Commit Graph

458 Commits

Author SHA1 Message Date
Jacek Caban 0f2e0365ea secur32: Added support for grbitEnabledProtocols in schan_AcquireClientCredentials. 2013-03-27 20:12:28 +01:00
Jacek Caban b7a75b468a secur32: Pass whole schan_credentials struct to schannel backend implementations. 2013-03-25 16:28:18 +01:00
Jacek Caban 64c84ef5c4 secur32: Report SecPkgContext_ConnectionInfo in bits, not bytes. 2013-02-27 19:23:36 +01:00
Ken Thomases 7494f5bc5e secur32: On Mac, add support for cipher suites defined in 10.8 SDK. 2013-02-07 16:37:49 +01:00
Jacek Caban db22753a05 winhttp: Added schannel-based netconn_recv implementation. 2013-01-23 23:41:15 +01:00
Jacek Caban 63c7f8d8ee secur32: Added SECPKG_ATTR_REMOTE_CERT_CONTEXT tests. 2013-01-21 16:19:35 +01:00
Jacek Caban 303ec3ef91 secur32: Return a cert context with context store in SECPKG_ATTR_REMOTE_CERT_CONTEXT MacOSX implementation. 2013-01-21 16:19:18 +01:00
Jacek Caban 5c5d12c8bc secur32: Return a cert context with context store in SECPKG_ATTR_REMOTE_CERT_CONTEXT GnuTLS implementation. 2013-01-21 16:19:05 +01:00
André Hentschel 1eaa25696b secur32/tests: Fix tests on win8. 2012-12-07 17:26:40 +01:00
Austin English 62e77128c5 secur32: Get rid of deprecated types. 2012-11-16 11:40:17 +01:00
Michael Stefaniuc 8fe8e2f967 secur32: Avoid a FALSE:TRUE conditional expression. 2012-08-15 12:12:56 +02:00
Henri Verbeet 8abcfeddd8 secur32: Recognize some more TLS versions. 2012-07-18 17:12:34 +02:00
Ken Thomases 98652ec1c6 secur32: On Mac, define modern ECDH cipher suites if the SDK doesn't. 2012-07-16 14:19:46 +02:00
Ken Thomases 4ccb8746fd secur32: On Mac, recognize key exchange algorithm for cipher suites using ECDH. 2012-07-16 14:19:37 +02:00
Henri Verbeet 2025e81585 secur32: Only read complete records in schan_InitializeSecurityContextW(). 2012-07-09 15:04:03 -04:00
Henri Verbeet 394519db67 secur32: Handle incomplete messages in schan_InitializeSecurityContextW(). 2012-06-26 17:32:40 +02:00
Henri Verbeet 8f39fb146a secur32: We can't read more than expected_size - 5 in schan_DecryptMessage(). 2012-06-26 17:31:02 +02:00
Henri Verbeet e2bd967a85 secur32: Handle padding only records in schan_DecryptMessage(). 2012-06-26 17:30:55 +02:00
Francois Gouget 71945b7635 secur32: Make some SecurityFunction methods static. 2012-05-21 11:34:37 +02:00
Hans Leidekker cb90e6b1a6 secur32/tests: Add tests for the Negotiate provider. 2012-05-10 18:43:38 +02:00
Hans Leidekker 19f8c79f9e secur32: Implement a Negotiate provider that forwards to NTLM. 2012-05-10 18:43:04 +02:00
Hans Leidekker 3181577810 secur32: Add an option to disable use of cached Samba credentials. 2012-05-10 18:42:40 +02:00
Hans Leidekker bd7e469760 secur32: Update NTLM capabilities to match native. 2012-05-10 18:42:30 +02:00
Hans Leidekker ebab1c72cf secur32: Remove some unused variables. 2012-05-10 18:42:21 +02:00
Hans Leidekker 81213a88e8 secur32: Fix potential leaks of the NTLM session key. 2012-05-10 18:42:15 +02:00
Alexandre Julliard ee1e1f0fdb secur32/tests: Don't compare the encrypted results if the session key is different. 2012-01-03 23:28:13 +01:00
André Hentschel 962230064d secur32/tests: Fail on missing NTLM. 2011-12-20 20:24:47 +01:00
Francois Gouget 3d9c7657bc secur32: Fix the compilation on Solaris by including errno.h instead of sys/errno.h. 2011-12-02 17:25:56 +01:00
Ken Thomases 3de1c71364 secur32: Reap child process to avoid leaving a zombie. 2011-12-01 10:44:28 +01:00
Ken Thomases d977044e76 secur32: Eliminate broken clean-up "cheat". 2011-11-30 11:45:26 +01:00
Ken Thomases f4ac641af5 secur32: Clean up the helper in all cases where it was allocated. 2011-11-30 11:45:21 +01:00
Ken Thomases e39e67ec3d secur32: Eliminate a dead store. 2011-11-30 11:45:18 +01:00
Francois Gouget 5305c8e009 secur32: Make the cs critical section static. 2011-11-15 19:37:36 +01:00
Andrew Talbot 7f17934de2 secur32: Superfluous semicolons fix. 2011-11-07 11:54:47 +01:00
Charles Davis 65634bca0b schannel: Don't use SSLCopyPeerCertificates on Mac OS 10.4. 2011-10-27 12:31:40 +02:00
Henri Verbeet 0dd54eb0fd secur32: Print the ntlm_auth diagnostic message to the winediag channel. 2011-10-27 12:25:13 +02:00
Henri Verbeet 7bb7d08d19 secur32: Handle the schan_buffers limit field in schan_get_buffer() instead of schan_pull().
Aside from being the right place, we depend on schan_get_buffer() not
returning a buffer if there's no space left in schan_imp_recv() /
schan_imp_send().
2011-10-05 17:00:58 -05:00
Henri Verbeet 929598fd00 secur32: Properly handle GNUTLS_E_AGAIN in (GnuTLS) schan_imp_recv(). 2011-10-03 14:38:49 -05:00
Henri Verbeet 65aed972c0 secur32: Properly handle GNUTLS_E_AGAIN in (GnuTLS) schan_imp_send(). 2011-10-03 14:38:44 -05:00
Henri Verbeet 5004c38dd5 secur32: Return failure if chan_EncryptMessage() can't encrypt the entire buffer. 2011-10-03 14:38:35 -05:00
Henri Verbeet 0903855456 secur32: Use gnutls_record_get_max_size() to get the maximum message size. 2011-10-03 14:38:21 -05:00
Francois Gouget 3de330db54 tests: Remove unneeded assert.h includes. 2011-09-27 10:59:56 +02:00
Alexandre Julliard 0359f9d430 secur32/tests: Avoid crash on test failure. 2011-09-09 15:53:49 +02:00
Alexandre Julliard 52fa3bf42d secur32: Avoid size_t and fix some printf formats. 2011-09-05 19:34:55 +02:00
Frédéric Delanoy 982e7f96b1 secur32: Remove dead code (Clang). 2011-07-05 14:42:53 +02:00
Marcus Meissner e1fcd78928 secur32: Mark internal symbols with hidden visibility. 2011-04-26 15:31:27 +02:00
Ken Thomases 5015f388d1 secur32: Add alternative schannel implementation for Mac OS X.
It uses the native Secure Transport API rather than GnuTLS.
2011-03-14 19:31:07 +01:00
Ken Thomases 0b396208db secur32: Separate GnuTLS schannel implementation into separate file. 2011-03-14 14:16:13 +01:00
Ken Thomases c890bf4dc8 secur32: Make no-implementation error message non-GnuTLS-specific. 2011-03-14 14:10:54 +01:00
Ken Thomases 2cecf54427 secur32: Extract schan_imp_init/deinit functions. 2011-03-14 14:10:46 +01:00
Ken Thomases 9124cdc234 secur32: Extract schan_imp_allocate/free_certificate_credentials functions. 2011-03-14 14:10:38 +01:00
Ken Thomases e02ac5f023 secur32: Use opaque type schan_imp_session in schan_imp interface. 2011-03-14 14:10:33 +01:00
Ken Thomases 6b5f7df5cb secur32: Set session credentials in schan_imp_create_session. 2011-03-14 14:10:27 +01:00
Ken Thomases 3d47fce382 secur32: Set push & pull functions in schan_imp_create_session. 2011-03-14 14:10:21 +01:00
Ken Thomases c86dafe51e secur32: Extract GnuTLS-isms from schan_push to schan_push_adapter. 2011-03-14 14:10:17 +01:00
Ken Thomases 194aaef7cd secur32: Extract GnuTLS-isms from schan_pull to schan_pull_adapter. 2011-03-14 14:10:13 +01:00
Ken Thomases aeefb8188d secur32: Extract schan_imp_create/dispose_session functions. 2011-03-14 14:10:02 +01:00
Ken Thomases d7fe60c5b6 secur32: Extract schan_imp_set_session_transport function. 2011-03-14 14:09:55 +01:00
Ken Thomases 3608fe03a9 secur32: Extract schan_imp_handshake function. 2011-03-14 14:09:49 +01:00
Ken Thomases 842e0a5316 secur32: Use schan_imp_get_connection_info to get MAC size. 2011-03-14 14:09:42 +01:00
Ken Thomases f7e598cfc8 secur32: Extract schan_imp_get_connection_info function. 2011-03-14 14:09:38 +01:00
Ken Thomases ccae072a3c secur32: Extract schan_imp_get_session_cipher_block_size function. 2011-03-14 14:09:32 +01:00
Ken Thomases 1b225a012e secur32: Move some GnuTLS-specific helper functions. 2011-03-14 14:09:27 +01:00
Ken Thomases 12195b32df secur32: Extract schan_imp_get_session_peer_certificate function. 2011-03-14 14:09:19 +01:00
Ken Thomases 9b85662fec secur32: Extract schan_imp_recv function. 2011-03-14 14:09:12 +01:00
Ken Thomases a5715ed625 secur32: Extract schan_imp_send function. 2011-03-14 14:09:03 +01:00
Ken Thomases 9942edacd4 secur32: Remove outdated comment that schannel is unimplemented. 2011-03-14 14:08:19 +01:00
Austin English 9c84bfa9a4 secur32/tests: Remove win9x hacks. 2011-03-01 13:21:58 +01:00
Austin English 1c659a5509 secur32/tests: Make sure return values are used (LLVM/Clang). 2011-02-11 14:49:41 +01:00
Austin English 7868edd86e secur32/tests: Don't check return values inside of if(0) (LLVM/Clang). 2011-02-10 10:28:00 -06:00
Austin English 22c1843e08 secur32/tests: Make sure a return value is used (LLVM/Clang). 2011-02-09 09:29:13 -06:00
Ken Thomases cf2de431ac secur32/tests: Fix copy/paste error in test message ("first" -> "third"). 2011-01-21 12:25:06 +01:00
Aric Stewart fe05a73042 secur32/tests: Skip test on failure to acquire cred_handle. 2010-12-02 18:57:57 +01:00
Juan Lang 30435a5951 secur32: Trace flags as hex values. 2010-10-22 12:03:45 +02:00
Alexandre Julliard 81b8ee863e makefiles: Add a standard header for all makefiles to replace the common variable initializations. 2010-09-19 12:36:48 +02:00
Piotr Caban ab52186086 secur32: Prevent schannel tests from crashing on Windows NT. 2010-09-18 13:09:33 +02:00
Piotr Caban cdf8d455c2 secur32: Handle extra data in schan_InitializeSecurityContextW. 2010-09-18 13:05:30 +02:00
Mikko Rasa f2377e8981 secur32: Add some more schannel tests. 2010-09-15 16:36:45 -05:00
Mikko Rasa 506af9205d secur32: Fill a SECBUFFER_MISSING buffer if the message is not complete. 2010-09-15 16:36:17 -05:00
Mikko Rasa b335e94788 secur32: Only process full TLS frames in schan_DecryptMessage. 2010-09-15 16:36:11 -05:00
Mikko Rasa 149ffe130f secur32: Fill header and trailer buffers in schan_DecryptMessage. 2010-09-15 16:36:01 -05:00
Mikko Rasa b424b3431e secur32: Validate buffers passed to schan_DecryptMessage. 2010-09-15 16:35:51 -05:00
Alexandre Julliard b86d515ed6 dlls: Remove explicit imports of kernel32 and ntdll. 2010-07-21 17:38:36 +02:00
Michael Stefaniuc 24592a7a62 secur32: Avoid using long. 2010-05-12 13:44:40 +02:00
Kai Blin 9dd206d28e secur32: Use NTLM2 instead of NTLMv2.
In the current code NTLMv2 is used when talking about second generation
NTLM crypto algorithms. Most other publiations call this NTLM2, and use
NTLMv2 to describe a different crypto handshake that can be used by
either NTLM1 or NTLM2 crypto.
2010-04-19 14:56:12 +02:00
Alexandre Julliard 43a98ecb21 secur32: Avoid using a pointer difference in a trace. 2010-04-09 16:14:07 +02:00
Alexandre Julliard bef5645eb1 makefiles: Remove the no longer needed explicit separators for dependencies. 2010-03-16 13:28:19 +01:00
Alexandre Julliard 6164ce2d82 makefiles: Use the standard C_SRCS variable as the list of test files.
This enables it to be auto-updated by make_makefiles.
2010-02-22 10:47:11 +01:00
Juan Lang 7c3b9a1551 secur32: Report an error if libgnutls isn't found. 2010-01-11 12:54:23 -06:00
Rob Shearman 697955c922 secur32: Don't allocate context handle in wrapper InitializeSecurityContextA/W if it is the same as the handle passed into the function. 2009-12-30 13:40:35 +01:00
Rob Shearman 1346834605 secur32: Fix memory leaks in ntlm_InitializeSecurityContextW. 2009-12-30 13:40:31 +01:00
Rob Shearman 693433a3f2 secur32: Simplify memory management by not allocating memory for the CredHandle and CtxtHandle pointers.
Instead store the handles directly in the SspiData structure and pass
the addresses of these into SSPI functions.
2009-12-30 13:40:25 +01:00
Rob Shearman 5f01280edf secur32: Fix memory leaks in tests. 2009-12-30 13:40:17 +01:00
Kai Blin 9a81b032c4 secur32: Pretend the NTLM provider also does Negotiate.
We had to enable the Negotiate provider a while back so programs that expected 
that provider to be present would be happy. This broke programs that expect a 
Negotiate provider to actually do something if it is present. This fix works 
around that new issue by thunking all calls to Negotiate to NTLM.
2009-12-30 13:31:12 +01:00
Hans Leidekker 44f9595454 secur32/tests: Fix a couple of memory leaks.
Found by Valgrind.
2009-12-21 15:01:24 +01:00
Lei Zhang c89211336b secur32: Fix memory leak in SECUR32_addPackages. 2009-12-17 13:09:49 +01:00
Rob Shearman 3cd88cfab3 secur32: Fix memory leak in NTLM's FreeCredentialsHandle. 2009-12-14 12:04:05 +01:00
Hans Leidekker aeb161f13f secur32: Handle EOF from gnutls_record_recv. 2009-11-19 11:50:40 +01:00
Rob Shearman f6c9c72e21 secur32: Output extra data in NTLM sign & seal test to diagnose failures seen on some Windows machines. 2009-11-09 19:38:58 +01:00
Kai Blin e987ec4299 secur32: Use empty credentials when cached creds fail. 2009-11-09 19:38:00 +01:00
Henri Verbeet 3e96881e4c secur32: Don't bother zeroing the handle table in SECUR32_initSchannelSP().
Handles are initialized when they're allocated.
2009-10-15 12:06:18 +02:00
Henri Verbeet 226519efbc secur32: Don't try to cleanup uninitialized handles in SECUR32_deinitSchannelSP(). 2009-10-15 12:06:18 +02:00
Henri Verbeet 5b47904231 secur32: Recognize the ARC4 cipher in schannel_get_cipher_algid(). 2009-10-15 12:06:18 +02:00
Ge van Geldorp 43a28649c3 secur32/tests: Add acceptable error code for Win7 ntlm test. 2009-10-06 12:00:32 +02:00
Hans Leidekker 8bb68933ea secur32: Test passing null authentication data to AcquireCredentialsHandle. 2009-10-06 11:58:19 +02:00
Paul Vriens 7b3213fd65 secur32/tests: Skip some tests on WinMe to avoid a crash. 2009-10-02 11:52:12 +02:00
Dylan Smith fd3c8335fd secur32: Free schannel handle table.
The table is initialized on process attach, and should be freed on process
detach (which is where SECUR32_deinitSchannelSP gets called).
2009-09-28 13:31:27 +02:00
Dylan Smith fdcfbe21c3 secur32: Remove redendant call to gnutls_certificate_get_peers.
Two identical calls are made with the same parameters, and there are no
documented side effects of this function, so I removed one of them.
2009-09-28 13:31:18 +02:00
Kai Blin e6ac20e814 secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials".
This reverts commit 7788c8ed0d, as well
as commit ec443be738. Due to erroneous
user input, these commits actually broke more than they fixed.
2009-08-12 12:51:02 +02:00
Kai Blin dfb2b429a0 secur32: Load Negotiate provider again. 2009-08-12 12:50:03 +02:00
Juan Lang 15512454fb secur32: Implement QueryContextAttributes for SECPKG_ATTR_CONNECTION_INFO. 2009-08-10 13:08:54 +02:00
Juan Lang 570c57ac95 secur32: Trace values of SCHANNEL_CRED structure. 2009-08-07 15:27:24 +02:00
Juan Lang 5ee34ea870 secur32: Implement QueryContextAttributes for SECPKG_ATTR_REMOTE_CERT_CONTEXT. 2009-08-06 12:01:41 +02:00
Juan Lang 3a493d7782 secur32: Sanity check handle index before indexing table. 2009-08-06 12:01:30 +02:00
Alexandre Julliard a6b05ea96c secur32: Avoid the close-on-exec race with pipe() on kernels that support pipe2(). 2009-07-01 12:14:08 +02:00
Kai Blin 66b6415193 secur32: Don't return STATUS_SUCCESS from LsaGetLogonSessionData stub. 2009-06-03 15:34:31 +02:00
Henri Verbeet a1465ba45f secur32: Initialize cbBuffer to 0 for NULL buffers.
This prevents schan_resize_current_buffer() from thinking there's a buffer.
2009-05-25 11:23:24 +02:00
Kai Blin ec443be738 secur32: Don't try to use ntlm_auth --use-cred-cache.
If ntlm_auth actually uses the cred cache, it will not give a session key.
As the Wine NTLM code depends on the session key to do transport crypto, don't
attempt to use the winbind cred cache.

This completely reverts my attempted fix 7788c8ed and also parts of Rob's
888a8e27 and 8a2125f9. It does not affect the code using wine's own credential
cache.
2009-05-20 13:34:16 +02:00
Austin English 07c214170d secur32/tests: Sign compare fixes. 2009-05-11 12:47:48 +02:00
Ge van Geldorp 74dba4e602 secur32/tests: Fix GetUserNameEx() tests. 2009-04-14 15:20:30 -05:00
Ge van Geldorp d31bb3f08d secur32: Implement more GetUserNameEx() formats. 2009-04-14 15:20:30 -05:00
Kai Blin 7788c8ed0d secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials.
Samba 3.0.28a (as shipped with Ubuntu 8.04) seems to break when using
cached credentials backed by winbindd, returning a BH error in our test
if we still need to provide a password. Handle this and report a more
correct error.
2009-04-14 11:28:34 -05:00
Paul Vriens 825354afe6 secur32/tests: Document some crashes on Windows. 2009-04-09 16:12:59 +02:00
Ge van Geldorp c98513f9c8 secur32/tests: Add simple tests for GetUserNameExA/W(). 2009-04-07 14:21:08 +02:00
Ge van Geldorp dcb3e52e2d secur32: Implement GetUserNameEx(NameSamCompatible). 2009-04-07 14:21:01 +02:00
Francois Gouget c3aa03d244 secur32/tests: Use win_skip() to skip over unimplemented functionality. 2009-02-23 12:21:28 +01:00
Alexandre Julliard 21a7b21b65 secur32: Properly initialize the helper structure when fork support is missing. 2009-02-16 11:53:22 +01:00
Juan Lang b9ae777d96 secur32: Fix a handful of test failures on Win9x. 2009-02-04 12:24:45 +01:00
Andrew Talbot 247b7c5a83 secur32: Declare a function static. 2009-01-26 15:48:48 +01:00
Michael Stefaniuc e01ae46cac secur32: Remove superfluous pointer casts. 2009-01-22 12:04:52 +01:00
Michael Stefaniuc 230fb06d2e include: Change the rest of sspi.h to use LONG/ULONG for Win64 compatibility. 2009-01-06 12:44:04 +01:00
Michael Stefaniuc 57ab0cd9a6 include: sspi.h: Use the Win types as per MSDN.
This improves the Win64 compatibility.
2009-01-06 12:43:46 +01:00
Henri Verbeet e4505389ad secur32: Implement schannel DecryptMessage(). 2008-12-29 11:48:42 +01:00
Henri Verbeet 3954c4ec65 secur32: Implement schannel EncryptMessage(). 2008-12-29 11:48:35 +01:00
Henri Verbeet 95fd876266 secur32: Handle SECPKG_ATTR_STREAM_SIZES in schan_QueryContextAttributesW(). 2008-12-29 11:48:27 +01:00
Henri Verbeet 3c114a88ca secur32: Add stubs for schannel QueryContextAttributesA() and QueryContextAttributesW(). 2008-12-29 11:48:18 +01:00
Henri Verbeet 24c5e6edbf secur32: Dump the buffer descs in schan_InitializeSecurityContextW(). 2008-12-29 11:48:12 +01:00
Henri Verbeet 7bf267624d secur32: Try an EMPTY buffer if we can't find one of type TOKEN. 2008-12-29 11:48:06 +01:00
Alexandre Julliard 866240d4fd secur32: Check for lack of fork() support. 2008-12-22 18:04:39 +01:00
Andrew Talbot f397252071 secur32: Sign-compare warning fix. 2008-11-10 11:15:07 +01:00
Henri Verbeet e00e5a37e2 secur32: Implement schannel InitializeSecurityContextW. 2008-10-20 12:23:08 +02:00
Henri Verbeet e0e9195c81 secur32: Improve error handling for gnutls_global_init(). 2008-10-20 12:22:51 +02:00
Henri Verbeet 60435135f9 secur32: Don't leak the credentials handle when pgnutls_certificate_allocate_credentials() fails. 2008-10-20 12:22:27 +02:00
Henri Verbeet f6129d7d35 secur32: Don't make the pBuffer parameter to schan_QueryCredentialsAttributes() const. 2008-10-20 12:22:22 +02:00
Henri Verbeet 420cb678e1 secur32: Forward schannel InitializeSecurityContextA to InitializeSecurityContextW. 2008-10-07 12:10:23 +02:00
Henri Verbeet 937488c298 secur32: Improve error handling for gnutls_certificate_allocate_credentials(). 2008-10-07 12:10:07 +02:00
Henri Verbeet 79d88ffe56 secur32: Use ~0UL instead of -1 for invalid schannel handles. 2008-10-07 12:09:50 +02:00
Kai Blin ab05d35c6d secur32: Make GetComputerObjectName(A|W) tests work on win2k3 domains. 2008-09-29 17:23:30 -05:00
Juan Lang b95e146ccb secur32: Fix test failure with neither gnutls nor ntlm_auth available. 2008-09-29 17:23:23 -05:00
Francois Gouget 975b582763 secur32: Fix compilation with GNU TLS 1.0.16. 2008-09-24 13:12:19 +02:00