}
if (sig->length < 8) {
- DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n",
+ DEBUG(1, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n",
(unsigned long)sig->length));
}
DEBUG(5, ("BAD SIG: got signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
dump_data(5, sig->data, sig->length);
- DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
+ DEBUG(1, ("NTLMSSP NTLM2 packet check failed due to invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
return NT_STATUS_ACCESS_DENIED;
}
} else {
DEBUG(5, ("BAD SIG: got signature of %llu bytes of input:\n", (unsigned long long)length));
dump_data(5, sig->data, sig->length);
- DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
+ DEBUG(1, ("NTLMSSP NTLM1 packet check failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
return NT_STATUS_ACCESS_DENIED;
}
}
torture_assert(tctx, 0 == memcmp(sig.data, expected_sig.data, sig.length),
"data mismatch");
+ torture_assert_ntstatus_equal(tctx,
+ gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+ data.data, data.length, data.data, data.length, &sig),
+ NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
+ gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
+
+ torture_assert_ntstatus_equal(tctx,
+ gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+ data.data, data.length, data.data, data.length, &sig),
+ NT_STATUS_NO_USER_SESSION_KEY, "Check of just signed packet without a session key should fail");
+
talloc_free(gensec_security);
torture_assert_ntstatus_ok(tctx,
torture_assert(tctx, 0 == memcmp(sig.data+8, expected_sig.data+8, sig.length-8),
"data mismatch");
+ torture_assert_ntstatus_equal(tctx,
+ gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+ data.data, data.length, data.data, data.length, &sig),
+ NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
talloc_free(gensec_security);
return true;
}