Kai Blin : secur32: Gracefully handle ntlm_auth versions that don' t support the new commands.

Alexandre Julliard julliard at wine.codeweavers.com
Fri Aug 18 05:40:43 CDT 2006 

Module: wine
Branch: master
Commit: 21645023224fba28491d2e21b908ee6b92b50f92
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=21645023224fba28491d2e21b908ee6b92b50f92

Author: Kai Blin <kai.blin at gmail.com>
Date:   Thu Aug 17 21:05:14 2006 +0200

secur32: Gracefully handle ntlm_auth versions that don't support the new commands.

---

 dlls/secur32/dispatcher.c |    5 ----
 dlls/secur32/ntlm.c       |   59 +++++++++++++++++++++------------------------
 2 files changed, 28 insertions(+), 36 deletions(-)

diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c
index d9dfeef..f9f37e4 100644
--- a/dlls/secur32/dispatcher.c
+++ b/dlls/secur32/dispatcher.c
@@ -236,11 +236,6 @@ SECURITY_STATUS run_helper(PNegoHelper h
         return SEC_E_ILLEGAL_MESSAGE;
     }
 
-    if( (*buflen <= 3) && (strncmp(helper->com_buf, "BH", 2) == 0))
-    {
-        return SEC_E_INTERNAL_ERROR;
-    }
-
     /* We only get ERR if the input size is too big. On a GENSEC error,
      * ntlm_auth will return BH */
     if(strncmp(helper->com_buf, "ERR", 3) == 0)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 130adbd..a1011da 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -627,6 +627,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
         if(buffer_len < 3)
         {
             TRACE("No flags negotiated, or helper does not support GF command\n");
+            helper->neg_flags = 0l;
         }
         else
         {
@@ -640,41 +641,37 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
         if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
             goto isc_end;
 
-        if(buffer_len < 3)
-            TRACE("Helper does not support GK command\n");
-        else
+        if(strncmp(buffer, "BH", 2) == 0)
         {
-            if(strncmp(buffer, "BH ", 3) == 0)
+            TRACE("Helper does not understand command or no key negotiated.\n");
+            helper->valid_session_key = FALSE;
+            helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
+            /*Generate the dummy session key = MD4(MD4(password))*/
+            if(helper->password)
+                SECUR32_CreateNTLMv1SessionKey(helper->password, helper->session_key);
+            else
+                memset(helper->session_key, 0, 16);
+        }
+        else if(strncmp(buffer, "GK ", 3) == 0)
+        {
+            if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len, 
+                            &bin_len)) != SEC_E_OK)
             {
-                TRACE("Helper sent %s\n", debugstr_a(buffer+3));
-                helper->valid_session_key = FALSE;
-                helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
-                /*Generate the dummy session key = MD4(MD4(password))*/
-                if(helper->password)
-                    SECUR32_CreateNTLMv1SessionKey(helper->password, helper->session_key);
-                else
-                    memset(helper->session_key, 0, 16);
+                TRACE("Failed to decode session key\n");
             }
-            else if(strncmp(buffer, "GK ", 3) == 0)
+            TRACE("Session key is %s\n", debugstr_a(buffer+3));
+            helper->valid_session_key = TRUE;
+            if(!helper->session_key)
+                helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
+            if(!helper->session_key)
             {
-                if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len, 
-                                &bin_len)) != SEC_E_OK)
-                {
-                    TRACE("Failed to decode session key\n");
-                }
-                TRACE("Session key is %s\n", debugstr_a(buffer+3));
-                helper->valid_session_key = TRUE;
-                if(!helper->session_key)
-                    helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
-                if(!helper->session_key)
-                {
-                    TRACE("Failed to allocate memory for session key\n");
-                    ret = SEC_E_INTERNAL_ERROR;
-                    goto isc_end;
-                }
-                memcpy(helper->session_key, bin, bin_len);
+                TRACE("Failed to allocate memory for session key\n");
+                ret = SEC_E_INTERNAL_ERROR;
+                goto isc_end;
             }
+            memcpy(helper->session_key, bin, bin_len);
         }
+
         helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
         SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
         helper->crypt.ntlm.seq_num = 0l;
@@ -1239,7 +1236,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_Ma
         return SEC_E_UNSUPPORTED_FUNCTION;
     }
 
-    if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+    if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
     {
         TRACE("Generating dummy signature\n");
         /* A dummy signature is 0x01 followed by 15 bytes of 0x00 */
@@ -1315,7 +1312,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_Ve
         return SEC_E_UNSUPPORTED_FUNCTION;
     }
 
-    if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+    if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
     {
         const BYTE dummy_sig[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

More information about the wine-cvs mailing list