From 0ee01e6fc24fa63daf292b7f358ea627894c1592 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 22 Jan 2007 12:33:27 +0000
Subject: r20949: Looking over some lcov output, try and walk some error paths.

Andrew Bartlett
(This used to be commit 9ed9a032c249461e69242afc2e0ccdd47524064e)
---
 source4/auth/ntlmssp/ntlmssp_sign.c |  6 +++---
 source4/torture/auth/ntlmssp.c      | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 316bb257ff..52cbf01ea9 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -168,7 +168,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 	}
 
 	if (sig->length < 8) {
-		DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
+		DEBUG(1, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
 			  (unsigned long)sig->length));
 	}
 
@@ -192,7 +192,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 			DEBUG(5, ("BAD SIG: got signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
 			dump_data(5, sig->data, sig->length);
 			
-			DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
+			DEBUG(1, ("NTLMSSP NTLM2 packet check failed due to invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	} else {
@@ -205,7 +205,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 			DEBUG(5, ("BAD SIG: got signature of %llu bytes of input:\n", (unsigned long long)length));
 			dump_data(5, sig->data, sig->length);
 			
-			DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
+			DEBUG(1, ("NTLMSSP NTLM1 packet check failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
index a7c3b03c39..096640301d 100644
--- a/source4/torture/auth/ntlmssp.c
+++ b/source4/torture/auth/ntlmssp.c
@@ -72,6 +72,18 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 	torture_assert(tctx, 0 == memcmp(sig.data, expected_sig.data, sig.length),
 				   "data mismatch");
 
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
+	gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
+
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_NO_USER_SESSION_KEY, "Check of just signed packet without a session key should fail");
+
 	talloc_free(gensec_security);
 
 	torture_assert_ntstatus_ok(tctx, 
@@ -114,6 +126,11 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 	torture_assert(tctx,  0 == memcmp(sig.data+8, expected_sig.data+8, sig.length-8),
 				   "data mismatch");
 
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security, gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
 	talloc_free(gensec_security);
 	return true;
 }
-- 
cgit