Kai Blin : secur32: Gracefully handle ntlm_auth versions that don'
t support the new commands.
Alexandre Julliard
julliard at wine.codeweavers.com
Fri Aug 18 05:40:43 CDT 2006
Module: wine
Branch: master
Commit: 21645023224fba28491d2e21b908ee6b92b50f92
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=21645023224fba28491d2e21b908ee6b92b50f92
Author: Kai Blin <kai.blin at gmail.com>
Date: Thu Aug 17 21:05:14 2006 +0200
secur32: Gracefully handle ntlm_auth versions that don't support the new commands.
---
dlls/secur32/dispatcher.c | 5 ----
dlls/secur32/ntlm.c | 59 +++++++++++++++++++++------------------------
2 files changed, 28 insertions(+), 36 deletions(-)
diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c
index d9dfeef..f9f37e4 100644
--- a/dlls/secur32/dispatcher.c
+++ b/dlls/secur32/dispatcher.c
@@ -236,11 +236,6 @@ SECURITY_STATUS run_helper(PNegoHelper h
return SEC_E_ILLEGAL_MESSAGE;
}
- if( (*buflen <= 3) && (strncmp(helper->com_buf, "BH", 2) == 0))
- {
- return SEC_E_INTERNAL_ERROR;
- }
-
/* We only get ERR if the input size is too big. On a GENSEC error,
* ntlm_auth will return BH */
if(strncmp(helper->com_buf, "ERR", 3) == 0)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 130adbd..a1011da 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -627,6 +627,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
if(buffer_len < 3)
{
TRACE("No flags negotiated, or helper does not support GF command\n");
+ helper->neg_flags = 0l;
}
else
{
@@ -640,41 +641,37 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
goto isc_end;
- if(buffer_len < 3)
- TRACE("Helper does not support GK command\n");
- else
+ if(strncmp(buffer, "BH", 2) == 0)
{
- if(strncmp(buffer, "BH ", 3) == 0)
+ TRACE("Helper does not understand command or no key negotiated.\n");
+ helper->valid_session_key = FALSE;
+ helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
+ /*Generate the dummy session key = MD4(MD4(password))*/
+ if(helper->password)
+ SECUR32_CreateNTLMv1SessionKey(helper->password, helper->session_key);
+ else
+ memset(helper->session_key, 0, 16);
+ }
+ else if(strncmp(buffer, "GK ", 3) == 0)
+ {
+ if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
+ &bin_len)) != SEC_E_OK)
{
- TRACE("Helper sent %s\n", debugstr_a(buffer+3));
- helper->valid_session_key = FALSE;
- helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
- /*Generate the dummy session key = MD4(MD4(password))*/
- if(helper->password)
- SECUR32_CreateNTLMv1SessionKey(helper->password, helper->session_key);
- else
- memset(helper->session_key, 0, 16);
+ TRACE("Failed to decode session key\n");
}
- else if(strncmp(buffer, "GK ", 3) == 0)
+ TRACE("Session key is %s\n", debugstr_a(buffer+3));
+ helper->valid_session_key = TRUE;
+ if(!helper->session_key)
+ helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
+ if(!helper->session_key)
{
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
- &bin_len)) != SEC_E_OK)
- {
- TRACE("Failed to decode session key\n");
- }
- TRACE("Session key is %s\n", debugstr_a(buffer+3));
- helper->valid_session_key = TRUE;
- if(!helper->session_key)
- helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
- if(!helper->session_key)
- {
- TRACE("Failed to allocate memory for session key\n");
- ret = SEC_E_INTERNAL_ERROR;
- goto isc_end;
- }
- memcpy(helper->session_key, bin, bin_len);
+ TRACE("Failed to allocate memory for session key\n");
+ ret = SEC_E_INTERNAL_ERROR;
+ goto isc_end;
}
+ memcpy(helper->session_key, bin, bin_len);
}
+
helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
helper->crypt.ntlm.seq_num = 0l;
@@ -1239,7 +1236,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_Ma
return SEC_E_UNSUPPORTED_FUNCTION;
}
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
{
TRACE("Generating dummy signature\n");
/* A dummy signature is 0x01 followed by 15 bytes of 0x00 */
@@ -1315,7 +1312,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_Ve
return SEC_E_UNSUPPORTED_FUNCTION;
}
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
{
const BYTE dummy_sig[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
More information about the wine-cvs
mailing list