Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

4027 lines
123 KiB

//=============================================================================
// Copyright (c) 2000 Microsoft Corporation
//
// dialogs.cpp
//
// Credential manager user interface classes used to get credentials.
//
// Created 02/29/2000 johnstep (John Stephens)
//=============================================================================
#include "precomp.hpp"
#include "shellapi.h"
#include "dialogs.hpp"
#include "resource.h"
#include "utils.hpp"
#include "shpriv.h"
#include "shlobj.h"
#include "shlobjp.h"
// compile switch to allow credui to update wildcard creds
#define SETWILDCARD
NET_API_STATUS NetUserChangePasswordEy(LPCWSTR domainname, LPCWSTR username, LPCWSTR oldpassword, LPCWSTR newpassword);
// .NET logo sizes
#define BRANDLEFT_PIXEL_WIDTH 3
#define BRANDLEFT_PIXEL_HEIGHT 4
#define BRANDMID_PIXEL_HEIGHT 4
#define BRANDRIGHT_PIXEL_WIDTH 144
#define BRANDRIGHT_PIXEL_HEIGHT 37
//-----------------------------------------------------------------------------
// Values
//-----------------------------------------------------------------------------
#define CREDUI_MAX_WELCOME_TEXT_LINES 8
#define CREDUI_MAX_LOGO_HEIGHT 80
#define CREDUI_MAX_CMDLINE_MSG_LENGTH 256
//-----------------------------------------------------------------------------
// Global Variables
//-----------------------------------------------------------------------------
// Balloon tip infos for change password dialog:
CONST CREDUI_BALLOON_TIP_INFO CreduiWrongOldTipInfo =
{
CreduiStrings.WrongOldTipTitle,
CreduiStrings.WrongOldTipText,
TTI_ERROR, 96, 76
};
CONST CREDUI_BALLOON_TIP_INFO CreduiNotSameTipInfo =
{
CreduiStrings.NotSameTipTitle,
CreduiStrings.NotSameTipText,
TTI_ERROR, 96, 76
};
CONST CREDUI_BALLOON_TIP_INFO CreduiTooShortTipInfo =
{
CreduiStrings.TooShortTipTitle,
CreduiStrings.TooShortTipText,
TTI_ERROR, 96, 76
};
// Control balloons for password dialog:
CONST CREDUI_BALLOON CreduiUserNameBalloon =
{
1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_INFO,
CreduiStrings.UserNameTipTitle,
CreduiStrings.UserNameTipText
};
CONST CREDUI_BALLOON CreduiEmailNameBalloon =
{
1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_INFO,
CreduiStrings.EmailNameTipTitle,
CreduiStrings.EmailNameTipText
};
CONST CREDUI_BALLOON CreduiDowngradeBalloon =
{
1, CREDUI_CONTROL_USERNAME, CREDUI_BALLOON_ICON_ERROR,
CreduiStrings.LogonTipTitle,
CreduiStrings.DowngradeTipText
};
CONST CREDUI_BALLOON CreduiLogonBalloon =
{
1, CREDUI_CONTROL_PASSWORD, CREDUI_BALLOON_ICON_ERROR,
CreduiStrings.LogonTipTitle,
CreduiStrings.LogonTipText
};
CONST CREDUI_BALLOON CreduiLogonCapsBalloon =
{
1, CREDUI_CONTROL_PASSWORD, CREDUI_BALLOON_ICON_ERROR,
CreduiStrings.LogonTipTitle,
CreduiStrings.LogonTipCaps
};
// Placehold for known password:
CONST WCHAR CreduiKnownPassword[] = L"********";
//-----------------------------------------------------------------------------
// Functions
//-----------------------------------------------------------------------------
void DemoteOldDefaultSSOCred (
PCREDENTIAL_TARGET_INFORMATION pTargetInfo, // target info of new cred
DWORD Flags
);
//=============================================================================
// CreduiChangePasswordCallback
//
// This callback handles changing a domain password.
//
// Arguments:
// changePasswordWindow (in)
// message (in)
// wParam (in)
// lParam (in) - on WM_INITDIALOG, this is the info structure
//
// Returns TRUE if we handled the message, otherwise FALSE.
//
// Created 04/26/2000 johnstep (John Stephens)
//=============================================================================
INT_PTR
CALLBACK
CreduiChangePasswordCallback(
HWND changePasswordWindow,
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
CREDUI_CHANGE_PASSWORD_INFO *info =
reinterpret_cast<CREDUI_CHANGE_PASSWORD_INFO *>(
GetWindowLongPtr(changePasswordWindow, GWLP_USERDATA));
if (message == WM_INITDIALOG)
{
info = reinterpret_cast<CREDUI_CHANGE_PASSWORD_INFO *>(lParam);
if (info != NULL)
{
// Store this object's pointer in the user data window long:
SetWindowLongPtr(changePasswordWindow,
GWLP_USERDATA,
reinterpret_cast<LONG_PTR>(info));
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_USERNAME),
info->UserName);
info->BalloonTip.Init(CreduiInstance, changePasswordWindow);
info->OldPasswordBox.Init(
GetDlgItem(changePasswordWindow, IDC_PASSWORD),
&info->BalloonTip,
&CreduiCapsLockTipInfo);
info->NewPasswordBox.Init(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
&info->BalloonTip,
&CreduiCapsLockTipInfo);
info->ConfirmPasswordBox.Init(
GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
&info->BalloonTip,
&CreduiCapsLockTipInfo);
return TRUE;
}
else
{
EndDialog(changePasswordWindow, IDCANCEL);
}
}
else switch (message)
{
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDC_PASSWORD:
case IDC_NEW_PASSWORD:
if ((HIWORD(wParam) == EN_KILLFOCUS) ||
(HIWORD(wParam) == EN_CHANGE))
{
if (info->BalloonTip.IsVisible())
{
info->BalloonTip.Hide();
}
}
break;
case IDOK:
WCHAR userDomain[CRED_MAX_USERNAME_LENGTH + 1];
WCHAR userName[CRED_MAX_USERNAME_LENGTH + 1];
WCHAR oldPassword[CRED_MAX_STRING_LENGTH + 1];
WCHAR newPassword[CRED_MAX_STRING_LENGTH + 1];
WCHAR confirmPassword[CRED_MAX_STRING_LENGTH + 1];
oldPassword[0] = L'\0';
newPassword[0] = L'\0';
confirmPassword[0] = L'\0';
GetWindowText(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
newPassword,
CRED_MAX_STRING_LENGTH);
GetWindowText(
GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
confirmPassword,
CRED_MAX_STRING_LENGTH);
if (wcscmp(newPassword, confirmPassword) != 0)
{
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
NULL);
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_CONFIRM_PASSWORD),
NULL);
info->BalloonTip.SetInfo(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
&CreduiNotSameTipInfo);
info->BalloonTip.Show();
SecureZeroMemory(newPassword, sizeof newPassword);
SecureZeroMemory(confirmPassword, sizeof confirmPassword);
break;
}
// Confirm password is no longer needed
SecureZeroMemory(confirmPassword, sizeof confirmPassword);
GetWindowText(
GetDlgItem(changePasswordWindow, IDC_PASSWORD),
oldPassword,
CRED_MAX_STRING_LENGTH);
if (CredUIParseUserName(
info->UserName,
userName,
sizeof(userName)/sizeof(WCHAR),
userDomain,
sizeof(userDomain)/sizeof(WCHAR)) == ERROR_SUCCESS)
{
NET_API_STATUS netStatus =
NetUserChangePasswordEy(userDomain,
userName,
oldPassword,
newPassword);
// Old password is no longer needed
SecureZeroMemory(oldPassword, sizeof oldPassword);
switch (netStatus)
{
case NERR_Success:
// Once we make it this far, the password has been
// changed. If the following call fails to update the
// credential, we really cannot do much about it except
// maybe notify the user.
StringCchCopyW(
info->Password,
info->PasswordMaxChars + 1,
newPassword);
// Scrub the passwords on the stack and clear the
// controls:
SecureZeroMemory(newPassword, sizeof newPassword);
// NOTE: We may want to first set the controls to some
// pattern to fill the memory, then clear it.
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_PASSWORD),
NULL);
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
NULL);
SetWindowText(
GetDlgItem(changePasswordWindow,
IDC_CONFIRM_PASSWORD),
NULL);
// NOTE: We may want to notify the user that the password
// has been successfully changed.
break;
default:
// NOTE: If we got an unknown error, just handle it the
// same way as an invalid password, for now:
case ERROR_INVALID_PASSWORD:
// New password is no longer needed
SecureZeroMemory(newPassword, sizeof newPassword);
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_PASSWORD),
NULL);
info->BalloonTip.SetInfo(
GetDlgItem(changePasswordWindow, IDC_PASSWORD),
&CreduiWrongOldTipInfo);
info->BalloonTip.Show();
return TRUE;
case ERROR_ACCESS_DENIED:
// NOTE: One use of this return value is when the new
// password and old are the same. Would any
// configuration ever allow them to match? If not,
// we could just compare before calling the API.
case NERR_PasswordTooShort:
// New password is no longer needed
SecureZeroMemory(newPassword, sizeof newPassword);
SetWindowText(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
NULL);
SetWindowText(
GetDlgItem(changePasswordWindow,
IDC_CONFIRM_PASSWORD),
NULL);
info->BalloonTip.SetInfo(
GetDlgItem(changePasswordWindow, IDC_NEW_PASSWORD),
&CreduiTooShortTipInfo);
info->BalloonTip.Show();
return TRUE;
}
}
else
{
SecureZeroMemory(newPassword, sizeof newPassword);
SecureZeroMemory(oldPassword, sizeof oldPassword);
break;
}
// Fall through...
case IDCANCEL:
EndDialog(changePasswordWindow, LOWORD(wParam));
return TRUE;
}
break;
}
return FALSE;
}
//=============================================================================
// CreduiChangeDomainPassword
//
// Displays a dialog allowing the user to change the domain password.
//
// Arguments:
// parentWindow (in)
// userName (in)
// password (out)
// passwordMaxChars (in) - on WM_INITDIALOG, this is the info structure
//
// Returns TRUE if we handled the message, otherwise FALSE.
//
// Created 06/06/2000 johnstep (John Stephens)
//=============================================================================
BOOL
CreduiChangeDomainPassword(
HWND parentWindow,
CONST WCHAR *userName,
WCHAR *password,
ULONG passwordMaxChars
)
{
CREDUI_CHANGE_PASSWORD_INFO info;
info.UserName = userName;
info.Password = password;
info.PasswordMaxChars = passwordMaxChars;
return
DialogBoxParam(
CreduiInstance,
MAKEINTRESOURCE(IDD_CHANGE_PASSWORD),
parentWindow,
CreduiChangePasswordCallback,
reinterpret_cast<LPARAM>(&info)) == IDOK;
}
//-----------------------------------------------------------------------------
// CreduiPasswordDialog Class Implementation
//-----------------------------------------------------------------------------
LONG CreduiPasswordDialog::Registered = FALSE;
//=============================================================================
// CreduiPasswordDialog::SetCredTargetFromInfo()
//
// Created 04/03/2001 georgema
//=============================================================================
void CreduiPasswordDialog::SetCredTargetFromInfo()
{
BOOL serverOnly = TRUE;
NewCredential.Type = (CredCategory == GENERIC_CATEGORY) ?
CRED_TYPE_GENERIC :
CRED_TYPE_DOMAIN_PASSWORD;
if ( TargetInfo != NULL )
{
if ( TargetInfo->CredTypeCount == 1 && *(TargetInfo->CredTypes) == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD ) {
NewCredential.Type = CRED_TYPE_DOMAIN_VISIBLE_PASSWORD;
MaximumPersist = MaximumPersistSso;
serverOnly = (Flags & CREDUI_FLAGS_SERVER_CREDENTIAL);
}
}
if ( CredCategory == DOMAIN_CATEGORY &&
(TargetInfo != NULL))
{
SelectBestTargetName(serverOnly);
NewCredential.TargetName = NewTargetName;
}
else
{
NewCredential.TargetName = const_cast<WCHAR *>(UserOrTargetName);
}
}
//=============================================================================
// CreduiPasswordDialog::CreduiPasswordDialog
//
// Created 02/25/2000 johnstep (John Stephens)
//=============================================================================
CreduiPasswordDialog::CreduiPasswordDialog(
IN BOOL doingCommandLine,
IN BOOL delayCredentialWrite,
IN DWORD credCategory,
CREDUI_INFO *uiInfo,
CONST WCHAR *targetName,
WCHAR *userName,
ULONG userNameMaxChars,
WCHAR *password,
ULONG passwordMaxChars,
BOOL *save,
DWORD flags,
CtxtHandle *securityContext,
DWORD authError,
DWORD *result
)
/*++
Routine Description:
This routine implements the GUI prompt for credentials
Arguments:
DoingCommandLine - TRUE if prompting is to be done via the command line
FALSE if prompting is to be done via GUI
delayCredentialWrite - TRUE if the credential is to be written only upon confirmation.
FALSE, if the credential is to be written now as a session credential then
morphed to a more persistent credential upon confirmation.
This field is ignored if Flags doesn't specify CREDUI_FLAGS_EXPECT_CONFIRMATION.
credCategory - This is the subset of the "flags" parameter defining the category of
the credential.
...
Return Values:
None
--*/
{
Result = ERROR_CANCELLED;
hBrandBmp = NULL;
// Initialize the result out argument for failure:
if ( result != NULL )
*result = Result;
// Turn on the following chatter always for debug builds
#if DBG
// ensure that we don't miss uninitialized members in test...
memset(this,0xcc,sizeof(CreduiPasswordDialog));
CreduiDebugLog("CreduiPasswordDialog: Constructor. Incoming targetname = %S\n " ,targetName);
CreduiDebugLog("Incoming username = %S\n",userName);
#endif
CREDENTIAL **credentialSet = NULL;
SecPkgContext_CredentialName credentialName = { 0, NULL };
ZeroMemory(&NewCredential, sizeof NewCredential);
fPassedUsername = FALSE;
fPasswordOnly = FALSE;
//FIX 399728
if ((userName != NULL) &&
(wcslen(userName) != 0)) fPassedUsername = TRUE;
// Set most of the class members to valid initial values. The window
// handles will be initialized later if everything succeeds:
DoingCommandLine = doingCommandLine;
DelayCredentialWrite = delayCredentialWrite;
CredCategory = credCategory;
UserName = userName;
UserNameMaxChars = userNameMaxChars;
Password = password;
PasswordMaxChars = passwordMaxChars;
Flags = flags;
AuthError = authError;
Save = (Flags & CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX) ? *save : FALSE;
rcBrand.top = 0;
rcBrand.left = 0;
rcBrand.right = 0;
rcBrand.bottom = 0;
if (targetName != NULL)
{
TargetName = const_cast<WCHAR *>(targetName);
SecurityContext = NULL;
}
else if ( CredCategory == DOMAIN_CATEGORY )
{
if( securityContext == NULL) {
CreduiDebugLog("CreduiPasswordDialog: Need to pass target name for domain creds.\n" );
if ( result != NULL )
*result = ERROR_INVALID_PARAMETER;
return;
}
SecurityContext = securityContext;
// Get the credential name, which includes the type, from the
// security context:
if (QueryContextAttributes(
SecurityContext,
SECPKG_ATTR_CREDENTIAL_NAME,
static_cast<VOID *>(&credentialName)) != SEC_E_OK)
{
// This is an invalid security context for this function:
CreduiDebugLog("CreduiPasswordDialog: Cannot QueryContextAttributes.\n" );
if ( result != NULL )
*result = ERROR_INVALID_PARAMETER;
return;
}
TargetName = credentialName.sCredentialName;
}
else TargetName = NULL;
if (uiInfo != NULL)
{
UiInfo = *uiInfo;
}
else
{
UiInfo.cbSize = sizeof(UiInfo);
UiInfo.hwndParent = NULL;
UiInfo.pszMessageText = NULL;
UiInfo.pszCaptionText = NULL;
UiInfo.hbmBanner = NULL;
}
PasswordCredential = NULL;
OldCredential = NULL;
TargetInfo = NULL;
EncryptedVisiblePassword = TRUE;
FirstPaint = TRUE;
CredBalloon = NULL;
NewTargetName[0] = L'\0';
NewTargetAlias[0] = L'\0';
DisabledControlMask = 0;
PasswordState = PASSWORD_UNINIT;
ResizeTop = 0;
ResizeDelta = 0;
DWORD MaximumPersistArray[CRED_TYPE_MAXIMUM];
if ( LocalCredGetSessionTypes( CRED_TYPE_MAXIMUM, MaximumPersistArray)) {
//
// Maintain "MaximumPersist" as the maximum persistence to use.
// We don't know yet whether this is an SSO cred, so keep it in a separate location
// until we know for sure.
//
// Be careful to not use MaximumPersist until we do know for sure
//
if ( CredCategory == DOMAIN_CATEGORY || CredCategory == USERNAME_TARGET_CATEGORY ) {
MaximumPersist = MaximumPersistArray[CRED_TYPE_DOMAIN_PASSWORD];
} else {
MaximumPersist = MaximumPersistArray[CRED_TYPE_GENERIC];
}
MaximumPersistSso = MaximumPersistArray[CRED_TYPE_DOMAIN_VISIBLE_PASSWORD];
} else {
MaximumPersist = CRED_PERSIST_NONE;
MaximumPersistSso = CRED_PERSIST_NONE;
}
fInitialSaveState = FALSE; // ISSUE: this set at this point has no effect
//
// USERNAME_TARGET creds have two concepts of TargetName
// The target name on the peristed credential needs to be the UserName
// The target name everywhere else is the prompt text
// UserOrTargetName is used in all the former cases.
if ( CredCategory == USERNAME_TARGET_CATEGORY ) {
UserOrTargetName = UserName;
} else {
UserOrTargetName = TargetName;
}
//
// Get the target information for the target
//
// Only attempt to get target information if the target name is not a wildcard name.
//
// Do this regardless of whether the credential will be persisted.
// Target info is used for completing the username.
//
if ( CredCategory == DOMAIN_CATEGORY &&
SecurityContext == NULL &&
!CreduiIsWildcardTargetName(TargetName) &&
LocalCredGetTargetInfoW( TargetName,
CRED_ALLOW_NAME_RESOLUTION,
&TargetInfo) )
{
//
// Check out the target info to ensure it matches the flag bits
// passed by the caller.
//
// If not, ignore the target info.
// We'll assume that the caller is using a different auth package than
// the one matching the cached info.
//
if ( TargetInfo->CredTypeCount != 0 ) {
ULONG AuthPackageStyle;
BOOL CertOk = FALSE;
BOOL PasswordOk = FALSE;
AuthPackageStyle = 0;
//
// Loop through the supported cred types seeing what style the auth package supports
//
for (UINT i = 0; i < TargetInfo->CredTypeCount; ++i)
{
switch ( TargetInfo->CredTypes[i] ) {
case CRED_TYPE_DOMAIN_CERTIFICATE:
CertOk = TRUE;
break;
case CRED_TYPE_DOMAIN_PASSWORD:
case CRED_TYPE_DOMAIN_VISIBLE_PASSWORD:
PasswordOk = TRUE;
break;
}
}
//
// Adjust that for what the caller requires
//
if (Flags & (CREDUI_FLAGS_REQUIRE_SMARTCARD|CREDUI_FLAGS_REQUIRE_CERTIFICATE) ) {
PasswordOk = FALSE;
} else if (Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) {
CertOk = FALSE;
}
//
// If nothing to supported,
// ignore the target info
//
if ( !CertOk && !PasswordOk ) {
LocalCredFree(static_cast<VOID *>(TargetInfo));
TargetInfo = NULL;
}
}
}
//
// If the credential might be peristed,
// determine the existing credential and
// build a template for the credential to be persisted.
//
if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST))
{
// Read the existing credential for this target:
CREDENTIAL *credential = NULL;
Result = ERROR_SUCCESS;
if ( CredCategory == GENERIC_CATEGORY )
{
if (LocalCredReadW(TargetName,
CRED_TYPE_GENERIC,
0,
&PasswordCredential))
{
OldCredential = PasswordCredential;
}
else
{
Result = GetLastError();
}
}
else
{
DWORD count;
//
// If a TargetInfo was found,
// use it to read the matching credentials.
//
if ( TargetInfo != NULL ) {
if (LocalCredReadDomainCredentialsW(TargetInfo, 0, &count,
&credentialSet))
{
for (DWORD i = 0; i < count; ++i)
{
#ifndef SETWILDCARD
//
// Ignore RAS and wildcard credentials,
// we never want credUI to change such a credential.
//
if ( CreduiIsSpecialCredential(credentialSet[i]) ) {
continue;
}
#endif
//
// If the caller needs a server credential,
// ignore wildcard credentials.
//
if ((Flags & CREDUI_FLAGS_SERVER_CREDENTIAL) &&
CreduiIsWildcardTargetName( credentialSet[i]->TargetName)) {
continue;
}
//
// If the caller wants a certificate,
// ignore non certificates.
//
if ( Flags & (CREDUI_FLAGS_REQUIRE_CERTIFICATE|CREDUI_FLAGS_REQUIRE_SMARTCARD) ) {
if ( credentialSet[i]->Type != CRED_TYPE_DOMAIN_CERTIFICATE ) {
continue;
}
}
//
// If the caller wants to avoid certificates,
// ignore certificates.
//
if ( Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES ) {
if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_CERTIFICATE ) {
continue;
}
}
//
// CredReadDomain domain credentials returns creds in preference
// order as specified by the TargetInfo.
// So use the first valid one.
//
if ( OldCredential == NULL ) {
OldCredential = credentialSet[i];
}
//
// Remember the PasswordCredential in case we need to fall back to it
//
if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_PASSWORD ) {
PasswordCredential = credentialSet[i];
}
}
if (OldCredential == NULL)
{
Result = ERROR_NOT_FOUND;
}
else
{
Result = ERROR_SUCCESS;
}
}
else
{
Result = GetLastError();
}
}
//
// We don't have a target info
// read each of the possible credential types
//
else
{
if (!(Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) &&
((SecurityContext == NULL) ||
(credentialName.CredentialType ==
CRED_TYPE_DOMAIN_CERTIFICATE)) &&
*UserOrTargetName != '\0' &&
LocalCredReadW(UserOrTargetName,
CRED_TYPE_DOMAIN_CERTIFICATE,
0,
&credential))
{
if (CreduiIsSpecialCredential(credential))
{
LocalCredFree(static_cast<VOID *>(credential));
credential = NULL;
}
else
{
OldCredential = credential;
}
}
if ( ( Flags & (CREDUI_FLAGS_REQUIRE_CERTIFICATE|CREDUI_FLAGS_REQUIRE_SMARTCARD)) == 0 ) {
if ( OldCredential == NULL &&
((SecurityContext == NULL) ||
(credentialName.CredentialType ==
CRED_TYPE_DOMAIN_PASSWORD)) &&
*UserOrTargetName != '\0' &&
LocalCredReadW(UserOrTargetName,
CRED_TYPE_DOMAIN_PASSWORD,
0,
&credential))
{
if (CreduiIsSpecialCredential(credential))
{
LocalCredFree(static_cast<VOID *>(credential));
credential = NULL;
}
else
{
PasswordCredential = credential;
OldCredential = credential;
Result = ERROR_SUCCESS;
}
}
if ( OldCredential == NULL &&
((SecurityContext == NULL) ||
(credentialName.CredentialType ==
CRED_TYPE_DOMAIN_VISIBLE_PASSWORD)) &&
*UserOrTargetName != '\0' &&
LocalCredReadW(UserOrTargetName,
CRED_TYPE_DOMAIN_VISIBLE_PASSWORD,
0,
&credential))
{
if (CreduiIsSpecialCredential(credential))
{
LocalCredFree(static_cast<VOID *>(credential));
credential = NULL;
}
else
{
OldCredential = credential;
Result = ERROR_SUCCESS;
}
}
}
if (OldCredential == NULL)
{
Result = GetLastError();
}
else
{
fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
Result = ERROR_SUCCESS;
}
}
}
if (Result == ERROR_SUCCESS)
{
NewCredential = *OldCredential;
// if we have an existing cred, set the save state
if (OldCredential != NULL)
{
fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
}
// If a user name was not passed, copy the user name and password
// from the existing credential:
if (UserName[0] == L'\0')
{
if (OldCredential->UserName != NULL)
{
StringCchCopyW(
UserName,
UserNameMaxChars + 1,
OldCredential->UserName);
}
if (Password[0] == L'\0')
{
if ((OldCredential->Type == CRED_TYPE_GENERIC) )
{
CopyMemory(
Password,
OldCredential->CredentialBlob,
OldCredential->CredentialBlobSize);
Password[OldCredential->
CredentialBlobSize >> 1] = L'\0';
}
else if (OldCredential->Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD)
{
// check to see if the new one should be encrypted, but in any case, we can't prefill
// the password box
EncryptedVisiblePassword = IsPasswordEncrypted(OldCredential->CredentialBlob,
OldCredential->CredentialBlobSize);
PasswordState = PASSWORD_CHANGED;
}
else
{
// If prompt is required now, or if we're rerturning the password, then we can't prefill the
// password box:
fInitialSaveState = TRUE; // ISSUE: this set at this point has no effect
if (OldCredential->Flags & CRED_FLAGS_PROMPT_NOW || DelayCredentialWrite )
{
PasswordState = PASSWORD_CHANGED;
}
else
{
StringCchCopyW(
Password,
PasswordMaxChars + 1,
CreduiKnownPassword);
}
}
}
}
}
else
{
if (Result != ERROR_NO_SUCH_LOGON_SESSION)
{
Result = ERROR_SUCCESS;
}
OldCredential = NULL;
SetCredTargetFromInfo();
PasswordState = PASSWORD_CHANGED;
}
NewCredential.UserName = UserName;
NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
//
// Since the old cred is an SSO cred,
// use the SSO maximum persistence.
//
// Wait till now since NewCredential.Type is updated from either the old credential
// or from the target info above.
//
// BUGBUG: If there is no old credential or target info,
// we won't know this until later.
//
if ( NewCredential.Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD ) {
MaximumPersist = MaximumPersistSso;
}
//
// If the session type isn't supported on this machine,
// fail if the caller needs to save the credential.
//
if ( MaximumPersist == CRED_PERSIST_NONE ) {
if ( DelayCredentialWrite )
{
// no credmgr available, and user asked to persist. We can't persist, but we
// can continue with UI and return values via the api - add CREDUI_FLAGS_DO_NOT_PERSIST
Flags |= CREDUI_FLAGS_DO_NOT_PERSIST;
}
else
{
// we can't do anything without credmgr, return error
if ( result != NULL )
*result = ERROR_NO_SUCH_LOGON_SESSION;
return;
}
}
}
//
// If the cred may not be persisted,
// clear the NewCredential.
//
if ( Flags & CREDUI_FLAGS_DO_NOT_PERSIST)
{
// NEED TO Initialize NewCred here
ZeroMemory(&NewCredential, sizeof NewCredential);
SetCredTargetFromInfo();
PasswordState = PASSWORD_CHANGED;
NewCredential.UserName = UserName;
NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
Result = ERROR_SUCCESS;
}
if (Result == ERROR_SUCCESS)
{
HWND parentWindow = UiInfo.hwndParent;
CreduiIconParentWindow iconWindow;
if ((parentWindow == NULL) || !IsWindow(parentWindow))
{
if (iconWindow.Init(CreduiInstance, IDI_DEFAULT))
{
parentWindow = iconWindow.GetWindow();
}
}
BOOL doPasswordDialog = TRUE;
// Before doing the dialog, check for special errors:
if ( CredCategory == DOMAIN_CATEGORY &&
!DoingCommandLine &&
CREDUIP_IS_EXPIRED_ERROR( authError ) &&
(OldCredential != NULL))
{
if (CreduiChangeDomainPassword(
parentWindow,
UserName,
Password,
PasswordMaxChars))
{
doPasswordDialog = FALSE;
// Attempt to write the new credential, first get the length.
// The blob does not include the terminating NULL:
NewCredential.CredentialBlobSize =
wcslen(Password) * sizeof (WCHAR);
// If the password is empty, do not write a credential blob:
if (NewCredential.CredentialBlobSize == 0)
{
NewCredential.CredentialBlob = NULL;
}
else
{
NewCredential.CredentialBlob =
reinterpret_cast<BYTE *>(Password);
}
Result = FinishHandleOk();
}
}
// Check to see if we can skip the UI:
if ( CredCategory == GENERIC_CATEGORY &&
!(Flags & CREDUI_FLAGS_ALWAYS_SHOW_UI) &&
(OldCredential != NULL) &&
!(OldCredential->Flags & CRED_FLAGS_PROMPT_NOW))
{
doPasswordDialog = FALSE;
if ((Flags & CREDUI_FLAGS_REQUIRE_CERTIFICATE) &&
!LocalCredIsMarshaledCredentialW(OldCredential->UserName))
{
doPasswordDialog = TRUE;
}
if ((Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES) &&
LocalCredIsMarshaledCredentialW(OldCredential->UserName))
{
doPasswordDialog = TRUE;
}
}
// Do the dialog box:
// check to see if this is an SSO cred
if ( GetSSOPackageInfo( TargetInfo, &SSOPackage ) )
{
// it's an sso cred
dwIDDResource = IDD_BRANDEDPASSWORD;
// we never set initial save state on these
fInitialSaveState = FALSE; // ISSUE: this set at this point has no effect
// check to see if we already have a cred for this
if (!CheckForSSOCred( NULL ))
{
// check to see if we should run the wizard
if ( !(SSOPackage.dwRegistrationCompleted) && (SSOPackage.dwNumRegistrationRuns < 5) )
{
doPasswordDialog = !TryLauchRegWizard ( &SSOPackage, UiInfo.hwndParent, (MaximumPersistSso > CRED_PERSIST_SESSION),
userName, userNameMaxChars,
password, passwordMaxChars,
&Result );
}
}
}
else
{
// it's not an sso cred
dwIDDResource = IDD_PASSWORD;
}
// save a copy of the current working user name for later
if (NewCredential.UserName != NULL)
{
StringCchCopyW(
OldUserName,
RTL_NUMBER_OF(OldUserName),
NewCredential.UserName);
}
else
{
OldUserName[0] = 0;
}
if (doPasswordDialog)
{
if ( DoingCommandLine )
{
//
// Do the command line version of a dialog box
//
Result = CmdLineDialog();
}
else
{
LinkWindow_RegisterClass();
if (DialogBoxParam(
CreduiInstance,
MAKEINTRESOURCE(dwIDDResource),
parentWindow,
DialogMessageHandlerCallback,
reinterpret_cast<LPARAM>(this)) == IDOK)
{
if ((Result != ERROR_SUCCESS) &&
(Result != ERROR_NO_SUCH_LOGON_SESSION))
{
Result = ERROR_CANCELLED;
}
}
else
{
Result = ERROR_CANCELLED;
}
}
}
}
else
{
Result = ERROR_NO_SUCH_LOGON_SESSION;
}
// kill outbound username if share-level access
if (fPasswordOnly)
{
CreduiDebugLog("CUIPD: Share level credentials\n");
userName[0] = 0;
}
// Make sure other processes can set foreground window once again:
LockSetForegroundWindow(LSFW_UNLOCK);
AllowSetForegroundWindow(ASFW_ANY);
if (TargetInfo != NULL)
{
LocalCredFree(static_cast<VOID *>(TargetInfo));
}
// If we read a credential set, PasswordCredential
// is a pointer into this set. Otherwise, they were
// read separately:
if (credentialSet != NULL)
{
LocalCredFree(static_cast<VOID *>(credentialSet));
}
else
{
if (PasswordCredential != NULL)
{
LocalCredFree(static_cast<VOID *>(PasswordCredential));
}
}
if ( result != NULL )
*result = Result;
if ( save != NULL &&
(Result == ERROR_SUCCESS))
{
*save = Save;
}
}
//=============================================================================
// CreduiPasswordDialog::~CreduiPasswordDialog
//
// The constructor cleans up after itself, and since that is the only way to
// use this class, there's nothing to do in the destructor.
//
// Created 02/25/2000 johnstep (John Stephens)
//=============================================================================
CreduiPasswordDialog::~CreduiPasswordDialog()
{
WCHAR ClassName[] = {L"CreduiCmdLineHelperWindow"};
LONG lRet;
if ( hBrandBmp != NULL )
DeleteObject ( hBrandBmp );
// If 'Registered' is nonzero, unregister the class
if (InterlockedCompareExchange(&Registered, FALSE, TRUE))
{
lRet = UnregisterClass(ClassName, 0);
// Put the class handle back if deregister failed
if (0 == lRet)
{
// If the unregister fails, allow other instances to retry the unregister
CreduiDebugLog( "CreduiPasswordDialog::~CreduiPasswordDialog UnregisterClass failed.\n" );
// put back the flag value that we had destroyed
InterlockedExchange(&Registered,TRUE);
}
}
}
#define MAX_TEMP_TARGETNAME 64
DWORD
CreduiPasswordDialog::CmdLineDialog(
VOID
)
/*++
Routine Description:
This routine implements the command line prompt for credentials
Arguments:
None
Return Values:
Win 32 status of the operation
--*/
{
DWORD WinStatus;
HWND Window;
MSG msg;
//
// Create the window class if it doesn't already exist
//
if (!InterlockedCompareExchange(&Registered, TRUE, FALSE))
{
WNDCLASS windowClass;
ZeroMemory(&windowClass, sizeof windowClass);
windowClass.style = CS_GLOBALCLASS;
windowClass.cbWndExtra = 0;
windowClass.lpfnWndProc = CmdLineMessageHandlerCallback;
windowClass.hInstance = CreduiInstance;
windowClass.hIcon = NULL;
windowClass.hCursor = LoadCursor(NULL, MAKEINTRESOURCE(IDC_ARROW));
windowClass.lpszClassName = L"CreduiCmdLineHelperWindow";
InterlockedExchange(&Registered, RegisterClass(&windowClass) != 0);
if (!InterlockedCompareExchange(&Registered, FALSE, FALSE))
{
WinStatus = GetLastError();
goto Cleanup;
}
}
//
// Create a window of that class
//
Window = CreateWindow(
L"CreduiCmdLineHelperWindow",
NULL,
WS_POPUP,
0, 0, 0, 0,
NULL, NULL, CreduiInstance,(LPVOID) this);
if ( Window == NULL )
{
WinStatus = GetLastError();
goto Cleanup;
}
//
// Run the message loop
//
CreduiDebugLog( "Entering message loop\n" );
for (;;) {
BOOL GmStatus;
GmStatus = GetMessage(&msg, NULL, 0, 0 );
if ( GmStatus == -1 )
{
WinStatus = GetLastError();
break;
}
else if ( GmStatus == 0 )
{
WinStatus = Result;
break;
}
DispatchMessage(&msg);
}
//
// Get the status left from the message loop.
WinStatus = (DWORD) msg.wParam;
CreduiDebugLog( "Got Quit Message: %ld\n", WinStatus );
//
// Process the data as though the user hit OK to the GUI
//
if ( WinStatus == NO_ERROR ) {
PasswordState = PASSWORD_CHANGED;
WinStatus = HandleOk();
if ( WinStatus == ERROR_NO_SUCH_LOGON_SESSION)
{
WinStatus = ERROR_CANCELLED;
}
}
CreduiDebugLog( "Calling destroy\n" );
DestroyWindow( Window );
Cleanup:
return WinStatus;
}
//=============================================================================
// CreduiPasswordDialog::FinishHandleOk
//
// This function writes the credential for domain credentials.
//
// Created 04/09/2000 johnstep (John Stephens)
//=============================================================================
DWORD
CreduiPasswordDialog::FinishHandleOk()
{
DWORD error = ERROR_SUCCESS;
PCREDENTIAL_TARGET_INFORMATION pTargetInfo = TargetInfo;
if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
return error;
DWORD dwCredWriteFlags = 0;
BOOL bDoSave = TRUE;
if (PasswordState == PASSWORD_INIT)
{
dwCredWriteFlags |= CRED_PRESERVE_CREDENTIAL_BLOB;
}
if ( dwIDDResource == IDD_BRANDEDPASSWORD )
{
// we need to reinterpret what Save means. Save in this case means to save as the default
// for the SSO realm, while !Save means rename the cred target as the username and
// save without the password
// never delay writing these creds
DelayCredentialWrite = FALSE;
if ( Save )
{
NewCredential.Persist = CRED_PERSIST_ENTERPRISE;
if ( !(Flags & CREDUI_FLAGS_KEEP_USERNAME ))
DemoteOldDefaultSSOCred ( TargetInfo, Flags );
}
else
{
// save this under the username if it doesn't already match NewCred's username
if ( (OldCredential != NULL && OldCredential->UserName != NULL &&
_wcsicmp ( OldCredential->UserName, UserName ) == 0 )||
(Flags & CREDUI_FLAGS_KEEP_USERNAME ) )
{
// don't do this save if the username matches the currently saved cred - we don't want a duplicate
bDoSave = FALSE;
}
// alter the TargetName
TargetName = UserName;
TargetInfo->TargetName = TargetName;
// don't set a TargetInfo for this
pTargetInfo = NULL;
NewCredential.Persist = CRED_PERSIST_ENTERPRISE;
NewCredential.CredentialBlob = NULL;
NewCredential.CredentialBlobSize = 0;
NewCredential.TargetName = TargetName;
NewCredential.Flags = CRED_FLAGS_USERNAME_TARGET;
DelayCredentialWrite = FALSE;
EncryptedVisiblePassword = FALSE;
dwCredWriteFlags = 0;
}
}
//
// Write the credential to credential manager
//
// Don't delay actually writing the credential to cred man since we're not
// returning the credential to the caller.
//
if ( bDoSave )
{
error = WriteCred( TargetName,
Flags,
pTargetInfo,
&NewCredential,
dwCredWriteFlags,
DelayCredentialWrite,
EncryptedVisiblePassword);
}
else
{
error = ERROR_SUCCESS;
}
if ( error != NO_ERROR ) {
CreduiDebugLog("CreduiPasswordDialog::HandleOk: "
"WriteCred failed: "
"%u\n", error);
}
if ((SecurityContext != NULL) && (error == ERROR_SUCCESS))
{
BOOL isValidated = TRUE;
if (!SetContextAttributes(
SecurityContext,
SECPKG_ATTR_USE_VALIDATED,
&isValidated,
sizeof isValidated))
{
error = ERROR_GEN_FAILURE;
}
}
// Clear any password from memory, and also make sure the credential blob
// points to Password once again (in case it was set to NULL due to a zero
// length blob):
NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
NewCredential.CredentialBlobSize = 0;
return error;
}
//=============================================================================
// CreduiPasswordDialog::Enable
//
// Enables or disables all the user controls in the dialog box. This allows us
// to maintain dialog responsiveness, while waiting for some potentially
// lengthy (network usually) operation to complete.
//
// Most controls are always enabled normally, but we need to track the state
// of IDC_CRED and IDOK. Do this with a simple DWORD bitmask.
//
// NOTE: Allow Cancel to remain enabled, and use it to abort the current
// lookup? This means we have to somehow kill the thread, though, or
// maybe just leave it, and close our handle to it?
//
// Arguments:
// enable (in) - TRUE to enable the controls, FALSE to disable.
//
// Created 04/07/2000 johnstep (John Stephens)
//=============================================================================
VOID
CreduiPasswordDialog::Enable(
BOOL enable
)
{
if (enable && (DisabledControlMask & DISABLED_DIALOG))
{
DisabledControlMask &= ~DISABLED_DIALOG;
EnableWindow(CredControlWindow, TRUE);
if ( DialogWindow) {
EnableWindow(GetDlgItem(DialogWindow, IDCANCEL), TRUE);
if (!(DisabledControlMask & DISABLED_CONTROL_OK))
{
EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
}
}
}
else if (!(DisabledControlMask & DISABLED_DIALOG))
{
// Hide the balloon tip before disabling the window:
DisabledControlMask |= DISABLED_DIALOG;
EnableWindow(CredControlWindow, FALSE);
if ( DialogWindow ) {
EnableWindow(GetDlgItem(DialogWindow, IDCANCEL), FALSE);
EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
}
}
}
//=============================================================================
// CreduiPasswordDialog::SelectAndSetWindowCaption
//
// Created 03/10/2000 johnstep (John Stephens)
//=============================================================================
VOID
CreduiPasswordDialog::SelectAndSetWindowCaption()
{
//
// Command line doesn't have a caption
//
if ( !DialogWindow ) {
return;
}
if (UiInfo.pszCaptionText != NULL)
{
SetWindowText(DialogWindow, UiInfo.pszCaptionText);
}
else
{
WCHAR captionText[256];
if ( CredCategory == DOMAIN_CATEGORY )
{
if (TargetInfo != NULL)
{
if ((TargetInfo->DnsServerName != NULL) ||
(TargetInfo->NetbiosServerName == NULL))
{
StringCchPrintfW(
captionText,
RTL_NUMBER_OF(captionText),
CreduiStrings.DnsCaption,
(TargetInfo->DnsServerName != NULL) ?
TargetInfo->DnsServerName :
TargetInfo->TargetName);
}
else if ((TargetInfo->NetbiosServerName != NULL) &&
(TargetInfo->NetbiosDomainName != NULL))
{
StringCchPrintfW(
captionText,
RTL_NUMBER_OF(captionText),
CreduiStrings.NetbiosCaption,
TargetInfo->NetbiosServerName,
TargetInfo->NetbiosDomainName);
}
else
{
StringCchPrintfW(
captionText,
RTL_NUMBER_OF(captionText),
CreduiStrings.DnsCaption,
TargetName);
}
}
else
{
StringCchPrintfW(
captionText,
RTL_NUMBER_OF(captionText),
CreduiStrings.DnsCaption,
TargetName);
}
}
else
{
StringCchPrintfW(
captionText,
RTL_NUMBER_OF(captionText),
CreduiStrings.GenericCaption,
TargetName);
}
SetWindowText(DialogWindow, captionText);
}
}
//=============================================================================
// CreduiPasswordDialog::ResizeDialogCallback
//
// Created 04/12/2000 johnstep (John Stephens)
//=============================================================================
BOOL
CALLBACK
CreduiPasswordDialog::ResizeDialogCallback(
HWND childWindow,
LPARAM lParam
)
{
CreduiPasswordDialog *that =
reinterpret_cast<CreduiPasswordDialog *>(lParam);
ASSERT(that != NULL);
//
// Command line doesn't care about window size
//
if ( that->DoingCommandLine ) {
return TRUE;
}
HWND dialogWindow = GetParent(childWindow);
if (dialogWindow == NULL)
{
// Stop enumeration because our window must have been destroyed or
// something:
return FALSE;
}
else if (dialogWindow == that->DialogWindow)
{
RECT childRect;
GetWindowRect(childWindow, &childRect);
// If this child window is below the message window, move it down:
if (childRect.top >= that->ResizeTop)
{
MapWindowPoints ( NULL, dialogWindow,
reinterpret_cast<POINT *>(&childRect.left), 2 );
SetWindowPos(childWindow,
NULL,
childRect.left,
childRect.top + that->ResizeDelta,
0,
0,
SWP_NOACTIVATE | SWP_NOSIZE | SWP_NOOWNERZORDER |
SWP_NOZORDER);
}
}
return TRUE;
}
//=============================================================================
// CreduiPasswordDialog::SelectAndSetWindowMessage
//
// This function will also resize the dialog to accomodate very long message
// text. The maximum number of lines allowed at once is
// CREDUI_MAX_WELCOME_TEXT_LINES, and, beyond that, a scrollbar is added.
//
// Created 03/10/2000 johnstep (John Stephens)
//=============================================================================
VOID
CreduiPasswordDialog::SelectAndSetWindowMessage()
{
HWND welcomeTextWindow = GetDlgItem(DialogWindow, IDC_WELCOME_TEXT);
//
// Command line doesn't have welcome text
//
if ( DoingCommandLine ) {
return;
}
ASSERT(welcomeTextWindow != NULL);
if (UiInfo.pszMessageText != NULL)
{
SetWindowText(welcomeTextWindow, UiInfo.pszMessageText);
}
else
{
WCHAR messageText[256];
if ( CredCategory == GENERIC_CATEGORY )
{
if (UserName[0] == L'\0')
{
StringCchPrintfW(
messageText,
RTL_NUMBER_OF(messageText),
CreduiStrings.Welcome,
TargetName);
}
else
{
StringCchPrintfW(
messageText,
RTL_NUMBER_OF(messageText),
CreduiStrings.WelcomeBack,
TargetName);
}
}
else
{
StringCchPrintfW(
messageText,
RTL_NUMBER_OF(messageText),
CreduiStrings.Connecting,
TargetName);
}
SetWindowText(welcomeTextWindow, messageText);
}
ULONG lineCount = (ULONG) SendMessage(welcomeTextWindow,
EM_GETLINECOUNT,
0,
0);
if (lineCount > 1)
{
if ( dwIDDResource == IDD_BRANDEDPASSWORD )
{
// Different layout (text to side of graphic)
RECT messageRect; // RECT for welcomeTextWindow
ULONG lineHeight = 13; // Height of line in welcomeTextWindow
DWORD lineIndex = 0; // Character index of first char in second line of welcomeTextWindow
DWORD linePos = 0; // Position of first char in second line of welcomeTextWindow
GetWindowRect(welcomeTextWindow, &messageRect);
// We don't want to resize anything for the branded password dialog
ResizeDelta = 0;
ResizeTop = messageRect.bottom;
// Get the first character index of the second line
lineIndex = (DWORD)SendMessage(welcomeTextWindow, EM_LINEINDEX, 1, 0);
if (lineIndex > -1)
{
// Get the position of the first character of the second line
linePos = (ULONG)SendMessage(welcomeTextWindow, EM_POSFROMCHAR, lineIndex, 0);
if (linePos)
{
// This is our line height
lineHeight = (ULONG)HIWORD(linePos);
}
}
if ((lineCount * lineHeight) > CREDUI_MAX_LOGO_HEIGHT)
{
// Add the scrollbar. Consider adjusting the formatting rectangle
// of the edit control because, by default, it is adjusted to
// allow just exactly enough room for the scrollbar. This means
// text could potentially "touch" the scrollbar, which would look
// bad.
LONG_PTR style = GetWindowLongPtr(welcomeTextWindow, GWL_STYLE);
SetWindowLongPtr(welcomeTextWindow,
GWL_STYLE,
style |= WS_VSCROLL);
}
SetWindowPos(welcomeTextWindow,
NULL,
0,
0,
messageRect.right - messageRect.left,
messageRect.bottom - messageRect.top,
SWP_FRAMECHANGED | SWP_NOACTIVATE | SWP_NOMOVE |
SWP_NOOWNERZORDER | SWP_NOZORDER);
}
else
{
// normal layout (text below graphic)
RECT messageRect;
GetWindowRect(welcomeTextWindow, &messageRect);
ULONG lineHeight = messageRect.bottom - messageRect.top;
ResizeTop = messageRect.bottom;
ResizeDelta = lineHeight *
(min(CREDUI_MAX_WELCOME_TEXT_LINES, lineCount) - 1);
messageRect.bottom += ResizeDelta;
if (lineCount > CREDUI_MAX_WELCOME_TEXT_LINES)
{
// Add the scrollbar. Consider adjusting the formatting rectangle
// of the edit control because, by default, it is adjusted to
// allow just exactly enough room for the scrollbar. This means
// text could potentially "touch" the scrollbar, which would look
// bad.
LONG_PTR style = GetWindowLongPtr(welcomeTextWindow, GWL_STYLE);
SetWindowLongPtr(welcomeTextWindow,
GWL_STYLE,
style |= WS_VSCROLL);
}
SetWindowPos(welcomeTextWindow,
NULL,
0,
0,
messageRect.right - messageRect.left,
messageRect.bottom - messageRect.top,
SWP_FRAMECHANGED | SWP_NOACTIVATE | SWP_NOMOVE |
SWP_NOOWNERZORDER | SWP_NOZORDER);
}
// Reposition all the other controls:
EnumChildWindows(DialogWindow,
ResizeDialogCallback,
reinterpret_cast<LPARAM>(this));
// Resize the dialog box now
RECT dialogRect;
GetWindowRect(DialogWindow, &dialogRect);
SetWindowPos(DialogWindow,
NULL,
dialogRect.left,
dialogRect.top - (ResizeDelta / 2),
dialogRect.right - dialogRect.left,
(dialogRect.bottom - dialogRect.top) + ResizeDelta,
SWP_NOACTIVATE | SWP_NOOWNERZORDER | SWP_NOZORDER);
ResizeTop = 0;
ResizeDelta = 0;
}
}
//=============================================================================
// CreduiPasswordDialog::InitWindow
//
// Created 02/25/2000 johnstep (John Stephens)
//
// Initialize the window
//
// dialogWindow - Window handle
//=============================================================================
BOOL
CreduiPasswordDialog::InitWindow(HWND dialogWindow)
{
//
// Store this object's pointer in the user data window long:
//
SetWindowLongPtr(dialogWindow,
GWLP_USERDATA,
reinterpret_cast<LONG_PTR>(this));
//
// In the GUI case, remember the dialog box window
//
if ( !DoingCommandLine ) {
DialogWindow = dialogWindow;
// Get the window handles for the various controls:
CredControlWindow = GetDlgItem(DialogWindow, IDC_CRED);
//
// In the command line case, remember the popup window
//
} else {
CmdLineWindow = dialogWindow;
//
// Create a CredControlWindow
// It isn't visible, but the existence of the window allows the command line
// code to share logic with the GUI implementation
//
CredControlWindow =
CreateWindowEx(
WS_EX_NOPARENTNOTIFY,
WC_CREDENTIAL,
NULL, // No window name
WS_CHILD | WS_GROUP,
0, 0, 0, 0, // No coordinates on the screen
CmdLineWindow, // Parent window
NULL, // No menu window
CreduiInstance,
NULL);
if ( CredControlWindow == NULL) {
return FALSE;
}
}
ASSERT(CredControlWindow != NULL);
//
// First, initialize the Credential control window:
//
// Set the default style
//
if (Flags & CREDUI_FLAGS_REQUIRE_SMARTCARD)
{
CredControlStyle = CRS_SMARTCARDS;
}
else if (Flags & CREDUI_FLAGS_REQUIRE_CERTIFICATE)
{
CredControlStyle = CRS_CERTIFICATES | CRS_SMARTCARDS;
}
else if (Flags & CREDUI_FLAGS_EXCLUDE_CERTIFICATES)
{
CredControlStyle = CRS_USERNAMES;
}
else
{
CredControlStyle = CRS_USERNAMES | CRS_CERTIFICATES | CRS_SMARTCARDS;
}
if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
{
CredControlStyle |= CRS_KEEPUSERNAME;
}
//
// If we have a target info,
// refine the style to match match what the auth package needs
//
// If the auth package has no opinion of its needs, allow everything.
//
if ( CredCategory == DOMAIN_CATEGORY &&
TargetInfo != NULL &&
TargetInfo->CredTypeCount != 0 )
{
ULONG AuthPackageStyle;
AuthPackageStyle = 0;
//
// Loop through the supported cred types seeing what style the auth package supports
//
for (UINT i = 0; i < TargetInfo->CredTypeCount; ++i)
{
switch ( TargetInfo->CredTypes[i] ) {
case CRED_TYPE_DOMAIN_CERTIFICATE:
AuthPackageStyle |= CRS_CERTIFICATES | CRS_SMARTCARDS;
break;
case CRED_TYPE_DOMAIN_PASSWORD:
case CRED_TYPE_DOMAIN_VISIBLE_PASSWORD:
AuthPackageStyle |= CRS_USERNAMES;
break;
}
}
CredControlStyle &= (AuthPackageStyle | CRS_KEEPUSERNAME );
ASSERT( CredControlStyle != 0);
}
//
// If the caller wants only administrators,
// include that request in the style.
//
if (Flags & CREDUI_FLAGS_REQUEST_ADMINISTRATOR)
{
CredControlStyle |= CRS_ADMINISTRATORS;
}
//
// If the caller asked to see the save checkbox,
// and we're running in a session that supports saving,
// include the save checkbox in the style
//
if ( (Flags & (CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_PERSIST)) == 0 &&
!(Flags & CREDUI_FLAGS_KEEP_USERNAME ) &&
MaximumPersist != CRED_PERSIST_NONE )
{
CredControlStyle |= CRS_SAVECHECK;
}
//
// If the caller wants us to prompt for saving and return the result to him,
// include the save checkbox in the style
//
// This is for the occasion that an application uses credui to harvest credentials from the
// user, and wants username, password, and save preference back. Credui, however,
// is not to attempt to save the cred... that will be done by the application.
//
// TESTNOTE: Pass both flags, observe correct state returned by Save, but no call to
// credwrite from credui. (Credui does not itself attempt to save the cred)
//
else if ( (Flags & (CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX)) ==
(CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX) &&
!(Flags & CREDUI_FLAGS_KEEP_USERNAME ))
{
CredControlStyle |= CRS_SAVECHECK;
}
//
// If we're not displaying the save checkbox,
// adust the size of the dialog box.
//
if ( (CredControlStyle & CRS_SAVECHECK) == 0 &&
DialogWindow != NULL )
{
RECT rect;
SetRect(&rect, 0, 0, 0, 0);
rect.bottom = CREDUI_CONTROL_ADD_SAVE;
MapDialogRect(DialogWindow, &rect);
ResizeDelta = -rect.bottom;
GetWindowRect(CredControlWindow, &rect);
ResizeTop = rect.bottom;
// Reposition all the other controls:
EnumChildWindows(DialogWindow,
ResizeDialogCallback,
reinterpret_cast<LPARAM>(this));
// Resize the dialog box now:
GetWindowRect(DialogWindow, &rect);
SetWindowPos(DialogWindow,
NULL,
rect.left,
rect.top - (ResizeDelta / 2),
rect.right - rect.left,
(rect.bottom - rect.top) + ResizeDelta,
SWP_NOACTIVATE | SWP_NOOWNERZORDER | SWP_NOZORDER);
GetClientRect(CredControlWindow, &rect);
SetWindowPos(CredControlWindow,
NULL,
0,
0,
rect.right - rect.left,
(rect.bottom - rect.top) + ResizeDelta,
SWP_NOMOVE | SWP_NOACTIVATE |
SWP_NOOWNERZORDER | SWP_NOZORDER);
ResizeTop = 0;
ResizeDelta = 0;
}
if ( dwIDDResource == IDD_BRANDEDPASSWORD )
{
// size the parts of the brand
RECT rect;
RECT rectleft;
RECT rectright;
RECT rectmid;
HWND hwndRight = GetDlgItem(DialogWindow, IDC_BRANDRIGHT);
HWND hwndMid = GetDlgItem(DialogWindow, IDC_BRANDMID);
HWND hwndLeft = GetDlgItem(DialogWindow, IDC_BRANDLEFT);
HBITMAP hBmp;
GetWindowRect(hwndRight, &rect);
// Load the images from files
// We can't load them in the .rc because then we lose transparency
hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDRIGHT), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
if (hBmp)
{
SendMessage(hwndRight, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
}
hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDMID), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
if (hBmp)
{
if (hwndMid)
{
SendMessage(hwndMid, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
}
}
hBmp = (HBITMAP)LoadImage(CreduiInstance, MAKEINTRESOURCE(IDB_BRANDLEFT), IMAGE_BITMAP, 0, 0, LR_CREATEDIBSECTION);
if (hBmp)
{
if (hwndLeft)
{
SendMessage(hwndLeft, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)hBmp);
}
}
rectright.bottom = rect.bottom;
rectright.top = rect.bottom - BRANDRIGHT_PIXEL_HEIGHT;
rectright.right = rect.right;
rectright.left = rect.right - BRANDRIGHT_PIXEL_WIDTH;
rectleft.bottom = rect.bottom;
rectleft.top = rect.bottom - BRANDLEFT_PIXEL_HEIGHT;
rectleft.left = rect.left;
rectleft.right = rect.left + BRANDLEFT_PIXEL_WIDTH;
MapWindowPoints(NULL, DialogWindow, (LPPOINT)&rectleft, 2);
MapWindowPoints(NULL, DialogWindow, (LPPOINT)&rectright, 2);
if ( rectleft.right >= rectright.left )
{
// dialog is really narrow, just use rectright
// hide the other two
ShowWindow ( hwndMid, SW_HIDE );
ShowWindow ( hwndLeft, SW_HIDE );
}
else
{
// calculate rectmid
rectmid.bottom = rectleft.bottom;
rectmid.top = rectleft.bottom - BRANDMID_PIXEL_HEIGHT;
rectmid.left = rectleft.right;
rectmid.right = rectright.left;
// No need to MapWindowsPoints for rectmid, since it's base off of the already-mapped rects.
SetWindowPos(hwndMid,
NULL,
rectmid.left,
rectmid.top,
rectmid.right - rectmid.left,
rectmid.bottom - rectmid.top,
SWP_NOACTIVATE | SWP_NOOWNERZORDER |
SWP_NOZORDER);
SetWindowPos(hwndLeft,
NULL,
rectleft.left,
rectleft.top,
rectleft.right - rectleft.left,
rectleft.bottom - rectleft.top,
SWP_NOACTIVATE | SWP_NOOWNERZORDER |
SWP_NOZORDER);
}
SetWindowPos(hwndRight,
NULL,
rectright.left,
rectright.top,
rectright.right - rectright.left,
rectright.bottom - rectright.top,
SWP_NOACTIVATE | SWP_NOOWNERZORDER |
SWP_NOZORDER);
}
//
// Tell the control window the style flags and whether we're doing command line
//
if (!SendMessage(CredControlWindow, CRM_INITSTYLE, (WPARAM)(CredControlStyle), DoingCommandLine ) )
{
return FALSE;
}
// If a custom banner bitmap was provided, set it now, and free the
// default bitmap:
if ( DialogWindow != NULL && UiInfo.hbmBanner != NULL)
{
HWND bannerControlWindow = GetDlgItem(DialogWindow, IDC_BANNER);
ASSERT(bannerControlWindow != NULL);
HBITMAP oldBitmap =
reinterpret_cast<HBITMAP>(
SendMessage(
bannerControlWindow,
STM_SETIMAGE,
IMAGE_BITMAP,
reinterpret_cast<LPARAM>(UiInfo.hbmBanner)));
ASSERT(oldBitmap != NULL);
DeleteObject(static_cast<HGDIOBJ>(oldBitmap));
}
else if ( DialogWindow != NULL && dwIDDResource == IDD_BRANDEDPASSWORD )
{
// if it's branded and there's no banner, hide the banner control
HWND bannerControlWindow = GetDlgItem(DialogWindow, IDC_BANNER);
if (bannerControlWindow != NULL)
{
ShowWindow ( bannerControlWindow, SW_HIDE );
}
}
// Limit the number of characters entered into the user name and password
// edit controls:
Credential_SetUserNameMaxChars(CredControlWindow, UserNameMaxChars);
Credential_SetPasswordMaxChars(CredControlWindow, PasswordMaxChars);
SelectAndSetWindowCaption();
SelectAndSetWindowMessage();
//
// Set the default check box states
// Default to don't save. That ensures the user has to take an action to
// change global state.
//
//
// If the caller is specifying the default value of the checkbox,
// grab that default
//
fInitialSaveState = FALSE;
// Force initial save state to false if SSO
if (Flags & CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX)
{
if (dwIDDResource != IDD_BRANDEDPASSWORD)
{
fInitialSaveState = Save;
}
else
{
fInitialSaveState = FALSE;
}
//
// Only save if credman is available
//
}
else if ( MaximumPersist != CRED_PERSIST_NONE )
{
//
// If the caller is forcing the save flag on,
// default the save flag to TRUE.
//
if ( Flags & CREDUI_FLAGS_PERSIST )
{
fInitialSaveState = TRUE;
}
}
Credential_CheckSave(CredControlWindow, fInitialSaveState);
// Make sure the new password window is the foreground window, if
// possible:
if ( DialogWindow != NULL ) {
AllowSetForegroundWindow(GetCurrentProcessId());
SetForegroundWindow(DialogWindow);
AllowSetForegroundWindow(ASFW_ANY);
}
// NOTE: Do we really need the guest user name here?
if ((TargetInfo != NULL) && (UserName[0] == L'\0'))
{
if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)
{
LPWSTR ServerName = NULL;
if ( TargetInfo->NetbiosServerName != NULL ) {
ServerName = TargetInfo->NetbiosServerName;
} else if ( TargetInfo->DnsServerName != NULL &&
(TargetInfo->Flags & CRED_TI_SERVER_FORMAT_UNKNOWN) != 0 ) {
ServerName = TargetInfo->DnsServerName;
}
if ( ServerName != NULL )
{
LPWSTR GuestName;
if ( !CreduiLookupLocalNameFromRid( DOMAIN_USER_RID_GUEST, &GuestName ) ) {
GuestName = NULL;
}
StringCchPrintfW(
UserName,
UserNameMaxChars + 1,
L"%s\\%s",
ServerName,
GuestName == NULL ? L"Guest" : GuestName);
delete GuestName;
}
}
else
{
if ( DialogWindow ) {
EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
}
DisabledControlMask |= DISABLED_CONTROL_OK;
}
}
if ((UserName[0] != L'\0') || (Password[0] != L'\0'))
{
// If this fails, it may be because the certificate was not found in
// the store, so if this is a domain credential, use the password one,
// if available:
BOOL isMarshaled = LocalCredIsMarshaledCredentialW(UserName);
if (Credential_SetUserName(CredControlWindow, UserName))
{
if (!isMarshaled)
{
Credential_SetPassword(CredControlWindow, Password);
}
if (TargetInfo)
{
if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)
{
Credential_DisableUserName(CredControlWindow);
// when disabling the username field, prepare to return no username to the caller
if (Flags & CREDUI_FLAGS_PASSWORD_ONLY_OK)
{
fPasswordOnly = TRUE;
CreduiDebugLog("CreduiPasswordDialog::InitWindow - Password only share\n");
}
}
}
}
else
{
if ( CredCategory == DOMAIN_CATEGORY &&
isMarshaled &&
(PasswordCredential != NULL))
{
OldCredential = PasswordCredential;
// Change as little as possible about the new credential
// because we already selected the target name, etc.:
if (OldCredential->UserName != NULL)
{
StringCchCopyW(
UserName,
UserNameMaxChars + 1,
OldCredential->UserName);
}
else
{
UserName[0] = L'\0';
}
Password[0] = L'\0';
Credential_SetPassword(CredControlWindow, Password);
}
else
{
UserName[0] = L'\0';
Password[0] = L'\0';
}
}
if (PasswordState == PASSWORD_UNINIT)
{
PasswordState = PASSWORD_INIT;
}
if (UserName[0] != L'\0')
{
Credential_SetPasswordFocus(CredControlWindow);
if (Flags & CREDUI_FLAGS_INCORRECT_PASSWORD)
{
if (CreduiIsCapsLockOn())
{
CredBalloon = &CreduiLogonCapsBalloon;
}
else
{
CredBalloon = &CreduiLogonBalloon;
}
}
}
}
if (Flags & CREDUI_FLAGS_KEEP_USERNAME )
{
// okay button should always be enabled for this case
EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
DisabledControlMask &= ~DISABLED_CONTROL_OK;
}
return TRUE;
}
//=============================================================================
// CreduiPasswordDialog::CompleteUserName
//
// Searches the user name for a domain name, and determines whether this
// specifies the target server or a domain. If a domain is not present in the
// user name, add it if this is a workstation or no target information is
// available.
//
// Returns TRUE if a domain was already present in the user name, or if we
// added one. Otherwise, return FALSE.
//
// Created 03/10/2000 johnstep (John Stephens)
//=============================================================================
BOOL
CreduiPasswordDialog::CompleteUserName()
{
return ::CompleteUserName(
UserName,
UserNameMaxChars,
TargetInfo,
TargetName,
Flags);
}
//=============================================================================
// CreduiPasswordDialog::SelectBestTargetName
//
// Given TargetInfo, this function determines the most general target name
// possible, and stores the result in NewTargetName. If a target alias is
// available (NetBIOS name for a DNS name), this will be stored in
// NewTargetAlias. If the wildcard won't fit within the required string
// length, then it is not used.
//
// If serverOnly then, use the target information form of the target name,
// with the user-typed name as the alias. If unavailable, just use the user-
// typed form with a NULL alias.
//
// Created 03/10/2000 johnstep (John Stephens)
//=============================================================================
VOID
CreduiPasswordDialog::SelectBestTargetName(
BOOL serverOnly
)
{
NET_API_STATUS NetStatus;
BOOL usePrefixWildcard = TRUE;
WCHAR *credName = NULL;
LPWSTR DomainName = NULL;
LPWSTR DnsDomainName = NULL;
LPWSTR DnsForestName = NULL;
LPWSTR ComputerName = NULL;
BOOLEAN IsWorkgroupName;
BOOLEAN AddWildcard = TRUE;
// If serverOnly is passed, always use the new server-only behavior.
if (serverOnly)
{
if (TargetInfo->TargetName != NULL)
{
credName = TargetInfo->TargetName;
NewCredential.TargetAlias = TargetName;
}
else
{
credName = TargetName;
NewCredential.TargetAlias = NULL;
}
ASSERT(credName != NULL);
StringCchCopyW(
NewTargetName,
RTL_NUMBER_OF(NewTargetName),
credName);
return;
}
// Determine the maximum length name we can use for the wildcard case:
const ULONG maxChars = ((sizeof NewTargetName) /
(sizeof NewTargetName[0])) - 3;
if (TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED )
{
serverOnly = TRUE;
}
//
// If the auth package requires us to create a target info by an explicit name,
// only use that name.
//
if ( TargetInfo->Flags & CRED_TI_CREATE_EXPLICIT_CRED )
{
credName = TargetInfo->TargetName;
AddWildcard = FALSE;
}
//
// If this machine is a member of a domain,
// and the target machine is a member of the same forest,
// and the user is logged onto an account in the forest,
// then this prompt must be because of an authorization issue.
//
// Avoid this check if a username was passed into the call
//
// Special case this and create a server specific credential
//
if ( credName == NULL &&
!serverOnly &&
UserName[0] == '\0' ) {
BOOL MachineInSameForest = FALSE;
BOOL UserUsingDomainAccount = FALSE;
//
// First determine if this machine is in the same forest as the target machine
//
NetStatus = NetpGetDomainNameExExEx (
&DomainName,
&DnsDomainName,
&DnsForestName,
NULL, // Don't need the GUID
&IsWorkgroupName );
if ( NetStatus == NO_ERROR &&
!IsWorkgroupName ) {
//
// check if the netbios domain names match
//
if ( TargetInfo->NetbiosDomainName != NULL &&
DomainName != NULL &&
_wcsicmp( TargetInfo->NetbiosDomainName, DomainName ) == 0 ) {
MachineInSameForest = TRUE;
//
// check if the DNS domain names match
//
} else if ( TargetInfo->DnsDomainName != NULL &&
DnsDomainName != NULL &&
_wcsicmp( TargetInfo->DnsDomainName, DnsDomainName ) == 0 ) {
MachineInSameForest = TRUE;
//
// handle the special domain format unknown case
//
} else if ( TargetInfo->DnsDomainName != NULL &&
DomainName != NULL &&
(TargetInfo->Flags & CRED_TI_DOMAIN_FORMAT_UNKNOWN) != 0 &&
_wcsicmp( TargetInfo->DnsDomainName, DomainName ) == 0 ) {
MachineInSameForest = TRUE;
//
// handle the forest name
// (Too bad this doesn't work for the other trees in the forest.)
//
} else if ( TargetInfo->DnsTreeName != NULL &&
DnsForestName != NULL &&
_wcsicmp( TargetInfo->DnsTreeName, DnsForestName ) == 0 ) {
MachineInSameForest = TRUE;
}
}
//
// If this machine and target machine are in the same forest,
// see if the user is logged onto an account that should have worked.
//
if ( MachineInSameForest ) {
WCHAR UserNameBuffer[CRED_MAX_USERNAME_LENGTH+1];
ULONG UserNameLength = CRED_MAX_USERNAME_LENGTH+1;
if ( GetUserNameEx( NameSamCompatible,
UserNameBuffer,
&UserNameLength ) ) {
//
// Parse off the netbios account domain name
//
LPWSTR SlashPointer;
SlashPointer = wcsrchr( UserNameBuffer, L'\\' );
if ( SlashPointer != NULL ) {
*SlashPointer = '\0';
//
// Get the computer name of this machine
//
NetStatus = NetpGetComputerName( &ComputerName );
if ( NetStatus == NO_ERROR ) {
//
// If the netbios account domain doesn't match the local computer name,
// then the user is logged onto an account in the forest.
// Since trust within the forest is transitive,
// these creds should have worked
//
if ( _wcsicmp( ComputerName, UserNameBuffer ) != 0 ) {
UserUsingDomainAccount = TRUE;
}
}
}
}
}
//
// If both conditions are true,
// we should create a server only cred.
//
if ( MachineInSameForest && UserUsingDomainAccount ) {
serverOnly = TRUE;
}
}
//
// Compute the most generic form of the target name
//
if ( credName == NULL && !serverOnly)
{
// Look for the most general name possible first, selecting DNS over
// NetBIOS:
if ((TargetInfo->DnsServerName != NULL) &&
(TargetInfo->DnsTreeName != NULL) &&
CreduiIsPostfixString(TargetInfo->DnsServerName,
TargetInfo->DnsTreeName) &&
(wcslen(TargetInfo->DnsTreeName) <= maxChars))
{
// Credential form: *.DnsTreeName
credName = TargetInfo->DnsTreeName;
}
else if ((TargetInfo->DnsServerName != NULL) &&
(TargetInfo->DnsDomainName != NULL) &&
!(TargetInfo->Flags & CRED_TI_DOMAIN_FORMAT_UNKNOWN) &&
CreduiIsPostfixString(TargetInfo->DnsServerName,
TargetInfo->DnsDomainName) &&
(wcslen(TargetInfo->DnsDomainName) <= maxChars))
{
// Credential form: *.DnsDomainName
credName = TargetInfo->DnsDomainName;
}
else
{
usePrefixWildcard = FALSE;
// If we have a DNS domain name, and it is different from the
// target name and different from the NetBIOS server, if it
// exists, then use it:
if ((TargetInfo->DnsDomainName != NULL) &&
(wcslen(TargetInfo->DnsDomainName) <= maxChars))
{
// Credential form: DnsDomainName\*
credName = TargetInfo->DnsDomainName;
// Set the target alias, if we have one. Don't change the
// field otherwise, because it may already have been stored in
// the old credential which was copied over:
if (TargetInfo->NetbiosDomainName != NULL)
{
ULONG append = wcslen(TargetInfo->NetbiosDomainName);
if (append <= maxChars)
{
StringCchCopyW(
NewTargetAlias,
RTL_NUMBER_OF(NewTargetAlias),
TargetInfo->NetbiosDomainName);
NewTargetAlias[append + 0] = L'\\';
NewTargetAlias[append + 1] = L'*';
NewTargetAlias[append + 2] = L'\0';
NewCredential.TargetAlias = NewTargetAlias;
}
}
}
else if ((TargetInfo->NetbiosDomainName != NULL) &&
(wcslen(TargetInfo->NetbiosDomainName) <= maxChars))
{
// Credential form: NetbiosDomainName\*
credName = TargetInfo->NetbiosDomainName;
}
}
}
//
// If we still don't have a target name, select a server target name:
//
if (credName == NULL)
{
if (TargetInfo->DnsServerName != NULL)
{
// Credential form: DnsServerName
credName = TargetInfo->DnsServerName;
// Set the target alias, if we have one. Don't change the field
// otherwise, because it may already have been stored in the old
// credential which was copied over:
if (TargetInfo->NetbiosServerName != NULL)
{
NewCredential.TargetAlias = TargetInfo->NetbiosServerName;
}
}
else if (TargetInfo->NetbiosServerName != NULL)
{
// Credential form: NetbiosServerName
credName = TargetInfo->NetbiosServerName;
}
else
{
// Credential form: TargetName
credName = TargetName;
}
AddWildcard = FALSE;
}
ASSERT( credName != NULL );
//
// If the target name should be wildcarded,
// add the wildcard
//
if ( AddWildcard )
{
// Add the wildcard in the required format:
if (usePrefixWildcard)
{
NewTargetName[0] = L'*';
NewTargetName[1] = L'.';
StringCchCopyW(
NewTargetName + 2,
maxChars + 1,
credName);
}
else
{
StringCchCopyW(
NewTargetName,
maxChars + 1,
credName);
ULONG append = wcslen(NewTargetName);
ASSERT(append <= maxChars);
NewTargetName[append + 0] = L'\\';
NewTargetName[append + 1] = L'*';
NewTargetName[append + 2] = L'\0';
}
} else {
StringCchCopyW(
NewTargetName,
maxChars + 1,
credName);
}
if ( DomainName != NULL ) {
NetApiBufferFree( DomainName );
}
if ( DnsDomainName != NULL ) {
NetApiBufferFree( DnsDomainName );
}
if ( DnsForestName != NULL ) {
NetApiBufferFree( DnsForestName );
}
if ( ComputerName != NULL ) {
NetApiBufferFree( ComputerName );
}
}
//=============================================================================
// CreduiPasswordDialog::UsernameHandleOk
//
// Do the username part of "HandleOk". The caller should already have filled in
// UserName as typed by the user. On succes, UserName may be modified to reflect
// completion flags.
//
// This part of HandleOk is split out because command line is considered to have two
// OKs. The first is when the user hits 'enter' after typing the username. So
// username validation happens then by calling this routine.
//
// Returns:
// NO_ERROR: if the user name is OK.
// ERROR_BAD_USERNAME: if the username syntax is bad
// ERROR_DOWNGRADE_DETECTED: if the username doesn't match downgrade requirements
//
//=============================================================================
DWORD
CreduiPasswordDialog::UsernameHandleOk()
{
DWORD WinStatus;
BOOL isMarshaled = LocalCredIsMarshaledCredentialW(UserName);
CreduiDebugLog("UsernameHandleOK: Flags = %x\n",Flags);
//
// Compute the credential type based on the new username
//
if ( CredCategory != GENERIC_CATEGORY )
{
if (isMarshaled)
{
NewCredential.Type = CRED_TYPE_DOMAIN_CERTIFICATE;
}
else
{
// ISSUE: large stack allocation
SSOPACKAGE SSOPackage;
// look in registry
if ( GetSSOPackageInfo( TargetInfo, &SSOPackage ) )
{
// it's an sso cred
NewCredential.Type = CRED_TYPE_DOMAIN_VISIBLE_PASSWORD;
MaximumPersist = MaximumPersistSso;
}
else
{
// just a regular domain cred
NewCredential.Type = CRED_TYPE_DOMAIN_PASSWORD;
}
}
// Set the flag for username target cred
if ( CredCategory == USERNAME_TARGET_CATEGORY ) {
NewCredential.Flags |= CRED_FLAGS_USERNAME_TARGET;
}
}
else
{
NewCredential.Type = CRED_TYPE_GENERIC;
}
//
// If the caller wanted the username validated,
// do so now.
//
WinStatus = NO_ERROR;
if ( NewCredential.Type == CRED_TYPE_DOMAIN_PASSWORD ||
(Flags & CREDUI_FLAGS_COMPLETE_USERNAME) != 0 ) {
if ( !CompleteUserName() ) {
WinStatus = ERROR_BAD_USERNAME;
}
} else if ( Flags & CREDUI_FLAGS_VALIDATE_USERNAME ) {
WCHAR user[CREDUI_MAX_USERNAME_LENGTH+1];
WCHAR domain[CREDUI_MAX_USERNAME_LENGTH+1];
WinStatus = CredUIParseUserNameW( UserName,
user,
sizeof(user)/sizeof(WCHAR),
domain,
sizeof(domain)/sizeof(WCHAR) );
if (WinStatus != NO_ERROR) {
WinStatus = ERROR_BAD_USERNAME;
}
}
//
// If all is good so far,
// and we were originally called because of a downgrade detection,
// and the user typed his logon creds,
// fail so that the downgrade attacker doesn't "win".
//
if ( WinStatus == NO_ERROR &&
CREDUIP_IS_DOWNGRADE_ERROR( AuthError ) ) {
WCHAR UserNameBuffer[CRED_MAX_USERNAME_LENGTH+1];
ULONG UserNameLength;
//
// If the typed name is the sam compatible name,
// fail.
//
UserNameLength = sizeof(UserNameBuffer)/sizeof(WCHAR);
if ( GetUserNameEx( NameSamCompatible,
UserNameBuffer,
&UserNameLength ) ) {
if ( _wcsicmp( UserNameBuffer, UserName ) == 0 ) {
WinStatus = ERROR_DOWNGRADE_DETECTED;
}
}
//
// If the typed name is the UPN,
// fail.
//
UserNameLength = sizeof(UserNameBuffer)/sizeof(WCHAR);
if ( WinStatus == NO_ERROR &&
wcsrchr( UserName, L'@' ) != NULL &&
GetUserNameEx( NameUserPrincipal,
UserNameBuffer,
&UserNameLength ) ) {
if ( _wcsicmp( UserNameBuffer, UserName ) == 0 ) {
WinStatus = ERROR_DOWNGRADE_DETECTED;
}
}
}
// if (NULL == UserName) CreduiDebugLog("Exit UsernameHandleOK: Username NULL, Flags = %x\n",Flags);
// else CreduiDebugLog("Exit UsernameHandleOK: UserName = %S, Flags = %x\n", UserName, Flags);
return WinStatus;
}
//=============================================================================
// CreduiPasswordDialog::HandleOk
//
// Returns ERROR_SUCCESS on success, ERROR_NO_SUCH_LOGON_SESSION if credential
// manager cannot be used to write the credential, or an error from CredWrite
// or FinishHandleOk.
//
// Created 02/25/2000 johnstep (John Stephens)
//=============================================================================
DWORD
CreduiPasswordDialog::HandleOk()
{
// Get the user name, password, and other settings from the dialog:
if (!Credential_GetUserName(CredControlWindow,
UserName,
UserNameMaxChars))
{
return ERROR_GEN_FAILURE;
}
#ifdef SETWILDCARD
// if is wildcard cred, see if username entered in control matches the
// cred username. If not, override the old credential.
// gm 112901: Create a server specific cred on any username change on a cred
// involving a wildcard
//if ( CreduiIsSpecialCredential(&NewCredential) )
if ((NewCredential.TargetName != NULL) && (wcschr(NewCredential.TargetName,L'*')))
{
if (0 != _wcsicmp(OldUserName,UserName) )
{
// Change the TargetName from special cred to explicit target passed by caller
ZeroMemory(&NewCredential,sizeof NewCredential);
SetCredTargetFromInfo();
NewCredential.UserName = UserName;
}
}
#endif
// If we cannot get the password, then this is probably a certificate
// so just set a blank password, which will result in no credential
// blob:
BOOL gotPassword =
Credential_GetPassword(CredControlWindow,
Password,
PasswordMaxChars);
if (!gotPassword)
{
Password[0] = L'\0';
}
//
// Get the state of the Save checkbox
//
if ( CredControlStyle & CRS_SAVECHECK )
{
Save = Credential_IsSaveChecked(CredControlWindow);
}
else
{
// fInitialSaveState was set in InitWindow(), taking into account passed flags
// and the state of the initial save variable.
Save = fInitialSaveState;
}
DWORD error = ERROR_SUCCESS;
if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST))
{
//
// Only save the credential if the user checked the 'save' checkbox
//
if ( Save ) {
//
// Keep any existing persistence or use the maximum persistance available.
//
if (OldCredential != NULL) {
NewCredential.Persist = OldCredential->Persist;
} else {
NewCredential.Persist = MaximumPersist;
}
//
// The credential might still be saved if the caller didn't asked for the creds
// to be returned.
//
// ISSUE-2000/12/04-CliffV: Such callers are buggy. We should assign bugs and get them fixed.
//
} else {
NewCredential.Persist = CRED_PERSIST_SESSION;
}
if ( CredCategory == GENERIC_CATEGORY || PasswordState == PASSWORD_CHANGED )
{
// Attempt to write the new credential, first get the length. The blob
// does not include the terminating NULL:
NewCredential.CredentialBlobSize = wcslen(Password) * sizeof (WCHAR);
}
else
{
NewCredential.CredentialBlobSize = 0;
}
// If the password is empty, there is nothing to write:
if (NewCredential.CredentialBlobSize == 0)
{
NewCredential.CredentialBlob = NULL;
}
else
{
NewCredential.CredentialBlob = reinterpret_cast<BYTE *>(Password);
}
}
//
// Validate the username
//
error = UsernameHandleOk();
//
// Save the credentials as required
//
if (!(Flags & CREDUI_FLAGS_DO_NOT_PERSIST) &&
error == ERROR_SUCCESS ) {
//
// Only save the credential if the user checked the 'save' checkbox
//
// Also store them for callers that didn't ask for creds to be returned
//
// Also store them for Branded credenials
//
if ( Save ||
!DelayCredentialWrite ||
dwIDDResource == IDD_BRANDEDPASSWORD ) {
error = FinishHandleOk();
// Bug 230648: CredWrite could come back with ERROR_INVALID_PASSWORD here
}
else if ( fInitialSaveState && !Save )
{
// user unchecked the save box, delete the cred
LocalCredDeleteW ( NewCredential.TargetName,
NewCredential.Type,
0 );
} else {
error = ERROR_SUCCESS;
}
if (error == ERROR_SUCCESS)
{
if ( DialogWindow ) {
EndDialog(DialogWindow, IDOK);
}
return error;
}
else if (error == ERROR_NO_SUCH_LOGON_SESSION)
{
if ( DialogWindow ) {
EndDialog(DialogWindow, IDCANCEL);
}
return error;
}
// can still fall out of this block with ERROR_INVALID_PASSWORD
Credential_SetUserName(CredControlWindow, UserName);
}
//
// If the credential couldn't be written,
// let the user type a better one.
//
if ((error != ERROR_SUCCESS) &&
(error != ERROR_NO_SUCH_LOGON_SESSION))
{
// For some reason we failed to write the credential:
if ( error == ERROR_DOWNGRADE_DETECTED )
{
SendMessage(CredControlWindow,
CRM_SHOWBALLOON,
0,
reinterpret_cast<LPARAM>(&CreduiDowngradeBalloon));
}
else if ( error == ERROR_INVALID_PASSWORD )
{
// for now, use preexisting credui mechanism, though that may go away in
// lieu of shell's global implementation using EM_SHOWBALLOONTIP
Credential_ShowPasswordBalloon(CredControlWindow,
TTI_INFO,
CreduiStrings.PasswordTipTitle,
CreduiStrings.PasswordTipText);
}
else
{
if ( dwIDDResource == IDD_BRANDEDPASSWORD )
{
SendMessage(CredControlWindow,
CRM_SHOWBALLOON,
0,
reinterpret_cast<LPARAM>(&CreduiEmailNameBalloon));
}
else
{
SendMessage(CredControlWindow,
CRM_SHOWBALLOON,
0,
reinterpret_cast<LPARAM>(&CreduiUserNameBalloon));
}
}
}
return error;
}
DWORD CreduiPasswordDialog::CmdlinePasswordPrompt()
/*++
Routine Description:
Command line code get username and password as needed from the user.
UserName and Password strings set in their respective controls.
Arguments:
None
Return Values:
Status of the operation.
--*/
{
DWORD WinStatus;
WCHAR szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH + 1];
ULONG LocalUserNameLength = 0;
WCHAR LocalPassword[CREDUI_MAX_PASSWORD_LENGTH + 1];
WCHAR LocalUserName[CREDUI_MAX_USERNAME_LENGTH + 1] = {0};
BOOL bNeedUserNamePrompt = FALSE;
//
// Get the username passed into the API
//
if (!Credential_GetUserName(CredControlWindow,
UserName,
UserNameMaxChars))
{
UserName[0] = '\0';
}
// FIX352582 - allow update of wildcard creds. Matched wildcard cred presents
// username. User should see it and be able to override it.
//bNeedUserNamePrompt = (UserName[0] == '\0');
// FIX 399728 - prevent username prompting if the name was passed explicitly
if (fPassedUsername) bNeedUserNamePrompt = FALSE;
else if (!(Flags & USERNAME_TARGET_CATEGORY)) bNeedUserNamePrompt = TRUE;
//
// Loop getting the username until the user types a valid one
//
while ( bNeedUserNamePrompt ) {
//
// Prompt for username
//
if (UserName[0] != 0)
{
WCHAR *rgsz[2];
rgsz[0] = UserName;
rgsz[1] = TargetName;
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_PASSEDNAME_PROMPT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
(va_list *) rgsz);
}
else
{
WCHAR *rgsz[2];
rgsz[0] = TargetName;
rgsz[1] = 0;
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_USERNAME_PROMPT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
(va_list *) rgsz);
}
szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH] = L'\0';
CredPutStdout( szMsg );
CredGetStdin( LocalUserName, UserNameMaxChars, TRUE );
LocalUserNameLength = wcslen( LocalUserName );
// If nothing entered and nothing passed, bail.
// If nothing entered and a previous value exists, use previous value unchanged
// else use overwrite old value with new value
if ( LocalUserNameLength == 0 ) {
if (UserName[0] == '\0')
{
WinStatus = ERROR_CANCELLED;
goto Cleanup;
}
}
else
{
StringCchCopyW(
UserName,
UserNameMaxChars,
LocalUserName);
}
CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
"Username : %S\n",
UserName );
//
// See if the username is valid (and optional complete the new name)
//
WinStatus = UsernameHandleOk();
if ( WinStatus != NO_ERROR ) {
// invalid username, put up message and try again
if ( WinStatus == ERROR_DOWNGRADE_DETECTED ) {
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_DOWNGRADE_CMD_TEXT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
NULL);
CredPutStdout(szMsg);
UserName[0] = 0;
} else {
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_INVALID_USERNAME,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
NULL);
CredPutStdout(szMsg);
UserName[0] = 0;
}
CredPutStdout( L"\n" );
continue;
}
//
// Save the username in the control as though the GUI prompted for it
//
if ( !Credential_SetUserName( CredControlWindow, UserName ) ) {
WinStatus = GetLastError();
CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
"OnSetUserName failed: %u\n",
WinStatus );
goto Cleanup;
}
break;
}
//
// Prompt for a password
//
//FIX216477 detect marshalled name and change the prompt string
// to a generic one for any certificate
if (CredIsMarshaledCredentialW( UserName )) {
{
WCHAR *rgsz[2];
rgsz[0] = TargetName;
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_CERTIFICATE_PROMPT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
(va_list *) rgsz);
}
}
else if ((Flags & USERNAME_TARGET_CATEGORY) || (LocalUserNameLength != 0))
{
WCHAR *rgsz[2];
rgsz[0] = TargetName;
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_SIMPLEPASSWORD_PROMPT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
(va_list *) rgsz);
} else {
WCHAR *rgsz[2];
rgsz[0] = UserName;
rgsz[1] = TargetName;
szMsg[0] = 0;
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY,
CreduiInstance,
IDS_PASSWORD_PROMPT,
0,
szMsg,
CREDUI_MAX_CMDLINE_MSG_LENGTH,
(va_list *) rgsz);
szMsg[CREDUI_MAX_CMDLINE_MSG_LENGTH] = L'\0';
}
CredPutStdout( szMsg );
CredGetStdin( LocalPassword, CREDUI_MAX_PASSWORD_LENGTH, FALSE );
//
// Save the password in the control as though the GUI prompted for it
//
if ( !Credential_SetPassword( CredControlWindow, LocalPassword ) ) {
WinStatus = GetLastError();
CreduiDebugLog("CreduiCredentialControl::CmdlinePasswordPrompt: "
"OnSetPassword failed: %u\n",
WinStatus );
goto Cleanup;
}
WinStatus = NO_ERROR;
//
// Tell our parent window that we're done prompting
//
Cleanup:
SecureZeroMemory(LocalPassword, sizeof LocalPassword);
return WinStatus;
}
//=============================================================================
// CreduiPasswordDialog::CmdLineMessageHandlerCallback
//
//
// The command line message handler function
//
// Arguments:
// Window (in)
// message (in)
// wParam (in)
// lParam (in)
//
//=============================================================================
LRESULT
CALLBACK
CreduiPasswordDialog::CmdLineMessageHandlerCallback(
HWND window,
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
// CreduiDebugLog( "CmdLine Callback: %8.8lx %8.8lx %8.8lx\n", message, wParam, lParam );
// on window message, retrieve object ptr from window data ptr
// call class object handler function.
CreduiPasswordDialog *that =
reinterpret_cast<CreduiPasswordDialog *>(
GetWindowLongPtr(window, GWLP_USERDATA));
if (that != NULL) {
ASSERT(window == that->CmdLineWindow);
return that->CmdLineMessageHandler(message, wParam, lParam);
}
if (message == WM_CREATE)
{
DWORD WinStatus;
LPCREATESTRUCT lpCreateStruct = (LPCREATESTRUCT)lParam;
that = (CreduiPasswordDialog *)lpCreateStruct->lpCreateParams;
if (that != NULL) {
//
// Initialize the window
//
if (!that->InitWindow( window )) {
PostQuitMessage( ERROR_CANCELLED );
return 0;
}
SetWindowPos ( window, HWND_BOTTOM, 0,0,0,0, SWP_NOMOVE | SWP_NOSIZE | SWP_NOZORDER | SWP_NOACTIVATE | SWP_FRAMECHANGED );
//
// For passwords,
// prompt here.
//
// It is better to prompt here than in the control window since
// command line has to do user name completion and that is done at this layer.
//
if ( (that->Flags & CREDUI_FLAGS_REQUIRE_SMARTCARD) == 0 ) {
WinStatus = that->CmdlinePasswordPrompt();
if ( WinStatus != NO_ERROR ) {
PostQuitMessage( WinStatus );
return 0;
}
}
//
// For smartcards,
// Prompt in the control window since it supports smart card enumeration
// For password,
// prompt where to save the cred.
//
WinStatus = (DWORD) SendMessage(that->CredControlWindow, CRM_DOCMDLINE, 0, (LPARAM)that->TargetName );
if ( WinStatus != NO_ERROR ) {
PostQuitMessage( WinStatus );
return 0;
}
}
return 0;
}
return DefWindowProc(window, message, wParam, lParam);
}
//=============================================================================
// CreduiPasswordDialog::CmdLineMessageHandler
//
// Called from the control window callback to handle the window messages.
//
// Arguments:
// message (in)
// wParam (in)
// lParam (in)
//
//=============================================================================
LRESULT
CreduiPasswordDialog::CmdLineMessageHandler(
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
return SendMessage( CredControlWindow, message, wParam, lParam );
}
//=============================================================================
// CreduiPasswordDialog::DialogMessageHandlerCallback
//
// This is the actual callback function for the dialog window. On the intial
// create, this handles WM_INITDIALOG. After that, it is only responsible for
// getting the this pointer and calling DialogMessageHandler.
//
// Arguments:
// dialogWindow (in)
// message (in)
// wParam (in)
// lParam (in)
//
// Returns TRUE if the message was handled or FALSE otherwise. FALSE is also
// returned in special cases such as WM_INITDIALOG.
//
// Created 02/25/2000 johnstep (John Stephens)
//=============================================================================
INT_PTR
CALLBACK
CreduiPasswordDialog::DialogMessageHandlerCallback(
HWND dialogWindow,
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
//CreduiDebugLog( "Dialog Callback: %8.8lx %8.8lx %8.8lx\n", message, wParam, lParam );
CreduiPasswordDialog *that =
reinterpret_cast<CreduiPasswordDialog *>(
GetWindowLongPtr(dialogWindow, GWLP_USERDATA));
if (that != NULL)
{
ASSERT(dialogWindow == that->DialogWindow);
return that->DialogMessageHandler(message, wParam, lParam);
}
if (message == WM_INITDIALOG)
{
that = reinterpret_cast<CreduiPasswordDialog *>(lParam);
if (that != NULL)
{
if (!that->InitWindow(dialogWindow))
{
EndDialog(dialogWindow, IDCANCEL);
}
}
}
return FALSE;
}
//=============================================================================
// CreduiPasswordDialog::DialogMessageHandler
//
// Called from the dialog window callback to handle the window messages.
//
// Arguments:
// message (in)
// wParam (in)
// lParam (in)
//
// Returns TRUE if the message was handled or FALSE otherwise.
//
// Created 02/25/2000 johnstep (John Stephens)
//=============================================================================
INT_PTR
CreduiPasswordDialog::DialogMessageHandler(
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
switch (message)
{
case WM_NOTIFY:
{
int idCtrl = (int)wParam;
LPNMHDR pnmh = (LPNMHDR)lParam;
switch (pnmh->code)
{
case NM_CLICK:
case NM_RETURN:
switch (idCtrl)
{
case IDC_GETALINK:
{
DWORD dwResult;
if ( TryLauchRegWizard ( &SSOPackage, DialogWindow, TRUE /* HasLogonSession */,
UserName, UserNameMaxChars,
Password, PasswordMaxChars,
&dwResult ))
{
// end dialog, Result
if ( dwResult == ERROR_SUCCESS )
{
EndDialog(DialogWindow, IDOK);
return TRUE;
}
}
else
{
// if we couldn't launch the wizard, try the web page.
if ( wcslen(SSOPackage.szRegURL) > 0 )
{
ShellExecute ( NULL,
NULL,
SSOPackage.szRegURL,
NULL,
NULL,
SW_SHOWNORMAL );
}
}
}
break;
case IDC_HELPLINK:
if ( wcslen(SSOPackage.szHelpURL) > 0 )
{
ShellExecute ( NULL,
NULL,
SSOPackage.szHelpURL,
NULL,
NULL,
SW_SHOWNORMAL );
}
break;
}
}
}
break;
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDOK:
Result = HandleOk();
if (Result != ERROR_SUCCESS)
{
if (Result == ERROR_NO_SUCH_LOGON_SESSION)
{
wParam = IDCANCEL;
}
else
{
return TRUE;
}
}
// Fall through...
case IDCANCEL:
EndDialog(DialogWindow, LOWORD(wParam));
return TRUE;
case IDC_CRED:
if (HIWORD(wParam) == CRN_USERNAMECHANGE)
{
BOOL enable = TRUE;
LONG length = Credential_GetUserNameLength(CredControlWindow);
// Validate the user name:
if ( CredCategory == DOMAIN_CATEGORY &&
((TargetInfo == NULL) ||
!(TargetInfo->Flags & CRED_TI_ONLY_PASSWORD_REQUIRED)))
{
enable = length > 0;
}
else
{
enable = length != -1;
}
if (enable)
{
EnableWindow(GetDlgItem(DialogWindow, IDOK), TRUE);
DisabledControlMask &= ~DISABLED_CONTROL_OK;
}
else
{
EnableWindow(GetDlgItem(DialogWindow, IDOK), FALSE);
DisabledControlMask |= DISABLED_CONTROL_OK;
}
}
else if (HIWORD(wParam) == CRN_PASSWORDCHANGE)
{
if (PasswordState == PASSWORD_INIT)
{
PasswordState = PASSWORD_CHANGED;
}
}
return TRUE;
}
break;
case WM_ENTERSIZEMOVE:
Credential_HideBalloon(CredControlWindow);
return TRUE;
case WM_PAINT:
if (FirstPaint && GetUpdateRect(DialogWindow, NULL, FALSE))
{
FirstPaint = FALSE;
if (CredBalloon != NULL)
{
SendMessage(CredControlWindow,
CRM_SHOWBALLOON,
0,
reinterpret_cast<LPARAM>(CredBalloon));
}
CredBalloon = NULL;
}
break;
}
return FALSE;
}
// looks for an existing cred with the same name as that of pNewCredential and demotes it to
// username only
void DemoteOldDefaultSSOCred (
PCREDENTIAL_TARGET_INFORMATION pTargetInfo, // target info of new cred
DWORD Flags
)
{
CREDENTIALW **credentialSet = NULL;
DWORD count;
if ( pTargetInfo == NULL )
return;
if (LocalCredReadDomainCredentialsW( pTargetInfo, 0, &count,
&credentialSet))
{
PCREDENTIAL pOldCredential = NULL;
for ( DWORD i = 0; i < count; i++ )
{
#ifndef SETWILDCARD
//
// Ignore RAS and wildcard credentials,
// we never want credUI to change such a credential.
//
if ( CreduiIsSpecialCredential(credentialSet[i]) )
{
continue;
}
#endif
//
// CredReadDomain domain credentials returns creds in preference
// order as specified by the TargetInfo.
// So use the first valid one.
//
if ( credentialSet[i]->Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD )
{
pOldCredential = credentialSet[i];
break;
}
}
if ( pOldCredential != NULL )
{
// save this under the username
pOldCredential->Persist = CRED_PERSIST_ENTERPRISE;
pOldCredential->CredentialBlob = NULL;
pOldCredential->CredentialBlobSize = 0;
pOldCredential->TargetName = pOldCredential->UserName;
pOldCredential->Flags = CRED_FLAGS_USERNAME_TARGET;
WriteCred( pOldCredential->UserName,
Flags,
NULL,
pOldCredential,
0,
FALSE,
FALSE);
}
}
if (credentialSet != NULL)
{
LocalCredFree(static_cast<VOID *>(credentialSet));
}
}