[PATCH 0/1] MR10834: msv1_0: Handle SEC_WINNT_AUTH_IDENTITY_EX. - Wine-GitLab - list.winehq.org

newer
[PATCH v21 0/4] MR10393: Draft:...

[PATCH 0/1] MR10834: msv1_0: Handle SEC_WINNT_AUTH_IDENTITY_EX.

older
[PATCH 0/1] MR10824: win32u:...

Hans Leidekker (＠hans)

May 7, 2026

3:46 a.m.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=59689 -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10834

Reply

Sign in to reply online Use email software

Show replies by date

Hans Leidekker

May 2026

3:46 a.m.

New subject: [PATCH 1/1] msv1_0: Handle SEC_WINNT_AUTH_IDENTITY_EX.

From: Hans Leidekker <hans@codeweavers.com> Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=59689 --- dlls/msv1_0/main.c | 82 +++++++++++++++++++++++++++++---------- dlls/secur32/tests/ntlm.c | 32 +++++++++++++++ 2 files changed, 94 insertions(+), 20 deletions(-) diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index 6eabb89fba6..81f752a48f5 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -163,19 +163,61 @@ static char *get_domain_arg( const WCHAR *domain, int domain_len ) return ret; } + +static NTSTATUS map_auth_data( const void *auth_data, SEC_WINNT_AUTH_IDENTITY_W *id ) +{ + const SEC_WINNT_AUTH_IDENTITY_EXA *exA = auth_data; + const SEC_WINNT_AUTH_IDENTITY_EXW *exW = auth_data; + + if (exW->Version != SEC_WINNT_AUTH_IDENTITY_VERSION) + { + *id = *(SEC_WINNT_AUTH_IDENTITY_W *)auth_data; + return SEC_E_OK; + } + if (exW->Flags == SEC_WINNT_AUTH_IDENTITY_UNICODE) + { + id->User = exW->User; + id->UserLength = exW->UserLength; + id->Domain = exW->Domain; + id->DomainLength = exW->DomainLength; + id->Password = exW->Password; + id->PasswordLength = exW->PasswordLength; + id->Flags = exW->Flags; + if (exW->PackageList) + FIXME( "ignoring package list %s\n", debugstr_wn(exW->PackageList, exW->PackageListLength) ); + } + else + { + SEC_WINNT_AUTH_IDENTITY_A *idA = (SEC_WINNT_AUTH_IDENTITY_A *)id; + + idA->User = exA->User; + idA->UserLength = exA->UserLength; + idA->Domain = exA->Domain; + idA->DomainLength = exA->DomainLength; + idA->Password = exA->Password; + idA->PasswordLength = exA->PasswordLength; + idA->Flags = exA->Flags; + if (exA->PackageList) + FIXME( "ignoring package list %s\n", debugstr_an((const char *)exA->PackageList, exA->PackageListLength) ); + } + return SEC_E_OK; +} + #define WINE_NO_CACHED_CREDENTIALS 0x10000000 static NTSTATUS NTAPI ntlm_SpAcquireCredentialsHandle( UNICODE_STRING *principal, ULONG cred_use, LUID *logon_id, void *auth_data, void *get_key_fn, void *get_key_arg, LSA_SEC_HANDLE *handle, TimeStamp *expiry ) { - SECURITY_STATUS status = SEC_E_INSUFFICIENT_MEMORY; + SECURITY_STATUS status; struct ntlm_cred *cred = NULL; WCHAR *domain = NULL, *user = NULL, *password = NULL; - SEC_WINNT_AUTH_IDENTITY_W *id = NULL; + SEC_WINNT_AUTH_IDENTITY_W id = {0}; TRACE( "%s, %#lx, %p, %p, %p, %p, %p, %p\n", debugstr_us(principal), cred_use, logon_id, auth_data, get_key_fn, get_key_arg, cred, expiry ); + if (auth_data && (status = map_auth_data( auth_data, &id ))) return status; + cred_use &= ~SECPKG_CRED_RESERVED; switch (cred_use) { @@ -204,38 +246,38 @@ static NTSTATUS NTAPI ntlm_SpAcquireCredentialsHandle( UNICODE_STRING *principal cred->password_len = 0; cred->no_cached_credentials = (cred_use & WINE_NO_CACHED_CREDENTIALS); - if ((id = auth_data)) + if (auth_data) { int domain_len = 0, user_len = 0, password_len = 0; - if (id->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI) + if (id.Flags & SEC_WINNT_AUTH_IDENTITY_ANSI) { - if (id->DomainLength) + if (id.DomainLength) { - domain_len = MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, NULL, 0 ); + domain_len = MultiByteToWideChar( CP_ACP, 0, (char *)id.Domain, id.DomainLength, NULL, 0 ); if (!(domain = malloc( sizeof(WCHAR) * domain_len ))) goto done; - MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, domain, domain_len ); + MultiByteToWideChar( CP_ACP, 0, (char *)id.Domain, id.DomainLength, domain, domain_len ); } - if (id->UserLength) + if (id.UserLength) { - user_len = MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, NULL, 0 ); + user_len = MultiByteToWideChar( CP_ACP, 0, (char *)id.User, id.UserLength, NULL, 0 ); if (!(user = malloc( sizeof(WCHAR) * user_len ))) goto done; - MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, user, user_len ); + MultiByteToWideChar( CP_ACP, 0, (char *)id.User, id.UserLength, user, user_len ); } - if (id->PasswordLength) + if (id.PasswordLength) { - password_len = MultiByteToWideChar( CP_ACP, 0,(char *)id->Password, id->PasswordLength, NULL, 0 ); + password_len = MultiByteToWideChar( CP_ACP, 0,(char *)id.Password, id.PasswordLength, NULL, 0 ); if (!(password = malloc( sizeof(WCHAR) * password_len ))) goto done; - MultiByteToWideChar( CP_ACP, 0, (char *)id->Password, id->PasswordLength, password, password_len ); + MultiByteToWideChar( CP_ACP, 0, (char *)id.Password, id.PasswordLength, password, password_len ); } } else { - domain = id->Domain; - domain_len = id->DomainLength; - user = id->User; - user_len = id->UserLength; - password = id->Password; - password_len = id->PasswordLength; + domain = id.Domain; + domain_len = id.DomainLength; + user = id.User; + user_len = id.UserLength; + password = id.Password; + password_len = id.PasswordLength; } TRACE( "username is %s\n", debugstr_wn(user, user_len) ); @@ -263,7 +305,7 @@ static NTSTATUS NTAPI ntlm_SpAcquireCredentialsHandle( UNICODE_STRING *principal } done: - if (id && (id->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)) + if (auth_data && (id.Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)) { free( domain ); free( user ); diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index 17c9a3ac52f..0026b35dd94 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -1348,6 +1348,7 @@ static void testAcquireCredentialsHandleW(void) SECURITY_STATUS ret; SEC_WINNT_AUTH_IDENTITY_A idA; SEC_WINNT_AUTH_IDENTITY_W id; + SEC_WINNT_AUTH_IDENTITY_EXW ex; PSecPkgInfoA pkg_info = NULL; if(QuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) @@ -1419,6 +1420,37 @@ static void testAcquireCredentialsHandleW(void) ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); FreeCredentialsHandle(&cred); + + memset( &ex, 0, sizeof(ex) ); + ex.Version = SEC_WINNT_AUTH_IDENTITY_VERSION; + ex.Length = sizeof(id); + ex.User = (USHORT *)L"winetest"; + ex.UserLength = ARRAY_SIZE( L"winetest" ) - 1; + ex.Domain = (USHORT *)L"winetest"; + ex.DomainLength = ARRAY_SIZE( L"winetest" ) - 1; + ex.Password = (USHORT *)L"winetest"; + ex.PasswordLength = ARRAY_SIZE( L"winetest" ) - 1; + ex.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; + ex.PackageList = (USHORT *)L"ntlm,!kerberos"; + ex.PackageListLength = ARRAY_SIZE( L"ntlm,!kerberos" ) - 1; + + ret = AcquireCredentialsHandleW( NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + NULL, &ex, NULL, NULL, &cred, NULL ); + ok( ret == SEC_E_OK, "got %#lx\n", ret ); + FreeCredentialsHandle( &cred ); + + ex.PackageList = (USHORT *)L"nosuch"; + ex.PackageListLength = ARRAY_SIZE( L"nosuch" ); + ret = AcquireCredentialsHandleW( NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + NULL, &ex, NULL, NULL, &cred, NULL ); + ok( ret == SEC_E_OK, "got %#lx\n", ret ); + FreeCredentialsHandle( &cred ); + + ex.Length = 0; + ret = AcquireCredentialsHandleW( NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + NULL, &ex, NULL, NULL, &cred, NULL ); + ok( ret == SEC_E_OK, "got %#lx\n", ret ); + FreeCredentialsHandle( &cred ); } static void test_cred_multiple_use(void) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10834

Reply

Sign in to reply online Use email software

4

Age (days ago)

4

Last active (days ago)

1 comments

2 participants

tags

participants (2)

Hans Leidekker
Hans Leidekker (＠hans)