPIRED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_PASSWORD_EXPIRED ) || \
|
|
(_Status) == STATUS_PASSWORD_EXPIRED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_PASSWORD_EXPIRED ) || \
|
|
(_Status) == ERROR_PASSWORD_MUST_CHANGE || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_PASSWORD_MUST_CHANGE ) || \
|
|
(_Status) == STATUS_PASSWORD_MUST_CHANGE || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_PASSWORD_MUST_CHANGE ) || \
|
|
(_Status) == NERR_PasswordExpired || \
|
|
(_Status) == HRESULT_FROM_WIN32( NERR_PasswordExpired ) \
|
|
)
|
|
|
|
#define CREDUI_IS_AUTHENTICATION_ERROR( _Status ) ( \
|
|
CREDUIP_IS_USER_PASSWORD_ERROR( _Status ) || \
|
|
CREDUIP_IS_DOWNGRADE_ERROR( _Status ) || \
|
|
CREDUIP_IS_EXPIRED_ERROR( _Status ) \
|
|
)
|
|
|
|
#define CREDUI_NO_PROMPT_AUTHENTICATION_ERROR( _Status ) ( \
|
|
(_Status) == ERROR_AUTHENTICATION_FIREWALL_FAILED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_AUTHENTICATION_FIREWALL_FAILED ) || \
|
|
(_Status) == STATUS_AUTHENTICATION_FIREWALL_FAILED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_AUTHENTICATION_FIREWALL_FAILED ) || \
|
|
(_Status) == ERROR_ACCOUNT_DISABLED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_ACCOUNT_DISABLED ) || \
|
|
(_Status) == STATUS_ACCOUNT_DISABLED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_ACCOUNT_DISABLED ) || \
|
|
(_Status) == ERROR_ACCOUNT_RESTRICTION || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_ACCOUNT_RESTRICTION ) || \
|
|
(_Status) == STATUS_ACCOUNT_RESTRICTION || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_ACCOUNT_RESTRICTION ) || \
|
|
(_Status) == ERROR_ACCOUNT_LOCKED_OUT || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_ACCOUNT_LOCKED_OUT ) || \
|
|
(_Status) == STATUS_ACCOUNT_LOCKED_OUT || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_ACCOUNT_LOCKED_OUT ) || \
|
|
(_Status) == ERROR_ACCOUNT_EXPIRED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_ACCOUNT_EXPIRED ) || \
|
|
(_Status) == STATUS_ACCOUNT_EXPIRED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_ACCOUNT_EXPIRED ) || \
|
|
(_Status) == ERROR_LOGON_TYPE_NOT_GRANTED || \
|
|
(_Status) == HRESULT_FROM_WIN32( ERROR_LOGON_TYPE_NOT_GRANTED ) || \
|
|
(_Status) == STATUS_LOGON_TYPE_NOT_GRANTED || \
|
|
(_Status) == HRESULT_FROM_NT( STATUS_LOGON_TYPE_NOT_GRANTED ) \
|
|
)
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Structures
|
|
//-----------------------------------------------------------------------------
|
|
|
|
//
|
|
// Credential Attribute
|
|
//
|
|
|
|
// Maximum length of the various credential string fields (in characters)
|
|
#define CRED_MAX_STRING_LENGTH 256
|
|
|
|
// Maximum length of the UserName field. The worst case is <User>@<DnsDomain>
|
|
#define CRED_MAX_USERNAME_LENGTH (256+1+256)
|
|
|
|
// Maximum length of the TargetName field for CRED_TYPE_GENERIC (in characters)
|
|
#define CRED_MAX_GENERIC_TARGET_NAME_LENGTH 32767
|
|
|
|
// Maximum length of the TargetName field for CRED_TYPE_DOMAIN_* (in characters)
|
|
// Largest one is <DfsRoot>\<DfsShare>
|
|
#define CRED_MAX_DOMAIN_TARGET_NAME_LENGTH (256+1+80)
|
|
|
|
// Maximum size of the Credential Attribute Value field (in bytes)
|
|
#define CRED_MAX_VALUE_SIZE 256
|
|
|
|
// Maximum number of attributes per credential
|
|
#define CRED_MAX_ATTRIBUTES 64
|
|
|
|
typedef struct _CREDENTIAL_ATTRIBUTEA {
|
|
LPSTR Keyword;
|
|
DWORD Flags;
|
|
DWORD ValueSize;
|
|
LPBYTE Value;
|
|
} CREDENTIAL_ATTRIBUTEA, *PCREDENTIAL_ATTRIBUTEA;
|
|
|
|
typedef struct _CREDENTIAL_ATTRIBUTEW {
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t * Keyword;
|
|
#else // MIDL_PASS
|
|
LPWSTR Keyword;
|
|
#endif // MIDL_PASS
|
|
DWORD Flags;
|
|
#ifdef MIDL_PASS
|
|
[range(0,CRED_MAX_VALUE_SIZE)]
|
|
#endif // MIDL_PASS
|
|
DWORD ValueSize;
|
|
#ifdef MIDL_PASS
|
|
[size_is(ValueSize)]
|
|
#endif // MIDL_PASS
|
|
LPBYTE Value;
|
|
} CREDENTIAL_ATTRIBUTEW, *PCREDENTIAL_ATTRIBUTEW;
|
|
|
|
#ifdef UNICODE
|
|
typedef CREDENTIAL_ATTRIBUTEW CREDENTIAL_ATTRIBUTE;
|
|
typedef PCREDENTIAL_ATTRIBUTEW PCREDENTIAL_ATTRIBUTE;
|
|
#else
|
|
typedef CREDENTIAL_ATTRIBUTEA CREDENTIAL_ATTRIBUTE;
|
|
typedef PCREDENTIAL_ATTRIBUTEA PCREDENTIAL_ATTRIBUTE;
|
|
#endif // UNICODE
|
|
|
|
//
|
|
// Special values of the TargetName field
|
|
//
|
|
#define CRED_SESSION_WILDCARD_NAME_W L"*Session"
|
|
#define CRED_SESSION_WILDCARD_NAME_A "*Session"
|
|
#define CRED_SESSION_WILDCARD_NAME_LENGTH (sizeof(CRED_SESSION_WILDCARD_NAME_A)-1)
|
|
|
|
#ifdef UNICODE
|
|
#define CRED_SESSION_WILDCARD_NAME CRED_SESSION_WILDCARD_NAME_W
|
|
#else
|
|
#define CRED_SESSION_WILDCARD_NAME CRED_SESSION_WILDCARD_NAME_A
|
|
#endif // UNICODE
|
|
|
|
|
|
//
|
|
// Values of the Credential Flags field.
|
|
//
|
|
#define CRED_FLAGS_PASSWORD_FOR_CERT 0x0001
|
|
#define CRED_FLAGS_PROMPT_NOW 0x0002
|
|
#define CRED_FLAGS_USERNAME_TARGET 0x0004
|
|
#define CRED_FLAGS_OWF_CRED_BLOB 0x0008
|
|
#define CRED_FLAGS_VALID_FLAGS 0x000F // Mask of all valid flags
|
|
|
|
//
|
|
// Values of the Credential Type field.
|
|
//
|
|
#define CRED_TYPE_GENERIC 1
|
|
#define CRED_TYPE_DOMAIN_PASSWORD 2
|
|
#define CRED_TYPE_DOMAIN_CERTIFICATE 3
|
|
#define CRED_TYPE_DOMAIN_VISIBLE_PASSWORD 4
|
|
#define CRED_TYPE_MAXIMUM 5 // Maximum supported cred type
|
|
#define CRED_TYPE_MAXIMUM_EX (CRED_TYPE_MAXIMUM+1000) // Allow new applications to run on old OSes
|
|
|
|
//
|
|
// Maximum size of the CredBlob field (in bytes)
|
|
//
|
|
#define CRED_MAX_CREDENTIAL_BLOB_SIZE 512
|
|
|
|
//
|
|
// Values of the Credential Persist field
|
|
//
|
|
#define CRED_PERSIST_NONE 0
|
|
#define CRED_PERSIST_SESSION 1
|
|
#define CRED_PERSIST_LOCAL_MACHINE 2
|
|
#define CRED_PERSIST_ENTERPRISE 3
|
|
|
|
|
|
|
|
//
|
|
// A credential
|
|
//
|
|
typedef struct _CREDENTIALA {
|
|
DWORD Flags;
|
|
DWORD Type;
|
|
LPSTR TargetName;
|
|
LPSTR Comment;
|
|
FILETIME LastWritten;
|
|
DWORD CredentialBlobSize;
|
|
LPBYTE CredentialBlob;
|
|
DWORD Persist;
|
|
DWORD AttributeCount;
|
|
PCREDENTIAL_ATTRIBUTEA Attributes;
|
|
LPSTR TargetAlias;
|
|
LPSTR UserName;
|
|
} CREDENTIALA, *PCREDENTIALA;
|
|
|
|
typedef struct _CREDENTIALW {
|
|
DWORD Flags;
|
|
DWORD Type;
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t *TargetName;
|
|
#else // MIDL_PASS
|
|
LPWSTR TargetName;
|
|
#endif // MIDL_PASS
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t *Comment;
|
|
#else // MIDL_PASS
|
|
LPWSTR Comment;
|
|
#endif // MIDL_PASS
|
|
FILETIME LastWritten;
|
|
#ifdef MIDL_PASS
|
|
[range(0,CRED_MAX_CREDENTIAL_BLOB_SIZE)]
|
|
#endif // MIDL_PASS
|
|
DWORD CredentialBlobSize;
|
|
#ifdef MIDL_PASS
|
|
[size_is(CredentialBlobSize)]
|
|
#endif // MIDL_PASS
|
|
LPBYTE CredentialBlob;
|
|
DWORD Persist;
|
|
#ifdef MIDL_PASS
|
|
[range(0,CRED_MAX_ATTRIBUTES)]
|
|
#endif // MIDL_PASS
|
|
DWORD AttributeCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(AttributeCount)]
|
|
#endif // MIDL_PASS
|
|
PCREDENTIAL_ATTRIBUTEW Attributes;
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t *TargetAlias;
|
|
#else // MIDL_PASS
|
|
LPWSTR TargetAlias;
|
|
#endif // MIDL_PASS
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t *UserName;
|
|
#else // MIDL_PASS
|
|
LPWSTR UserName;
|
|
#endif // MIDL_PASS
|
|
} CREDENTIALW, *PCREDENTIALW;
|
|
|
|
#ifdef UNICODE
|
|
typedef CREDENTIALW CREDENTIAL;
|
|
typedef PCREDENTIALW PCREDENTIAL;
|
|
#else
|
|
typedef CREDENTIALA CREDENTIAL;
|
|
typedef PCREDENTIALA PCREDENTIAL;
|
|
#endif // UNICODE
|
|
|
|
//
|
|
// Value of the Flags field in CREDENTIAL_TARGET_INFORMATION
|
|
//
|
|
|
|
#define CRED_TI_SERVER_FORMAT_UNKNOWN 0x0001 // Don't know if server name is DNS or netbios format
|
|
#define CRED_TI_DOMAIN_FORMAT_UNKNOWN 0x0002 // Don't know if domain name is DNS or netbios format
|
|
#define CRED_TI_ONLY_PASSWORD_REQUIRED 0x0004 // Server only requires a password and not a username
|
|
#define CRED_TI_USERNAME_TARGET 0x0008 // TargetName is username
|
|
#define CRED_TI_CREATE_EXPLICIT_CRED 0x0010 // When creating a cred, create one named TargetInfo->TargetName
|
|
#define CRED_TI_WORKGROUP_MEMBER 0x0020 // Indicates the machine is a member of a workgroup
|
|
#define CRED_TI_VALID_FLAGS 0x003F
|
|
|
|
|
|
//
|
|
// A credential target
|
|
//
|
|
|
|
typedef struct _CREDENTIAL_TARGET_INFORMATIONA {
|
|
LPSTR TargetName;
|
|
LPSTR NetbiosServerName;
|
|
LPSTR DnsServerName;
|
|
LPSTR NetbiosDomainName;
|
|
LPSTR DnsDomainName;
|
|
LPSTR DnsTreeName;
|
|
LPSTR PackageName;
|
|
ULONG Flags;
|
|
DWORD CredTypeCount;
|
|
LPDWORD CredTypes;
|
|
} CREDENTIAL_TARGET_INFORMATIONA, *PCREDENTIAL_TARGET_INFORMATIONA;
|
|
|
|
typedef struct _CREDENTIAL_TARGET_INFORMATIONW {
|
|
#ifdef MIDL_PASS
|
|
[string] wchar_t *TargetName;
|
|
[string] wchar_t *NetbiosServerName;
|
|
[string] wchar_t *DnsServerName;
|
|
[string] wchar_t *NetbiosDomainName;
|
|
[string] wchar_t *DnsDomainName;
|
|
[string] wchar_t *DnsTreeName;
|
|
[string] wchar_t *PackageName;
|
|
#else // MIDL_PASS
|
|
LPWSTR TargetName;
|
|
LPWSTR NetbiosServerName;
|
|
LPWSTR DnsServerName;
|
|
LPWSTR NetbiosDomainName;
|
|
LPWSTR DnsDomainName;
|
|
LPWSTR DnsTreeName;
|
|
LPWSTR PackageName;
|
|
#endif // MIDL_PASS
|
|
ULONG Flags;
|
|
#ifdef MIDL_PASS
|
|
[range(0,CRED_TYPE_MAXIMUM_EX)]
|
|
#endif // MIDL_PASS
|
|
DWORD CredTypeCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(CredTypeCount)]
|
|
#endif // MIDL_PASS
|
|
LPDWORD CredTypes;
|
|
} CREDENTIAL_TARGET_INFORMATIONW, *PCREDENTIAL_TARGET_INFORMATIONW;
|
|
|
|
#ifdef UNICODE
|
|
typedef CREDENTIAL_TARGET_INFORMATIONW CREDENTIAL_TARGET_INFORMATION;
|
|
typedef PCREDENTIAL_TARGET_INFORMATIONW PCREDENTIAL_TARGET_INFORMATION;
|
|
#else
|
|
typedef CREDENTIAL_TARGET_INFORMATIONA CREDENTIAL_TARGET_INFORMATION;
|
|
typedef PCREDENTIAL_TARGET_INFORMATIONA PCREDENTIAL_TARGET_INFORMATION;
|
|
#endif // UNICODE
|
|
|
|
//
|
|
// Certificate credential information
|
|
//
|
|
// The cbSize should be the size of the structure, sizeof(CERT_CREDENTIAL_INFO),
|
|
// rgbHashofCert is the hash of the cert which is to be used as the credential.
|
|
//
|
|
|
|
#define CERT_HASH_LENGTH 20 // SHA1 hashes are used for cert hashes
|
|
|
|
typedef struct _CERT_CREDENTIAL_INFO {
|
|
ULONG cbSize;
|
|
UCHAR rgbHashOfCert[CERT_HASH_LENGTH];
|
|
} CERT_CREDENTIAL_INFO, *PCERT_CREDENTIAL_INFO;
|
|
|
|
//
|
|
// Username Target credential information
|
|
//
|
|
// This credential can be pass to LsaLogonUser to ask it to find a credential with a
|
|
// TargetName of UserName.
|
|
//
|
|
|
|
typedef struct _USERNAME_TARGET_CREDENTIAL_INFO {
|
|
LPWSTR UserName;
|
|
} USERNAME_TARGET_CREDENTIAL_INFO, *PUSERNAME_TARGET_CREDENTIAL_INFO;
|
|
|
|
//
|
|
// Credential type for credential marshaling routines
|
|
//
|
|
|
|
typedef enum _CRED_MARSHAL_TYPE {
|
|
CertCredential = 1,
|
|
UsernameTargetCredential
|
|
} CRED_MARSHAL_TYPE, *PCRED_MARSHAL_TYPE;
|
|
|
|
|
|
//
|
|
// Credential UI info
|
|
//
|
|
|
|
typedef struct _CREDUI_INFOA
|
|
{
|
|
DWORD cbSize;
|
|
HWND hwndParent;
|
|
PCSTR pszMessageText;
|
|
PCSTR pszCaptionText;
|
|
HBITMAP hbmBanner;
|
|
} CREDUI_INFOA, *PCREDUI_INFOA;
|
|
|
|
typedef struct _CREDUI_INFOW
|
|
{
|
|
DWORD cbSize;
|
|
HWND hwndParent;
|
|
PCWSTR pszMessageText;
|
|
PCWSTR pszCaptionText;
|
|
HBITMAP hbmBanner;
|
|
} CREDUI_INFOW, *PCREDUI_INFOW;
|
|
|
|
#ifdef UNICODE
|
|
typedef CREDUI_INFOW CREDUI_INFO;
|
|
typedef PCREDUI_INFOW PCREDUI_INFO;
|
|
#else
|
|
typedef CREDUI_INFOA CREDUI_INFO;
|
|
typedef PCREDUI_INFOA PCREDUI_INFO;
|
|
#endif
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Values
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// String length limits:
|
|
|
|
#define CREDUI_MAX_MESSAGE_LENGTH 32767
|
|
#define CREDUI_MAX_CAPTION_LENGTH 128
|
|
#define CREDUI_MAX_GENERIC_TARGET_LENGTH CRED_MAX_GENERIC_TARGET_NAME_LENGTH
|
|
#define CREDUI_MAX_DOMAIN_TARGET_LENGTH CRED_MAX_DOMAIN_TARGET_NAME_LENGTH
|
|
#define CREDUI_MAX_USERNAME_LENGTH CRED_MAX_USERNAME_LENGTH
|
|
#define CREDUI_MAX_PASSWORD_LENGTH (CRED_MAX_CREDENTIAL_BLOB_SIZE / 2)
|
|
|
|
//
|
|
// Flags for CredUIPromptForCredentials and/or CredUICmdLinePromptForCredentials
|
|
//
|
|
|
|
#define CREDUI_FLAGS_INCORRECT_PASSWORD 0x00001 // indicates the username is valid, but password is not
|
|
#define CREDUI_FLAGS_DO_NOT_PERSIST 0x00002 // Do not show "Save" checkbox, and do not persist credentials
|
|
#define CREDUI_FLAGS_REQUEST_ADMINISTRATOR 0x00004 // Populate list box with admin accounts
|
|
#define CREDUI_FLAGS_EXCLUDE_CERTIFICATES 0x00008 // do not include certificates in the drop list
|
|
#define CREDUI_FLAGS_REQUIRE_CERTIFICATE 0x00010
|
|
#define CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX 0x00040
|
|
#define CREDUI_FLAGS_ALWAYS_SHOW_UI 0x00080
|
|
#define CREDUI_FLAGS_REQUIRE_SMARTCARD 0x00100
|
|
#define CREDUI_FLAGS_PASSWORD_ONLY_OK 0x00200
|
|
#define CREDUI_FLAGS_VALIDATE_USERNAME 0x00400
|
|
#define CREDUI_FLAGS_COMPLETE_USERNAME 0x00800 //
|
|
#define CREDUI_FLAGS_PERSIST 0x01000 // Do not show "Save" checkbox, but persist credentials anyway
|
|
#define CREDUI_FLAGS_SERVER_CREDENTIAL 0x04000
|
|
#define CREDUI_FLAGS_EXPECT_CONFIRMATION 0x20000 // do not persist unless caller later confirms credential via CredUIConfirmCredential() api
|
|
#define CREDUI_FLAGS_GENERIC_CREDENTIALS 0x40000 // Credential is a generic credential
|
|
#define CREDUI_FLAGS_USERNAME_TARGET_CREDENTIALS 0x80000 // Credential has a username as the target
|
|
#define CREDUI_FLAGS_KEEP_USERNAME 0x100000 // don't allow the user to change the supplied username
|
|
|
|
|
|
//
|
|
// Mask of flags valid for CredUIPromptForCredentials
|
|
//
|
|
#define CREDUI_FLAGS_PROMPT_VALID ( \
|
|
CREDUI_FLAGS_INCORRECT_PASSWORD | \
|
|
CREDUI_FLAGS_DO_NOT_PERSIST | \
|
|
CREDUI_FLAGS_REQUEST_ADMINISTRATOR | \
|
|
CREDUI_FLAGS_EXCLUDE_CERTIFICATES | \
|
|
CREDUI_FLAGS_REQUIRE_CERTIFICATE | \
|
|
CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX | \
|
|
CREDUI_FLAGS_ALWAYS_SHOW_UI | \
|
|
CREDUI_FLAGS_REQUIRE_SMARTCARD | \
|
|
CREDUI_FLAGS_PASSWORD_ONLY_OK | \
|
|
CREDUI_FLAGS_VALIDATE_USERNAME | \
|
|
CREDUI_FLAGS_COMPLETE_USERNAME | \
|
|
CREDUI_FLAGS_PERSIST | \
|
|
CREDUI_FLAGS_SERVER_CREDENTIAL | \
|
|
CREDUI_FLAGS_EXPECT_CONFIRMATION | \
|
|
CREDUI_FLAGS_GENERIC_CREDENTIALS | \
|
|
CREDUI_FLAGS_USERNAME_TARGET_CREDENTIALS | \
|
|
CREDUI_FLAGS_KEEP_USERNAME )
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Functions
|
|
//-----------------------------------------------------------------------------
|
|
|
|
|
|
//
|
|
// Values of flags to CredWrite and CredWriteDomainCredentials
|
|
//
|
|
|
|
#define CRED_PRESERVE_CREDENTIAL_BLOB 0x1
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredWriteW (
|
|
IN PCREDENTIALW Credential,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredWriteA (
|
|
IN PCREDENTIALA Credential,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredWrite CredWriteW
|
|
#else
|
|
#define CredWrite CredWriteA
|
|
#endif // UNICODE
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredReadW (
|
|
IN LPCWSTR TargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags,
|
|
OUT PCREDENTIALW *Credential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredReadA (
|
|
IN LPCSTR TargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags,
|
|
OUT PCREDENTIALA *Credential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredRead CredReadW
|
|
#else
|
|
#define CredRead CredReadA
|
|
#endif // UNICODE
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredEnumerateW (
|
|
IN LPCWSTR Filter,
|
|
IN DWORD Flags,
|
|
OUT DWORD *Count,
|
|
OUT PCREDENTIALW **Credential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredEnumerateA (
|
|
IN LPCSTR Filter,
|
|
IN DWORD Flags,
|
|
OUT DWORD *Count,
|
|
OUT PCREDENTIALA **Credential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredEnumerate CredEnumerateW
|
|
#else
|
|
#define CredEnumerate CredEnumerateA
|
|
#endif // UNICODE
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredWriteDomainCredentialsW (
|
|
IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
|
|
IN PCREDENTIALW Credential,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredWriteDomainCredentialsA (
|
|
IN PCREDENTIAL_TARGET_INFORMATIONA TargetInfo,
|
|
IN PCREDENTIALA Credential,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredWriteDomainCredentials CredWriteDomainCredentialsW
|
|
#else
|
|
#define CredWriteDomainCredentials CredWriteDomainCredentialsA
|
|
#endif // UNICODE
|
|
|
|
|
|
|
|
//
|
|
// Values of flags to CredReadDomainCredentials
|
|
//
|
|
|
|
#define CRED_CACHE_TARGET_INFORMATION 0x1
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredReadDomainCredentialsW (
|
|
IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
|
|
IN DWORD Flags,
|
|
OUT DWORD *Count,
|
|
OUT PCREDENTIALW **Credential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredReadDomainCredentialsA (
|
|
IN PCREDENTIAL_TARGET_INFORMATIONA TargetInfo,
|
|
IN DWORD Flags,
|
|
OUT DWORD *Count,
|
|
OUT PCREDENTIALA **Credential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredReadDomainCredentials CredReadDomainCredentialsW
|
|
#else
|
|
#define CredReadDomainCredentials CredReadDomainCredentialsA
|
|
#endif // UNICODE
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredDeleteW (
|
|
IN LPCWSTR TargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredDeleteA (
|
|
IN LPCSTR TargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredDelete CredDeleteW
|
|
#else
|
|
#define CredDelete CredDeleteA
|
|
#endif // UNICODE
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredRenameW (
|
|
IN LPCWSTR OldTargetName,
|
|
IN LPCWSTR NewTargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredRenameA (
|
|
IN LPCSTR OldTargetName,
|
|
IN LPCSTR NewTargetName,
|
|
IN DWORD Type,
|
|
IN DWORD Flags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredRename CredRenameW
|
|
#else
|
|
#define CredRename CredRenameA
|
|
#endif // UNICODE
|
|
|
|
//
|
|
// Values of flags to CredGetTargetInfo
|
|
//
|
|
|
|
#define CRED_ALLOW_NAME_RESOLUTION 0x1
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredGetTargetInfoW (
|
|
IN LPCWSTR TargetName,
|
|
IN DWORD Flags,
|
|
OUT PCREDENTIAL_TARGET_INFORMATIONW *TargetInfo
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredGetTargetInfoA (
|
|
IN LPCSTR TargetName,
|
|
IN DWORD Flags,
|
|
OUT PCREDENTIAL_TARGET_INFORMATIONA *TargetInfo
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredGetTargetInfo CredGetTargetInfoW
|
|
#else
|
|
#define CredGetTargetInfo CredGetTargetInfoA
|
|
#endif // UNICODE
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredMarshalCredentialW(
|
|
IN CRED_MARSHAL_TYPE CredType,
|
|
IN PVOID Credential,
|
|
OUT LPWSTR *MarshaledCredential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredMarshalCredentialA(
|
|
IN CRED_MARSHAL_TYPE CredType,
|
|
IN PVOID Credential,
|
|
OUT LPSTR *MarshaledCredential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredMarshalCredential CredMarshalCredentialW
|
|
#else
|
|
#define CredMarshalCredential CredMarshalCredentialA
|
|
#endif // UNICODE
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredUnmarshalCredentialW(
|
|
IN LPCWSTR MarshaledCredential,
|
|
OUT PCRED_MARSHAL_TYPE CredType,
|
|
OUT PVOID *Credential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredUnmarshalCredentialA(
|
|
IN LPCSTR MarshaledCredential,
|
|
OUT PCRED_MARSHAL_TYPE CredType,
|
|
OUT PVOID *Credential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredUnmarshalCredential CredUnmarshalCredentialW
|
|
#else
|
|
#define CredUnmarshalCredential CredUnmarshalCredentialA
|
|
#endif // UNICODE
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredIsMarshaledCredentialW(
|
|
IN LPCWSTR MarshaledCredential
|
|
);
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredIsMarshaledCredentialA(
|
|
IN LPCSTR MarshaledCredential
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredIsMarshaledCredential CredIsMarshaledCredentialW
|
|
#else
|
|
#define CredIsMarshaledCredential CredIsMarshaledCredentialA
|
|
#endif // UNICODE
|
|
|
|
|
|
|
|
|
|
WINADVAPI
|
|
BOOL
|
|
WINAPI
|
|
CredGetSessionTypes (
|
|
IN DWORD MaximumPersistCount,
|
|
OUT LPDWORD MaximumPersist
|
|
);
|
|
|
|
|
|
WINADVAPI
|
|
VOID
|
|
WINAPI
|
|
CredFree (
|
|
IN PVOID Buffer
|
|
);
|
|
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIPromptForCredentialsW(
|
|
PCREDUI_INFOW pUiInfo,
|
|
PCWSTR pszTargetName,
|
|
PCtxtHandle pContext,
|
|
DWORD dwAuthError,
|
|
PWSTR pszUserName,
|
|
ULONG ulUserNameBufferSize,
|
|
PWSTR pszPassword,
|
|
ULONG ulPasswordBufferSize,
|
|
BOOL *save,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIPromptForCredentialsA(
|
|
PCREDUI_INFOA pUiInfo,
|
|
PCSTR pszTargetName,
|
|
PCtxtHandle pContext,
|
|
DWORD dwAuthError,
|
|
PSTR pszUserName,
|
|
ULONG ulUserNameBufferSize,
|
|
PSTR pszPassword,
|
|
ULONG ulPasswordBufferSize,
|
|
BOOL *save,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredUIPromptForCredentials CredUIPromptForCredentialsW
|
|
#else
|
|
#define CredUIPromptForCredentials CredUIPromptForCredentialsA
|
|
#endif
|
|
|
|
|
|
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIParseUserNameW(
|
|
PCWSTR pszUserName,
|
|
PWSTR pszUser,
|
|
ULONG ulUserBufferSize,
|
|
PWSTR pszDomain,
|
|
ULONG ulDomainBufferSize
|
|
);
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIParseUserNameA(
|
|
PCSTR pszUserName,
|
|
PSTR pszUser,
|
|
ULONG ulUserBufferSize,
|
|
PSTR pszDomain,
|
|
ULONG ulDomainBufferSize
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredUIParseUserName CredUIParseUserNameW
|
|
#else
|
|
#define CredUIParseUserName CredUIParseUserNameA
|
|
#endif
|
|
|
|
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUICmdLinePromptForCredentialsW(
|
|
PCWSTR pszTargetName,
|
|
PCtxtHandle pContext,
|
|
DWORD dwAuthError,
|
|
PWSTR UserName,
|
|
ULONG ulUserBufferSize,
|
|
PWSTR pszPassword,
|
|
ULONG ulPasswordBufferSize,
|
|
PBOOL pfSave,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUICmdLinePromptForCredentialsA(
|
|
PCSTR pszTargetName,
|
|
PCtxtHandle pContext,
|
|
DWORD dwAuthError,
|
|
PSTR UserName,
|
|
ULONG ulUserBufferSize,
|
|
PSTR pszPassword,
|
|
ULONG ulPasswordBufferSize,
|
|
PBOOL pfSave,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredUICmdLinePromptForCredentials CredUICmdLinePromptForCredentialsW
|
|
#else
|
|
#define CredUICmdLinePromptForCredentials CredUICmdLinePromptForCredentialsA
|
|
#endif
|
|
|
|
//
|
|
// Call this API with bConfirm set to TRUE to confirm that the credential (previously created
|
|
// via CredUIGetCredentials or CredUIPromptForCredentials worked, or with bConfirm set to FALSE
|
|
// to indicate it didn't
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIConfirmCredentialsW(
|
|
PCWSTR pszTargetName,
|
|
BOOL bConfirm
|
|
);
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIConfirmCredentialsA(
|
|
PCSTR pszTargetName,
|
|
BOOL bConfirm
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define CredUIConfirmCredentials CredUIConfirmCredentialsW
|
|
#else
|
|
#define CredUIConfirmCredentials CredUIConfirmCredentialsA
|
|
#endif
|
|
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIStoreSSOCredW (
|
|
PCWSTR pszRealm,
|
|
PCWSTR pszUsername,
|
|
PCWSTR pszPassword,
|
|
BOOL bPersist
|
|
);
|
|
|
|
CREDUIAPI
|
|
DWORD
|
|
WINAPI
|
|
CredUIReadSSOCredW (
|
|
PCWSTR pszRealm,
|
|
PWSTR* ppszUsername
|
|
);
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // _WINCRED_H_
|