search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push 5b66f3b36e7323272378316c923222b908f6e2d3
[wine/hacks.git] / dlls / secur32 / tests / ntlm.c
blob4667ef0a2c60f97d7f49c878992c2944ca54a376
1 /*
2 * Tests for the NTLM security provider
3 *
4 * Copyright 2005, 2006 Kai Blin
5 * Copyright 2006 Dmitry Timoshkov
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 *
21 * The code that tests for the behaviour of ISC_REQ_ALLOCATE_MEMORY is based
22 * on code written by Dmitry Timoshkov.
23
24 */
25
26 #include <stdarg.h>
27 #include <stdio.h>
28 #include <assert.h>
29 #include <windef.h>
30 #include <winbase.h>
31 #define SECURITY_WIN32
32 #include <sspi.h>
33 #include <rpc.h>
34 #include <rpcdce.h>
35
36 #include "wine/test.h"
37
38 static HMODULE secdll;
39 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
40 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
41 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
42 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
43 ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
44 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
45 SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG,
46 PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
47 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
48 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
49 PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc,
50 PULONG, PTimeStamp);
51 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
52 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
53 static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID);
54 static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG,
55 PSecBufferDesc, ULONG);
56 static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc,
57 ULONG, PULONG);
58 static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG,
59 PSecBufferDesc, ULONG);
60 static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc,
61 ULONG, PULONG);
62
63 typedef struct _SspiData {
64 PCredHandle cred;
65 PCtxtHandle ctxt;
66 PSecBufferDesc in_buf;
67 PSecBufferDesc out_buf;
68 PSEC_WINNT_AUTH_IDENTITY id;
69 ULONG max_token;
70 } SspiData;
71
72 static BYTE network_challenge[] =
73 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
74 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
75 0x05, 0x82, 0x82, 0xa0, 0xe9, 0x58, 0x7f, 0x14, 0xa2, 0x86,
76 0x3b, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
78 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
79 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
80 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
81 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
82 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
83 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
84 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
85 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
86 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
87 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
88
89 static BYTE native_challenge[] =
90 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
91 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
92 0x05, 0x82, 0x82, 0xa0, 0xb5, 0x60, 0x8e, 0x95, 0xb5, 0x3c,
93 0xee, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
95 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
96 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
97 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
98 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
99 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
100 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
101 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
102 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
103 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
104 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
105
106 static BYTE message_signature[] =
107 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
109
110 static BYTE message_binary[] =
111 {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
112 0x6c, 0x64, 0x21};
113
114 static char message[] = "Hello, world!";
115
116 static char message_header[] = "Header Test";
117
118 static BYTE crypt_trailer_client[] =
119 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7,
120 0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};
121
122 static BYTE crypt_message_client[] =
123 {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15,
124 0xa0, 0x31, 0xd9};
125
126 static BYTE crypt_trailer_client2[] =
127 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7,
128 0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4};
129
130 static BYTE crypt_message_client2[] =
131 {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc,
132 0xe1, 0xfa, 0xfe};
133
134 static BYTE crypt_trailer_server[] =
135 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46,
136 0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e};
137
138 static BYTE crypt_message_server[] =
139 {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0,
140 0x29, 0x66, 0xfd};
141
142 static BYTE crypt_trailer_server2[] =
143 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e,
144 0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3};
145
146 static BYTE crypt_message_server2[] =
147 {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c,
148 0x8b, 0x5f, 0x82};
149
150 static void InitFunctionPtrs(void)
151 {
152 secdll = LoadLibraryA("secur32.dll");
153 if(!secdll)
154 secdll = LoadLibraryA("security.dll");
155 if(secdll)
156 {
157 pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
158 pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
159 pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
160 pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
161 pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
162 pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
163 pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
164 pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
165 pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
166 pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA");
167 pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature");
168 pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature");
169 pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage");
170 pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage");
171 }
172 }
173
174 static const char* getSecError(SECURITY_STATUS status)
175 {
176 static char buf[20];
177
178 #define _SEC_ERR(x) case (x): return #x;
179 switch(status)
180 {
181 _SEC_ERR(SEC_E_OK);
182 _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
183 _SEC_ERR(SEC_E_INVALID_HANDLE);
184 _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
185 _SEC_ERR(SEC_E_TARGET_UNKNOWN);
186 _SEC_ERR(SEC_E_INTERNAL_ERROR);
187 _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
188 _SEC_ERR(SEC_E_NOT_OWNER);
189 _SEC_ERR(SEC_E_CANNOT_INSTALL);
190 _SEC_ERR(SEC_E_INVALID_TOKEN);
191 _SEC_ERR(SEC_E_CANNOT_PACK);
192 _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
193 _SEC_ERR(SEC_E_NO_IMPERSONATION);
194 _SEC_ERR(SEC_I_CONTINUE_NEEDED);
195 _SEC_ERR(SEC_E_BUFFER_TOO_SMALL);
196 _SEC_ERR(SEC_E_ILLEGAL_MESSAGE);
197 _SEC_ERR(SEC_E_LOGON_DENIED);
198 _SEC_ERR(SEC_E_NO_CREDENTIALS);
199 _SEC_ERR(SEC_E_OUT_OF_SEQUENCE);
200 _SEC_ERR(SEC_E_MESSAGE_ALTERED);
201 default:
202 sprintf(buf, "%08x\n", status);
203 return buf;
204 }
205 #undef _SEC_ERR
206 }
207
208 /**********************************************************************/
209
210 static SECURITY_STATUS setupBuffers(SspiData *sspi_data, SecPkgInfoA *sec_pkg_info)
211 {
212
213 sspi_data->in_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
214 sspi_data->out_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
215 sspi_data->max_token = sec_pkg_info->cbMaxToken;
216
217 if(sspi_data->in_buf != NULL)
218 {
219 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
220 sizeof(SecBuffer));
221 if(sec_buffer == NULL){
222 trace("in_buf: sec_buffer == NULL\n");
223 return SEC_E_INSUFFICIENT_MEMORY;
224 }
225
226 sspi_data->in_buf->ulVersion = SECBUFFER_VERSION;
227 sspi_data->in_buf->cBuffers = 1;
228 sspi_data->in_buf->pBuffers = sec_buffer;
229
230 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
231 sec_buffer->BufferType = SECBUFFER_TOKEN;
232 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
233 sec_pkg_info->cbMaxToken)) == NULL)
234 {
235 trace("in_buf: sec_buffer->pvBuffer == NULL\n");
236 return SEC_E_INSUFFICIENT_MEMORY;
237 }
238 }
239 else
240 {
241 trace("HeapAlloc in_buf returned NULL\n");
242 return SEC_E_INSUFFICIENT_MEMORY;
243 }
244
245 if(sspi_data->out_buf != NULL)
246 {
247 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
248 sizeof(SecBuffer));
249
250 if(sec_buffer == NULL){
251 trace("out_buf: sec_buffer == NULL\n");
252 return SEC_E_INSUFFICIENT_MEMORY;
253 }
254
255 sspi_data->out_buf->ulVersion = SECBUFFER_VERSION;
256 sspi_data->out_buf->cBuffers = 1;
257 sspi_data->out_buf->pBuffers = sec_buffer;
258
259 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
260 sec_buffer->BufferType = SECBUFFER_TOKEN;
261 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
262 sec_pkg_info->cbMaxToken)) == NULL){
263 trace("out_buf: sec_buffer->pvBuffer == NULL\n");
264 return SEC_E_INSUFFICIENT_MEMORY;
265 }
266 }
267 else
268 {
269 trace("HeapAlloc out_buf returned NULL\n");
270 return SEC_E_INSUFFICIENT_MEMORY;
271 }
272
273 return SEC_E_OK;
274 }
275
276 /**********************************************************************/
277
278 static void cleanupBuffers(SspiData *sspi_data)
279 {
280 ULONG i;
281
282 if(sspi_data->in_buf != NULL)
283 {
284 for(i = 0; i < sspi_data->in_buf->cBuffers; ++i)
285 {
286 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers[i].pvBuffer);
287 }
288 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers);
289 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf);
290 }
291
292 if(sspi_data->out_buf != NULL)
293 {
294 for(i = 0; i < sspi_data->out_buf->cBuffers; ++i)
295 {
296 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers[i].pvBuffer);
297 }
298 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers);
299 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf);
300 }
301 }
302
303 /**********************************************************************/
304
305 static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider)
306 {
307 SECURITY_STATUS ret;
308 TimeStamp ttl;
309 SecPkgInfoA *sec_pkg_info;
310
311 trace("Running setupClient\n");
312
313 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
314 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
315
316 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
317
318 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
319
320 setupBuffers(sspi_data, sec_pkg_info);
321
322 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
323 NULL, sspi_data->id, NULL, NULL, sspi_data->cred, &ttl))
324 != SEC_E_OK)
325 {
326 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
327 }
328
329 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
330 getSecError(ret));
331
332 return ret;
333 }
334 /**********************************************************************/
335
336 static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)
337 {
338 SECURITY_STATUS ret;
339 TimeStamp ttl;
340 SecPkgInfoA *sec_pkg_info;
341
342 trace("Running setupServer\n");
343
344 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
345 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
346
347 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
348
349 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
350
351 setupBuffers(sspi_data, sec_pkg_info);
352
353 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
354 NULL, NULL, NULL, NULL, sspi_data->cred, &ttl)) != SEC_E_OK)
355 {
356 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
357 }
358
359 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
360 getSecError(ret));
361
362 return ret;
363 }
364
365 /**********************************************************************/
366
367 static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)
368 {
369 SECURITY_STATUS ret;
370 SecPkgInfoA *sec_pkg_info;
371
372 trace("Running setupFakeServer\n");
373
374 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
375 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
376
377 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
378
379 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
380
381 ret = setupBuffers(sspi_data, sec_pkg_info);
382
383 return ret;
384 }
385
386
387 /**********************************************************************/
388
389 static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep)
390 {
391 SECURITY_STATUS ret;
392 ULONG req_attr = 0;
393 ULONG ctxt_attr;
394 TimeStamp ttl;
395 PSecBufferDesc in_buf = sspi_data->in_buf;
396 PSecBufferDesc out_buf = sspi_data->out_buf;
397
398 assert(in_buf->cBuffers >= 1);
399 assert(in_buf->pBuffers[0].pvBuffer != NULL);
400 assert(in_buf->pBuffers[0].cbBuffer != 0);
401
402 assert(out_buf->cBuffers >= 1);
403 assert(out_buf->pBuffers[0].pvBuffer != NULL);
404 assert(out_buf->pBuffers[0].cbBuffer != 0);
405
406 trace("Running the client the %s time.\n", first?"first":"second");
407
408 /* We can either use ISC_REQ_ALLOCATE_MEMORY flag to ask the provider
409 * always allocate output buffers for us, or initialize cbBuffer
410 * before each call because the API changes it to represent actual
411 * amount of data in the buffer.
412 */
413
414 /* test a failing call only the first time, otherwise we get
415 * SEC_E_OUT_OF_SEQUENCE
416 */
417 if (first)
418 {
419 void *old_buf;
420
421 /* pass NULL as an output buffer */
422 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
423 0, data_rep, NULL, 0, sspi_data->ctxt, NULL,
424 &ctxt_attr, &ttl);
425
426 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
427
428 /* pass NULL as an output buffer */
429 old_buf = out_buf->pBuffers[0].pvBuffer;
430 out_buf->pBuffers[0].pvBuffer = NULL;
431
432 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
433 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
434 &ctxt_attr, &ttl);
435
436 ok(ret == SEC_E_INTERNAL_ERROR, "expected SEC_E_INTERNAL_ERROR, got %s\n", getSecError(ret));
437
438 out_buf->pBuffers[0].pvBuffer = old_buf;
439
440 /* pass an output buffer of 0 size */
441 out_buf->pBuffers[0].cbBuffer = 0;
442
443 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
444 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
445 &ctxt_attr, &ttl);
446
447 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
448
449 ok(out_buf->pBuffers[0].cbBuffer == 0,
450 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
451
452 out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
453 out_buf->pBuffers[0].BufferType = SECBUFFER_DATA;
454
455 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
456 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
457 &ctxt_attr, &ttl);
458
459 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
460 out_buf->pBuffers[0].BufferType = SECBUFFER_TOKEN;
461 }
462
463 out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
464
465 ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
466 0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
467 &ctxt_attr, &ttl);
468
469 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
470 {
471 pCompleteAuthToken(sspi_data->ctxt, out_buf);
472 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
473 ret = SEC_I_CONTINUE_NEEDED;
474 else if(ret == SEC_I_COMPLETE_NEEDED)
475 ret = SEC_E_OK;
476 }
477
478 ok(out_buf->pBuffers[0].BufferType == SECBUFFER_TOKEN,
479 "buffer type was changed from SECBUFFER_TOKEN to %ld\n", out_buf->pBuffers[0].BufferType);
480 ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
481 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
482
483 return ret;
484 }
485
486 /**********************************************************************/
487
488 static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
489 {
490 SECURITY_STATUS ret;
491 ULONG ctxt_attr;
492 TimeStamp ttl;
493
494 trace("Running the server the %s time\n", first?"first":"second");
495
496 ret = pAcceptSecurityContext(sspi_data->cred, first?NULL:sspi_data->ctxt,
497 sspi_data->in_buf, 0, data_rep, sspi_data->ctxt,
498 sspi_data->out_buf, &ctxt_attr, &ttl);
499
500 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
501 {
502 pCompleteAuthToken(sspi_data->ctxt, sspi_data->out_buf);
503 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
504 ret = SEC_I_CONTINUE_NEEDED;
505 else if(ret == SEC_I_COMPLETE_NEEDED)
506 ret = SEC_E_OK;
507 }
508
509 return ret;
510 }
511
512 /**********************************************************************/
513
514 static SECURITY_STATUS runFakeServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
515 {
516 trace("Running the fake server the %s time\n", first?"first":"second");
517
518 if(!first)
519 {
520 sspi_data->out_buf->pBuffers[0].cbBuffer = 0;
521 return SEC_E_OK;
522 }
523
524 if(data_rep == SECURITY_NATIVE_DREP)
525 {
526 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(native_challenge);
527 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, native_challenge,
528 sspi_data->out_buf->pBuffers[0].cbBuffer);
529 }
530 else
531 {
532 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(network_challenge);
533 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, network_challenge,
534 sspi_data->out_buf->pBuffers[0].cbBuffer);
535 }
536
537 return SEC_I_CONTINUE_NEEDED;
538 }
539
540 /**********************************************************************/
541
542 static void communicate(SspiData *from, SspiData *to)
543 {
544 if(from->out_buf != NULL && to->in_buf != NULL)
545 {
546 trace("Running communicate.\n");
547 if((from->out_buf->cBuffers >= 1) && (to->in_buf->cBuffers >= 1))
548 {
549 if((from->out_buf->pBuffers[0].pvBuffer != NULL) &&
550 (to->in_buf->pBuffers[0].pvBuffer != NULL))
551 {
552 memset(to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token);
553
554 memcpy(to->in_buf->pBuffers[0].pvBuffer,
555 from->out_buf->pBuffers[0].pvBuffer,
556 from->out_buf->pBuffers[0].cbBuffer);
557
558 to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
559
560 memset(from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token);
561 }
562 }
563 }
564 }
565
566 /**********************************************************************/
567 static void testInitializeSecurityContextFlags(void)
568 {
569 SECURITY_STATUS sec_status;
570 PSecPkgInfo pkg_info = NULL;
571 SspiData client;
572 SEC_WINNT_AUTH_IDENTITY id;
573 static char sec_pkg_name[] = "NTLM",
574 test_user[] = "testuser",
575 workgroup[] = "WORKGROUP",
576 test_pass[] = "testpass";
577 ULONG req_attr, ctxt_attr;
578 TimeStamp ttl;
579 PBYTE packet;
580
581 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
582 {
583 skip("Package not installed, skipping test!\n");
584 return;
585 }
586
587 pFreeContextBuffer(pkg_info);
588 id.User = (unsigned char*) test_user;
589 id.UserLength = strlen((char *) id.User);
590 id.Domain = (unsigned char *) workgroup;
591 id.DomainLength = strlen((char *) id.Domain);
592 id.Password = (unsigned char*) test_pass;
593 id.PasswordLength = strlen((char *) id.Password);
594 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
595
596 client.id = &id;
597
598 if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK)
599 {
600 skip("Setting up the client returned %s, skipping test!\n",
601 getSecError(sec_status));
602 return;
603 }
604
605 packet = client.out_buf->pBuffers[0].pvBuffer;
606
607 /* Due to how the requesting of the flags is implemented in ntlm_auth,
608 * the tests need to be in this order, as there is no way to specify
609 * "I request no special features" in ntlm_auth */
610
611 /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/
612 req_attr = 0;
613
614 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
615 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
616 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
617 {
618 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
619 getSecError(sec_status));
620 goto tISCFend;
621 }
622
623 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
624 "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n",
625 packet[15], packet[14], packet[13], packet[12]);
626
627 /* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/
628 req_attr = ISC_REQ_CONNECTION;
629
630 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
631 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
632 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
633 {
634 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
635 getSecError(sec_status));
636 goto tISCFend;
637 }
638
639 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
640 "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n",
641 packet[15], packet[14], packet[13], packet[12]);
642
643 /* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/
644 req_attr = ISC_REQ_EXTENDED_ERROR;
645
646 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
647 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
648 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
649 {
650 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
651 getSecError(sec_status));
652 goto tISCFend;
653 }
654
655 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
656 "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n",
657 packet[15], packet[14], packet[13], packet[12]);
658
659 /* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/
660 req_attr = ISC_REQ_MUTUAL_AUTH;
661
662 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
663 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
664 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
665 {
666 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
667 getSecError(sec_status));
668 goto tISCFend;
669 }
670
671 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
672 "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n",
673 packet[15], packet[14], packet[13], packet[12]);
674
675 /* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/
676 req_attr = ISC_REQ_USE_DCE_STYLE;
677
678 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
679 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
680 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
681 {
682 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
683 getSecError(sec_status));
684 goto tISCFend;
685 }
686
687 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
688 "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n",
689 packet[15], packet[14], packet[13], packet[12]);
690
691 /* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/
692 req_attr = ISC_REQ_DELEGATE;
693
694 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
695 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
696 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
697 {
698 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
699 getSecError(sec_status));
700 goto tISCFend;
701 }
702
703 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
704 "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n",
705 packet[15], packet[14], packet[13], packet[12]);
706
707 /* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */
708 req_attr = ISC_REQ_INTEGRITY;
709
710 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
711 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
712 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
713 {
714 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
715 getSecError(sec_status));
716 goto tISCFend;
717 }
718
719 ok((packet[12] & 0x10) != 0,
720 "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n",
721 packet[15], packet[14], packet[13], packet[12]);
722
723 /* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */
724 req_attr = ISC_REQ_REPLAY_DETECT;
725
726 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
727 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
728 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
729 {
730 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
731 getSecError(sec_status));
732 goto tISCFend;
733 }
734
735 ok((packet[12] & 0x10) != 0,
736 "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n",
737 packet[15], packet[14], packet[13], packet[12]);
738
739 /* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */
740 req_attr = ISC_REQ_SEQUENCE_DETECT;
741
742 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
743 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
744 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
745 {
746 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
747 getSecError(sec_status));
748 goto tISCFend;
749 }
750
751 ok((packet[12] & 0x10) != 0,
752 "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n",
753 packet[15], packet[14], packet[13], packet[12]);
754
755 /* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */
756 req_attr = ISC_REQ_CONFIDENTIALITY;
757
758 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
759 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
760 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
761 {
762 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
763 getSecError(sec_status));
764 goto tISCFend;
765 }
766
767 ok((packet[12] & 0x20) != 0,
768 "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n",
769 packet[15], packet[14], packet[13], packet[12]);
770
771 tISCFend:
772 cleanupBuffers(&client);
773 pFreeCredentialsHandle(client.cred);
774
775 }
776
777 /**********************************************************************/
778
779 static void testAuth(ULONG data_rep, BOOL fake)
780 {
781 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
782 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
783 SECURITY_STATUS sec_status;
784 PSecPkgInfo pkg_info = NULL;
785 BOOL first = TRUE;
786 SspiData client, server;
787 SEC_WINNT_AUTH_IDENTITY id;
788 SecPkgContext_Sizes ctxt_sizes;
789 static char sec_pkg_name[] = "NTLM",
790 test_user[] = "testuser",
791 workgroup[] = "WORKGROUP",
792 test_pass[] = "testpass";
793
794 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)!= SEC_E_OK)
795 {
796 skip("Package not installed, skipping test.\n");
797 return;
798 }
799
800 pFreeContextBuffer(pkg_info);
801 id.User = (unsigned char*) test_user;
802 id.UserLength = strlen((char *) id.User);
803 id.Domain = (unsigned char *) workgroup;
804 id.DomainLength = strlen((char *) id.Domain);
805 id.Password = (unsigned char*) test_pass;
806 id.PasswordLength = strlen((char *) id.Password);
807 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
808
809 client.id = &id;
810
811 sec_status = setupClient(&client, sec_pkg_name);
812
813 if(sec_status != SEC_E_OK)
814 {
815 skip("Error: Setting up the client returned %s, exiting test!\n",
816 getSecError(sec_status));
817 pFreeCredentialsHandle(client.cred);
818 return;
819 }
820
821 if(fake)
822 sec_status = setupFakeServer(&server, sec_pkg_name);
823 else
824 sec_status = setupServer(&server, sec_pkg_name);
825
826 if(sec_status != SEC_E_OK)
827 {
828 skip("Error: Setting up the server returned %s, exiting test!\n",
829 getSecError(sec_status));
830 pFreeCredentialsHandle(server.cred);
831 pFreeCredentialsHandle(client.cred);
832 return;
833 }
834
835 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
836 {
837 client_stat = runClient(&client, first, data_rep);
838
839 ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
840 "Running the client returned %s, more tests will fail.\n",
841 getSecError(client_stat));
842
843 communicate(&client, &server);
844
845 if(fake)
846 server_stat = runFakeServer(&server, first, data_rep);
847 else
848 server_stat = runServer(&server, first, data_rep);
849
850 ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED ||
851 server_stat == SEC_E_LOGON_DENIED,
852 "Running the server returned %s, more tests will fail from now.\n",
853 getSecError(server_stat));
854
855 communicate(&server, &client);
856 trace("Looping\n");
857 first = FALSE;
858 }
859
860 if(client_stat != SEC_E_OK)
861 {
862 skip("Authentication failed, skipping test.\n");
863 goto tAuthend;
864 }
865
866 sec_status = pQueryContextAttributesA(client.ctxt,
867 SECPKG_ATTR_SIZES, &ctxt_sizes);
868
869 ok(sec_status == SEC_E_OK,
870 "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n",
871 getSecError(sec_status));
872 ok((ctxt_sizes.cbMaxToken == 1904) || (ctxt_sizes.cbMaxToken == 2888),
873 "cbMaxToken should be 1904 or 2888 but is %lu\n",
874 ctxt_sizes.cbMaxToken);
875 ok(ctxt_sizes.cbMaxSignature == 16,
876 "cbMaxSignature should be 16 but is %lu\n",
877 ctxt_sizes.cbMaxSignature);
878 ok(ctxt_sizes.cbSecurityTrailer == 16,
879 "cbSecurityTrailer should be 16 but is %lu\n",
880 ctxt_sizes.cbSecurityTrailer);
881 ok(ctxt_sizes.cbBlockSize == 0,
882 "cbBlockSize should be 0 but is %lu\n",
883 ctxt_sizes.cbBlockSize);
884
885 tAuthend:
886 cleanupBuffers(&client);
887 cleanupBuffers(&server);
888
889 if(!fake)
890 {
891 sec_status = pDeleteSecurityContext(server.ctxt);
892 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
893 getSecError(sec_status));
894 }
895
896 sec_status = pDeleteSecurityContext(client.ctxt);
897 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
898 getSecError(sec_status));
899
900 if(!fake)
901 {
902 sec_status = pFreeCredentialsHandle(server.cred);
903 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
904 getSecError(sec_status));
905 }
906
907 sec_status = pFreeCredentialsHandle(client.cred);
908 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
909 getSecError(sec_status));
910 }
911
912 static void testSignSeal(void)
913 {
914 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
915 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
916 SECURITY_STATUS sec_status;
917 PSecPkgInfo pkg_info = NULL;
918 BOOL first = TRUE;
919 SspiData client, server;
920 SEC_WINNT_AUTH_IDENTITY id;
921 static char sec_pkg_name[] = "NTLM";
922 SecBufferDesc crypt;
923 SecBuffer data[2], fake_data[2], complex_data[4];
924 ULONG qop = 0;
925 SecPkgContext_Sizes ctxt_sizes;
926 static char test_user[] = "testuser",
927 workgroup[] = "WORKGROUP",
928 test_pass[] = "testpass";
929
930 complex_data[1].pvBuffer = complex_data[3].pvBuffer = NULL;
931
932 /****************************************************************
933 * This is basically the same as in testAuth with a fake server,
934 * as we need a valid, authenticated context.
935 */
936 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
937 {
938 skip("Package not installed, skipping test.\n");
939 return;
940 }
941
942 pFreeContextBuffer(pkg_info);
943 id.User = (unsigned char*) test_user;
944 id.UserLength = strlen((char *) id.User);
945 id.Domain = (unsigned char *) workgroup;
946 id.DomainLength = strlen((char *) id.Domain);
947 id.Password = (unsigned char*) test_pass;
948 id.PasswordLength = strlen((char *) id.Password);
949 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
950
951 client.id = &id;
952
953 sec_status = setupClient(&client, sec_pkg_name);
954
955 if(sec_status != SEC_E_OK)
956 {
957 skip("Error: Setting up the client returned %s, exiting test!\n",
958 getSecError(sec_status));
959 pFreeCredentialsHandle(client.cred);
960 return;
961 }
962
963 sec_status = setupFakeServer(&server, sec_pkg_name);
964
965 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
966 {
967 client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);
968
969 communicate(&client, &server);
970
971 server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP);
972
973 communicate(&server, &client);
974 trace("Looping\n");
975 first = FALSE;
976 }
977
978 /********************************************
979 * Now start with the actual testing *
980 ********************************************/
981
982 if(pQueryContextAttributesA(client.ctxt, SECPKG_ATTR_SIZES,
983 &ctxt_sizes) != SEC_E_OK)
984 {
985 skip("Failed to get context sizes, aborting test.\n");
986 goto end;
987 }
988
989 crypt.ulVersion = SECBUFFER_VERSION;
990 crypt.cBuffers = 2;
991
992 crypt.pBuffers = fake_data;
993
994 fake_data[0].BufferType = SECBUFFER_DATA;
995 fake_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
996 fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
997
998 fake_data[1].BufferType = SECBUFFER_DATA;
999 fake_data[1].cbBuffer = lstrlen(message);
1000 fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
1001
1002 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1003 ok(sec_status == SEC_E_INVALID_TOKEN,
1004 "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n",
1005 getSecError(sec_status));
1006
1007 crypt.pBuffers = data;
1008
1009 data[0].BufferType = SECBUFFER_TOKEN;
1010 data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1011 data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
1012
1013 data[1].BufferType = SECBUFFER_DATA;
1014 data[1].cbBuffer = lstrlen(message);
1015 data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1016 memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
1017
1018 /* As we forced NTLM to fall back to a password-derived session key,
1019 * we should get the same signature for our data, no matter if
1020 * it is sent by the client or the server
1021 */
1022 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1023 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1024 getSecError(sec_status));
1025 ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature,
1026 crypt.pBuffers[0].cbBuffer), "Signature is not as expected.\n");
1027
1028 data[0].cbBuffer = sizeof(message_signature);
1029
1030 memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
1031
1032 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1033 ok(sec_status == SEC_E_MESSAGE_ALTERED,
1034 "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
1035 getSecError(sec_status));
1036
1037 memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
1038
1039 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1040 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
1041 getSecError(sec_status));
1042
1043 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1044 if (sec_status == SEC_E_UNSUPPORTED_FUNCTION)
1045 {
1046 skip("Encrypt message returned SEC_E_UNSUPPORTED_FUNCTION. "
1047 "Expected on Vista.\n");
1048 goto end;
1049 }
1050 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1051 getSecError(sec_status));
1052
1053 ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
1054 crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
1055 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1056 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1057
1058 data[0].cbBuffer = sizeof(crypt_trailer_server);
1059 data[1].cbBuffer = sizeof(crypt_message_server);
1060 memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
1061 memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
1062
1063 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1064
1065 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1066 getSecError(sec_status));
1067 ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
1068 crypt.pBuffers[1].cbBuffer),
1069 "Failed to decrypt message correctly.\n");
1070
1071 trace("Testing with more than one buffer.\n");
1072
1073 crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
1074 crypt.pBuffers = complex_data;
1075
1076 complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1077 complex_data[0].cbBuffer = sizeof(message_header);
1078 complex_data[0].pvBuffer = message_header;
1079
1080 complex_data[1].BufferType = SECBUFFER_DATA;
1081 complex_data[1].cbBuffer = lstrlen(message);
1082 complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1083 memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
1084
1085 complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1086 complex_data[2].cbBuffer = sizeof(message_header);
1087 complex_data[2].pvBuffer = message_header;
1088
1089 complex_data[3].BufferType = SECBUFFER_TOKEN;
1090 complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1091 complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
1092
1093 /* We should get a dummy signature again. */
1094 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1095 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1096 getSecError(sec_status));
1097 ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
1098 crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
1099
1100 /* Being a dummy signature, it will verify right away, as if the server
1101 * sent it */
1102 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1103 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
1104 getSecError(sec_status));
1105
1106 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1107 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1108 getSecError(sec_status));
1109
1110 ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
1111 crypt.pBuffers[3].cbBuffer), "Crypt trailer not as expected.\n");
1112
1113 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1114 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1115
1116 memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
1117 memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
1118
1119 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1120 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1121 getSecError(sec_status));
1122
1123
1124 end:
1125 cleanupBuffers(&client);
1126 cleanupBuffers(&server);
1127
1128 pDeleteSecurityContext(client.ctxt);
1129 pFreeCredentialsHandle(client.cred);
1130
1131 HeapFree(GetProcessHeap(), 0, fake_data[0].pvBuffer);
1132 HeapFree(GetProcessHeap(), 0, fake_data[1].pvBuffer);
1133 HeapFree(GetProcessHeap(), 0, data[0].pvBuffer);
1134 HeapFree(GetProcessHeap(), 0, data[1].pvBuffer);
1135 HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer);
1136 HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
1137 }
1138
1139 static void testAcquireCredentialsHandle(void)
1140 {
1141 CredHandle cred;
1142 TimeStamp ttl;
1143 static char test_user[] = "testuser",
1144 workgroup[] = "WORKGROUP",
1145 test_pass[] = "testpass",
1146 sec_pkg_name[] = "NTLM";
1147 SECURITY_STATUS ret;
1148 SEC_WINNT_AUTH_IDENTITY id;
1149 PSecPkgInfo pkg_info = NULL;
1150
1151 if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1152 {
1153 skip("NTLM package not installed, skipping test\n");
1154 return;
1155 }
1156 pFreeContextBuffer(pkg_info);
1157
1158 id.User = (unsigned char*) test_user;
1159 id.UserLength = strlen((char *) id.User);
1160 id.Domain = (unsigned char *) workgroup;
1161 id.DomainLength = strlen((char *) id.Domain);
1162 id.Password = (unsigned char*) test_pass;
1163 id.PasswordLength = strlen((char *) id.Password);
1164 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1165
1166 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1167 NULL, &id, NULL, NULL, &cred, &ttl);
1168 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1169 getSecError(ret));
1170 pFreeCredentialsHandle(&cred);
1171
1172 id.DomainLength = 0;
1173 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1174 NULL, &id, NULL, NULL, &cred, &ttl);
1175 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1176 getSecError(ret));
1177 pFreeCredentialsHandle(&cred);
1178
1179 id.Domain = NULL;
1180 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1181 NULL, &id, NULL, NULL, &cred, &ttl);
1182 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1183 getSecError(ret));
1184 pFreeCredentialsHandle(&cred);
1185
1186 id.Domain = (unsigned char *) workgroup;
1187 id.DomainLength = strlen((char *) id.Domain);
1188 id.UserLength = 0;
1189 id.User = NULL;
1190 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1191 NULL, &id, NULL, NULL, &cred, &ttl);
1192 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1193 getSecError(ret));
1194 pFreeCredentialsHandle(&cred);
1195
1196 id.User = (unsigned char*) test_user;
1197 id.UserLength = strlen((char *) id.User);
1198 id.Password = NULL;
1199 id.PasswordLength = 0;
1200 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1201 NULL, &id, NULL, NULL, &cred, &ttl);
1202 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1203 getSecError(ret));
1204 pFreeCredentialsHandle(&cred);
1205 }
1206
1207 static void test_cred_multiple_use(void)
1208 {
1209 static char test_user[] = "testuser",
1210 workgroup[] = "WORKGROUP",
1211 test_pass[] = "testpass",
1212 sec_pkg_name[] = "NTLM";
1213 SECURITY_STATUS ret;
1214 SEC_WINNT_AUTH_IDENTITY id;
1215 PSecPkgInfo pkg_info = NULL;
1216 CredHandle cred;
1217 CtxtHandle ctxt1;
1218 CtxtHandle ctxt2;
1219 SecBufferDesc buffer_desc;
1220 SecBuffer buffers[1];
1221 ULONG ctxt_attr;
1222 TimeStamp ttl;
1223
1224 if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1225 {
1226 skip("NTLM package not installed, skipping test\n");
1227 return;
1228 }
1229 buffers[0].cbBuffer = pkg_info->cbMaxToken;
1230 buffers[0].BufferType = SECBUFFER_TOKEN;
1231 buffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, buffers[0].cbBuffer);
1232
1233 pFreeContextBuffer(pkg_info);
1234
1235 id.User = (unsigned char*) test_user;
1236 id.UserLength = strlen((char *) id.User);
1237 id.Domain = (unsigned char *) workgroup;
1238 id.DomainLength = strlen((char *) id.Domain);
1239 id.Password = (unsigned char*) test_pass;
1240 id.PasswordLength = strlen((char *) id.Password);
1241 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1242
1243 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1244 NULL, &id, NULL, NULL, &cred, &ttl);
1245 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1246 getSecError(ret));
1247
1248 buffer_desc.ulVersion = SECBUFFER_VERSION;
1249 buffer_desc.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
1250 buffer_desc.pBuffers = buffers;
1251
1252 ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION,
1253 0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt1, &buffer_desc,
1254 &ctxt_attr, &ttl);
1255 ok(ret == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed with error 0x%x\n", ret);
1256
1257 ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION,
1258 0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt2, &buffer_desc,
1259 &ctxt_attr, &ttl);
1260 ok(ret == SEC_I_CONTINUE_NEEDED, "Second InitializeSecurityContextA on cred handle failed with error 0x%x\n", ret);
1261
1262 ret = pDeleteSecurityContext(&ctxt1);
1263 ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret);
1264 ret = pDeleteSecurityContext(&ctxt2);
1265 ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret);
1266 ret = pFreeCredentialsHandle(&cred);
1267 ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%x\n", ret);
1268 }
1269
1270 START_TEST(ntlm)
1271 {
1272 InitFunctionPtrs();
1273
1274 if(pFreeCredentialsHandle && pDeleteSecurityContext &&
1275 pDeleteSecurityContext && pAcquireCredentialsHandleA &&
1276 pInitializeSecurityContextA && pCompleteAuthToken &&
1277 pQuerySecurityPackageInfoA)
1278 {
1279 testAcquireCredentialsHandle();
1280 testInitializeSecurityContextFlags();
1281 if(pAcceptSecurityContext)
1282 {
1283 testAuth(SECURITY_NATIVE_DREP, TRUE);
1284 testAuth(SECURITY_NETWORK_DREP, TRUE);
1285 testAuth(SECURITY_NATIVE_DREP, FALSE);
1286 testAuth(SECURITY_NETWORK_DREP, FALSE);
1287 }
1288 if(pMakeSignature && pVerifySignature && pEncryptMessage &&
1289 pDecryptMessage)
1290 testSignSeal();
1291
1292 test_cred_multiple_use();
1293 }
1294 else
1295 skip("Needed functions are not available\n");
1296
1297 if(secdll)
1298 FreeLibrary(secdll);
1299 }
useful hacks and other patches not (yet) suitable for mainline