Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4027 lines
123 KiB

  1. //=============================================================================
  2. // Copyright (c) 2000 Microsoft Corporation
  3. //
  4. // dialogs.cpp
  5. //
  6. // Credential manager user interface classes used to get credentials.
  7. //
  8. // Created 02/29/2000 johnstep (John Stephens)
  9. //=============================================================================
  10. #include "precomp.hpp"
  11. #include "shellapi.h"
  12. #include "dialogs.hpp"
  13. #include "resource.h"
  14. #include "utils.hpp"
  15. #include "shpriv.h"
  16. #include "shlobj.h"
  17. #include "shlobjp.h"
  18. // compile switch to allow credui to update wildcard creds
  19. #define SETWILDCARD
  20. NET_API_STATUS NetUserChangePasswordEy(LPCWSTR domainname, LPCWSTR username, LPCWSTR oldpassword, LPCWSTR newpassword);
  21. // .NET logo sizes
  22. #define BRANDLEFT_PIXEL_WIDTH 3
  23. #define BRANDLEFT_PIXEL_HEIGHT 4
  24. #define BRANDMID_PIXEL_HEIGHT 4
  25. #define BRANDRIGHT_PIXEL_WIDTH 144
  26. #define BRANDRIGHT_PIXEL_HEIGHT 37
  27. //-----------------------------------------------------------------------------
  28. // Values
  29. //-----------------------------------------------------------------------------
  30. #define CREDUI_MAX_WELCOME_TEXT_LINES 8
  31. #define CREDUI_MAX_LOGO_HEIGHT 80
  32. #define CREDUI_MAX_CMDLINE_MSG_LENGTH 256
  33. //-----------------------------------------------------------------------------
  34. // Global Variables
  35. //-----------------------------------------------------------------------------
  36. // Balloon tip infos for change password dialog:
  37. CONST CREDUI_BALLOON_TIP_INFO CreduiWrongOldTipInfo =
  38. {
  39. CreduiStrings.WrongOldTipTitle,
  40. CreduiStrings.WrongOldTipText,
  41. TTI_ERROR, 96, 76
  42. };
  43. CONST CREDUI_BALLOON_TIP_INFO CreduiNotSameTipInfo =
  44. {
  45. CreduiStrings.NotSameTipTitle,
  46. CreduiStrings.NotSameTipText,
  47. TTI_ERROR, 96, 76
  48. };
  49. CONST CREDUI_BALLOON_TIP_INFO CreduiTooShortTipInfo =
  50. {
  51. CreduiStrings.TooShortTipTitle,
  52. CreduiStrings.TooShortTipText,
  53. TTI_ERROR, 96, 76
  54. };
  55. // Control balloons for password dialog:
  56. CONST CREDUI_BALLOON CreduiUserNameBalloon =
  57. {
  58. 1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_INFO,
  59. CreduiStrings.UserNameTipTitle,
  60. CreduiStrings.UserNameTipText
  61. };
  62. CONST CREDUI_BALLOON CreduiEmailNameBalloon =
  63. {
  64. 1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_INFO,
  65. CreduiStrings.EmailNameTipTitle,
  66. CreduiStrings.EmailNameTipText
  67. };
  68. CONST CREDUI_BALLOON CreduiDowngradeBalloon =
  69. {
  70. 1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_ERROR,
  71. CreduiStrings.LogonTipTitle,
  72. CreduiStrings.DowngradeTipText
  73. };
  74. CONST CREDUI_BALLOON CreduiLogonBalloon =
  75. {
  76. 1, CREDUI_CONTROL_PASSWORD, CREDUI_BALLOON_ICON_ERROR,
  77. CreduiStrings.LogonTipTitle,
  78. CreduiStrings.LogonTipText
  79. };
  80. CONST CREDUI_BALLOON CreduiLogonCapsBalloon =
  81. {
  82. 1, CREDUI_CONTROL_PASSWORD, CREDUI_BALLOON_ICON_ERROR,
  83. CreduiStrings.LogonTipTitle,
  84. CreduiStrings.LogonTipCaps
  85. };
  86. // Placehold for known password:
  87. CONST WCHAR CreduiKnownPassword[] = L"********";
  88. //-----------------------------------------------------------------------------
  89. // Functions
  90. //-----------------------------------------------------------------------------
  91. void DemoteOldDefaultSSOCred (
  92. PCREDENTIAL_TARGET_INFORMATION pTargetInfo, // target info of new cred
  93. DWORD Flags
  94. );
  95. //=============================================================================
  96. // CreduiChangePasswordCallback
  97. //
  98. // This callback handles changing a domain password.
  99. //
  100. // Arguments:
  101. // changePasswordWindow (in)
  102. // message (in)
  103. // wParam (in)
  104. // lParam (in) - on WM_INITDIALOG, this is the info structure
  105. //
  106. // Returns TRUE if we handled the message, otherwise FALSE.
  107. //
  108. // Created 04/26/2000 johnstep (John Stephens)
  109. //=============================================================================
  110. INT_PTR
  111. CALLBACK
  112. CreduiChangePasswordCallback(
  113. HWND changePasswordWindow,
  114. UINT message,
  115. WPARAM wParam,
  116. LPARAM lParam
  117. )
  118. {
  119. CREDUI_CHANGE_PASSWORD_INFO *info =
  120. reinterpret_cast<CREDUI_CHANGE_PASSWORD_INFO *>(
  121. GetWindowLongPtr(changePasswordWindow, GWLP_USERDATA));
  122. if (message == WM_INITDIALOG)
  123. {
  124. info = reinterpret_cast<CREDUI_CHANGE_PASSWORD_INFO *>(lParam);
  125. if (info != NULL)
  126. {
  127. // Store this object's pointer in the user data window long:
  128. SetWindowLongPtr(changePasswordWindow,
  129. GWLP_USERDATA,
  130. reinterpret_cast<LONG_PTR>(info));
  131. SetWindowText(
  132. GetDlgItem(changePasswordWindow, IDC_USERNAME),
  133. info->UserName);
  134. info->BalloonTip.Init(CreduiInstance, changePasswordWindow);
  135. info->OldPasswordBox.Init(
  136. GetDlgItem(changePasswordWindow, IDC_PASSWORD),
  137. &info->BalloonTip,
  138. &CreduiCapsLockTipInfo);
  139. info->NewPasswordBox.Init(
  140. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  141. &info->BalloonTip,
  142. &CreduiCapsLockTipInfo);
  143. info->ConfirmPasswordBox.Init(
  144. GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
  145. &info->BalloonTip,
  146. &CreduiCapsLockTipInfo);
  147. return TRUE;
  148. }
  149. else
  150. {
  151. EndDialog(changePasswordWindow, IDCANCEL);
  152. }
  153. }
  154. else switch (message)
  155. {
  156. case WM_COMMAND:
  157. switch (LOWORD(wParam))
  158. {
  159. case IDC_PASSWORD:
  160. case IDC_NEW_PASSWORD:
  161. if ((HIWORD(wParam) == EN_KILLFOCUS) ||
  162. (HIWORD(wParam) == EN_CHANGE))
  163. {
  164. if (info->BalloonTip.IsVisible())
  165. {
  166. info->BalloonTip.Hide();
  167. }
  168. }
  169. break;
  170. case IDOK:
  171. WCHAR userDomain[CRED_MAX_USERNAME_LENGTH + 1];
  172. WCHAR userName[CRED_MAX_USERNAME_LENGTH + 1];
  173. WCHAR oldPassword[CRED_MAX_STRING_LENGTH + 1];
  174. WCHAR newPassword[CRED_MAX_STRING_LENGTH + 1];
  175. WCHAR confirmPassword[CRED_MAX_STRING_LENGTH + 1];
  176. oldPassword[0] = L'\0';
  177. newPassword[0] = L'\0';
  178. confirmPassword[0] = L'\0';
  179. GetWindowText(
  180. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  181. newPassword,
  182. CRED_MAX_STRING_LENGTH);
  183. GetWindowText(
  184. GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
  185. confirmPassword,
  186. CRED_MAX_STRING_LENGTH);
  187. if (wcscmp(newPassword, confirmPassword) != 0)
  188. {
  189. SetWindowText(
  190. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  191. NULL);
  192. SetWindowText(
  193. GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
  194. NULL);
  195. info->BalloonTip.SetInfo(
  196. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  197. &CreduiNotSameTipInfo);
  198. info->BalloonTip.Show();
  199. SecureZeroMemory(newPassword, sizeof newPassword);
  200. SecureZeroMemory(confirmPassword, sizeof confirmPassword);
  201. break;
  202. }
  203. // Confirm password is no longer needed
  204. SecureZeroMemory(confirmPassword, sizeof confirmPassword);
  205. GetWindowText(
  206. GetDlgItem(changePasswordWindow, IDC_PASSWORD),
  207. oldPassword,
  208. CRED_MAX_STRING_LENGTH);
  209. if (CredUIParseUserName(
  210. info->UserName,
  211. userName,
  212. sizeof(userName)/sizeof(WCHAR),
  213. userDomain,
  214. sizeof(userDomain)/sizeof(WCHAR)) == ERROR_SUCCESS)
  215. {
  216. NET_API_STATUS netStatus =
  217. NetUserChangePasswordEy(userDomain,
  218. userName,
  219. oldPassword,
  220. newPassword);
  221. // Old password is no longer needed
  222. SecureZeroMemory(oldPassword, sizeof oldPassword);
  223. switch (netStatus)
  224. {
  225. case NERR_Success:
  226. // Once we make it this far, the password has been
  227. // changed. If the following call fails to update the
  228. // credential, we really cannot do much about it except
  229. // maybe notify the user.
  230. StringCchCopyW(
  231. info->Password,
  232. info->PasswordMaxChars + 1,
  233. newPassword);
  234. // Scrub the passwords on the stack and clear the
  235. // controls:
  236. SecureZeroMemory(newPassword, sizeof newPassword);
  237. // NOTE: We may want to first set the controls to some
  238. // pattern to fill the memory, then clear it.
  239. SetWindowText(
  240. GetDlgItem(changePasswordWindow, IDC_PASSWORD),
  241. NULL);
  242. SetWindowText(
  243. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  244. NULL);
  245. SetWindowText(
  246. GetDlgItem(changePasswordWindow,
  247. IDC_CONFIRM_PASSWORD),
  248. NULL);
  249. // NOTE: We may want to notify the user that the password
  250. // has been successfully changed.
  251. break;
  252. default:
  253. // NOTE: If we got an unknown error, just handle it the
  254. // same way as an invalid password, for now:
  255. case ERROR_INVALID_PASSWORD:
  256. // New password is no longer needed
  257. SecureZeroMemory(newPassword, sizeof newPassword);
  258. SetWindowText(
  259. GetDlgItem(changePasswordWindow, IDC_PASSWORD),
  260. NULL);
  261. info->BalloonTip.SetInfo(
  262. GetDlgItem(changePasswordWindow, IDC_PASSWORD),
  263. &CreduiWrongOldTipInfo);
  264. info->BalloonTip.Show();
  265. return TRUE;
  266. case ERROR_ACCESS_DENIED:
  267. // NOTE: One use of this return value is when the new
  268. // password and old are the same. Would any
  269. // configuration ever allow them to match? If not,
  270. // we could just compare before calling the API.
  271. case NERR_PasswordTooShort:
  272. // New password is no longer needed
  273. SecureZeroMemory(newPassword, sizeof newPassword);
  274. SetWindowText(
  275. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  276. NULL);
  277. SetWindowText(
  278. GetDlgItem(changePasswordWindow,
  279. IDC_CONFIRM_PASSWORD),
  280. NULL);
  281. info->BalloonTip.SetInfo(
  282. GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
  283. &CreduiTooShortTipInfo);
  284. info->BalloonTip.Show();
  285. return TRUE;
  286. }
  287. }
  288. else
  289. {
  290. SecureZeroMemory(newPassword, sizeof newPassword);
  291. SecureZeroMemory(oldPassword, sizeof oldPassword);
  292. break;
  293. }
  294. // Fall through...
  295. case IDCANCEL:
  296. EndDialog(changePasswordWindow, LOWORD(wParam));
  297. return TRUE;
  298. }
  299. break;
  300. }
  301. return FALSE;
  302. }
  303. //=============================================================================
  304. // CreduiChangeDomainPassword
  305. //
  306. // Displays a dialog allowing the user to change the domain password.
  307. //
  308. // Arguments:
  309. // parentWindow (in)
  310. // userName (in)
  311. // password (out)
  312. // passwordMaxChars (in) - on WM_INITDIALOG, this is the info structure
  313. //
  314. // Returns TRUE if we handled the message, otherwise FALSE.
  315. //
  316. // Created 06/06/2000 johnstep (John Stephens)
  317. //=============================================================================
  318. BOOL
  319. CreduiChangeDomainPassword(
  320. HWND parentWindow,
  321. CONST WCHAR *userName,
  322. WCHAR *password,
  323. ULONG passwordMaxChars
  324. )
  325. {
  326. CREDUI_CHANGE_PASSWORD_INFO info;
  327. info.UserName = userName;
  328. info.Password = password;
  329. info.PasswordMaxChars = passwordMaxChars;
  330. return
  331. DialogBoxParam(
  332. CreduiInstance,
  333. MAKEINTRESOURCE(IDD_CHANGE_PASSWORD),
  334. parentWindow,
  335. CreduiChangePasswordCallback,
  336. reinterpret_cast<LPARAM>(&info)) == IDOK;
  337. }
  338. //-----------------------------------------------------------------------------
  339. // CreduiPasswordDialog Class Implementation
  340. //-----------------------------------------------------------------------------
  341. LONG CreduiPasswordDialog::Registered = FALSE;
  342. //=============================================================================
  343. // CreduiPasswordDialog::SetCredTargetFromInfo()
  344. //
  345. // Created 04/03/2001 georgema
  346. //=============================================================================
  347. void CreduiPasswordDialog::SetCredTargetFromInfo()
  348. {
  349. BOOL serverOnly = TRUE;
  350. NewCredential.Type = (CredCategory == GENERIC_CATEGORY) ?
  351. CRED_TYPE_GENERIC :
  352. CRED_TYPE_DOMAIN_PASSWORD;
  353. if ( TargetInfo != NULL )
  354. {
  355. if ( TargetInfo->CredTypeCount == 1 && *(TargetInfo->CredTypes) == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD ) {
  356. NewCredential.Type = CRED_TYPE_DOMAIN_VISIBLE_PASSWORD;
  357. MaximumPersist = MaximumPersistSso;
  358. serverOnly = (Flags & CREDUI_FLAGS_SERVER_CREDENTIAL);
  359. }
  360. }
  361. if ( CredCategory == DOMAIN_CATEGORY &&
  362. (TargetInfo != NULL))
  363. {
  364. SelectBestTargetName(serverOnly);
  365. NewCredential.TargetName = NewTargetName;
  366. }
  367. else
  368. {
  369. NewCredential.TargetName = const_cast<WCHAR *>(UserOrTargetName);
  370. }
  371. }
  372. //=============================================================================
  373. // CreduiPasswordDialog::CreduiPasswordDialog
  374. //
  375. // Created 02/25/2000 johnstep (John Stephens)
  376. //=============================================================================
  377. CreduiPasswordDialog::CreduiPasswordDialog(
  378. IN BOOL doingCommandLine,
  379. IN BOOL delayCredentialWrite,
  380. IN DWORD credCategory,
  381. CREDUI_INFO *uiInfo,
  382. CONST WCHAR *targetName,
  383. WCHAR *userName,
  384. ULONG userNameMaxChars,
  385. WCHAR *password,
  386. ULONG passwordMaxChars,
  387. BOOL *save,
  388. DWORD flags,
  389. CtxtHandle *securityContext,
  390. DWORD authError,
  391. DWORD *result
  392. )
  393. /*++
  394. Routine Description:
  395. This routine implements the GUI prompt for credentials
  396. Arguments:
  397. DoingCommandLine - TRUE if prompting is to be done via the command line
  398. FALSE if prompting is to be done via GUI
  399. delayCredentialWrite - TRUE if the credential is to be written only upon confirmation.
  400. FALSE, if the credential is to be written now as a session credential then
  401. morphed to a more persistent credential upon confirmation.
  402. This field is ignored if Flags doesn't specify CREDUI_FLAGS_EXPECT_CONFIRMATION.
  403. credCategory - This is the subset of the "flags" parameter defining the category of
  404. the credential.
  405. ...
  406. Return Values:
  407. None
  408. --*/
  409. {
  410. Result = ERROR_CANCELLED;
  411. hBrandBmp = NULL;
  412. // Initialize the result out argument for failure:
  413. if ( result != NULL )
  414. *result = Result;
  415. // Turn on the following chatter always for debug builds
  416. #if DBG
  417. // ensure that we don't miss uninitialized members in test...
  418. memset(this,0xcc,sizeof(CreduiPasswordDialog));
  419. CreduiDebugLog("CreduiPasswordDialog: Constructor. Incoming targetname = %S\n " ,targetName);
  420. CreduiDebugLog("Incoming username = %S\n",userName);
  421. #endif
  422. CREDENTIAL **credentialSet = NULL;
  423. SecPkgContext_CredentialName credentialName = { 0, NULL };
  424. ZeroMemory(&NewCredential, sizeof NewCredential);
  425. fPassedUsername = FALSE;
  426. fPasswordOnly = FALSE;
  427. //FIX 399728
  428. if ((userName != NULL) &&
  429. (wcslen(userName) != 0)) fPassedUsername = TRUE;
  430. // Set most of the class members to valid initial values. The window
  431. // handles will be initialized later if everything succeeds:
  432. DoingCommandLine = doingCommandLine;
  433. DelayCredentialWrite = delayCredentialWrite;
  434. CredCategory = credCategory;
  435. UserName = userName;
  436. UserNameMaxChars = userNameMaxChars;
  437. Password = password;
  438. PasswordMaxChars = passwordMaxChars;
  439. Flags = flags;
  440. AuthError = authError;
  441. Save = (Flags & CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX) ? *save : FALSE;
  442. rcBrand.top = 0;
  443. rcBrand.left = 0;
  444. rcBrand.right = 0;
  445. rcBrand.bottom = 0;
  446. if (targetName != NULL)
  447. {
  448. TargetName = const_cast<WCHAR *>(targetName);
  449. SecurityContext = NULL;
  450. }
  451. else if ( CredCategory == DOMAIN_CATEGORY )
  452. {
  453. if( securityContext == NULL) {
  454. CreduiDebugLog("CreduiPasswordDialog: Need to pass target name for domain creds.\n" );
  455. if ( result != NULL )
  456. *result = ERROR_INVALID_PARAMETER;
  457. return;
  458. }
  459. SecurityContext = securityContext;
  460. // Get the credential name, which includes the type, from the
  461. // security context:
  462. if (QueryContextAttributes(
  463. SecurityContext,
  464. SECPKG_ATTR_CREDENTIAL_NAME,
  465. static_cast<VOID *>(&credentialName)) != SEC_E_OK)
  466. {
  467. // This is an invalid security context for this function:
  468. CreduiDebugLog("CreduiPasswordDialog: Cannot QueryContextAttributes.\n" );
  469. if ( result != NULL )
  470. *result = ERROR_INVALID_PARAMETER;
  471. return;
  472. }
  473. TargetName = credentialName.sCredentialName;
  474. }
  475. else TargetName = NULL;
  476. if (uiInfo != NULL)
  477. {
  478. UiInfo = *uiInfo;
  479. }
  480. else
  481. {
  482. UiInfo.cbSize = sizeof(UiInfo);
  483. UiInfo.hwndParent = NULL;
  484. UiInfo.pszMessageText = NULL;
  485. UiInfo.pszCaptionText = NULL;
  486. UiInfo.hbmBanner = NULL;
  487. }
  488. PasswordCredential = NULL;
  489. OldCredential = NULL;
  490. TargetInfo = NULL;
  491. EncryptedVisiblePassword = TRUE;
  492. FirstPaint = TRUE;
  493. CredBalloon = NULL;
  494. NewTargetName[0] = L'\0';
  495. NewTargetAlias[0] = L'\0';
  496. DisabledControlMask = 0;
  497. PasswordState = PASSWORD_UNINIT;
  498. ResizeTop = 0;
  499. ResizeDelta = 0;
  500. DWORD MaximumPersistArray[CRED_TYPE_MAXIMUM];
  501. if ( LocalCredGetSessionTypes( CRED_TYPE_MAXIMUM, MaximumPersistArray)) {
  502. //
  503. // Maintain "MaximumPersist" as the maximum persistence to use.
  504. // We don't know yet whether this is an SSO cred, so keep it in a separate location
  505. // until we know for sure.
  506. //
  507. // Be careful to not use MaximumPersist until we do know for sure
  508. //
  509. if ( CredCategory == DOMAIN_CATEGORY || CredCategory == USERNAME_TARGET_CATEGORY ) {
  510. MaximumPersist = MaximumPersistArray[CRED_TYPE_DOMAIN_PASSWORD];
  511. } else {
  512. MaximumPersist = MaximumPersistArray[CRED_TYPE_GENERIC];
  513. }
  514. MaximumPersistSso = MaximumPersistArray[CRED_TYPE_DOMAIN_VISIBLE_PASSWORD];
  515. } else {
  516. MaximumPersist = CRED_PERSIST_NONE;
  517. MaximumPersistSso = CRED_PERSIST_NONE;
  518. }
  519. fInitialSaveState = FALSE; // ISSUE: this set at this point has no effect
  520. //
  521. // USERNAME_TARGET creds have two concepts of TargetName
  522. // The target name on the peristed credential needs to be the UserName
  523. // The target name everywhere else is the prompt text
  524. // UserOrTargetName is used in all the former cases.
  525. if ( CredCategory == USERNAME_TARGET_CATEGORY ) {
  526. UserOrTargetName = UserName;
  527. } else {
  528. UserOrTargetName = TargetName;
  529. }
  530. //
  531. // Get the target information for the target
  532. //
  533. // Only attempt to get target information if the target name is not a wildcard name.
  534. //
  535. // Do this regardless of whether the credential will be persisted.
  536. // Target info is used for completing the username.
  537. //
  538. if ( CredCategory == DOMAIN_CATEGORY &&
  539. SecurityContext == NULL &&
  540. !CreduiIsWildcardTargetName(TargetName) &&
  541. LocalCredGetTargetInfoW( TargetName,
  542. CRED_ALLOW_NAME_RESOLUTION,
  543. &TargetInfo) )
  544. {
  545. //
  546. // Check out the target info to ensure it matches the flag bits
  547. // passed by the caller.
  548. //
  549. // If not, ignore the target info.
  550. // We'll assume that the caller is using a different auth package than
  551. // the one matching the cached info.
  552. //
  553. if ( TargetInfo->CredTypeCount != 0 ) {
  554. ULONG AuthPackageStyle;
  555. BOOL CertOk = FALSE;
  556. BOOL PasswordOk = FALSE;
  557. AuthPackageStyle = 0;
  558. //
  559. // Loop through the supported cred types seeing what style the auth package supports
  560. //
  561. for (UINT i = 0; i < TargetInfo->CredTypeCount; ++i)
  562. {
  563. switch ( TargetInfo->CredTypes[i] ) {
  564. case CRED_TYPE_DOMAIN_CERTIFICATE:
  565. CertOk = TRUE;
  566. break;
  567. case CRED_TYPE_DOMAIN_PASSWORD:
  568. case CRED_TYPE_DOMAIN_VISIBLE_PASSWORD:
  569. PasswordOk = TRUE;
  570. break;
  571. }
  572. }
  573. //
  574. // Adjust that for what the caller requires
  575. //
  576. if (Flags & (CREDUI_FLAGS_REQUIRE_SMARTCARD|CREDUI_FLAGS_REQUIRE_CERTIFICATE) ) {
  577. PasswordOk = FALSE;
  578. } else if (Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) {
  579. CertOk = FALSE;
  580. }
  581. //
  582. // If nothing to supported,
  583. // ignore the target info
  584. //
  585. if ( !CertOk && !PasswordOk ) {
  586. LocalCredFree(static_cast<VOID *>(TargetInfo));
  587. TargetInfo = NULL;
  588. }
  589. }
  590. }
  591. //
  592. // If the credential might be peristed,
  593. // determine the existing credential and
  594. // build a template for the credential to be persisted.
  595. //
  596. if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST))
  597. {
  598. // Read the existing credential for this target:
  599. CREDENTIAL *credential = NULL;
  600. Result = ERROR_SUCCESS;
  601. if ( CredCategory == GENERIC_CATEGORY )
  602. {
  603. if (LocalCredReadW(TargetName,
  604. CRED_TYPE_GENERIC,
  605. 0,
  606. &PasswordCredential))
  607. {
  608. OldCredential = PasswordCredential;
  609. }
  610. else
  611. {
  612. Result = GetLastError();
  613. }
  614. }
  615. else
  616. {
  617. DWORD count;
  618. //
  619. // If a TargetInfo was found,
  620. // use it to read the matching credentials.
  621. //
  622. if ( TargetInfo != NULL ) {
  623. if (LocalCredReadDomainCredentialsW(TargetInfo, 0, &count,
  624. &credentialSet))
  625. {
  626. for (DWORD i = 0; i < count; ++i)
  627. {
  628. #ifndef SETWILDCARD
  629. //
  630. // Ignore RAS and wildcard credentials,
  631. // we never want credUI to change such a credential.
  632. //
  633. if ( CreduiIsSpecialCredential(credentialSet[i]) ) {
  634. continue;
  635. }
  636. #endif
  637. //
  638. // If the caller needs a server credential,
  639. // ignore wildcard credentials.
  640. //
  641. if ((Flags & CREDUI_FLAGS_SERVER_CREDENTIAL) &&
  642. CreduiIsWildcardTargetName( credentialSet[i]->TargetName)) {
  643. continue;
  644. }
  645. //
  646. // If the caller wants a certificate,
  647. // ignore non certificates.
  648. //
  649. if ( Flags & (CREDUI_FLAGS_REQUIRE_CERTIFICATE|CREDUI_FLAGS_REQUIRE_SMARTCARD) ) {
  650. if ( credentialSet[i]->Type != CRED_TYPE_DOMAIN_CERTIFICATE ) {
  651. continue;
  652. }
  653. }
  654. //
  655. // If the caller wants to avoid certificates,
  656. // ignore certificates.
  657. //
  658. if ( Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES ) {
  659. if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_CERTIFICATE ) {
  660. continue;
  661. }
  662. }
  663. //
  664. // CredReadDomain domain credentials returns creds in preference
  665. // order as specified by the TargetInfo.
  666. // So use the first valid one.
  667. //
  668. if ( OldCredential == NULL ) {
  669. OldCredential = credentialSet[i];
  670. }
  671. //
  672. // Remember the PasswordCredential in case we need to fall back to it
  673. //
  674. if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_PASSWORD ) {
  675. PasswordCredential = credentialSet[i];
  676. }
  677. }
  678. if (OldCredential == NULL)
  679. {
  680. Result = ERROR_NOT_FOUND;
  681. }
  682. else
  683. {
  684. Result = ERROR_SUCCESS;
  685. }
  686. }
  687. else
  688. {
  689. Result = GetLastError();
  690. }
  691. }
  692. //
  693. // We don't have a target info
  694. // read each of the possible credential types
  695. //
  696. else
  697. {
  698. if (!(Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) &&
  699. ((SecurityContext == NULL) ||
  700. (credentialName.CredentialType ==
  701. CRED_TYPE_DOMAIN_CERTIFICATE)) &&
  702. *UserOrTargetName != '\0' &&
  703. LocalCredReadW(UserOrTargetName,
  704. CRED_TYPE_DOMAIN_CERTIFICATE,
  705. 0,
  706. &credential))
  707. {
  708. if (CreduiIsSpecialCredential(credential))
  709. {
  710. LocalCredFree(static_cast<VOID *>(credential));
  711. credential = NULL;
  712. }
  713. else
  714. {
  715. OldCredential = credential;
  716. }
  717. }
  718. if ( ( Flags & (CREDUI_FLAGS_REQUIRE_CERTIFICATE|CREDUI_FLAGS_REQUIRE_SMARTCARD)) == 0 ) {
  719. if ( OldCredential == NULL &&
  720. ((SecurityContext == NULL) ||
  721. (credentialName.CredentialType ==
  722. CRED_TYPE_DOMAIN_PASSWORD)) &&
  723. *UserOrTargetName != '\0' &&
  724. LocalCredReadW(UserOrTargetName,
  725. CRED_TYPE_DOMAIN_PASSWORD,
  726. 0,
  727. &credential))
  728. {
  729. if (CreduiIsSpecialCredential(credential))
  730. {
  731. LocalCredFree(static_cast<VOID *>(credential));
  732. credential = NULL;
  733. }
  734. else
  735. {
  736. PasswordCredential = credential;
  737. OldCredential = credential;
  738. Result = ERROR_SUCCESS;
  739. }
  740. }
  741. if ( OldCredential == NULL &&
  742. ((SecurityContext == NULL) ||
  743. (credentialName.CredentialType ==
  744. CRED_TYPE_DOMAIN_VISIBLE_PASSWORD)) &&
  745. *UserOrTargetName != '\0' &&
  746. LocalCredReadW(UserOrTargetName,
  747. CRED_TYPE_DOMAIN_VISIBLE_PASSWORD,
  748. 0,
  749. &credential))
  750. {
  751. if (CreduiIsSpecialCredential(credential))
  752. {
  753. LocalCredFree(static_cast<VOID *>(credential));
  754. credential = NULL;
  755. }
  756. else
  757. {
  758. OldCredential = credential;
  759. Result = ERROR_SUCCESS;
  760. }
  761. }
  762. }
  763. if (OldCredential == NULL)
  764. {
  765. Result = GetLastError();
  766. }
  767. else
  768. {
  769. fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
  770. Result = ERROR_SUCCESS;
  771. }
  772. }
  773. }
  774. if (Result == ERROR_SUCCESS)
  775. {
  776. NewCredential = *OldCredential;
  777. // if we have an existing cred, set the save state
  778. if (OldCredential != NULL)
  779. {
  780. fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
  781. }
  782. // If a user name was not passed, copy the user name and password
  783. // from the existing credential:
  784. if (UserName[0] == L'\0')
  785. {
  786. if (OldCredential->UserName != NULL)
  787. {
  788. StringCchCopyW(
  789. UserName,
  790. UserNameMaxChars + 1,
  791. OldCredential->UserName);
  792. }
  793. if (Password[0] == L'\0')
  794. {
  795. if ((OldCredential->Type == CRED_TYPE_GENERIC) )
  796. {
  797. CopyMemory(
  798. Password,
  799. OldCredential->CredentialBlob,
  800. OldCredential->CredentialBlobSize);
  801. Password[OldCredential->
  802. CredentialBlobSize >> 1] = L'\0';
  803. }
  804. else if (OldCredential->Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD)
  805. {
  806. // check to see if the new one should be encrypted, but in any case, we can't prefill
  807. // the password box
  808. EncryptedVisiblePassword = IsPasswordEncrypted(OldCredential->CredentialBlob,
  809. OldCredential->CredentialBlobSize);
  810. PasswordState = PASSWORD_CHANGED;
  811. }
  812. else
  813. {
  814. // If prompt is required now, or if we're rerturning the password, then we can't prefill the
  815. // password box:
  816. fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
  817. if (OldCredential->Flags & CRED_FLAGS_PROMPT_NOW || DelayCredentialWrite )
  818. {
  819. PasswordState = PASSWORD_CHANGED;
  820. }
  821. else
  822. {
  823. StringCchCopyW(
  824. Password,
  825. PasswordMaxChars + 1,
  826. CreduiKnownPassword);
  827. }
  828. }
  829. }
  830. }
  831. }
  832. else
  833. {
  834. if (Result != ERROR_NO_SUCH_LOGON_SESSION)
  835. {
  836. Result = ERROR_SUCCESS;
  837. }
  838. OldCredential = NULL;
  839. SetCredTargetFromInfo();
  840. PasswordState = PASSWORD_CHANGED;
  841. }
  842. NewCredential.UserName = UserName;
  843. NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
  844. //
  845. // Since the old cred is an SSO cred,
  846. // use the SSO maximum persistence.
  847. //
  848. // Wait till now since NewCredential.Type is updated from either the old credential
  849. // or from the target info above.
  850. //
  851. // BUGBUG: If there is no old credential or target info,
  852. // we won't know this until later.
  853. //
  854. if ( NewCredential.Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD ) {
  855. MaximumPersist = MaximumPersistSso;
  856. }
  857. //
  858. // If the session type isn't supported on this machine,
  859. // fail if the caller needs to save the credential.
  860. //
  861. if ( MaximumPersist == CRED_PERSIST_NONE ) {
  862. if ( DelayCredentialWrite )
  863. {
  864. // no credmgr available, and user asked to persist. We can't persist, but we
  865. // can continue with UI and return values via the api - add CREDUI_FLAGS_DO_NOT_PERSIST
  866. Flags |= CREDUI_FLAGS_DO_NOT_PERSIST;
  867. }
  868. else
  869. {
  870. // we can't do anything without credmgr, return error
  871. if ( result != NULL )
  872. *result = ERROR_NO_SUCH_LOGON_SESSION;
  873. return;
  874. }
  875. }
  876. }
  877. //
  878. // If the cred may not be persisted,
  879. // clear the NewCredential.
  880. //
  881. if ( Flags & CREDUI_FLAGS_DO_NOT_PERSIST)
  882. {
  883. // NEED TO Initialize NewCred here
  884. ZeroMemory(&NewCredential, sizeof NewCredential);
  885. SetCredTargetFromInfo();
  886. PasswordState = PASSWORD_CHANGED;
  887. NewCredential.UserName = UserName;
  888. NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
  889. Result = ERROR_SUCCESS;
  890. }
  891. if (Result == ERROR_SUCCESS)
  892. {
  893. HWND parentWindow = UiInfo.hwndParent;
  894. CreduiIconParentWindow iconWindow;
  895. if ((parentWindow == NULL) || !IsWindow(parentWindow))
  896. {
  897. if (iconWindow.Init(CreduiInstance, IDI_DEFAULT))
  898. {
  899. parentWindow = iconWindow.GetWindow();
  900. }
  901. }
  902. BOOL doPasswordDialog = TRUE;
  903. // Before doing the dialog, check for special errors:
  904. if ( CredCategory == DOMAIN_CATEGORY &&
  905. !DoingCommandLine &&
  906. CREDUIP_IS_EXPIRED_ERROR( authError ) &&
  907. (OldCredential != NULL))
  908. {
  909. if (CreduiChangeDomainPassword(
  910. parentWindow,
  911. UserName,
  912. Password,
  913. PasswordMaxChars))
  914. {
  915. doPasswordDialog = FALSE;
  916. // Attempt to write the new credential, first get the length.
  917. // The blob does not include the terminating NULL:
  918. NewCredential.CredentialBlobSize =
  919. wcslen(Password) * sizeof (WCHAR);
  920. // If the password is empty, do not write a credential blob:
  921. if (NewCredential.CredentialBlobSize == 0)
  922. {
  923. NewCredential.CredentialBlob = NULL;
  924. }
  925. else
  926. {
  927. NewCredential.CredentialBlob =
  928. reinterpret_cast<BYTE *>(Password);
  929. }
  930. Result = FinishHandleOk();
  931. }
  932. }
  933. // Check to see if we can skip the UI:
  934. if ( CredCategory == GENERIC_CATEGORY &&
  935. !(Flags & CREDUI_FLAGS_ALWAYS_SHOW_UI) &&
  936. (OldCredential != NULL) &&
  937. !(OldCredential->Flags & CRED_FLAGS_PROMPT_NOW))
  938. {
  939. doPasswordDialog = FALSE;
  940. if ((Flags & CREDUI_FLAGS_REQUIRE_CERTIFICATE) &&
  941. !LocalCredIsMarshaledCredentialW(OldCredential->UserName))
  942. {
  943. doPasswordDialog = TRUE;
  944. }
  945. if ((Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) &&
  946. LocalCredIsMarshaledCredentialW(OldCredential->UserName))
  947. {
  948. doPasswordDialog = TRUE;
  949. }
  950. }
  951. // Do the dialog box:
  952. // check to see if this is an SSO cred
  953. if ( GetSSOPackageInfo( TargetInfo, &SSOPackage ) )
  954. {
  955. // it's an sso cred
  956. dwIDDResource = IDD_BRANDEDPASSWORD;
  957. // we never set initial save state on these
  958. fInitialSaveState = FALSE; // ISSUE: this set at this point has no effect
  959. // check to see if we already have a cred for this
  960. if (!CheckForSSOCred( NULL ))
  961. {
  962. // check to see if we should run the wizard
  963. if ( !(SSOPackage.dwRegistrationCompleted) && (SSOPackage.dwNumRegistrationRuns < 5) )
  964. {
  965. doPasswordDialog = !TryLauchRegWizard ( &SSOPackage, UiInfo.hwndParent, (MaximumPersistSso > CRED_PERSIST_SESSION),
  966. userName, userNameMaxChars,
  967. password, passwordMaxChars,
  968. &Result );
  969. }
  970. }
  971. }
  972. else
  973. {
  974. // it's not an sso cred
  975. dwIDDResource = IDD_PASSWORD;
  976. }
  977. // save a copy of the current working user name for later
  978. if (NewCredential.UserName != NULL)
  979. {
  980. StringCchCopyW(
  981. OldUserName,
  982. RTL_NUMBER_OF(OldUserName),
  983. NewCredential.UserName);
  984. }
  985. else
  986. {
  987. OldUserName[0] = 0;
  988. }
  989. if (doPasswordDialog)
  990. {
  991. if ( DoingCommandLine )
  992. {
  993. //
  994. // Do the command line version of a dialog box
  995. //
  996. Result = CmdLineDialog();
  997. }
  998. else
  999. {
  1000. LinkWindow_RegisterClass();
  1001. if (DialogBoxParam(
  1002. CreduiInstance,
  1003. MAKEINTRESOURCE(dwIDDResource),
  1004. parentWindow,
  1005. DialogMessageHandlerCallback,
  1006. reinterpret_cast<LPARAM>(this)) == IDOK)
  1007. {
  1008. if ((Result != ERROR_SUCCESS) &&
  1009. (Result != ERROR_NO_SUCH_LOGON_SESSION))
  1010. {
  1011. Result = ERROR_CANCELLED;
  1012. }
  1013. }
  1014. else
  1015. {
  1016. Result = ERROR_CANCELLED;
  1017. }
  1018. }
  1019. }
  1020. }
  1021. else
  1022. {
  1023. Result = ERROR_NO_SUCH_LOGON_SESSION;
  1024. }
  1025. // kill outbound username if share-level access
  1026. if (fPasswordOnly)
  1027. {
  1028. CreduiDebugLog("CUIPD: Share level credentials\n");
  1029. userName[0] = 0;
  1030. }
  1031. // Make sure other processes can set foreground window once again:
  1032. LockSetForegroundWindow(LSFW_UNLOCK);
  1033. AllowSetForegroundWindow(ASFW_ANY);
  1034. if (TargetInfo != NULL)
  1035. {
  1036. LocalCredFree(static_cast<VOID *>(TargetInfo));
  1037. }
  1038. // If we read a credential set, PasswordCredential
  1039. // is a pointer into this set. Otherwise, they were
  1040. // read separately:
  1041. if (credentialSet != NULL)
  1042. {
  1043. LocalCredFree(static_cast<VOID *>(credentialSet));
  1044. }
  1045. else
  1046. {
  1047. if (PasswordCredential != NULL)
  1048. {
  1049. LocalCredFree(static_cast<VOID *>(PasswordCredential));
  1050. }
  1051. }
  1052. if ( result != NULL )
  1053. *result = Result;
  1054. if ( save != NULL &&
  1055. (Result == ERROR_SUCCESS))
  1056. {
  1057. *save = Save;
  1058. }
  1059. }
  1060. //=============================================================================
  1061. // CreduiPasswordDialog::~CreduiPasswordDialog
  1062. //
  1063. // The constructor cleans up after itself, and since that is the only way to
  1064. // use this class, there's nothing to do in the destructor.
  1065. //
  1066. // Created 02/25/2000 johnstep (John Stephens)
  1067. //=============================================================================
  1068. CreduiPasswordDialog::~CreduiPasswordDialog()
  1069. {
  1070. WCHAR ClassName[] = {L"CreduiCmdLineHelperWindow"};
  1071. LONG lRet;
  1072. if ( hBrandBmp != NULL )
  1073. DeleteObject ( hBrandBmp );
  1074. // If 'Registered' is nonzero, unregister the class
  1075. if (InterlockedCompareExchange(&Registered, FALSE, TRUE))
  1076. {
  1077. lRet = UnregisterClass(ClassName, 0);
  1078. // Put the class handle back if deregister failed
  1079. if (0 == lRet)
  1080. {
  1081. // If the unregister fails, allow other instances to retry the unregister
  1082. CreduiDebugLog( "CreduiPasswordDialog::~CreduiPasswordDialog UnregisterClass failed.\n" );
  1083. // put back the flag value that we had destroyed
  1084. InterlockedExchange(&Registered,TRUE);
  1085. }
  1086. }
  1087. }
  1088. #define MAX_TEMP_TARGETNAME 64
  1089. DWORD
  1090. CreduiPasswordDialog::CmdLineDialog(
  1091. VOID
  1092. )
  1093. /*++
  1094. Routine Description:
  1095. This routine implements the command line prompt for credentials
  1096. Arguments:
  1097. None
  1098. Return Values:
  1099. Win 32 status of the operation
  1100. --*/
  1101. {
  1102. DWORD WinStatus;
  1103. HWND Window;
  1104. MSG msg;
  1105. //
  1106. // Create the window class if it doesn't already exist
  1107. //
  1108. if (!InterlockedCompareExchange(&Registered, TRUE, FALSE))
  1109. {
  1110. WNDCLASS windowClass;
  1111. ZeroMemory(&windowClass, sizeof windowClass);
  1112. windowClass.style = CS_GLOBALCLASS;
  1113. windowClass.cbWndExtra = 0;
  1114. windowClass.lpfnWndProc = CmdLineMessageHandlerCallback;
  1115. windowClass.hInstance = CreduiInstance;
  1116. windowClass.hIcon = NULL;
  1117. windowClass.hCursor = LoadCursor(NULL, MAKEINTRESOURCE(IDC_ARROW));
  1118. windowClass.lpszClassName = L"CreduiCmdLineHelperWindow";
  1119. InterlockedExchange(&Registered, RegisterClass(&windowClass) != 0);
  1120. if (!InterlockedCompareExchange(&Registered, FALSE, FALSE))
  1121. {
  1122. WinStatus = GetLastError();
  1123. goto Cleanup;
  1124. }
  1125. }
  1126. //
  1127. // Create a window of that class
  1128. //
  1129. Window = CreateWindow(
  1130. L"CreduiCmdLineHelperWindow",
  1131. NULL,
  1132. WS_POPUP,
  1133. 0, 0, 0, 0,
  1134. NULL, NULL, CreduiInstance,(LPVOID) this);
  1135. if ( Window == NULL )
  1136. {
  1137. WinStatus = GetLastError();
  1138. goto Cleanup;
  1139. }
  1140. //
  1141. // Run the message loop
  1142. //
  1143. CreduiDebugLog( "Entering message loop\n" );
  1144. for (;;) {
  1145. BOOL GmStatus;
  1146. GmStatus = GetMessage(&msg, NULL, 0, 0 );
  1147. if ( GmStatus == -1 )
  1148. {
  1149. WinStatus = GetLastError();
  1150. break;
  1151. }
  1152. else if ( GmStatus == 0 )
  1153. {
  1154. WinStatus = Result;
  1155. break;
  1156. }
  1157. DispatchMessage(&msg);
  1158. }
  1159. //
  1160. // Get the status left from the message loop.
  1161. WinStatus = (DWORD) msg.wParam;
  1162. CreduiDebugLog( "Got Quit Message: %ld\n", WinStatus );
  1163. //
  1164. // Process the data as though the user hit OK to the GUI
  1165. //
  1166. if ( WinStatus == NO_ERROR ) {
  1167. PasswordState = PASSWORD_CHANGED;
  1168. WinStatus = HandleOk();
  1169. if ( WinStatus == ERROR_NO_SUCH_LOGON_SESSION)
  1170. {
  1171. WinStatus = ERROR_CANCELLED;
  1172. }
  1173. }
  1174. CreduiDebugLog( "Calling destroy\n" );
  1175. DestroyWindow( Window );
  1176. Cleanup:
  1177. return WinStatus;
  1178. }
  1179. //=============================================================================
  1180. // CreduiPasswordDialog::FinishHandleOk
  1181. //
  1182. // This function writes the credential for domain credentials.
  1183. //
  1184. // Created 04/09/2000 johnstep (John Stephens)
  1185. //=============================================================================
  1186. DWORD
  1187. CreduiPasswordDialog::FinishHandleOk()
  1188. {
  1189. DWORD error = ERROR_SUCCESS;
  1190. PCREDENTIAL_TARGET_INFORMATION pTargetInfo = TargetInfo;
  1191. if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
  1192. return error;
  1193. DWORD dwCredWriteFlags = 0;
  1194. BOOL bDoSave = TRUE;
  1195. if (PasswordState == PASSWORD_INIT)
  1196. {
  1197. dwCredWriteFlags |= CRED_PRESERVE_CREDENTIAL_BLOB;
  1198. }
  1199. if ( dwIDDResource == IDD_BRANDEDPASSWORD )
  1200. {
  1201. // we need to reinterpret what Save means. Save in this case means to save as the default
  1202. // for the SSO realm, while !Save means rename the cred target as the username and
  1203. // save without the password
  1204. // never delay writing these creds
  1205. DelayCredentialWrite = FALSE;
  1206. if ( Save )
  1207. {
  1208. NewCredential.Persist = CRED_PERSIST_ENTERPRISE;
  1209. if ( !(Flags & CREDUI_FLAGS_KEEP_USERNAME ))
  1210. DemoteOldDefaultSSOCred ( TargetInfo, Flags );
  1211. }
  1212. else
  1213. {
  1214. // save this under the username if it doesn't already match NewCred's username
  1215. if ( (OldCredential != NULL && OldCredential->UserName != NULL &&
  1216. _wcsicmp ( OldCredential->UserName, UserName ) == 0 )||
  1217. (Flags & CREDUI_FLAGS_KEEP_USERNAME ) )
  1218. {
  1219. // don't do this save if the username matches the currently saved cred - we don't want a duplicate
  1220. bDoSave = FALSE;
  1221. }
  1222. // alter the TargetName
  1223. TargetName = UserName;
  1224. TargetInfo->TargetName = TargetName;
  1225. // don't set a TargetInfo for this
  1226. pTargetInfo = NULL;
  1227. NewCredential.Persist = CRED_PERSIST_ENTERPRISE;
  1228. NewCredential.CredentialBlob = NULL;
  1229. NewCredential.CredentialBlobSize = 0;
  1230. NewCredential.TargetName = TargetName;
  1231. NewCredential.Flags = CRED_FLAGS_USERNAME_TARGET;
  1232. DelayCredentialWrite = FALSE;
  1233. EncryptedVisiblePassword = FALSE;
  1234. dwCredWriteFlags = 0;
  1235. }
  1236. }
  1237. //
  1238. // Write the credential to credential manager
  1239. //
  1240. // Don't delay actually writing the credential to cred man since we're not
  1241. // returning the credential to the caller.
  1242. //
  1243. if ( bDoSave )
  1244. {
  1245. error = WriteCred( TargetName,
  1246. Flags,
  1247. pTargetInfo,
  1248. &NewCredential,
  1249. dwCredWriteFlags,
  1250. DelayCredentialWrite,
  1251. EncryptedVisiblePassword);
  1252. }
  1253. else
  1254. {
  1255. error = ERROR_SUCCESS;
  1256. }
  1257. if ( error != NO_ERROR ) {
  1258. CreduiDebugLog("CreduiPasswordDialog::HandleOk: "
  1259. "WriteCred failed: "
  1260. "%u\n", error);
  1261. }
  1262. if ((SecurityContext != NULL) && (error == ERROR_SUCCESS))
  1263. {
  1264. BOOL isValidated = TRUE;
  1265. if (!SetContextAttributes(
  1266. SecurityContext,
  1267. SECPKG_ATTR_USE_VALIDATED,
  1268. &isValidated,
  1269. sizeof isValidated))
  1270. {
  1271. error = ERROR_GEN_FAILURE;
  1272. }
  1273. }
  1274. // Clear any password from memory, and also make sure the credential blob
  1275. // points to Password once again (in case it was set to NULL due to a zero
  1276. // length blob):
  1277. NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
  1278. NewCredential.CredentialBlobSize = 0;
  1279. return error;
  1280. }
  1281. //=============================================================================
  1282. // CreduiPasswordDialog::Enable
  1283. //
  1284. // Enables or disables all the user controls in the dialog box. This allows us
  1285. // to maintain dialog responsiveness, while waiting for some potentially
  1286. // lengthy (network usually) operation to complete.
  1287. //
  1288. // Most controls are always enabled normally, but we need to track the state
  1289. // of IDC_CRED and IDOK. Do this with a simple DWORD bitmask.
  1290. //
  1291. // NOTE: Allow Cancel to remain enabled, and use it to abort the current
  1292. // lookup? This means we have to somehow kill the thread, though, or
  1293. // maybe just leave it, and close our handle to it?
  1294. //
  1295. // Arguments:
  1296. // enable (in) - TRUE to enable the controls, FALSE to disable.
  1297. //
  1298. // Created 04/07/2000 johnstep (John Stephens)
  1299. //=============================================================================
  1300. VOID
  1301. CreduiPasswordDialog::Enable(
  1302. BOOL enable
  1303. )
  1304. {
  1305. if (enable && (DisabledControlMask & DISABLED_DIALOG))
  1306. {
  1307. DisabledControlMask &= ~DISABLED_DIALOG;
  1308. EnableWindow(CredControlWindow, TRUE);
  1309. if ( DialogWindow) {
  1310. EnableWindow(GetDlgItem(DialogWindow, IDCANCEL), TRUE);
  1311. if (!(DisabledControlMask & DISABLED_CONTROL_OK))
  1312. {
  1313. EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
  1314. }
  1315. }
  1316. }
  1317. else if (!(DisabledControlMask & DISABLED_DIALOG))
  1318. {
  1319. // Hide the balloon tip before disabling the window:
  1320. DisabledControlMask |= DISABLED_DIALOG;
  1321. EnableWindow(CredControlWindow, FALSE);
  1322. if ( DialogWindow ) {
  1323. EnableWindow(GetDlgItem(DialogWindow, IDCANCEL), FALSE);
  1324. EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
  1325. }
  1326. }
  1327. }
  1328. //=============================================================================
  1329. // CreduiPasswordDialog::SelectAndSetWindowCaption
  1330. //
  1331. // Created 03/10/2000 johnstep (John Stephens)
  1332. //=============================================================================
  1333. VOID
  1334. CreduiPasswordDialog::SelectAndSetWindowCaption()
  1335. {
  1336. //
  1337. // Command line doesn't have a caption
  1338. //
  1339. if ( !DialogWindow ) {
  1340. return;
  1341. }
  1342. if (UiInfo.pszCaptionText != NULL)
  1343. {
  1344. SetWindowText(DialogWindow, UiInfo.pszCaptionText);
  1345. }
  1346. else
  1347. {
  1348. WCHAR captionText[256];
  1349. if ( CredCategory == DOMAIN_CATEGORY )
  1350. {
  1351. if (TargetInfo != NULL)
  1352. {
  1353. if ((TargetInfo->DnsServerName != NULL) ||
  1354. (TargetInfo->NetbiosServerName == NULL))
  1355. {
  1356. StringCchPrintfW(
  1357. captionText,
  1358. RTL_NUMBER_OF(captionText),
  1359. CreduiStrings.DnsCaption,
  1360. (TargetInfo->DnsServerName != NULL) ?
  1361. TargetInfo->DnsServerName :
  1362. TargetInfo->TargetName);
  1363. }
  1364. else if ((TargetInfo->NetbiosServerName != NULL) &&
  1365. (TargetInfo->NetbiosDomainName != NULL))
  1366. {
  1367. StringCchPrintfW(
  1368. captionText,
  1369. RTL_NUMBER_OF(captionText),
  1370. CreduiStrings.NetbiosCaption,
  1371. TargetInfo->NetbiosServerName,
  1372. TargetInfo->NetbiosDomainName);
  1373. }
  1374. else
  1375. {
  1376. StringCchPrintfW(
  1377. captionText,
  1378. RTL_NUMBER_OF(captionText),
  1379. CreduiStrings.DnsCaption,
  1380. TargetName);
  1381. }
  1382. }
  1383. else
  1384. {
  1385. StringCchPrintfW(
  1386. captionText,
  1387. RTL_NUMBER_OF(captionText),
  1388. CreduiStrings.DnsCaption,
  1389. TargetName);
  1390. }
  1391. }
  1392. else
  1393. {
  1394. StringCchPrintfW(
  1395. captionText,
  1396. RTL_NUMBER_OF(captionText),
  1397. CreduiStrings.GenericCaption,
  1398. TargetName);
  1399. }
  1400. SetWindowText(DialogWindow, captionText);
  1401. }
  1402. }
  1403. //=============================================================================
  1404. // CreduiPasswordDialog::ResizeDialogCallback
  1405. //
  1406. // Created 04/12/2000 johnstep (John Stephens)
  1407. //=============================================================================
  1408. BOOL
  1409. CALLBACK
  1410. CreduiPasswordDialog::ResizeDialogCallback(
  1411. HWND childWindow,
  1412. LPARAM lParam
  1413. )
  1414. {
  1415. CreduiPasswordDialog *that =
  1416. reinterpret_cast<CreduiPasswordDialog *>(lParam);
  1417. ASSERT(that != NULL);
  1418. //
  1419. // Command line doesn't care about window size
  1420. //
  1421. if ( that->DoingCommandLine ) {
  1422. return TRUE;
  1423. }
  1424. HWND dialogWindow = GetParent(childWindow);
  1425. if (dialogWindow == NULL)
  1426. {
  1427. // Stop enumeration because our window must have been destroyed or
  1428. // something:
  1429. return FALSE;
  1430. }
  1431. else if (dialogWindow == that->DialogWindow)
  1432. {
  1433. RECT childRect;
  1434. GetWindowRect(childWindow, &childRect);
  1435. // If this child window is below the message window, move it down:
  1436. if (childRect.top >= that->ResizeTop)
  1437. {
  1438. MapWindowPoints ( NULL, dialogWindow,
  1439. reinterpret_cast<POINT *>(&childRect.left), 2 );
  1440. SetWindowPos(childWindow,
  1441. NULL,
  1442. childRect.left,
  1443. childRect.top + that->ResizeDelta,
  1444. 0,
  1445. 0,
  1446. SWP_NOACTIVATE | SWP_NOSIZE | SWP_NOOWNERZORDER |
  1447. SWP_NOZORDER);
  1448. }
  1449. }
  1450. return TRUE;
  1451. }
  1452. //=============================================================================
  1453. // CreduiPasswordDialog::SelectAndSetWindowMessage
  1454. //
  1455. // This function will also resize the dialog to accomodate very long message
  1456. // text. The maximum number of lines allowed at once is
  1457. // CREDUI_MAX_WELCOME_TEXT_LINES, and, beyond that, a scrollbar is added.
  1458. //
  1459. // Created 03/10/2000 johnstep (John Stephens)
  1460. //=============================================================================
  1461. VOID
  1462. CreduiPasswordDialog::SelectAndSetWindowMessage()
  1463. {
  1464. HWND welcomeTextWindow = GetDlgItem(DialogWindow, IDC_WELCOME_TEXT);
  1465. //
  1466. // Command line doesn't have welcome text
  1467. //
  1468. if ( DoingCommandLine ) {
  1469. return;
  1470. }
  1471. ASSERT(welcomeTextWindow != NULL);
  1472. if (UiInfo.pszMessageText != NULL)
  1473. {
  1474. SetWindowText(welcomeTextWindow, UiInfo.pszMessageText);
  1475. }
  1476. else
  1477. {
  1478. WCHAR messageText[256];
  1479. if ( CredCategory == GENERIC_CATEGORY )
  1480. {
  1481. if (UserName[0] == L'\0')
  1482. {
  1483. StringCchPrintfW(
  1484. messageText,
  1485. RTL_NUMBER_OF(messageText),
  1486. CreduiStrings.Welcome,
  1487. TargetName);
  1488. }
  1489. else
  1490. {
  1491. StringCchPrintfW(
  1492. messageText,
  1493. RTL_NUMBER_OF(messageText),
  1494. CreduiStrings.WelcomeBack,
  1495. TargetName);
  1496. }
  1497. }
  1498. else
  1499. {
  1500. StringCchPrintfW(
  1501. messageText,
  1502. RTL_NUMBER_OF(messageText),
  1503. CreduiStrings.Connecting,
  1504. TargetName);
  1505. }
  1506. SetWindowText(welcomeTextWindow, messageText);
  1507. }
  1508. ULONG lineCount = (ULONG) SendMessage(welcomeTextWindow,
  1509. EM_GETLINECOUNT,
  1510. 0,
  1511. 0);
  1512. if (lineCount > 1)
  1513. {
  1514. if ( dwIDDResource == IDD_BRANDEDPASSWORD )
  1515. {
  1516. // Different layout (text to side of graphic)
  1517. RECT messageRect; // RECT for welcomeTextWindow
  1518. ULONG lineHeight = 13; // Height of line in welcomeTextWindow
  1519. DWORD lineIndex = 0; // Character index of first char in second line of welcomeTextWindow
  1520. DWORD linePos = 0; // Position of first char in second line of welcomeTextWindow
  1521. GetWindowRect(welcomeTextWindow, &messageRect);
  1522. // We don't want to resize anything for the branded password dialog
  1523. ResizeDelta = 0;
  1524. ResizeTop = messageRect.bottom;
  1525. // Get the first character index of the second line
  1526. lineIndex = (DWORD)SendMessage(welcomeTextWindow, EM_LINEINDEX, 1, 0);
  1527. if (lineIndex > -1)
  1528. {
  1529. // Get the position of the first character of the second line
  1530. linePos = (ULONG)SendMessage(welcomeTextWindow, EM_POSFROMCHAR, lineIndex, 0);
  1531. if (linePos)
  1532. {
  1533. // This is our line height
  1534. lineHeight = (ULONG)HIWORD(linePos);
  1535. }
  1536. }
  1537. if ((lineCount * lineHeight) > CREDUI_MAX_LOGO_HEIGHT)
  1538. {
  1539. // Add the scrollbar. Consider adjusting the formatting rectangle
  1540. // of the edit control because, by default, it is adjusted to
  1541. // allow just exactly enough room for the scrollbar. This means
  1542. // text could potentially "touch" the scrollbar, which would look
  1543. // bad.
  1544. LONG_PTR style = GetWindowLongPtr(welcomeTextWindow, GWL_STYLE);
  1545. SetWindowLongPtr(welcomeTextWindow,
  1546. GWL_STYLE,
  1547. style |= WS_VSCROLL);
  1548. }
  1549. SetWindowPos(welcomeTextWindow,
  1550. NULL,
  1551. 0,
  1552. 0,
  1553. messageRect.right - messageRect.left,
  1554. messageRect.bottom - messageRect.top,
  1555. SWP_FRAMECHANGED | SWP_NOACTIVATE | SWP_NOMOVE |
  1556. SWP_NOOWNERZORDER | SWP_NOZORDER);
  1557. }
  1558. else
  1559. {
  1560. // normal layout (text below graphic)
  1561. RECT messageRect;
  1562. GetWindowRect(welcomeTextWindow, &messageRect);
  1563. ULONG lineHeight = messageRect.bottom - messageRect.top;
  1564. ResizeTop = messageRect.bottom;
  1565. ResizeDelta = lineHeight *
  1566. (min(CREDUI_MAX_WELCOME_TEXT_LINES, lineCount) - 1);
  1567. messageRect.bottom += ResizeDelta;
  1568. if (lineCount > CREDUI_MAX_WELCOME_TEXT_LINES)
  1569. {
  1570. // Add the scrollbar. Consider adjusting the formatting rectangle
  1571. // of the edit control because, by default, it is adjusted to
  1572. // allow just exactly enough room for the scrollbar. This means
  1573. // text could potentially "touch" the scrollbar, which would look
  1574. // bad.
  1575. LONG_PTR style = GetWindowLongPtr(welcomeTextWindow, GWL_STYLE);
  1576. SetWindowLongPtr(welcomeTextWindow,
  1577. GWL_STYLE,
  1578. style |= WS_VSCROLL);
  1579. }
  1580. SetWindowPos(welcomeTextWindow,
  1581. NULL,
  1582. 0,
  1583. 0,
  1584. messageRect.right - messageRect.left,
  1585. messageRect.bottom - messageRect.top,
  1586. SWP_FRAMECHANGED | SWP_NOACTIVATE | SWP_NOMOVE |
  1587. SWP_NOOWNERZORDER | SWP_NOZORDER);
  1588. }
  1589. // Reposition all the other controls:
  1590. EnumChildWindows(DialogWindow,
  1591. ResizeDialogCallback,
  1592. reinterpret_cast<LPARAM>(this));
  1593. // Resize the dialog box now
  1594. RECT dialogRect;
  1595. GetWindowRect(DialogWindow, &dialogRect);
  1596. SetWindowPos(DialogWindow,
  1597. NULL,
  1598. dialogRect.left,
  1599. dialogRect.top - (ResizeDelta / 2),
  1600. dialogRect.right - dialogRect.left,
  1601. (dialogRect.bottom - dialogRect.top) + ResizeDelta,
  1602. SWP_NOACTIVATE | SWP_NOOWNERZORDER | SWP_NOZORDER);
  1603. ResizeTop = 0;
  1604. ResizeDelta = 0;
  1605. }
  1606. }
  1607. //=============================================================================
  1608. // CreduiPasswordDialog::InitWindow
  1609. //
  1610. // Created 02/25/2000 johnstep (John Stephens)
  1611. //
  1612. // Initialize the window
  1613. //
  1614. // dialogWindow - Window handle
  1615. //=============================================================================
  1616. BOOL
  1617. CreduiPasswordDialog::InitWindow(HWND dialogWindow)
  1618. {
  1619. //
  1620. // Store this object's pointer in the user data window long:
  1621. //
  1622. SetWindowLongPtr(dialogWindow,
  1623. GWLP_USERDATA,
  1624. reinterpret_cast<LONG_PTR>(this));
  1625. //
  1626. // In the GUI case, remember the dialog box window
  1627. //
  1628. if ( !DoingCommandLine ) {
  1629. DialogWindow = dialogWindow;
  1630. // Get the window handles for the various controls:
  1631. CredControlWindow = GetDlgItem(DialogWindow, IDC_CRED);
  1632. //
  1633. // In the command line case, remember the popup window
  1634. //
  1635. } else {
  1636. CmdLineWindow = dialogWindow;
  1637. //
  1638. // Create a CredControlWindow
  1639. // It isn't visible, but the existence of the window allows the command line
  1640. // code to share logic with the GUI implementation
  1641. //
  1642. CredControlWindow =
  1643. CreateWindowEx(
  1644. WS_EX_NOPARENTNOTIFY,
  1645. WC_CREDENTIAL,
  1646. NULL, // No window name
  1647. WS_CHILD | WS_GROUP,
  1648. 0, 0, 0, 0, // No coordinates on the screen
  1649. CmdLineWindow, // Parent window
  1650. NULL, // No menu window
  1651. CreduiInstance,
  1652. NULL);
  1653. if ( CredControlWindow == NULL) {
  1654. return FALSE;
  1655. }
  1656. }
  1657. ASSERT(CredControlWindow != NULL);
  1658. //
  1659. // First, initialize the Credential control window:
  1660. //
  1661. // Set the default style
  1662. //
  1663. if (Flags & CREDUI_FLAGS_REQUIRE_SMARTCARD)
  1664. {
  1665. CredControlStyle = CRS_SMARTCARDS;
  1666. }
  1667. else if (Flags & CREDUI_FLAGS_REQUIRE_CERTIFICATE)
  1668. {
  1669. CredControlStyle = CRS_CERTIFICATES | CRS_SMARTCARDS;
  1670. }
  1671. else if (Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES)
  1672. {
  1673. CredControlStyle = CRS_USERNAMES;
  1674. }
  1675. else
  1676. {
  1677. CredControlStyle = CRS_USERNAMES | CRS_CERTIFICATES | CRS_SMARTCARDS;
  1678. }
  1679. if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
  1680. {
  1681. CredControlStyle |= CRS_KEEPUSERNAME;
  1682. }
  1683. //
  1684. // If we have a target info,
  1685. // refine the style to match match what the auth package needs
  1686. //
  1687. // If the auth package has no opinion of its needs, allow everything.
  1688. //
  1689. if ( CredCategory == DOMAIN_CATEGORY &&
  1690. TargetInfo != NULL &&
  1691. TargetInfo->CredTypeCount != 0 )
  1692. {
  1693. ULONG AuthPackageStyle;
  1694. AuthPackageStyle = 0;
  1695. //
  1696. // Loop through the supported cred types seeing what style the auth package supports
  1697. //
  1698. for (UINT i = 0; i < TargetInfo->CredTypeCount; ++i)
  1699. {
  1700. switch ( TargetInfo->CredTypes[i] ) {
  1701. case CRED_TYPE_DOMAIN_CERTIFICATE:
  1702. AuthPackageStyle |= CRS_CERTIFICATES | CRS_SMARTCARDS;
  1703. break;
  1704. case CRED_TYPE_DOMAIN_PASSWORD:
  1705. case CRED_TYPE_DOMAIN_VISIBLE_PASSWORD:
  1706. AuthPackageStyle |= CRS_USERNAMES;
  1707. break;
  1708. }
  1709. }
  1710. CredControlStyle &= (AuthPackageStyle | CRS_KEEPUSERNAME );
  1711. ASSERT( CredControlStyle != 0);
  1712. }
  1713. //
  1714. // If the caller wants only administrators,
  1715. // include that request in the style.
  1716. //
  1717. if (Flags & CREDUI_FLAGS_REQUEST_ADMINISTRATOR)
  1718. {
  1719. CredControlStyle |= CRS_ADMINISTRATORS;
  1720. }
  1721. //
  1722. // If the caller asked to see the save checkbox,
  1723. // and we're running in a session that supports saving,
  1724. // include the save checkbox in the style
  1725. //
  1726. if ( (Flags & (CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_PERSIST)) == 0 &&
  1727. !(Flags & CREDUI_FLAGS_KEEP_USERNAME ) &&
  1728. MaximumPersist != CRED_PERSIST_NONE )
  1729. {
  1730. CredControlStyle |= CRS_SAVECHECK;
  1731. }
  1732. //
  1733. // If the caller wants us to prompt for saving and return the result to him,
  1734. // include the save checkbox in the style
  1735. //
  1736. // This is for the occasion that an application uses credui to harvest credentials from the
  1737. // user, and wants username, password, and save preference back. Credui, however,
  1738. // is not to attempt to save the cred... that will be done by the application.
  1739. //
  1740. // TESTNOTE: Pass both flags, observe correct state returned by Save, but no call to
  1741. // credwrite from credui. (Credui does not itself attempt to save the cred)
  1742. //
  1743. else if ( (Flags & (CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX)) ==
  1744. (CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX) &&
  1745. !(Flags & CREDUI_FLAGS_KEEP_USERNAME ))
  1746. {
  1747. CredControlStyle |= CRS_SAVECHECK;
  1748. }
  1749. //
  1750. // If we're not displaying the save checkbox,
  1751. // adust the size of the dialog box.
  1752. //
  1753. if ( (CredControlStyle & CRS_SAVECHECK) == 0 &&
  1754. DialogWindow != NULL )
  1755. {
  1756. RECT rect;
  1757. SetRect(&rect, 0, 0, 0, 0);
  1758. rect.bottom = CREDUI_CONTROL_ADD_SAVE;
  1759. MapDialogRect(DialogWindow, &rect);
  1760. ResizeDelta = -rect.bottom;
  1761. GetWindowRect(CredControlWindow, &rect);
  1762. ResizeTop = rect.bottom;
  1763. // Reposition all the other controls:
  1764. EnumChildWindows(DialogWindow,
  1765. ResizeDialogCallback,
  1766. reinterpret_cast<LPARAM>(this));
  1767. // Resize the dialog box now:
  1768. GetWindowRect(DialogWindow, &rect);
  1769. SetWindowPos(DialogWindow,
  1770. NULL,
  1771. rect.left,
  1772. rect.top - (ResizeDelta / 2),
  1773. rect.right - rect.left,
  1774. (rect.bottom - rect.top) + ResizeDelta,
  1775. SWP_NOACTIVATE | SWP_NOOWNERZORDER | SWP_NOZORDER);
  1776. GetClientRect(CredControlWindow, &rect);
  1777. SetWindowPos(CredControlWindow,
  1778. NULL,
  1779. 0,
  1780. 0,
  1781. rect.right - rect.left,
  1782. (rect.bottom - rect.top) + ResizeDelta,
  1783. SWP_NOMOVE | SWP_NOACTIVATE |
  1784. SWP_NOOWNERZORDER | SWP_NOZORDER);
  1785. ResizeTop = 0;
  1786. ResizeDelta = 0;
  1787. }
  1788. if ( dwIDDResource == IDD_BRANDEDPASSWORD )
  1789. {
  1790. // size the parts of the brand
  1791. RECT rect;
  1792. RECT rectleft;
  1793. RECT rectright;
  1794. RECT rectmid;
  1795. HWND hwndRight = GetDlgItem(DialogWindow, IDC_BRANDRIGHT);
  1796. HWND hwndMid = GetDlgItem(DialogWindow, IDC_BRANDMID);
  1797. HWND hwndLeft = GetDlgItem(DialogWindow, IDC_BRANDLEFT);
  1798. HBITMAP hBmp;
  1799. GetWindowRect(hwndRight, &rect);
  1800. // Load the images from files
  1801. // We can't load them in the .rc because then we lose transparency
  1802. hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDRIGHT), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
  1803. if (hBmp)
  1804. {
  1805. SendMessage(hwndRight, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
  1806. }
  1807. hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDMID), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
  1808. if (hBmp)
  1809. {
  1810. if (hwndMid)
  1811. {
  1812. SendMessage(hwndMid, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
  1813. }
  1814. }
  1815. hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDLEFT), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
  1816. if (hBmp)
  1817. {
  1818. if (hwndLeft)
  1819. {
  1820. SendMessage(hwndLeft, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
  1821. }
  1822. }
  1823. rectright.bottom = rect.bottom;
  1824. rectright.top = rect.bottom - BRANDRIGHT_PIXEL_HEIGHT;
  1825. rectright.right = rect.right;
  1826. rectright.left = rect.right - BRANDRIGHT_PIXEL_WIDTH;
  1827. rectleft.bottom = rect.bottom;
  1828. rectleft.top = rect.bottom - BRANDLEFT_PIXEL_HEIGHT;
  1829. rectleft.left = rect.left;
  1830. rectleft.right = rect.left + BRANDLEFT_PIXEL_WIDTH;
  1831. MapWindowPoints(NULL, DialogWindow, (LPPOINT)&rectleft, 2);
  1832. MapWindowPoints(NULL, DialogWindow, (LPPOINT)&rectright, 2);
  1833. if ( rectleft.right >= rectright.left )
  1834. {
  1835. // dialog is really narrow, just use rectright
  1836. // hide the other two
  1837. ShowWindow ( hwndMid, SW_HIDE );
  1838. ShowWindow ( hwndLeft, SW_HIDE );
  1839. }
  1840. else
  1841. {
  1842. // calculate rectmid
  1843. rectmid.bottom = rectleft.bottom;
  1844. rectmid.top = rectleft.bottom - BRANDMID_PIXEL_HEIGHT;
  1845. rectmid.left = rectleft.right;
  1846. rectmid.right = rectright.left;
  1847. // No need to MapWindowsPoints for rectmid, since it's base off of the already-mapped rects.
  1848. SetWindowPos(hwndMid,
  1849. NULL,
  1850. rectmid.left,
  1851. rectmid.top,
  1852. rectmid.right - rectmid.left,
  1853. rectmid.bottom - rectmid.top,
  1854. SWP_NOACTIVATE | SWP_NOOWNERZORDER |
  1855. SWP_NOZORDER);
  1856. SetWindowPos(hwndLeft,
  1857. NULL,
  1858. rectleft.left,
  1859. rectleft.top,
  1860. rectleft.right - rectleft.left,
  1861. rectleft.bottom - rectleft.top,
  1862. SWP_NOACTIVATE | SWP_NOOWNERZORDER |
  1863. SWP_NOZORDER);
  1864. }
  1865. SetWindowPos(hwndRight,
  1866. NULL,
  1867. rectright.left,
  1868. rectright.top,
  1869. rectright.right - rectright.left,
  1870. rectright.bottom - rectright.top,
  1871. SWP_NOACTIVATE | SWP_NOOWNERZORDER |
  1872. SWP_NOZORDER);
  1873. }
  1874. //
  1875. // Tell the control window the style flags and whether we're doing command line
  1876. //
  1877. if (!SendMessage(CredControlWindow, CRM_INITSTYLE, (WPARAM)(CredControlStyle), DoingCommandLine ) )
  1878. {
  1879. return FALSE;
  1880. }
  1881. // If a custom banner bitmap was provided, set it now, and free the
  1882. // default bitmap:
  1883. if ( DialogWindow != NULL && UiInfo.hbmBanner != NULL)
  1884. {
  1885. HWND bannerControlWindow = GetDlgItem(DialogWindow, IDC_BANNER);
  1886. ASSERT(bannerControlWindow != NULL);
  1887. HBITMAP oldBitmap =
  1888. reinterpret_cast<HBITMAP>(
  1889. SendMessage(
  1890. bannerControlWindow,
  1891. STM_SETIMAGE,
  1892. IMAGE_BITMAP,
  1893. reinterpret_cast<LPARAM>(UiInfo.hbmBanner)));
  1894. ASSERT(oldBitmap != NULL);
  1895. DeleteObject(static_cast<HGDIOBJ>(oldBitmap));
  1896. }
  1897. else if ( DialogWindow != NULL && dwIDDResource == IDD_BRANDEDPASSWORD )
  1898. {
  1899. // if it's branded and there's no banner, hide the banner control
  1900. HWND bannerControlWindow = GetDlgItem(DialogWindow, IDC_BANNER);
  1901. if (bannerControlWindow != NULL)
  1902. {
  1903. ShowWindow ( bannerControlWindow, SW_HIDE );
  1904. }
  1905. }
  1906. // Limit the number of characters entered into the user name and password
  1907. // edit controls:
  1908. Credential_SetUserNameMaxChars(CredControlWindow, UserNameMaxChars);
  1909. Credential_SetPasswordMaxChars(CredControlWindow, PasswordMaxChars);
  1910. SelectAndSetWindowCaption();
  1911. SelectAndSetWindowMessage();
  1912. //
  1913. // Set the default check box states
  1914. // Default to don't save. That ensures the user has to take an action to
  1915. // change global state.
  1916. //
  1917. //
  1918. // If the caller is specifying the default value of the checkbox,
  1919. // grab that default
  1920. //
  1921. fInitialSaveState = FALSE;
  1922. // Force initial save state to false if SSO
  1923. if (Flags & CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX)
  1924. {
  1925. if (dwIDDResource != IDD_BRANDEDPASSWORD)
  1926. {
  1927. fInitialSaveState = Save;
  1928. }
  1929. else
  1930. {
  1931. fInitialSaveState = FALSE;
  1932. }
  1933. //
  1934. // Only save if credman is available
  1935. //
  1936. }
  1937. else if ( MaximumPersist != CRED_PERSIST_NONE )
  1938. {
  1939. //
  1940. // If the caller is forcing the save flag on,
  1941. // default the save flag to TRUE.
  1942. //
  1943. if ( Flags & CREDUI_FLAGS_PERSIST )
  1944. {
  1945. fInitialSaveState = TRUE;
  1946. }
  1947. }
  1948. Credential_CheckSave(CredControlWindow, fInitialSaveState);
  1949. // Make sure the new password window is the foreground window, if
  1950. // possible:
  1951. if ( DialogWindow != NULL ) {
  1952. AllowSetForegroundWindow(GetCurrentProcessId());
  1953. SetForegroundWindow(DialogWindow);
  1954. AllowSetForegroundWindow(ASFW_ANY);
  1955. }
  1956. // NOTE: Do we really need the guest user name here?
  1957. if ((TargetInfo != NULL) && (UserName[0] == L'\0'))
  1958. {
  1959. if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)
  1960. {
  1961. LPWSTR ServerName = NULL;
  1962. if ( TargetInfo->NetbiosServerName != NULL ) {
  1963. ServerName = TargetInfo->NetbiosServerName;
  1964. } else if ( TargetInfo->DnsServerName != NULL &&
  1965. (TargetInfo->Flags & CRED_TI_SERVER_FORMAT_UNKNOWN) != 0 ) {
  1966. ServerName = TargetInfo->DnsServerName;
  1967. }
  1968. if ( ServerName != NULL )
  1969. {
  1970. LPWSTR GuestName;
  1971. if ( !CreduiLookupLocalNameFromRid( DOMAIN_USER_RID_GUEST, &GuestName ) ) {
  1972. GuestName = NULL;
  1973. }
  1974. StringCchPrintfW(
  1975. UserName,
  1976. UserNameMaxChars + 1,
  1977. L"%s\\%s",
  1978. ServerName,
  1979. GuestName == NULL ? L"Guest" : GuestName);
  1980. delete GuestName;
  1981. }
  1982. }
  1983. else
  1984. {
  1985. if ( DialogWindow ) {
  1986. EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
  1987. }
  1988. DisabledControlMask |= DISABLED_CONTROL_OK;
  1989. }
  1990. }
  1991. if ((UserName[0] != L'\0') || (Password[0] != L'\0'))
  1992. {
  1993. // If this fails, it may be because the certificate was not found in
  1994. // the store, so if this is a domain credential, use the password one,
  1995. // if available:
  1996. BOOL isMarshaled = LocalCredIsMarshaledCredentialW(UserName);
  1997. if (Credential_SetUserName(CredControlWindow, UserName))
  1998. {
  1999. if (!isMarshaled)
  2000. {
  2001. Credential_SetPassword(CredControlWindow, Password);
  2002. }
  2003. if (TargetInfo)
  2004. {
  2005. if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)
  2006. {
  2007. Credential_DisableUserName(CredControlWindow);
  2008. // when disabling the username field, prepare to return no username to the caller
  2009. if (Flags & CREDUI_FLAGS_PASSWORD_ONLY_OK)
  2010. {
  2011. fPasswordOnly = TRUE;
  2012. CreduiDebugLog("CreduiPasswordDialog::InitWindow - Password only share\n");
  2013. }
  2014. }
  2015. }
  2016. }
  2017. else
  2018. {
  2019. if ( CredCategory == DOMAIN_CATEGORY &&
  2020. isMarshaled &&
  2021. (PasswordCredential != NULL))
  2022. {
  2023. OldCredential = PasswordCredential;
  2024. // Change as little as possible about the new credential
  2025. // because we already selected the target name, etc.:
  2026. if (OldCredential->UserName != NULL)
  2027. {
  2028. StringCchCopyW(
  2029. UserName,
  2030. UserNameMaxChars + 1,
  2031. OldCredential->UserName);
  2032. }
  2033. else
  2034. {
  2035. UserName[0] = L'\0';
  2036. }
  2037. Password[0] = L'\0';
  2038. Credential_SetPassword(CredControlWindow, Password);
  2039. }
  2040. else
  2041. {
  2042. UserName[0] = L'\0';
  2043. Password[0] = L'\0';
  2044. }
  2045. }
  2046. if (PasswordState == PASSWORD_UNINIT)
  2047. {
  2048. PasswordState = PASSWORD_INIT;
  2049. }
  2050. if (UserName[0] != L'\0')
  2051. {
  2052. Credential_SetPasswordFocus(CredControlWindow);
  2053. if (Flags & CREDUI_FLAGS_INCORRECT_PASSWORD)
  2054. {
  2055. if (CreduiIsCapsLockOn())
  2056. {
  2057. CredBalloon = &CreduiLogonCapsBalloon;
  2058. }
  2059. else
  2060. {
  2061. CredBalloon = &CreduiLogonBalloon;
  2062. }
  2063. }
  2064. }
  2065. }
  2066. if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
  2067. {
  2068. // okay button should always be enabled for this case
  2069. EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
  2070. DisabledControlMask &= ~DISABLED_CONTROL_OK;
  2071. }
  2072. return TRUE;
  2073. }
  2074. //=============================================================================
  2075. // CreduiPasswordDialog::CompleteUserName
  2076. //
  2077. // Searches the user name for a domain name, and determines whether this
  2078. // specifies the target server or a domain. If a domain is not present in the
  2079. // user name, add it if this is a workstation or no target information is
  2080. // available.
  2081. //
  2082. // Returns TRUE if a domain was already present in the user name, or if we
  2083. // added one. Otherwise, return FALSE.
  2084. //
  2085. // Created 03/10/2000 johnstep (John Stephens)
  2086. //=============================================================================
  2087. BOOL
  2088. CreduiPasswordDialog::CompleteUserName()
  2089. {
  2090. return ::CompleteUserName(
  2091. UserName,
  2092. UserNameMaxChars,
  2093. TargetInfo,
  2094. TargetName,
  2095. Flags);
  2096. }
  2097. //=============================================================================
  2098. // CreduiPasswordDialog::SelectBestTargetName
  2099. //
  2100. // Given TargetInfo, this function determines the most general target name
  2101. // possible, and stores the result in NewTargetName. If a target alias is
  2102. // available (NetBIOS name for a DNS name), this will be stored in
  2103. // NewTargetAlias. If the wildcard won't fit within the required string
  2104. // length, then it is not used.
  2105. //
  2106. // If serverOnly then, use the target information form of the target name,
  2107. // with the user-typed name as the alias. If unavailable, just use the user-
  2108. // typed form with a NULL alias.
  2109. //
  2110. // Created 03/10/2000 johnstep (John Stephens)
  2111. //=============================================================================
  2112. VOID
  2113. CreduiPasswordDialog::SelectBestTargetName(
  2114. BOOL serverOnly
  2115. )
  2116. {
  2117. NET_API_STATUS NetStatus;
  2118. BOOL usePrefixWildcard = TRUE;
  2119. WCHAR *credName = NULL;
  2120. LPWSTR DomainName = NULL;
  2121. LPWSTR DnsDomainName = NULL;
  2122. LPWSTR DnsForestName = NULL;
  2123. LPWSTR ComputerName = NULL;
  2124. BOOLEAN IsWorkgroupName;
  2125. BOOLEAN AddWildcard = TRUE;
  2126. // If serverOnly is passed, always use the new server-only behavior.
  2127. if (serverOnly)
  2128. {
  2129. if (TargetInfo->TargetName != NULL)
  2130. {
  2131. credName = TargetInfo->TargetName;
  2132. NewCredential.TargetAlias = TargetName;
  2133. }
  2134. else
  2135. {
  2136. credName = TargetName;
  2137. NewCredential.TargetAlias = NULL;
  2138. }
  2139. ASSERT(credName != NULL);
  2140. StringCchCopyW(
  2141. NewTargetName,
  2142. RTL_NUMBER_OF(NewTargetName),
  2143. credName);
  2144. return;
  2145. }
  2146. // Determine the maximum length name we can use for the wildcard case:
  2147. const ULONG maxChars = ((sizeof NewTargetName) /
  2148. (sizeof NewTargetName[0])) - 3;
  2149. if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED )
  2150. {
  2151. serverOnly = TRUE;
  2152. }
  2153. //
  2154. // If the auth package requires us to create a target info by an explicit name,
  2155. // only use that name.
  2156. //
  2157. if ( TargetInfo->Flags & CRED_TI_CREATE_EXPLICIT_CRED )
  2158. {
  2159. credName = TargetInfo->TargetName;
  2160. AddWildcard = FALSE;
  2161. }
  2162. //
  2163. // If this machine is a member of a domain,
  2164. // and the target machine is a member of the same forest,
  2165. // and the user is logged onto an account in the forest,
  2166. // then this prompt must be because of an authorization issue.
  2167. //
  2168. // Avoid this check if a username was passed into the call
  2169. //
  2170. // Special case this and create a server specific credential
  2171. //
  2172. if ( credName == NULL &&
  2173. !serverOnly &&
  2174. UserName[0] == '\0' ) {
  2175. BOOL MachineInSameForest = FALSE;
  2176. BOOL UserUsingDomainAccount = FALSE;
  2177. //
  2178. // First determine if this machine is in the same forest as the target machine
  2179. //
  2180. NetStatus = NetpGetDomainNameExExEx (
  2181. &DomainName,
  2182. &DnsDomainName,
  2183. &DnsForestName,
  2184. NULL, // Don't need the GUID
  2185. &IsWorkgroupName );
  2186. if ( NetStatus == NO_ERROR &&
  2187. !IsWorkgroupName ) {
  2188. //
  2189. // check if the netbios domain names match
  2190. //
  2191. if ( TargetInfo->NetbiosDomainName != NULL &&
  2192. DomainName != NULL &&
  2193. _wcsicmp( TargetInfo->NetbiosDomainName, DomainName ) == 0 ) {
  2194. MachineInSameForest = TRUE;
  2195. //
  2196. // check if the DNS domain names match
  2197. //
  2198. } else if ( TargetInfo->DnsDomainName != NULL &&
  2199. DnsDomainName != NULL &&
  2200. _wcsicmp( TargetInfo->DnsDomainName, DnsDomainName ) == 0 ) {
  2201. MachineInSameForest = TRUE;
  2202. //
  2203. // handle the special domain format unknown case
  2204. //
  2205. } else if ( TargetInfo->DnsDomainName != NULL &&
  2206. DomainName != NULL &&
  2207. (TargetInfo->Flags & CRED_TI_DOMAIN_FORMAT_UNKNOWN) != 0 &&
  2208. _wcsicmp( TargetInfo->DnsDomainName, DomainName ) == 0 ) {
  2209. MachineInSameForest = TRUE;
  2210. //
  2211. // handle the forest name
  2212. // (Too bad this doesn't work for the other trees in the forest.)
  2213. //
  2214. } else if ( TargetInfo->DnsTreeName != NULL &&
  2215. DnsForestName != NULL &&
  2216. _wcsicmp( TargetInfo->DnsTreeName, DnsForestName ) == 0 ) {
  2217. MachineInSameForest = TRUE;
  2218. }
  2219. }
  2220. //
  2221. // If this machine and target machine are in the same forest,
  2222. // see if the user is logged onto an account that should have worked.
  2223. //
  2224. if ( MachineInSameForest ) {
  2225. WCHAR UserNameBuffer[CRED_MAX_USERNAME_LENGTH+1];
  2226. ULONG UserNameLength = CRED_MAX_USERNAME_LENGTH+1;
  2227. if ( GetUserNameEx( NameSamCompatible,
  2228. UserNameBuffer,
  2229. &UserNameLength ) ) {
  2230. //
  2231. // Parse off the netbios account domain name
  2232. //
  2233. LPWSTR SlashPointer;
  2234. SlashPointer = wcsrchr( UserNameBuffer, L'\\' );
  2235. if ( SlashPointer != NULL ) {
  2236. *SlashPointer = '\0';
  2237. //
  2238. // Get the computer name of this machine
  2239. //
  2240. NetStatus = NetpGetComputerName( &ComputerName );
  2241. if ( NetStatus == NO_ERROR ) {
  2242. //
  2243. // If the netbios account domain doesn't match the local computer name,
  2244. // then the user is logged onto an account in the forest.
  2245. // Since trust within the forest is transitive,
  2246. // these creds should have worked
  2247. //
  2248. if ( _wcsicmp( ComputerName, UserNameBuffer ) != 0 ) {
  2249. UserUsingDomainAccount = TRUE;
  2250. }
  2251. }
  2252. }
  2253. }
  2254. }
  2255. //
  2256. // If both conditions are true,
  2257. // we should create a server only cred.
  2258. //
  2259. if ( MachineInSameForest && UserUsingDomainAccount ) {
  2260. serverOnly = TRUE;
  2261. }
  2262. }
  2263. //
  2264. // Compute the most generic form of the target name
  2265. //
  2266. if ( credName == NULL && !serverOnly)
  2267. {
  2268. // Look for the most general name possible first, selecting DNS over
  2269. // NetBIOS:
  2270. if ((TargetInfo->DnsServerName != NULL) &&
  2271. (TargetInfo->DnsTreeName != NULL) &&
  2272. CreduiIsPostfixString(TargetInfo->DnsServerName,
  2273. TargetInfo->DnsTreeName) &&
  2274. (wcslen(TargetInfo->DnsTreeName) <= maxChars))
  2275. {
  2276. // Credential form: *.DnsTreeName
  2277. credName = TargetInfo->DnsTreeName;
  2278. }
  2279. else if ((TargetInfo->DnsServerName != NULL) &&
  2280. (TargetInfo->DnsDomainName != NULL) &&
  2281. !(TargetInfo->Flags & CRED_TI_DOMAIN_FORMAT_UNKNOWN) &&
  2282. CreduiIsPostfixString(TargetInfo->DnsServerName,
  2283. TargetInfo->DnsDomainName) &&
  2284. (wcslen(TargetInfo->DnsDomainName) <= maxChars))
  2285. {
  2286. // Credential form: *.DnsDomainName
  2287. credName = TargetInfo->DnsDomainName;
  2288. }
  2289. else
  2290. {
  2291. usePrefixWildcard = FALSE;
  2292. // If we have a DNS domain name, and it is different from the
  2293. // target name and different from the NetBIOS server, if it
  2294. // exists, then use it:
  2295. if ((TargetInfo->DnsDomainName != NULL) &&
  2296. (wcslen(TargetInfo->DnsDomainName) <= maxChars))
  2297. {
  2298. // Credential form: DnsDomainName\*
  2299. credName = TargetInfo->DnsDomainName;
  2300. // Set the target alias, if we have one. Don't change the
  2301. // field otherwise, because it may already have been stored in
  2302. // the old credential which was copied over:
  2303. if (TargetInfo->NetbiosDomainName != NULL)
  2304. {
  2305. ULONG append = wcslen(TargetInfo->NetbiosDomainName);
  2306. if (append <= maxChars)
  2307. {
  2308. StringCchCopyW(
  2309. NewTargetAlias,
  2310. RTL_NUMBER_OF(NewTargetAlias),
  2311. TargetInfo->NetbiosDomainName);
  2312. NewTargetAlias[append + 0] = L'\\';
  2313. NewTargetAlias[append + 1] = L'*';
  2314. NewTargetAlias[append + 2] = L'\0';
  2315. NewCredential.TargetAlias = NewTargetAlias;
  2316. }
  2317. }
  2318. }
  2319. else if ((TargetInfo->NetbiosDomainName != NULL) &&
  2320. (wcslen(TargetInfo->NetbiosDomainName) <= maxChars))
  2321. {
  2322. // Credential form: NetbiosDomainName\*
  2323. credName = TargetInfo->NetbiosDomainName;
  2324. }
  2325. }
  2326. }
  2327. //
  2328. // If we still don't have a target name, select a server target name:
  2329. //
  2330. if (credName == NULL)
  2331. {
  2332. if (TargetInfo->DnsServerName != NULL)
  2333. {
  2334. // Credential form: DnsServerName
  2335. credName = TargetInfo->DnsServerName;
  2336. // Set the target alias, if we have one. Don't change the field
  2337. // otherwise, because it may already have been stored in the old
  2338. // credential which was copied over:
  2339. if (TargetInfo->NetbiosServerName != NULL)
  2340. {
  2341. NewCredential.TargetAlias = TargetInfo->NetbiosServerName;
  2342. }
  2343. }
  2344. else if (TargetInfo->NetbiosServerName != NULL)
  2345. {
  2346. // Credential form: NetbiosServerName
  2347. credName = TargetInfo->NetbiosServerName;
  2348. }
  2349. else
  2350. {
  2351. // Credential form: TargetName
  2352. credName = TargetName;
  2353. }
  2354. AddWildcard = FALSE;
  2355. }
  2356. ASSERT( credName != NULL );
  2357. //
  2358. // If the target name should be wildcarded,
  2359. // add the wildcard
  2360. //
  2361. if ( AddWildcard )
  2362. {
  2363. // Add the wildcard in the required format:
  2364. if (usePrefixWildcard)
  2365. {
  2366. NewTargetName[0] = L'*';
  2367. NewTargetName[1] = L'.';
  2368. StringCchCopyW(
  2369. NewTargetName + 2,
  2370. maxChars + 1,
  2371. credName);
  2372. }
  2373. else
  2374. {
  2375. StringCchCopyW(
  2376. NewTargetName,
  2377. maxChars + 1,
  2378. credName);
  2379. ULONG append = wcslen(NewTargetName);
  2380. ASSERT(append <= maxChars);
  2381. NewTargetName[append + 0] = L'\\';
  2382. NewTargetName[append + 1] = L'*';
  2383. NewTargetName[append + 2] = L'\0';
  2384. }
  2385. } else {
  2386. StringCchCopyW(
  2387. NewTargetName,
  2388. maxChars + 1,
  2389. credName);
  2390. }
  2391. if ( DomainName != NULL ) {
  2392. NetApiBufferFree( DomainName );
  2393. }
  2394. if ( DnsDomainName != NULL ) {
  2395. NetApiBufferFree( DnsDomainName );
  2396. }
  2397. if ( DnsForestName != NULL ) {
  2398. NetApiBufferFree( DnsForestName );
  2399. }
  2400. if ( ComputerName != NULL ) {
  2401. NetApiBufferFree( ComputerName );
  2402. }
  2403. }
  2404. //=============================================================================
  2405. // CreduiPasswordDialog::UsernameHandleOk
  2406. //
  2407. // Do the username part of "HandleOk". The caller should already have filled in
  2408. // UserName as typed by the user. On succes, UserName may be modified to reflect
  2409. // completion flags.
  2410. //
  2411. // This part of HandleOk is split out because command line is considered to have two
  2412. // OKs. The first is when the user hits 'enter' after typing the username. So
  2413. // username validation happens then by calling this routine.
  2414. //
  2415. // Returns:
  2416. // NO_ERROR: if the user name is OK.
  2417. // ERROR_BAD_USERNAME: if the username syntax is bad
  2418. // ERROR_DOWNGRADE_DETECTED: if the username doesn't match downgrade requirements
  2419. //
  2420. //=============================================================================
  2421. DWORD
  2422. CreduiPasswordDialog::UsernameHandleOk()
  2423. {
  2424. DWORD WinStatus;
  2425. BOOL isMarshaled = LocalCredIsMarshaledCredentialW(UserName);
  2426. CreduiDebugLog("UsernameHandleOK: Flags = %x\n",Flags);
  2427. //
  2428. // Compute the credential type based on the new username
  2429. //
  2430. if ( CredCategory != GENERIC_CATEGORY )
  2431. {
  2432. if (isMarshaled)
  2433. {
  2434. NewCredential.Type = CRED_TYPE_DOMAIN_CERTIFICATE;
  2435. }
  2436. else
  2437. {
  2438. // ISSUE: large stack allocation
  2439. SSOPACKAGE SSOPackage;
  2440. // look in registry
  2441. if ( GetSSOPackageInfo( TargetInfo, &SSOPackage ) )
  2442. {
  2443. // it's an sso cred
  2444. NewCredential.Type = CRED_TYPE_DOMAIN_VISIBLE_PASSWORD;
  2445. MaximumPersist = MaximumPersistSso;
  2446. }
  2447. else
  2448. {
  2449. // just a regular domain cred
  2450. NewCredential.Type = CRED_TYPE_DOMAIN_PASSWORD;
  2451. }
  2452. }
  2453. // Set the flag for username target cred
  2454. if ( CredCategory == USERNAME_TARGET_CATEGORY ) {
  2455. NewCredential.Flags |= CRED_FLAGS_USERNAME_TARGET;
  2456. }
  2457. }
  2458. else
  2459. {
  2460. NewCredential.Type = CRED_TYPE_GENERIC;
  2461. }
  2462. //
  2463. // If the caller wanted the username validated,
  2464. // do so now.
  2465. //
  2466. WinStatus = NO_ERROR;
  2467. if ( NewCredential.Type == CRED_TYPE_DOMAIN_PASSWORD ||
  2468. (Flags & CREDUI_FLAGS_COMPLETE_USERNAME) != 0 ) {
  2469. if ( !CompleteUserName() ) {
  2470. WinStatus = ERROR_BAD_USERNAME;
  2471. }
  2472. } else if ( Flags & CREDUI_FLAGS_VALIDATE_USERNAME ) {
  2473. WCHAR user[CREDUI_MAX_USERNAME_LENGTH+1];
  2474. WCHAR domain[CREDUI_MAX_USERNAME_LENGTH+1];
  2475. WinStatus = CredUIParseUserNameW( UserName,
  2476. user,
  2477. sizeof(user)/sizeof(WCHAR),
  2478. domain,
  2479. sizeof(domain)/sizeof(WCHAR) );
  2480. if (WinStatus != NO_ERROR) {
  2481. WinStatus = ERROR_BAD_USERNAME;
  2482. }
  2483. }
  2484. //
  2485. // If all is good so far,
  2486. // and we were originally called because of a downgrade detection,
  2487. // and the user typed his logon creds,
  2488. // fail so that the downgrade attacker doesn't "win".
  2489. //
  2490. if ( WinStatus == NO_ERROR &&
  2491. CREDUIP_IS_DOWNGRADE_ERROR( AuthError ) ) {
  2492. WCHAR UserNameBuffer[CRED_MAX_USERNAME_LENGTH+1];
  2493. ULONG UserNameLength;
  2494. //
  2495. // If the typed name is the sam compatible name,
  2496. // fail.
  2497. //
  2498. UserNameLength = sizeof(UserNameBuffer)/sizeof(WCHAR);
  2499. if ( GetUserNameEx( NameSamCompatible,
  2500. UserNameBuffer,
  2501. &UserNameLength ) ) {
  2502. if ( _wcsicmp( UserNameBuffer, UserName ) == 0 ) {
  2503. WinStatus = ERROR_DOWNGRADE_DETECTED;
  2504. }
  2505. }
  2506. //
  2507. // If the typed name is the UPN,
  2508. // fail.
  2509. //
  2510. UserNameLength = sizeof(UserNameBuffer)/sizeof(WCHAR);
  2511. if ( WinStatus == NO_ERROR &&
  2512. wcsrchr( UserName, L'@' ) != NULL &&
  2513. GetUserNameEx( NameUserPrincipal,
  2514. UserNameBuffer,
  2515. &UserNameLength ) ) {
  2516. if ( _wcsicmp( UserNameBuffer, UserName ) == 0 ) {
  2517. WinStatus = ERROR_DOWNGRADE_DETECTED;
  2518. }
  2519. }
  2520. }
  2521. // if (NULL == UserName) CreduiDebugLog("Exit UsernameHandleOK: Username NULL, Flags = %x\n",Flags);
  2522. // else CreduiDebugLog("Exit UsernameHandleOK: UserName = %S, Flags = %x\n", UserName, Flags);
  2523. return WinStatus;
  2524. }
  2525. //=============================================================================
  2526. // CreduiPasswordDialog::HandleOk
  2527. //
  2528. // Returns ERROR_SUCCESS on success, ERROR_NO_SUCH_LOGON_SESSION if credential
  2529. // manager cannot be used to write the credential, or an error from CredWrite
  2530. // or FinishHandleOk.
  2531. //
  2532. // Created 02/25/2000 johnstep (John Stephens)
  2533. //=============================================================================
  2534. DWORD
  2535. CreduiPasswordDialog::HandleOk()
  2536. {
  2537. // Get the user name, password, and other settings from the dialog:
  2538. if (!Credential_GetUserName(CredControlWindow,
  2539. UserName,
  2540. UserNameMaxChars))
  2541. {
  2542. return ERROR_GEN_FAILURE;
  2543. }
  2544. #ifdef SETWILDCARD
  2545. // if is wildcard cred, see if username entered in control matches the
  2546. // cred username. If not, override the old credential.
  2547. // gm 112901: Create a server specific cred on any username change on a cred
  2548. // involving a wildcard
  2549. //if ( CreduiIsSpecialCredential(&NewCredential) )
  2550. if ((NewCredential.TargetName != NULL) && (wcschr(NewCredential.TargetName,L'*')))
  2551. {
  2552. if (0 != _wcsicmp(OldUserName,UserName) )
  2553. {
  2554. // Change the TargetName from special cred to explicit target passed by caller
  2555. ZeroMemory(&NewCredential,sizeof NewCredential);
  2556. SetCredTargetFromInfo();
  2557. NewCredential.UserName = UserName;
  2558. }
  2559. }
  2560. #endif
  2561. // If we cannot get the password, then this is probably a certificate
  2562. // so just set a blank password, which will result in no credential
  2563. // blob:
  2564. BOOL gotPassword =
  2565. Credential_GetPassword(CredControlWindow,
  2566. Password,
  2567. PasswordMaxChars);
  2568. if (!gotPassword)
  2569. {
  2570. Password[0] = L'\0';
  2571. }
  2572. //
  2573. // Get the state of the Save checkbox
  2574. //
  2575. if ( CredControlStyle & CRS_SAVECHECK )
  2576. {
  2577. Save = Credential_IsSaveChecked(CredControlWindow);
  2578. }
  2579. else
  2580. {
  2581. // fInitialSaveState was set in InitWindow(), taking into account passed flags
  2582. // and the state of the initial save variable.
  2583. Save = fInitialSaveState;
  2584. }
  2585. DWORD error = ERROR_SUCCESS;
  2586. if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST))
  2587. {
  2588. //
  2589. // Only save the credential if the user checked the 'save' checkbox
  2590. //
  2591. if ( Save ) {
  2592. //
  2593. // Keep any existing persistence or use the maximum persistance available.
  2594. //
  2595. if (OldCredential != NULL) {
  2596. NewCredential.Persist = OldCredential->Persist;
  2597. } else {
  2598. NewCredential.Persist = MaximumPersist;
  2599. }
  2600. //
  2601. // The credential might still be saved if the caller didn't asked for the creds
  2602. // to be returned.
  2603. //
  2604. // ISSUE-2000/12/04-CliffV: Such callers are buggy. We should assign bugs and get them fixed.
  2605. //
  2606. } else {
  2607. NewCredential.Persist = CRED_PERSIST_SESSION;
  2608. }
  2609. if ( CredCategory == GENERIC_CATEGORY || PasswordState == PASSWORD_CHANGED )
  2610. {
  2611. // Attempt to write the new credential, first get the length. The blob
  2612. // does not include the terminating NULL:
  2613. NewCredential.CredentialBlobSize = wcslen(Password) * sizeof (WCHAR);
  2614. }
  2615. else
  2616. {
  2617. NewCredential.CredentialBlobSize = 0;
  2618. }
  2619. // If the password is empty, there is nothing to write:
  2620. if (NewCredential.CredentialBlobSize == 0)
  2621. {
  2622. NewCredential.CredentialBlob = NULL;
  2623. }
  2624. else
  2625. {
  2626. NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
  2627. }
  2628. }
  2629. //
  2630. // Validate the username
  2631. //
  2632. error = UsernameHandleOk();
  2633. //
  2634. // Save the credentials as required
  2635. //
  2636. if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST) &&
  2637. error == ERROR_SUCCESS ) {
  2638. //
  2639. // Only save the credential if the user checked the 'save' checkbox
  2640. //
  2641. // Also store them for callers that didn't ask for creds to be returned
  2642. //
  2643. // Also store them for Branded credenials
  2644. //
  2645. if ( Save ||
  2646. !DelayCredentialWrite ||
  2647. dwIDDResource == IDD_BRANDEDPASSWORD ) {
  2648. error = FinishHandleOk();
  2649. // Bug 230648: CredWrite could come back with ERROR_INVALID_PASSWORD here
  2650. }
  2651. else if ( fInitialSaveState && !Save )
  2652. {
  2653. // user unchecked the save box, delete the cred
  2654. LocalCredDeleteW ( NewCredential.TargetName,
  2655. NewCredential.Type,
  2656. 0 );
  2657. } else {
  2658. error = ERROR_SUCCESS;
  2659. }
  2660. if (error == ERROR_SUCCESS)
  2661. {
  2662. if ( DialogWindow ) {
  2663. EndDialog(DialogWindow, IDOK);
  2664. }
  2665. return error;
  2666. }
  2667. else if (error == ERROR_NO_SUCH_LOGON_SESSION)
  2668. {
  2669. if ( DialogWindow ) {
  2670. EndDialog(DialogWindow, IDCANCEL);
  2671. }
  2672. return error;
  2673. }
  2674. // can still fall out of this block with ERROR_INVALID_PASSWORD
  2675. Credential_SetUserName(CredControlWindow, UserName);
  2676. }
  2677. //
  2678. // If the credential couldn't be written,
  2679. // let the user type a better one.
  2680. //
  2681. if ((error != ERROR_SUCCESS) &&
  2682. (error != ERROR_NO_SUCH_LOGON_SESSION))
  2683. {
  2684. // For some reason we failed to write the credential:
  2685. if ( error == ERROR_DOWNGRADE_DETECTED )
  2686. {
  2687. SendMessage(CredControlWindow,
  2688. CRM_SHOWBALLOON,
  2689. 0,
  2690. reinterpret_cast<LPARAM>(&CreduiDowngradeBalloon));
  2691. }
  2692. else if ( error == ERROR_INVALID_PASSWORD )
  2693. {
  2694. // for now, use preexisting credui mechanism, though that may go away in
  2695. // lieu of shell's global implementation using EM_SHOWBALLOONTIP
  2696. Credential_ShowPasswordBalloon(CredControlWindow,
  2697. TTI_INFO,
  2698. CreduiStrings.PasswordTipTitle,
  2699. CreduiStrings.PasswordTipText);
  2700. }
  2701. else
  2702. {
  2703. if ( dwIDDResource == IDD_BRANDEDPASSWORD )
  2704. {
  2705. SendMessage(CredControlWindow,
  2706. CRM_SHOWBALLOON,
  2707. 0,
  2708. reinterpret_cast<LPARAM>(&CreduiEmailNameBalloon));
  2709. }
  2710. else
  2711. {
  2712. SendMessage(CredControlWindow,
  2713. CRM_SHOWBALLOON,
  2714. 0,
  2715. reinterpret_cast<LPARAM>(&CreduiUserNameBalloon));
  2716. }
  2717. }
  2718. }
  2719. return error;
  2720. }
  2721. DWORD CreduiPasswordDialog::CmdlinePasswordPrompt()
  2722. /*++
  2723. Routine Description:
  2724. Command line code get username and password as needed from the user.
  2725. UserName and Password strings set in their respective controls.
  2726. Arguments:
  2727. None
  2728. Return Values:
  2729. Status of the operation.
  2730. --*/
  2731. {
  2732. DWORD WinStatus;
  2733. WCHAR szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH + 1];
  2734. ULONG LocalUserNameLength = 0;
  2735. WCHAR LocalPassword[CREDUI_MAX_PASSWORD_LENGTH + 1];
  2736. WCHAR LocalUserName[CREDUI_MAX_USERNAME_LENGTH + 1] = {0};
  2737. BOOL bNeedUserNamePrompt = FALSE;
  2738. //
  2739. // Get the username passed into the API
  2740. //
  2741. if (!Credential_GetUserName(CredControlWindow,
  2742. UserName,
  2743. UserNameMaxChars))
  2744. {
  2745. UserName[0] = '\0';
  2746. }
  2747. // FIX352582 - allow update of wildcard creds. Matched wildcard cred presents
  2748. // username. User should see it and be able to override it.
  2749. //bNeedUserNamePrompt = (UserName[0] == '\0');
  2750. // FIX 399728 - prevent username prompting if the name was passed explicitly
  2751. if (fPassedUsername) bNeedUserNamePrompt = FALSE;
  2752. else if (!(Flags & USERNAME_TARGET_CATEGORY)) bNeedUserNamePrompt = TRUE;
  2753. //
  2754. // Loop getting the username until the user types a valid one
  2755. //
  2756. while ( bNeedUserNamePrompt ) {
  2757. //
  2758. // Prompt for username
  2759. //
  2760. if (UserName[0] != 0)
  2761. {
  2762. WCHAR *rgsz[2];
  2763. rgsz[0] = UserName;
  2764. rgsz[1] = TargetName;
  2765. szMsg[0] = 0;
  2766. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2767. CreduiInstance,
  2768. IDS_PASSEDNAME_PROMPT,
  2769. 0,
  2770. szMsg,
  2771. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2772. (va_list *) rgsz);
  2773. }
  2774. else
  2775. {
  2776. WCHAR *rgsz[2];
  2777. rgsz[0] = TargetName;
  2778. rgsz[1] = 0;
  2779. szMsg[0] = 0;
  2780. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2781. CreduiInstance,
  2782. IDS_USERNAME_PROMPT,
  2783. 0,
  2784. szMsg,
  2785. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2786. (va_list *) rgsz);
  2787. }
  2788. szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH] = L'\0';
  2789. CredPutStdout( szMsg );
  2790. CredGetStdin( LocalUserName, UserNameMaxChars, TRUE );
  2791. LocalUserNameLength = wcslen( LocalUserName );
  2792. // If nothing entered and nothing passed, bail.
  2793. // If nothing entered and a previous value exists, use previous value unchanged
  2794. // else use overwrite old value with new value
  2795. if ( LocalUserNameLength == 0 ) {
  2796. if (UserName[0] == '\0')
  2797. {
  2798. WinStatus = ERROR_CANCELLED;
  2799. goto Cleanup;
  2800. }
  2801. }
  2802. else
  2803. {
  2804. StringCchCopyW(
  2805. UserName,
  2806. UserNameMaxChars,
  2807. LocalUserName);
  2808. }
  2809. CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
  2810. "Username : %S\n",
  2811. UserName );
  2812. //
  2813. // See if the username is valid (and optional complete the new name)
  2814. //
  2815. WinStatus = UsernameHandleOk();
  2816. if ( WinStatus != NO_ERROR ) {
  2817. // invalid username, put up message and try again
  2818. if ( WinStatus == ERROR_DOWNGRADE_DETECTED ) {
  2819. szMsg[0] = 0;
  2820. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2821. CreduiInstance,
  2822. IDS_DOWNGRADE_CMD_TEXT,
  2823. 0,
  2824. szMsg,
  2825. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2826. NULL);
  2827. CredPutStdout(szMsg);
  2828. UserName[0] = 0;
  2829. } else {
  2830. szMsg[0] = 0;
  2831. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2832. CreduiInstance,
  2833. IDS_INVALID_USERNAME,
  2834. 0,
  2835. szMsg,
  2836. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2837. NULL);
  2838. CredPutStdout(szMsg);
  2839. UserName[0] = 0;
  2840. }
  2841. CredPutStdout( L"\n" );
  2842. continue;
  2843. }
  2844. //
  2845. // Save the username in the control as though the GUI prompted for it
  2846. //
  2847. if ( !Credential_SetUserName( CredControlWindow, UserName ) ) {
  2848. WinStatus = GetLastError();
  2849. CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
  2850. "OnSetUserName failed: %u\n",
  2851. WinStatus );
  2852. goto Cleanup;
  2853. }
  2854. break;
  2855. }
  2856. //
  2857. // Prompt for a password
  2858. //
  2859. //FIX216477 detect marshalled name and change the prompt string
  2860. // to a generic one for any certificate
  2861. if (CredIsMarshaledCredentialW( UserName )) {
  2862. {
  2863. WCHAR *rgsz[2];
  2864. rgsz[0] = TargetName;
  2865. szMsg[0] = 0;
  2866. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2867. CreduiInstance,
  2868. IDS_CERTIFICATE_PROMPT,
  2869. 0,
  2870. szMsg,
  2871. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2872. (va_list *) rgsz);
  2873. }
  2874. }
  2875. else if ((Flags & USERNAME_TARGET_CATEGORY) || (LocalUserNameLength != 0))
  2876. {
  2877. WCHAR *rgsz[2];
  2878. rgsz[0] = TargetName;
  2879. szMsg[0] = 0;
  2880. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2881. CreduiInstance,
  2882. IDS_SIMPLEPASSWORD_PROMPT,
  2883. 0,
  2884. szMsg,
  2885. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2886. (va_list *) rgsz);
  2887. } else {
  2888. WCHAR *rgsz[2];
  2889. rgsz[0] = UserName;
  2890. rgsz[1] = TargetName;
  2891. szMsg[0] = 0;
  2892. FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
  2893. CreduiInstance,
  2894. IDS_PASSWORD_PROMPT,
  2895. 0,
  2896. szMsg,
  2897. CREDUI_MAX_CMDLINE_MSG_LENGTH,
  2898. (va_list *) rgsz);
  2899. szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH] = L'\0';
  2900. }
  2901. CredPutStdout( szMsg );
  2902. CredGetStdin( LocalPassword, CREDUI_MAX_PASSWORD_LENGTH, FALSE );
  2903. //
  2904. // Save the password in the control as though the GUI prompted for it
  2905. //
  2906. if ( !Credential_SetPassword( CredControlWindow, LocalPassword ) ) {
  2907. WinStatus = GetLastError();
  2908. CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
  2909. "OnSetPassword failed: %u\n",
  2910. WinStatus );
  2911. goto Cleanup;
  2912. }
  2913. WinStatus = NO_ERROR;
  2914. //
  2915. // Tell our parent window that we're done prompting
  2916. //
  2917. Cleanup:
  2918. SecureZeroMemory(LocalPassword, sizeof LocalPassword);
  2919. return WinStatus;
  2920. }
  2921. //=============================================================================
  2922. // CreduiPasswordDialog::CmdLineMessageHandlerCallback
  2923. //
  2924. //
  2925. // The command line message handler function
  2926. //
  2927. // Arguments:
  2928. // Window (in)
  2929. // message (in)
  2930. // wParam (in)
  2931. // lParam (in)
  2932. //
  2933. //=============================================================================
  2934. LRESULT
  2935. CALLBACK
  2936. CreduiPasswordDialog::CmdLineMessageHandlerCallback(
  2937. HWND window,
  2938. UINT message,
  2939. WPARAM wParam,
  2940. LPARAM lParam
  2941. )
  2942. {
  2943. // CreduiDebugLog( "CmdLine Callback: %8.8lx %8.8lx %8.8lx\n", message, wParam, lParam );
  2944. // on window message, retrieve object ptr from window data ptr
  2945. // call class object handler function.
  2946. CreduiPasswordDialog *that =
  2947. reinterpret_cast<CreduiPasswordDialog *>(
  2948. GetWindowLongPtr(window, GWLP_USERDATA));
  2949. if (that != NULL) {
  2950. ASSERT(window == that->CmdLineWindow);
  2951. return that->CmdLineMessageHandler(message, wParam, lParam);
  2952. }
  2953. if (message == WM_CREATE)
  2954. {
  2955. DWORD WinStatus;
  2956. LPCREATESTRUCT lpCreateStruct = (LPCREATESTRUCT)lParam;
  2957. that = (CreduiPasswordDialog *)lpCreateStruct->lpCreateParams;
  2958. if (that != NULL) {
  2959. //
  2960. // Initialize the window
  2961. //
  2962. if (!that->InitWindow( window )) {
  2963. PostQuitMessage( ERROR_CANCELLED );
  2964. return 0;
  2965. }
  2966. SetWindowPos ( window, HWND_BOTTOM, 0,0,0,0, SWP_NOMOVE | SWP_NOSIZE | SWP_NOZORDER | SWP_NOACTIVATE | SWP_FRAMECHANGED );
  2967. //
  2968. // For passwords,
  2969. // prompt here.
  2970. //
  2971. // It is better to prompt here than in the control window since
  2972. // command line has to do user name completion and that is done at this layer.
  2973. //
  2974. if ( (that->Flags & CREDUI_FLAGS_REQUIRE_SMARTCARD) == 0 ) {
  2975. WinStatus = that->CmdlinePasswordPrompt();
  2976. if ( WinStatus != NO_ERROR ) {
  2977. PostQuitMessage( WinStatus );
  2978. return 0;
  2979. }
  2980. }
  2981. //
  2982. // For smartcards,
  2983. // Prompt in the control window since it supports smart card enumeration
  2984. // For password,
  2985. // prompt where to save the cred.
  2986. //
  2987. WinStatus = (DWORD) SendMessage(that->CredControlWindow, CRM_DOCMDLINE, 0, (LPARAM)that->TargetName );
  2988. if ( WinStatus != NO_ERROR ) {
  2989. PostQuitMessage( WinStatus );
  2990. return 0;
  2991. }
  2992. }
  2993. return 0;
  2994. }
  2995. return DefWindowProc(window, message, wParam, lParam);
  2996. }
  2997. //=============================================================================
  2998. // CreduiPasswordDialog::CmdLineMessageHandler
  2999. //
  3000. // Called from the control window callback to handle the window messages.
  3001. //
  3002. // Arguments:
  3003. // message (in)
  3004. // wParam (in)
  3005. // lParam (in)
  3006. //
  3007. //=============================================================================
  3008. LRESULT
  3009. CreduiPasswordDialog::CmdLineMessageHandler(
  3010. UINT message,
  3011. WPARAM wParam,
  3012. LPARAM lParam
  3013. )
  3014. {
  3015. return SendMessage( CredControlWindow, message, wParam, lParam );
  3016. }
  3017. //=============================================================================
  3018. // CreduiPasswordDialog::DialogMessageHandlerCallback
  3019. //
  3020. // This is the actual callback function for the dialog window. On the intial
  3021. // create, this handles WM_INITDIALOG. After that, it is only responsible for
  3022. // getting the this pointer and calling DialogMessageHandler.
  3023. //
  3024. // Arguments:
  3025. // dialogWindow (in)
  3026. // message (in)
  3027. // wParam (in)
  3028. // lParam (in)
  3029. //
  3030. // Returns TRUE if the message was handled or FALSE otherwise. FALSE is also
  3031. // returned in special cases such as WM_INITDIALOG.
  3032. //
  3033. // Created 02/25/2000 johnstep (John Stephens)
  3034. //=============================================================================
  3035. INT_PTR
  3036. CALLBACK
  3037. CreduiPasswordDialog::DialogMessageHandlerCallback(
  3038. HWND dialogWindow,
  3039. UINT message,
  3040. WPARAM wParam,
  3041. LPARAM lParam
  3042. )
  3043. {
  3044. //CreduiDebugLog( "Dialog Callback: %8.8lx %8.8lx %8.8lx\n", message, wParam, lParam );
  3045. CreduiPasswordDialog *that =
  3046. reinterpret_cast<CreduiPasswordDialog *>(
  3047. GetWindowLongPtr(dialogWindow, GWLP_USERDATA));
  3048. if (that != NULL)
  3049. {
  3050. ASSERT(dialogWindow == that->DialogWindow);
  3051. return that->DialogMessageHandler(message, wParam, lParam);
  3052. }
  3053. if (message == WM_INITDIALOG)
  3054. {
  3055. that = reinterpret_cast<CreduiPasswordDialog *>(lParam);
  3056. if (that != NULL)
  3057. {
  3058. if (!that->InitWindow(dialogWindow))
  3059. {
  3060. EndDialog(dialogWindow, IDCANCEL);
  3061. }
  3062. }
  3063. }
  3064. return FALSE;
  3065. }
  3066. //=============================================================================
  3067. // CreduiPasswordDialog::DialogMessageHandler
  3068. //
  3069. // Called from the dialog window callback to handle the window messages.
  3070. //
  3071. // Arguments:
  3072. // message (in)
  3073. // wParam (in)
  3074. // lParam (in)
  3075. //
  3076. // Returns TRUE if the message was handled or FALSE otherwise.
  3077. //
  3078. // Created 02/25/2000 johnstep (John Stephens)
  3079. //=============================================================================
  3080. INT_PTR
  3081. CreduiPasswordDialog::DialogMessageHandler(
  3082. UINT message,
  3083. WPARAM wParam,
  3084. LPARAM lParam
  3085. )
  3086. {
  3087. switch (message)
  3088. {
  3089. case WM_NOTIFY:
  3090. {
  3091. int idCtrl = (int)wParam;
  3092. LPNMHDR pnmh = (LPNMHDR)lParam;
  3093. switch (pnmh->code)
  3094. {
  3095. case NM_CLICK:
  3096. case NM_RETURN:
  3097. switch (idCtrl)
  3098. {
  3099. case IDC_GETALINK:
  3100. {
  3101. DWORD dwResult;
  3102. if ( TryLauchRegWizard ( &SSOPackage, DialogWindow, TRUE /* HasLogonSession */,
  3103. UserName, UserNameMaxChars,
  3104. Password, PasswordMaxChars,
  3105. &dwResult ))
  3106. {
  3107. // end dialog, Result
  3108. if ( dwResult == ERROR_SUCCESS )
  3109. {
  3110. EndDialog(DialogWindow, IDOK);
  3111. return TRUE;
  3112. }
  3113. }
  3114. else
  3115. {
  3116. // if we couldn't launch the wizard, try the web page.
  3117. if ( wcslen(SSOPackage.szRegURL) > 0 )
  3118. {
  3119. ShellExecute ( NULL,
  3120. NULL,
  3121. SSOPackage.szRegURL,
  3122. NULL,
  3123. NULL,
  3124. SW_SHOWNORMAL );
  3125. }
  3126. }
  3127. }
  3128. break;
  3129. case IDC_HELPLINK:
  3130. if ( wcslen(SSOPackage.szHelpURL) > 0 )
  3131. {
  3132. ShellExecute ( NULL,
  3133. NULL,
  3134. SSOPackage.szHelpURL,
  3135. NULL,
  3136. NULL,
  3137. SW_SHOWNORMAL );
  3138. }
  3139. break;
  3140. }
  3141. }
  3142. }
  3143. break;
  3144. case WM_COMMAND:
  3145. switch (LOWORD(wParam))
  3146. {
  3147. case IDOK:
  3148. Result = HandleOk();
  3149. if (Result != ERROR_SUCCESS)
  3150. {
  3151. if (Result == ERROR_NO_SUCH_LOGON_SESSION)
  3152. {
  3153. wParam = IDCANCEL;
  3154. }
  3155. else
  3156. {
  3157. return TRUE;
  3158. }
  3159. }
  3160. // Fall through...
  3161. case IDCANCEL:
  3162. EndDialog(DialogWindow, LOWORD(wParam));
  3163. return TRUE;
  3164. case IDC_CRED:
  3165. if (HIWORD(wParam) == CRN_USERNAMECHANGE)
  3166. {
  3167. BOOL enable = TRUE;
  3168. LONG length = Credential_GetUserNameLength(CredControlWindow);
  3169. // Validate the user name:
  3170. if ( CredCategory == DOMAIN_CATEGORY &&
  3171. ((TargetInfo == NULL) ||
  3172. !(TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)))
  3173. {
  3174. enable = length > 0;
  3175. }
  3176. else
  3177. {
  3178. enable = length != -1;
  3179. }
  3180. if (enable)
  3181. {
  3182. EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
  3183. DisabledControlMask &= ~DISABLED_CONTROL_OK;
  3184. }
  3185. else
  3186. {
  3187. EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
  3188. DisabledControlMask |= DISABLED_CONTROL_OK;
  3189. }
  3190. }
  3191. else if (HIWORD(wParam) == CRN_PASSWORDCHANGE)
  3192. {
  3193. if (PasswordState == PASSWORD_INIT)
  3194. {
  3195. PasswordState = PASSWORD_CHANGED;
  3196. }
  3197. }
  3198. return TRUE;
  3199. }
  3200. break;
  3201. case WM_ENTERSIZEMOVE:
  3202. Credential_HideBalloon(CredControlWindow);
  3203. return TRUE;
  3204. case WM_PAINT:
  3205. if (FirstPaint && GetUpdateRect(DialogWindow, NULL, FALSE))
  3206. {
  3207. FirstPaint = FALSE;
  3208. if (CredBalloon != NULL)
  3209. {
  3210. SendMessage(CredControlWindow,
  3211. CRM_SHOWBALLOON,
  3212. 0,
  3213. reinterpret_cast<LPARAM>(CredBalloon));
  3214. }
  3215. CredBalloon = NULL;
  3216. }
  3217. break;
  3218. }
  3219. return FALSE;
  3220. }
  3221. // looks for an existing cred with the same name as that of pNewCredential and demotes it to
  3222. // username only
  3223. void DemoteOldDefaultSSOCred (
  3224. PCREDENTIAL_TARGET_INFORMATION pTargetInfo, // target info of new cred
  3225. DWORD Flags
  3226. )
  3227. {
  3228. CREDENTIALW **credentialSet = NULL;
  3229. DWORD count;
  3230. if ( pTargetInfo == NULL )
  3231. return;
  3232. if (LocalCredReadDomainCredentialsW( pTargetInfo, 0, &count,
  3233. &credentialSet))
  3234. {
  3235. PCREDENTIAL pOldCredential = NULL;
  3236. for ( DWORD i = 0; i < count; i++ )
  3237. {
  3238. #ifndef SETWILDCARD
  3239. //
  3240. // Ignore RAS and wildcard credentials,
  3241. // we never want credUI to change such a credential.
  3242. //
  3243. if ( CreduiIsSpecialCredential(credentialSet[i]) )
  3244. {
  3245. continue;
  3246. }
  3247. #endif
  3248. //
  3249. // CredReadDomain domain credentials returns creds in preference
  3250. // order as specified by the TargetInfo.
  3251. // So use the first valid one.
  3252. //
  3253. if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD )
  3254. {
  3255. pOldCredential = credentialSet[i];
  3256. break;
  3257. }
  3258. }
  3259. if ( pOldCredential != NULL )
  3260. {
  3261. // save this under the username
  3262. pOldCredential->Persist = CRED_PERSIST_ENTERPRISE;
  3263. pOldCredential->CredentialBlob = NULL;
  3264. pOldCredential->CredentialBlobSize = 0;
  3265. pOldCredential->TargetName = pOldCredential->UserName;
  3266. pOldCredential->Flags = CRED_FLAGS_USERNAME_TARGET;
  3267. WriteCred( pOldCredential->UserName,
  3268. Flags,
  3269. NULL,
  3270. pOldCredential,
  3271. 0,
  3272. FALSE,
  3273. FALSE);
  3274. }
  3275. }
  3276. if (credentialSet != NULL)
  3277. {
  3278. LocalCredFree(static_cast<VOID *>(credentialSet));
  3279. }
  3280. }