2

Basically, all I'm interested in is to grab the password field in plain text from the data returned, to validate it later on in code. Currently, I'm using CREDUIWIN_GENERIC, but I hate that the user can mess with the username field, so I guess filling it with something by default would be good. I tried CREDUIWIN_ENUMERATE_CURRENT_USER, but it has been returning the password in an unknown encrypted format.

I know that it has something to do with filling the pulAuthPackage, but I have no clue how to do it.

Here is my code:

BOOL save = false;
DWORD authPackage = 0;
LPVOID authBuffer;
ULONG authBufferSize = 0;

CREDUI_INFO credUiInfo;

static WCHAR username[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)] = { 0 };
static WCHAR password[CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)] = { 0 };
DWORD uLen = CREDUI_MAX_USERNAME_LENGTH;
DWORD pLen = CREDUI_MAX_PASSWORD_LENGTH;

credUiInfo.pszCaptionText = TEXT("Authentication");
credUiInfo.pszMessageText = TEXT("Please enter your Key in \"Password\".");
credUiInfo.cbSize = sizeof(credUiInfo);
credUiInfo.hbmBanner = NULL;
credUiInfo.hwndParent = NULL;

LPVOID inBuffer = NULL;
ULONG inBufferSize = 0;


HRESULT rc = CredUIPromptForWindowsCredentials(&(credUiInfo), 0, &(authPackage), inBuffer, inBufferSize, &authBuffer, &authBufferSize, &(save), CREDUIWIN_GENERIC);

if (rc == ERROR_SUCCESS)
{
    CredUnPackAuthenticationBufferW(0, authBuffer, authBufferSize, username, &uLen, NULL, 0, password, &pLen);

    wstring ws(password);
    string res(ws.begin(), ws.end());
    return res;
}
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Pyhoma
  • 21
  • 2
  • If all you want is user input in plain text, then why not simply create your own input UI for that? Why are you asking an OS to display a *security* dialog asking for *user credentials* if you don't even want the OS to validate those credentials for you? This sounds like an [XY Problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) to me. – Remy Lebeau Jun 15 '22 at 20:50
  • @RemyLebeau Totaly agree with you it's just that I've seen it done in many other programs but the code was fully virtualized and I'm quite intrigued why I can't figure it out honestly. They had the username field filled by default on read mode, in this same exact CredUIPromptForWindowsCredentials . I just wanna get to know more about this component – Pyhoma Jun 15 '22 at 21:18
  • "*They had the username field filled by default on read mode*" - I don't know how to do that with `CredUIPromptForWindowsCredentials()` (or if it is even possible). But that is trivial to do with `CredUIPromptForCredentials()` instead. – Remy Lebeau Jun 15 '22 at 21:34
  • As per the windows doc following is the param in which we need to populate the creds field by default `[in, optional] pvInAuthBuffer` A pointer to a credential BLOB that is used to populate the credential fields in the dialog box. Set the value of this parameter to NULL to leave the credential fields empty. I suppose we need to construct a credential BLOB using a winapi & pass the buffer. @Pyhoma – Arjun Natarajan Jul 29 '22 at 07:38
  • CredPackAuthenticationBuffer - This api deals with the specified requirement [Ref]:https://learn.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credpackauthenticationbuffera @Pyhoma – Arjun Natarajan Jul 29 '22 at 07:50

0 Answers0