Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- HRESULT ProtectIfNecessaryAndCopyPassword(
- __in PCWSTR pwzPassword,
- __in CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus,
- __deref_out PWSTR* ppwzProtectedPassword
- )
- {
- *ppwzProtectedPassword = NULL;
- HRESULT hr;
- // ProtectAndCopyString is intended for non-empty strings only. Empty passwords
- // do not need to be encrypted.
- if (pwzPassword && *pwzPassword)
- {
- // pwzPassword is const, but CredIsProtected takes a non-const string.
- // So, ake a copy that we know isn't const.
- PWSTR pwzPasswordCopy;
- hr = SHStrDupW(pwzPassword, &pwzPasswordCopy);
- if (SUCCEEDED(hr))
- {
- bool bCredAlreadyEncrypted = false;
- CRED_PROTECTION_TYPE protectionType;
- // If the password is already encrypted, we should not encrypt it again.
- // An encrypted password may be received through SetSerialization in the
- // CPUS_LOGON scenario during a Terminal Services connection, for instance.
- if (CredIsProtectedW(pwzPasswordCopy, &protectionType))
- {
- if(CredUnprotected != protectionType)
- {
- bCredAlreadyEncrypted = true;
- }
- }
- // Passwords should not be encrypted in the CPUS_CREDUI scenario. We
- // cannot know if our caller expects or can handle an encryped password.
- if (CPUS_CREDUI == cpus || bCredAlreadyEncrypted)
- {
- hr = SHStrDupW(pwzPasswordCopy, ppwzProtectedPassword);
- }
- else
- {
- hr = _ProtectAndCopyString(pwzPasswordCopy, ppwzProtectedPassword);
- }
- CoTaskMemFree(pwzPasswordCopy);
- }
- }
- else
- {
- hr = SHStrDupW(L"", ppwzProtectedPassword);
- }
- return hr;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement