2 * Miscellaneous secur32 tests
4 * Copyright 2005 Kai Blin
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #define SECURITY_WIN32
26 #include "wine/test.h"
30 #define BUFF_SIZE 2048
31 #define MAX_MESSAGE 12000
33 /*---------------------------------------------------------*/
34 /* General helper functions */
36 static const char* getSecStatusError(SECURITY_STATUS status
)
38 #define _SEC_ERR(x) case (x): return #x;
42 _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY
);
43 _SEC_ERR(SEC_E_INVALID_HANDLE
);
44 _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION
);
45 _SEC_ERR(SEC_E_TARGET_UNKNOWN
);
46 _SEC_ERR(SEC_E_INTERNAL_ERROR
);
47 _SEC_ERR(SEC_E_SECPKG_NOT_FOUND
);
48 _SEC_ERR(SEC_E_NOT_OWNER
);
49 _SEC_ERR(SEC_E_CANNOT_INSTALL
);
50 _SEC_ERR(SEC_E_INVALID_TOKEN
);
51 _SEC_ERR(SEC_E_CANNOT_PACK
);
52 _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED
);
53 _SEC_ERR(SEC_E_NO_IMPERSONATION
);
54 _SEC_ERR(SEC_I_CONTINUE_NEEDED
);
56 trace("Error = %ld\n", status
);
57 return "Unknown error";
62 /*---------------------------------------------------------*/
63 /* Helper for testQuerySecurityPagageInfo */
65 static SECURITY_STATUS
setupPackageA(SEC_CHAR
*p_package_name
,
66 PSecPkgInfo
*p_pkg_info
)
68 SECURITY_STATUS ret
= SEC_E_SECPKG_NOT_FOUND
;
70 ret
= QuerySecurityPackageInfoA( p_package_name
, p_pkg_info
);
74 /*---------------------------------------------------------*/
75 /* Helper for testAuthentication */
77 static int genClientContext(PBYTE in
, DWORD in_count
, PBYTE out
,
78 DWORD
*out_count
, BOOL
*done
, char *target
, CredHandle
*cred_handle
,
79 PCtxtHandle ctxt_handle
, PSecurityFunctionTable sft
)
81 SECURITY_STATUS sec_status
;
83 SecBufferDesc in_sec_buff_desc
, out_sec_buff_desc
;
84 SecBuffer in_sec_buff
, out_sec_buff
;
88 sec_status
= (sft
->AcquireCredentialsHandle
)(NULL
, "Negotiate",
89 SECPKG_CRED_OUTBOUND
, NULL
, NULL
, NULL
, NULL
, cred_handle
,
92 ok(sec_status
== SEC_E_OK
,
93 "Client AcquireCredentialsHandle should not return %s\n",
94 getSecStatusError(sec_status
) );
98 out_sec_buff_desc
.ulVersion
= 0;
99 out_sec_buff_desc
.cBuffers
= 1;
100 out_sec_buff_desc
.pBuffers
= &out_sec_buff
;
102 out_sec_buff
.cbBuffer
= *out_count
;
103 out_sec_buff
.BufferType
= SECBUFFER_TOKEN
;
104 out_sec_buff
.pvBuffer
= out
;
107 /* we got some data, initialize input buffer, too. */
108 in_sec_buff_desc
.ulVersion
= 0;
109 in_sec_buff_desc
.cBuffers
= 1;
110 in_sec_buff_desc
.pBuffers
= &in_sec_buff
;
112 in_sec_buff
.cbBuffer
= in_count
;
113 in_sec_buff
.BufferType
= SECBUFFER_TOKEN
;
114 in_sec_buff
.pvBuffer
= in
;
116 sec_status
= (sft
->InitializeSecurityContext
)( cred_handle
, ctxt_handle
,
117 target
,ISC_REQ_CONFIDENTIALITY
, 0, SECURITY_NATIVE_DREP
,
118 &in_sec_buff_desc
, 0, ctxt_handle
, &out_sec_buff_desc
,
119 &context_attr
, &ttl
);
123 sec_status
= (sft
->InitializeSecurityContext
)( cred_handle
, NULL
,
124 target
, ISC_REQ_CONFIDENTIALITY
, 0, SECURITY_NATIVE_DREP
, NULL
,
125 0, ctxt_handle
, &out_sec_buff_desc
, &context_attr
, &ttl
);
128 if( (sec_status
== SEC_I_COMPLETE_NEEDED
) ||
129 (sec_status
== SEC_I_COMPLETE_AND_CONTINUE
)){
130 if(sft
->CompleteAuthToken
!= NULL
){
131 sec_status
= (sft
->CompleteAuthToken
)( ctxt_handle
,
133 ok((sec_status
== SEC_E_OK
)||(sec_status
== SEC_I_CONTINUE_NEEDED
),
134 "CompleteAuthToken should not return %s\n",
135 getSecStatusError(sec_status
));
141 *out_count
= out_sec_buff
.cbBuffer
;
142 *done
= !( (sec_status
== SEC_I_CONTINUE_NEEDED
) ||
143 (sec_status
== SEC_I_COMPLETE_AND_CONTINUE
));
149 static int genServerContext(PBYTE in
, DWORD in_count
, PBYTE out
,
150 DWORD
*out_count
, BOOL
*done
, BOOL
*new_conn
, CredHandle
*cred_handle
,
151 PCtxtHandle ctxt_handle
, PSecurityFunctionTable sft
)
153 SECURITY_STATUS sec_status
;
155 SecBufferDesc in_sec_buff_desc
, out_sec_buff_desc
;
156 SecBuffer in_sec_buff
, out_sec_buff
;
159 out_sec_buff_desc
.ulVersion
= 0;
160 out_sec_buff_desc
.cBuffers
= 1;
161 out_sec_buff_desc
.pBuffers
= &out_sec_buff
;
163 out_sec_buff
.cbBuffer
= *out_count
;
164 out_sec_buff
.BufferType
= SECBUFFER_TOKEN
;
165 out_sec_buff
.pvBuffer
= out
;
167 in_sec_buff_desc
.ulVersion
= 0;
168 in_sec_buff_desc
.cBuffers
= 1;
169 in_sec_buff_desc
.pBuffers
= &in_sec_buff
;
171 in_sec_buff
.cbBuffer
= in_count
;
172 in_sec_buff
.BufferType
= SECBUFFER_TOKEN
;
173 in_sec_buff
.pvBuffer
= in
;
175 sec_status
= (sft
->AcceptSecurityContext
)( cred_handle
,
176 *new_conn
? NULL
: ctxt_handle
, /* maybe use an if here? */
177 &in_sec_buff_desc
, 0, SECURITY_NATIVE_DREP
,
178 ctxt_handle
, &out_sec_buff_desc
, &ctxt_attr
, &ttl
);
180 ok((sec_status
== SEC_E_OK
) || (sec_status
== SEC_I_CONTINUE_NEEDED
),
181 "AcceptSecurityContext returned %s\n",
182 getSecStatusError(sec_status
));
184 if( (sec_status
== SEC_I_COMPLETE_NEEDED
) ||
185 (sec_status
== SEC_I_COMPLETE_AND_CONTINUE
)){
186 if(sft
->CompleteAuthToken
!= NULL
){
187 sec_status
= (sft
->CompleteAuthToken
)( ctxt_handle
,
190 ok((sec_status
==SEC_E_OK
) || (sec_status
==SEC_I_CONTINUE_NEEDED
),
191 "CompleteAuthToken should not return %s\n",
192 getSecStatusError(sec_status
));
196 *out_count
= out_sec_buff
.cbBuffer
;
197 *done
= !( (sec_status
== SEC_I_CONTINUE_NEEDED
) ||
198 (sec_status
== SEC_I_COMPLETE_AND_CONTINUE
));
205 /*--------------------------------------------------------- */
206 /* The test functions */
208 static void testInitSecurityInterface(void)
210 PSecurityFunctionTable sec_fun_table
= NULL
;
212 sec_fun_table
= InitSecurityInterface();
213 ok(sec_fun_table
!= NULL
, "InitSecurityInterface() returned NULL.\n");
217 static void testEnumerateSecurityPackages(void)
220 SECURITY_STATUS sec_status
;
221 ULONG num_packages
, i
;
222 PSecPkgInfo pkg_info
= NULL
;
224 trace("Running testEnumerateSecurityPackages\n");
226 sec_status
= EnumerateSecurityPackages(&num_packages
, &pkg_info
);
228 ok(sec_status
== SEC_E_OK
,
229 "EnumerateSecurityPackages() should return %ld, not %ld\n",
230 (LONG
)SEC_E_OK
, (LONG
)sec_status
);
232 ok(num_packages
> 0, "Number of sec packages should be > 0 ,but is %ld\n",
236 "pkg_info should not be NULL after EnumerateSecurityPackages\n");
238 trace("Number of packages: %ld\n", num_packages
);
239 for(i
= 0; i
< num_packages
; ++i
){
241 trace("Package \"%s\"\n", pkg_info
[i
].Name
);
242 trace("Flags supported: \n");
243 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_INTEGRITY
)
244 trace("\tSECPKG_FLAG_INTEGRITY\n");
245 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_PRIVACY
)
246 trace("\tSECPKG_FLAG_PRIVACY\n");
247 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_TOKEN_ONLY
)
248 trace("\tSECPKG_FLAG_TOKEN_ONLY\n");
249 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_DATAGRAM
)
250 trace("\tSECPKG_FLAG_DATAGRAM\n");
251 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_CONNECTION
)
252 trace("\tSECPKG_FLAG_CONNECTION\n");
253 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_MULTI_REQUIRED
)
254 trace("\tSECPKG_FLAG_MULTI_REQUIRED\n");
255 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_CLIENT_ONLY
)
256 trace("\tSECPKG_FLAG_CLIENT_ONLY\n");
257 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_EXTENDED_ERROR
)
258 trace("\tSECPKG_FLAG_EXTENDED_ERROR\n");
259 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_IMPERSONATION
)
260 trace("\tSECPKG_FLAG_IMPERSONATION\n");
261 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_ACCEPT_WIN32_NAME
)
262 trace("\tSECPKG_FLAG_ACCEPT_WIN32_NAME\n");
263 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_STREAM
)
264 trace("\tSECPKG_FLAG_STREAM\n");
265 if(pkg_info
[i
].fCapabilities
& SECPKG_FLAG_READONLY_WITH_CHECKSUM
)
266 trace("\tSECPKG_FLAG_READONLY_WITH_CHECKSUM\n");
267 trace("Comment: %s\n", pkg_info
[i
].Comment
);
271 FreeContextBuffer(pkg_info
);
275 static void testQuerySecurityPackageInfo(void)
277 SECURITY_STATUS sec_status
;
278 SEC_CHAR sec_pkg_name
[256];
279 PSecPkgInfo pkg_info
= NULL
;
283 trace("Running testQuerySecurityPackageInfo\n");
285 /* Test with an existing package. Test should pass */
287 lstrcpy(sec_pkg_name
, "Negotiate");
289 sec_status
= setupPackageA(sec_pkg_name
, &pkg_info
);
292 ok(sec_status
== SEC_E_OK
,
293 "Return value of QuerySecurityPackageInfo() shouldn't be %s\n",
294 getSecStatusError(sec_status
) );
296 "QuerySecurityPackageInfo should give struct SecPkgInfo, but is NULL\n");
298 if(pkg_info
!= NULL
){
299 max_token
= pkg_info
->cbMaxToken
;
300 version
= pkg_info
->wVersion
;
303 ok(version
== 1, "wVersion always should be 1, but is %d\n", version
);
304 ok(max_token
== 12000, "cbMaxToken for Negotiate is %ld, not 12000.\n",
308 trace("Max token = %ld\n", max_token
);
310 sec_status
= FreeContextBuffer(&pkg_info
);
312 ok( sec_status
== SEC_E_OK
,
313 "Return value of FreeContextBuffer() shouldn't be %s\n",
314 getSecStatusError(sec_status
) );
316 /* Test with non-existing package, test should fail */
318 lstrcpy(sec_pkg_name
, "Winetest");
320 sec_status
= QuerySecurityPackageInfo( sec_pkg_name
, &pkg_info
);
322 ok( sec_status
!= SEC_E_OK
,
323 "Return value of QuerySecurityPackageInfo() should not be %s for \
324 a non-existant package\n", getSecStatusError(SEC_E_OK
));
326 sec_status
= FreeContextBuffer(&pkg_info
);
328 ok( sec_status
== SEC_E_OK
,
329 "Return value of FreeContextBuffer() shouldn't be %s\n",
330 getSecStatusError(sec_status
) );
335 void testAuthentication(void)
337 CredHandle server_cred
, client_cred
;
338 CtxtHandle server_ctxt
, client_ctxt
;
339 BYTE server_buff
[MAX_MESSAGE
];
340 BYTE client_buff
[MAX_MESSAGE
];
341 SECURITY_STATUS sec_status
;
342 DWORD count_server
= MAX_MESSAGE
;
343 DWORD count_client
= MAX_MESSAGE
;
344 BOOL done
= FALSE
, new_conn
= TRUE
;
345 TimeStamp server_ttl
;
346 PSecurityFunctionTable sft
= NULL
;
348 trace("Running testAuthentication\n");
350 sft
= InitSecurityInterface();
352 ok(sft
!= NULL
, "InitSecurityInterface() returned NULL!\n");
354 memset(&server_cred
, 0, sizeof(CredHandle
));
355 memset(&client_cred
, 0, sizeof(CredHandle
));
356 memset(&server_ctxt
, 0, sizeof(CtxtHandle
));
357 memset(&client_ctxt
, 0, sizeof(CtxtHandle
));
359 sec_status
= (sft
->AcquireCredentialsHandle
)(NULL
, "Negotiate",
360 SECPKG_CRED_INBOUND
, NULL
, NULL
, NULL
, NULL
, &server_cred
,
364 ok(sec_status
== SEC_E_OK
,
365 "Server's AcquireCredentialsHandle returned %s.\n",
366 getSecStatusError(sec_status
) );
370 genClientContext(NULL
, 0, server_buff
, &count_server
, &done
, "foo",
371 &client_cred
, &client_ctxt
, sft
);
374 genServerContext(server_buff
, count_server
, client_buff
,
375 &count_client
, &done
, &new_conn
, &server_cred
, &server_ctxt
,
378 genClientContext(client_buff
, count_client
, server_buff
,
379 &count_server
, &done
, "foo", &client_cred
, &client_ctxt
, sft
);
387 testInitSecurityInterface();
388 testEnumerateSecurityPackages();
389 testQuerySecurityPackageInfo();
390 testAuthentication();