From fc151aaec0a652b94617487feb41eadcab54dd37 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 09:39:40 +0100 Subject: [PATCH] Added patch to fix handling of ANSI NTLM credentials. --- README.md | 3 +- debian/changelog | 1 + patches/patchinstall.sh | 43 ++++++-- ...ix-handling-of-ANSI-NTLM-credentials.patch | 104 ++++++++++++++++++ .../secur32-ANSI_NTLM_Credentials/definition | 1 + 5 files changed, 139 insertions(+), 13 deletions(-) create mode 100644 patches/secur32-ANSI_NTLM_Credentials/0001-secur32-Fix-handling-of-ANSI-NTLM-credentials.patch create mode 100644 patches/secur32-ANSI_NTLM_Credentials/definition diff --git a/README.md b/README.md index fde8688a..1e960ea2 100644 --- a/README.md +++ b/README.md @@ -38,10 +38,11 @@ Wine. All those differences are also documented on the Included bug fixes and improvements =================================== -**Bugfixes and features included in the next upcoming release [3]:** +**Bugfixes and features included in the next upcoming release [4]:** * Add stubs for Power[Set|Clear]Request * Avoid spam of FIXME messages for PsLookupProcessByProcessId stub ([Wine Bug #36821](https://bugs.winehq.org/show_bug.cgi?id=36821)) +* Fix handling of ANSI NTLM credentials ([Wine Bug #37063](https://bugs.winehq.org/show_bug.cgi?id=37063)) * Implement empty enumerator for IWiaDevMgr::EnumDeviceInfo ([Wine Bug #27775](https://bugs.winehq.org/show_bug.cgi?id=27775)) diff --git a/debian/changelog b/debian/changelog index 28993ded..51739cc2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ wine-staging (1.7.40) UNRELEASED; urgency=low * Added patch with stubs for Power[Set|Clear]Request. * Added patch to avoid spam of FIXME messages for PsLookupProcessByProcessId stub. * Added patch to implement empty enumerator for IWiaDevMgr::EnumDeviceInfo. + * Added patch to fix handling of ANSI NTLM credentials. * Removed patch to fix regression causing black screen on startup (accepted upstream). * Removed patch to fix edge cases in TOOLTIPS_GetTipText (fixed upstream). * Removed patch for IConnectionPoint/INetworkListManagerEvents stub interface (accepted upstream). diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index e788bf4a..f191c31c 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -164,6 +164,7 @@ patch_enable_all () enable_quartz_MediaSeeking_Positions="$1" enable_regedit_String_Termination="$1" enable_riched20_IText_Interface="$1" + enable_secur32_ANSI_NTLM_Credentials="$1" enable_secur32_Schannel_ContextAttr="$1" enable_server_ACL_Compat="$1" enable_server_Address_List_Change="$1" @@ -548,6 +549,9 @@ patch_enable () riched20-IText_Interface) enable_riched20_IText_Interface="$2" ;; + secur32-ANSI_NTLM_Credentials) + enable_secur32_ANSI_NTLM_Credentials="$2" + ;; secur32-Schannel_ContextAttr) enable_secur32_Schannel_ContextAttr="$2" ;; @@ -1780,18 +1784,6 @@ if test "$enable_dxgi_GetDesc" -eq 1; then ) >> "$patchlist" fi -# Patchset makedep-PARENTSPEC -# | -# | Modified files: -# | * tools/makedep.c -# | -if test "$enable_makedep_PARENTSPEC" -eq 1; then - patch_apply makedep-PARENTSPEC/0001-makedep-Add-support-for-PARENTSPEC-Makefile-variable.patch - ( - echo '+ { "Sebastian Lackner", "makedep: Add support for PARENTSPEC Makefile variable.", 1 },'; - ) >> "$patchlist" -fi - # Patchset ntdll-DllRedirects # | # | Modified files: @@ -1812,6 +1804,18 @@ if test "$enable_ntdll_DllRedirects" -eq 1; then ) >> "$patchlist" fi +# Patchset makedep-PARENTSPEC +# | +# | Modified files: +# | * tools/makedep.c +# | +if test "$enable_makedep_PARENTSPEC" -eq 1; then + patch_apply makedep-PARENTSPEC/0001-makedep-Add-support-for-PARENTSPEC-Makefile-variable.patch + ( + echo '+ { "Sebastian Lackner", "makedep: Add support for PARENTSPEC Makefile variable.", 1 },'; + ) >> "$patchlist" +fi + # Patchset wined3d-CSMT_Helper # | # | Modified files: @@ -3526,6 +3530,21 @@ if test "$enable_riched20_IText_Interface" -eq 1; then ) >> "$patchlist" fi +# Patchset secur32-ANSI_NTLM_Credentials +# | +# | This patchset fixes the following Wine bugs: +# | * [#37063] Fix handling of ANSI NTLM credentials +# | +# | Modified files: +# | * dlls/secur32/ntlm.c +# | +if test "$enable_secur32_ANSI_NTLM_Credentials" -eq 1; then + patch_apply secur32-ANSI_NTLM_Credentials/0001-secur32-Fix-handling-of-ANSI-NTLM-credentials.patch + ( + echo '+ { "David Woodhouse", "secur32: Fix handling of ANSI NTLM credentials.", 1 },'; + ) >> "$patchlist" +fi + # Patchset secur32-Schannel_ContextAttr # | # | This patchset fixes the following Wine bugs: diff --git a/patches/secur32-ANSI_NTLM_Credentials/0001-secur32-Fix-handling-of-ANSI-NTLM-credentials.patch b/patches/secur32-ANSI_NTLM_Credentials/0001-secur32-Fix-handling-of-ANSI-NTLM-credentials.patch new file mode 100644 index 00000000..b1c28d6e --- /dev/null +++ b/patches/secur32-ANSI_NTLM_Credentials/0001-secur32-Fix-handling-of-ANSI-NTLM-credentials.patch @@ -0,0 +1,104 @@ +From 84e4f321118a11991a34e24dd1729181ad8a1574 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Fri, 8 Aug 2014 13:21:56 +0100 +Subject: secur32: Fix handling of ANSI NTLM credentials + +One of many issues covered in bug 37063... we assume that the +credentials are in Unicode, instead of looking at the Flags field. +--- + dlls/secur32/ntlm.c | 69 ++++++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 58 insertions(+), 11 deletions(-) + +diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c +index 0fe64ed..72e9706 100644 +--- a/dlls/secur32/ntlm.c ++++ b/dlls/secur32/ntlm.c +@@ -174,27 +174,74 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW( + if(pAuthData != NULL) + { + PSEC_WINNT_AUTH_IDENTITY_W auth_data = pAuthData; ++ LPWSTR domain = NULL, user = NULL, password = NULL; ++ int domain_len = 0, user_len = 0, password_len = 0; + +- TRACE("Username is %s\n", debugstr_wn(auth_data->User, auth_data->UserLength)); +- TRACE("Domain name is %s\n", debugstr_wn(auth_data->Domain, auth_data->DomainLength)); ++ if (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI) ++ { ++ if (auth_data->DomainLength) ++ { ++ domain_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain, ++ auth_data->DomainLength, NULL, 0); ++ domain = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * domain_len); ++ MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain, auth_data->DomainLength, ++ domain, domain_len); ++ } ++ ++ if (auth_data->UserLength) ++ { ++ user_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User, ++ auth_data->UserLength, NULL, 0); ++ user = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * user_len); ++ MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User, auth_data->UserLength, ++ user, user_len); ++ } ++ ++ if (auth_data->PasswordLength) ++ { ++ password_len = MultiByteToWideChar(CP_ACP, 0,(char *)auth_data->Password, ++ auth_data->PasswordLength, NULL, 0); ++ password = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * password_len); ++ MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Password, auth_data->PasswordLength, ++ password, password_len); ++ } ++ } ++ else ++ { ++ domain = auth_data->Domain; ++ domain_len = auth_data->DomainLength; ++ ++ user = auth_data->User; ++ user_len = auth_data->UserLength; ++ ++ password = auth_data->Password; ++ password_len = auth_data->PasswordLength; ++ } ++ ++ TRACE("Username is %s\n", debugstr_wn(user, user_len)); ++ TRACE("Domain name is %s\n", debugstr_wn(domain, domain_len)); + +- ntlm_cred->username_arg = ntlm_GetUsernameArg(auth_data->User, auth_data->UserLength); +- ntlm_cred->domain_arg = ntlm_GetDomainArg(auth_data->Domain, auth_data->DomainLength); ++ ntlm_cred->username_arg = ntlm_GetUsernameArg(user, user_len); ++ ntlm_cred->domain_arg = ntlm_GetDomainArg(domain, domain_len); + +- if(auth_data->PasswordLength != 0) ++ if(password_len != 0) + { +- ntlm_cred->pwlen = WideCharToMultiByte(CP_UNIXCP, +- WC_NO_BEST_FIT_CHARS, auth_data->Password, +- auth_data->PasswordLength, NULL, 0, NULL, +- NULL); ++ ntlm_cred->pwlen = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password, ++ password_len, NULL, 0, NULL, NULL); + + ntlm_cred->password = HeapAlloc(GetProcessHeap(), 0, + ntlm_cred->pwlen); + +- WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, +- auth_data->Password, auth_data->PasswordLength, ++ WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password, password_len, + ntlm_cred->password, ntlm_cred->pwlen, NULL, NULL); + } ++ ++ if (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI) ++ { ++ HeapFree(GetProcessHeap(), 0, domain); ++ HeapFree(GetProcessHeap(), 0, user); ++ HeapFree(GetProcessHeap(), 0, password); ++ } + } + + phCredential->dwUpper = fCredentialUse; +-- +2.3.3 + diff --git a/patches/secur32-ANSI_NTLM_Credentials/definition b/patches/secur32-ANSI_NTLM_Credentials/definition new file mode 100644 index 00000000..768dc0b4 --- /dev/null +++ b/patches/secur32-ANSI_NTLM_Credentials/definition @@ -0,0 +1 @@ +Fixes: [37063] Fix handling of ANSI NTLM credentials