qtkeychain/keychain_win.cpp

/******************************************************************************
 *   Copyright (C) 2011-2015 Frank Osterfeld <frank.osterfeld@gmail.com>      *
 *                                                                            *
 * This program is distributed in the hope that it will be useful, but        *
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY *
 * or FITNESS FOR A PARTICULAR PURPOSE. For licensing and distribution        *
 * details, check the accompanying file 'COPYING'.                            *
 *****************************************************************************/
#include "keychain_p.h"

#include <QSettings>

#include <windows.h>
#include <wincrypt.h>

#include <memory>

using namespace QKeychain;

#if defined(USE_CREDENTIAL_STORE)
#include <wincred.h>

void ReadPasswordJobPrivate::scheduledStart() {
    LPCWSTR name = (LPCWSTR)key.utf16();
    //Use settings member if there, create local settings object if not
    std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );
    PCREDENTIALW cred;

    if (!CredReadW(name, CRED_TYPE_GENERIC, 0, &cred)) {
        Error error;
        QString msg;
        switch(GetLastError()) {
        case ERROR_NOT_FOUND:
            error = EntryNotFound;
            msg = tr("Password entry not found");
            break;
        default:
            error = OtherError;
            msg = tr("Could not decrypt data");
            break;
        }

        q->emitFinishedWithError( error, msg );
        return;
    }

    data = QByteArray((char*)cred->CredentialBlob, cred->CredentialBlobSize);
    CredFree(cred);

    q->emitFinished();
}

void WritePasswordJobPrivate::scheduledStart() {
    CREDENTIALW cred;
    char *pwd = data.data();
    LPWSTR name = (LPWSTR)key.utf16();

    memset(&cred, 0, sizeof(cred));
    cred.Comment = const_cast<wchar_t*>(L"QtKeychain");
    cred.Type = CRED_TYPE_GENERIC;
    cred.TargetName = name;
    cred.CredentialBlobSize = data.size();
    cred.CredentialBlob = (LPBYTE)pwd;
    cred.Persist = CRED_PERSIST_LOCAL_MACHINE;

    if (!CredWriteW(&cred, 0)) {
        q->emitFinishedWithError( OtherError, tr("Encryption failed") ); //TODO more details available?
    } else {
        q->emitFinished();
    }
}

void DeletePasswordJobPrivate::scheduledStart() {
    LPCWSTR name = (LPCWSTR)key.utf16();

    if (!CredDeleteW(name, CRED_TYPE_GENERIC, 0)) {
        Error error;
        QString msg;
        switch(GetLastError()) {
        case ERROR_NOT_FOUND:
            error = EntryNotFound;
            msg = tr("Password entry not found");
            break;
        default:
            error = OtherError;
            msg = tr("Could not decrypt data");
            break;
        }

        q->emitFinishedWithError( error, msg );
    } else {
        q->emitFinished();
    }
}
#else
void ReadPasswordJobPrivate::scheduledStart() {
    //Use settings member if there, create local settings object if not
    std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );
    QSettings* actual = q->settings() ? q->settings() : local.get();

    QByteArray encrypted = actual->value( key ).toByteArray();
    if ( encrypted.isNull() ) {
        q->emitFinishedWithError( EntryNotFound, tr("Entry not found") );
        return;
    }

    DATA_BLOB blob_in, blob_out;

    blob_in.pbData = reinterpret_cast<BYTE*>( encrypted.data() );
    blob_in.cbData = encrypted.size();

    const BOOL ret = CryptUnprotectData( &blob_in,
                                        NULL,
                                         NULL,
                                         NULL,
                                         NULL,
                                         0,
                                         &blob_out );
    if ( !ret ) {
        q->emitFinishedWithError( OtherError, tr("Could not decrypt data") );
        return;
    }

    data = QByteArray( reinterpret_cast<char*>( blob_out.pbData ), blob_out.cbData );
    SecureZeroMemory( blob_out.pbData, blob_out.cbData );
    LocalFree( blob_out.pbData );

    q->emitFinished();
}

void WritePasswordJobPrivate::scheduledStart() {
    DATA_BLOB blob_in, blob_out;
    blob_in.pbData = reinterpret_cast<BYTE*>( data.data() );
    blob_in.cbData = data.size();
    const BOOL res = CryptProtectData( &blob_in,
                                       L"QKeychain-encrypted data",
                                       NULL,
                                       NULL,
                                       NULL,
                                       0,
                                       &blob_out );
    if ( !res ) {
        q->emitFinishedWithError( OtherError, tr("Encryption failed") ); //TODO more details available?
        return;
    }

    const QByteArray encrypted( reinterpret_cast<char*>( blob_out.pbData ), blob_out.cbData );
    LocalFree( blob_out.pbData );

    //Use settings member if there, create local settings object if not
    std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );
    QSettings* actual = q->settings() ? q->settings() : local.get();
    actual->setValue( key, encrypted );
    actual->sync();
    if ( actual->status() != QSettings::NoError ) {

        const QString errorString = actual->status() == QSettings::AccessError
                ? tr("Could not store encrypted data in settings: access error")
                : tr("Could not store encrypted data in settings: format error");
        q->emitFinishedWithError( OtherError, errorString );
        return;
    }

    q->emitFinished();
}

void DeletePasswordJobPrivate::scheduledStart() {
    //Use settings member if there, create local settings object if not
    std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );
    QSettings* actual = q->settings() ? q->settings() : local.get();
    actual->remove( key );
    actual->sync();
    if ( actual->status() != QSettings::NoError ) {
        const QString err = actual->status() == QSettings::AccessError
                ? tr("Could not delete encrypted data from settings: access error")
                : tr("Could not delete encrypted data from settings: format error");
        q->emitFinishedWithError( OtherError, err );
    } else {
        q->emitFinished();
    }
}
#endif
Initial OS X impl. 2011-10-27 16:15:46 +00:00			`/******************************************************************************`
Bump copyright year 2015-03-17 13:31:48 +00:00			`* Copyright (C) 2011-2015 Frank Osterfeld <frank.osterfeld@gmail.com> *`
Initial OS X impl. 2011-10-27 16:15:46 +00:00			`* *`
			`* This program is distributed in the hope that it will be useful, but *`
			`* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY *`
			`* or FITNESS FOR A PARTICULAR PURPOSE. For licensing and distribution *`
			`* details, check the accompanying file 'COPYING'. *`
			`*****************************************************************************/`
Initial 2011-10-27 16:14:37 +00:00			`#include "keychain_p.h"`

basic impl for windows 2011-10-28 23:21:07 +00:00			`#include <QSettings>`

Fix cross-compilation for windows 2012-04-06 15:02:13 +00:00			`#include <windows.h>`
			`#include <wincrypt.h>`
basic impl for windows 2011-10-28 23:21:07 +00:00
Allow the user to pass a custom QSettings object in case the default-constructed QSettings is not sufficient. (Only used on Windows) 2011-12-09 19:47:11 +00:00			`#include <memory>`

add entryExists() 2011-10-28 07:38:02 +00:00			`using namespace QKeychain;`

Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`#if defined(USE_CREDENTIAL_STORE)`
			`#include <wincred.h>`

			`void ReadPasswordJobPrivate::scheduledStart() {`
Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`LPCWSTR name = (LPCWSTR)key.utf16();`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`//Use settings member if there, create local settings object if not`
			`std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );`
			`PCREDENTIALW cred;`

Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`if (!CredReadW(name, CRED_TYPE_GENERIC, 0, &cred)) {`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`Error error;`
			`QString msg;`
			`switch(GetLastError()) {`
			`case ERROR_NOT_FOUND:`
			`error = EntryNotFound;`
			`msg = tr("Password entry not found");`
			`break;`
			`default:`
			`error = OtherError;`
			`msg = tr("Could not decrypt data");`
			`break;`
			`}`

			`q->emitFinishedWithError( error, msg );`
			`return;`
			`}`

			`data = QByteArray((char*)cred->CredentialBlob, cred->CredentialBlobSize);`
			`CredFree(cred);`

			`q->emitFinished();`
			`}`

			`void WritePasswordJobPrivate::scheduledStart() {`
			`CREDENTIALW cred;`
			`char *pwd = data.data();`
Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`LPWSTR name = (LPWSTR)key.utf16();`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00
			`memset(&cred, 0, sizeof(cred));`
Fix compilation error on MSVC2015. CREDENTIALW::Comment is LPTSTR (a non-const wchar_t), whereas wide char literal is const wchat_t, causing a compilation error. 2016-08-10 08:36:59 +00:00			`cred.Comment = const_cast<wchar_t*>(L"QtKeychain");`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`cred.Type = CRED_TYPE_GENERIC;`
Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`cred.TargetName = name;`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`cred.CredentialBlobSize = data.size();`
			`cred.CredentialBlob = (LPBYTE)pwd;`
			`cred.Persist = CRED_PERSIST_LOCAL_MACHINE;`

			`if (!CredWriteW(&cred, 0)) {`
			`q->emitFinishedWithError( OtherError, tr("Encryption failed") ); //TODO more details available?`
			`} else {`
			`q->emitFinished();`
			`}`
			`}`

			`void DeletePasswordJobPrivate::scheduledStart() {`
Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`LPCWSTR name = (LPCWSTR)key.utf16();`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00
Fix windows issues with exotic compiler flags. If Qt is compiled with /Zc:wchar_t- no proper wchar_t type is available. To avoid compilation issues, the platform assumption of wchar_t being a unsigned short is used to cast to LPCWSTR. 2016-01-12 12:05:18 +00:00			`if (!CredDeleteW(name, CRED_TYPE_GENERIC, 0)) {`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`Error error;`
			`QString msg;`
			`switch(GetLastError()) {`
			`case ERROR_NOT_FOUND:`
			`error = EntryNotFound;`
			`msg = tr("Password entry not found");`
			`break;`
			`default:`
			`error = OtherError;`
			`msg = tr("Could not decrypt data");`
			`break;`
			`}`

			`q->emitFinishedWithError( error, msg );`
			`} else {`
			`q->emitFinished();`
			`}`
			`}`
			`#else`
Serialize job execution on all platforms. On OS X, multiple dialogs pop up asking for permission when starting multiple jobs in parallel. Thus, as there are issues both with kwallet and OS X keychain, just serialize job execution on all platforms. On Windows this doesn't make much of a difference as the job impl's are synchronous anyway. 2012-08-06 20:30:58 +00:00			`void ReadPasswordJobPrivate::scheduledStart() {`
Allow the user to pass a custom QSettings object in case the default-constructed QSettings is not sufficient. (Only used on Windows) 2011-12-09 19:47:11 +00:00			`//Use settings member if there, create local settings object if not`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );`
			`QSettings* actual = q->settings() ? q->settings() : local.get();`
Allow the user to pass a custom QSettings object in case the default-constructed QSettings is not sufficient. (Only used on Windows) 2011-12-09 19:47:11 +00:00
			`QByteArray encrypted = actual->value( key ).toByteArray();`
basic impl for windows 2011-10-28 23:21:07 +00:00			`if ( encrypted.isNull() ) {`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`q->emitFinishedWithError( EntryNotFound, tr("Entry not found") );`
			`return;`
basic impl for windows 2011-10-28 23:21:07 +00:00			`}`

			`DATA_BLOB blob_in, blob_out;`

			`blob_in.pbData = reinterpret_cast<BYTE*>( encrypted.data() );`
			`blob_in.cbData = encrypted.size();`

			`const BOOL ret = CryptUnprotectData( &blob_in,`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`NULL,`
basic impl for windows 2011-10-28 23:21:07 +00:00			`NULL,`
			`NULL,`
			`NULL,`
			`0,`
			`&blob_out );`
			`if ( !ret ) {`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`q->emitFinishedWithError( OtherError, tr("Could not decrypt data") );`
			`return;`
basic impl for windows 2011-10-28 23:21:07 +00:00			`}`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00
			`data = QByteArray( reinterpret_cast<char*>( blob_out.pbData ), blob_out.cbData );`
basic impl for windows 2011-10-28 23:21:07 +00:00			`SecureZeroMemory( blob_out.pbData, blob_out.cbData );`
			`LocalFree( blob_out.pbData );`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00
			`q->emitFinished();`
add entryExists() 2011-10-28 07:38:02 +00:00			`}`

Serialize job execution on all platforms. On OS X, multiple dialogs pop up asking for permission when starting multiple jobs in parallel. Thus, as there are issues both with kwallet and OS X keychain, just serialize job execution on all platforms. On Windows this doesn't make much of a difference as the job impl's are synchronous anyway. 2012-08-06 20:30:58 +00:00			`void WritePasswordJobPrivate::scheduledStart() {`
basic impl for windows 2011-10-28 23:21:07 +00:00			`DATA_BLOB blob_in, blob_out;`
			`blob_in.pbData = reinterpret_cast<BYTE*>( data.data() );`
			`blob_in.cbData = data.size();`
			`const BOOL res = CryptProtectData( &blob_in,`
			`L"QKeychain-encrypted data",`
			`NULL,`
			`NULL,`
			`NULL,`
			`0,`
			`&blob_out );`
			`if ( !res ) {`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`q->emitFinishedWithError( OtherError, tr("Encryption failed") ); //TODO more details available?`
			`return;`
basic impl for windows 2011-10-28 23:21:07 +00:00			`}`

			`const QByteArray encrypted( reinterpret_cast<char*>( blob_out.pbData ), blob_out.cbData );`
			`LocalFree( blob_out.pbData );`

Allow the user to pass a custom QSettings object in case the default-constructed QSettings is not sufficient. (Only used on Windows) 2011-12-09 19:47:11 +00:00			`//Use settings member if there, create local settings object if not`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );`
			`QSettings* actual = q->settings() ? q->settings() : local.get();`
Allow the user to pass a custom QSettings object in case the default-constructed QSettings is not sufficient. (Only used on Windows) 2011-12-09 19:47:11 +00:00			`actual->setValue( key, encrypted );`
			`actual->sync();`
			`if ( actual->status() != QSettings::NoError ) {`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00
			`const QString errorString = actual->status() == QSettings::AccessError`
basic impl for windows 2011-10-28 23:21:07 +00:00			`? tr("Could not store encrypted data in settings: access error")`
			`: tr("Could not store encrypted data in settings: format error");`
Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`q->emitFinishedWithError( OtherError, errorString );`
			`return;`
basic impl for windows 2011-10-28 23:21:07 +00:00			`}`

Port Windows impl to the job API. 2012-05-05 08:37:48 +00:00			`q->emitFinished();`
add entryExists() 2011-10-28 07:38:02 +00:00			`}`
Refactored code to simplify classes. Job classes: * Moved common members to parent. * Made Job constructor protected, only for use by implementing class. JobPrivate classes: * Moved common members to parent. * Made Job constructor protected, only for use by implementing class. * Unified members where code was duplicated. 2015-11-27 13:37:41 +00:00
			`void DeletePasswordJobPrivate::scheduledStart() {`
			`//Use settings member if there, create local settings object if not`
			`std::auto_ptr<QSettings> local( !q->settings() ? new QSettings( q->service() ) : 0 );`
			`QSettings* actual = q->settings() ? q->settings() : local.get();`
			`actual->remove( key );`
			`actual->sync();`
			`if ( actual->status() != QSettings::NoError ) {`
			`const QString err = actual->status() == QSettings::AccessError`
			`? tr("Could not delete encrypted data from settings: access error")`
			`: tr("Could not delete encrypted data from settings: format error");`
			`q->emitFinishedWithError( OtherError, err );`
			`} else {`
			`q->emitFinished();`
			`}`
			`}`
Compile time option USE_CREDENTIAL_STORE This option enables windows credential store support. 2015-11-27 13:42:33 +00:00			`#endif`