How do I set Credentials in Windows CE for a SMB Share?

[pdo...@gmail.com]

I did some searching on MSDN but all I found was SetNTLMUserInfo in
ntlmssp.dll. This is appearantly part of Windows Mobile. I do not
have a Windows Mobile platform, but a Windows CE (ver 5.0) platform.
I know it can connect to a SMB/Windows Share as I have done it. What
I want to do is connect without the logon dialog box showing up. I
suspect that there are registry settings for the username and
password, but I do not know what they are. Any assistance would be
appreciated.

Pat O
Cognex, Corp.

[Henrik Viklund]

Not sure what you're really after here, but if you want to create user
credentials in CE5 you either use the RemoteAdmin webapp or you
programatically add a user by using the ntlmssp api (which *is*
included in CE5).

If you want access to the SMB Server without any login/user
authentication I'm pretty sure you need to disable user authentication
for the SMB Server. Theoretically this is done by setting
"UseAuthentication"=dword:0 under [HKEY_LOCAL_MACHINE\Services
\SMBServer\Shares]. However, this setting has been known not to work
properly in CE5 and I don't recall having seen any fixes for it yet.
As you can imagine, dropping the user auth also has security
implications since you leave the device pretty much wide open.

Henrik Viklund
http://www.addlogic.se

On Jul 30, 11:54 pm, "patrick.oh...@cognex.com" <pdoh...@gmail.com>
wrote:

[pdo...@gmail.com]

Here is my use case. We have a CE device. It will be running on a
factory floor. The person looking at the CE device will not have
access to a Keyboard or mouse, nor do they have time to stop what they
are doing and enter a password. The CE device is displaying images/
text that describe the status of a machine on the shop floor. From
time to time the CE device will log information about either errors
(communications failures, unrecognized protocol/commands, etc), or
system events (device start up, shutdown, new DHCP address assigned,
etc). One option for this log is for it to be on a Windows file
server. The device will obviously have to log into said file server.
The user should not be involved in this process.
My question is how do I pro grammatically open a file on a windows
file server without having the username/password dialog box pop up on
the CE device?

Pat O
Cognex, Corp.

[Paul G. Tobey [eMVP]]

I agree with Henrik, there does not appear to be any way, unless you set the
user name and password in the Owner Control Panel applet. You could do that
when the device is installed on the shop floor as part of the initial
configuration.

There is one other thing that you could think about, if you are the device
OEM and are the ones building the operating systme for it: create your own
custom NETUI and, rather than having it show the password dialog when
requested, have it grab the credentials from a file or via some other non-UI
method.

Paul T.

"patric...@cognex.com" <pdo...@gmail.com> wrote in message
news:1186155205.0...@i13g2000prf.googlegroups.com...

[Paul G. Tobey [eMVP]]

After reading the Control Panel source code, here's a little program that
will set the default user name, password, and domain on your device from
code. I don't know what this will do if you're also fooling around with
those items from the UI, but it seems to work when run on its own, at least
in a non-domain situation (I can't test that).

Paul T.

-----

// SetSMSUser.cpp : Defines the entry point for the application.
//

#include "stdafx.h"

#include <Security.h>
#include <Credmgr.h>
#include <lmcons.h>

HINSTANCE hSecurity = NULL;

PSecurityFunctionTableW pSecFuncTableW = NULL;
PFNCECREDREAD pCeCredRead = NULL;
PFNCECREDWRITE pCeCredWrite = NULL;
ACQUIRE_CREDENTIALS_HANDLE_FN_W pAcquireCredentialsHandleW = NULL;
FREE_CREDENTIALS_HANDLE_FN pFreeCredentialsHandle = NULL;

void LoadSecurityLib()
{
if ( !hSecurity )
{
hSecurity = LoadLibraryW(L"secur32.dll");
if (hSecurity)
{
INIT_SECURITY_INTERFACE_W pInitSecurityInterface =
(INIT_SECURITY_INTERFACE_W)GetProcAddressW(hSecurity,
L"InitSecurityInterfaceW");

if (pInitSecurityInterface && (pSecFuncTableW =
pInitSecurityInterface()))
{
pCeCredRead = (PFNCECREDREAD)pSecFuncTableW->Reserved5;
pCeCredWrite = (PFNCECREDWRITE) pSecFuncTableW->Reserved6;
pAcquireCredentialsHandleW = pSecFuncTableW->AcquireCredentialsHandleW;
pFreeCredentialsHandle = pSecFuncTableW->FreeCredentialsHandle;
}
}
}
}

void FreeSecurityLib()
{
if ( hSecurity )
{
FreeLibrary( hSecurity );
hSecurity = NULL;
}
}

static void SplitDomainUserName(PCTSTR pszDomainUser, PTSTR pszDomain,
PDWORD pcchDomain, PTSTR pszUser, PDWORD pcchUser)
{
PCTSTR pch;
DWORD cch;
for (pch= pszDomainUser; *pch; pch++ )
{
if (*pch == '\\')
{
cch = (pch-pszDomainUser);
if (pszDomain && *pcchDomain > cch )
{
memcpy(pszDomain, pszDomainUser, cch*sizeof(TCHAR));
pszDomain[cch] = '\0';
}
*pcchDomain = cch + 1;

cch = _tcslen(pch+1);
if (pszUser && *pcchUser > cch)
{
memcpy(pszUser, pch+1, (cch+1)*sizeof(TCHAR));
}
*pcchUser = cch + 1;
return;
}
}
if (pszDomain)
*pszDomain = '\0';
*pcchDomain = 1;
cch = pch - pszDomainUser;
if (pszUser && *pcchUser > cch)
memcpy(pszUser, pszDomainUser, (cch+1)*sizeof(TCHAR));
*pcchUser = cch+1;
return;
}

bool ReadCredentials()
{
PCECREDENTIAL pCredential = NULL;
bool fPasswordSaved = false;

if (pCeCredRead && pCeCredRead(NULL,CRED_TYPE_DOMAIN_PASSWORD, 0,
&pCredential))
{
fPasswordSaved = !(pCredential->Flags & CRED_FLAGS_PROMPT_NOW);

TCHAR domain[ 256 ];
TCHAR user[ 256 ];

DWORD cchDomain = sizeof( domain ) / sizeof( domain[0] );
DWORD cchUser = sizeof( user ) / sizeof( user[0] );
SplitDomainUserName(pCredential->UserName, domain, &cchDomain, user,
&cchUser);
LocalFree(pCredential);
return true;
}
else
{
DEBUGMSG(1, (TEXT("CeCredRead error\r\n")));

return false;
}
}

BOOL SaveSspCredentials(SEC_WINNT_AUTH_IDENTITY_W *pAuthIdentity)
{
PWSTR Packages[] = {L"NTLM", L"KERBEROS"};
BOOL fRet = TRUE;
int i;
if (!pAcquireCredentialsHandleW || !pFreeCredentialsHandle)
return FALSE;

__try
{
for (i = 0; i < sizeof( Packages ) / sizeof( Packages[0] ); i++)
{
CredHandle hCred;
TimeStamp Lifetime;
if (pAcquireCredentialsHandleW(
NULL, // principal
Packages[i],
SECPKG_CRED_OUTBOUND,
NULL, // LOGON id
pAuthIdentity,
NULL, // get key fn
NULL, // get key arg
&hCred,
&Lifetime
) == NO_ERROR)
{
pFreeCredentialsHandle(&hCred);
}
}
}
__except(1)
{
fRet = FALSE;
DEBUGMSG(1, (TEXT("AcquireCredentialsHandle faulted")));
}
return fRet;
}

bool WriteCredentials( TCHAR *domain, TCHAR *user, TCHAR *password )
{
bool ret = true;
BOOL fSuccess = FALSE;
CECREDENTIAL credential;
int cchUser = _tcslen( user );
int cchDomain = _tcslen( domain );
int cchPassword = _tcslen( password );

// If the password is empty, set a flag telling the security software
// to prompt for the password, when it's needed.
if ( password[0] )
credential.Flags = 0;
else
credential.Flags = CRED_FLAGS_PROMPT_NOW; // prompt for password

credential.Type = CRED_TYPE_DOMAIN_PASSWORD;
credential.CredentialBlobSize = 0;
credential.CredentialBlob = NULL;
credential.Persist = CRED_PERSIST_LOCAL_MACHINE;
credential.UserName = (PWCHAR)LocalAlloc(0, (cchUser+ cchDomain +
2)*sizeof(TCHAR));

if ( credential.UserName )
{
PTCHAR pch = credential.UserName;

// The user name contains the domain and user name, if there is
// a domain. Check here for that and, if there is a domain,
// copy it to the buffer.
if ( cchDomain )
{
memcpy( credential.UserName, domain, cchDomain*sizeof(TCHAR) );
credential.UserName[cchDomain] = '\\';
pch = credential.UserName + cchDomain+1;
}

memcpy(pch, user, cchUser*sizeof(TCHAR));
pch[cchUser] = '\0';

// Write the credential to the registry.
fSuccess = pCeCredWrite(NULL, &credential);
if (!fSuccess)
{
DEBUGMSG(1, (TEXT("CeCredWrite error writing
%s\r\n"),credential.UserName));
ret = false;
}
else
{
DEBUGMSG(1, (TEXT("CeCredWrite success writing %s\r\n"),
credential.UserName));
}

LocalFree( credential.UserName );
}

if ( cchUser )
{
SEC_WINNT_AUTH_IDENTITY_W authIdentity =
{ user, cchUser, domain, cchDomain, password, cchPassword,
SEC_WINNT_AUTH_IDENTITY_UNICODE};

SaveSspCredentials( &authIdentity );
}

// set the device 'default' domain to the same as the user domain
// these domains can be different if desired
HKEY key;
if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, _T( "\\Ident" ), 0, 0, &key ) ==
ERROR_SUCCESS )
{
RegSetValueEx( key, _T( "ComputerDomain" ), 0, REG_SZ,
(LPBYTE)domain, ( DNLEN + 1 ) * sizeof( TCHAR ) );

RegCloseKey( key );
}

return ret;
}

int WINAPI WinMain( HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
LoadSecurityLib();

// Make up some credentials that we'll use. I'm setting this up for
// no domain.
TCHAR *domain = _T( "" );
TCHAR *user = _T( "paul-t" );
TCHAR *password = _T( "password" );

WriteCredentials( domain, user, password );

FreeSecurityLib();

return 0;
}

[pdo...@gmail.com]

On Aug 3, 11:36 am, "Paul G. Tobey [eMVP]" <p space tobey no spam AT

> }- Hide quoted text -
>
> - Show quoted text -

I was not able to compile this. I am looking into where the include
files come from. I assume that I do not have something in my image
that I need. Thanks for the code.

Pat O

[Paul G. Tobey [eMVP]]

It's part of the operating system and probably is not typically included in
a device SDK. Since you're the device OEM, you could either include it in
your own SDK for your target device, or just use it in-place where it's
found in the Platform Builder directory tree.

Paul T.

"patric...@cognex.com" <pdo...@gmail.com> wrote in message

news:1187011025.1...@q4g2000prc.googlegroups.com...