Jacek Caban
0f2e0365ea
secur32: Added support for grbitEnabledProtocols in schan_AcquireClientCredentials.
2013-03-27 20:12:28 +01:00
Jacek Caban
b7a75b468a
secur32: Pass whole schan_credentials struct to schannel backend implementations.
2013-03-25 16:28:18 +01:00
Jacek Caban
64c84ef5c4
secur32: Report SecPkgContext_ConnectionInfo in bits, not bytes.
2013-02-27 19:23:36 +01:00
Ken Thomases
7494f5bc5e
secur32: On Mac, add support for cipher suites defined in 10.8 SDK.
2013-02-07 16:37:49 +01:00
Jacek Caban
db22753a05
winhttp: Added schannel-based netconn_recv implementation.
2013-01-23 23:41:15 +01:00
Jacek Caban
63c7f8d8ee
secur32: Added SECPKG_ATTR_REMOTE_CERT_CONTEXT tests.
2013-01-21 16:19:35 +01:00
Jacek Caban
303ec3ef91
secur32: Return a cert context with context store in SECPKG_ATTR_REMOTE_CERT_CONTEXT MacOSX implementation.
2013-01-21 16:19:18 +01:00
Jacek Caban
5c5d12c8bc
secur32: Return a cert context with context store in SECPKG_ATTR_REMOTE_CERT_CONTEXT GnuTLS implementation.
2013-01-21 16:19:05 +01:00
André Hentschel
1eaa25696b
secur32/tests: Fix tests on win8.
2012-12-07 17:26:40 +01:00
Austin English
62e77128c5
secur32: Get rid of deprecated types.
2012-11-16 11:40:17 +01:00
Michael Stefaniuc
8fe8e2f967
secur32: Avoid a FALSE:TRUE conditional expression.
2012-08-15 12:12:56 +02:00
Henri Verbeet
8abcfeddd8
secur32: Recognize some more TLS versions.
2012-07-18 17:12:34 +02:00
Ken Thomases
98652ec1c6
secur32: On Mac, define modern ECDH cipher suites if the SDK doesn't.
2012-07-16 14:19:46 +02:00
Ken Thomases
4ccb8746fd
secur32: On Mac, recognize key exchange algorithm for cipher suites using ECDH.
2012-07-16 14:19:37 +02:00
Henri Verbeet
2025e81585
secur32: Only read complete records in schan_InitializeSecurityContextW().
2012-07-09 15:04:03 -04:00
Henri Verbeet
394519db67
secur32: Handle incomplete messages in schan_InitializeSecurityContextW().
2012-06-26 17:32:40 +02:00
Henri Verbeet
8f39fb146a
secur32: We can't read more than expected_size - 5 in schan_DecryptMessage().
2012-06-26 17:31:02 +02:00
Henri Verbeet
e2bd967a85
secur32: Handle padding only records in schan_DecryptMessage().
2012-06-26 17:30:55 +02:00
Francois Gouget
71945b7635
secur32: Make some SecurityFunction methods static.
2012-05-21 11:34:37 +02:00
Hans Leidekker
cb90e6b1a6
secur32/tests: Add tests for the Negotiate provider.
2012-05-10 18:43:38 +02:00
Hans Leidekker
19f8c79f9e
secur32: Implement a Negotiate provider that forwards to NTLM.
2012-05-10 18:43:04 +02:00
Hans Leidekker
3181577810
secur32: Add an option to disable use of cached Samba credentials.
2012-05-10 18:42:40 +02:00
Hans Leidekker
bd7e469760
secur32: Update NTLM capabilities to match native.
2012-05-10 18:42:30 +02:00
Hans Leidekker
ebab1c72cf
secur32: Remove some unused variables.
2012-05-10 18:42:21 +02:00
Hans Leidekker
81213a88e8
secur32: Fix potential leaks of the NTLM session key.
2012-05-10 18:42:15 +02:00
Alexandre Julliard
ee1e1f0fdb
secur32/tests: Don't compare the encrypted results if the session key is different.
2012-01-03 23:28:13 +01:00
André Hentschel
962230064d
secur32/tests: Fail on missing NTLM.
2011-12-20 20:24:47 +01:00
Francois Gouget
3d9c7657bc
secur32: Fix the compilation on Solaris by including errno.h instead of sys/errno.h.
2011-12-02 17:25:56 +01:00
Ken Thomases
3de1c71364
secur32: Reap child process to avoid leaving a zombie.
2011-12-01 10:44:28 +01:00
Ken Thomases
d977044e76
secur32: Eliminate broken clean-up "cheat".
2011-11-30 11:45:26 +01:00
Ken Thomases
f4ac641af5
secur32: Clean up the helper in all cases where it was allocated.
2011-11-30 11:45:21 +01:00
Ken Thomases
e39e67ec3d
secur32: Eliminate a dead store.
2011-11-30 11:45:18 +01:00
Francois Gouget
5305c8e009
secur32: Make the cs critical section static.
2011-11-15 19:37:36 +01:00
Andrew Talbot
7f17934de2
secur32: Superfluous semicolons fix.
2011-11-07 11:54:47 +01:00
Charles Davis
65634bca0b
schannel: Don't use SSLCopyPeerCertificates on Mac OS 10.4.
2011-10-27 12:31:40 +02:00
Henri Verbeet
0dd54eb0fd
secur32: Print the ntlm_auth diagnostic message to the winediag channel.
2011-10-27 12:25:13 +02:00
Henri Verbeet
7bb7d08d19
secur32: Handle the schan_buffers limit field in schan_get_buffer() instead of schan_pull().
...
Aside from being the right place, we depend on schan_get_buffer() not
returning a buffer if there's no space left in schan_imp_recv() /
schan_imp_send().
2011-10-05 17:00:58 -05:00
Henri Verbeet
929598fd00
secur32: Properly handle GNUTLS_E_AGAIN in (GnuTLS) schan_imp_recv().
2011-10-03 14:38:49 -05:00
Henri Verbeet
65aed972c0
secur32: Properly handle GNUTLS_E_AGAIN in (GnuTLS) schan_imp_send().
2011-10-03 14:38:44 -05:00
Henri Verbeet
5004c38dd5
secur32: Return failure if chan_EncryptMessage() can't encrypt the entire buffer.
2011-10-03 14:38:35 -05:00
Henri Verbeet
0903855456
secur32: Use gnutls_record_get_max_size() to get the maximum message size.
2011-10-03 14:38:21 -05:00
Francois Gouget
3de330db54
tests: Remove unneeded assert.h includes.
2011-09-27 10:59:56 +02:00
Alexandre Julliard
0359f9d430
secur32/tests: Avoid crash on test failure.
2011-09-09 15:53:49 +02:00
Alexandre Julliard
52fa3bf42d
secur32: Avoid size_t and fix some printf formats.
2011-09-05 19:34:55 +02:00
Frédéric Delanoy
982e7f96b1
secur32: Remove dead code (Clang).
2011-07-05 14:42:53 +02:00
Marcus Meissner
e1fcd78928
secur32: Mark internal symbols with hidden visibility.
2011-04-26 15:31:27 +02:00
Ken Thomases
5015f388d1
secur32: Add alternative schannel implementation for Mac OS X.
...
It uses the native Secure Transport API rather than GnuTLS.
2011-03-14 19:31:07 +01:00
Ken Thomases
0b396208db
secur32: Separate GnuTLS schannel implementation into separate file.
2011-03-14 14:16:13 +01:00
Ken Thomases
c890bf4dc8
secur32: Make no-implementation error message non-GnuTLS-specific.
2011-03-14 14:10:54 +01:00
Ken Thomases
2cecf54427
secur32: Extract schan_imp_init/deinit functions.
2011-03-14 14:10:46 +01:00
Ken Thomases
9124cdc234
secur32: Extract schan_imp_allocate/free_certificate_credentials functions.
2011-03-14 14:10:38 +01:00
Ken Thomases
e02ac5f023
secur32: Use opaque type schan_imp_session in schan_imp interface.
2011-03-14 14:10:33 +01:00
Ken Thomases
6b5f7df5cb
secur32: Set session credentials in schan_imp_create_session.
2011-03-14 14:10:27 +01:00
Ken Thomases
3d47fce382
secur32: Set push & pull functions in schan_imp_create_session.
2011-03-14 14:10:21 +01:00
Ken Thomases
c86dafe51e
secur32: Extract GnuTLS-isms from schan_push to schan_push_adapter.
2011-03-14 14:10:17 +01:00
Ken Thomases
194aaef7cd
secur32: Extract GnuTLS-isms from schan_pull to schan_pull_adapter.
2011-03-14 14:10:13 +01:00
Ken Thomases
aeefb8188d
secur32: Extract schan_imp_create/dispose_session functions.
2011-03-14 14:10:02 +01:00
Ken Thomases
d7fe60c5b6
secur32: Extract schan_imp_set_session_transport function.
2011-03-14 14:09:55 +01:00
Ken Thomases
3608fe03a9
secur32: Extract schan_imp_handshake function.
2011-03-14 14:09:49 +01:00
Ken Thomases
842e0a5316
secur32: Use schan_imp_get_connection_info to get MAC size.
2011-03-14 14:09:42 +01:00
Ken Thomases
f7e598cfc8
secur32: Extract schan_imp_get_connection_info function.
2011-03-14 14:09:38 +01:00
Ken Thomases
ccae072a3c
secur32: Extract schan_imp_get_session_cipher_block_size function.
2011-03-14 14:09:32 +01:00
Ken Thomases
1b225a012e
secur32: Move some GnuTLS-specific helper functions.
2011-03-14 14:09:27 +01:00
Ken Thomases
12195b32df
secur32: Extract schan_imp_get_session_peer_certificate function.
2011-03-14 14:09:19 +01:00
Ken Thomases
9b85662fec
secur32: Extract schan_imp_recv function.
2011-03-14 14:09:12 +01:00
Ken Thomases
a5715ed625
secur32: Extract schan_imp_send function.
2011-03-14 14:09:03 +01:00
Ken Thomases
9942edacd4
secur32: Remove outdated comment that schannel is unimplemented.
2011-03-14 14:08:19 +01:00
Austin English
9c84bfa9a4
secur32/tests: Remove win9x hacks.
2011-03-01 13:21:58 +01:00
Austin English
1c659a5509
secur32/tests: Make sure return values are used (LLVM/Clang).
2011-02-11 14:49:41 +01:00
Austin English
7868edd86e
secur32/tests: Don't check return values inside of if(0) (LLVM/Clang).
2011-02-10 10:28:00 -06:00
Austin English
22c1843e08
secur32/tests: Make sure a return value is used (LLVM/Clang).
2011-02-09 09:29:13 -06:00
Ken Thomases
cf2de431ac
secur32/tests: Fix copy/paste error in test message ("first" -> "third").
2011-01-21 12:25:06 +01:00
Aric Stewart
fe05a73042
secur32/tests: Skip test on failure to acquire cred_handle.
2010-12-02 18:57:57 +01:00
Juan Lang
30435a5951
secur32: Trace flags as hex values.
2010-10-22 12:03:45 +02:00
Alexandre Julliard
81b8ee863e
makefiles: Add a standard header for all makefiles to replace the common variable initializations.
2010-09-19 12:36:48 +02:00
Piotr Caban
ab52186086
secur32: Prevent schannel tests from crashing on Windows NT.
2010-09-18 13:09:33 +02:00
Piotr Caban
cdf8d455c2
secur32: Handle extra data in schan_InitializeSecurityContextW.
2010-09-18 13:05:30 +02:00
Mikko Rasa
f2377e8981
secur32: Add some more schannel tests.
2010-09-15 16:36:45 -05:00
Mikko Rasa
506af9205d
secur32: Fill a SECBUFFER_MISSING buffer if the message is not complete.
2010-09-15 16:36:17 -05:00
Mikko Rasa
b335e94788
secur32: Only process full TLS frames in schan_DecryptMessage.
2010-09-15 16:36:11 -05:00
Mikko Rasa
149ffe130f
secur32: Fill header and trailer buffers in schan_DecryptMessage.
2010-09-15 16:36:01 -05:00
Mikko Rasa
b424b3431e
secur32: Validate buffers passed to schan_DecryptMessage.
2010-09-15 16:35:51 -05:00
Alexandre Julliard
b86d515ed6
dlls: Remove explicit imports of kernel32 and ntdll.
2010-07-21 17:38:36 +02:00
Michael Stefaniuc
24592a7a62
secur32: Avoid using long.
2010-05-12 13:44:40 +02:00
Kai Blin
9dd206d28e
secur32: Use NTLM2 instead of NTLMv2.
...
In the current code NTLMv2 is used when talking about second generation
NTLM crypto algorithms. Most other publiations call this NTLM2, and use
NTLMv2 to describe a different crypto handshake that can be used by
either NTLM1 or NTLM2 crypto.
2010-04-19 14:56:12 +02:00
Alexandre Julliard
43a98ecb21
secur32: Avoid using a pointer difference in a trace.
2010-04-09 16:14:07 +02:00
Alexandre Julliard
bef5645eb1
makefiles: Remove the no longer needed explicit separators for dependencies.
2010-03-16 13:28:19 +01:00
Alexandre Julliard
6164ce2d82
makefiles: Use the standard C_SRCS variable as the list of test files.
...
This enables it to be auto-updated by make_makefiles.
2010-02-22 10:47:11 +01:00
Juan Lang
7c3b9a1551
secur32: Report an error if libgnutls isn't found.
2010-01-11 12:54:23 -06:00
Rob Shearman
697955c922
secur32: Don't allocate context handle in wrapper InitializeSecurityContextA/W if it is the same as the handle passed into the function.
2009-12-30 13:40:35 +01:00
Rob Shearman
1346834605
secur32: Fix memory leaks in ntlm_InitializeSecurityContextW.
2009-12-30 13:40:31 +01:00
Rob Shearman
693433a3f2
secur32: Simplify memory management by not allocating memory for the CredHandle and CtxtHandle pointers.
...
Instead store the handles directly in the SspiData structure and pass
the addresses of these into SSPI functions.
2009-12-30 13:40:25 +01:00
Rob Shearman
5f01280edf
secur32: Fix memory leaks in tests.
2009-12-30 13:40:17 +01:00
Kai Blin
9a81b032c4
secur32: Pretend the NTLM provider also does Negotiate.
...
We had to enable the Negotiate provider a while back so programs that expected
that provider to be present would be happy. This broke programs that expect a
Negotiate provider to actually do something if it is present. This fix works
around that new issue by thunking all calls to Negotiate to NTLM.
2009-12-30 13:31:12 +01:00
Hans Leidekker
44f9595454
secur32/tests: Fix a couple of memory leaks.
...
Found by Valgrind.
2009-12-21 15:01:24 +01:00
Lei Zhang
c89211336b
secur32: Fix memory leak in SECUR32_addPackages.
2009-12-17 13:09:49 +01:00
Rob Shearman
3cd88cfab3
secur32: Fix memory leak in NTLM's FreeCredentialsHandle.
2009-12-14 12:04:05 +01:00
Hans Leidekker
aeb161f13f
secur32: Handle EOF from gnutls_record_recv.
2009-11-19 11:50:40 +01:00
Rob Shearman
f6c9c72e21
secur32: Output extra data in NTLM sign & seal test to diagnose failures seen on some Windows machines.
2009-11-09 19:38:58 +01:00
Kai Blin
e987ec4299
secur32: Use empty credentials when cached creds fail.
2009-11-09 19:38:00 +01:00
Henri Verbeet
3e96881e4c
secur32: Don't bother zeroing the handle table in SECUR32_initSchannelSP().
...
Handles are initialized when they're allocated.
2009-10-15 12:06:18 +02:00
Henri Verbeet
226519efbc
secur32: Don't try to cleanup uninitialized handles in SECUR32_deinitSchannelSP().
2009-10-15 12:06:18 +02:00
Henri Verbeet
5b47904231
secur32: Recognize the ARC4 cipher in schannel_get_cipher_algid().
2009-10-15 12:06:18 +02:00
Ge van Geldorp
43a28649c3
secur32/tests: Add acceptable error code for Win7 ntlm test.
2009-10-06 12:00:32 +02:00
Hans Leidekker
8bb68933ea
secur32: Test passing null authentication data to AcquireCredentialsHandle.
2009-10-06 11:58:19 +02:00
Paul Vriens
7b3213fd65
secur32/tests: Skip some tests on WinMe to avoid a crash.
2009-10-02 11:52:12 +02:00
Dylan Smith
fd3c8335fd
secur32: Free schannel handle table.
...
The table is initialized on process attach, and should be freed on process
detach (which is where SECUR32_deinitSchannelSP gets called).
2009-09-28 13:31:27 +02:00
Dylan Smith
fdcfbe21c3
secur32: Remove redendant call to gnutls_certificate_get_peers.
...
Two identical calls are made with the same parameters, and there are no
documented side effects of this function, so I removed one of them.
2009-09-28 13:31:18 +02:00
Kai Blin
e6ac20e814
secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials".
...
This reverts commit 7788c8ed0d
, as well
as commit ec443be738
. Due to erroneous
user input, these commits actually broke more than they fixed.
2009-08-12 12:51:02 +02:00
Kai Blin
dfb2b429a0
secur32: Load Negotiate provider again.
2009-08-12 12:50:03 +02:00
Juan Lang
15512454fb
secur32: Implement QueryContextAttributes for SECPKG_ATTR_CONNECTION_INFO.
2009-08-10 13:08:54 +02:00
Juan Lang
570c57ac95
secur32: Trace values of SCHANNEL_CRED structure.
2009-08-07 15:27:24 +02:00
Juan Lang
5ee34ea870
secur32: Implement QueryContextAttributes for SECPKG_ATTR_REMOTE_CERT_CONTEXT.
2009-08-06 12:01:41 +02:00
Juan Lang
3a493d7782
secur32: Sanity check handle index before indexing table.
2009-08-06 12:01:30 +02:00
Alexandre Julliard
a6b05ea96c
secur32: Avoid the close-on-exec race with pipe() on kernels that support pipe2().
2009-07-01 12:14:08 +02:00
Kai Blin
66b6415193
secur32: Don't return STATUS_SUCCESS from LsaGetLogonSessionData stub.
2009-06-03 15:34:31 +02:00
Henri Verbeet
a1465ba45f
secur32: Initialize cbBuffer to 0 for NULL buffers.
...
This prevents schan_resize_current_buffer() from thinking there's a buffer.
2009-05-25 11:23:24 +02:00
Kai Blin
ec443be738
secur32: Don't try to use ntlm_auth --use-cred-cache.
...
If ntlm_auth actually uses the cred cache, it will not give a session key.
As the Wine NTLM code depends on the session key to do transport crypto, don't
attempt to use the winbind cred cache.
This completely reverts my attempted fix 7788c8ed
and also parts of Rob's
888a8e27
and 8a2125f9
. It does not affect the code using wine's own credential
cache.
2009-05-20 13:34:16 +02:00
Austin English
07c214170d
secur32/tests: Sign compare fixes.
2009-05-11 12:47:48 +02:00
Ge van Geldorp
74dba4e602
secur32/tests: Fix GetUserNameEx() tests.
2009-04-14 15:20:30 -05:00
Ge van Geldorp
d31bb3f08d
secur32: Implement more GetUserNameEx() formats.
2009-04-14 15:20:30 -05:00
Kai Blin
7788c8ed0d
secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials.
...
Samba 3.0.28a (as shipped with Ubuntu 8.04) seems to break when using
cached credentials backed by winbindd, returning a BH error in our test
if we still need to provide a password. Handle this and report a more
correct error.
2009-04-14 11:28:34 -05:00
Paul Vriens
825354afe6
secur32/tests: Document some crashes on Windows.
2009-04-09 16:12:59 +02:00
Ge van Geldorp
c98513f9c8
secur32/tests: Add simple tests for GetUserNameExA/W().
2009-04-07 14:21:08 +02:00
Ge van Geldorp
dcb3e52e2d
secur32: Implement GetUserNameEx(NameSamCompatible).
2009-04-07 14:21:01 +02:00
Francois Gouget
c3aa03d244
secur32/tests: Use win_skip() to skip over unimplemented functionality.
2009-02-23 12:21:28 +01:00
Alexandre Julliard
21a7b21b65
secur32: Properly initialize the helper structure when fork support is missing.
2009-02-16 11:53:22 +01:00
Juan Lang
b9ae777d96
secur32: Fix a handful of test failures on Win9x.
2009-02-04 12:24:45 +01:00
Andrew Talbot
247b7c5a83
secur32: Declare a function static.
2009-01-26 15:48:48 +01:00
Michael Stefaniuc
e01ae46cac
secur32: Remove superfluous pointer casts.
2009-01-22 12:04:52 +01:00
Michael Stefaniuc
230fb06d2e
include: Change the rest of sspi.h to use LONG/ULONG for Win64 compatibility.
2009-01-06 12:44:04 +01:00
Michael Stefaniuc
57ab0cd9a6
include: sspi.h: Use the Win types as per MSDN.
...
This improves the Win64 compatibility.
2009-01-06 12:43:46 +01:00
Henri Verbeet
e4505389ad
secur32: Implement schannel DecryptMessage().
2008-12-29 11:48:42 +01:00
Henri Verbeet
3954c4ec65
secur32: Implement schannel EncryptMessage().
2008-12-29 11:48:35 +01:00
Henri Verbeet
95fd876266
secur32: Handle SECPKG_ATTR_STREAM_SIZES in schan_QueryContextAttributesW().
2008-12-29 11:48:27 +01:00
Henri Verbeet
3c114a88ca
secur32: Add stubs for schannel QueryContextAttributesA() and QueryContextAttributesW().
2008-12-29 11:48:18 +01:00
Henri Verbeet
24c5e6edbf
secur32: Dump the buffer descs in schan_InitializeSecurityContextW().
2008-12-29 11:48:12 +01:00
Henri Verbeet
7bf267624d
secur32: Try an EMPTY buffer if we can't find one of type TOKEN.
2008-12-29 11:48:06 +01:00
Alexandre Julliard
866240d4fd
secur32: Check for lack of fork() support.
2008-12-22 18:04:39 +01:00
Andrew Talbot
f397252071
secur32: Sign-compare warning fix.
2008-11-10 11:15:07 +01:00
Henri Verbeet
e00e5a37e2
secur32: Implement schannel InitializeSecurityContextW.
2008-10-20 12:23:08 +02:00
Henri Verbeet
e0e9195c81
secur32: Improve error handling for gnutls_global_init().
2008-10-20 12:22:51 +02:00
Henri Verbeet
60435135f9
secur32: Don't leak the credentials handle when pgnutls_certificate_allocate_credentials() fails.
2008-10-20 12:22:27 +02:00
Henri Verbeet
f6129d7d35
secur32: Don't make the pBuffer parameter to schan_QueryCredentialsAttributes() const.
2008-10-20 12:22:22 +02:00
Henri Verbeet
420cb678e1
secur32: Forward schannel InitializeSecurityContextA to InitializeSecurityContextW.
2008-10-07 12:10:23 +02:00
Henri Verbeet
937488c298
secur32: Improve error handling for gnutls_certificate_allocate_credentials().
2008-10-07 12:10:07 +02:00
Henri Verbeet
79d88ffe56
secur32: Use ~0UL instead of -1 for invalid schannel handles.
2008-10-07 12:09:50 +02:00
Kai Blin
ab05d35c6d
secur32: Make GetComputerObjectName(A|W) tests work on win2k3 domains.
2008-09-29 17:23:30 -05:00
Juan Lang
b95e146ccb
secur32: Fix test failure with neither gnutls nor ntlm_auth available.
2008-09-29 17:23:23 -05:00
Francois Gouget
975b582763
secur32: Fix compilation with GNU TLS 1.0.16.
2008-09-24 13:12:19 +02:00