ReactOS  0.4.12-dev-418-g3df31a8
ntlm.c
Go to the documentation of this file.
1 /*
2  * Tests for the NTLM security provider
3  *
4  * Copyright 2005, 2006 Kai Blin
5  * Copyright 2006 Dmitry Timoshkov
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20  *
21  * The code that tests for the behaviour of ISC_REQ_ALLOCATE_MEMORY is based
22  * on code written by Dmitry Timoshkov.
23 
24  */
25 
26 #include <stdarg.h>
27 #include <stdio.h>
28 #include <assert.h>
29 #include <windef.h>
30 #include <winbase.h>
31 #define SECURITY_WIN32
32 #include <sspi.h>
33 #include <rpc.h>
34 #include <rpcdce.h>
35 #include <secext.h>
36 
37 #include "wine/test.h"
38 
39 #define NEGOTIATE_BASE_CAPS ( \
40  SECPKG_FLAG_INTEGRITY | \
41  SECPKG_FLAG_PRIVACY | \
42  SECPKG_FLAG_CONNECTION | \
43  SECPKG_FLAG_MULTI_REQUIRED | \
44  SECPKG_FLAG_EXTENDED_ERROR | \
45  SECPKG_FLAG_IMPERSONATION | \
46  SECPKG_FLAG_ACCEPT_WIN32_NAME | \
47  SECPKG_FLAG_NEGOTIABLE | \
48  SECPKG_FLAG_GSS_COMPATIBLE | \
49  SECPKG_FLAG_LOGON )
50 
51 #define NTLM_BASE_CAPS ( \
52  SECPKG_FLAG_INTEGRITY | \
53  SECPKG_FLAG_PRIVACY | \
54  SECPKG_FLAG_TOKEN_ONLY | \
55  SECPKG_FLAG_CONNECTION | \
56  SECPKG_FLAG_MULTI_REQUIRED | \
57  SECPKG_FLAG_IMPERSONATION | \
58  SECPKG_FLAG_ACCEPT_WIN32_NAME | \
59  SECPKG_FLAG_NEGOTIABLE | \
60  SECPKG_FLAG_LOGON )
61 
62 static HMODULE secdll;
63 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
64 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
65 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
66 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
68 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleW)(SEC_CHAR*, SEC_WCHAR*,
69  ULONG, PLUID, void*, SEC_GET_KEY_FN, void*, CredHandle*, TimeStamp*);
70 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
73 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
74 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
77 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
78 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
80 static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG,
82 static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc,
83  ULONG, PULONG);
84 static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG,
86 static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc,
87  ULONG, PULONG);
88 static BOOLEAN (WINAPI * pGetUserNameExA)(EXTENDED_NAME_FORMAT, LPSTR, PULONG);
89 
90 typedef struct _SspiData {
97 } SspiData;
98 
100  {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
101  0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
102  0x05, 0x82, 0x82, 0xa0, 0xe9, 0x58, 0x7f, 0x14, 0xa2, 0x86,
103  0x3b, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104  0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
105  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
106  0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
107  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
108  0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
109  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
110  0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
111  0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
112  0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
113  0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
114  0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
115 
117  {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
118  0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
119  0x05, 0x82, 0x82, 0xa0, 0xb5, 0x60, 0x8e, 0x95, 0xb5, 0x3c,
120  0xee, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121  0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
122  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
123  0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
124  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
125  0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
126  0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
127  0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
128  0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
129  0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
130  0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
131  0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
132 
134  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135  0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
136 
138  {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
139  0x6c, 0x64, 0x21};
140 
141 static const char message[] = "Hello, world!";
142 
143 static char message_header[] = "Header Test";
144 
146  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7,
147  0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};
148 
150  {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15,
151  0xa0, 0x31, 0xd9};
152 
154  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7,
155  0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4};
156 
158  {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc,
159  0xe1, 0xfa, 0xfe};
160 
162  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46,
163  0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e};
164 
166  {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0,
167  0x29, 0x66, 0xfd};
168 
170  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e,
171  0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3};
172 
174  {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c,
175  0x8b, 0x5f, 0x82};
176 
177 static char test_user[] = "testuser",
178  workgroup[] = "WORKGROUP",
179  test_pass[] = "testpass",
180  sec_pkg_name[] = "NTLM";
181 
182 static void InitFunctionPtrs(void)
183 {
184  secdll = LoadLibraryA("secur32.dll");
185  if(!secdll)
186  secdll = LoadLibraryA("security.dll");
187  if(secdll)
188  {
189  pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
190  pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
191  pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
192  pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
193  pAcquireCredentialsHandleW = (void*)GetProcAddress(secdll, "AcquireCredentialsHandleW");
194  pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
195  pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
196  pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
197  pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
198  pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
199  pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA");
200  pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature");
201  pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature");
202  pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage");
203  pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage");
204  pGetUserNameExA = (PVOID)GetProcAddress(secdll, "GetUserNameExA");
205  }
206 }
207 
208 static const char* getSecError(SECURITY_STATUS status)
209 {
210  static char buf[20];
211 
212 #define _SEC_ERR(x) case (x): return #x;
213  switch(status)
214  {
235  default:
236  sprintf(buf, "%08x\n", status);
237  return buf;
238  }
239 #undef _SEC_ERR
240 }
241 
242 /**********************************************************************/
243 
245 {
246 
249  sspi_data->max_token = sec_pkg_info->cbMaxToken;
250 
251  if(sspi_data->in_buf != NULL)
252  {
253  PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
254  sizeof(SecBuffer));
255  if(sec_buffer == NULL){
256  trace("in_buf: sec_buffer == NULL\n");
258  }
259 
261  sspi_data->in_buf->cBuffers = 1;
262  sspi_data->in_buf->pBuffers = sec_buffer;
263 
264  sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
265  sec_buffer->BufferType = SECBUFFER_TOKEN;
266  if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
267  sec_pkg_info->cbMaxToken)) == NULL)
268  {
269  trace("in_buf: sec_buffer->pvBuffer == NULL\n");
271  }
272  }
273  else
274  {
275  trace("HeapAlloc in_buf returned NULL\n");
277  }
278 
279  if(sspi_data->out_buf != NULL)
280  {
281  PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
282  sizeof(SecBuffer));
283 
284  if(sec_buffer == NULL){
285  trace("out_buf: sec_buffer == NULL\n");
287  }
288 
290  sspi_data->out_buf->cBuffers = 1;
291  sspi_data->out_buf->pBuffers = sec_buffer;
292 
293  sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
294  sec_buffer->BufferType = SECBUFFER_TOKEN;
295  if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
296  sec_pkg_info->cbMaxToken)) == NULL){
297  trace("out_buf: sec_buffer->pvBuffer == NULL\n");
299  }
300  }
301  else
302  {
303  trace("HeapAlloc out_buf returned NULL\n");
305  }
306 
307  return SEC_E_OK;
308 }
309 
310 /**********************************************************************/
311 
313 {
314  ULONG i;
315 
316  if(sspi_data->in_buf != NULL)
317  {
318  for(i = 0; i < sspi_data->in_buf->cBuffers; ++i)
319  {
320  HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers[i].pvBuffer);
321  }
322  HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers);
324  }
325 
326  if(sspi_data->out_buf != NULL)
327  {
328  for(i = 0; i < sspi_data->out_buf->cBuffers; ++i)
329  {
330  HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers[i].pvBuffer);
331  }
332  HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers);
334  }
335 }
336 
337 /**********************************************************************/
338 
340 {
342  TimeStamp ttl;
343  SecPkgInfoA *sec_pkg_info;
344 
345  trace("Running setupClient\n");
346 
347  ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
348 
349  ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
350 
351  setupBuffers(sspi_data, sec_pkg_info);
352  pFreeContextBuffer(sec_pkg_info);
353 
354  if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
355  NULL, sspi_data->id, NULL, NULL, &sspi_data->cred, &ttl))
356  != SEC_E_OK)
357  {
358  trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
359  }
360 
361  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
362  getSecError(ret));
363 
364  return ret;
365 }
366 /**********************************************************************/
367 
369 {
371  TimeStamp ttl;
372  SecPkgInfoA *sec_pkg_info;
373 
374  trace("Running setupServer\n");
375 
376  ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
377 
378  ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
379 
380  setupBuffers(sspi_data, sec_pkg_info);
381  pFreeContextBuffer(sec_pkg_info);
382 
383  if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
384  NULL, NULL, NULL, NULL, &sspi_data->cred, &ttl)) != SEC_E_OK)
385  {
386  trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
387  }
388 
389  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
390  getSecError(ret));
391 
392  return ret;
393 }
394 
395 /**********************************************************************/
396 
398 {
400  SecPkgInfoA *sec_pkg_info;
401 
402  trace("Running setupFakeServer\n");
403 
404  ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
405 
406  ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
407 
408  ret = setupBuffers(sspi_data, sec_pkg_info);
409  pFreeContextBuffer(sec_pkg_info);
410 
411  return ret;
412 }
413 
414 
415 /**********************************************************************/
416 
418 {
420  ULONG req_attr = 0;
421  ULONG ctxt_attr;
422  TimeStamp ttl;
423  PSecBufferDesc in_buf = sspi_data->in_buf;
424  PSecBufferDesc out_buf = sspi_data->out_buf;
425 
426  assert(in_buf->cBuffers >= 1);
427  assert(in_buf->pBuffers[0].pvBuffer != NULL);
428  assert(in_buf->pBuffers[0].cbBuffer != 0);
429 
430  assert(out_buf->cBuffers >= 1);
431  assert(out_buf->pBuffers[0].pvBuffer != NULL);
432  assert(out_buf->pBuffers[0].cbBuffer != 0);
433 
434  trace("Running the client the %s time.\n", first?"first":"second");
435 
436  /* We can either use ISC_REQ_ALLOCATE_MEMORY flag to ask the provider
437  * always allocate output buffers for us, or initialize cbBuffer
438  * before each call because the API changes it to represent actual
439  * amount of data in the buffer.
440  */
441 
442  /* test a failing call only the first time, otherwise we get
443  * SEC_E_OUT_OF_SEQUENCE
444  */
445  if (first)
446  {
447  void *old_buf;
448 
449  /* pass NULL as an output buffer */
450  ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr,
451  0, data_rep, NULL, 0, &sspi_data->ctxt, NULL,
452  &ctxt_attr, &ttl);
453 
454  ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
455 
456  /* pass NULL as an output buffer */
457  old_buf = out_buf->pBuffers[0].pvBuffer;
458  out_buf->pBuffers[0].pvBuffer = NULL;
459 
460  ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr,
461  0, data_rep, NULL, 0, &sspi_data->ctxt, out_buf,
462  &ctxt_attr, &ttl);
463 
465  "expected SEC_E_INTERNAL_ERROR or SEC_I_CONTINUE_NEEDED, got %s\n", getSecError(ret));
466 
467  out_buf->pBuffers[0].pvBuffer = old_buf;
468 
469  /* pass an output buffer of 0 size */
470  out_buf->pBuffers[0].cbBuffer = 0;
471 
472  ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr,
473  0, data_rep, NULL, 0, &sspi_data->ctxt, out_buf,
474  &ctxt_attr, &ttl);
475 
476  ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
477 
478  ok(out_buf->pBuffers[0].cbBuffer == 0,
479  "InitializeSecurityContext set buffer size to %u\n", out_buf->pBuffers[0].cbBuffer);
480 
481  out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
482  out_buf->pBuffers[0].BufferType = SECBUFFER_DATA;
483 
484  ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr,
485  0, data_rep, NULL, 0, &sspi_data->ctxt, out_buf,
486  &ctxt_attr, &ttl);
487 
488  ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
489  out_buf->pBuffers[0].BufferType = SECBUFFER_TOKEN;
490  }
491 
492  out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
493 
494  ret = pInitializeSecurityContextA(first?&sspi_data->cred:NULL, first?NULL:&sspi_data->ctxt, NULL, req_attr,
495  0, data_rep, first?NULL:in_buf, 0, &sspi_data->ctxt, out_buf,
496  &ctxt_attr, &ttl);
497 
499  {
500  pCompleteAuthToken(&sspi_data->ctxt, out_buf);
503  else if(ret == SEC_I_COMPLETE_NEEDED)
504  ret = SEC_E_OK;
505  }
506 
507  ok(out_buf->pBuffers[0].BufferType == SECBUFFER_TOKEN,
508  "buffer type was changed from SECBUFFER_TOKEN to %d\n", out_buf->pBuffers[0].BufferType);
509  ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
510  "InitializeSecurityContext set buffer size to %u\n", out_buf->pBuffers[0].cbBuffer);
511 
512  return ret;
513 }
514 
515 /**********************************************************************/
516 
518 {
520  ULONG ctxt_attr;
521  TimeStamp ttl;
522 
523  trace("Running the server the %s time\n", first?"first":"second");
524 
525  ret = pAcceptSecurityContext(&sspi_data->cred, first?NULL:&sspi_data->ctxt,
526  sspi_data->in_buf, 0, data_rep, &sspi_data->ctxt,
527  sspi_data->out_buf, &ctxt_attr, &ttl);
528 
530  {
531  pCompleteAuthToken(&sspi_data->ctxt, sspi_data->out_buf);
534  else if(ret == SEC_I_COMPLETE_NEEDED)
535  ret = SEC_E_OK;
536  }
537 
538  return ret;
539 }
540 
541 /**********************************************************************/
542 
544 {
545  trace("Running the fake server the %s time\n", first?"first":"second");
546 
547  if(!first)
548  {
549  sspi_data->out_buf->pBuffers[0].cbBuffer = 0;
550  return SEC_E_OK;
551  }
552 
553  if(data_rep == SECURITY_NATIVE_DREP)
554  {
555  sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(native_challenge);
556  memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, native_challenge,
557  sspi_data->out_buf->pBuffers[0].cbBuffer);
558  }
559  else
560  {
561  sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(network_challenge);
562  memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, network_challenge,
563  sspi_data->out_buf->pBuffers[0].cbBuffer);
564  }
565 
566  return SEC_I_CONTINUE_NEEDED;
567 }
568 
569 /**********************************************************************/
570 
571 static void communicate(SspiData *from, SspiData *to)
572 {
573  if(from->out_buf != NULL && to->in_buf != NULL)
574  {
575  trace("Running communicate.\n");
576  if((from->out_buf->cBuffers >= 1) && (to->in_buf->cBuffers >= 1))
577  {
578  if((from->out_buf->pBuffers[0].pvBuffer != NULL) &&
579  (to->in_buf->pBuffers[0].pvBuffer != NULL))
580  {
581  memset(to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token);
582 
583  memcpy(to->in_buf->pBuffers[0].pvBuffer,
584  from->out_buf->pBuffers[0].pvBuffer,
585  from->out_buf->pBuffers[0].cbBuffer);
586 
587  to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
588 
589  memset(from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token);
590  }
591  }
592  }
593 }
594 
595 /**********************************************************************/
597 {
598  SECURITY_STATUS sec_status;
599  PSecPkgInfoA pkg_info = NULL;
600  SspiData client = {{0}};
602  ULONG req_attr, ctxt_attr;
603  TimeStamp ttl;
604  PBYTE packet;
605 
606  if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
607  {
608  ok(0, "NTLM package not installed, skipping test.\n");
609  return;
610  }
611 
612  pFreeContextBuffer(pkg_info);
613  id.User = (unsigned char*) test_user;
614  id.UserLength = strlen((char *) id.User);
615  id.Domain = (unsigned char *) workgroup;
616  id.DomainLength = strlen((char *) id.Domain);
617  id.Password = (unsigned char*) test_pass;
618  id.PasswordLength = strlen((char *) id.Password);
619  id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
620 
621  client.id = &id;
622 
623  if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK)
624  {
625  skip("Setting up the client returned %s, skipping test!\n",
626  getSecError(sec_status));
627  return;
628  }
629 
630  packet = client.out_buf->pBuffers[0].pvBuffer;
631 
632  /* Due to how the requesting of the flags is implemented in ntlm_auth,
633  * the tests need to be in this order, as there is no way to specify
634  * "I request no special features" in ntlm_auth */
635 
636  /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/
637  req_attr = 0;
638 
639  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
640  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
641  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
642  {
643  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
644  getSecError(sec_status));
645  goto tISCFend;
646  }
647 
648  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
649  "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n",
650  packet[15], packet[14], packet[13], packet[12]);
651  pDeleteSecurityContext(&client.ctxt);
652 
653  /* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/
654  req_attr = ISC_REQ_CONNECTION;
655 
656  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
657  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
658  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
659  {
660  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
661  getSecError(sec_status));
662  goto tISCFend;
663  }
664 
665  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
666  "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n",
667  packet[15], packet[14], packet[13], packet[12]);
668  pDeleteSecurityContext(&client.ctxt);
669 
670  /* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/
671  req_attr = ISC_REQ_EXTENDED_ERROR;
672 
673  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
674  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
675  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
676  {
677  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
678  getSecError(sec_status));
679  goto tISCFend;
680  }
681 
682  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
683  "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n",
684  packet[15], packet[14], packet[13], packet[12]);
685  pDeleteSecurityContext(&client.ctxt);
686 
687  /* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/
688  req_attr = ISC_REQ_MUTUAL_AUTH;
689 
690  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
691  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
692  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
693  {
694  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
695  getSecError(sec_status));
696  goto tISCFend;
697  }
698 
699  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
700  "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n",
701  packet[15], packet[14], packet[13], packet[12]);
702  pDeleteSecurityContext(&client.ctxt);
703 
704  /* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/
705  req_attr = ISC_REQ_USE_DCE_STYLE;
706 
707  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
708  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
709  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
710  {
711  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
712  getSecError(sec_status));
713  goto tISCFend;
714  }
715 
716  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
717  "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n",
718  packet[15], packet[14], packet[13], packet[12]);
719  pDeleteSecurityContext(&client.ctxt);
720 
721  /* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/
722  req_attr = ISC_REQ_DELEGATE;
723 
724  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
725  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
726  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
727  {
728  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
729  getSecError(sec_status));
730  goto tISCFend;
731  }
732 
733  ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
734  "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n",
735  packet[15], packet[14], packet[13], packet[12]);
736  pDeleteSecurityContext(&client.ctxt);
737 
738  /* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */
739  req_attr = ISC_REQ_INTEGRITY;
740 
741  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
742  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
743  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
744  {
745  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
746  getSecError(sec_status));
747  goto tISCFend;
748  }
749 
750  ok((packet[12] & 0x10) != 0,
751  "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n",
752  packet[15], packet[14], packet[13], packet[12]);
753  pDeleteSecurityContext(&client.ctxt);
754 
755  /* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */
756  req_attr = ISC_REQ_REPLAY_DETECT;
757 
758  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
759  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
760  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
761  {
762  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
763  getSecError(sec_status));
764  goto tISCFend;
765  }
766 
767  ok((packet[12] & 0x10) != 0,
768  "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n",
769  packet[15], packet[14], packet[13], packet[12]);
770  pDeleteSecurityContext(&client.ctxt);
771 
772  /* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */
773  req_attr = ISC_REQ_SEQUENCE_DETECT;
774 
775  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
776  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
777  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
778  {
779  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
780  getSecError(sec_status));
781  goto tISCFend;
782  }
783 
784  ok((packet[12] & 0x10) != 0,
785  "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n",
786  packet[15], packet[14], packet[13], packet[12]);
787  pDeleteSecurityContext(&client.ctxt);
788 
789  /* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */
790  req_attr = ISC_REQ_CONFIDENTIALITY;
791 
792  if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr,
793  0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf,
794  &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
795  {
796  trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
797  getSecError(sec_status));
798  goto tISCFend;
799  }
800 
801  ok((packet[12] & 0x20) != 0,
802  "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n",
803  packet[15], packet[14], packet[13], packet[12]);
804  pDeleteSecurityContext(&client.ctxt);
805 
806 tISCFend:
808  pFreeCredentialsHandle(&client.cred);
809 }
810 
811 /**********************************************************************/
812 
813 static void testAuth(ULONG data_rep, BOOL fake)
814 {
817  SECURITY_STATUS sec_status;
818  PSecPkgInfoA pkg_info = NULL;
819  BOOL first = TRUE;
820  SspiData client = {{0}}, server = {{0}};
822  SecPkgContext_Sizes ctxt_sizes;
824  SecPkgInfoA *pi;
825 
826  if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)!= SEC_E_OK)
827  {
828  ok(0, "NTLM package not installed, skipping test.\n");
829  return;
830  }
831 
832  pFreeContextBuffer(pkg_info);
833  id.User = (unsigned char*) test_user;
834  id.UserLength = strlen((char *) id.User);
835  id.Domain = (unsigned char *) workgroup;
836  id.DomainLength = strlen((char *) id.Domain);
837  id.Password = (unsigned char*) test_pass;
838  id.PasswordLength = strlen((char *) id.Password);
839  id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
840 
841  client.id = &id;
842 
843  sec_status = setupClient(&client, sec_pkg_name);
844 
845  if(sec_status != SEC_E_OK)
846  {
847  skip("Error: Setting up the client returned %s, exiting test!\n",
848  getSecError(sec_status));
849  pFreeCredentialsHandle(&client.cred);
850  return;
851  }
852 
853  if(fake)
854  sec_status = setupFakeServer(&server, sec_pkg_name);
855  else
856  sec_status = setupServer(&server, sec_pkg_name);
857 
858  if(sec_status != SEC_E_OK)
859  {
860  skip("Error: Setting up the server returned %s, exiting test!\n",
861  getSecError(sec_status));
862  pFreeCredentialsHandle(&server.cred);
863  pFreeCredentialsHandle(&client.cred);
864  return;
865  }
866 
867  while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
868  {
869  client_stat = runClient(&client, first, data_rep);
870 
871  ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
872  "Running the client returned %s, more tests will fail.\n",
873  getSecError(client_stat));
874 
876 
877  if(fake)
878  server_stat = runFakeServer(&server, first, data_rep);
879  else
880  server_stat = runServer(&server, first, data_rep);
881 
882  ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED ||
883  server_stat == SEC_E_LOGON_DENIED,
884  "Running the server returned %s, more tests will fail from now.\n",
885  getSecError(server_stat));
886 
888  trace("Looping\n");
889  first = FALSE;
890  }
891 
892  if(client_stat != SEC_E_OK)
893  {
894  skip("Authentication failed, skipping test.\n");
895  goto tAuthend;
896  }
897 
898  sec_status = pQueryContextAttributesA(&client.ctxt,
899  SECPKG_ATTR_SIZES, &ctxt_sizes);
900 
901  ok(sec_status == SEC_E_OK,
902  "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n",
903  getSecError(sec_status));
904  ok((ctxt_sizes.cbMaxToken == 1904) || (ctxt_sizes.cbMaxToken == 2888),
905  "cbMaxToken should be 1904 or 2888 but is %u\n",
906  ctxt_sizes.cbMaxToken);
907  ok(ctxt_sizes.cbMaxSignature == 16,
908  "cbMaxSignature should be 16 but is %u\n",
909  ctxt_sizes.cbMaxSignature);
910  ok(ctxt_sizes.cbSecurityTrailer == 16,
911  "cbSecurityTrailer should be 16 but is %u\n",
912  ctxt_sizes.cbSecurityTrailer);
913  ok(ctxt_sizes.cbBlockSize == 0,
914  "cbBlockSize should be 0 but is %u\n",
915  ctxt_sizes.cbBlockSize);
916 
917  memset(&info, 0, sizeof(info));
919  ok(sec_status == SEC_E_OK, "QueryContextAttributesA returned %08x\n", sec_status);
920 
921  pi = info.PackageInfo;
922  ok(info.NegotiationState == SECPKG_NEGOTIATION_COMPLETE, "got %u\n", info.NegotiationState);
923  ok(pi != NULL, "expected non-NULL PackageInfo\n");
924  if (pi)
925  {
926  UINT expected, got;
927  char *eob;
928 
929  ok(pi->fCapabilities == NTLM_BASE_CAPS ||
931  pi->fCapabilities == (NTLM_BASE_CAPS|SECPKG_FLAG_RESTRICTED_TOKENS) ||
934  "got %08x\n", pi->fCapabilities);
935  ok(pi->wVersion == 1, "got %u\n", pi->wVersion);
936  ok(pi->wRPCID == RPC_C_AUTHN_WINNT, "got %u\n", pi->wRPCID);
937  ok(!lstrcmpA( pi->Name, "NTLM" ), "got %s\n", pi->Name);
938 
939  expected = sizeof(*pi) + lstrlenA(pi->Name) + 1 + lstrlenA(pi->Comment) + 1;
940  got = HeapSize(GetProcessHeap(), 0, pi);
941  ok(got == expected, "got %u, expected %u\n", got, expected);
942  eob = (char *)pi + expected;
943  ok(pi->Name + lstrlenA(pi->Name) < eob, "Name doesn't fit into allocated block\n");
944  ok(pi->Comment + lstrlenA(pi->Comment) < eob, "Comment doesn't fit into allocated block\n");
945 
946  sec_status = FreeContextBuffer(pi);
947  ok(sec_status == SEC_E_OK, "FreeContextBuffer error %#x\n", sec_status);
948  }
949 
950 tAuthend:
953 
954  if(!fake)
955  {
956  sec_status = pDeleteSecurityContext(&server.ctxt);
957  ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
958  getSecError(sec_status));
959  }
960 
961  sec_status = pDeleteSecurityContext(&client.ctxt);
962  ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
963  getSecError(sec_status));
964 
965  if(!fake)
966  {
967  sec_status = pFreeCredentialsHandle(&server.cred);
968  ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
969  getSecError(sec_status));
970  }
971 
972  sec_status = pFreeCredentialsHandle(&client.cred);
973  ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
974  getSecError(sec_status));
975 }
976 
977 static void testSignSeal(void)
978 {
981  SECURITY_STATUS sec_status;
982  PSecPkgInfoA pkg_info = NULL;
983  BOOL first = TRUE;
984  SspiData client = {{0}}, server = {{0}};
986  static char sec_pkg_name[] = "NTLM";
987  SecBufferDesc crypt;
988  SecBuffer data[2], fake_data[2], complex_data[4];
989  ULONG qop = 0xdeadbeef;
990  SecPkgContext_Sizes ctxt_sizes;
991 
992  complex_data[1].pvBuffer = complex_data[3].pvBuffer = NULL;
993 
994  /****************************************************************
995  * This is basically the same as in testAuth with a fake server,
996  * as we need a valid, authenticated context.
997  */
998  if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
999  {
1000  ok(0, "NTLM package not installed, skipping test.\n");
1001  return;
1002  }
1003 
1004  pFreeContextBuffer(pkg_info);
1005  id.User = (unsigned char*) test_user;
1006  id.UserLength = strlen((char *) id.User);
1007  id.Domain = (unsigned char *) workgroup;
1008  id.DomainLength = strlen((char *) id.Domain);
1009  id.Password = (unsigned char*) test_pass;
1010  id.PasswordLength = strlen((char *) id.Password);
1011  id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1012 
1013  client.id = &id;
1014 
1015  sec_status = setupClient(&client, sec_pkg_name);
1016 
1017  if(sec_status != SEC_E_OK)
1018  {
1019  skip("Error: Setting up the client returned %s, exiting test!\n",
1020  getSecError(sec_status));
1021  pFreeCredentialsHandle(&client.cred);
1022  return;
1023  }
1024 
1025  sec_status = setupFakeServer(&server, sec_pkg_name);
1026  ok(sec_status == SEC_E_OK, "setupFakeServer returned %s\n", getSecError(sec_status));
1027 
1028  while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
1029  {
1030  client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);
1031 
1032  ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
1033  "Running the client returned %s, more tests will fail.\n",
1034  getSecError(client_stat));
1035 
1037 
1038  server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP);
1039 
1041  trace("Looping\n");
1042  first = FALSE;
1043  }
1044 
1045  if(client_stat != SEC_E_OK)
1046  {
1047  skip("Authentication failed, skipping test.\n");
1048  goto end;
1049  }
1050 
1051  /********************************************
1052  * Now start with the actual testing *
1053  ********************************************/
1054 
1056  &ctxt_sizes) != SEC_E_OK)
1057  {
1058  skip("Failed to get context sizes, aborting test.\n");
1059  goto end;
1060  }
1061 
1062  crypt.ulVersion = SECBUFFER_VERSION;
1063  crypt.cBuffers = 2;
1064 
1065  crypt.pBuffers = fake_data;
1066 
1067  fake_data[0].BufferType = SECBUFFER_DATA;
1068  fake_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1069  fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
1070 
1071  fake_data[1].BufferType = SECBUFFER_DATA;
1072  fake_data[1].cbBuffer = lstrlenA(message);
1073  fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
1074 
1075  sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
1076  ok(sec_status == SEC_E_INVALID_TOKEN,
1077  "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n",
1078  getSecError(sec_status));
1079 
1080  crypt.pBuffers = data;
1081 
1082  data[0].BufferType = SECBUFFER_TOKEN;
1083  data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1084  data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
1085 
1086  data[1].BufferType = SECBUFFER_DATA;
1087  data[1].cbBuffer = lstrlenA(message);
1088  data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1089  memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
1090 
1091  /* As we forced NTLM to fall back to a password-derived session key,
1092  * we should get the same signature for our data, no matter if
1093  * it is sent by the client or the server
1094  */
1095  sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
1096  ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1097  getSecError(sec_status));
1098  ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature,
1099  crypt.pBuffers[0].cbBuffer), "Signature is not as expected.\n");
1100 
1101  data[0].cbBuffer = sizeof(message_signature);
1102 
1103  memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
1104 
1105  sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop);
1106  ok(sec_status == SEC_E_MESSAGE_ALTERED,
1107  "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
1108  getSecError(sec_status));
1109  ok(qop == 0xdeadbeef, "qop changed to %u\n", qop);
1110 
1111  memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
1112  sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop);
1113  ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
1114  getSecError(sec_status));
1115  ok(qop == 0xdeadbeef, "qop changed to %u\n", qop);
1116 
1117  sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0);
1118  if (sec_status == SEC_E_UNSUPPORTED_FUNCTION)
1119  {
1120  skip("Encrypt message returned SEC_E_UNSUPPORTED_FUNCTION. "
1121  "Expected on Vista.\n");
1122  goto end;
1123  }
1124  ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1125  getSecError(sec_status));
1126 
1127  /* first 8 bytes must always be the same */
1128  ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, 8), "Crypt trailer not as expected.\n");
1129 
1130  /* the rest depends on the session key */
1131  if (!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, crypt.pBuffers[0].cbBuffer))
1132  {
1133  ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
1134  crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
1135  ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1136  crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1137  if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1138  crypt.pBuffers[1].cbBuffer))
1139  {
1140  int i;
1141  for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++)
1142  {
1143  if (i % 8 == 0) printf(" ");
1144  printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]);
1145  if (i % 8 == 7) printf("\n");
1146  }
1147  printf("\n");
1148  }
1149 
1150  data[0].cbBuffer = sizeof(crypt_trailer_server);
1151  data[1].cbBuffer = sizeof(crypt_message_server);
1152  memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
1153  memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
1154 
1155  sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop);
1156 
1157  ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1158  getSecError(sec_status));
1159  ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
1160  crypt.pBuffers[1].cbBuffer),
1161  "Failed to decrypt message correctly.\n");
1162  ok(qop == 0xdeadbeef, "qop changed to %u\n", qop);
1163  }
1164  else trace( "A different session key is being used\n" );
1165 
1166  trace("Testing with more than one buffer.\n");
1167 
1168  crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
1169  crypt.pBuffers = complex_data;
1170 
1172  complex_data[0].cbBuffer = sizeof(message_header);
1173  complex_data[0].pvBuffer = message_header;
1174 
1175  complex_data[1].BufferType = SECBUFFER_DATA;
1176  complex_data[1].cbBuffer = lstrlenA(message);
1177  complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1178  memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
1179 
1181  complex_data[2].cbBuffer = sizeof(message_header);
1182  complex_data[2].pvBuffer = message_header;
1183 
1184  complex_data[3].BufferType = SECBUFFER_TOKEN;
1185  complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1186  complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
1187 
1188  /* We should get a dummy signature again. */
1189  sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
1190  ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1191  getSecError(sec_status));
1192  ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
1193  crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
1194 
1195  /* Being a dummy signature, it will verify right away, as if the server
1196  * sent it */
1197  sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop);
1198  ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
1199  getSecError(sec_status));
1200  ok(qop == 0xdeadbeef, "qop changed to %u\n", qop);
1201 
1202  sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0);
1203  ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1204  getSecError(sec_status));
1205 
1206  ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2, 8), "Crypt trailer not as expected.\n");
1207 
1208  if (memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
1209  crypt.pBuffers[3].cbBuffer)) goto end;
1210 
1211  ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1212  crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1213  if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1214  crypt.pBuffers[1].cbBuffer))
1215  {
1216  int i;
1217  for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++)
1218  {
1219  if (i % 8 == 0) printf(" ");
1220  printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]);
1221  if (i % 8 == 7) printf("\n");
1222  }
1223  printf("\n");
1224  }
1225 
1226  memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
1227  memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
1228 
1229  sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop);
1230  ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1231  getSecError(sec_status));
1232  ok(qop == 0xdeadbeef, "qop changed to %u\n", qop);
1233 
1234 
1235 end:
1238 
1239  pDeleteSecurityContext(&client.ctxt);
1240  pFreeCredentialsHandle(&client.cred);
1241 
1242  HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer);
1243  HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
1244 }
1245 
1247 {
1248  CredHandle cred;
1249  TimeStamp ttl;
1252  PSecPkgInfoA pkg_info = NULL;
1253 
1254  if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1255  {
1256  ok(0, "NTLM package not installed, skipping test\n");
1257  return FALSE;
1258  }
1259  pFreeContextBuffer(pkg_info);
1260 
1261  id.User = (unsigned char*) test_user;
1262  id.UserLength = strlen((char *) id.User);
1263  id.Domain = (unsigned char *) workgroup;
1264  id.DomainLength = strlen((char *) id.Domain);
1265  id.Password = (unsigned char*) test_pass;
1266  id.PasswordLength = strlen((char *) id.Password);
1267  id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1268 
1269  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1270  NULL, &id, NULL, NULL, &cred, &ttl);
1271  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1272  getSecError(ret));
1273  pFreeCredentialsHandle(&cred);
1274 
1275  id.DomainLength = 0;
1276  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1277  NULL, &id, NULL, NULL, &cred, &ttl);
1278  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1279  getSecError(ret));
1280  pFreeCredentialsHandle(&cred);
1281 
1282  id.Domain = NULL;
1283  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1284  NULL, &id, NULL, NULL, &cred, &ttl);
1285  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1286  getSecError(ret));
1287  pFreeCredentialsHandle(&cred);
1288 
1289  id.Domain = (unsigned char *) workgroup;
1290  id.DomainLength = strlen((char *) id.Domain);
1291  id.UserLength = 0;
1292  id.User = NULL;
1293  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1294  NULL, &id, NULL, NULL, &cred, &ttl);
1295  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1296  getSecError(ret));
1297  pFreeCredentialsHandle(&cred);
1298 
1299  id.User = (unsigned char*) test_user;
1300  id.UserLength = strlen((char *) id.User);
1301  id.Password = NULL;
1302  id.PasswordLength = 0;
1303  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1304  NULL, &id, NULL, NULL, &cred, &ttl);
1305  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1306  getSecError(ret));
1307  pFreeCredentialsHandle(&cred);
1308  return TRUE;
1309 }
1310 
1312 {
1313  CredHandle cred;
1314  TimeStamp ttl;
1315  static WCHAR sec_pkg_nameW[] = {'N','T','L','M',0 };
1316  static WCHAR test_userW[] = {'t','e','s','t','u','s','e','r',0 };
1317  static WCHAR workgroupW[] = {'W','O','R','K','G','R','O','U','P',0};
1318  static WCHAR test_passW[] = {'t','e','s','t','p','a','s','s',0};
1322  PSecPkgInfoA pkg_info = NULL;
1323 
1324  if(!pAcquireCredentialsHandleW)
1325  {
1326  win_skip("AcquireCredentialsHandleW not available\n");
1327  return;
1328  }
1329 
1330  if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1331  {
1332  ok(0, "NTLM package not installed, skipping test\n");
1333  return;
1334  }
1335  pFreeContextBuffer(pkg_info);
1336 
1337  id.User = test_userW;
1338  id.UserLength = lstrlenW(test_userW);
1339  id.Domain = workgroupW;
1340  id.DomainLength = lstrlenW(workgroupW);
1341  id.Password = test_passW;
1342  id.PasswordLength = lstrlenW(test_passW);
1344 
1345  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1346  NULL, &id, NULL, NULL, &cred, &ttl);
1347  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1348  getSecError(ret));
1349  pFreeCredentialsHandle(&cred);
1350 
1351  id.DomainLength = 0;
1352  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1353  NULL, &id, NULL, NULL, &cred, &ttl);
1354  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1355  getSecError(ret));
1356  pFreeCredentialsHandle(&cred);
1357 
1358  id.Domain = NULL;
1359  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1360  NULL, &id, NULL, NULL, &cred, &ttl);
1361  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1362  getSecError(ret));
1363  pFreeCredentialsHandle(&cred);
1364 
1365  id.Domain = workgroupW;
1366  id.DomainLength = lstrlenW(workgroupW);
1367  id.UserLength = 0;
1368  id.User = NULL;
1369  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1370  NULL, &id, NULL, NULL, &cred, &ttl);
1371  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1372  getSecError(ret));
1373  pFreeCredentialsHandle(&cred);
1374 
1375  id.User = test_userW;
1376  id.UserLength = lstrlenW(test_userW);
1377  id.Password = test_passW; /* NULL string causes a crash. */
1378  id.PasswordLength = 0;
1379  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1380  NULL, &id, NULL, NULL, &cred, &ttl);
1381  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1382  getSecError(ret));
1383  pFreeCredentialsHandle(&cred);
1384 
1385  /* Test using the ASCII structure. */
1386  idA.User = (unsigned char*) test_user;
1387  idA.UserLength = strlen(test_user);
1388  idA.Domain = (unsigned char *) workgroup;
1389  idA.DomainLength = strlen(workgroup);
1390  idA.Password = (unsigned char*) test_pass;
1393 
1394  ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND,
1395  NULL, &idA, NULL, NULL, &cred, &ttl);
1396  ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n",
1397  getSecError(ret));
1398  pFreeCredentialsHandle(&cred);
1399 }
1400 
1401 static void test_cred_multiple_use(void)
1402 {
1405  PSecPkgInfoA pkg_info = NULL;
1406  CredHandle cred;
1407  CtxtHandle ctxt1 = {0};
1408  CtxtHandle ctxt2 = {0};
1409  SecBufferDesc buffer_desc;
1410  SecBuffer buffers[1];
1411  ULONG ctxt_attr;
1412  TimeStamp ttl;
1413 
1414  if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1415  {
1416  ok(0, "NTLM package not installed, skipping test\n");
1417  return;
1418  }
1419  buffers[0].cbBuffer = pkg_info->cbMaxToken;
1420  buffers[0].BufferType = SECBUFFER_TOKEN;
1421  buffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, buffers[0].cbBuffer);
1422 
1423  pFreeContextBuffer(pkg_info);
1424 
1425  id.User = (unsigned char*) test_user;
1426  id.UserLength = strlen((char *) id.User);
1427  id.Domain = (unsigned char *) workgroup;
1428  id.DomainLength = strlen((char *) id.Domain);
1429  id.Password = (unsigned char*) test_pass;
1430  id.PasswordLength = strlen((char *) id.Password);
1431  id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1432 
1433  ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1434  NULL, &id, NULL, NULL, &cred, &ttl);
1435  ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n",
1436  getSecError(ret));
1437 
1438  buffer_desc.ulVersion = SECBUFFER_VERSION;
1439  buffer_desc.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
1440  buffer_desc.pBuffers = buffers;
1441 
1442  ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION,
1443  0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt1, &buffer_desc,
1444  &ctxt_attr, &ttl);
1445  ok(ret == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed with error 0x%x\n", ret);
1446 
1447  ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION,
1448  0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt2, &buffer_desc,
1449  &ctxt_attr, &ttl);
1450  ok(ret == SEC_I_CONTINUE_NEEDED, "Second InitializeSecurityContextA on cred handle failed with error 0x%x\n", ret);
1451 
1452  ret = pDeleteSecurityContext(&ctxt1);
1453  ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret);
1454  ret = pDeleteSecurityContext(&ctxt2);
1455  ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret);
1456  ret = pFreeCredentialsHandle(&cred);
1457  ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%x\n", ret);
1458 
1459  HeapFree(GetProcessHeap(), 0, buffers[0].pvBuffer);
1460 }
1461 
1462 static void test_null_auth_data(void)
1463 {
1466  CredHandle cred;
1467  CtxtHandle ctx = {0};
1468  SecBufferDesc buffer_desc;
1469  SecBuffer buffers[1];
1470  char user[256];
1471  TimeStamp ttl;
1472  ULONG attr, size;
1473  BOOLEAN ret;
1474 
1475  if(pQuerySecurityPackageInfoA((SEC_CHAR *)"NTLM", &info) != SEC_E_OK)
1476  {
1477  ok(0, "NTLM package not installed, skipping test\n");
1478  return;
1479  }
1480 
1481  status = pAcquireCredentialsHandleA(NULL, (SEC_CHAR *)"NTLM", SECPKG_CRED_OUTBOUND,
1482  NULL, NULL, NULL, NULL, &cred, &ttl);
1483  ok(status == SEC_E_OK, "AcquireCredentialsHandle() failed %s\n", getSecError(status));
1484 
1485  buffers[0].cbBuffer = info->cbMaxToken;
1486  buffers[0].BufferType = SECBUFFER_TOKEN;
1487  buffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, buffers[0].cbBuffer);
1488 
1489  buffer_desc.ulVersion = SECBUFFER_VERSION;
1490  buffer_desc.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
1491  buffer_desc.pBuffers = buffers;
1492 
1493  size = sizeof(user);
1494  ret = pGetUserNameExA(NameSamCompatible, user, &size);
1495  ok(ret, "GetUserNameExA failed %u\n", GetLastError());
1496 
1497  status = pInitializeSecurityContextA(&cred, NULL, (SEC_CHAR *)user,
1499  NULL, 0, &ctx, &buffer_desc, &attr, &ttl);
1500  ok(status == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed %s\n", getSecError(status));
1501 
1502  ret = pDeleteSecurityContext(&ctx);
1503  ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret);
1504  ret = pFreeCredentialsHandle(&cred);
1505  ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%x\n", ret);
1506 
1507  pFreeContextBuffer(info);
1508  HeapFree(GetProcessHeap(), 0, buffers[0].pvBuffer);
1509 }
1510 
1512 {
1513  InitFunctionPtrs();
1514 
1515  if(pFreeCredentialsHandle && pDeleteSecurityContext &&
1516  pAcquireCredentialsHandleA && pInitializeSecurityContextA &&
1517  pCompleteAuthToken && pQuerySecurityPackageInfoA)
1518  {
1520 
1522  goto cleanup;
1524  if(pAcceptSecurityContext)
1525  {
1530  }
1531  if(pMakeSignature && pVerifySignature && pEncryptMessage &&
1532  pDecryptMessage)
1533  testSignSeal();
1534 
1536  if (pGetUserNameExA) test_null_auth_data();
1537  }
1538  else
1539  win_skip("Needed functions are not available\n");
1540 
1541 cleanup:
1542  if(secdll)
1544 }
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:351
#define SEC_E_SECPKG_NOT_FOUND
Definition: winerror.h:2914
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
#define SEC_E_NOT_OWNER
Definition: winerror.h:2915
PSEC_WINNT_AUTH_IDENTITY_A id
Definition: ntlm.c:95
#define trace(...)
Definition: kmt_test.h:217
#define RPC_C_AUTHN_WINNT
Definition: rpcdce.h:158
Definition: tftpd.h:59
static BYTE message_binary[]
Definition: ntlm.c:137
static BYTE network_challenge[]
Definition: ntlm.c:99
#define TRUE
Definition: types.h:120
static SEC_WCHAR void void CredHandle TimeStamp *static SEC_CHAR PSecBufferDesc
Definition: ntlm.c:70
#define SECPKG_CRED_OUTBOUND
Definition: sspi.h:277
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:47
static LPSTR
Definition: ntlm.c:88
static rfbScreenInfoPtr server
Definition: vnc.c:74
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
static BYTE crypt_message_client[]
Definition: ntlm.c:149
static BYTE crypt_message_server[]
Definition: ntlm.c:165
UCHAR packet[_PAGE_SIZE]
Definition: serial.c:53
WCHAR SEC_WCHAR
Definition: sspi.h:29
#define SECPKG_NEGOTIATION_COMPLETE
Definition: sspi.h:687
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:362
ULONG max_token
Definition: ntlm.c:96
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
SECURITY_STATUS WINAPI FreeContextBuffer(PVOID pv)
Definition: sspi.c:699
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
static BYTE crypt_trailer_server[]
Definition: ntlm.c:161
static void communicate(SspiData *from, SspiData *to)
Definition: ntlm.c:571
static BYTE native_challenge[]
Definition: ntlm.c:116
__wchar_t WCHAR
Definition: xmlstorage.h:180
static PSecPkgInfoA *static SEC_CHAR PTimeStamp
Definition: ntlm.c:66
ULONG ulVersion
Definition: sspi.h:167
PSecBufferDesc out_buf
Definition: ntlm.c:94
const GLint * first
Definition: glext.h:5794
PSecBufferDesc out_buf
Definition: negotiate.c:62
static const char * getSecError(SECURITY_STATUS status)
Definition: ntlm.c:208
#define SECPKG_FLAG_RESTRICTED_TOKENS
Definition: sspi.h:132
static BOOL testAcquireCredentialsHandle(void)
Definition: ntlm.c:1246
#define SEC_E_OUT_OF_SEQUENCE
Definition: winerror.h:2925
static void InitFunctionPtrs(void)
Definition: ntlm.c:182
int WINAPI lstrcmpA(LPCSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:18
#define SECBUFFER_DATA
Definition: sspi.h:146
#define assert(x)
Definition: debug.h:53
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider)
Definition: ntlm.c:339
static char test_user[]
Definition: ntlm.c:177
#define ISC_REQ_DELEGATE
Definition: sspi.h:348
const GLuint * buffers
Definition: glext.h:5916
GLuint GLuint end
Definition: gl.h:1545
static SECURITY_STATUS(SEC_ENTRY *pFreeContextBuffer)(PVOID pv)
#define SEC_E_MESSAGE_ALTERED
Definition: winerror.h:2924
static PSecPkgInfoA *static SEC_CHAR SEC_GET_KEY_FN
Definition: ntlm.c:66
ULONG cbBlockSize
Definition: sspi.h:549
#define SEC_E_UNSUPPORTED_FUNCTION
Definition: winerror.h:2911
#define lstrlenW
Definition: compat.h:407
SIZE_T WINAPI HeapSize(HANDLE, DWORD, LPCVOID)
static char sec_pkg_name[]
Definition: ntlm.c:180
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM
Definition: sspi.h:131
struct _test_info info[]
Definition: SetCursorPos.c:19
#define SEC_E_LOGON_DENIED
Definition: winerror.h:2921
ULONG cbMaxSignature
Definition: sspi.h:548
#define sprintf(buf, format,...)
Definition: sprintf.c:55
#define SECURITY_NATIVE_DREP
Definition: sspi.h:459
CtxtHandle ctxt
Definition: negotiate.c:60
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static void test_cred_multiple_use(void)
Definition: ntlm.c:1401
#define SECPKG_ATTR_SIZES
Definition: sspi.h:507
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep)
Definition: ntlm.c:417
static SECURITY_STATUS runFakeServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
Definition: ntlm.c:543
DWORD void * pv
Definition: msvc.h:87
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryA(LPCSTR lpLibFileName)
Definition: loader.c:111
static SEC_WCHAR void void CredHandle TimeStamp *static PCtxtHandle
Definition: ntlm.c:70
#define SECPKG_CRED_INBOUND
Definition: sspi.h:276
unsigned char BOOLEAN
#define SECBUFFER_READONLY_WITH_CHECKSUM
Definition: sspi.h:163
smooth NULL
Definition: ftsmooth.c:416
#define SEC_E_ILLEGAL_MESSAGE
Definition: winerror.h:2943
#define SEC_I_COMPLETE_NEEDED
Definition: winerror.h:2928
static BYTE crypt_trailer_server2[]
Definition: ntlm.c:169
unsigned char * Password
Definition: rpcdce.h:238
#define SEC_E_TARGET_UNKNOWN
Definition: winerror.h:2912
#define SECPKG_ATTR_NEGOTIATION_INFO
Definition: sspi.h:519
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
#define SEC_E_CANNOT_INSTALL
Definition: winerror.h:2916
LONG SECURITY_STATUS
Definition: sspi.h:34
ULONG max_token
Definition: negotiate.c:64
#define ISC_REQ_INTEGRITY
Definition: sspi.h:364
#define ok(value,...)
Definition: CComObject.cpp:34
#define SEC_ENTRY
Definition: stubs.c:6
static PSecPkgInfoA *static SEC_CHAR ULONG
Definition: ntlm.c:66
#define SEC_E_CANNOT_PACK
Definition: winerror.h:2918
Definition: dhcpd.h:135
static SECURITY_STATUS setupBuffers(SspiData *sspi_data, SecPkgInfoA *sec_pkg_info)
Definition: ntlm.c:244
#define FreeLibrary(x)
Definition: compat.h:405
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
PVOID *typedef PSecBuffer
Definition: ntsecpkg.h:400
static BYTE crypt_trailer_client2[]
Definition: ntlm.c:153
CredHandle cred
Definition: negotiate.c:59
static BYTE crypt_message_client2[]
Definition: ntlm.c:157
static void testInitializeSecurityContextFlags(void)
Definition: ntlm.c:596
#define SEC_WINNT_AUTH_IDENTITY_UNICODE
Definition: rpcdce.h:310
unsigned int UINT
Definition: ndis.h:50
static BYTE crypt_message_server2[]
Definition: ntlm.c:173
static FILE * client
Definition: client.c:41
static BOOLEAN(WINAPI *pGetUserNameExA)(EXTENDED_NAME_FORMAT
Definition: cookie.c:170
static void cleanupBuffers(SspiData *sspi_data)
Definition: ntlm.c:312
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
static DWORD pi
Definition: protocol.c:150
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)
Definition: ntlm.c:368
static BYTE message_signature[]
Definition: ntlm.c:133
int ret
#define SEC_E_QOP_NOT_SUPPORTED
Definition: winerror.h:2919
__u8 attr
Definition: mkdosfs.c:359
CredHandle cred
Definition: ntlm.c:91
ULONG cbSecurityTrailer
Definition: sspi.h:550
SECURITY_STATUS WINAPI QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: wrapper.c:505
#define SECBUFFER_TOKEN
Definition: sspi.h:147
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
unsigned char BYTE
Definition: mem.h:68
ULONG BufferType
Definition: sspi.h:140
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:357
#define SECURITY_NETWORK_DREP
Definition: sspi.h:460
#define SEC_E_OK
Definition: winerror.h:2356
#define WINAPI
Definition: msvc.h:20
static HMODULE secdll
Definition: ntlm.c:62
#define SEC_WINNT_AUTH_IDENTITY_ANSI
Definition: rpcdce.h:309
#define ISC_REQ_CONNECTION
Definition: sspi.h:359
PSecBufferDesc in_buf
Definition: negotiate.c:61
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
static void testAcquireCredentialsHandleW(void)
Definition: ntlm.c:1311
static BYTE crypt_trailer_client[]
Definition: ntlm.c:145
static PSecurityFunctionTableA(SEC_ENTRY *pInitSecurityInterfaceA)(void)
#define SECBUFFER_VERSION
Definition: sspi.h:173
PSEC_WINNT_AUTH_IDENTITY_A id
Definition: negotiate.c:63
ULONG cbMaxToken
Definition: sspi.h:547
ULONG cbBuffer
Definition: sspi.h:139
static void test_null_auth_data(void)
Definition: ntlm.c:1462
static PSecPkgInfoA *static SEC_CHAR PLUID
Definition: ntlm.c:66
#define _SEC_ERR(x)
#define skip(...)
Definition: CString.cpp:57
static char message_header[]
Definition: ntlm.c:143
CHAR SEC_CHAR
Definition: sspi.h:30
#define SECPKG_FLAG_APPCONTAINER_CHECKS
Definition: sspi.h:136
START_TEST(ntlm)
Definition: ntlm.c:1511
static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
Definition: ntlm.c:517
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:349
static char workgroup[]
Definition: ntlm.c:178
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
static PSecPkgInfoA *static SEC_CHAR PCredHandle
Definition: ntlm.c:66
static PSecPkgInfoA *static SEC_CHAR PVOID
Definition: ntlm.c:66
unsigned int ULONG
Definition: retypes.h:1
GLenum GLuint id
Definition: glext.h:5579
PSecBufferDesc in_buf
Definition: ntlm.c:93
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:352
CtxtHandle ctxt
Definition: ntlm.c:92
char * cleanup(char *str)
Definition: wpickclick.c:99
#define GetProcAddress(x, y)
Definition: compat.h:410
#define SEC_E_NO_CREDENTIALS
Definition: winerror.h:2923
Definition: ntlm.c:90
#define SEC_E_NO_IMPERSONATION
Definition: winerror.h:2920
static void testAuth(ULONG data_rep, BOOL fake)
Definition: ntlm.c:813
static void testSignSeal(void)
Definition: ntlm.c:977
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:350
unsigned char * Domain
Definition: rpcdce.h:236
struct _SspiData SspiData
CardRegion * from
Definition: spigame.cpp:19
ULONG cBuffers
Definition: sspi.h:168
#define memset(x, y, z)
Definition: compat.h:39
static SERVICE_STATUS status
Definition: service.c:31
#define win_skip
Definition: test.h:141
BYTE * PBYTE
Definition: pedump.c:66
void user(int argc, const char *argv[])
Definition: cmds.c:1350
static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)
Definition: ntlm.c:397
#define HeapFree(x, y, z)
Definition: compat.h:394
unsigned char * User
Definition: rpcdce.h:234
BOOL expected
Definition: store.c:2063
static QUERY_CONTEXT_ATTRIBUTES_FN_A pQueryContextAttributesA
Definition: schannel.c:32
#define NTLM_BASE_CAPS
Definition: ntlm.c:51
#define printf
Definition: config.h:203
#define SEC_I_COMPLETE_AND_CONTINUE
Definition: winerror.h:2929
ULONG cbMaxToken
Definition: sspi.h:94
static SEC_WCHAR void void CredHandle TimeStamp *static SEC_CHAR PULONG
Definition: ntlm.c:70
static char test_pass[]
Definition: ntlm.c:179
Definition: ps.c:97