keychain/windows: support more system errors and don't ignore unmapped error

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>

Author: Benehiko

store/go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/keybase/dbus v0.0.0-20220506165403-5aa21ea2c23a
 	github.com/keybase/go-keychain v0.0.1
 	github.com/stretchr/testify v1.10.0
+	golang.org/x/sys v0.29.0
 	golang.org/x/text v0.21.0
 )
 
@@ -19,7 +20,6 @@ require (
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

store/keychain/keychain_windows.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/danieljoos/wincred"
 	"github.com/docker/secrets-engine/store"
+	"golang.org/x/sys/windows"
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
 )
@@ -17,6 +18,8 @@ var (
 	ErrInvalidCredentialFlags     = errors.New("an invalid flag was specified for the flags parameter")
 	ErrInvalidCredentialParameter = errors.New("protected field does not match provided value for an existing credential")
 	ErrNoLogonSession             = errors.New("logon session does not exist or there is no credential set associated with this logon session")
+	sysErrInvalidCredentialFlags  = windows.Errno(windows.ERROR_INVALID_FLAGS)
+	sysErrNoSuchLogonSession      = windows.Errno(windows.ERROR_NO_SUCH_LOGON_SESSION)
 )
 
 func (k *keychainStore[T]) Delete(ctx context.Context, id store.ID) error {
@@ -179,6 +182,10 @@ func mapWindowsCredentialError(err error) error {
 		return ErrCredentialBadUsername
 	case wincred.ErrInvalidParameter:
 		return ErrInvalidCredentialParameter
+	case sysErrInvalidCredentialFlags:
+		return ErrInvalidCredentialFlags
+	case sysErrNoSuchLogonSession:
+		return ErrNoLogonSession
 	}
-	return nil
+	return err
 }