libwinpr-sspi: improve SSPI Schannel test

This commit is contained in:
Marc-André Moreau 2013-01-03 11:13:13 -05:00
parent 436a7dfc9f
commit 27084c4642
5 changed files with 91 additions and 41 deletions

View File

@ -24,7 +24,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <winpr\windows.h>
#include <winpr/windows.h>
#define CINTERFACE
#include <mmsystem.h>
#include <dsound.h>
@ -38,7 +39,7 @@
* Here are some temp things that shall be moved
*
*/
IDirectSoundCapture8 * cap;
IDirectSoundCapture8* cap;
IDirectSoundCaptureBuffer8* capBuf;
DSCBUFFERDESC dscbd;
DWORD capturePos;

View File

@ -32,6 +32,10 @@ add_complex_library(MODULE ${MODULE_NAME} TYPE "OBJECT"
set_target_properties(${MODULE_NAME} PROPERTIES VERSION ${WINPR_VERSION_FULL} SOVERSION ${WINPR_VERSION} PREFIX "lib")
if(WIN32)
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} crypt32)
endif()
if(MONOLITHIC_BUILD)
else()

View File

@ -81,7 +81,7 @@ endif()
set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS
MONOLITHIC ${MONOLITHIC_BUILD} INTERNAL
MODULE winpr
MODULES winpr-crt winpr-sysinfo winpr-registry winpr-utils)
MODULES winpr-crt winpr-sysinfo winpr-registry winpr-crypto winpr-utils)
if(MONOLITHIC_BUILD)
set(WINPR_LIBS ${WINPR_LIBS} ${${MODULE_PREFIX}_LIBS} PARENT_SCOPE)

View File

@ -18,13 +18,13 @@ create_test_sourcelist(${MODULE_PREFIX}_SRCS
add_executable(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
if(WIN32)
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} secur32)
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} secur32 crypt32)
endif()
set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS
MONOLITHIC ${MONOLITHIC_BUILD}
MODULE winpr
MODULES winpr-sspi winpr-thread winpr-pipe winpr-file winpr-utils)
MODULES winpr-sspi winpr-thread winpr-pipe winpr-file winpr-crypto winpr-utils)
target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})

View File

@ -13,17 +13,26 @@ HANDLE g_ClientWritePipe = NULL;
HANDLE g_ServerReadPipe = NULL;
HANDLE g_ServerWritePipe = NULL;
#ifndef _WIN32
#define SCHANNEL_PKG_NAME SCHANNEL_NAME
#else
#define SCHANNEL_PKG_NAME UNISP_NAME
#endif
static void* schannel_test_server_thread(void* arg)
{
BYTE* lpTokenIn;
BYTE* lpTokenOut;
TimeStamp expiry;
UINT32 cbMaxToken;
UINT32 fContextReq;
ULONG fContextAttr;
SCHANNEL_CRED cred;
CtxtHandle context;
CredHandle credentials;
//PSecBuffer pSecBuffer;
HCERTSTORE hCertStore;
PCCERT_CONTEXT pCertContext;
PSecBuffer pSecBuffer;
SecBuffer SecBuffer_in[2];
SecBuffer SecBuffer_out[2];
SecBufferDesc SecBufferDesc_in;
@ -32,6 +41,7 @@ static void* schannel_test_server_thread(void* arg)
SECURITY_STATUS status;
PSecPkgInfo pPackageInfo;
PSecurityFunctionTable table;
DWORD NumberOfBytesWritten;
printf("Starting Server\n");
@ -40,7 +50,7 @@ static void* schannel_test_server_thread(void* arg)
table = InitSecurityInterface();
status = QuerySecurityPackageInfo(SCHANNEL_NAME, &pPackageInfo);
status = QuerySecurityPackageInfo(SCHANNEL_PKG_NAME, &pPackageInfo);
if (status != SEC_E_OK)
{
@ -50,12 +60,36 @@ static void* schannel_test_server_thread(void* arg)
cbMaxToken = pPackageInfo->cbMaxToken;
hCertStore = CertOpenSystemStore(0, _T("MY"));
if (!hCertStore)
{
printf("Error opening system store\n");
//return NULL;
}
pCertContext = CertFindCertificateInStore(hCertStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL);
if (!pCertContext)
{
printf("Error finding certificate in store\n");
//return NULL;
}
ZeroMemory(&cred, sizeof(SCHANNEL_CRED));
cred.dwVersion = SCHANNEL_CRED_VERSION;
cred.cCreds = 1;
cred.paCred = &pCertContext;
cred.cSupportedAlgs = 0;
cred.palgSupportedAlgs = NULL;
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_NAME,
cred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER;
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_PKG_NAME,
SECPKG_CRED_INBOUND, NULL, &cred, NULL, NULL, &credentials, NULL);
if (status != SEC_E_OK)
@ -76,34 +110,28 @@ static void* schannel_test_server_thread(void* arg)
printf("Server Received:\n");
winpr_HexDump(lpTokenIn, NumberOfBytesRead);
fContextReq = ASC_REQ_STREAM;
fContextReq = ASC_REQ_STREAM |
ASC_REQ_SEQUENCE_DETECT | ASC_REQ_REPLAY_DETECT |
ASC_REQ_CONFIDENTIALITY | ASC_REQ_EXTENDED_ERROR;
SecBuffer_in[0].BufferType = SECBUFFER_TOKEN;
SecBuffer_in[0].pvBuffer = lpTokenIn;
SecBuffer_in[0].cbBuffer = NumberOfBytesRead;
SecBuffer_in[1].BufferType = SECBUFFER_EMPTY;
SecBuffer_in[1].pvBuffer = NULL;
SecBuffer_in[1].cbBuffer = 0;
SecBufferDesc_in.ulVersion = SECBUFFER_VERSION;
SecBufferDesc_in.cBuffers = 2;
SecBufferDesc_in.cBuffers = 1;
SecBufferDesc_in.pBuffers = SecBuffer_in;
SecBuffer_out[0].BufferType = SECBUFFER_TOKEN;
SecBuffer_out[0].pvBuffer = lpTokenOut;
SecBuffer_out[0].cbBuffer = NumberOfBytesRead;
SecBuffer_out[1].BufferType = SECBUFFER_EMPTY;
SecBuffer_out[1].pvBuffer = NULL;
SecBuffer_out[1].cbBuffer = 0;
SecBuffer_out[0].cbBuffer = cbMaxToken;
SecBufferDesc_out.ulVersion = SECBUFFER_VERSION;
SecBufferDesc_out.cBuffers = 2;
SecBufferDesc_out.cBuffers = 1;
SecBufferDesc_out.pBuffers = SecBuffer_out;
status = table->AcceptSecurityContext(&credentials, SecIsValidHandle(&context) ? &context : NULL,
&SecBufferDesc_in, fContextReq, 0, &context, &SecBufferDesc_out, &fContextAttr, NULL);
&SecBufferDesc_in, fContextReq, SECURITY_NATIVE_DREP, &context, &SecBufferDesc_out, &fContextAttr, &expiry);
if (status != SEC_I_CONTINUE_NEEDED)
{
@ -111,6 +139,17 @@ static void* schannel_test_server_thread(void* arg)
return NULL;
}
printf("SecBufferDesc_out.cBuffers: %d\n", SecBufferDesc_out.cBuffers);
pSecBuffer = &SecBufferDesc_out.pBuffers[0];
winpr_HexDump((BYTE*) pSecBuffer->pvBuffer, pSecBuffer->cbBuffer);
if (!WriteFile(g_ClientWritePipe, pSecBuffer->pvBuffer, pSecBuffer->cbBuffer, &NumberOfBytesWritten, NULL))
{
printf("failed to write to client pipe\n");
return NULL;
}
return NULL;
}
@ -121,6 +160,7 @@ int TestSchannel(int argc, char* argv[])
HANDLE thread;
BYTE* lpTokenIn;
BYTE* lpTokenOut;
TimeStamp expiry;
UINT32 cbMaxToken;
SCHANNEL_CRED cred;
UINT32 fContextReq;
@ -135,6 +175,7 @@ int TestSchannel(int argc, char* argv[])
SecBufferDesc SecBufferDesc_in;
SecBufferDesc SecBufferDesc_out;
PSecurityFunctionTable table;
DWORD NumberOfBytesRead;
DWORD NumberOfBytesWritten;
SecPkgCred_SupportedAlgs SupportedAlgs;
SecPkgCred_CipherStrengths CipherStrengths;
@ -161,7 +202,7 @@ int TestSchannel(int argc, char* argv[])
table = InitSecurityInterface();
status = QuerySecurityPackageInfo(SCHANNEL_NAME, &pPackageInfo);
status = QuerySecurityPackageInfo(SCHANNEL_PKG_NAME, &pPackageInfo);
if (status != SEC_E_OK)
{
@ -173,10 +214,20 @@ int TestSchannel(int argc, char* argv[])
ZeroMemory(&cred, sizeof(SCHANNEL_CRED));
cred.dwVersion = SCHANNEL_CRED_VERSION;
cred.cCreds = 0;
cred.paCred = NULL;
cred.cSupportedAlgs = 0;
cred.palgSupportedAlgs = NULL;
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_NAME,
cred.grbitEnabledProtocols = SP_PROT_SSL3TLS1_CLIENTS;
cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS;
cred.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION;
cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
status = table->AcquireCredentialsHandle(NULL, SCHANNEL_PKG_NAME,
SECPKG_CRED_OUTBOUND, NULL, &cred, NULL, NULL, &credentials, NULL);
if (status != SEC_E_OK)
@ -237,7 +288,10 @@ int TestSchannel(int argc, char* argv[])
printf("SupportedProtocols: 0x%04X\n", SupportedProtocols.grbitProtocol);
fContextReq = ISC_REQ_STREAM;
fContextReq = ISC_REQ_STREAM |
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_RET_EXTENDED_ERROR |
ISC_REQ_MANUAL_CRED_VALIDATION | ISC_REQ_INTEGRITY;
lpTokenIn = (BYTE*) malloc(cbMaxToken);
lpTokenOut = (BYTE*) malloc(cbMaxToken);
@ -251,10 +305,8 @@ int TestSchannel(int argc, char* argv[])
SecBuffer_in[0].pvBuffer = lpTokenIn;
SecBuffer_in[0].cbBuffer = cbMaxToken;
SecBuffer_in[1].BufferType = SECBUFFER_EMPTY;
SecBufferDesc_in.ulVersion = SECBUFFER_VERSION;
SecBufferDesc_in.cBuffers = 2;
SecBufferDesc_in.cBuffers = 1;
SecBufferDesc_in.pBuffers = SecBuffer_in;
SecBuffer_out[0].BufferType = SECBUFFER_TOKEN;
@ -266,7 +318,7 @@ int TestSchannel(int argc, char* argv[])
SecBufferDesc_out.pBuffers = SecBuffer_out;
status = table->InitializeSecurityContext(&credentials, SecIsValidHandle(&context) ? &context : NULL, _T("localhost"),
fContextReq, 0, 0, NULL, 0, &context, &SecBufferDesc_out, &fContextAttr, NULL);
fContextReq, SECURITY_NATIVE_DREP, 0, NULL, 0, &context, &SecBufferDesc_out, &fContextAttr, &expiry);
if (status != SEC_I_CONTINUE_NEEDED)
{
@ -279,19 +331,6 @@ int TestSchannel(int argc, char* argv[])
pSecBuffer = &SecBufferDesc_out.pBuffers[0];
winpr_HexDump((BYTE*) pSecBuffer->pvBuffer, pSecBuffer->cbBuffer);
/**
* 0000 16 03 03 00 96 01 00 00 92 03 03 50 d7 7e 56 dd ...........P.~V.
* 0010 c9 01 59 01 49 d3 2f 99 ef da 77 01 a0 97 06 e7 ..Y.I./...w.....
* 0020 a4 fe 2d 71 46 55 fc 42 dd 2e 58 00 00 2a 00 3c ..-qFU.B..X..*.<
* 0030 00 2f 00 3d 00 35 00 05 00 0a c0 27 c0 13 c0 14 ./.=.5.....'....
* 0040 c0 2b c0 23 c0 2c c0 24 c0 09 c0 0a 00 40 00 32 .+.#.,.$.....@.2
* 0050 00 6a 00 38 00 13 00 04 01 00 00 3f ff 01 00 01 .j.8.......?....
* 0060 00 00 00 00 0e 00 0c 00 00 09 6c 6f 63 61 6c 68 ..........localh
* 0070 6f 73 74 00 0a 00 06 00 04 00 17 00 18 00 0b 00 ost.............
* 0080 02 01 00 00 0d 00 10 00 0e 04 01 05 01 02 01 04 ................
* 0090 03 05 03 02 03 02 02 00 23 00 00 ........#..
*/
if (!WriteFile(g_ServerWritePipe, pSecBuffer->pvBuffer, pSecBuffer->cbBuffer, &NumberOfBytesWritten, NULL))
{
printf("failed to write to server pipe\n");
@ -300,6 +339,12 @@ int TestSchannel(int argc, char* argv[])
printf("Client wrote %d bytes\n", NumberOfBytesWritten);
if (!ReadFile(g_ClientReadPipe, lpTokenIn, cbMaxToken, &NumberOfBytesRead, NULL))
{
printf("failed to read from server pipe\n");
return -1;
}
WaitForSingleObject(thread, INFINITE);
sspi_GlobalFinish();