search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
secur32: Use skip for skipped tests, reduce indentation.
[wine/hacks.git] / dlls / secur32 / tests / ntlm.c
blob6d968743572e98c2e4fecc2b14668f3f91594d4c
1 /*
2 * Tests for the NTLM security provider
3 *
4 * Copyright 2005, 2006 Kai Blin
5 * Copyright 2006 Dmitry Timoshkov
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 *
21 * The code that tests for the behaviour of ISC_REQ_ALLOCATE_MEMORY is based
22 * on code written by Dmitry Timoshkov.
23
24 */
25
26 #include <stdarg.h>
27 #include <stdio.h>
28 #include <assert.h>
29 #include <windef.h>
30 #include <winbase.h>
31 #define SECURITY_WIN32
32 #include <sspi.h>
33 #include <rpc.h>
34 #include <rpcdce.h>
35
36 #include "wine/test.h"
37
38 static HMODULE secdll;
39 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
40 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
41 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
42 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
43 ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
44 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
45 SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG,
46 PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
47 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
48 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
49 PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc,
50 PULONG, PTimeStamp);
51 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
52 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
53 static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID);
54 static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG,
55 PSecBufferDesc, ULONG);
56 static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc,
57 ULONG, PULONG);
58 static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG,
59 PSecBufferDesc, ULONG);
60 static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc,
61 ULONG, PULONG);
62
63 typedef struct _SspiData {
64 PCredHandle cred;
65 PCtxtHandle ctxt;
66 PSecBufferDesc in_buf;
67 PSecBufferDesc out_buf;
68 PSEC_WINNT_AUTH_IDENTITY id;
69 ULONG max_token;
70 } SspiData;
71
72 static BYTE network_challenge[] =
73 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
74 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
75 0x05, 0x82, 0x82, 0xa0, 0xe9, 0x58, 0x7f, 0x14, 0xa2, 0x86,
76 0x3b, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
78 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
79 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
80 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
81 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
82 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
83 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
84 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
85 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
86 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
87 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
88
89 static BYTE native_challenge[] =
90 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
91 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
92 0x05, 0x82, 0x82, 0xa0, 0xb5, 0x60, 0x8e, 0x95, 0xb5, 0x3c,
93 0xee, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
95 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
96 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
97 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
98 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
99 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
100 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
101 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
102 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
103 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
104 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
105
106 static BYTE message_signature[] =
107 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
109
110 static BYTE message_binary[] =
111 {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
112 0x6c, 0x64, 0x21};
113
114 static char message[] = "Hello, world!";
115
116 static char message_header[] = "Header Test";
117
118 static BYTE crypt_trailer_client[] =
119 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7,
120 0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};
121
122 static BYTE crypt_message_client[] =
123 {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15,
124 0xa0, 0x31, 0xd9};
125
126 static BYTE crypt_trailer_client2[] =
127 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7,
128 0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4};
129
130 static BYTE crypt_message_client2[] =
131 {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc,
132 0xe1, 0xfa, 0xfe};
133
134 static BYTE crypt_trailer_server[] =
135 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46,
136 0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e};
137
138 static BYTE crypt_message_server[] =
139 {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0,
140 0x29, 0x66, 0xfd};
141
142 static BYTE crypt_trailer_server2[] =
143 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e,
144 0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3};
145
146 static BYTE crypt_message_server2[] =
147 {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c,
148 0x8b, 0x5f, 0x82};
149
150 static void InitFunctionPtrs(void)
151 {
152 secdll = LoadLibraryA("secur32.dll");
153 if(!secdll)
154 secdll = LoadLibraryA("security.dll");
155 if(secdll)
156 {
157 pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
158 pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
159 pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
160 pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
161 pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
162 pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
163 pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
164 pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
165 pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
166 pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA");
167 pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature");
168 pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature");
169 pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage");
170 pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage");
171 }
172 }
173
174 static const char* getSecError(SECURITY_STATUS status)
175 {
176 static char buf[20];
177
178 #define _SEC_ERR(x) case (x): return #x;
179 switch(status)
180 {
181 _SEC_ERR(SEC_E_OK);
182 _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
183 _SEC_ERR(SEC_E_INVALID_HANDLE);
184 _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
185 _SEC_ERR(SEC_E_TARGET_UNKNOWN);
186 _SEC_ERR(SEC_E_INTERNAL_ERROR);
187 _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
188 _SEC_ERR(SEC_E_NOT_OWNER);
189 _SEC_ERR(SEC_E_CANNOT_INSTALL);
190 _SEC_ERR(SEC_E_INVALID_TOKEN);
191 _SEC_ERR(SEC_E_CANNOT_PACK);
192 _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
193 _SEC_ERR(SEC_E_NO_IMPERSONATION);
194 _SEC_ERR(SEC_I_CONTINUE_NEEDED);
195 _SEC_ERR(SEC_E_BUFFER_TOO_SMALL);
196 _SEC_ERR(SEC_E_ILLEGAL_MESSAGE);
197 _SEC_ERR(SEC_E_LOGON_DENIED);
198 _SEC_ERR(SEC_E_NO_CREDENTIALS);
199 _SEC_ERR(SEC_E_OUT_OF_SEQUENCE);
200 _SEC_ERR(SEC_E_MESSAGE_ALTERED);
201 default:
202 sprintf(buf, "%08x\n", status);
203 return buf;
204 }
205 #undef _SEC_ERR
206 }
207
208 /**********************************************************************/
209
210 static SECURITY_STATUS setupBuffers(SspiData *sspi_data, SecPkgInfoA *sec_pkg_info)
211 {
212
213 sspi_data->in_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
214 sspi_data->out_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
215 sspi_data->max_token = sec_pkg_info->cbMaxToken;
216
217 if(sspi_data->in_buf != NULL)
218 {
219 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
220 sizeof(SecBuffer));
221 if(sec_buffer == NULL){
222 trace("in_buf: sec_buffer == NULL\n");
223 return SEC_E_INSUFFICIENT_MEMORY;
224 }
225
226 sspi_data->in_buf->ulVersion = SECBUFFER_VERSION;
227 sspi_data->in_buf->cBuffers = 1;
228 sspi_data->in_buf->pBuffers = sec_buffer;
229
230 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
231 sec_buffer->BufferType = SECBUFFER_TOKEN;
232 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
233 sec_pkg_info->cbMaxToken)) == NULL)
234 {
235 trace("in_buf: sec_buffer->pvBuffer == NULL\n");
236 return SEC_E_INSUFFICIENT_MEMORY;
237 }
238 }
239 else
240 {
241 trace("HeapAlloc in_buf returned NULL\n");
242 return SEC_E_INSUFFICIENT_MEMORY;
243 }
244
245 if(sspi_data->out_buf != NULL)
246 {
247 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
248 sizeof(SecBuffer));
249
250 if(sec_buffer == NULL){
251 trace("out_buf: sec_buffer == NULL\n");
252 return SEC_E_INSUFFICIENT_MEMORY;
253 }
254
255 sspi_data->out_buf->ulVersion = SECBUFFER_VERSION;
256 sspi_data->out_buf->cBuffers = 1;
257 sspi_data->out_buf->pBuffers = sec_buffer;
258
259 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
260 sec_buffer->BufferType = SECBUFFER_TOKEN;
261 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
262 sec_pkg_info->cbMaxToken)) == NULL){
263 trace("out_buf: sec_buffer->pvBuffer == NULL\n");
264 return SEC_E_INSUFFICIENT_MEMORY;
265 }
266 }
267 else
268 {
269 trace("HeapAlloc out_buf returned NULL\n");
270 return SEC_E_INSUFFICIENT_MEMORY;
271 }
272
273 return SEC_E_OK;
274 }
275
276 /**********************************************************************/
277
278 static void cleanupBuffers(SspiData *sspi_data)
279 {
280 ULONG i;
281
282 if(sspi_data->in_buf != NULL)
283 {
284 for(i = 0; i < sspi_data->in_buf->cBuffers; ++i)
285 {
286 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers[i].pvBuffer);
287 }
288 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers);
289 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf);
290 }
291
292 if(sspi_data->out_buf != NULL)
293 {
294 for(i = 0; i < sspi_data->out_buf->cBuffers; ++i)
295 {
296 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers[i].pvBuffer);
297 }
298 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers);
299 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf);
300 }
301 }
302
303 /**********************************************************************/
304
305 static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider)
306 {
307 SECURITY_STATUS ret;
308 TimeStamp ttl;
309 SecPkgInfoA *sec_pkg_info;
310
311 trace("Running setupClient\n");
312
313 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
314 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
315
316 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
317
318 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
319
320 setupBuffers(sspi_data, sec_pkg_info);
321
322 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
323 NULL, sspi_data->id, NULL, NULL, sspi_data->cred, &ttl))
324 != SEC_E_OK)
325 {
326 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
327 }
328
329 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
330 getSecError(ret));
331
332 return ret;
333 }
334 /**********************************************************************/
335
336 static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)
337 {
338 SECURITY_STATUS ret;
339 TimeStamp ttl;
340 SecPkgInfoA *sec_pkg_info;
341
342 trace("Running setupServer\n");
343
344 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
345 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
346
347 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
348
349 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
350
351 setupBuffers(sspi_data, sec_pkg_info);
352
353 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
354 NULL, NULL, NULL, NULL, sspi_data->cred, &ttl)) != SEC_E_OK)
355 {
356 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
357 }
358
359 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
360 getSecError(ret));
361
362 return ret;
363 }
364
365 /**********************************************************************/
366
367 static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)
368 {
369 SECURITY_STATUS ret;
370 SecPkgInfoA *sec_pkg_info;
371
372 trace("Running setupFakeServer\n");
373
374 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
375 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
376
377 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
378
379 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
380
381 ret = setupBuffers(sspi_data, sec_pkg_info);
382
383 return ret;
384 }
385
386
387 /**********************************************************************/
388
389 static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep)
390 {
391 SECURITY_STATUS ret;
392 ULONG req_attr = 0;
393 ULONG ctxt_attr;
394 TimeStamp ttl;
395 PSecBufferDesc in_buf = sspi_data->in_buf;
396 PSecBufferDesc out_buf = sspi_data->out_buf;
397
398 assert(in_buf->cBuffers >= 1);
399 assert(in_buf->pBuffers[0].pvBuffer != NULL);
400 assert(in_buf->pBuffers[0].cbBuffer != 0);
401
402 assert(out_buf->cBuffers >= 1);
403 assert(out_buf->pBuffers[0].pvBuffer != NULL);
404 assert(out_buf->pBuffers[0].cbBuffer != 0);
405
406 trace("Running the client the %s time.\n", first?"first":"second");
407
408 /* We can either use ISC_REQ_ALLOCATE_MEMORY flag to ask the provider
409 * always allocate output buffers for us, or initialize cbBuffer
410 * before each call because the API changes it to represent actual
411 * amount of data in the buffer.
412 */
413
414 /* test a failing call only the first time, otherwise we get
415 * SEC_E_OUT_OF_SEQUENCE
416 */
417 if (first)
418 {
419 void *old_buf;
420
421 /* pass NULL as an output buffer */
422 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
423 0, data_rep, NULL, 0, sspi_data->ctxt, NULL,
424 &ctxt_attr, &ttl);
425
426 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
427
428 /* pass NULL as an output buffer */
429 old_buf = out_buf->pBuffers[0].pvBuffer;
430 out_buf->pBuffers[0].pvBuffer = NULL;
431
432 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
433 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
434 &ctxt_attr, &ttl);
435
436 ok(ret == SEC_E_INTERNAL_ERROR, "expected SEC_E_INTERNAL_ERROR, got %s\n", getSecError(ret));
437
438 out_buf->pBuffers[0].pvBuffer = old_buf;
439
440 /* pass an output buffer of 0 size */
441 out_buf->pBuffers[0].cbBuffer = 0;
442
443 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
444 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
445 &ctxt_attr, &ttl);
446
447 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
448
449 ok(out_buf->pBuffers[0].cbBuffer == 0,
450 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
451 }
452
453 out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
454
455 ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr,
456 0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
457 &ctxt_attr, &ttl);
458
459 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
460 {
461 pCompleteAuthToken(sspi_data->ctxt, out_buf);
462 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
463 ret = SEC_I_CONTINUE_NEEDED;
464 else if(ret == SEC_I_COMPLETE_NEEDED)
465 ret = SEC_E_OK;
466 }
467
468 ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
469 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
470
471 return ret;
472 }
473
474 /**********************************************************************/
475
476 static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
477 {
478 SECURITY_STATUS ret;
479 ULONG ctxt_attr;
480 TimeStamp ttl;
481
482 trace("Running the server the %s time\n", first?"first":"second");
483
484 ret = pAcceptSecurityContext(sspi_data->cred, first?NULL:sspi_data->ctxt,
485 sspi_data->in_buf, 0, data_rep, sspi_data->ctxt,
486 sspi_data->out_buf, &ctxt_attr, &ttl);
487
488 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
489 {
490 pCompleteAuthToken(sspi_data->ctxt, sspi_data->out_buf);
491 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
492 ret = SEC_I_CONTINUE_NEEDED;
493 else if(ret == SEC_I_COMPLETE_NEEDED)
494 ret = SEC_E_OK;
495 }
496
497 return ret;
498 }
499
500 /**********************************************************************/
501
502 static SECURITY_STATUS runFakeServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
503 {
504 trace("Running the fake server the %s time\n", first?"first":"second");
505
506 if(!first)
507 {
508 sspi_data->out_buf->pBuffers[0].cbBuffer = 0;
509 return SEC_E_OK;
510 }
511
512 if(data_rep == SECURITY_NATIVE_DREP)
513 {
514 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(native_challenge);
515 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, native_challenge,
516 sspi_data->out_buf->pBuffers[0].cbBuffer);
517 }
518 else
519 {
520 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(network_challenge);
521 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, network_challenge,
522 sspi_data->out_buf->pBuffers[0].cbBuffer);
523 }
524
525 return SEC_I_CONTINUE_NEEDED;
526 }
527
528 /**********************************************************************/
529
530 static void communicate(SspiData *from, SspiData *to)
531 {
532 if(from->out_buf != NULL && to->in_buf != NULL)
533 {
534 trace("Running communicate.\n");
535 if((from->out_buf->cBuffers >= 1) && (to->in_buf->cBuffers >= 1))
536 {
537 if((from->out_buf->pBuffers[0].pvBuffer != NULL) &&
538 (to->in_buf->pBuffers[0].pvBuffer != NULL))
539 {
540 memset(to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token);
541
542 memcpy(to->in_buf->pBuffers[0].pvBuffer,
543 from->out_buf->pBuffers[0].pvBuffer,
544 from->out_buf->pBuffers[0].cbBuffer);
545
546 to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
547
548 memset(from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token);
549 }
550 }
551 }
552 }
553
554 /**********************************************************************/
555 static void testInitializeSecurityContextFlags()
556 {
557 SECURITY_STATUS sec_status;
558 PSecPkgInfo pkg_info = NULL;
559 SspiData client;
560 SEC_WINNT_AUTH_IDENTITY id;
561 static char sec_pkg_name[] = "NTLM",
562 test_user[] = "testuser",
563 workgroup[] = "WORKGROUP",
564 test_pass[] = "testpass";
565 ULONG req_attr, ctxt_attr;
566 TimeStamp ttl;
567 PBYTE packet;
568
569 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
570 {
571 skip("Package not installed, skipping test!\n");
572 return;
573 }
574
575 pFreeContextBuffer(pkg_info);
576 id.User = (unsigned char*) test_user;
577 id.UserLength = strlen((char *) id.User);
578 id.Domain = (unsigned char *) workgroup;
579 id.DomainLength = strlen((char *) id.Domain);
580 id.Password = (unsigned char*) test_pass;
581 id.PasswordLength = strlen((char *) id.Password);
582 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
583
584 client.id = &id;
585
586 if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK)
587 {
588 skip("Setting up the client returned %s, skipping test!\n",
589 getSecError(sec_status));
590 return;
591 }
592
593 packet = client.out_buf->pBuffers[0].pvBuffer;
594
595 /* Due to how the requesting of the flags is implemented in ntlm_auth,
596 * the tests need to be in this order, as there is no way to specify
597 * "I request no special features" in ntlm_auth */
598
599 /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/
600 req_attr = 0;
601
602 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
603 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
604 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
605 {
606 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
607 getSecError(sec_status));
608 goto tISCFend;
609 }
610
611 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
612 "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n",
613 packet[15], packet[14], packet[13], packet[12]);
614
615 /* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/
616 req_attr = ISC_REQ_CONNECTION;
617
618 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
619 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
620 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
621 {
622 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
623 getSecError(sec_status));
624 goto tISCFend;
625 }
626
627 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
628 "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n",
629 packet[15], packet[14], packet[13], packet[12]);
630
631 /* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/
632 req_attr = ISC_REQ_EXTENDED_ERROR;
633
634 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
635 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
636 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
637 {
638 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
639 getSecError(sec_status));
640 goto tISCFend;
641 }
642
643 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
644 "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n",
645 packet[15], packet[14], packet[13], packet[12]);
646
647 /* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/
648 req_attr = ISC_REQ_MUTUAL_AUTH;
649
650 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
651 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
652 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
653 {
654 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
655 getSecError(sec_status));
656 goto tISCFend;
657 }
658
659 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
660 "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n",
661 packet[15], packet[14], packet[13], packet[12]);
662
663 /* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/
664 req_attr = ISC_REQ_USE_DCE_STYLE;
665
666 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
667 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
668 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
669 {
670 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
671 getSecError(sec_status));
672 goto tISCFend;
673 }
674
675 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
676 "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n",
677 packet[15], packet[14], packet[13], packet[12]);
678
679 /* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/
680 req_attr = ISC_REQ_DELEGATE;
681
682 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
683 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
684 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
685 {
686 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
687 getSecError(sec_status));
688 goto tISCFend;
689 }
690
691 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
692 "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n",
693 packet[15], packet[14], packet[13], packet[12]);
694
695 /* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */
696 req_attr = ISC_REQ_INTEGRITY;
697
698 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
699 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
700 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
701 {
702 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
703 getSecError(sec_status));
704 goto tISCFend;
705 }
706
707 ok((packet[12] & 0x10) != 0,
708 "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n",
709 packet[15], packet[14], packet[13], packet[12]);
710
711 /* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */
712 req_attr = ISC_REQ_REPLAY_DETECT;
713
714 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
715 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
716 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
717 {
718 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
719 getSecError(sec_status));
720 goto tISCFend;
721 }
722
723 ok((packet[12] & 0x10) != 0,
724 "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n",
725 packet[15], packet[14], packet[13], packet[12]);
726
727 /* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */
728 req_attr = ISC_REQ_SEQUENCE_DETECT;
729
730 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
731 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
732 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
733 {
734 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
735 getSecError(sec_status));
736 goto tISCFend;
737 }
738
739 ok((packet[12] & 0x10) != 0,
740 "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n",
741 packet[15], packet[14], packet[13], packet[12]);
742
743 /* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */
744 req_attr = ISC_REQ_CONFIDENTIALITY;
745
746 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
747 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
748 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
749 {
750 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
751 getSecError(sec_status));
752 goto tISCFend;
753 }
754
755 ok((packet[12] & 0x20) != 0,
756 "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n",
757 packet[15], packet[14], packet[13], packet[12]);
758
759 tISCFend:
760 cleanupBuffers(&client);
761 pFreeCredentialsHandle(client.cred);
762
763 }
764
765 /**********************************************************************/
766
767 static void testAuth(ULONG data_rep, BOOL fake)
768 {
769 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
770 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
771 SECURITY_STATUS sec_status;
772 PSecPkgInfo pkg_info = NULL;
773 BOOL first = TRUE;
774 SspiData client, server;
775 SEC_WINNT_AUTH_IDENTITY id;
776 SecPkgContext_Sizes ctxt_sizes;
777 static char sec_pkg_name[] = "NTLM",
778 test_user[] = "testuser",
779 workgroup[] = "WORKGROUP",
780 test_pass[] = "testpass";
781
782 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)!= SEC_E_OK)
783 {
784 skip("Package not installed, skipping test.\n");
785 return;
786 }
787
788 pFreeContextBuffer(pkg_info);
789 id.User = (unsigned char*) test_user;
790 id.UserLength = strlen((char *) id.User);
791 id.Domain = (unsigned char *) workgroup;
792 id.DomainLength = strlen((char *) id.Domain);
793 id.Password = (unsigned char*) test_pass;
794 id.PasswordLength = strlen((char *) id.Password);
795 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
796
797 client.id = &id;
798
799 sec_status = setupClient(&client, sec_pkg_name);
800
801 if(sec_status != SEC_E_OK)
802 {
803 skip("Error: Setting up the client returned %s, exiting test!\n",
804 getSecError(sec_status));
805 pFreeCredentialsHandle(client.cred);
806 return;
807 }
808
809 if(fake)
810 sec_status = setupFakeServer(&server, sec_pkg_name);
811 else
812 sec_status = setupServer(&server, sec_pkg_name);
813
814 if(sec_status != SEC_E_OK)
815 {
816 skip("Error: Setting up the server returned %s, exiting test!\n",
817 getSecError(sec_status));
818 pFreeCredentialsHandle(server.cred);
819 pFreeCredentialsHandle(client.cred);
820 return;
821 }
822
823 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
824 {
825 client_stat = runClient(&client, first, data_rep);
826
827 ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
828 "Running the client returned %s, more tests will fail.\n",
829 getSecError(client_stat));
830
831 communicate(&client, &server);
832
833 if(fake)
834 server_stat = runFakeServer(&server, first, data_rep);
835 else
836 server_stat = runServer(&server, first, data_rep);
837
838 ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED ||
839 server_stat == SEC_E_LOGON_DENIED,
840 "Running the server returned %s, more tests will fail from now.\n",
841 getSecError(server_stat));
842
843 communicate(&server, &client);
844 trace("Looping\n");
845 first = FALSE;
846 }
847
848 if(client_stat != SEC_E_OK)
849 {
850 skip("Authentication failed, skipping test.\n");
851 goto tAuthend;
852 }
853
854 sec_status = pQueryContextAttributesA(client.ctxt,
855 SECPKG_ATTR_SIZES, &ctxt_sizes);
856
857 ok(sec_status == SEC_E_OK,
858 "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n",
859 getSecError(sec_status));
860 ok(ctxt_sizes.cbMaxToken == 1904,
861 "cbMaxToken should be 1904 but is %lu\n",
862 ctxt_sizes.cbMaxToken);
863 ok(ctxt_sizes.cbMaxSignature == 16,
864 "cbMaxSignature should be 16 but is %lu\n",
865 ctxt_sizes.cbMaxSignature);
866 ok(ctxt_sizes.cbSecurityTrailer == 16,
867 "cbSecurityTrailer should be 16 but is %lu\n",
868 ctxt_sizes.cbSecurityTrailer);
869 ok(ctxt_sizes.cbBlockSize == 0,
870 "cbBlockSize should be 0 but is %lu\n",
871 ctxt_sizes.cbBlockSize);
872
873 tAuthend:
874 cleanupBuffers(&client);
875 cleanupBuffers(&server);
876
877 if(!fake)
878 {
879 sec_status = pDeleteSecurityContext(server.ctxt);
880 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
881 getSecError(sec_status));
882 }
883
884 sec_status = pDeleteSecurityContext(client.ctxt);
885 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
886 getSecError(sec_status));
887
888 if(!fake)
889 {
890 sec_status = pFreeCredentialsHandle(server.cred);
891 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
892 getSecError(sec_status));
893 }
894
895 sec_status = pFreeCredentialsHandle(client.cred);
896 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
897 getSecError(sec_status));
898 }
899
900 static void testSignSeal()
901 {
902 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
903 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
904 SECURITY_STATUS sec_status;
905 PSecPkgInfo pkg_info = NULL;
906 BOOL first = TRUE;
907 SspiData client, server;
908 SEC_WINNT_AUTH_IDENTITY id;
909 static char sec_pkg_name[] = "NTLM";
910 SecBufferDesc crypt;
911 SecBuffer data[2], fake_data[2], complex_data[4];
912 ULONG qop = 0;
913 SecPkgContext_Sizes ctxt_sizes;
914 static char test_user[] = "testuser",
915 workgroup[] = "WORKGROUP",
916 test_pass[] = "testpass";
917
918 /****************************************************************
919 * This is basically the same as in testAuth with a fake server,
920 * as we need a valid, authenticated context.
921 */
922 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
923 {
924 skip("Package not installed, skipping test.\n");
925 return;
926 }
927
928 pFreeContextBuffer(pkg_info);
929 id.User = (unsigned char*) test_user;
930 id.UserLength = strlen((char *) id.User);
931 id.Domain = (unsigned char *) workgroup;
932 id.DomainLength = strlen((char *) id.Domain);
933 id.Password = (unsigned char*) test_pass;
934 id.PasswordLength = strlen((char *) id.Password);
935 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
936
937 client.id = &id;
938
939 sec_status = setupClient(&client, sec_pkg_name);
940
941 if(sec_status != SEC_E_OK)
942 {
943 skip("Error: Setting up the client returned %s, exiting test!\n",
944 getSecError(sec_status));
945 pFreeCredentialsHandle(client.cred);
946 return;
947 }
948
949 sec_status = setupFakeServer(&server, sec_pkg_name);
950
951 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
952 {
953 client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);
954
955 communicate(&client, &server);
956
957 server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP);
958
959 communicate(&server, &client);
960 trace("Looping\n");
961 first = FALSE;
962 }
963
964 /********************************************
965 * Now start with the actual testing *
966 ********************************************/
967
968 if(pQueryContextAttributesA(client.ctxt, SECPKG_ATTR_SIZES,
969 &ctxt_sizes) != SEC_E_OK)
970 {
971 skip("Failed to get context sizes, aborting test.\n");
972 goto end;
973 }
974
975 crypt.ulVersion = SECBUFFER_VERSION;
976 crypt.cBuffers = 2;
977
978 crypt.pBuffers = fake_data;
979
980 fake_data[0].BufferType = SECBUFFER_DATA;
981 fake_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
982 fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
983
984 fake_data[1].BufferType = SECBUFFER_DATA;
985 fake_data[1].cbBuffer = lstrlen(message);
986 fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
987
988 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
989 ok(sec_status == SEC_E_INVALID_TOKEN,
990 "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n",
991 getSecError(sec_status));
992
993 crypt.pBuffers = data;
994
995 data[0].BufferType = SECBUFFER_TOKEN;
996 data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
997 data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
998
999 data[1].BufferType = SECBUFFER_DATA;
1000 data[1].cbBuffer = lstrlen(message);
1001 data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1002 memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
1003
1004 /* As we forced NTLM to fall back to a password-derived session key,
1005 * we should get the same signature for our data, no matter if
1006 * it is sent by the client or the server
1007 */
1008 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1009 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1010 getSecError(sec_status));
1011 ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature,
1012 crypt.pBuffers[0].cbBuffer), "Signature is not as expected.\n");
1013
1014 data[0].cbBuffer = sizeof(message_signature);
1015
1016 memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
1017
1018 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1019 ok(sec_status == SEC_E_MESSAGE_ALTERED,
1020 "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
1021 getSecError(sec_status));
1022
1023 memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
1024
1025 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1026 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
1027 getSecError(sec_status));
1028
1029 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1030 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1031 getSecError(sec_status));
1032
1033 ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
1034 crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
1035 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1036 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1037
1038 data[0].cbBuffer = sizeof(crypt_trailer_server);
1039 data[1].cbBuffer = sizeof(crypt_message_server);
1040 memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
1041 memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
1042
1043 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1044
1045 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1046 getSecError(sec_status));
1047 ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
1048 crypt.pBuffers[1].cbBuffer),
1049 "Failed to decrypt message correctly.\n");
1050
1051 trace("Testing with more than one buffer.\n");
1052
1053 crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
1054 crypt.pBuffers = complex_data;
1055
1056 complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1057 complex_data[0].cbBuffer = sizeof(message_header);
1058 complex_data[0].pvBuffer = message_header;
1059
1060 complex_data[1].BufferType = SECBUFFER_DATA;
1061 complex_data[1].cbBuffer = lstrlen(message);
1062 complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1063 memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
1064
1065 complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1066 complex_data[2].cbBuffer = sizeof(message_header);
1067 complex_data[2].pvBuffer = message_header;
1068
1069 complex_data[3].BufferType = SECBUFFER_TOKEN;
1070 complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1071 complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
1072
1073 /* We should get a dummy signature again. */
1074 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1075 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1076 getSecError(sec_status));
1077 ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
1078 crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
1079
1080 /* Being a dummy signature, it will verify right away, as if the server
1081 * sent it */
1082 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1083 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
1084 getSecError(sec_status));
1085
1086 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1087 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1088 getSecError(sec_status));
1089
1090 ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
1091 crypt.pBuffers[3].cbBuffer), "Crypt trailer not as expected.\n");
1092
1093 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1094 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1095
1096 memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
1097 memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
1098
1099 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1100 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1101 getSecError(sec_status));
1102
1103
1104 end:
1105 cleanupBuffers(&client);
1106 cleanupBuffers(&server);
1107
1108 pDeleteSecurityContext(client.ctxt);
1109 pFreeCredentialsHandle(client.cred);
1110
1111 HeapFree(GetProcessHeap(), 0, fake_data[0].pvBuffer);
1112 HeapFree(GetProcessHeap(), 0, fake_data[1].pvBuffer);
1113 HeapFree(GetProcessHeap(), 0, data[0].pvBuffer);
1114 HeapFree(GetProcessHeap(), 0, data[1].pvBuffer);
1115 HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer);
1116 HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
1117 }
1118
1119 START_TEST(ntlm)
1120 {
1121 InitFunctionPtrs();
1122
1123 if(pFreeCredentialsHandle && pDeleteSecurityContext &&
1124 pDeleteSecurityContext && pAcquireCredentialsHandleA &&
1125 pInitializeSecurityContextA && pCompleteAuthToken &&
1126 pQuerySecurityPackageInfoA)
1127 {
1128 testInitializeSecurityContextFlags();
1129 if(pAcceptSecurityContext)
1130 {
1131 testAuth(SECURITY_NATIVE_DREP, TRUE);
1132 testAuth(SECURITY_NETWORK_DREP, TRUE);
1133 testAuth(SECURITY_NATIVE_DREP, FALSE);
1134 testAuth(SECURITY_NETWORK_DREP, FALSE);
1135 }
1136 if(pMakeSignature && pVerifySignature && pEncryptMessage &&
1137 pDecryptMessage)
1138 testSignSeal();
1139 }
1140
1141 if(secdll)
1142 FreeLibrary(secdll);
1143 }
useful hacks and other patches not (yet) suitable for mainline