dlls/secur32/tests/main.c

   1 /*
   2  * Miscellaneous secur32 tests
   3  *
   4  * Copyright 2005 Kai Blin
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  */
  20
  21 #define SECURITY_WIN32
  22
  23 #include <stdio.h>
  24 #include <stdarg.h>
  25 #include <windows.h>
  26 #include "wine/test.h"
  27 #include <winbase.h>
  28 #include <sspi.h>
  29
  30 #define BUFF_SIZE 2048
  31 #define MAX_MESSAGE 12000
  32
  33 /*---------------------------------------------------------*/
  34 /* General helper functions */
  35
  36 static const char* getSecStatusError(SECURITY_STATUS status)
  37 {
  38 #define _SEC_ERR(x) case (x): return #x;
  39     switch(status)
  40     {
  41         _SEC_ERR(SEC_E_OK);
  42         _SEC_ERR(SEC_E_INSUFFICIENT_MEMORY);
  43         _SEC_ERR(SEC_E_INVALID_HANDLE);
  44         _SEC_ERR(SEC_E_UNSUPPORTED_FUNCTION);
  45         _SEC_ERR(SEC_E_TARGET_UNKNOWN);
  46         _SEC_ERR(SEC_E_INTERNAL_ERROR);
  47         _SEC_ERR(SEC_E_SECPKG_NOT_FOUND);
  48         _SEC_ERR(SEC_E_NOT_OWNER);
  49         _SEC_ERR(SEC_E_CANNOT_INSTALL);
  50         _SEC_ERR(SEC_E_INVALID_TOKEN);
  51         _SEC_ERR(SEC_E_CANNOT_PACK);
  52         _SEC_ERR(SEC_E_QOP_NOT_SUPPORTED);
  53         _SEC_ERR(SEC_E_NO_IMPERSONATION);
  54         _SEC_ERR(SEC_I_CONTINUE_NEEDED);
  55         default:
  56             trace("Error = %ld\n", status);
  57             return "Unknown error";
  58     }
  59 #undef _SEC_ERR
  60 }
  61
  62 /*---------------------------------------------------------*/
  63 /* Helper for testQuerySecurityPagageInfo */
  64
  65 static SECURITY_STATUS setupPackageA(SEC_CHAR *p_package_name,
  66         PSecPkgInfo *p_pkg_info)
  67 {
  68     SECURITY_STATUS ret = SEC_E_SECPKG_NOT_FOUND;
  69
  70     ret = QuerySecurityPackageInfoA( p_package_name, p_pkg_info);
  71     return ret;
  72 }
  73
  74 /*---------------------------------------------------------*/
  75 /* Helper for testAuthentication */
  76
  77 static int genClientContext(PBYTE in, DWORD in_count, PBYTE out,
  78         DWORD *out_count, BOOL *done, char *target, CredHandle *cred_handle,
  79         PCtxtHandle ctxt_handle, PSecurityFunctionTable sft)
  80 {
  81     SECURITY_STATUS sec_status;
  82     TimeStamp       ttl;
  83     SecBufferDesc   in_sec_buff_desc, out_sec_buff_desc;
  84     SecBuffer       in_sec_buff, out_sec_buff;
  85     ULONG           context_attr;
  86
  87     if(in == NULL){
  88         sec_status = (sft->AcquireCredentialsHandle)(NULL, "Negotiate",
  89                 SECPKG_CRED_OUTBOUND, NULL, NULL, NULL, NULL, cred_handle,
  90                 &ttl);
  91         ok(sec_status == SEC_E_OK,
  92                 "Client AcquireCredentialsHandle should not return %s\n",
  93                 getSecStatusError(sec_status) );
  94     }
  95
  96     out_sec_buff_desc.ulVersion = 0;
  97     out_sec_buff_desc.cBuffers  = 1;
  98     out_sec_buff_desc.pBuffers  = &out_sec_buff;
  99
 100     out_sec_buff.cbBuffer   = *out_count;
 101     out_sec_buff.BufferType = SECBUFFER_TOKEN;
 102     out_sec_buff.pvBuffer = out;
 103
 104     if(in){
 105         /* we got some data, initialize input buffer, too. */
 106         in_sec_buff_desc.ulVersion = 0;
 107         in_sec_buff_desc.cBuffers  = 1;
 108         in_sec_buff_desc.pBuffers  = &in_sec_buff;
 109
 110         in_sec_buff.cbBuffer   = in_count;
 111         in_sec_buff.BufferType = SECBUFFER_TOKEN;
 112         in_sec_buff.pvBuffer = in;
 113
 114         sec_status = (sft->InitializeSecurityContext)( cred_handle, ctxt_handle,
 115                 target,ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP,
 116                 &in_sec_buff_desc, 0, ctxt_handle, &out_sec_buff_desc,
 117                 &context_attr, &ttl);
 118
 119     }
 120     else {
 121         sec_status = (sft->InitializeSecurityContext)( cred_handle, NULL,
 122                 target, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, NULL,
 123                 0, ctxt_handle, &out_sec_buff_desc, &context_attr, &ttl);
 124     }
 125
 126     if( (sec_status == SEC_I_COMPLETE_NEEDED) ||
 127             (sec_status == SEC_I_COMPLETE_AND_CONTINUE)){
 128         if(sft->CompleteAuthToken != NULL){
 129             sec_status = (sft->CompleteAuthToken)( ctxt_handle,
 130                     &out_sec_buff_desc);
 131             ok((sec_status == SEC_E_OK)||(sec_status == SEC_I_CONTINUE_NEEDED),
 132                     "CompleteAuthToken should not return %s\n",
 133                     getSecStatusError(sec_status));
 134
 135         }
 136
 137     }
 138
 139     *out_count = out_sec_buff.cbBuffer;
 140     *done = !( (sec_status == SEC_I_CONTINUE_NEEDED) ||
 141             (sec_status == SEC_I_COMPLETE_AND_CONTINUE));
 142
 143     return 0;
 144
 145 }
 146
 147 static int genServerContext(PBYTE in, DWORD in_count, PBYTE out,
 148         DWORD *out_count, BOOL *done, BOOL *new_conn, CredHandle *cred_handle,
 149         PCtxtHandle ctxt_handle, PSecurityFunctionTable sft)
 150 {
 151     SECURITY_STATUS sec_status;
 152     TimeStamp       ttl;
 153     SecBufferDesc   in_sec_buff_desc, out_sec_buff_desc;
 154     SecBuffer       in_sec_buff, out_sec_buff;
 155     DWORD           ctxt_attr;
 156
 157     out_sec_buff_desc.ulVersion = 0;
 158     out_sec_buff_desc.cBuffers  = 1;
 159     out_sec_buff_desc.pBuffers  = &out_sec_buff;
 160
 161     out_sec_buff.cbBuffer   = *out_count;
 162     out_sec_buff.BufferType = SECBUFFER_TOKEN;
 163     out_sec_buff.pvBuffer = out;
 164
 165     in_sec_buff_desc.ulVersion = 0;
 166     in_sec_buff_desc.cBuffers  = 1;
 167     in_sec_buff_desc.pBuffers  = &in_sec_buff;
 168
 169     in_sec_buff.cbBuffer   = in_count;
 170     in_sec_buff.BufferType = SECBUFFER_TOKEN;
 171     in_sec_buff.pvBuffer = in;
 172
 173     sec_status = (sft->AcceptSecurityContext)( cred_handle,
 174             *new_conn ? NULL : ctxt_handle,          /* maybe use an if here? */
 175             &in_sec_buff_desc, 0, SECURITY_NATIVE_DREP,
 176             ctxt_handle, &out_sec_buff_desc, &ctxt_attr, &ttl);
 177
 178    ok((sec_status == SEC_E_OK) || (sec_status == SEC_I_CONTINUE_NEEDED),
 179            "AcceptSecurityContext returned %s\n",
 180            getSecStatusError(sec_status));
 181
 182     if( (sec_status == SEC_I_COMPLETE_NEEDED) ||
 183             (sec_status == SEC_I_COMPLETE_AND_CONTINUE)){
 184         if(sft->CompleteAuthToken != NULL){
 185             sec_status = (sft->CompleteAuthToken)( ctxt_handle,
 186                     &out_sec_buff_desc);
 187
 188             ok((sec_status ==SEC_E_OK) || (sec_status ==SEC_I_CONTINUE_NEEDED),
 189                     "CompleteAuthToken should not return %s\n",
 190                     getSecStatusError(sec_status));
 191         }
 192     }
 193
 194     *out_count = out_sec_buff.cbBuffer;
 195     *done = !( (sec_status == SEC_I_CONTINUE_NEEDED) ||
 196             (sec_status == SEC_I_COMPLETE_AND_CONTINUE));
 197
 198     return 0;
 199
 200 }
 201
 202
 203 /*--------------------------------------------------------- */
 204 /* The test functions */
 205
 206 static void testInitSecurityInterface(void)
 207 {
 208     PSecurityFunctionTable sec_fun_table = NULL;
 209
 210     sec_fun_table = InitSecurityInterface();
 211     ok(sec_fun_table != NULL, "InitSecurityInterface() returned NULL.\n");
 212
 213 }
 214
 215 static void testEnumerateSecurityPackages(void)
 216 {
 217
 218     SECURITY_STATUS sec_status;
 219     ULONG           num_packages, i;
 220     PSecPkgInfo     pkg_info = NULL;
 221
 222     trace("Running testEnumerateSecurityPackages\n");
 223
 224     sec_status = EnumerateSecurityPackages(&num_packages, &pkg_info);
 225
 226     ok(sec_status == SEC_E_OK,
 227             "EnumerateSecurityPackages() should return %ld, not %08lx\n",
 228             (LONG)SEC_E_OK, (LONG)sec_status);
 229
 230     ok(num_packages > 0, "Number of sec packages should be > 0 ,but is %ld\n",
 231             num_packages);
 232
 233     ok(pkg_info != NULL,
 234             "pkg_info should not be NULL after EnumerateSecurityPackages\n");
 235
 236     trace("Number of packages: %ld\n", num_packages);
 237     for(i = 0; i < num_packages; ++i){
 238         trace("%ld: Package \"%s\"\n", i, pkg_info[i].Name);
 239         trace("Supported flags:\n");
 240         if(pkg_info[i].fCapabilities & SECPKG_FLAG_INTEGRITY)
 241             trace("\tSECPKG_FLAG_INTEGRITY\n");
 242         if(pkg_info[i].fCapabilities & SECPKG_FLAG_PRIVACY)
 243             trace("\tSECPKG_FLAG_PRIVACY\n");
 244         if(pkg_info[i].fCapabilities & SECPKG_FLAG_TOKEN_ONLY)
 245             trace("\tSECPKG_FLAG_TOKEN_ONLY\n");
 246         if(pkg_info[i].fCapabilities & SECPKG_FLAG_DATAGRAM)
 247             trace("\tSECPKG_FLAG_DATAGRAM\n");
 248         if(pkg_info[i].fCapabilities & SECPKG_FLAG_CONNECTION)
 249             trace("\tSECPKG_FLAG_CONNECTION\n");
 250         if(pkg_info[i].fCapabilities & SECPKG_FLAG_MULTI_REQUIRED)
 251             trace("\tSECPKG_FLAG_MULTI_REQUIRED\n");
 252         if(pkg_info[i].fCapabilities & SECPKG_FLAG_CLIENT_ONLY)
 253             trace("\tSECPKG_FLAG_CLIENT_ONLY\n");
 254         if(pkg_info[i].fCapabilities & SECPKG_FLAG_EXTENDED_ERROR)
 255             trace("\tSECPKG_FLAG_EXTENDED_ERROR\n");
 256         if(pkg_info[i].fCapabilities & SECPKG_FLAG_IMPERSONATION)
 257             trace("\tSECPKG_FLAG_IMPERSONATION\n");
 258         if(pkg_info[i].fCapabilities & SECPKG_FLAG_ACCEPT_WIN32_NAME)
 259             trace("\tSECPKG_FLAG_ACCEPT_WIN32_NAME\n");
 260         if(pkg_info[i].fCapabilities & SECPKG_FLAG_STREAM)
 261             trace("\tSECPKG_FLAG_STREAM\n");
 262         if(pkg_info[i].fCapabilities & SECPKG_FLAG_READONLY_WITH_CHECKSUM)
 263             trace("\tSECPKG_FLAG_READONLY_WITH_CHECKSUM\n");
 264         trace("Comment: %s\n", pkg_info[i].Comment);
 265         trace("\n");
 266     }
 267
 268     FreeContextBuffer(pkg_info);
 269 }
 270
 271
 272 static void testQuerySecurityPackageInfo(void)
 273 {
 274     SECURITY_STATUS     sec_status;
 275     SEC_CHAR            sec_pkg_name[256];
 276     PSecPkgInfo         pkg_info = NULL;
 277     ULONG               max_token = 0;
 278     USHORT              version = 0;
 279
 280     trace("Running testQuerySecurityPackageInfo\n");
 281
 282     /* Test with an existing package. Test should pass */
 283
 284     lstrcpy(sec_pkg_name, "Negotiate");
 285
 286     sec_status = setupPackageA(sec_pkg_name, &pkg_info);
 287
 288     ok(sec_status == SEC_E_OK,
 289        "Return value of QuerySecurityPackageInfo() shouldn't be %s\n",
 290        getSecStatusError(sec_status) );
 291     ok(pkg_info != NULL,
 292                 "QuerySecurityPackageInfo should give struct SecPkgInfo, but is NULL\n");
 293
 294     if(pkg_info != NULL){
 295         max_token = pkg_info->cbMaxToken;
 296         version   = pkg_info->wVersion;
 297     }
 298
 299     ok(version == 1, "wVersion always should be 1, but is %d\n", version);
 300     ok(max_token == 12000, "cbMaxToken for Negotiate is %ld, not 12000.\n",
 301             max_token);
 302
 303     sec_status = FreeContextBuffer(&pkg_info);
 304
 305     ok( sec_status == SEC_E_OK,
 306         "Return value of FreeContextBuffer() shouldn't be %s\n",
 307         getSecStatusError(sec_status) );
 308
 309     /* Test with a nonexistent package, test should fail */
 310
 311     lstrcpy(sec_pkg_name, "Winetest");
 312
 313     sec_status = QuerySecurityPackageInfo( sec_pkg_name, &pkg_info);
 314
 315     ok( sec_status != SEC_E_OK,
 316         "Return value of QuerySecurityPackageInfo() should not be %s for a nonexistent package\n", getSecStatusError(SEC_E_OK));
 317
 318     sec_status = FreeContextBuffer(&pkg_info);
 319
 320     ok( sec_status == SEC_E_OK,
 321         "Return value of FreeContextBuffer() shouldn't be %s\n",
 322         getSecStatusError(sec_status) );
 323
 324
 325 }
 326
 327 void testAuthentication(void)
 328 {
 329     CredHandle      server_cred, client_cred;
 330     CtxtHandle      server_ctxt, client_ctxt;
 331     BYTE            server_buff[MAX_MESSAGE];
 332     BYTE            client_buff[MAX_MESSAGE];
 333     SECURITY_STATUS sec_status;
 334     DWORD           count_server = MAX_MESSAGE;
 335     DWORD           count_client = MAX_MESSAGE;
 336     BOOL            done = FALSE, new_conn = TRUE;
 337     TimeStamp       server_ttl;
 338     PSecurityFunctionTable sft = NULL;
 339
 340     trace("Running testAuthentication\n");
 341
 342     sft = InitSecurityInterface();
 343
 344     ok(sft != NULL, "InitSecurityInterface() returned NULL!\n");
 345
 346     memset(&server_cred, 0, sizeof(CredHandle));
 347     memset(&client_cred, 0, sizeof(CredHandle));
 348     memset(&server_ctxt, 0, sizeof(CtxtHandle));
 349     memset(&client_ctxt, 0, sizeof(CtxtHandle));
 350
 351     sec_status = (sft->AcquireCredentialsHandle)(NULL, "Negotiate",
 352             SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &server_cred,
 353             &server_ttl);
 354
 355     ok(sec_status == SEC_E_OK,
 356             "Server's AcquireCredentialsHandle returned %s.\n",
 357             getSecStatusError(sec_status) );
 358
 359
 360     genClientContext(NULL, 0, server_buff, &count_server, &done, "foo",
 361             &client_cred, &client_ctxt, sft);
 362
 363     while(!done){
 364         genServerContext(server_buff, count_server, client_buff,
 365                 &count_client, &done, &new_conn, &server_cred, &server_ctxt,
 366                 sft);
 367         new_conn = FALSE;
 368         genClientContext(client_buff, count_client, server_buff,
 369                 &count_server, &done, "foo", &client_cred, &client_ctxt, sft);
 370     }
 371
 372     FreeContextBuffer(&client_buff);
 373     FreeContextBuffer(&server_buff);
 374
 375 }
 376
 377 START_TEST(main)
 378 {
 379     testInitSecurityInterface();
 380     testEnumerateSecurityPackages();
 381     testQuerySecurityPackageInfo();
 382     testAuthentication();
 383 }