[PATCH 0/7] MR6297: secur32/tests: NTLM tests improvements.

List overview All Threads

newer

older

[PATCH 0/4] MR6298: winewayland:...

[PATCH v3 0/1] MR6295: odbccp32:...

Dmitry Timoshkov (＠dmitry)

16 Aug 2024 16 Aug '24

9:43 a.m.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Show replies by date

Dmitry Timoshkov

16 Aug 16 Aug

9:43 a.m.

New subject: [PATCH 1/7] msv1_0: Make buffer large enough to hold NTLM_MAX_BUF bytes of base64 encoded data.

From: Dmitry Timoshkov dmitry@baikal.ru

Without this patch NTLM tests in next patches will crash.

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/msv1_0/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index efa87d8d70f..409906315e9 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -599,7 +599,7 @@ static NTSTATUS NTAPI ntlm_SpInitLsaModeContext( LSA_SEC_HANDLE cred_handle, LSA * * The squid cache size is 2010 chars and that's what ntlm_auth uses */

- if (!(buf = malloc( NTLM_MAX_BUF ))) return SEC_E_INSUFFICIENT_MEMORY; + if (!(buf = malloc( NTLM_MAX_BUF * 3 + 64 ))) return SEC_E_INSUFFICIENT_MEMORY; if (!(bin = malloc( NTLM_MAX_BUF ))) goto done;

if (!ctx_handle && !input) @@ -891,7 +891,7 @@ static NTSTATUS NTAPI ntlm_SpAcceptLsaModeContext( LSA_SEC_HANDLE cred_handle, L new_ctx_handle, output, ctx_attr, expiry, mapped_ctx, ctx_data ); if (ctx_req) FIXME( "ignoring flags %#lx\n", ctx_req );

if (!ctx_handle)

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 2/7] secur32/tests: Don't load secur32.dll dynamically.

From: Dmitry Timoshkov dmitry@baikal.ru

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 334 ++++++++++++++------------------------ 1 file changed, 126 insertions(+), 208 deletions(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index 42d9b580d71..973cb9b7855 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -60,34 +60,6 @@ SECPKG_FLAG_NEGOTIABLE | \ SECPKG_FLAG_LOGON )

-static HMODULE secdll; -static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void); -static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv); -static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*); -static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*, - ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp); -static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleW)(SEC_CHAR*, SEC_WCHAR*, - ULONG, PLUID, void*, SEC_GET_KEY_FN, void*, CredHandle*, TimeStamp*); -static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle, - SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG, - PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp); -static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc); -static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle, - PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc, - PULONG, PTimeStamp); -static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle); -static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle); -static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID); -static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG, - PSecBufferDesc, ULONG); -static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc, - ULONG, PULONG); -static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG, - PSecBufferDesc, ULONG); -static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc, - ULONG, PULONG); -static BOOLEAN (WINAPI * pGetUserNameExA)(EXTENDED_NAME_FORMAT, LPSTR, PULONG); - typedef struct _SspiData { CredHandle cred; CtxtHandle ctxt; @@ -180,32 +152,6 @@ static char test_user[] = "testuser", test_pass[] = "testpass", sec_pkg_name[] = "NTLM";

-static void InitFunctionPtrs(void) -{ - secdll = LoadLibraryA("secur32.dll"); - if(!secdll) - secdll = LoadLibraryA("security.dll"); - if(secdll) - { - pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA"); - pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer"); - pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA"); - pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA"); - pAcquireCredentialsHandleW = (void*)GetProcAddress(secdll, "AcquireCredentialsHandleW"); - pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA"); - pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken"); - pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext"); - pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle"); - pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext"); - pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA"); - pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature"); - pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature"); - pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage"); - pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage"); - pGetUserNameExA = (PVOID)GetProcAddress(secdll, "GetUserNameExA"); - } -} - static const char* getSecError(SECURITY_STATUS status) { static char buf[20]; @@ -344,15 +290,15 @@ static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider) SecPkgInfoA *sec_pkg_info;

trace("Running setupClient\n"); - - ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info); + + ret = QuerySecurityPackageInfoA(provider, &sec_pkg_info);

ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));

setupBuffers(sspi_data, sec_pkg_info); - pFreeContextBuffer(sec_pkg_info); - - if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND, + FreeContextBuffer(sec_pkg_info); + + if((ret = AcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND, NULL, sspi_data->id, NULL, NULL, &sspi_data->cred, &ttl)) != SEC_E_OK) { @@ -374,14 +320,14 @@ static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)

trace("Running setupServer\n");

- ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info); + ret = QuerySecurityPackageInfoA(provider, &sec_pkg_info);

ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));

setupBuffers(sspi_data, sec_pkg_info); - pFreeContextBuffer(sec_pkg_info); + FreeContextBuffer(sec_pkg_info);

- if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND, + if((ret = AcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &sspi_data->cred, &ttl)) != SEC_E_OK) { trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret)); @@ -402,13 +348,13 @@ static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)

trace("Running setupFakeServer\n");

- ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info); + ret = QuerySecurityPackageInfoA(provider, &sec_pkg_info);

ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));

ret = setupBuffers(sspi_data, sec_pkg_info); - pFreeContextBuffer(sec_pkg_info); - + FreeContextBuffer(sec_pkg_info); + return ret; }

@@ -448,7 +394,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep void *old_buf;

/* pass NULL as an output buffer */ - ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, + ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, 0, data_rep, NULL, 0, &sspi_data->ctxt, NULL, &ctxt_attr, &ttl);

@@ -458,7 +404,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep old_buf = out_buf->pBuffers[0].pvBuffer; out_buf->pBuffers[0].pvBuffer = NULL;

- ret = pInitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, + ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, 0, data_rep, NULL, 0, &sspi_data->ctxt, out_buf, &ctxt_attr, &ttl);

@@ -470,7 +416,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep /* pass an output buffer of 0 size */ out_buf->pBuffers[0].cbBuffer = 0;

@@ -482,7 +428,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep out_buf->pBuffers[0].cbBuffer = sspi_data->max_token; out_buf->pBuffers[0].BufferType = SECBUFFER_DATA;

@@ -492,13 +438,13 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep

out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;

- ret = pInitializeSecurityContextA(first?&sspi_data->cred:NULL, first?NULL:&sspi_data->ctxt, NULL, req_attr, + ret = InitializeSecurityContextA(first?&sspi_data->cred:NULL, first?NULL:&sspi_data->ctxt, NULL, req_attr, 0, data_rep, first?NULL:in_buf, 0, &sspi_data->ctxt, out_buf, &ctxt_attr, &ttl);

if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED) { - pCompleteAuthToken(&sspi_data->ctxt, out_buf); + CompleteAuthToken(&sspi_data->ctxt, out_buf); if(ret == SEC_I_COMPLETE_AND_CONTINUE) ret = SEC_I_CONTINUE_NEEDED; else if(ret == SEC_I_COMPLETE_NEEDED) @@ -523,13 +469,13 @@ static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep

trace("Running the server the %s time\n", first?"first":"second");

- ret = pAcceptSecurityContext(&sspi_data->cred, first?NULL:&sspi_data->ctxt, + ret = AcceptSecurityContext(&sspi_data->cred, first?NULL:&sspi_data->ctxt, sspi_data->in_buf, 0, data_rep, &sspi_data->ctxt, sspi_data->out_buf, &ctxt_attr, &ttl);

if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED) { - pCompleteAuthToken(&sspi_data->ctxt, sspi_data->out_buf); + CompleteAuthToken(&sspi_data->ctxt, sspi_data->out_buf); if(ret == SEC_I_COMPLETE_AND_CONTINUE) ret = SEC_I_CONTINUE_NEEDED; else if(ret == SEC_I_COMPLETE_NEEDED) @@ -604,13 +550,13 @@ static void testInitializeSecurityContextFlags(void) TimeStamp ttl; PBYTE packet;

- pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info); id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); id.Domain = (unsigned char *) workgroup; @@ -637,7 +583,7 @@ static void testInitializeSecurityContextFlags(void) /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = 0;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -649,12 +595,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = ISC_REQ_CONNECTION;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -666,12 +612,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = ISC_REQ_EXTENDED_ERROR;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -683,12 +629,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = ISC_REQ_MUTUAL_AUTH;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -700,12 +646,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = ISC_REQ_USE_DCE_STYLE;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -717,12 +663,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/ req_attr = ISC_REQ_DELEGATE;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -734,12 +680,12 @@ static void testInitializeSecurityContextFlags(void) ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0), "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */ req_attr = ISC_REQ_INTEGRITY;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -751,12 +697,12 @@ static void testInitializeSecurityContextFlags(void) ok((packet[12] & 0x10) != 0, "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */ req_attr = ISC_REQ_REPLAY_DETECT;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -768,12 +714,12 @@ static void testInitializeSecurityContextFlags(void) ok((packet[12] & 0x10) != 0, "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */ req_attr = ISC_REQ_SEQUENCE_DETECT;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -785,12 +731,12 @@ static void testInitializeSecurityContextFlags(void) ok((packet[12] & 0x10) != 0, "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

/* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */ req_attr = ISC_REQ_CONFIDENTIALITY;

- if((sec_status = pInitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, + if((sec_status = InitializeSecurityContextA(&client.cred, NULL, NULL, req_attr, 0, SECURITY_NETWORK_DREP, NULL, 0, &client.ctxt, client.out_buf, &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED) { @@ -802,11 +748,11 @@ static void testInitializeSecurityContextFlags(void) ok((packet[12] & 0x20) != 0, "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n", packet[15], packet[14], packet[13], packet[12]); - pDeleteSecurityContext(&client.ctxt); + DeleteSecurityContext(&client.ctxt);

tISCFend: cleanupBuffers(&client); - pFreeCredentialsHandle(&client.cred); + FreeCredentialsHandle(&client.cred); }

/**********************************************************************/ @@ -827,13 +773,13 @@ static void testAuth(ULONG data_rep, BOOL fake) SecPkgContext_SessionKey session_key; SecPkgInfoA *pi;

- pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info); id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); id.Domain = (unsigned char *) workgroup; @@ -850,7 +796,7 @@ static void testAuth(ULONG data_rep, BOOL fake) { skip("Error: Setting up the client returned %s, exiting test!\n", getSecError(sec_status)); - pFreeCredentialsHandle(&client.cred); + FreeCredentialsHandle(&client.cred); return; }

@@ -863,8 +809,8 @@ static void testAuth(ULONG data_rep, BOOL fake) { skip("Error: Setting up the server returned %s, exiting test!\n", getSecError(sec_status)); - pFreeCredentialsHandle(&server.cred); - pFreeCredentialsHandle(&client.cred); + FreeCredentialsHandle(&server.cred); + FreeCredentialsHandle(&client.cred); return; }

@@ -899,21 +845,21 @@ static void testAuth(ULONG data_rep, BOOL fake) goto tAuthend; }

- sec_status = pQueryContextAttributesA(&client.ctxt, SECPKG_ATTR_SIZES, &sizes); - ok(sec_status == SEC_E_OK, "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n", getSecError(sec_status)); + sec_status = QueryContextAttributesA(&client.ctxt, SECPKG_ATTR_SIZES, &sizes); + ok(sec_status == SEC_E_OK, "QueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n", getSecError(sec_status)); ok((sizes.cbMaxToken == 1904) || (sizes.cbMaxToken == 2888), "cbMaxToken should be 1904 or 2888 but is %lu\n", sizes.cbMaxToken); ok(sizes.cbMaxSignature == 16, "cbMaxSignature should be 16 but is %lu\n", sizes.cbMaxSignature); ok(sizes.cbSecurityTrailer == 16, "cbSecurityTrailer should be 16 but is %lu\n", sizes.cbSecurityTrailer); ok(sizes.cbBlockSize == 0, "cbBlockSize should be 0 but is %lu\n", sizes.cbBlockSize);

- sec_status = pQueryContextAttributesA(&client.ctxt, SECPKG_ATTR_STREAM_SIZES, &stream_sizes); - ok(sec_status == SEC_E_UNSUPPORTED_FUNCTION, "pQueryContextAttributesA(SECPKG_ATTR_STREAM_SIZES) returned %s\n", + sec_status = QueryContextAttributesA(&client.ctxt, SECPKG_ATTR_STREAM_SIZES, &stream_sizes); + ok(sec_status == SEC_E_UNSUPPORTED_FUNCTION, "QueryContextAttributesA(SECPKG_ATTR_STREAM_SIZES) returned %s\n", getSecError(sec_status));

memset( &key, 0, sizeof(key) ); sec_status = QueryContextAttributesA( &client.ctxt, SECPKG_ATTR_KEY_INFO, &key ); - ok( sec_status == SEC_E_OK, "pQueryContextAttributesA returned %08lx\n", sec_status ); + ok( sec_status == SEC_E_OK, "QueryContextAttributesA returned %08lx\n", sec_status ); if (fake) { ok( !strcmp(key.sSignatureAlgorithmName, "RSADSI RC4-CRC32"), "got '%s'\n", key.sSignatureAlgorithmName ); @@ -933,7 +879,7 @@ static void testAuth(ULONG data_rep, BOOL fake)

memset( &session_key, 0, sizeof(session_key) ); sec_status = QueryContextAttributesA( &client.ctxt, SECPKG_ATTR_SESSION_KEY, &session_key ); - ok( sec_status == SEC_E_OK, "pQueryContextAttributesA returned %08lx\n", sec_status ); + ok( sec_status == SEC_E_OK, "QueryContextAttributesA returned %08lx\n", sec_status ); ok( session_key.SessionKeyLength, "got 0 key length\n" ); ok( session_key.SessionKey != NULL, "got NULL session key\n" ); FreeContextBuffer( session_key.SessionKey ); @@ -979,23 +925,23 @@ tAuthend:

if(!fake) { - sec_status = pDeleteSecurityContext(&server.ctxt); + sec_status = DeleteSecurityContext(&server.ctxt); ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n", getSecError(sec_status)); }

- sec_status = pDeleteSecurityContext(&client.ctxt); + sec_status = DeleteSecurityContext(&client.ctxt); ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n", getSecError(sec_status));

if(!fake) { - sec_status = pFreeCredentialsHandle(&server.cred); + sec_status = FreeCredentialsHandle(&server.cred); ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n", getSecError(sec_status)); }

- sec_status = pFreeCredentialsHandle(&client.cred); + sec_status = FreeCredentialsHandle(&client.cred); ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n", getSecError(sec_status)); } @@ -1021,13 +967,13 @@ static void testSignSeal(void) * This is basically the same as in testAuth with a fake server, * as we need a valid, authenticated context. */ - if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK) + if(QuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK) { ok(0, "NTLM package not installed, skipping test.\n"); return; }

- pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info); id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); id.Domain = (unsigned char *) workgroup; @@ -1044,7 +990,7 @@ static void testSignSeal(void) { skip("Error: Setting up the client returned %s, exiting test!\n", getSecError(sec_status)); - pFreeCredentialsHandle(&client.cred); + FreeCredentialsHandle(&client.cred); return; }

@@ -1078,7 +1024,7 @@ static void testSignSeal(void) * Now start with the actual testing * ********************************************/

- if(pQueryContextAttributesA(&client.ctxt, SECPKG_ATTR_SIZES, + if(QueryContextAttributesA(&client.ctxt, SECPKG_ATTR_SIZES, &ctxt_sizes) != SEC_E_OK) { skip("Failed to get context sizes, aborting test.\n"); @@ -1098,7 +1044,7 @@ static void testSignSeal(void) fake_data[1].cbBuffer = lstrlenA(message); fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);

- sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0); + sec_status = MakeSignature(&client.ctxt, 0, &crypt, 0); ok(sec_status == SEC_E_INVALID_TOKEN, "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n", getSecError(sec_status)); @@ -1118,7 +1064,7 @@ static void testSignSeal(void) * we should get the same signature for our data, no matter if * it is sent by the client or the server */ - sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0); + sec_status = MakeSignature(&client.ctxt, 0, &crypt, 0); ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n", getSecError(sec_status)); ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature, @@ -1128,19 +1074,19 @@ static void testSignSeal(void)

memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);

- sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop); + sec_status = VerifySignature(&client.ctxt, &crypt, 0, &qop); ok(sec_status == SEC_E_MESSAGE_ALTERED, "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n", getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer); - sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop); + sec_status = VerifySignature(&client.ctxt, &crypt, 0, &qop); ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n", getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

- sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0); + sec_status = EncryptMessage(&client.ctxt, 0, &crypt, 0); if (sec_status == SEC_E_UNSUPPORTED_FUNCTION) { skip("Encrypt message returned SEC_E_UNSUPPORTED_FUNCTION. " @@ -1178,7 +1124,7 @@ static void testSignSeal(void) memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer); memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);

- sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop); + sec_status = DecryptMessage(&client.ctxt, &crypt, 0, &qop);

ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status)); @@ -1212,7 +1158,7 @@ static void testSignSeal(void) complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);

/* We should get a dummy signature again. */ - sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0); + sec_status = MakeSignature(&client.ctxt, 0, &crypt, 0); ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n", getSecError(sec_status)); ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature, @@ -1220,12 +1166,12 @@ static void testSignSeal(void)

/* Being a dummy signature, it will verify right away, as if the server * sent it */ - sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop); + sec_status = VerifySignature(&client.ctxt, &crypt, 0, &qop); ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n", getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

- sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0); + sec_status = EncryptMessage(&client.ctxt, 0, &crypt, 0); ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status));

@@ -1252,7 +1198,7 @@ static void testSignSeal(void) memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer); memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);

- sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop); + sec_status = DecryptMessage(&client.ctxt, &crypt, 0, &qop); ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop); @@ -1262,14 +1208,14 @@ end: cleanupBuffers(&client); cleanupBuffers(&server);

- pDeleteSecurityContext(&client.ctxt); - pFreeCredentialsHandle(&client.cred); + DeleteSecurityContext(&client.ctxt); + FreeCredentialsHandle(&client.cred);

HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer); HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer); }

-static BOOL testAcquireCredentialsHandle(void) +static void testAcquireCredentialsHandle(void) { CredHandle cred; TimeStamp ttl; @@ -1277,12 +1223,12 @@ static BOOL testAcquireCredentialsHandle(void) SEC_WINNT_AUTH_IDENTITY_A id; PSecPkgInfoA pkg_info = NULL;

- if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) + if(QuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) { ok(0, "NTLM package not installed, skipping test\n"); - return FALSE; + return; } - pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info);

id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); @@ -1292,46 +1238,45 @@ static BOOL testAcquireCredentialsHandle(void) id.PasswordLength = strlen((char *) id.Password); id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

- ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.DomainLength = 0; - ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.Domain = NULL; - ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.Domain = (unsigned char *) workgroup; id.DomainLength = strlen((char *) id.Domain); id.UserLength = 0; id.User = NULL; - ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); id.Password = NULL; id.PasswordLength = 0; - ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); - return TRUE; + FreeCredentialsHandle(&cred); }

static void testAcquireCredentialsHandleW(void) @@ -1347,18 +1292,12 @@ static void testAcquireCredentialsHandleW(void) SEC_WINNT_AUTH_IDENTITY_W id; PSecPkgInfoA pkg_info = NULL;

- if(!pAcquireCredentialsHandleW) - { - win_skip("AcquireCredentialsHandleW not available\n"); - return; - } - - if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) + if(QuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) { ok(0, "NTLM package not installed, skipping test\n"); return; } - pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info);

id.User = test_userW; id.UserLength = lstrlenW(test_userW); @@ -1368,45 +1307,45 @@ static void testAcquireCredentialsHandleW(void) id.PasswordLength = lstrlenW(test_passW); id.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;

- ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.DomainLength = 0; - ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.Domain = NULL; - ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.Domain = workgroupW; id.DomainLength = lstrlenW(workgroupW); id.UserLength = 0; id.User = NULL; - ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

id.User = test_userW; id.UserLength = lstrlenW(test_userW); id.Password = test_passW; /* NULL string causes a crash. */ id.PasswordLength = 0; - ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred);

/* Test using the ANSI structure. */ idA.User = (unsigned char*) test_user; @@ -1417,11 +1356,11 @@ static void testAcquireCredentialsHandleW(void) idA.PasswordLength = strlen(test_pass); idA.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

- ret = pAcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleW(NULL, sec_pkg_nameW, SECPKG_CRED_OUTBOUND, NULL, &idA, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandeW() returned %s\n", getSecError(ret)); - pFreeCredentialsHandle(&cred); + FreeCredentialsHandle(&cred); }

static void test_cred_multiple_use(void) @@ -1437,7 +1376,7 @@ static void test_cred_multiple_use(void) ULONG ctxt_attr; TimeStamp ttl;

- if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) + if(QuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK) { ok(0, "NTLM package not installed, skipping test\n"); return; @@ -1446,7 +1385,7 @@ static void test_cred_multiple_use(void) buffers[0].BufferType = SECBUFFER_TOKEN; buffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, buffers[0].cbBuffer);

- pFreeContextBuffer(pkg_info); + FreeContextBuffer(pkg_info);

id.User = (unsigned char*) test_user; id.UserLength = strlen((char *) id.User); @@ -1456,7 +1395,7 @@ static void test_cred_multiple_use(void) id.PasswordLength = strlen((char *) id.Password); id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

- ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, + ret = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND, NULL, &id, NULL, NULL, &cred, &ttl); ok(ret == SEC_E_OK, "AcquireCredentialsHandle() returned %s\n", getSecError(ret)); @@ -1465,21 +1404,21 @@ static void test_cred_multiple_use(void) buffer_desc.cBuffers = ARRAY_SIZE(buffers); buffer_desc.pBuffers = buffers;

- ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION, + ret = InitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION, 0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt1, &buffer_desc, &ctxt_attr, &ttl); ok(ret == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed with error 0x%lx\n", ret);

- ret = pInitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION, + ret = InitializeSecurityContextA(&cred, NULL, NULL, ISC_REQ_CONNECTION, 0, SECURITY_NETWORK_DREP, NULL, 0, &ctxt2, &buffer_desc, &ctxt_attr, &ttl); ok(ret == SEC_I_CONTINUE_NEEDED, "Second InitializeSecurityContextA on cred handle failed with error 0x%lx\n", ret);

- ret = pDeleteSecurityContext(&ctxt1); + ret = DeleteSecurityContext(&ctxt1); ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%lx\n", ret); - ret = pDeleteSecurityContext(&ctxt2); + ret = DeleteSecurityContext(&ctxt2); ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%lx\n", ret); - ret = pFreeCredentialsHandle(&cred); + ret = FreeCredentialsHandle(&cred); ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%lx\n", ret);

HeapFree(GetProcessHeap(), 0, buffers[0].pvBuffer); @@ -1498,13 +1437,13 @@ static void test_null_auth_data(void) ULONG attr, size; BOOLEAN ret;

- if(pQuerySecurityPackageInfoA((SEC_CHAR *)"NTLM", &info) != SEC_E_OK) + if(QuerySecurityPackageInfoA((SEC_CHAR *)"NTLM", &info) != SEC_E_OK) { ok(0, "NTLM package not installed, skipping test\n"); return; }

- status = pAcquireCredentialsHandleA(NULL, (SEC_CHAR *)"NTLM", SECPKG_CRED_OUTBOUND, + status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, NULL, NULL, NULL, &cred, &ttl); ok(status == SEC_E_OK, "AcquireCredentialsHandle() failed %s\n", getSecError(status));

@@ -1517,54 +1456,33 @@ static void test_null_auth_data(void) buffer_desc.pBuffers = buffers;

size = sizeof(user); - ret = pGetUserNameExA(NameSamCompatible, user, &size); + ret = GetUserNameExA(NameSamCompatible, user, &size); ok(ret, "GetUserNameExA failed %lu\n", GetLastError());

- status = pInitializeSecurityContextA(&cred, NULL, (SEC_CHAR *)user, + status = InitializeSecurityContextA(&cred, NULL, (SEC_CHAR *)user, ISC_REQ_CONNECTION, 0, SECURITY_NETWORK_DREP, NULL, 0, &ctx, &buffer_desc, &attr, &ttl); ok(status == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed %s\n", getSecError(status));

- ret = pDeleteSecurityContext(&ctx); + ret = DeleteSecurityContext(&ctx); ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret); - ret = pFreeCredentialsHandle(&cred); + ret = FreeCredentialsHandle(&cred); ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%x\n", ret);

- pFreeContextBuffer(info); + FreeContextBuffer(info); HeapFree(GetProcessHeap(), 0, buffers[0].pvBuffer); }

START_TEST(ntlm) { - InitFunctionPtrs(); - - if(pFreeCredentialsHandle && pDeleteSecurityContext && - pAcquireCredentialsHandleA && pInitializeSecurityContextA && - pCompleteAuthToken && pQuerySecurityPackageInfoA) - { - testAcquireCredentialsHandleW(); - - if(!testAcquireCredentialsHandle()) - goto cleanup; - testInitializeSecurityContextFlags(); - if(pAcceptSecurityContext) - { - testAuth(SECURITY_NATIVE_DREP, TRUE); - testAuth(SECURITY_NETWORK_DREP, TRUE); - testAuth(SECURITY_NATIVE_DREP, FALSE); - testAuth(SECURITY_NETWORK_DREP, FALSE); - } - if(pMakeSignature && pVerifySignature && pEncryptMessage && - pDecryptMessage) - testSignSeal(); - - test_cred_multiple_use(); - if (pGetUserNameExA) test_null_auth_data(); - } - else - win_skip("Needed functions are not available\n"); - -cleanup: - if(secdll) - FreeLibrary(secdll); + testAcquireCredentialsHandleW(); + testAcquireCredentialsHandle(); + testInitializeSecurityContextFlags(); + testAuth(SECURITY_NATIVE_DREP, TRUE); + testAuth(SECURITY_NETWORK_DREP, TRUE); + testAuth(SECURITY_NATIVE_DREP, FALSE); + testAuth(SECURITY_NETWORK_DREP, FALSE); + testSignSeal(); + test_cred_multiple_use(); + test_null_auth_data(); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 3/7] secur32/tests: Avoid assigning a 4-byte status to an 1-byte variable.

From: Dmitry Timoshkov dmitry@baikal.ru

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index 973cb9b7855..a7ed32fe5ab 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -1464,10 +1464,10 @@ static void test_null_auth_data(void) NULL, 0, &ctx, &buffer_desc, &attr, &ttl); ok(status == SEC_I_CONTINUE_NEEDED, "InitializeSecurityContextA failed %s\n", getSecError(status));

- ret = DeleteSecurityContext(&ctx); - ok(ret == SEC_E_OK, "DeleteSecurityContext failed with error 0x%x\n", ret); - ret = FreeCredentialsHandle(&cred); - ok(ret == SEC_E_OK, "FreeCredentialsHandle failed with error 0x%x\n", ret); + status = DeleteSecurityContext(&ctx); + ok(status == SEC_E_OK, "DeleteSecurityContext failed %s\n", getSecError(status)); + status = FreeCredentialsHandle(&cred); + ok(status == SEC_E_OK, "FreeCredentialsHandle failed %s\n", getSecError(status));

FreeContextBuffer(info); HeapFree(GetProcessHeap(), 0, buffers[0].pvBuffer);

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 4/7] secur32/tests: Don't use fake user/domain/password in NTLM tests.

From: Dmitry Timoshkov dmitry@baikal.ru

Under Windows AcceptSecurityContext() returns SEC_E_LOGON_DENIED after huge timeout in that case. Using NULL instead uses current user identity and works as intended. By accepting SEC_E_LOGON_DENIED the tests actually hide the fact that AcceptSecurityContext() fails under both Windows and Wine. It looks like that NTLM authentication never worked under Wine because SEC_E_LOGON_DENIED was there from the start.

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 48 +++++++++------------------------------ 1 file changed, 11 insertions(+), 37 deletions(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index a7ed32fe5ab..8699e425132 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -299,7 +299,7 @@ static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider) FreeContextBuffer(sec_pkg_info);

if((ret = AcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND, - NULL, sspi_data->id, NULL, NULL, &sspi_data->cred, &ttl)) + NULL, NULL, NULL, NULL, &sspi_data->cred, &ttl)) != SEC_E_OK) { trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret)); @@ -453,7 +453,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep

ok(out_buf->pBuffers[0].BufferType == SECBUFFER_TOKEN, "buffer type was changed from SECBUFFER_TOKEN to %ld\n", out_buf->pBuffers[0].BufferType); - ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token, + ok(out_buf->pBuffers[0].cbBuffer <= sspi_data->max_token, "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);

return ret; @@ -545,7 +545,6 @@ static void testInitializeSecurityContextFlags(void) SECURITY_STATUS sec_status; PSecPkgInfoA pkg_info = NULL; SspiData client = {{0}}; - SEC_WINNT_AUTH_IDENTITY_A id; ULONG req_attr, ctxt_attr; TimeStamp ttl; PBYTE packet; @@ -557,15 +556,6 @@ static void testInitializeSecurityContextFlags(void) }

FreeContextBuffer(pkg_info); - id.User = (unsigned char*) test_user; - id.UserLength = strlen((char *) id.User); - id.Domain = (unsigned char *) workgroup; - id.DomainLength = strlen((char *) id.Domain); - id.Password = (unsigned char*) test_pass; - id.PasswordLength = strlen((char *) id.Password); - id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; - - client.id = &id;

if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK) { @@ -765,7 +755,6 @@ static void testAuth(ULONG data_rep, BOOL fake) PSecPkgInfoA pkg_info = NULL; BOOL first = TRUE; SspiData client = {{0}}, server = {{0}}; - SEC_WINNT_AUTH_IDENTITY_A id; SecPkgContext_Sizes sizes; SecPkgContext_StreamSizes stream_sizes; SecPkgContext_NegotiationInfoA info; @@ -780,15 +769,6 @@ static void testAuth(ULONG data_rep, BOOL fake) }

sec_status = setupClient(&client, sec_pkg_name);

@@ -818,9 +798,12 @@ static void testAuth(ULONG data_rep, BOOL fake) { client_stat = runClient(&client, first, data_rep);

+ todo_wine_if(client_stat != SEC_I_CONTINUE_NEEDED) ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED, "Running the client returned %s, more tests will fail.\n", getSecError(client_stat)); + if(client_stat != SEC_E_OK && client_stat != SEC_I_CONTINUE_NEEDED) + break;

communicate(&client, &server);

@@ -829,8 +812,7 @@ static void testAuth(ULONG data_rep, BOOL fake) else server_stat = runServer(&server, first, data_rep);

- ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED || - server_stat == SEC_E_LOGON_DENIED, + ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED, "Running the server returned %s, more tests will fail from now.\n", getSecError(server_stat));

@@ -839,7 +821,7 @@ static void testAuth(ULONG data_rep, BOOL fake) first = FALSE; }

- if(client_stat != SEC_E_OK) + if(client_stat != SEC_E_OK || server_stat != SEC_E_OK) { skip("Authentication failed, skipping test.\n"); goto tAuthend; @@ -954,8 +936,6 @@ static void testSignSeal(void) PSecPkgInfoA pkg_info = NULL; BOOL first = TRUE; SspiData client = {{0}}, server = {{0}}; - SEC_WINNT_AUTH_IDENTITY_A id; - static char sec_pkg_name[] = "NTLM"; SecBufferDesc crypt; SecBuffer data[2], fake_data[2], complex_data[4]; ULONG qop = 0xdeadbeef; @@ -974,15 +954,6 @@ static void testSignSeal(void) }

sec_status = setupClient(&client, sec_pkg_name);

@@ -1001,9 +972,12 @@ static void testSignSeal(void) { client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);

communicate(&client, &server);

@@ -1014,7 +988,7 @@ static void testSignSeal(void) first = FALSE; }

- if(client_stat != SEC_E_OK) + if(client_stat != SEC_E_OK || server_stat != SEC_E_OK) { skip("Authentication failed, skipping test.\n"); goto end;

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 5/7] secur32/tests: Fix a typo.

From: Dmitry Timoshkov dmitry@baikal.ru

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index 8699e425132..fa6fb05d78a 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -1120,7 +1120,7 @@ static void testSignSeal(void)

complex_data[1].BufferType = SECBUFFER_DATA; complex_data[1].cbBuffer = lstrlenA(message); - complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer); + complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[1].cbBuffer); memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);

complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 6/7] secur32/tests: Separate NTLM signature and encryption tests.

From: Dmitry Timoshkov dmitry@baikal.ru

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 157 +++++++++++++++++++++++++++++++++----- 1 file changed, 140 insertions(+), 17 deletions(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index fa6fb05d78a..690b569ab97 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -928,7 +928,7 @@ tAuthend: getSecError(sec_status)); }

-static void testSignSeal(void) +static void test_Signature(void) { SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED; SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED; @@ -1060,6 +1060,143 @@ static void testSignSeal(void) getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

+ trace("Testing with more than one buffer.\n"); + + crypt.cBuffers = ARRAY_SIZE(complex_data); + crypt.pBuffers = complex_data; + + complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM; + complex_data[0].cbBuffer = sizeof(message_header); + complex_data[0].pvBuffer = message_header; + + complex_data[1].BufferType = SECBUFFER_DATA; + complex_data[1].cbBuffer = lstrlenA(message); + complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[1].cbBuffer); + memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer); + + complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM; + complex_data[2].cbBuffer = sizeof(message_header); + complex_data[2].pvBuffer = message_header; + + complex_data[3].BufferType = SECBUFFER_TOKEN; + complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer; + complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer); + + /* We should get a dummy signature again. */ + sec_status = MakeSignature(&client.ctxt, 0, &crypt, 0); + ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n", + getSecError(sec_status)); + ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature, + crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n"); + + /* Being a dummy signature, it will verify right away, as if the server + * sent it */ + sec_status = VerifySignature(&client.ctxt, &crypt, 0, &qop); + ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n", + getSecError(sec_status)); + ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop); + +end: + cleanupBuffers(&client); + cleanupBuffers(&server); + + DeleteSecurityContext(&client.ctxt); + FreeCredentialsHandle(&client.cred); + + HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer); + HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer); +} + +static void test_Encrypt(void) +{ + SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED; + SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED; + SECURITY_STATUS sec_status; + PSecPkgInfoA pkg_info = NULL; + BOOL first = TRUE; + SspiData client = {{0}}, server = {{0}}; + SecBufferDesc crypt; + SecBuffer data[2], complex_data[4]; + ULONG qop = 0xdeadbeef; + SecPkgContext_Sizes ctxt_sizes; + + complex_data[1].pvBuffer = complex_data[3].pvBuffer = NULL; + + /**************************************************************** + * This is basically the same as in testAuth with a fake server, + * as we need a valid, authenticated context. + */ + if(QuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK) + { + ok(0, "NTLM package not installed, skipping test.\n"); + return; + } + + FreeContextBuffer(pkg_info); + + sec_status = setupClient(&client, sec_pkg_name); + + if(sec_status != SEC_E_OK) + { + skip("Error: Setting up the client returned %s, exiting test!\n", + getSecError(sec_status)); + FreeCredentialsHandle(&client.cred); + return; + } + + sec_status = setupFakeServer(&server, sec_pkg_name); + ok(sec_status == SEC_E_OK, "setupFakeServer returned %s\n", getSecError(sec_status)); + + while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED) + { + client_stat = runClient(&client, first, SECURITY_NETWORK_DREP); + + todo_wine_if(client_stat != SEC_I_CONTINUE_NEEDED) + ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED, + "Running the client returned %s, more tests will fail.\n", + getSecError(client_stat)); + if(client_stat != SEC_E_OK && client_stat != SEC_I_CONTINUE_NEEDED) + break; + + communicate(&client, &server); + + server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP); + + communicate(&server, &client); + trace("Looping\n"); + first = FALSE; + } + + if(client_stat != SEC_E_OK || server_stat != SEC_E_OK) + { + skip("Authentication failed, skipping test.\n"); + goto end; + } + + /******************************************** + * Now start with the actual testing * + ********************************************/ + + if(QueryContextAttributesA(&client.ctxt, SECPKG_ATTR_SIZES, + &ctxt_sizes) != SEC_E_OK) + { + skip("Failed to get context sizes, aborting test.\n"); + goto end; + } + + crypt.ulVersion = SECBUFFER_VERSION; + crypt.cBuffers = 2; + crypt.pBuffers = data; + + data[0].BufferType = SECBUFFER_TOKEN; + data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer; + data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer); + + data[1].BufferType = SECBUFFER_DATA; + data[1].cbBuffer = lstrlenA(message); + data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer); + memcpy(data[1].pvBuffer, message, data[1].cbBuffer); + sec_status = EncryptMessage(&client.ctxt, 0, &crypt, 0); if (sec_status == SEC_E_UNSUPPORTED_FUNCTION) { @@ -1131,20 +1268,6 @@ static void testSignSeal(void) complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer; complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);

- /* We should get a dummy signature again. */ - sec_status = MakeSignature(&client.ctxt, 0, &crypt, 0); - ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n", - getSecError(sec_status)); - ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature, - crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n"); - - /* Being a dummy signature, it will verify right away, as if the server - * sent it */ - sec_status = VerifySignature(&client.ctxt, &crypt, 0, &qop); - ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n", - getSecError(sec_status)); - ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop); - sec_status = EncryptMessage(&client.ctxt, 0, &crypt, 0); ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status)); @@ -1177,7 +1300,6 @@ static void testSignSeal(void) getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

- end: cleanupBuffers(&client); cleanupBuffers(&server); @@ -1456,7 +1578,8 @@ START_TEST(ntlm) testAuth(SECURITY_NETWORK_DREP, TRUE); testAuth(SECURITY_NATIVE_DREP, FALSE); testAuth(SECURITY_NETWORK_DREP, FALSE); - testSignSeal(); + test_Signature(); + test_Encrypt(); test_cred_multiple_use(); test_null_auth_data(); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Dmitry Timoshkov

9:43 a.m.

New subject: [PATCH 7/7] secur32/tests: Make NTLM encryption tests work on newer Windows versions.

From: Dmitry Timoshkov dmitry@baikal.ru

Starting from Vista if context doesn't require encryption or signing EncryptMessage() fails with SEC_E_UNSUPPORTED_FUNCTION. When encryption or signing is enabled using fake data is no longer possible because the session key is always different.

Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/secur32/tests/ntlm.c | 127 ++++++-------------------------------- 1 file changed, 20 insertions(+), 107 deletions(-)

diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c index 690b569ab97..c67a7786be4 100644 --- a/dlls/secur32/tests/ntlm.c +++ b/dlls/secur32/tests/ntlm.c @@ -66,7 +66,7 @@ typedef struct _SspiData { PSecBufferDesc in_buf; PSecBufferDesc out_buf; PSEC_WINNT_AUTH_IDENTITY_A id; - ULONG max_token; + ULONG max_token, req_attr; } SspiData;

static BYTE network_challenge[] = @@ -107,10 +107,6 @@ static BYTE message_signature[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

-static BYTE message_binary[] = - {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72, - 0x6c, 0x64, 0x21}; - static const char message[] = "Hello, world!";

static char message_header[] = "Header Test"; @@ -119,34 +115,6 @@ static BYTE crypt_trailer_client[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7, 0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};

-static BYTE crypt_message_client[] = - {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15, - 0xa0, 0x31, 0xd9}; - -static BYTE crypt_trailer_client2[] = - {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7, - 0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4}; - -static BYTE crypt_message_client2[] = - {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc, - 0xe1, 0xfa, 0xfe}; - -static BYTE crypt_trailer_server[] = - {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46, - 0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e}; - -static BYTE crypt_message_server[] = - {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0, - 0x29, 0x66, 0xfd}; - -static BYTE crypt_trailer_server2[] = - {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e, - 0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3}; - -static BYTE crypt_message_server2[] = - {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c, - 0x8b, 0x5f, 0x82}; - static char test_user[] = "testuser", workgroup[] = "WORKGROUP", test_pass[] = "testpass", @@ -364,7 +332,6 @@ static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider) static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep) { SECURITY_STATUS ret; - ULONG req_attr = 0; ULONG ctxt_attr; TimeStamp ttl; PSecBufferDesc in_buf = sspi_data->in_buf; @@ -394,7 +361,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep void *old_buf;

/* pass NULL as an output buffer */ - ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, + ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, sspi_data->req_attr, 0, data_rep, NULL, 0, &sspi_data->ctxt, NULL, &ctxt_attr, &ttl);

@@ -404,7 +371,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep old_buf = out_buf->pBuffers[0].pvBuffer; out_buf->pBuffers[0].pvBuffer = NULL;

- ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, req_attr, + ret = InitializeSecurityContextA(&sspi_data->cred, NULL, NULL, sspi_data->req_attr, 0, data_rep, NULL, 0, &sspi_data->ctxt, out_buf, &ctxt_attr, &ttl);

@@ -416,7 +383,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep /* pass an output buffer of 0 size */ out_buf->pBuffers[0].cbBuffer = 0;

@@ -428,7 +395,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep out_buf->pBuffers[0].cbBuffer = sspi_data->max_token; out_buf->pBuffers[0].BufferType = SECBUFFER_DATA;

@@ -438,7 +405,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep

out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;

- ret = InitializeSecurityContextA(first?&sspi_data->cred:NULL, first?NULL:&sspi_data->ctxt, NULL, req_attr, + ret = InitializeSecurityContextA(first?&sspi_data->cred:NULL, first?NULL:&sspi_data->ctxt, NULL, sspi_data->req_attr, 0, data_rep, first?NULL:in_buf, 0, &sspi_data->ctxt, out_buf, &ctxt_attr, &ttl);

@@ -1134,6 +1101,10 @@ static void test_Encrypt(void)

FreeContextBuffer(pkg_info);

+ /* Starting from Vista if context doesn't require encryption or signing + * EncryptMessage() fails with SEC_E_UNSUPPORTED_FUNCTION. + */ + client.req_attr = ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY; sec_status = setupClient(&client, sec_pkg_name);

if(sec_status != SEC_E_OK) @@ -1144,7 +1115,7 @@ static void test_Encrypt(void) return; }

- sec_status = setupFakeServer(&server, sec_pkg_name); + sec_status = setupServer(&server, sec_pkg_name); ok(sec_status == SEC_E_OK, "setupFakeServer returned %s\n", getSecError(sec_status));

while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED) @@ -1160,7 +1131,7 @@ static void test_Encrypt(void)

communicate(&client, &server);

- server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP); + server_stat = runServer(&server, first, SECURITY_NETWORK_DREP);

communicate(&server, &client); trace("Looping\n"); @@ -1198,53 +1169,15 @@ static void test_Encrypt(void) memcpy(data[1].pvBuffer, message, data[1].cbBuffer);

sec_status = EncryptMessage(&client.ctxt, 0, &crypt, 0); - if (sec_status == SEC_E_UNSUPPORTED_FUNCTION) - { - skip("Encrypt message returned SEC_E_UNSUPPORTED_FUNCTION. " - "Expected on Vista.\n"); - goto end; - } ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status));

- /* first 8 bytes must always be the same */ - ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, 8), "Crypt trailer not as expected.\n"); + /* first 4 bytes must always be the same */ + ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, 4), "Crypt trailer not as expected.\n");

- /* the rest depends on the session key */ - if (!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, crypt.pBuffers[0].cbBuffer)) - { - ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, - crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n"); - ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client, - crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n"); - if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client, - crypt.pBuffers[1].cbBuffer)) - { - int i; - for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++) - { - if (i % 8 == 0) printf(" "); - printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]); - if (i % 8 == 7) printf("\n"); - } - printf("\n"); - } - - data[0].cbBuffer = sizeof(crypt_trailer_server); - data[1].cbBuffer = sizeof(crypt_message_server); - memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer); - memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer); - - sec_status = DecryptMessage(&client.ctxt, &crypt, 0, &qop); - - ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n", - getSecError(sec_status)); - ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary, - crypt.pBuffers[1].cbBuffer), - "Failed to decrypt message correctly.\n"); - ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop); - } - else trace( "A different session key is being used\n" ); + sec_status = DecryptMessage(&server.ctxt, &crypt, 0, &qop); + ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status)); + ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

trace("Testing with more than one buffer.\n");

@@ -1272,30 +1205,10 @@ static void test_Encrypt(void) ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status));

- ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2, 8), "Crypt trailer not as expected.\n"); - - if (memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2, - crypt.pBuffers[3].cbBuffer)) goto end; - - ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2, - crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n"); - if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2, - crypt.pBuffers[1].cbBuffer)) - { - int i; - for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++) - { - if (i % 8 == 0) printf(" "); - printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]); - if (i % 8 == 7) printf("\n"); - } - printf("\n"); - } - - memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer); - memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer); + /* first 4 bytes must always be the same */ + ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client, 4), "Crypt trailer not as expected.\n");

- sec_status = DecryptMessage(&client.ctxt, &crypt, 0, &qop); + sec_status = DecryptMessage(&server.ctxt, &crypt, 0, &qop); ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n", getSecError(sec_status)); ok(qop == 0xdeadbeef, "qop changed to %lu\n", qop);

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6297

Hans Leidekker (＠hans)

1:01 p.m.

Hans Leidekker (@hans) commented about dlls/secur32/tests/ntlm.c:

...

 FreeContextBuffer(sec_pkg_info);

 if((ret = AcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,

       NULL, sspi_data->id, NULL, NULL, &sspi_data->cred, &ttl))

       NULL, NULL, NULL, NULL, &sspi_data->cred, &ttl))

Authentication does succeed when 'fake' is true. It seems useful to keep that path with the fake credentials.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/6297#note_78954

174

Age (days ago)

174

Last active (days ago)

wine-gitlab@winehq.org

8 comments

3 participants

tags (0)

participants (3)

Dmitry Timoshkov
Dmitry Timoshkov (＠dmitry)
Hans Leidekker (＠hans)