libwinpr-sspi: improve SSPI Schannel test
This commit is contained in:
parent
436a7dfc9f
commit
27084c4642
@ -24,7 +24,8 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <winpr\windows.h>
|
||||
#include <winpr/windows.h>
|
||||
|
||||
#define CINTERFACE
|
||||
#include <mmsystem.h>
|
||||
#include <dsound.h>
|
||||
@ -38,7 +39,7 @@
|
||||
* Here are some temp things that shall be moved
|
||||
*
|
||||
*/
|
||||
IDirectSoundCapture8 * cap;
|
||||
IDirectSoundCapture8* cap;
|
||||
IDirectSoundCaptureBuffer8* capBuf;
|
||||
DSCBUFFERDESC dscbd;
|
||||
DWORD capturePos;
|
||||
|
@ -32,6 +32,10 @@ add_complex_library(MODULE ${MODULE_NAME} TYPE "OBJECT"
|
||||
|
||||
set_target_properties(${MODULE_NAME} PROPERTIES VERSION ${WINPR_VERSION_FULL} SOVERSION ${WINPR_VERSION} PREFIX "lib")
|
||||
|
||||
if(WIN32)
|
||||
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} crypt32)
|
||||
endif()
|
||||
|
||||
if(MONOLITHIC_BUILD)
|
||||
|
||||
else()
|
||||
|
@ -81,7 +81,7 @@ endif()
|
||||
set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS
|
||||
MONOLITHIC ${MONOLITHIC_BUILD} INTERNAL
|
||||
MODULE winpr
|
||||
MODULES winpr-crt winpr-sysinfo winpr-registry winpr-utils)
|
||||
MODULES winpr-crt winpr-sysinfo winpr-registry winpr-crypto winpr-utils)
|
||||
|
||||
if(MONOLITHIC_BUILD)
|
||||
set(WINPR_LIBS ${WINPR_LIBS} ${${MODULE_PREFIX}_LIBS} PARENT_SCOPE)
|
||||
|
@ -18,13 +18,13 @@ create_test_sourcelist(${MODULE_PREFIX}_SRCS
|
||||
add_executable(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
|
||||
|
||||
if(WIN32)
|
||||
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} secur32)
|
||||
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} secur32 crypt32)
|
||||
endif()
|
||||
|
||||
set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS
|
||||
MONOLITHIC ${MONOLITHIC_BUILD}
|
||||
MODULE winpr
|
||||
MODULES winpr-sspi winpr-thread winpr-pipe winpr-file winpr-utils)
|
||||
MODULES winpr-sspi winpr-thread winpr-pipe winpr-file winpr-crypto winpr-utils)
|
||||
|
||||
target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})
|
||||
|
||||
|
@ -13,17 +13,26 @@ HANDLE g_ClientWritePipe = NULL;
|
||||
HANDLE g_ServerReadPipe = NULL;
|
||||
HANDLE g_ServerWritePipe = NULL;
|
||||
|
||||
#ifndef _WIN32
|
||||
#define SCHANNEL_PKG_NAME SCHANNEL_NAME
|
||||
#else
|
||||
#define SCHANNEL_PKG_NAME UNISP_NAME
|
||||
#endif
|
||||
|
||||
static void* schannel_test_server_thread(void* arg)
|
||||
{
|
||||
BYTE* lpTokenIn;
|
||||
BYTE* lpTokenOut;
|
||||
TimeStamp expiry;
|
||||
UINT32 cbMaxToken;
|
||||
UINT32 fContextReq;
|
||||
ULONG fContextAttr;
|
||||
SCHANNEL_CRED cred;
|
||||
CtxtHandle context;
|
||||
CredHandle credentials;
|
||||
//PSecBuffer pSecBuffer;
|
||||
HCERTSTORE hCertStore;
|
||||
PCCERT_CONTEXT pCertContext;
|
||||
PSecBuffer pSecBuffer;
|
||||
SecBuffer SecBuffer_in[2];
|
||||
SecBuffer SecBuffer_out[2];
|
||||
SecBufferDesc SecBufferDesc_in;
|
||||
@ -32,6 +41,7 @@ static void* schannel_test_server_thread(void* arg)
|
||||
SECURITY_STATUS status;
|
||||
PSecPkgInfo pPackageInfo;
|
||||
PSecurityFunctionTable table;
|
||||
DWORD NumberOfBytesWritten;
|
||||
|
||||
printf("Starting Server\n");
|
||||
|
||||
@ -40,7 +50,7 @@ static void* schannel_test_server_thread(void* arg)
|
||||
|
||||
table = InitSecurityInterface();
|
||||
|
||||
status = QuerySecurityPackageInfo(SCHANNEL_NAME, &pPackageInfo);
|
||||
status = QuerySecurityPackageInfo(SCHANNEL_PKG_NAME, &pPackageInfo);
|
||||
|
||||
if (status != SEC_E_OK)
|
||||
{
|
||||
@ -50,12 +60,36 @@ static void* schannel_test_server_thread(void* arg)
|
||||
|
||||
cbMaxToken = pPackageInfo->cbMaxToken;
|
||||
|
||||
hCertStore = CertOpenSystemStore(0, _T("MY"));
|
||||
|
||||
if (!hCertStore)
|
||||
{
|
||||
printf("Error opening system store\n");
|
||||
//return NULL;
|
||||
}
|
||||
|
||||
pCertContext = CertFindCertificateInStore(hCertStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL);
|
||||
|
||||
if (!pCertContext)
|
||||
{
|
||||
printf("Error finding certificate in store\n");
|
||||
//return NULL;
|
||||
}
|
||||
|
||||
ZeroMemory(&cred, sizeof(SCHANNEL_CRED));
|
||||
cred.dwVersion = SCHANNEL_CRED_VERSION;
|
||||
|
||||
cred.cCreds = 1;
|
||||
cred.paCred = &pCertContext;
|
||||
|
||||
cred.cSupportedAlgs = 0;
|
||||
cred.palgSupportedAlgs = NULL;
|
||||
|
||||
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_NAME,
|
||||
cred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
|
||||
|
||||
cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER;
|
||||
|
||||
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_PKG_NAME,
|
||||
SECPKG_CRED_INBOUND, NULL, &cred, NULL, NULL, &credentials, NULL);
|
||||
|
||||
if (status != SEC_E_OK)
|
||||
@ -76,34 +110,28 @@ static void* schannel_test_server_thread(void* arg)
|
||||
printf("Server Received:\n");
|
||||
winpr_HexDump(lpTokenIn, NumberOfBytesRead);
|
||||
|
||||
fContextReq = ASC_REQ_STREAM;
|
||||
fContextReq = ASC_REQ_STREAM |
|
||||
ASC_REQ_SEQUENCE_DETECT | ASC_REQ_REPLAY_DETECT |
|
||||
ASC_REQ_CONFIDENTIALITY | ASC_REQ_EXTENDED_ERROR;
|
||||
|
||||
SecBuffer_in[0].BufferType = SECBUFFER_TOKEN;
|
||||
SecBuffer_in[0].pvBuffer = lpTokenIn;
|
||||
SecBuffer_in[0].cbBuffer = NumberOfBytesRead;
|
||||
|
||||
SecBuffer_in[1].BufferType = SECBUFFER_EMPTY;
|
||||
SecBuffer_in[1].pvBuffer = NULL;
|
||||
SecBuffer_in[1].cbBuffer = 0;
|
||||
|
||||
SecBufferDesc_in.ulVersion = SECBUFFER_VERSION;
|
||||
SecBufferDesc_in.cBuffers = 2;
|
||||
SecBufferDesc_in.cBuffers = 1;
|
||||
SecBufferDesc_in.pBuffers = SecBuffer_in;
|
||||
|
||||
SecBuffer_out[0].BufferType = SECBUFFER_TOKEN;
|
||||
SecBuffer_out[0].pvBuffer = lpTokenOut;
|
||||
SecBuffer_out[0].cbBuffer = NumberOfBytesRead;
|
||||
|
||||
SecBuffer_out[1].BufferType = SECBUFFER_EMPTY;
|
||||
SecBuffer_out[1].pvBuffer = NULL;
|
||||
SecBuffer_out[1].cbBuffer = 0;
|
||||
SecBuffer_out[0].cbBuffer = cbMaxToken;
|
||||
|
||||
SecBufferDesc_out.ulVersion = SECBUFFER_VERSION;
|
||||
SecBufferDesc_out.cBuffers = 2;
|
||||
SecBufferDesc_out.cBuffers = 1;
|
||||
SecBufferDesc_out.pBuffers = SecBuffer_out;
|
||||
|
||||
status = table->AcceptSecurityContext(&credentials, SecIsValidHandle(&context) ? &context : NULL,
|
||||
&SecBufferDesc_in, fContextReq, 0, &context, &SecBufferDesc_out, &fContextAttr, NULL);
|
||||
&SecBufferDesc_in, fContextReq, SECURITY_NATIVE_DREP, &context, &SecBufferDesc_out, &fContextAttr, &expiry);
|
||||
|
||||
if (status != SEC_I_CONTINUE_NEEDED)
|
||||
{
|
||||
@ -111,6 +139,17 @@ static void* schannel_test_server_thread(void* arg)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
printf("SecBufferDesc_out.cBuffers: %d\n", SecBufferDesc_out.cBuffers);
|
||||
|
||||
pSecBuffer = &SecBufferDesc_out.pBuffers[0];
|
||||
winpr_HexDump((BYTE*) pSecBuffer->pvBuffer, pSecBuffer->cbBuffer);
|
||||
|
||||
if (!WriteFile(g_ClientWritePipe, pSecBuffer->pvBuffer, pSecBuffer->cbBuffer, &NumberOfBytesWritten, NULL))
|
||||
{
|
||||
printf("failed to write to client pipe\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -121,6 +160,7 @@ int TestSchannel(int argc, char* argv[])
|
||||
HANDLE thread;
|
||||
BYTE* lpTokenIn;
|
||||
BYTE* lpTokenOut;
|
||||
TimeStamp expiry;
|
||||
UINT32 cbMaxToken;
|
||||
SCHANNEL_CRED cred;
|
||||
UINT32 fContextReq;
|
||||
@ -135,6 +175,7 @@ int TestSchannel(int argc, char* argv[])
|
||||
SecBufferDesc SecBufferDesc_in;
|
||||
SecBufferDesc SecBufferDesc_out;
|
||||
PSecurityFunctionTable table;
|
||||
DWORD NumberOfBytesRead;
|
||||
DWORD NumberOfBytesWritten;
|
||||
SecPkgCred_SupportedAlgs SupportedAlgs;
|
||||
SecPkgCred_CipherStrengths CipherStrengths;
|
||||
@ -161,7 +202,7 @@ int TestSchannel(int argc, char* argv[])
|
||||
|
||||
table = InitSecurityInterface();
|
||||
|
||||
status = QuerySecurityPackageInfo(SCHANNEL_NAME, &pPackageInfo);
|
||||
status = QuerySecurityPackageInfo(SCHANNEL_PKG_NAME, &pPackageInfo);
|
||||
|
||||
if (status != SEC_E_OK)
|
||||
{
|
||||
@ -173,10 +214,20 @@ int TestSchannel(int argc, char* argv[])
|
||||
|
||||
ZeroMemory(&cred, sizeof(SCHANNEL_CRED));
|
||||
cred.dwVersion = SCHANNEL_CRED_VERSION;
|
||||
|
||||
cred.cCreds = 0;
|
||||
cred.paCred = NULL;
|
||||
|
||||
cred.cSupportedAlgs = 0;
|
||||
cred.palgSupportedAlgs = NULL;
|
||||
|
||||
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_NAME,
|
||||
cred.grbitEnabledProtocols = SP_PROT_SSL3TLS1_CLIENTS;
|
||||
|
||||
cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS;
|
||||
cred.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION;
|
||||
cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
|
||||
|
||||
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_PKG_NAME,
|
||||
SECPKG_CRED_OUTBOUND, NULL, &cred, NULL, NULL, &credentials, NULL);
|
||||
|
||||
if (status != SEC_E_OK)
|
||||
@ -237,7 +288,10 @@ int TestSchannel(int argc, char* argv[])
|
||||
|
||||
printf("SupportedProtocols: 0x%04X\n", SupportedProtocols.grbitProtocol);
|
||||
|
||||
fContextReq = ISC_REQ_STREAM;
|
||||
fContextReq = ISC_REQ_STREAM |
|
||||
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
|
||||
ISC_REQ_CONFIDENTIALITY | ISC_RET_EXTENDED_ERROR |
|
||||
ISC_REQ_MANUAL_CRED_VALIDATION | ISC_REQ_INTEGRITY;
|
||||
|
||||
lpTokenIn = (BYTE*) malloc(cbMaxToken);
|
||||
lpTokenOut = (BYTE*) malloc(cbMaxToken);
|
||||
@ -251,10 +305,8 @@ int TestSchannel(int argc, char* argv[])
|
||||
SecBuffer_in[0].pvBuffer = lpTokenIn;
|
||||
SecBuffer_in[0].cbBuffer = cbMaxToken;
|
||||
|
||||
SecBuffer_in[1].BufferType = SECBUFFER_EMPTY;
|
||||
|
||||
SecBufferDesc_in.ulVersion = SECBUFFER_VERSION;
|
||||
SecBufferDesc_in.cBuffers = 2;
|
||||
SecBufferDesc_in.cBuffers = 1;
|
||||
SecBufferDesc_in.pBuffers = SecBuffer_in;
|
||||
|
||||
SecBuffer_out[0].BufferType = SECBUFFER_TOKEN;
|
||||
@ -266,7 +318,7 @@ int TestSchannel(int argc, char* argv[])
|
||||
SecBufferDesc_out.pBuffers = SecBuffer_out;
|
||||
|
||||
status = table->InitializeSecurityContext(&credentials, SecIsValidHandle(&context) ? &context : NULL, _T("localhost"),
|
||||
fContextReq, 0, 0, NULL, 0, &context, &SecBufferDesc_out, &fContextAttr, NULL);
|
||||
fContextReq, SECURITY_NATIVE_DREP, 0, NULL, 0, &context, &SecBufferDesc_out, &fContextAttr, &expiry);
|
||||
|
||||
if (status != SEC_I_CONTINUE_NEEDED)
|
||||
{
|
||||
@ -279,19 +331,6 @@ int TestSchannel(int argc, char* argv[])
|
||||
pSecBuffer = &SecBufferDesc_out.pBuffers[0];
|
||||
winpr_HexDump((BYTE*) pSecBuffer->pvBuffer, pSecBuffer->cbBuffer);
|
||||
|
||||
/**
|
||||
* 0000 16 03 03 00 96 01 00 00 92 03 03 50 d7 7e 56 dd ...........P.~V.
|
||||
* 0010 c9 01 59 01 49 d3 2f 99 ef da 77 01 a0 97 06 e7 ..Y.I./...w.....
|
||||
* 0020 a4 fe 2d 71 46 55 fc 42 dd 2e 58 00 00 2a 00 3c ..-qFU.B..X..*.<
|
||||
* 0030 00 2f 00 3d 00 35 00 05 00 0a c0 27 c0 13 c0 14 ./.=.5.....'....
|
||||
* 0040 c0 2b c0 23 c0 2c c0 24 c0 09 c0 0a 00 40 00 32 .+.#.,.$.....@.2
|
||||
* 0050 00 6a 00 38 00 13 00 04 01 00 00 3f ff 01 00 01 .j.8.......?....
|
||||
* 0060 00 00 00 00 0e 00 0c 00 00 09 6c 6f 63 61 6c 68 ..........localh
|
||||
* 0070 6f 73 74 00 0a 00 06 00 04 00 17 00 18 00 0b 00 ost.............
|
||||
* 0080 02 01 00 00 0d 00 10 00 0e 04 01 05 01 02 01 04 ................
|
||||
* 0090 03 05 03 02 03 02 02 00 23 00 00 ........#..
|
||||
*/
|
||||
|
||||
if (!WriteFile(g_ServerWritePipe, pSecBuffer->pvBuffer, pSecBuffer->cbBuffer, &NumberOfBytesWritten, NULL))
|
||||
{
|
||||
printf("failed to write to server pipe\n");
|
||||
@ -300,6 +339,12 @@ int TestSchannel(int argc, char* argv[])
|
||||
|
||||
printf("Client wrote %d bytes\n", NumberOfBytesWritten);
|
||||
|
||||
if (!ReadFile(g_ClientReadPipe, lpTokenIn, cbMaxToken, &NumberOfBytesRead, NULL))
|
||||
{
|
||||
printf("failed to read from server pipe\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
WaitForSingleObject(thread, INFINITE);
|
||||
|
||||
sspi_GlobalFinish();
|
||||
|
Loading…
x
Reference in New Issue
Block a user