2 * Tests for the NTLM security provider
4 * Copyright 2005, 2006 Kai Blin
5 * Copyright 2006 Dmitry Timoshkov
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 * The code that tests for the behaviour of ISC_REQ_ALLOCATE_MEMORY is based
22 * on code written by Dmitry Timoshkov.
31 #define SECURITY_WIN32
36 #include "wine/test.h"
38 static HMODULE secdll;
39 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
40 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
41 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
42 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
43 ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
44 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
45 SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG,
46 PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
47 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
48 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
49 PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc,
51 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
52 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
53 static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID);
54 static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG,
55 PSecBufferDesc, ULONG);
56 static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc,
58 static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG,
59 PSecBufferDesc, ULONG);
60 static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc,
63 typedef struct _SspiData {
66 PSecBufferDesc in_buf;
67 PSecBufferDesc out_buf;
68 PSEC_WINNT_AUTH_IDENTITY id;
72 static BYTE network_challenge[] =
73 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
74 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
75 0x05, 0x82, 0x82, 0xa0, 0xe9, 0x58, 0x7f, 0x14, 0xa2, 0x86,
76 0x3b, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
78 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
79 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
80 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
81 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
82 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
83 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
84 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
85 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
86 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
87 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
89 static BYTE native_challenge[] =
90 {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
91 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x30, 0x00, 0x00, 0x00,
92 0x05, 0x82, 0x82, 0xa0, 0xb5, 0x60, 0x8e, 0x95, 0xb5, 0x3c,
93 0xee, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x54, 0x00, 0x54, 0x00, 0x40, 0x00, 0x00, 0x00, 0x43, 0x00,
95 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
96 0x30, 0x00, 0x31, 0x00, 0x02, 0x00, 0x10, 0x00, 0x43, 0x00,
97 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
98 0x30, 0x00, 0x31, 0x00, 0x01, 0x00, 0x10, 0x00, 0x43, 0x00,
99 0x41, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x4f, 0x00,
100 0x30, 0x00, 0x31, 0x00, 0x04, 0x00, 0x10, 0x00, 0x63, 0x00,
101 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
102 0x30, 0x00, 0x31, 0x00, 0x03, 0x00, 0x10, 0x00, 0x63, 0x00,
103 0x61, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00,
104 0x30, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00};
106 static BYTE message_signature[] =
107 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
110 static BYTE message_binary[] =
111 {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
114 static char message[] = "Hello, world!";
116 static char message_header[] = "Header Test";
118 static BYTE crypt_trailer_client[] =
119 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xc7,
120 0xaa, 0x26, 0x16, 0x39, 0x07, 0x4e};
122 static BYTE crypt_message_client[] =
123 {0x86, 0x9c, 0x5a, 0x10, 0x78, 0xb3, 0x30, 0x98, 0x46, 0x15,
126 static BYTE crypt_trailer_client2[] =
127 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa7,
128 0xf7, 0x0f, 0x5b, 0x25, 0xbe, 0xa4};
130 static BYTE crypt_message_client2[] =
131 {0x20, 0x6c, 0x01, 0xab, 0xb0, 0x4c, 0x93, 0xe4, 0x1e, 0xfc,
134 static BYTE crypt_trailer_server[] =
135 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x46,
136 0x2e, 0x77, 0xeb, 0xf0, 0xf6, 0x9e};
138 static BYTE crypt_message_server[] =
139 {0xf6, 0xb7, 0x92, 0x0c, 0xac, 0xea, 0x98, 0xe6, 0xef, 0xa0,
142 static BYTE crypt_trailer_server2[] =
143 {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x4e,
144 0x46, 0xb7, 0xca, 0xf7, 0x7f, 0xb3};
146 static BYTE crypt_message_server2[] =
147 {0xc8, 0xf2, 0x39, 0x7f, 0x0c, 0xaf, 0xf5, 0x5d, 0xef, 0x0c,
150 static void InitFunctionPtrs(void)
152 secdll = LoadLibraryA("secur32.dll");
154 secdll = LoadLibraryA("security.dll");
157 pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
158 pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
159 pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
160 pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
161 pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
162 pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
163 pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
164 pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
165 pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
166 pQueryContextAttributesA = (PVOID)GetProcAddress(secdll, "QueryContextAttributesA");
167 pMakeSignature = (PVOID)GetProcAddress(secdll, "MakeSignature");
168 pVerifySignature = (PVOID)GetProcAddress(secdll, "VerifySignature");
169 pEncryptMessage = (PVOID)GetProcAddress(secdll, "EncryptMessage");
170 pDecryptMessage = (PVOID)GetProcAddress(secdll, "DecryptMessage");
174 static const char* getSecError(SECURITY_STATUS status)
178 #define _SEC_ERR(x) case (x): return #x;
182 _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
183 _SEC_ERR(SEC_E_INVALID_HANDLE);
184 _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
185 _SEC_ERR(SEC_E_TARGET_UNKNOWN);
186 _SEC_ERR(SEC_E_INTERNAL_ERROR);
187 _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
188 _SEC_ERR(SEC_E_NOT_OWNER);
189 _SEC_ERR(SEC_E_CANNOT_INSTALL);
190 _SEC_ERR(SEC_E_INVALID_TOKEN);
191 _SEC_ERR(SEC_E_CANNOT_PACK);
192 _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
193 _SEC_ERR(SEC_E_NO_IMPERSONATION);
194 _SEC_ERR(SEC_I_CONTINUE_NEEDED);
195 _SEC_ERR(SEC_E_BUFFER_TOO_SMALL);
196 _SEC_ERR(SEC_E_ILLEGAL_MESSAGE);
197 _SEC_ERR(SEC_E_LOGON_DENIED);
198 _SEC_ERR(SEC_E_NO_CREDENTIALS);
199 _SEC_ERR(SEC_E_OUT_OF_SEQUENCE);
200 _SEC_ERR(SEC_E_MESSAGE_ALTERED);
202 sprintf(buf, "%08x\n", status);
208 /**********************************************************************/
210 static SECURITY_STATUS setupBuffers(SspiData *sspi_data, SecPkgInfoA *sec_pkg_info)
213 sspi_data->in_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
214 sspi_data->out_buf = HeapAlloc(GetProcessHeap(), 0, sizeof(SecBufferDesc));
215 sspi_data->max_token = sec_pkg_info->cbMaxToken;
217 if(sspi_data->in_buf != NULL)
219 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
221 if(sec_buffer == NULL){
222 trace("in_buf: sec_buffer == NULL\n");
223 return SEC_E_INSUFFICIENT_MEMORY;
226 sspi_data->in_buf->ulVersion = SECBUFFER_VERSION;
227 sspi_data->in_buf->cBuffers = 1;
228 sspi_data->in_buf->pBuffers = sec_buffer;
230 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
231 sec_buffer->BufferType = SECBUFFER_TOKEN;
232 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
233 sec_pkg_info->cbMaxToken)) == NULL)
235 trace("in_buf: sec_buffer->pvBuffer == NULL\n");
236 return SEC_E_INSUFFICIENT_MEMORY;
241 trace("HeapAlloc in_buf returned NULL\n");
242 return SEC_E_INSUFFICIENT_MEMORY;
245 if(sspi_data->out_buf != NULL)
247 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
250 if(sec_buffer == NULL){
251 trace("out_buf: sec_buffer == NULL\n");
252 return SEC_E_INSUFFICIENT_MEMORY;
255 sspi_data->out_buf->ulVersion = SECBUFFER_VERSION;
256 sspi_data->out_buf->cBuffers = 1;
257 sspi_data->out_buf->pBuffers = sec_buffer;
259 sec_buffer->cbBuffer = sec_pkg_info->cbMaxToken;
260 sec_buffer->BufferType = SECBUFFER_TOKEN;
261 if((sec_buffer->pvBuffer = HeapAlloc(GetProcessHeap(), 0,
262 sec_pkg_info->cbMaxToken)) == NULL){
263 trace("out_buf: sec_buffer->pvBuffer == NULL\n");
264 return SEC_E_INSUFFICIENT_MEMORY;
269 trace("HeapAlloc out_buf returned NULL\n");
270 return SEC_E_INSUFFICIENT_MEMORY;
276 /**********************************************************************/
278 static void cleanupBuffers(SspiData *sspi_data)
282 if(sspi_data->in_buf != NULL)
284 for(i = 0; i < sspi_data->in_buf->cBuffers; ++i)
286 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers[i].pvBuffer);
288 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf->pBuffers);
289 HeapFree(GetProcessHeap(), 0, sspi_data->in_buf);
292 if(sspi_data->out_buf != NULL)
294 for(i = 0; i < sspi_data->out_buf->cBuffers; ++i)
296 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers[i].pvBuffer);
298 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf->pBuffers);
299 HeapFree(GetProcessHeap(), 0, sspi_data->out_buf);
303 /**********************************************************************/
305 static SECURITY_STATUS setupClient(SspiData *sspi_data, SEC_CHAR *provider)
309 SecPkgInfoA *sec_pkg_info;
311 trace("Running setupClient\n");
313 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
314 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
316 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
318 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
320 setupBuffers(sspi_data, sec_pkg_info);
322 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
323 NULL, sspi_data->id, NULL, NULL, sspi_data->cred, &ttl))
326 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
329 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
334 /**********************************************************************/
336 static SECURITY_STATUS setupServer(SspiData *sspi_data, SEC_CHAR *provider)
340 SecPkgInfoA *sec_pkg_info;
342 trace("Running setupServer\n");
344 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
345 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
347 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
349 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
351 setupBuffers(sspi_data, sec_pkg_info);
353 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
354 NULL, NULL, NULL, NULL, sspi_data->cred, &ttl)) != SEC_E_OK)
356 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
359 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
365 /**********************************************************************/
367 static SECURITY_STATUS setupFakeServer(SspiData *sspi_data, SEC_CHAR *provider)
370 SecPkgInfoA *sec_pkg_info;
372 trace("Running setupFakeServer\n");
374 sspi_data->cred = HeapAlloc(GetProcessHeap(), 0, sizeof(CredHandle));
375 sspi_data->ctxt = HeapAlloc(GetProcessHeap(), 0, sizeof(CtxtHandle));
377 ret = pQuerySecurityPackageInfoA(provider, &sec_pkg_info);
379 ok(ret == SEC_E_OK, "QuerySecurityPackageInfo returned %s\n", getSecError(ret));
381 ret = setupBuffers(sspi_data, sec_pkg_info);
387 /**********************************************************************/
389 static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep)
395 PSecBufferDesc in_buf = sspi_data->in_buf;
396 PSecBufferDesc out_buf = sspi_data->out_buf;
398 assert(in_buf->cBuffers >= 1);
399 assert(in_buf->pBuffers[0].pvBuffer != NULL);
400 assert(in_buf->pBuffers[0].cbBuffer != 0);
402 assert(out_buf->cBuffers >= 1);
403 assert(out_buf->pBuffers[0].pvBuffer != NULL);
404 assert(out_buf->pBuffers[0].cbBuffer != 0);
406 trace("Running the client the %s time.\n", first?"first":"second");
408 /* We can either use ISC_REQ_ALLOCATE_MEMORY flag to ask the provider
409 * always allocate output buffers for us, or initialize cbBuffer
410 * before each call because the API changes it to represent actual
411 * amount of data in the buffer.
414 /* test a failing call only the first time, otherwise we get
415 * SEC_E_OUT_OF_SEQUENCE
421 /* pass NULL as an output buffer */
422 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
423 0, data_rep, NULL, 0, sspi_data->ctxt, NULL,
426 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
428 /* pass NULL as an output buffer */
429 old_buf = out_buf->pBuffers[0].pvBuffer;
430 out_buf->pBuffers[0].pvBuffer = NULL;
432 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
433 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
436 ok(ret == SEC_E_INTERNAL_ERROR, "expected SEC_E_INTERNAL_ERROR, got %s\n", getSecError(ret));
438 out_buf->pBuffers[0].pvBuffer = old_buf;
440 /* pass an output buffer of 0 size */
441 out_buf->pBuffers[0].cbBuffer = 0;
443 ret = pInitializeSecurityContextA(sspi_data->cred, NULL, NULL, req_attr,
444 0, data_rep, NULL, 0, sspi_data->ctxt, out_buf,
447 ok(ret == SEC_E_BUFFER_TOO_SMALL, "expected SEC_E_BUFFER_TOO_SMALL, got %s\n", getSecError(ret));
449 ok(out_buf->pBuffers[0].cbBuffer == 0,
450 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
453 out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
455 ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
456 0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
459 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
461 pCompleteAuthToken(sspi_data->ctxt, out_buf);
462 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
463 ret = SEC_I_CONTINUE_NEEDED;
464 else if(ret == SEC_I_COMPLETE_NEEDED)
468 ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
469 "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
474 /**********************************************************************/
476 static SECURITY_STATUS runServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
482 trace("Running the server the %s time\n", first?"first":"second");
484 ret = pAcceptSecurityContext(sspi_data->cred, first?NULL:sspi_data->ctxt,
485 sspi_data->in_buf, 0, data_rep, sspi_data->ctxt,
486 sspi_data->out_buf, &ctxt_attr, &ttl);
488 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
490 pCompleteAuthToken(sspi_data->ctxt, sspi_data->out_buf);
491 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
492 ret = SEC_I_CONTINUE_NEEDED;
493 else if(ret == SEC_I_COMPLETE_NEEDED)
500 /**********************************************************************/
502 static SECURITY_STATUS runFakeServer(SspiData *sspi_data, BOOL first, ULONG data_rep)
504 trace("Running the fake server the %s time\n", first?"first":"second");
508 sspi_data->out_buf->pBuffers[0].cbBuffer = 0;
512 if(data_rep == SECURITY_NATIVE_DREP)
514 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(native_challenge);
515 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, native_challenge,
516 sspi_data->out_buf->pBuffers[0].cbBuffer);
520 sspi_data->out_buf->pBuffers[0].cbBuffer = sizeof(network_challenge);
521 memcpy(sspi_data->out_buf->pBuffers[0].pvBuffer, network_challenge,
522 sspi_data->out_buf->pBuffers[0].cbBuffer);
525 return SEC_I_CONTINUE_NEEDED;
528 /**********************************************************************/
530 static void communicate(SspiData *from, SspiData *to)
532 if(from->out_buf != NULL && to->in_buf != NULL)
534 trace("Running communicate.\n");
535 if((from->out_buf->cBuffers >= 1) && (to->in_buf->cBuffers >= 1))
537 if((from->out_buf->pBuffers[0].pvBuffer != NULL) &&
538 (to->in_buf->pBuffers[0].pvBuffer != NULL))
540 memset(to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token);
542 memcpy(to->in_buf->pBuffers[0].pvBuffer,
543 from->out_buf->pBuffers[0].pvBuffer,
544 from->out_buf->pBuffers[0].cbBuffer);
546 to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
548 memset(from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token);
554 /**********************************************************************/
555 static void testInitializeSecurityContextFlags(void)
557 SECURITY_STATUS sec_status;
558 PSecPkgInfo pkg_info = NULL;
560 SEC_WINNT_AUTH_IDENTITY id;
561 static char sec_pkg_name[] = "NTLM",
562 test_user[] = "testuser",
563 workgroup[] = "WORKGROUP",
564 test_pass[] = "testpass";
565 ULONG req_attr, ctxt_attr;
569 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
571 skip("Package not installed, skipping test!\n");
575 pFreeContextBuffer(pkg_info);
576 id.User = (unsigned char*) test_user;
577 id.UserLength = strlen((char *) id.User);
578 id.Domain = (unsigned char *) workgroup;
579 id.DomainLength = strlen((char *) id.Domain);
580 id.Password = (unsigned char*) test_pass;
581 id.PasswordLength = strlen((char *) id.Password);
582 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
586 if((sec_status = setupClient(&client, sec_pkg_name)) != SEC_E_OK)
588 skip("Setting up the client returned %s, skipping test!\n",
589 getSecError(sec_status));
593 packet = client.out_buf->pBuffers[0].pvBuffer;
595 /* Due to how the requesting of the flags is implemented in ntlm_auth,
596 * the tests need to be in this order, as there is no way to specify
597 * "I request no special features" in ntlm_auth */
599 /* Without any flags, the lowest byte should not have bits 0x20 or 0x10 set*/
602 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
603 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
604 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
606 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
607 getSecError(sec_status));
611 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
612 "With req_attr == 0, flags are 0x%02x%02x%02x%02x.\n",
613 packet[15], packet[14], packet[13], packet[12]);
615 /* With ISC_REQ_CONNECTION, the lowest byte should not have bits 0x20 or 0x10 set*/
616 req_attr = ISC_REQ_CONNECTION;
618 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
619 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
620 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
622 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
623 getSecError(sec_status));
627 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
628 "For ISC_REQ_CONNECTION, flags are 0x%02x%02x%02x%02x.\n",
629 packet[15], packet[14], packet[13], packet[12]);
631 /* With ISC_REQ_EXTENDED_ERROR, the lowest byte should not have bits 0x20 or 0x10 set*/
632 req_attr = ISC_REQ_EXTENDED_ERROR;
634 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
635 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
636 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
638 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
639 getSecError(sec_status));
643 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
644 "For ISC_REQ_EXTENDED_ERROR, flags are 0x%02x%02x%02x%02x.\n",
645 packet[15], packet[14], packet[13], packet[12]);
647 /* With ISC_REQ_MUTUAL_AUTH, the lowest byte should not have bits 0x20 or 0x10 set*/
648 req_attr = ISC_REQ_MUTUAL_AUTH;
650 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
651 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
652 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
654 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
655 getSecError(sec_status));
659 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
660 "For ISC_REQ_MUTUAL_AUTH, flags are 0x%02x%02x%02x%02x.\n",
661 packet[15], packet[14], packet[13], packet[12]);
663 /* With ISC_REQ_USE_DCE_STYLE, the lowest byte should not have bits 0x20 or 0x10 set*/
664 req_attr = ISC_REQ_USE_DCE_STYLE;
666 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
667 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
668 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
670 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
671 getSecError(sec_status));
675 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
676 "For ISC_REQ_USE_DCE_STYLE, flags are 0x%02x%02x%02x%02x.\n",
677 packet[15], packet[14], packet[13], packet[12]);
679 /* With ISC_REQ_DELEGATE, the lowest byte should not have bits 0x20 or 0x10 set*/
680 req_attr = ISC_REQ_DELEGATE;
682 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
683 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
684 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
686 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
687 getSecError(sec_status));
691 ok(((packet[12] & 0x10) == 0) && ((packet[12] & 0x20) == 0),
692 "For ISC_REQ_DELEGATE, flags are 0x%02x%02x%02x%02x.\n",
693 packet[15], packet[14], packet[13], packet[12]);
695 /* With ISC_REQ_INTEGRITY, the lowest byte should have bit 0x10 set */
696 req_attr = ISC_REQ_INTEGRITY;
698 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
699 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
700 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
702 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
703 getSecError(sec_status));
707 ok((packet[12] & 0x10) != 0,
708 "For ISC_REQ_INTEGRITY, flags are 0x%02x%02x%02x%02x.\n",
709 packet[15], packet[14], packet[13], packet[12]);
711 /* With ISC_REQ_REPLAY_DETECT, the lowest byte should have bit 0x10 set */
712 req_attr = ISC_REQ_REPLAY_DETECT;
714 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
715 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
716 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
718 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
719 getSecError(sec_status));
723 ok((packet[12] & 0x10) != 0,
724 "For ISC_REQ_REPLAY_DETECT, flags are 0x%02x%02x%02x%02x.\n",
725 packet[15], packet[14], packet[13], packet[12]);
727 /* With ISC_REQ_SEQUENCE_DETECT, the lowest byte should have bit 0x10 set */
728 req_attr = ISC_REQ_SEQUENCE_DETECT;
730 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
731 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
732 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
734 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
735 getSecError(sec_status));
739 ok((packet[12] & 0x10) != 0,
740 "For ISC_REQ_SEQUENCE_DETECT, flags are 0x%02x%02x%02x%02x.\n",
741 packet[15], packet[14], packet[13], packet[12]);
743 /* With ISC_REQ_CONFIDENTIALITY, the lowest byte should have bit 0x20 set */
744 req_attr = ISC_REQ_CONFIDENTIALITY;
746 if((sec_status = pInitializeSecurityContextA(client.cred, NULL, NULL, req_attr,
747 0, SECURITY_NETWORK_DREP, NULL, 0, client.ctxt, client.out_buf,
748 &ctxt_attr, &ttl)) != SEC_I_CONTINUE_NEEDED)
750 trace("InitializeSecurityContext returned %s not SEC_I_CONTINUE_NEEDED, aborting.\n",
751 getSecError(sec_status));
755 ok((packet[12] & 0x20) != 0,
756 "For ISC_REQ_CONFIDENTIALITY, flags are 0x%02x%02x%02x%02x.\n",
757 packet[15], packet[14], packet[13], packet[12]);
760 cleanupBuffers(&client);
761 pFreeCredentialsHandle(client.cred);
765 /**********************************************************************/
767 static void testAuth(ULONG data_rep, BOOL fake)
769 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
770 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
771 SECURITY_STATUS sec_status;
772 PSecPkgInfo pkg_info = NULL;
774 SspiData client, server;
775 SEC_WINNT_AUTH_IDENTITY id;
776 SecPkgContext_Sizes ctxt_sizes;
777 static char sec_pkg_name[] = "NTLM",
778 test_user[] = "testuser",
779 workgroup[] = "WORKGROUP",
780 test_pass[] = "testpass";
782 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)!= SEC_E_OK)
784 skip("Package not installed, skipping test.\n");
788 pFreeContextBuffer(pkg_info);
789 id.User = (unsigned char*) test_user;
790 id.UserLength = strlen((char *) id.User);
791 id.Domain = (unsigned char *) workgroup;
792 id.DomainLength = strlen((char *) id.Domain);
793 id.Password = (unsigned char*) test_pass;
794 id.PasswordLength = strlen((char *) id.Password);
795 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
799 sec_status = setupClient(&client, sec_pkg_name);
801 if(sec_status != SEC_E_OK)
803 skip("Error: Setting up the client returned %s, exiting test!\n",
804 getSecError(sec_status));
805 pFreeCredentialsHandle(client.cred);
810 sec_status = setupFakeServer(&server, sec_pkg_name);
812 sec_status = setupServer(&server, sec_pkg_name);
814 if(sec_status != SEC_E_OK)
816 skip("Error: Setting up the server returned %s, exiting test!\n",
817 getSecError(sec_status));
818 pFreeCredentialsHandle(server.cred);
819 pFreeCredentialsHandle(client.cred);
823 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
825 client_stat = runClient(&client, first, data_rep);
827 ok(client_stat == SEC_E_OK || client_stat == SEC_I_CONTINUE_NEEDED,
828 "Running the client returned %s, more tests will fail.\n",
829 getSecError(client_stat));
831 communicate(&client, &server);
834 server_stat = runFakeServer(&server, first, data_rep);
836 server_stat = runServer(&server, first, data_rep);
838 ok(server_stat == SEC_E_OK || server_stat == SEC_I_CONTINUE_NEEDED ||
839 server_stat == SEC_E_LOGON_DENIED,
840 "Running the server returned %s, more tests will fail from now.\n",
841 getSecError(server_stat));
843 communicate(&server, &client);
848 if(client_stat != SEC_E_OK)
850 skip("Authentication failed, skipping test.\n");
854 sec_status = pQueryContextAttributesA(client.ctxt,
855 SECPKG_ATTR_SIZES, &ctxt_sizes);
857 ok(sec_status == SEC_E_OK,
858 "pQueryContextAttributesA(SECPKG_ATTR_SIZES) returned %s\n",
859 getSecError(sec_status));
860 ok(ctxt_sizes.cbMaxToken == 1904,
861 "cbMaxToken should be 1904 but is %lu\n",
862 ctxt_sizes.cbMaxToken);
863 ok(ctxt_sizes.cbMaxSignature == 16,
864 "cbMaxSignature should be 16 but is %lu\n",
865 ctxt_sizes.cbMaxSignature);
866 ok(ctxt_sizes.cbSecurityTrailer == 16,
867 "cbSecurityTrailer should be 16 but is %lu\n",
868 ctxt_sizes.cbSecurityTrailer);
869 ok(ctxt_sizes.cbBlockSize == 0,
870 "cbBlockSize should be 0 but is %lu\n",
871 ctxt_sizes.cbBlockSize);
874 cleanupBuffers(&client);
875 cleanupBuffers(&server);
879 sec_status = pDeleteSecurityContext(server.ctxt);
880 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
881 getSecError(sec_status));
884 sec_status = pDeleteSecurityContext(client.ctxt);
885 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
886 getSecError(sec_status));
890 sec_status = pFreeCredentialsHandle(server.cred);
891 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
892 getSecError(sec_status));
895 sec_status = pFreeCredentialsHandle(client.cred);
896 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
897 getSecError(sec_status));
900 static void testSignSeal(void)
902 SECURITY_STATUS client_stat = SEC_I_CONTINUE_NEEDED;
903 SECURITY_STATUS server_stat = SEC_I_CONTINUE_NEEDED;
904 SECURITY_STATUS sec_status;
905 PSecPkgInfo pkg_info = NULL;
907 SspiData client, server;
908 SEC_WINNT_AUTH_IDENTITY id;
909 static char sec_pkg_name[] = "NTLM";
911 SecBuffer data[2], fake_data[2], complex_data[4];
913 SecPkgContext_Sizes ctxt_sizes;
914 static char test_user[] = "testuser",
915 workgroup[] = "WORKGROUP",
916 test_pass[] = "testpass";
918 /****************************************************************
919 * This is basically the same as in testAuth with a fake server,
920 * as we need a valid, authenticated context.
922 if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
924 skip("Package not installed, skipping test.\n");
928 pFreeContextBuffer(pkg_info);
929 id.User = (unsigned char*) test_user;
930 id.UserLength = strlen((char *) id.User);
931 id.Domain = (unsigned char *) workgroup;
932 id.DomainLength = strlen((char *) id.Domain);
933 id.Password = (unsigned char*) test_pass;
934 id.PasswordLength = strlen((char *) id.Password);
935 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
939 sec_status = setupClient(&client, sec_pkg_name);
941 if(sec_status != SEC_E_OK)
943 skip("Error: Setting up the client returned %s, exiting test!\n",
944 getSecError(sec_status));
945 pFreeCredentialsHandle(client.cred);
949 sec_status = setupFakeServer(&server, sec_pkg_name);
951 while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
953 client_stat = runClient(&client, first, SECURITY_NETWORK_DREP);
955 communicate(&client, &server);
957 server_stat = runFakeServer(&server, first, SECURITY_NETWORK_DREP);
959 communicate(&server, &client);
964 /********************************************
965 * Now start with the actual testing *
966 ********************************************/
968 if(pQueryContextAttributesA(client.ctxt, SECPKG_ATTR_SIZES,
969 &ctxt_sizes) != SEC_E_OK)
971 skip("Failed to get context sizes, aborting test.\n");
975 crypt.ulVersion = SECBUFFER_VERSION;
978 crypt.pBuffers = fake_data;
980 fake_data[0].BufferType = SECBUFFER_DATA;
981 fake_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
982 fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
984 fake_data[1].BufferType = SECBUFFER_DATA;
985 fake_data[1].cbBuffer = lstrlen(message);
986 fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
988 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
989 ok(sec_status == SEC_E_INVALID_TOKEN,
990 "MakeSignature returned %s, not SEC_E_INVALID_TOKEN.\n",
991 getSecError(sec_status));
993 crypt.pBuffers = data;
995 data[0].BufferType = SECBUFFER_TOKEN;
996 data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
997 data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
999 data[1].BufferType = SECBUFFER_DATA;
1000 data[1].cbBuffer = lstrlen(message);
1001 data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1002 memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
1004 /* As we forced NTLM to fall back to a password-derived session key,
1005 * we should get the same signature for our data, no matter if
1006 * it is sent by the client or the server
1008 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1009 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1010 getSecError(sec_status));
1011 ok(!memcmp(crypt.pBuffers[0].pvBuffer, message_signature,
1012 crypt.pBuffers[0].cbBuffer), "Signature is not as expected.\n");
1014 data[0].cbBuffer = sizeof(message_signature);
1016 memcpy(data[0].pvBuffer, crypt_trailer_client, data[0].cbBuffer);
1018 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1019 ok(sec_status == SEC_E_MESSAGE_ALTERED,
1020 "VerifySignature returned %s, not SEC_E_MESSAGE_ALTERED.\n",
1021 getSecError(sec_status));
1023 memcpy(data[0].pvBuffer, message_signature, data[0].cbBuffer);
1025 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1026 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK.\n",
1027 getSecError(sec_status));
1029 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1030 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1031 getSecError(sec_status));
1033 ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
1034 crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
1035 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
1036 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1038 data[0].cbBuffer = sizeof(crypt_trailer_server);
1039 data[1].cbBuffer = sizeof(crypt_message_server);
1040 memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
1041 memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
1043 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1045 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1046 getSecError(sec_status));
1047 ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
1048 crypt.pBuffers[1].cbBuffer),
1049 "Failed to decrypt message correctly.\n");
1051 trace("Testing with more than one buffer.\n");
1053 crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
1054 crypt.pBuffers = complex_data;
1056 complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1057 complex_data[0].cbBuffer = sizeof(message_header);
1058 complex_data[0].pvBuffer = message_header;
1060 complex_data[1].BufferType = SECBUFFER_DATA;
1061 complex_data[1].cbBuffer = lstrlen(message);
1062 complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
1063 memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
1065 complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
1066 complex_data[2].cbBuffer = sizeof(message_header);
1067 complex_data[2].pvBuffer = message_header;
1069 complex_data[3].BufferType = SECBUFFER_TOKEN;
1070 complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
1071 complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
1073 /* We should get a dummy signature again. */
1074 sec_status = pMakeSignature(client.ctxt, 0, &crypt, 0);
1075 ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
1076 getSecError(sec_status));
1077 ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
1078 crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
1080 /* Being a dummy signature, it will verify right away, as if the server
1082 sec_status = pVerifySignature(client.ctxt, &crypt, 0, &qop);
1083 ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
1084 getSecError(sec_status));
1086 sec_status = pEncryptMessage(client.ctxt, 0, &crypt, 0);
1087 ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
1088 getSecError(sec_status));
1090 ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
1091 crypt.pBuffers[3].cbBuffer), "Crypt trailer not as expected.\n");
1093 ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
1094 crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
1096 memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
1097 memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
1099 sec_status = pDecryptMessage(client.ctxt, &crypt, 0, &qop);
1100 ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
1101 getSecError(sec_status));
1105 cleanupBuffers(&client);
1106 cleanupBuffers(&server);
1108 pDeleteSecurityContext(client.ctxt);
1109 pFreeCredentialsHandle(client.cred);
1111 HeapFree(GetProcessHeap(), 0, fake_data[0].pvBuffer);
1112 HeapFree(GetProcessHeap(), 0, fake_data[1].pvBuffer);
1113 HeapFree(GetProcessHeap(), 0, data[0].pvBuffer);
1114 HeapFree(GetProcessHeap(), 0, data[1].pvBuffer);
1115 HeapFree(GetProcessHeap(), 0, complex_data[1].pvBuffer);
1116 HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
1119 static void testAcquireCredentialsHandle(void)
1123 static char test_user[] = "testuser",
1124 workgroup[] = "WORKGROUP",
1125 test_pass[] = "testpass",
1126 sec_pkg_name[] = "NTLM";
1127 SECURITY_STATUS ret;
1128 SEC_WINNT_AUTH_IDENTITY id;
1129 PSecPkgInfo pkg_info = NULL;
1131 if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
1133 skip("NTLM package not installed, skipping test\n");
1136 pFreeContextBuffer(pkg_info);
1138 id.User = (unsigned char*) test_user;
1139 id.UserLength = strlen((char *) id.User);
1140 id.Domain = (unsigned char *) workgroup;
1141 id.DomainLength = strlen((char *) id.Domain);
1142 id.Password = (unsigned char*) test_pass;
1143 id.PasswordLength = strlen((char *) id.Password);
1144 id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
1146 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1147 NULL, &id, NULL, NULL, &cred, &ttl);
1148 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1150 pFreeCredentialsHandle(&cred);
1152 id.DomainLength = 0;
1153 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1154 NULL, &id, NULL, NULL, &cred, &ttl);
1155 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1157 pFreeCredentialsHandle(&cred);
1160 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1161 NULL, &id, NULL, NULL, &cred, &ttl);
1162 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1164 pFreeCredentialsHandle(&cred);
1166 id.Domain = (unsigned char *) workgroup;
1167 id.DomainLength = strlen((char *) id.Domain);
1170 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1171 NULL, &id, NULL, NULL, &cred, &ttl);
1172 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1174 pFreeCredentialsHandle(&cred);
1176 id.User = (unsigned char*) test_user;
1177 id.UserLength = strlen((char *) id.User);
1179 id.PasswordLength = 0;
1180 ret = pAcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_OUTBOUND,
1181 NULL, &id, NULL, NULL, &cred, &ttl);
1182 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
1184 pFreeCredentialsHandle(&cred);
1191 if(pFreeCredentialsHandle && pDeleteSecurityContext &&
1192 pDeleteSecurityContext && pAcquireCredentialsHandleA &&
1193 pInitializeSecurityContextA && pCompleteAuthToken &&
1194 pQuerySecurityPackageInfoA)
1196 testAcquireCredentialsHandle();
1197 testInitializeSecurityContextFlags();
1198 if(pAcceptSecurityContext)
1200 testAuth(SECURITY_NATIVE_DREP, TRUE);
1201 testAuth(SECURITY_NETWORK_DREP, TRUE);
1202 testAuth(SECURITY_NATIVE_DREP, FALSE);
1203 testAuth(SECURITY_NETWORK_DREP, FALSE);
1205 if(pMakeSignature && pVerifySignature && pEncryptMessage &&
1211 FreeLibrary(secdll);
projects / wine / blob