2 * Miscellaneous secur32 tests
4 * Copyright 2005 Kai Blin
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #define SECURITY_WIN32
26 #include "wine/test.h"
30 #define BUFF_SIZE 2048
31 #define MAX_MESSAGE 12000
33 static HMODULE secdll;
34 static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
35 static SECURITY_STATUS (SEC_ENTRY * pEnumerateSecurityPackagesA)(PULONG, PSecPkgInfoA*);
36 static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID pv);
37 static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR*, PSecPkgInfoA*);
38 static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR*, SEC_CHAR*,
39 ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
40 static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
41 SEC_CHAR*, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG,
42 PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
43 static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
44 static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
45 PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc,
47 static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
48 static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
50 void InitFunctionPtrs(void)
52 secdll = LoadLibraryA("secur32.dll");
54 secdll = LoadLibraryA("security.dll");
57 pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA");
58 pEnumerateSecurityPackagesA = (PVOID)GetProcAddress(secdll, "EnumerateSecurityPackagesA");
59 pFreeContextBuffer = (PVOID)GetProcAddress(secdll, "FreeContextBuffer");
60 pQuerySecurityPackageInfoA = (PVOID)GetProcAddress(secdll, "QuerySecurityPackageInfoA");
61 pAcquireCredentialsHandleA = (PVOID)GetProcAddress(secdll, "AcquireCredentialsHandleA");
62 pInitializeSecurityContextA = (PVOID)GetProcAddress(secdll, "InitializeSecurityContextA");
63 pCompleteAuthToken = (PVOID)GetProcAddress(secdll, "CompleteAuthToken");
64 pAcceptSecurityContext = (PVOID)GetProcAddress(secdll, "AcceptSecurityContext");
65 pFreeCredentialsHandle = (PVOID)GetProcAddress(secdll, "FreeCredentialsHandle");
66 pDeleteSecurityContext = (PVOID)GetProcAddress(secdll, "DeleteSecurityContext");
70 /*---------------------------------------------------------*/
71 /* General helper functions */
73 static const char* getSecError(SECURITY_STATUS status)
75 #define _SEC_ERR(x) case (x): return #x;
79 _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
80 _SEC_ERR(SEC_E_INVALID_HANDLE);
81 _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
82 _SEC_ERR(SEC_E_TARGET_UNKNOWN);
83 _SEC_ERR(SEC_E_INTERNAL_ERROR);
84 _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
85 _SEC_ERR(SEC_E_NOT_OWNER);
86 _SEC_ERR(SEC_E_CANNOT_INSTALL);
87 _SEC_ERR(SEC_E_INVALID_TOKEN);
88 _SEC_ERR(SEC_E_CANNOT_PACK);
89 _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
90 _SEC_ERR(SEC_E_NO_IMPERSONATION);
91 _SEC_ERR(SEC_I_CONTINUE_NEEDED);
92 _SEC_ERR(SEC_E_BUFFER_TOO_SMALL);
93 _SEC_ERR(SEC_E_ILLEGAL_MESSAGE);
94 _SEC_ERR(SEC_E_LOGON_DENIED);
95 _SEC_ERR(SEC_E_NO_CREDENTIALS);
97 trace("Error = %ld\n", status);
98 return "Unknown error";
103 /*---------------------------------------------------------*/
104 /* Helper for testQuerySecurityPagageInfo */
106 static SECURITY_STATUS setupPackageA(SEC_CHAR *p_package_name,
107 PSecPkgInfo *p_pkg_info)
109 SECURITY_STATUS ret = SEC_E_SECPKG_NOT_FOUND;
111 ret = pQuerySecurityPackageInfoA( p_package_name, p_pkg_info);
115 /*---------------------------------------------------------*/
116 /* Helper for testAuth* */
118 SECURITY_STATUS setupClient(PCredHandle cred, const char *user,
119 const char *pass, const char *domain, char *provider)
122 PSEC_WINNT_AUTH_IDENTITY identity = NULL;
125 trace("Running setupClient\n");
129 identity = HeapAlloc(GetProcessHeap(), 0,
130 sizeof(SEC_WINNT_AUTH_IDENTITY_A));
132 memset( identity, 0, sizeof(identity));
133 identity->Domain = HeapAlloc(GetProcessHeap(), 0,
134 lstrlenA( domain ? domain :"") + 1);
135 lstrcpyA((char*)identity->Domain, domain ? domain :"");
136 identity->DomainLength = domain ? lstrlenA(domain): 0;
137 identity->User = HeapAlloc(GetProcessHeap(), 0,
138 lstrlenA( user ? user :"") + 1);
139 lstrcpyA((char*)identity->User, user ? user :"");
140 identity->UserLength = user ? lstrlenA(user) : 0;
141 identity->Password = HeapAlloc(GetProcessHeap(), 0,
142 lstrlenA( pass ? pass :"") + 1);
143 lstrcpyA((char*)identity->Password, pass ? pass : "");
144 identity->PasswordLength = pass ? lstrlenA(pass): 0;
145 identity->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
148 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_OUTBOUND,
149 NULL, identity, NULL, NULL, cred, &ttl)) != SEC_E_OK)
151 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
154 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
157 if( identity != NULL)
159 if(identity->Domain != 0)
160 HeapFree(GetProcessHeap(), 0, identity->Domain);
161 if(identity->User != 0)
162 HeapFree(GetProcessHeap(), 0, identity->User);
163 if(identity->Password != 0)
164 HeapFree(GetProcessHeap(), 0, identity->Password);
165 HeapFree(GetProcessHeap(), 0, identity);
171 /**********************************************************************/
173 SECURITY_STATUS setupServer(PCredHandle cred, char *provider)
178 trace("Running setupServer\n");
180 if((ret = pAcquireCredentialsHandleA(NULL, provider, SECPKG_CRED_INBOUND,
181 NULL, NULL, NULL, NULL, cred, &ttl)) != SEC_E_OK)
183 trace("AcquireCredentialsHandle() returned %s\n", getSecError(ret));
186 ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
192 /**********************************************************************/
194 SECURITY_STATUS setupBuffers(PSecBufferDesc *new_in_buf,
195 PSecBufferDesc *new_out_buf)
197 int size = MAX_MESSAGE;
199 PSecBufferDesc in_buf = HeapAlloc(GetProcessHeap(), 0,
200 sizeof(SecBufferDesc));
201 PSecBufferDesc out_buf = HeapAlloc(GetProcessHeap(), 0,
202 sizeof(PSecBufferDesc));
206 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
208 if(sec_buffer == NULL){
209 trace("in_buf: sec_buffer == NULL\n");
210 return SEC_E_INSUFFICIENT_MEMORY;
213 buffer = HeapAlloc(GetProcessHeap(), 0, size);
216 trace("in_buf: buffer == NULL\n");
217 return SEC_E_INSUFFICIENT_MEMORY;
220 in_buf->ulVersion = SECBUFFER_VERSION;
221 in_buf->cBuffers = 1;
222 in_buf->pBuffers = sec_buffer;
224 sec_buffer->cbBuffer = size;
225 sec_buffer->BufferType = SECBUFFER_TOKEN;
226 sec_buffer->pvBuffer = buffer;
227 *new_in_buf = in_buf;
231 trace("HeapAlloc in_buf returned NULL\n");
232 return SEC_E_INSUFFICIENT_MEMORY;
237 PSecBuffer sec_buffer = HeapAlloc(GetProcessHeap(), 0,
241 if(sec_buffer == NULL){
242 trace("out_buf: sec_buffer == NULL\n");
243 return SEC_E_INSUFFICIENT_MEMORY;
246 buffer = HeapAlloc(GetProcessHeap(), 0, size);
249 trace("out_buf: buffer == NULL\n");
250 return SEC_E_INSUFFICIENT_MEMORY;
253 out_buf->ulVersion = SECBUFFER_VERSION;
254 out_buf->cBuffers = 1;
255 out_buf->pBuffers = sec_buffer;
257 sec_buffer->cbBuffer = 0;
258 sec_buffer->BufferType = SECBUFFER_TOKEN;
259 sec_buffer->pvBuffer = buffer;
260 *new_out_buf = out_buf;
264 trace("HeapAlloc out_buf returned NULL\n");
265 return SEC_E_INSUFFICIENT_MEMORY;
271 /**********************************************************************/
273 void cleanupBuffers(PSecBufferDesc in_buf, PSecBufferDesc out_buf)
279 for(i = 0; i < in_buf->cBuffers; ++i)
281 HeapFree(GetProcessHeap(), 0, in_buf->pBuffers[i].pvBuffer);
283 HeapFree(GetProcessHeap(), 0, in_buf->pBuffers);
284 HeapFree(GetProcessHeap(), 0, in_buf);
289 for(i = 0; i < out_buf->cBuffers; ++i)
291 HeapFree(GetProcessHeap(), 0, out_buf->pBuffers[i].pvBuffer);
293 HeapFree(GetProcessHeap(), 0, out_buf->pBuffers);
294 HeapFree(GetProcessHeap(), 0, out_buf);
298 /**********************************************************************/
300 SECURITY_STATUS runClient(PCredHandle cred, PCtxtHandle ctxt,
301 PSecBufferDesc in_buf, PSecBufferDesc out_buf, BOOL first)
304 ULONG req_attr = ISC_REQ_CONNECTION;
308 trace("Running the client the %s time.\n", first?"first":"second");
310 ret = pInitializeSecurityContextA(cred, first?NULL:ctxt, NULL, req_attr,
311 0, SECURITY_NATIVE_DREP, first?NULL:in_buf, 0, ctxt, out_buf,
314 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
316 pCompleteAuthToken(ctxt, out_buf);
317 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
318 ret = SEC_I_CONTINUE_NEEDED;
319 else if(ret == SEC_I_COMPLETE_NEEDED)
326 /**********************************************************************/
328 SECURITY_STATUS runServer(PCredHandle cred, PCtxtHandle ctxt,
329 PSecBufferDesc in_buf, PSecBufferDesc out_buf, BOOL first)
335 trace("Running the server the %s time\n", first?"first":"second");
337 ret = pAcceptSecurityContext(cred, first?NULL:ctxt, in_buf, 0,
338 SECURITY_NATIVE_DREP, ctxt, out_buf, &ctxt_attr, &ttl);
340 if(ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
342 pCompleteAuthToken(ctxt, out_buf);
343 if(ret == SEC_I_COMPLETE_AND_CONTINUE)
344 ret = SEC_I_CONTINUE_NEEDED;
345 else if(ret == SEC_I_COMPLETE_NEEDED)
353 /**********************************************************************/
355 void communicate(PSecBufferDesc in_buf, PSecBufferDesc out_buf)
357 if(in_buf != NULL && out_buf != NULL)
359 trace("Running communicate.\n");
360 if((in_buf->cBuffers >= 1) && (out_buf->cBuffers >= 1))
362 if((in_buf->pBuffers[0].pvBuffer != NULL) &&
363 (out_buf->pBuffers[0].pvBuffer != NULL))
365 memset(out_buf->pBuffers[0].pvBuffer, 0, MAX_MESSAGE);
367 memcpy(out_buf->pBuffers[0].pvBuffer,
368 in_buf->pBuffers[0].pvBuffer,
369 in_buf->pBuffers[0].cbBuffer);
371 out_buf->pBuffers[0].cbBuffer = in_buf->pBuffers[0].cbBuffer;
373 memset(in_buf->pBuffers[0].pvBuffer, 0, MAX_MESSAGE);
379 /**********************************************************************/
381 /*--------------------------------------------------------- */
382 /* The test functions */
384 static void testInitSecurityInterface(void)
386 PSecurityFunctionTable sec_fun_table = NULL;
388 sec_fun_table = pInitSecurityInterfaceA();
389 ok(sec_fun_table != NULL, "InitSecurityInterface() returned NULL.\n");
393 static void testEnumerateSecurityPackages(void)
396 SECURITY_STATUS sec_status;
397 ULONG num_packages, i;
398 PSecPkgInfo pkg_info = NULL;
400 trace("Running testEnumerateSecurityPackages\n");
402 sec_status = pEnumerateSecurityPackagesA(&num_packages, &pkg_info);
404 ok(sec_status == SEC_E_OK,
405 "EnumerateSecurityPackages() should return %ld, not %08lx\n",
406 (LONG)SEC_E_OK, (LONG)sec_status);
408 ok(num_packages > 0, "Number of sec packages should be > 0 ,but is %ld\n",
412 "pkg_info should not be NULL after EnumerateSecurityPackages\n");
414 trace("Number of packages: %ld\n", num_packages);
415 for(i = 0; i < num_packages; ++i){
416 trace("%ld: Package \"%s\"\n", i, pkg_info[i].Name);
417 trace("Supported flags:\n");
418 if(pkg_info[i].fCapabilities & SECPKG_FLAG_INTEGRITY)
419 trace("\tSECPKG_FLAG_INTEGRITY\n");
420 if(pkg_info[i].fCapabilities & SECPKG_FLAG_PRIVACY)
421 trace("\tSECPKG_FLAG_PRIVACY\n");
422 if(pkg_info[i].fCapabilities & SECPKG_FLAG_TOKEN_ONLY)
423 trace("\tSECPKG_FLAG_TOKEN_ONLY\n");
424 if(pkg_info[i].fCapabilities & SECPKG_FLAG_DATAGRAM)
425 trace("\tSECPKG_FLAG_DATAGRAM\n");
426 if(pkg_info[i].fCapabilities & SECPKG_FLAG_CONNECTION)
427 trace("\tSECPKG_FLAG_CONNECTION\n");
428 if(pkg_info[i].fCapabilities & SECPKG_FLAG_MULTI_REQUIRED)
429 trace("\tSECPKG_FLAG_MULTI_REQUIRED\n");
430 if(pkg_info[i].fCapabilities & SECPKG_FLAG_CLIENT_ONLY)
431 trace("\tSECPKG_FLAG_CLIENT_ONLY\n");
432 if(pkg_info[i].fCapabilities & SECPKG_FLAG_EXTENDED_ERROR)
433 trace("\tSECPKG_FLAG_EXTENDED_ERROR\n");
434 if(pkg_info[i].fCapabilities & SECPKG_FLAG_IMPERSONATION)
435 trace("\tSECPKG_FLAG_IMPERSONATION\n");
436 if(pkg_info[i].fCapabilities & SECPKG_FLAG_ACCEPT_WIN32_NAME)
437 trace("\tSECPKG_FLAG_ACCEPT_WIN32_NAME\n");
438 if(pkg_info[i].fCapabilities & SECPKG_FLAG_STREAM)
439 trace("\tSECPKG_FLAG_STREAM\n");
440 if(pkg_info[i].fCapabilities & SECPKG_FLAG_READONLY_WITH_CHECKSUM)
441 trace("\tSECPKG_FLAG_READONLY_WITH_CHECKSUM\n");
442 trace("Comment: %s\n", pkg_info[i].Comment);
446 pFreeContextBuffer(pkg_info);
450 static void testQuerySecurityPackageInfo(void)
452 SECURITY_STATUS sec_status;
453 SEC_CHAR sec_pkg_name[256];
454 PSecPkgInfo pkg_info = NULL;
458 trace("Running testQuerySecurityPackageInfo\n");
460 /* Test with an existing package. Test should pass */
462 lstrcpy(sec_pkg_name, "NTLM");
464 sec_status = setupPackageA(sec_pkg_name, &pkg_info);
466 ok((sec_status == SEC_E_OK) || (sec_status == SEC_E_SECPKG_NOT_FOUND),
467 "Return value of QuerySecurityPackageInfo() shouldn't be %s\n",
468 getSecError(sec_status) );
470 if(pkg_info != NULL){
471 max_token = pkg_info->cbMaxToken;
472 version = pkg_info->wVersion;
473 ok(version == 1, "wVersion always should be 1, but is %d\n", version);
475 ok(max_token == 12000, "cbMaxToken for NTLM is %ld, not 12000.\n",
481 sec_status = pFreeContextBuffer(&pkg_info);
483 ok( sec_status == SEC_E_OK,
484 "Return value of FreeContextBuffer() shouldn't be %s\n",
485 getSecError(sec_status) );
487 /* Test with a nonexistent package, test should fail */
489 lstrcpy(sec_pkg_name, "Winetest");
491 sec_status = pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info);
493 ok( sec_status != SEC_E_OK,
494 "Return value of QuerySecurityPackageInfo() should not be %s for a nonexistent package\n", getSecError(SEC_E_OK));
496 sec_status = pFreeContextBuffer(&pkg_info);
498 ok( sec_status == SEC_E_OK,
499 "Return value of FreeContextBuffer() shouldn't be %s\n",
500 getSecError(sec_status) );
505 void testAuth(const char* sec_pkg, const char* domain)
507 SECURITY_STATUS sec_status;
508 PSecPkgInfo pkg_info = NULL;
509 CredHandle server_cred;
510 CredHandle client_cred;
511 CtxtHandle server_ctxt;
512 CtxtHandle client_ctxt;
513 SEC_CHAR sec_pkg_name[256];
515 PSecBufferDesc client_in = NULL, client_out = NULL;
516 PSecBufferDesc server_in = NULL, server_out = NULL;
518 BOOL continue_client = FALSE, continue_server = FALSE;
520 lstrcpy(sec_pkg_name, sec_pkg);
521 if(setupPackageA(sec_pkg_name, &pkg_info) == SEC_E_OK)
523 pFreeContextBuffer(&pkg_info);
524 sec_status = setupClient(&client_cred, "testuser", "testpass", domain,
527 if(sec_status != SEC_E_OK)
529 trace("Error: Setting up the client returned %s, exiting test!\n",
530 getSecError(sec_status));
531 pFreeCredentialsHandle(&client_cred);
535 sec_status = setupServer(&server_cred, sec_pkg_name);
537 if(sec_status != SEC_E_OK)
539 trace("Error: Setting up the server returned %s, exiting test!\n",
540 getSecError(sec_status));
541 pFreeCredentialsHandle(&server_cred);
542 pFreeCredentialsHandle(&client_cred);
546 setupBuffers(&client_in, &client_out);
547 setupBuffers(&server_in, &server_out);
549 sec_status = runClient(&client_cred, &client_ctxt, client_in, client_out,
552 ok(sec_status == SEC_E_OK || sec_status == SEC_I_CONTINUE_NEEDED,
553 "Running the client returned %s, more tests will fail from now.\n",
554 getSecError(sec_status));
556 if(sec_status == SEC_I_CONTINUE_NEEDED)
557 continue_client = TRUE;
559 communicate(client_out, server_in);
561 sec_status = runServer(&server_cred, &server_ctxt, server_in, server_out,
564 ok(sec_status == SEC_E_OK || sec_status == SEC_I_CONTINUE_NEEDED,
565 "Running the server returned %s, more tests will fail from now.\n",
566 getSecError(sec_status));
568 if(sec_status == SEC_I_CONTINUE_NEEDED)
570 continue_server = TRUE;
571 communicate(server_out, client_in);
576 sec_status = runClient(&client_cred, &client_ctxt, client_in, client_out,
579 ok(sec_status == SEC_E_OK,
580 "Running the client returned %s, more tests will fail from now.\n",
581 getSecError(sec_status));
583 communicate(client_out, server_in);
588 sec_status = runServer(&server_cred, &server_ctxt, server_in, server_out,
590 ok(sec_status == SEC_E_OK || SEC_E_LOGON_DENIED,
591 "Running the server returned %s.\n", getSecError(sec_status));
594 cleanupBuffers(client_in, client_out);
595 cleanupBuffers(server_in, server_out);
597 sec_status = pDeleteSecurityContext(&server_ctxt);
598 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(server) returned %s\n",
599 getSecError(sec_status));
601 sec_status = pDeleteSecurityContext(&client_ctxt);
602 ok(sec_status == SEC_E_OK, "DeleteSecurityContext(client) returned %s\n",
603 getSecError(sec_status));
605 sec_status = pFreeCredentialsHandle(&server_cred);
606 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(server) returned %s\n",
607 getSecError(sec_status));
609 sec_status = pFreeCredentialsHandle(&client_cred);
610 ok(sec_status == SEC_E_OK, "FreeCredentialsHandle(client) returned %s\n",
611 getSecError(sec_status));
615 trace("Package not installed, skipping test.\n");
617 pFreeContextBuffer(&pkg_info);
624 if(pInitSecurityInterfaceA)
625 testInitSecurityInterface();
626 if(pFreeContextBuffer)
628 if(pEnumerateSecurityPackagesA)
629 testEnumerateSecurityPackages();
630 if(pQuerySecurityPackageInfoA)
632 testQuerySecurityPackageInfo();
633 if(pInitSecurityInterfaceA)
634 testAuth("NTLM", "WORKGROUP");
projects / wine / blob