func testNegotiate(t *testing.T, clientCred *sspi.Credentials, SPN string) {
if len(SPN) == 0 {
t.Log("testing with blank SPN")
} else {
t.Logf("testing with SPN=%s", SPN)
}
serverCred, err := negotiate.AcquireServerCredentials()
if err != nil {
t.Fatal(err)
}
defer serverCred.Release()
client, toServerToken, err := negotiate.NewClientContext(clientCred, SPN)
if err != nil {
t.Fatal(err)
}
defer client.Release()
if len(toServerToken) == 0 {
t.Fatal("token for server cannot be empty")
}
t.Logf("sent %d bytes to server", len(toServerToken))
testContextExpiry(t, "clent security context", client)
server, toClientToken, err := negotiate.NewServerContext(serverCred, toServerToken)
if err != nil {
t.Fatal(err)
}
defer server.Release()
testContextExpiry(t, "server security context", server)
var clientDone, serverDone bool
for {
if len(toClientToken) == 0 {
break
}
t.Logf("sent %d bytes to client", len(toClientToken))
clientDone, toServerToken, err = client.Update(toClientToken)
if err != nil {
t.Fatal(err)
}
if len(toServerToken) == 0 {
break
}
t.Logf("sent %d bytes to server", len(toServerToken))
serverDone, toClientToken, err = server.Update(toServerToken)
if err != nil {
t.Fatal(err)
}
}
if !clientDone {
t.Fatal("client authentication should be completed now")
}
if !serverDone {
t.Fatal("server authentication should be completed now")
}
runtime.LockOSThread()
defer runtime.UnlockOSThread()
err = server.ImpersonateUser()
if err != nil {
t.Fatal(err)
}
defer server.RevertToSelf()
_, err = user.Current()
if err != nil {
t.Fatal(err)
}
}
func TestNegotiateFailure(t *testing.T) {
clientCred, err := negotiate.AcquireCurrentUserCredentials()
if err != nil {
t.Fatal(err)
}
defer clientCred.Release()
serverCred, err := negotiate.AcquireServerCredentials()
if err != nil {
t.Fatal(err)
}
defer serverCred.Release()
client, toServerToken, err := negotiate.NewClientContext(clientCred, "HOST/UNKNOWN_HOST_NAME")
if err != nil {
t.Fatal(err)
}
defer client.Release()
if len(toServerToken) == 0 {
t.Fatal("token for server cannot be empty")
}
t.Logf("sent %d bytes to server", len(toServerToken))
server, toClientToken, err := negotiate.NewServerContext(serverCred, toServerToken)
if err != nil {
t.Fatal(err)
}
defer server.Release()
for {
var clientDone, serverDone bool
if len(toClientToken) == 0 {
t.Fatal("token for client cannot be empty")
}
t.Logf("sent %d bytes to client", len(toClientToken))
clientDone, toServerToken, err = client.Update(toClientToken)
if err != nil {
t.Fatal(err)
}
t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone)
if clientDone {
// t.Fatal("client authentication cannot be completed")
}
if len(toServerToken) == 0 {
t.Fatal("token for server cannot be empty")
}
t.Logf("sent %d bytes to server", len(toServerToken))
serverDone, toClientToken, err = server.Update(toServerToken)
if err != nil {
if err == sspi.SEC_E_LOGON_DENIED {
return
}
t.Fatalf("unexpected failure 0x%x: %v", uintptr(err.(syscall.Errno)), err)
}
t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone)
if serverDone {
t.Fatal("server authentication cannot be completed")
}
}
}