Kai Blin : secur32: Implement simple VerifySignature.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Aug 14 05:16:26 CDT 2006
Module: wine
Branch: master
Commit: 8289ddb0d1638a01ac7797bd53fc00703ee52204
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=8289ddb0d1638a01ac7797bd53fc00703ee52204
Author: Kai Blin <kai.blin at gmail.com>
Date: Sun Aug 13 12:46:00 2006 +0200
secur32: Implement simple VerifySignature.
---
dlls/secur32/ntlm.c | 57 ++++++++++++++++++++++++++++++++++++++++-----
dlls/secur32/tests/ntlm.c | 11 +++++++--
2 files changed, 60 insertions(+), 8 deletions(-)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 9b49f24..c18d0f0 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -1158,18 +1158,63 @@ static SECURITY_STATUS SEC_ENTRY ntlm_Ma
static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
- SECURITY_STATUS ret;
+ PNegoHelper helper;
+ ULONG fQOP = 0;
TRACE("%p %p %ld %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
- if (phContext)
+ if(!phContext)
+ return SEC_E_INVALID_HANDLE;
+
+ if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2 ||
+ pMessage->pBuffers[0].BufferType != SECBUFFER_TOKEN ||
+ !pMessage->pBuffers[0].pvBuffer)
+ return SEC_E_INVALID_TOKEN;
+
+ if(pMessage->pBuffers[0].cbBuffer < 16)
+ return SEC_E_BUFFER_TOO_SMALL;
+
+ if(MessageSeqNo)
+ FIXME("Ignoring MessageSeqNo\n");
+
+ helper = (PNegoHelper)phContext->dwLower;
+ TRACE("Negotiated flags: 0x%08lx\n", helper->neg_flags);
+
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
{
- ret = SEC_E_UNSUPPORTED_FUNCTION;
+ FIXME("Can't handle NTLMv2 signing yet. Aborting.\n");
+ return SEC_E_UNSUPPORTED_FUNCTION;
}
- else
+
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
{
- ret = SEC_E_INVALID_HANDLE;
+ FIXME("Can't handle real signing yet. Aborting.\n");
+ return SEC_E_UNSUPPORTED_FUNCTION;
}
- return ret;
+
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
+ {
+ FIXME("Can't handle encrypted session keys yet. Aborting.\n");
+ return SEC_E_UNSUPPORTED_FUNCTION;
+ }
+
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ {
+ const BYTE dummy_sig[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+ TRACE("Assuming dummy signature.\n");
+ if(memcmp(pMessage->pBuffers[0].pvBuffer, dummy_sig, sizeof(dummy_sig)) != 0)
+ {
+ TRACE("Failed to verify the packet signature. Not a dummy signature?\n");
+ return SEC_E_MESSAGE_ALTERED;
+ }
+ else
+ {
+ pfQOP = &fQOP;
+ return SEC_E_OK;
+ }
+ }
+
+ return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c
index 0284a12..240a01d 100644
--- a/dlls/secur32/tests/ntlm.c
+++ b/dlls/secur32/tests/ntlm.c
@@ -177,6 +177,7 @@ #define _SEC_ERR(x) case (x): return #x;
_SEC_ERR(SEC_E_LOGON_DENIED);
_SEC_ERR(SEC_E_NO_CREDENTIALS);
_SEC_ERR(SEC_E_OUT_OF_SEQUENCE);
+ _SEC_ERR(SEC_E_MESSAGE_ALTERED);
default:
sprintf(buf, "%08lx\n", status);
return buf;
@@ -789,13 +790,19 @@ static void testSignSeal()
crypt->pBuffers[0].cbBuffer), "Signature is not as expected.\n");
data[0].cbBuffer = sizeof(message_signature);
+
+ memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
+
+ sec_status = pVerifySignature(client.ctxt, crypt, 0, &qop);
+ ok(sec_status == SEC_E_MESSAGE_ALTERED,
+ "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
+ getSecError(sec_status));
+
memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
sec_status = pVerifySignature(client.ctxt, crypt, 0, &qop);
- todo_wine {
ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
getSecError(sec_status));
- }
sec_status = pEncryptMessage(client.ctxt, 0, crypt, 0);
todo_wine{
More information about the wine-cvs
mailing list