/* * tests * * Copyright 2006 Robert Reif * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ #include #include #include #include #include #include #include #define SECURITY_WIN32 #include #include #include #include #include #include #include "wine/test.h" static HMODULE secdll; static SECURITY_STATUS (SEC_ENTRY *pSspiEncodeAuthIdentityAsStrings) (PSEC_WINNT_AUTH_IDENTITY_OPAQUE, PCWSTR *, PCWSTR *, PCWSTR *); static SECURITY_STATUS (SEC_ENTRY *pSspiEncodeStringsAsAuthIdentity) (PCWSTR, PCWSTR, PCWSTR, PSEC_WINNT_AUTH_IDENTITY_OPAQUE *); static void (SEC_ENTRY *pSspiFreeAuthIdentity) (PSEC_WINNT_AUTH_IDENTITY_OPAQUE); static void (SEC_ENTRY *pSspiLocalFree) (void *); static SECURITY_STATUS (SEC_ENTRY *pSspiPrepareForCredWrite) (PSEC_WINNT_AUTH_IDENTITY_OPAQUE, PCWSTR, PULONG, PCWSTR *, PCWSTR *, PUCHAR *, PULONG); static void (SEC_ENTRY *pSspiZeroAuthIdentity) (PSEC_WINNT_AUTH_IDENTITY_OPAQUE); static BOOLEAN (WINAPI * pGetComputerObjectNameA)(EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG lpnSize); static BOOLEAN (WINAPI * pGetComputerObjectNameW)(EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG lpnSize); static BOOLEAN (WINAPI * pGetUserNameExA)(EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG lpnSize); static BOOLEAN (WINAPI * pGetUserNameExW)(EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG lpnSize); static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void); static PSecurityFunctionTableW (SEC_ENTRY * pInitSecurityInterfaceW)(void); static EXTENDED_NAME_FORMAT formats[] = { NameUnknown, NameFullyQualifiedDN, NameSamCompatible, NameDisplay, NameUniqueId, NameCanonical, NameUserPrincipal, NameCanonicalEx, NameServicePrincipal, NameDnsDomain }; static void testGetComputerObjectNameA(void) { char name[256]; ULONG size; BOOLEAN rc; UINT i; for (i = 0; i < ARRAY_SIZE(formats); i++) { size = 0; SetLastError(0xdeadbeef); rc = pGetComputerObjectNameA(formats[i], NULL, &size); ok(!rc, "GetComputerObjectName(%u) should fail\n", formats[i]); switch (formats[i]) { case NameUnknown: ok(GetLastError() == ERROR_INVALID_PARAMETER, "%u: got %u\n", formats[i], GetLastError()); break; default: ok(GetLastError() == ERROR_NONE_MAPPED || GetLastError() == ERROR_NO_SUCH_USER || GetLastError() == ERROR_CANT_ACCESS_DOMAIN_INFO || GetLastError() == ERROR_INSUFFICIENT_BUFFER, "%u: got %u\n", formats[i], GetLastError()); break; } if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) continue; size = sizeof(name); SetLastError(0xdeadbeef); rc = pGetComputerObjectNameA(formats[i], name, &size); switch (formats[i]) { case NameUnknown: ok(!rc, "GetComputerObjectName(%u) should fail\n", formats[i]); ok(GetLastError() == ERROR_INVALID_PARAMETER, "%u: got %u\n", formats[i], GetLastError()); break; default: ok(rc, "GetComputerObjectName(%u) error %u\n", formats[i], GetLastError()); trace("GetComputerObjectName(%u) returned %s\n", formats[i], name); break; } } } static void testGetComputerObjectNameW(void) { WCHAR nameW[256]; ULONG size; BOOLEAN rc; UINT i; for (i = 0; i < ARRAY_SIZE(formats); i++) { size = 0; SetLastError(0xdeadbeef); rc = pGetComputerObjectNameW(formats[i], NULL, &size); ok(!rc || broken(rc) /* win10 */, "GetComputerObjectName(%u) should fail\n", formats[i]); switch (formats[i]) { case NameUnknown: ok(GetLastError() == ERROR_INVALID_PARAMETER, "%u: got %u\n", formats[i], GetLastError()); break; default: ok(GetLastError() == ERROR_NONE_MAPPED || GetLastError() == ERROR_NO_SUCH_USER || GetLastError() == ERROR_CANT_ACCESS_DOMAIN_INFO || GetLastError() == WSAHOST_NOT_FOUND || GetLastError() == ERROR_INSUFFICIENT_BUFFER, "%u: got %u\n", formats[i], GetLastError()); break; } if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) continue; size = ARRAY_SIZE(nameW); SetLastError(0xdeadbeef); rc = pGetComputerObjectNameW(formats[i], nameW, &size); switch (formats[i]) { case NameUnknown: ok(!rc, "GetComputerObjectName(%u) should fail\n", formats[i]); ok(GetLastError() == ERROR_INVALID_PARAMETER, "%u: got %u\n", formats[i], GetLastError()); break; default: ok(rc, "GetComputerObjectName(%u) error %u\n", formats[i], GetLastError()); trace("GetComputerObjectName(%u) returned %s\n", formats[i], wine_dbgstr_w(nameW)); break; } } } static void testGetUserNameExA(void) { char name[256]; ULONG size; BOOLEAN rc; UINT i; for (i = 0; i < ARRAY_SIZE(formats); i++) { size = sizeof(name); ZeroMemory(name, sizeof(name)); rc = pGetUserNameExA(formats[i], name, &size); ok(rc || (formats[i] == NameUnknown && GetLastError() == ERROR_NO_SUCH_USER) || GetLastError() == ERROR_NONE_MAPPED || broken(formats[i] == NameDnsDomain && GetLastError() == ERROR_INVALID_PARAMETER), "GetUserNameExW(%d) failed: %d\n", formats[i], GetLastError()); } if (0) /* Crashes on Windows */ pGetUserNameExA(NameSamCompatible, NULL, NULL); size = 0; rc = pGetUserNameExA(NameSamCompatible, NULL, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(size != 0, "Expected size to be set to required size\n"); if (0) /* Crashes on Windows with big enough size */ { /* Returned size is already big enough */ pGetUserNameExA(NameSamCompatible, NULL, &size); } size = 0; rc = pGetUserNameExA(NameSamCompatible, name, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(size != 0, "Expected size to be set to required size\n"); size = 1; name[0] = 0xff; rc = pGetUserNameExA(NameSamCompatible, name, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(1 < size, "Expected size to be set to required size\n"); ok(name[0] == (char) 0xff, "Expected unchanged buffer\n"); } static void testGetUserNameExW(void) { WCHAR nameW[256]; ULONG size; BOOLEAN rc; UINT i; for (i = 0; i < ARRAY_SIZE(formats); i++) { size = sizeof(nameW); ZeroMemory(nameW, sizeof(nameW)); rc = pGetUserNameExW(formats[i], nameW, &size); ok(rc || (formats[i] == NameUnknown && GetLastError() == ERROR_NO_SUCH_USER) || GetLastError() == ERROR_NONE_MAPPED || broken(formats[i] == NameDnsDomain && GetLastError() == ERROR_INVALID_PARAMETER), "GetUserNameExW(%d) failed: %d\n", formats[i], GetLastError()); } if (0) /* Crashes on Windows */ pGetUserNameExW(NameSamCompatible, NULL, NULL); size = 0; rc = pGetUserNameExW(NameSamCompatible, NULL, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(size != 0, "Expected size to be set to required size\n"); if (0) /* Crashes on Windows with big enough size */ { /* Returned size is already big enough */ pGetUserNameExW(NameSamCompatible, NULL, &size); } size = 0; rc = pGetUserNameExW(NameSamCompatible, nameW, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(size != 0, "Expected size to be set to required size\n"); size = 1; nameW[0] = 0xff; rc = pGetUserNameExW(NameSamCompatible, nameW, &size); ok(! rc && GetLastError() == ERROR_MORE_DATA, "Expected fail with ERROR_MORE_DATA, got %d with %u\n", rc, GetLastError()); ok(1 < size, "Expected size to be set to required size\n"); ok(nameW[0] == (WCHAR) 0xff, "Expected unchanged buffer\n"); } static void test_InitSecurityInterface(void) { PSecurityFunctionTableA sftA; PSecurityFunctionTableW sftW; sftA = pInitSecurityInterfaceA(); ok(sftA != NULL, "pInitSecurityInterfaceA failed\n"); ok(sftA->dwVersion == SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION, "wrong dwVersion %d in security function table\n", sftA->dwVersion); ok(!sftA->Reserved2, "Reserved2 should be NULL instead of %p in security function table\n", sftA->Reserved2); ok(sftA->Reserved3 == sftA->EncryptMessage, "Reserved3 should be equal to EncryptMessage in the security function table\n"); ok(sftA->Reserved4 == sftA->DecryptMessage, "Reserved4 should be equal to DecryptMessage in the security function table\n"); if (!pInitSecurityInterfaceW) { win_skip("InitSecurityInterfaceW not exported by secur32.dll\n"); return; } sftW = pInitSecurityInterfaceW(); ok(sftW != NULL, "pInitSecurityInterfaceW failed\n"); ok(sftW->dwVersion == SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION, "wrong dwVersion %d in security function table\n", sftW->dwVersion); ok(!sftW->Reserved2, "Reserved2 should be NULL instead of %p in security function table\n", sftW->Reserved2); ok(sftW->Reserved3 == sftW->EncryptMessage, "Reserved3 should be equal to EncryptMessage in the security function table\n"); ok(sftW->Reserved4 == sftW->DecryptMessage, "Reserved4 should be equal to DecryptMessage in the security function table\n"); } static void test_SspiEncodeStringsAsAuthIdentity(void) { static const WCHAR username[] = {'u','s','e','r','n','a','m','e',0}; static const WCHAR domainname[] = {'d','o','m','a','i','n','n','a','m','e',0}; static const WCHAR password[] = {'p','a','s','s','w','o','r','d',0}; const WCHAR *username_ptr, *domainname_ptr, *password_ptr; PSEC_WINNT_AUTH_IDENTITY_OPAQUE id; SECURITY_STATUS status; if (!pSspiEncodeStringsAsAuthIdentity) { win_skip( "SspiEncodeAuthIdentityAsStrings not exported by secur32.dll\n" ); return; } status = pSspiEncodeStringsAsAuthIdentity( NULL, NULL, NULL, NULL ); ok( status == SEC_E_INVALID_TOKEN, "got %08x\n", status ); id = (PSEC_WINNT_AUTH_IDENTITY_OPAQUE)0xdeadbeef; status = pSspiEncodeStringsAsAuthIdentity( NULL, NULL, NULL, &id ); ok( status == SEC_E_INVALID_TOKEN, "got %08x\n", status ); ok( id == (PSEC_WINNT_AUTH_IDENTITY_OPAQUE)0xdeadbeef, "id set\n" ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( NULL, NULL, password, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); pSspiFreeAuthIdentity( id ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( NULL, domainname, password, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); pSspiFreeAuthIdentity( id ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( username, NULL, password, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); pSspiFreeAuthIdentity( id ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( username, NULL, NULL, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); pSspiFreeAuthIdentity( id ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( username, domainname, password, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); username_ptr = domainname_ptr = password_ptr = NULL; status = pSspiEncodeAuthIdentityAsStrings( id, &username_ptr, &domainname_ptr, &password_ptr ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( !lstrcmpW( username, username_ptr ), "wrong username\n" ); ok( !lstrcmpW( domainname, domainname_ptr ), "wrong domainname\n" ); ok( !lstrcmpW( password, password_ptr ), "wrong password\n" ); pSspiZeroAuthIdentity( id ); pSspiLocalFree( (void *)username_ptr ); pSspiLocalFree( (void *)domainname_ptr ); pSspiLocalFree( (void *)password_ptr ); pSspiFreeAuthIdentity( id ); id = NULL; status = pSspiEncodeStringsAsAuthIdentity( username, NULL, password, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( id != NULL, "id not set\n" ); username_ptr = password_ptr = NULL; domainname_ptr = (const WCHAR *)0xdeadbeef; status = pSspiEncodeAuthIdentityAsStrings( id, &username_ptr, &domainname_ptr, &password_ptr ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( !lstrcmpW( username, username_ptr ), "wrong username\n" ); ok( domainname_ptr == NULL, "domainname_ptr not cleared\n" ); ok( !lstrcmpW( password, password_ptr ), "wrong password\n" ); pSspiLocalFree( (void *)username_ptr ); pSspiLocalFree( (void *)password_ptr ); pSspiFreeAuthIdentity( id ); } static void test_SspiPrepareForCredWrite(void) { static const WCHAR usernameW[] = {'u','s','e','r','n','a','m','e',0}; static const WCHAR domainnameW[] = {'d','o','m','a','i','n','n','a','m','e',0}; static const WCHAR passwordW[] = {'p','a','s','s','w','o','r','d',0}; static const WCHAR targetW[] = {'d','o','m','a','i','n','n','a','m','e','\\','u','s','e','r','n','a','m','e',0}; static const WCHAR target2W[] = {'d','o','m','a','i','n','n','a','m','e','2','\\','u','s','e','r','n','a','m','e','2',0}; const WCHAR *target, *username; PSEC_WINNT_AUTH_IDENTITY_OPAQUE id; SECURITY_STATUS status; ULONG type, size; UCHAR *blob; if (!pSspiPrepareForCredWrite) { win_skip( "SspiPrepareForCredWrite not exported by secur32.dll\n" ); return; } status = pSspiEncodeStringsAsAuthIdentity( usernameW, domainnameW, passwordW, &id ); ok( status == SEC_E_OK, "got %08x\n", status ); type = size = 0; status = pSspiPrepareForCredWrite( id, NULL, &type, &target, &username, &blob, &size ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( type == CRED_TYPE_DOMAIN_PASSWORD, "got %u\n", type ); ok( !lstrcmpW( target, targetW ), "got %s\n", wine_dbgstr_w(target) ); ok( !lstrcmpW( username, targetW ), "got %s\n", wine_dbgstr_w(username) ); ok( !memcmp( blob, passwordW, sizeof(passwordW) - sizeof(WCHAR) ), "wrong data\n" ); ok( size == sizeof(passwordW) - sizeof(WCHAR), "got %u\n", size ); pSspiLocalFree( (void *)target ); pSspiLocalFree( (void *)username ); pSspiLocalFree( blob ); type = size = 0; status = pSspiPrepareForCredWrite( id, target2W, &type, &target, &username, &blob, &size ); ok( status == SEC_E_OK, "got %08x\n", status ); ok( type == CRED_TYPE_DOMAIN_PASSWORD, "got %u\n", type ); ok( !lstrcmpW( target, target2W ), "got %s\n", wine_dbgstr_w(target) ); ok( !lstrcmpW( username, targetW ), "got %s\n", wine_dbgstr_w(username) ); ok( !memcmp( blob, passwordW, sizeof(passwordW) - sizeof(WCHAR) ), "wrong data\n" ); ok( size == sizeof(passwordW) - sizeof(WCHAR), "got %u\n", size ); pSspiLocalFree( (void *)target ); pSspiLocalFree( (void *)username ); pSspiLocalFree( blob ); pSspiFreeAuthIdentity( id ); } static void test_kerberos(void) { SecPkgInfoA *info; TimeStamp ttl; CredHandle cred; SECURITY_STATUS status; SEC_CHAR provider[] = {'K','e','r','b','e','r','o','s',0}; static const ULONG expected_flags = SECPKG_FLAG_INTEGRITY | SECPKG_FLAG_PRIVACY | SECPKG_FLAG_TOKEN_ONLY | SECPKG_FLAG_DATAGRAM | SECPKG_FLAG_CONNECTION | SECPKG_FLAG_MULTI_REQUIRED | SECPKG_FLAG_EXTENDED_ERROR | SECPKG_FLAG_IMPERSONATION | SECPKG_FLAG_ACCEPT_WIN32_NAME | SECPKG_FLAG_NEGOTIABLE | SECPKG_FLAG_GSS_COMPATIBLE | SECPKG_FLAG_LOGON | SECPKG_FLAG_MUTUAL_AUTH | SECPKG_FLAG_DELEGATION | SECPKG_FLAG_READONLY_WITH_CHECKSUM; static const ULONG optional_mask = SECPKG_FLAG_RESTRICTED_TOKENS | SECPKG_FLAG_APPCONTAINER_CHECKS | 0x02000000; /* not defined in the SDK */ status = QuerySecurityPackageInfoA(provider, &info); ok(status == SEC_E_OK, "Kerberos package not installed, skipping test\n"); if(status != SEC_E_OK) return; ok( (info->fCapabilities & ~optional_mask) == expected_flags, "got %08x, expected %08x\n", info->fCapabilities, expected_flags ); ok( info->wVersion == 1, "got %u\n", info->wVersion ); ok( info->wRPCID == RPC_C_AUTHN_GSS_KERBEROS, "got %u\n", info->wRPCID ); ok( info->cbMaxToken >= 12000, "got %u\n", info->cbMaxToken ); ok( !lstrcmpA( info->Name, "Kerberos" ), "got %s\n", info->Name ); ok( !lstrcmpA( info->Comment, "Microsoft Kerberos V1.0" ), "got %s\n", info->Comment ); FreeContextBuffer( info ); status = AcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL, NULL, NULL, NULL, &cred, &ttl ); todo_wine ok( status == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", status ); if(status == SEC_E_OK) FreeCredentialHandle( &cred ); } static void test_ticket_cache(void) { KERB_QUERY_TKT_CACHE_REQUEST req = { KerbQueryTicketCacheMessage }; KERB_QUERY_TKT_CACHE_RESPONSE *resp; NTSTATUS status; HANDLE lsa; ULONG package, len, i; LSA_STRING name; status = LsaConnectUntrusted( &lsa ); ok( !status, "got %08x\n", status ); RtlInitAnsiString( &name, MICROSOFT_KERBEROS_NAME_A ); status = LsaLookupAuthenticationPackage( lsa, &name, &package ); ok( !status, "got %08x\n", status ); status = LsaCallAuthenticationPackage( lsa, package, &req, sizeof(req), (void **)&resp, &len, &status ); ok( !status, "got %08x\n", status ); ok( resp->MessageType == KerbQueryTicketCacheMessage, "got %u\n", resp->MessageType ); for (i = 0; i < resp->CountOfTickets; i++) { KERB_TICKET_CACHE_INFO *info = &resp->Tickets[i]; trace( "ServerName %s\n", wine_dbgstr_wn(info->ServerName.Buffer, info->ServerName.Length/sizeof(WCHAR)) ); trace( "RealmName %s\n", wine_dbgstr_wn(info->RealmName.Buffer, info->RealmName.Length/sizeof(WCHAR)) ); trace( "EncryptionType %08x\n", info->EncryptionType ); trace( "TicketFlags %08x\n", info->TicketFlags ); } LsaFreeReturnBuffer( resp ); LsaDeregisterLogonProcess( lsa ); } START_TEST(secur32) { secdll = LoadLibraryA("secur32.dll"); if (!secdll) secdll = LoadLibraryA("security.dll"); if (secdll) { pSspiEncodeAuthIdentityAsStrings = (void *)GetProcAddress(secdll, "SspiEncodeAuthIdentityAsStrings"); pSspiEncodeStringsAsAuthIdentity = (void *)GetProcAddress(secdll, "SspiEncodeStringsAsAuthIdentity"); pSspiFreeAuthIdentity = (void *)GetProcAddress(secdll, "SspiFreeAuthIdentity"); pSspiLocalFree = (void *)GetProcAddress(secdll, "SspiLocalFree"); pSspiPrepareForCredWrite = (void *)GetProcAddress(secdll, "SspiPrepareForCredWrite"); pSspiZeroAuthIdentity = (void *)GetProcAddress(secdll, "SspiZeroAuthIdentity"); pGetComputerObjectNameA = (PVOID)GetProcAddress(secdll, "GetComputerObjectNameA"); pGetComputerObjectNameW = (PVOID)GetProcAddress(secdll, "GetComputerObjectNameW"); pGetUserNameExA = (PVOID)GetProcAddress(secdll, "GetUserNameExA"); pGetUserNameExW = (PVOID)GetProcAddress(secdll, "GetUserNameExW"); pInitSecurityInterfaceA = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceA"); pInitSecurityInterfaceW = (PVOID)GetProcAddress(secdll, "InitSecurityInterfaceW"); if (pGetComputerObjectNameA) testGetComputerObjectNameA(); else win_skip("GetComputerObjectNameA not exported by secur32.dll\n"); if (pGetComputerObjectNameW) testGetComputerObjectNameW(); else win_skip("GetComputerObjectNameW not exported by secur32.dll\n"); if (pGetUserNameExA) testGetUserNameExA(); else win_skip("GetUserNameExA not exported by secur32.dll\n"); if (pGetUserNameExW) testGetUserNameExW(); else win_skip("GetUserNameExW not exported by secur32.dll\n"); test_InitSecurityInterface(); test_SspiEncodeStringsAsAuthIdentity(); test_SspiPrepareForCredWrite(); FreeLibrary(secdll); } test_kerberos(); test_ticket_cache(); }