git.oblomov.eu Git - wine/blob - dlls/secur32/tests/ntlm.c

   1 /*
   2  * Tests for the NTLM security provider
   3  *
   4  * Copyright 2005, 2006 Kai Blin
   5  * Copyright 2006 Dmitry Timoshkov
   6  *
   7  * This library is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU Lesser General Public
   9  * License as published by the Free Software Foundation; either
  10  * version 2.1 of the License, or (at your option) any later version.
  11  *
  12  * This library is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public
  18  * License along with this library; if not, write to the Free Software
  19  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  20  *
  21  * The code that tests for the behaviour of ISC_REQ_ALLOCATE_MEMORY is based
  22  * on code written by Dmitry Timoshkov.
  23
  24  */
  25
  26 #include <stdarg.h>
  27 #include <stdio.h>
  28 #include <assert.h>
  29 #include <windef.h>
  30 #include <winbase.h>
  31 #define SECURITY_WIN32
  32 #include <sspi.h>
  33 #include <rpc.h>
  34 #include <rpcdce.h>
  35
  36 #include "wine/test.h"
  37
  38 static HMODULE secdll;
  39 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
  40 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
  41 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
  42 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
  43                             ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
  44 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
  45                             SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG,
  46                             PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
  47 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
  48 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
  49                             PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc,
  50                             PULONG, PTimeStamp);
  51 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
  52 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
  53 static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID);
  54 static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG,
  55                             PSecBufferDesc, ULONG);
  56 static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc,
  57                             ULONG, PULONG);
  58 static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG,
  59                             PSecBufferDesc, ULONG);
  60 static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc,
  61                             ULONG, PULONG);
  62
  63 typedef struct _SspiData {
  64     PCredHandle cred;
  65     PCtxtHandle ctxt;
  66     PSecBufferDesc in_buf;
  67     PSecBufferDesc out_buf;
  68     PSEC_WINNT_AUTH_IDENTITY id;
  69     ULONG max_token;
  70 } SspiData;
  71
  72 static BYTE network_challenge[] =
  73    {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
  74     0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
  75     0x05, 0x82, 0x82, 0xa0, 0xe9, 0x58, 0x7f, 0x14, 0xa2, 0x86,
  76     0x3b, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  77     0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
  78     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
  79     0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
  80     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
  81     0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
  82     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
  83     0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
  84     0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
  85     0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
  86     0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
  87     0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
  88
  89 static BYTE native_challenge[] =
  90    {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
  91     0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
  92     0x05, 0x82, 0x82, 0xa0, 0xb5, 0x60, 0x8e, 0x95, 0xb5, 0x3c,
  93     0xee, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  94     0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
  95     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
  96     0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
  97     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
  98     0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
  99     0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
 100     0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
 101     0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
 102     0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
 103     0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
 104     0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
 105
 106 static BYTE message_signature[] =
 107    {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 108     0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 109
 110 static BYTE message_binary[] =
 111    {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
 112     0x6c, 0x64, 0x21};
 113
 114 static char message[] = "Hello, world!";
 115
 116 static char message_header[] = "Header Test";
 117
 118 static BYTE crypt_trailer_client[] =
 119    {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7,
 120     0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};
 121
 122 static BYTE crypt_message_client[] =
 123    {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15,
 124     0xa0, 0x31, 0xd9};
 125
 126 static BYTE crypt_trailer_client2[] =
 127    {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7,
 128     0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4};
 129
 130 static BYTE crypt_message_client2[] =
 131    {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc,
 132     0xe1, 0xfa, 0xfe};
 133
 134 static BYTE crypt_trailer_server[] =
 135    {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46,
 136     0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e};
 137
 138 static BYTE crypt_message_server[] =
 139    {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0,
 140     0x29, 0x66, 0xfd};
 141
 142 static BYTE crypt_trailer_server2[] =
 143    {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e,
 144     0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3};
 145
 146 static BYTE crypt_message_server2[] =
 147    {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c,
 148     0x8b, 0x5f, 0x82};
 149
 150 static void InitFunctionPtrs(void)
 151 {
 152     secdll = LoadLibraryA("secur32.dll");
 153     if(!secdll)
 154         secdll = LoadLibraryA("security.dll");
 155     if(secdll)
 156     {
 157         pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
 158         pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
 159         pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
 160         pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
 161         pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
 162         pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
 163         pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
 164         pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
 165         pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
 166         pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA");
 167         pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature");
 168         pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature");
 169         pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage");
 170         pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage");
 171     }
 172 }
 173
 174 static const char* getSecError(SECURITY_STATUS status)
 175 {
 176     static char buf[20];
 177
 178 #define _SEC_ERR(x) case (x): return #x;
 179     switch(status)
 180     {
 181         _SEC_ERR(SEC_E_OK);
 182         _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
 183         _SEC_ERR(SEC_E_INVALID_HANDLE);
 184         _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
 185         _SEC_ERR(SEC_E_TARGET_UNKNOWN);
 186         _SEC_ERR(SEC_E_INTERNAL_ERROR);
 187         _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
 188         _SEC_ERR(SEC_E_NOT_OWNER);
 189         _SEC_ERR(SEC_E_CANNOT_INSTALL);
 190         _SEC_ERR(SEC_E_INVALID_TOKEN);
 191         _SEC_ERR(SEC_E_CANNOT_PACK);
 192         _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
 193         _SEC_ERR(SEC_E_NO_IMPERSONATION);
 194         _SEC_ERR(SEC_I_CONTINUE_NEEDED);
 195         _SEC_ERR(SEC_E_BUFFER_TOO_SMALL);
 196         _SEC_ERR(SEC_E_ILLEGAL_MESSAGE);
 197         _SEC_ERR(SEC_E_LOGON_DENIED);
 198         _SEC_ERR(SEC_E_NO_CREDENTIALS);
 199         _SEC_ERR(SEC_E_OUT_OF_SEQUENCE);
 200         _SEC_ERR(SEC_E_MESSAGE_ALTERED);
 201         default:
 202             sprintf(buf, "%08x\n", status);
 203             return buf;
 204     }
 205 #undef _SEC_ERR
 206 }
 207
 208 /**********************************************************************/
 209
 210 static SECURITY_STATUS setupBuffers(SspiData *sspi_data, SecPkgInfoA *sec_pkg_info)
 211 {
 212
 213     sspi_data->in_buf  = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
 214     sspi_data->out_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
 215     sspi_data->max_token = sec_pkg_info->cbMaxToken;
 216
 217     if(sspi_data->in_buf != NULL)
 218     {
 219         PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
 220                 sizeof(SecBuffer));
 221         if(sec_buffer == NULL){
 222             trace("in_buf: sec_buffer == NULL\n");
 223             return SEC_E_INSUFFICIENT_MEMORY;
 224         }
 225
 226         sspi_data->in_buf->ulVersion = SECBUFFER_VERSION;
 227         sspi_data->in_buf->cBuffers = 1;
 228         sspi_data->in_buf->pBuffers = sec_buffer;
 229
 230         sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
 231         sec_buffer->BufferType = SECBUFFER_TOKEN;
 232         if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
 233                         sec_pkg_info->cbMaxToken)) == NULL)
 234         {
 235             trace("in_buf: sec_buffer->pvBuffer == NULL\n");
 236             return SEC_E_INSUFFICIENT_MEMORY;
 237         }
 238     }
 239     else
 240     {
 241         trace("HeapAlloc in_buf returned NULL\n");
 242         return SEC_E_INSUFFICIENT_MEMORY;
 243     }
 244
 245     if(sspi_data->out_buf != NULL)
 246     {
 247         PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
 248                 sizeof(SecBuffer));
 249
 250         if(sec_buffer == NULL){
 251             trace("out_buf: sec_buffer == NULL\n");
 252             return SEC_E_INSUFFICIENT_MEMORY;
 253         }
 254
 255         sspi_data->out_buf->ulVersion = SECBUFFER_VERSION;
 256         sspi_data->out_buf->cBuffers = 1;
 257         sspi_data->out_buf->pBuffers = sec_buffer;
 258
 259         sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
 260         sec_buffer->BufferType = SECBUFFER_TOKEN;
 261         if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
 262                         sec_pkg_info->cbMaxToken)) == NULL){
 263             trace("out_buf: sec_buffer->pvBuffer == NULL\n");
 264             return SEC_E_INSUFFICIENT_MEMORY;
 265         }
 266     }
 267     else
 268     {
 269         trace("HeapAlloc out_buf returned NULL\n");
 270         return SEC_E_INSUFFICIENT_MEMORY;
 271     }
 272
 273     return SEC_E_OK;
 274 }
 275
 276 /**********************************************************************/
 277
 278 static void cleanupBuffers(SspiData *sspi_data)
 279 {
 280     ULONG i;
 281
 282     if(sspi_data->in_buf != NULL)
 283     {
 284         for(i = 0; i < sspi_data->in_buf->cBuffers; ++i)
 285         {
 286             HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers[i].pvBuffer);
 287         }
 288         HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers);
 289         HeapFree(GetProcessHeap(), 0, sspi_data->in_buf);
 290     }
 291
 292     if(sspi_data->out_buf != NULL)
 293     {
 294         for(i = 0; i < sspi_data->out_buf->cBuffers; ++i)
 295         {
 296             HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers[i].pvBuffer);
 297         }
 298         HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers);
 299         HeapFree(GetProcessHeap(), 0, sspi_data->out_buf);
 300     }
 301 }
 302
 303 /**********************************************************************/
 304
 305 static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider)
 306 {
 307     SECURITY_STATUS ret;
 308     TimeStamp ttl;
 309     SecPkgInfoA *sec_pkg_info;
 310
 311     trace("Running setupClient\n");
 312
 313     sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
 314     sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
 315
 316     ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
 317
 318     ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
 319
 320     setupBuffers(sspi_data, sec_pkg_info);
 321
 322     if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
 323             NULL, sspi_data->id, NULL, NULL, sspi_data->cred, &ttl))
 324             != SEC_E_OK)
 325     {
 326         trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
 327     }
 328
 329     ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
 330             getSecError(ret));
 331
 332     return ret;
 333 }
 334 /**********************************************************************/
 335
 336 static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)
 337 {
 338     SECURITY_STATUS ret;
 339     TimeStamp ttl;
 340     SecPkgInfoA *sec_pkg_info;
 341
 342     trace("Running setupServer\n");
 343
 344     sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
 345     sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
 346
 347     ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
 348
 349     ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
 350
 351     setupBuffers(sspi_data, sec_pkg_info);
 352
 353     if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
 354             NULL, NULL, NULL, NULL, sspi_data->cred, &ttl)) != SEC_E_OK)
 355     {
 356         trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
 357     }
 358
 359     ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
 360             getSecError(ret));
 361
 362     return ret;
 363 }
 364
 365 /**********************************************************************/
 366
 367 static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)
 368 {
 369     SECURITY_STATUS ret;
 370     SecPkgInfoA *sec_pkg_info;
 371
 372     trace("Running setupFakeServer\n");
 373
 374     sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
 375     sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
 376
 377     ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
 378
 379     ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
 380
 381     ret = setupBuffers(sspi_data, sec_pkg_info);
 382
 383     return ret;
 384 }
 385
 386
 387 /**********************************************************************/
 388
 389 static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep)
 390 {
 391     SECURITY_STATUS ret;
 392     ULONG req_attr = 0;
 393     ULONG ctxt_attr;
 394     TimeStamp ttl;
 395     PSecBufferDesc in_buf = sspi_data->in_buf;
 396     PSecBufferDesc out_buf = sspi_data->out_buf;
 397
 398     assert(in_buf->cBuffers >= 1);
 399     assert(in_buf->pBuffers[0].pvBuffer != NULL);
 400     assert(in_buf->pBuffers[0].cbBuffer != 0);
 401
 402     assert(out_buf->cBuffers >= 1);
 403     assert(out_buf->pBuffers[0].pvBuffer != NULL);
 404     assert(out_buf->pBuffers[0].cbBuffer != 0);
 405
 406     trace("Running the client the %s time.\n", first?"first":"second");
 407
 408     /* We can either use ISC_REQ_ALLOCATE_MEMORY flag to ask the provider
 409      * always allocate output buffers for us, or initialize cbBuffer
 410      * before each call because the API changes it to represent actual
 411      * amount of data in the buffer.
 412      */
 413
 414     /* test a failing call only the first time, otherwise we get
 415      * SEC_E_OUT_OF_SEQUENCE
 416      */
 417     if (first)
 418     {
 419         void *old_buf;
 420
 421         /* pass NULL as an output buffer */
 422         ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
 423             0, data_rep, NULL, 0, sspi_data->ctxt, NULL,
 424             &ctxt_attr, &ttl);
 425
 426         ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
 427
 428         /* pass NULL as an output buffer */
 429         old_buf = out_buf->pBuffers[0].pvBuffer;
 430         out_buf->pBuffers[0].pvBuffer = NULL;
 431
 432         ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
 433             0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
 434             &ctxt_attr, &ttl);
 435
 436         ok(ret == SEC_E_INTERNAL_ERROR, "expected SEC_E_INTERNAL_ERROR, got %s\n", getSecError(ret));
 437
 438         out_buf->pBuffers[0].pvBuffer = old_buf;
 439
 440         /* pass an output buffer of 0 size */
 441         out_buf->pBuffers[0].cbBuffer = 0;
 442
 443         ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
 444             0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
 445             &ctxt_attr, &ttl);
 446
 447         ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
 448
 449         ok(out_buf->pBuffers[0].cbBuffer == 0,
 450            "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
 451     }
 452
 453     out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
 454
 455     ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr,
 456             0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
 457             &ctxt_attr, &ttl);
 458
 459     if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
 460     {
 461         pCompleteAuthToken(sspi_data->ctxt, out_buf);
 462         if(ret == SEC_I_COMPLETE_AND_CONTINUE)
 463             ret = SEC_I_CONTINUE_NEEDED;
 464         else if(ret == SEC_I_COMPLETE_NEEDED)
 465             ret = SEC_E_OK;
 466     }
 467
 468     ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
 469        "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
 470
 471     return ret;
 472 }
 473
 474 /**********************************************************************/
 475
 476 static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
 477 {
 478     SECURITY_STATUS ret;
 479     ULONG ctxt_attr;
 480     TimeStamp ttl;
 481
 482     trace("Running the server the %s time\n", first?"first":"second");
 483
 484     ret = pAcceptSecurityContext(sspi_data->cred, first?NULL:sspi_data->ctxt,
 485             sspi_data->in_buf, 0, data_rep, sspi_data->ctxt,
 486             sspi_data->out_buf, &ctxt_attr, &ttl);
 487
 488     if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
 489     {
 490         pCompleteAuthToken(sspi_data->ctxt, sspi_data->out_buf);
 491         if(ret == SEC_I_COMPLETE_AND_CONTINUE)
 492             ret = SEC_I_CONTINUE_NEEDED;
 493         else if(ret == SEC_I_COMPLETE_NEEDED)
 494             ret = SEC_E_OK;
 495     }
 496
 497     return ret;
 498 }
 499
 500 /**********************************************************************/
 501
 502 static SECURITY_STATUS runFakeServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
 503 {
 504     trace("Running the fake server the %s time\n", first?"first":"second");
 505
 506     if(!first)
 507     {
 508         sspi_data->out_buf->pBuffers[0].cbBuffer = 0;
 509         return SEC_E_OK;
 510     }
 511
 512     if(data_rep == SECURITY_NATIVE_DREP)
 513     {
 514         sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(native_challenge);
 515         memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, native_challenge,
 516                 sspi_data->out_buf->pBuffers[0].cbBuffer);
 517     }
 518     else
 519     {
 520         sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(network_challenge);
 521         memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, network_challenge,
 522                 sspi_data->out_buf->pBuffers[0].cbBuffer);
 523     }
 524
 525     return SEC_I_CONTINUE_NEEDED;
 526 }
 527
 528 /**********************************************************************/
 529
 530 static void communicate(SspiData *from, SspiData *to)
 531 {
 532     if(from->out_buf != NULL && to->in_buf != NULL)
 533     {
 534         trace("Running communicate.\n");
 535         if((from->out_buf->cBuffers >= 1) && (to->in_buf->cBuffers >= 1))
 536         {
 537             if((from->out_buf->pBuffers[0].pvBuffer != NULL) &&
 538                     (to->in_buf->pBuffers[0].pvBuffer != NULL))
 539             {
 540                 memset(to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token);
 541
 542                 memcpy(to->in_buf->pBuffers[0].pvBuffer,
 543                     from->out_buf->pBuffers[0].pvBuffer,
 544                     from->out_buf->pBuffers[0].cbBuffer);
 545
 546                 to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
 547
 548                 memset(from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token);
 549             }
 550         }
 551     }
 552 }
 553
 554 /**********************************************************************/
 555 static void testInitializeSecurityContextFlags()
 556 {
 557     SECURITY_STATUS         sec_status;
 558     PSecPkgInfo             pkg_info = NULL;
 559     SspiData                client;
 560     SEC_WINNT_AUTH_IDENTITY id;
 561     static char             sec_pkg_name[] = "NTLM";
 562     ULONG                   req_attr, ctxt_attr;
 563     TimeStamp               ttl;
 564     PBYTE                   packet;
 565
 566     if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
 567     {
 568         trace("Package not installed, skipping test!\n");
 569         return;
 570     }
 571
 572     pFreeContextBuffer(pkg_info);
 573     id.User = (unsigned char*) "testuser";
 574     id.UserLength = strlen((char *) id.User);
 575     id.Domain = (unsigned char *) "WORKGROUP";
 576     id.DomainLength = strlen((char *) id.Domain);
 577     id.Password = (unsigned char*) "testpass";
 578     id.PasswordLength = strlen((char *) id.Password);
 579     id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
 580
 581     client.id = &id;
 582
 583     if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK)
 584     {
 585         trace("Setting up the client returned %s, skipping test!\n",
 586                 getSecError(sec_status));
 587         return;
 588     }
 589
 590     packet = client.out_buf->pBuffers[0].pvBuffer;
 591
 592     /* Due to how the requesting of the flags is implemented in ntlm_auth,
 593      * the tests need to be in this order, as there is no way to specify
 594      * "I request no special features" in ntlm_auth */
 595
 596     /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/
 597     req_attr = 0;
 598
 599     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 600         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 601         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 602     {
 603         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 604                 getSecError(sec_status));
 605         goto tISCFend;
 606     }
 607
 608     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 609             "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n",
 610             packet[15], packet[14], packet[13], packet[12]);
 611
 612     /* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/
 613     req_attr = ISC_REQ_CONNECTION;
 614
 615     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 616         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 617         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 618     {
 619         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 620                 getSecError(sec_status));
 621         goto tISCFend;
 622     }
 623
 624     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 625             "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n",
 626             packet[15], packet[14], packet[13], packet[12]);
 627
 628     /* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/
 629     req_attr = ISC_REQ_EXTENDED_ERROR;
 630
 631     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 632         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 633         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 634     {
 635         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 636                 getSecError(sec_status));
 637         goto tISCFend;
 638     }
 639
 640     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 641             "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n",
 642             packet[15], packet[14], packet[13], packet[12]);
 643
 644     /* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/
 645     req_attr = ISC_REQ_MUTUAL_AUTH;
 646
 647     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 648         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 649         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 650     {
 651         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 652                 getSecError(sec_status));
 653         goto tISCFend;
 654     }
 655
 656     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 657             "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n",
 658             packet[15], packet[14], packet[13], packet[12]);
 659
 660     /* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/
 661     req_attr = ISC_REQ_USE_DCE_STYLE;
 662
 663     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 664         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 665         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 666     {
 667         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 668                 getSecError(sec_status));
 669         goto tISCFend;
 670     }
 671
 672     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 673             "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n",
 674             packet[15], packet[14], packet[13], packet[12]);
 675
 676     /* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/
 677     req_attr = ISC_REQ_DELEGATE;
 678
 679     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 680         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 681         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 682     {
 683         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 684                 getSecError(sec_status));
 685         goto tISCFend;
 686     }
 687
 688     ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
 689             "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n",
 690             packet[15], packet[14], packet[13], packet[12]);
 691
 692     /* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */
 693     req_attr = ISC_REQ_INTEGRITY;
 694
 695     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 696         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 697         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 698     {
 699         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 700                 getSecError(sec_status));
 701         goto tISCFend;
 702     }
 703
 704     ok((packet[12] & 0x10) != 0,
 705             "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n",
 706             packet[15], packet[14], packet[13], packet[12]);
 707
 708     /* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */
 709     req_attr = ISC_REQ_REPLAY_DETECT;
 710
 711     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 712         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 713         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 714     {
 715         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 716                 getSecError(sec_status));
 717         goto tISCFend;
 718     }
 719
 720     ok((packet[12] & 0x10) != 0,
 721             "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n",
 722             packet[15], packet[14], packet[13], packet[12]);
 723
 724     /* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */
 725     req_attr = ISC_REQ_SEQUENCE_DETECT;
 726
 727     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 728         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 729         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 730     {
 731         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 732                 getSecError(sec_status));
 733         goto tISCFend;
 734     }
 735
 736     ok((packet[12] & 0x10) != 0,
 737             "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n",
 738             packet[15], packet[14], packet[13], packet[12]);
 739
 740     /* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */
 741     req_attr = ISC_REQ_CONFIDENTIALITY;
 742
 743     if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
 744         0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
 745         &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
 746     {
 747         trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
 748                 getSecError(sec_status));
 749         goto tISCFend;
 750     }
 751
 752     ok((packet[12] & 0x20) != 0,
 753             "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n",
 754             packet[15], packet[14], packet[13], packet[12]);
 755
 756 tISCFend:
 757     cleanupBuffers(&client);
 758     pFreeCredentialsHandle(client.cred);
 759
 760 }
 761
 762 /**********************************************************************/
 763
 764 static void testAuth(ULONG data_rep, BOOL fake)
 765 {
 766     SECURITY_STATUS         client_stat = SEC_I_CONTINUE_NEEDED;
 767     SECURITY_STATUS         server_stat = SEC_I_CONTINUE_NEEDED;
 768     SECURITY_STATUS         sec_status;
 769     PSecPkgInfo             pkg_info = NULL;
 770     BOOL                    first = TRUE;
 771     SspiData                client, server;
 772     SEC_WINNT_AUTH_IDENTITY id;
 773     SecPkgContext_Sizes     ctxt_sizes;
 774     static char             sec_pkg_name[] = "NTLM";
 775
 776     if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)== SEC_E_OK)
 777     {
 778         pFreeContextBuffer(pkg_info);
 779         id.User = (unsigned char*) "testuser";
 780         id.UserLength = strlen((char *) id.User);
 781         id.Domain = (unsigned char *) "WORKGROUP";
 782         id.DomainLength = strlen((char *) id.Domain);
 783         id.Password = (unsigned char*) "testpass";
 784         id.PasswordLength = strlen((char *) id.Password);
 785         id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
 786
 787         client.id = &id;
 788
 789         sec_status = setupClient(&client, sec_pkg_name);
 790
 791         if(sec_status != SEC_E_OK)
 792         {
 793             trace("Error: Setting up the client returned %s, exiting test!\n",
 794                     getSecError(sec_status));
 795             pFreeCredentialsHandle(client.cred);
 796             return;
 797         }
 798
 799         if(fake)
 800             sec_status = setupFakeServer(&server, sec_pkg_name);
 801         else
 802             sec_status = setupServer(&server, sec_pkg_name);
 803
 804         if(sec_status != SEC_E_OK)
 805         {
 806             trace("Error: Setting up the server returned %s, exiting test!\n",
 807                     getSecError(sec_status));
 808             pFreeCredentialsHandle(server.cred);
 809             pFreeCredentialsHandle(client.cred);
 810             return;
 811         }
 812
 813
 814         while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
 815         {
 816             client_stat = runClient(&client, first, data_rep);
 817
 818             ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
 819                     "Running the client returned %s, more tests will fail.\n",
 820                     getSecError(client_stat));
 821
 822             communicate(&client, &server);
 823
 824             if(fake)
 825                 server_stat = runFakeServer(&server, first, data_rep);
 826             else
 827                 server_stat = runServer(&server, first, data_rep);
 828
 829             ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED ||
 830                     server_stat == SEC_E_LOGON_DENIED,
 831                     "Running the server returned %s, more tests will fail from now.\n",
 832                     getSecError(server_stat));
 833
 834             communicate(&server, &client);
 835             trace("Looping\n");
 836             first = FALSE;
 837         }
 838
 839         if(client_stat == SEC_E_OK)
 840         {
 841             sec_status = pQueryContextAttributesA(client.ctxt,
 842                     SECPKG_ATTR_SIZES, &ctxt_sizes);
 843
 844             ok(sec_status == SEC_E_OK,
 845                     "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n",
 846                     getSecError(sec_status));
 847             ok(ctxt_sizes.cbMaxToken == 1904,
 848                     "cbMaxToken should be 1904 but is %lu\n",
 849                     ctxt_sizes.cbMaxToken);
 850             ok(ctxt_sizes.cbMaxSignature == 16,
 851                     "cbMaxSignature should be 16 but is %lu\n",
 852                     ctxt_sizes.cbMaxSignature);
 853             ok(ctxt_sizes.cbSecurityTrailer == 16,
 854                     "cbSecurityTrailer should be 16 but is  %lu\n",
 855                     ctxt_sizes.cbSecurityTrailer);
 856             ok(ctxt_sizes.cbBlockSize == 0,
 857                     "cbBlockSize should be 0 but is %lu\n",
 858                     ctxt_sizes.cbBlockSize);
 859         }
 860         else
 861             trace("Authentication failed, skipping test.\n");
 862
 863         cleanupBuffers(&client);
 864         cleanupBuffers(&server);
 865
 866         if(!fake)
 867         {
 868             sec_status = pDeleteSecurityContext(server.ctxt);
 869             ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
 870                 getSecError(sec_status));
 871         }
 872
 873         sec_status = pDeleteSecurityContext(client.ctxt);
 874         ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
 875                 getSecError(sec_status));
 876
 877         if(!fake)
 878         {
 879             sec_status = pFreeCredentialsHandle(server.cred);
 880             ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
 881                 getSecError(sec_status));
 882         }
 883
 884         sec_status = pFreeCredentialsHandle(client.cred);
 885         ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
 886                 getSecError(sec_status));
 887     }
 888     else
 889     {
 890         trace("Package not installed, skipping test.\n");
 891     }
 892 }
 893
 894 static void testSignSeal()
 895 {
 896     SECURITY_STATUS         client_stat = SEC_I_CONTINUE_NEEDED;
 897     SECURITY_STATUS         server_stat = SEC_I_CONTINUE_NEEDED;
 898     SECURITY_STATUS         sec_status;
 899     PSecPkgInfo             pkg_info = NULL;
 900     BOOL                    first = TRUE;
 901     SspiData                client, server;
 902     SEC_WINNT_AUTH_IDENTITY id;
 903     static char             sec_pkg_name[] = "NTLM";
 904     SecBufferDesc           crypt;
 905     SecBuffer               data[2], fake_data[2], complex_data[4];
 906     ULONG                   qop = 0;
 907     SecPkgContext_Sizes     ctxt_sizes;
 908
 909     /****************************************************************
 910      * This is basically the same as in testAuth with a fake server,
 911      * as we need a valid, authenticated context.
 912      */
 913     if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)== SEC_E_OK)
 914     {
 915         pFreeContextBuffer(pkg_info);
 916         id.User = (unsigned char*) "testuser";
 917         id.UserLength = strlen((char *) id.User);
 918         id.Domain = (unsigned char *) "WORKGROUP";
 919         id.DomainLength = strlen((char *) id.Domain);
 920         id.Password = (unsigned char*) "testpass";
 921         id.PasswordLength = strlen((char *) id.Password);
 922         id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
 923
 924         client.id = &id;
 925
 926         sec_status = setupClient(&client, sec_pkg_name);
 927
 928         if(sec_status != SEC_E_OK)
 929         {
 930             trace("Error: Setting up the client returned %s, exiting test!\n",
 931                     getSecError(sec_status));
 932             pFreeCredentialsHandle(client.cred);
 933             return;
 934         }
 935
 936         sec_status = setupFakeServer(&server, sec_pkg_name);
 937
 938         while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
 939         {
 940             client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);
 941
 942             communicate(&client, &server);
 943
 944             server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP);
 945
 946             communicate(&server, &client);
 947             trace("Looping\n");
 948             first = FALSE;
 949         }
 950
 951         /********************************************
 952          *    Now start with the actual testing     *
 953          ********************************************/
 954
 955         if(pQueryContextAttributesA(client.ctxt, SECPKG_ATTR_SIZES,
 956                     &ctxt_sizes) != SEC_E_OK)
 957         {
 958             trace("Failed to get context sizes, aborting test.\n");
 959             goto end;
 960         }
 961
 962         crypt.ulVersion = SECBUFFER_VERSION;
 963         crypt.cBuffers = 2;
 964
 965         crypt.pBuffers = fake_data;
 966
 967         fake_data[0].BufferType = SECBUFFER_DATA;
 968         fake_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
 969         fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
 970
 971         fake_data[1].BufferType = SECBUFFER_DATA;
 972         fake_data[1].cbBuffer = lstrlen(message);
 973         fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
 974
 975         sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
 976         ok(sec_status == SEC_E_INVALID_TOKEN,
 977                 "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n",
 978                 getSecError(sec_status));
 979
 980         crypt.pBuffers = data;
 981
 982         data[0].BufferType = SECBUFFER_TOKEN;
 983         data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
 984         data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
 985
 986         data[1].BufferType = SECBUFFER_DATA;
 987         data[1].cbBuffer = lstrlen(message);
 988         data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
 989         memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
 990
 991         /* As we forced NTLM to fall back to a password-derived session key,
 992          * we should get the same signature for our data, no matter if
 993          * it is sent by the client or the server
 994          */
 995         sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
 996         ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
 997                 getSecError(sec_status));
 998         ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature,
 999                    crypt.pBuffers[0].cbBuffer), "Signature is not as expected.\n");
1000
1001         data[0].cbBuffer = sizeof(message_signature);
1002
1003         memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
1004
1005         sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1006         ok(sec_status == SEC_E_MESSAGE_ALTERED,
1007                 "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
1008                 getSecError(sec_status));
1009
1010         memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
1011
1012         sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1013         ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
1014                 getSecError(sec_status));
1015
1016         sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1017         ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1018                 getSecError(sec_status));
1019
1020         ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
1021                    crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
1022         ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1023                    crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1024
1025         data[0].cbBuffer = sizeof(crypt_trailer_server);
1026         data[1].cbBuffer = sizeof(crypt_message_server);
1027         memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
1028         memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
1029
1030         sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1031
1032         ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1033                 getSecError(sec_status));
1034         ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
1035                    crypt.pBuffers[1].cbBuffer),
1036                 "Failed to decrypt message correctly.\n");
1037
1038         trace("Testing with more than one buffer.\n");
1039
1040         crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
1041         crypt.pBuffers = complex_data;
1042
1043         complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1044         complex_data[0].cbBuffer = sizeof(message_header);
1045         complex_data[0].pvBuffer = message_header;
1046
1047         complex_data[1].BufferType = SECBUFFER_DATA;
1048         complex_data[1].cbBuffer = lstrlen(message);
1049         complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1050         memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
1051
1052         complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1053         complex_data[2].cbBuffer = sizeof(message_header);
1054         complex_data[2].pvBuffer = message_header;
1055
1056         complex_data[3].BufferType = SECBUFFER_TOKEN;
1057         complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1058         complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
1059
1060         /* We should get a dummy signature again. */
1061         sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1062         ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1063                 getSecError(sec_status));
1064         ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
1065                    crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
1066
1067         /* Being a dummy signature, it will verify right away, as if the server
1068          * sent it */
1069         sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1070         ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
1071                 getSecError(sec_status));
1072
1073         sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1074         ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1075                 getSecError(sec_status));
1076
1077         ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
1078                    crypt.pBuffers[3].cbBuffer), "Crypt trailer not as expected.\n");
1079
1080         ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1081                    crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1082
1083         memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
1084         memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
1085
1086         sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1087         ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1088                 getSecError(sec_status));
1089
1090
1091 end:
1092         cleanupBuffers(&client);
1093         cleanupBuffers(&server);
1094
1095         pDeleteSecurityContext(client.ctxt);
1096         pFreeCredentialsHandle(client.cred);
1097
1098         HeapFree(GetProcessHeap(), 0, fake_data[0].pvBuffer);
1099         HeapFree(GetProcessHeap(), 0, fake_data[1].pvBuffer);
1100         HeapFree(GetProcessHeap(), 0, data[0].pvBuffer);
1101         HeapFree(GetProcessHeap(), 0, data[1].pvBuffer);
1102         HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer);
1103         HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
1104     }
1105     else
1106     {
1107         trace("Package not installed, skipping test.\n");
1108     }
1109 }
1110
1111 START_TEST(ntlm)
1112 {
1113     InitFunctionPtrs();
1114
1115     if(pFreeCredentialsHandle && pDeleteSecurityContext &&
1116        pDeleteSecurityContext && pAcquireCredentialsHandleA &&
1117        pInitializeSecurityContextA && pCompleteAuthToken &&
1118        pQuerySecurityPackageInfoA)
1119     {
1120         testInitializeSecurityContextFlags();
1121         if(pAcceptSecurityContext)
1122         {
1123             testAuth(SECURITY_NATIVE_DREP, TRUE);
1124             testAuth(SECURITY_NETWORK_DREP, TRUE);
1125             testAuth(SECURITY_NATIVE_DREP, FALSE);
1126             testAuth(SECURITY_NETWORK_DREP, FALSE);
1127         }
1128         if(pMakeSignature && pVerifySignature && pEncryptMessage &&
1129            pDecryptMessage)
1130             testSignSeal();
1131      }
1132
1133     if(secdll)
1134         FreeLibrary(secdll);
1135 }