Beispiel #1
0
func testNegotiate(t *testing.T, clientCred *sspi.Credentials, SPN string) {
	if len(SPN) == 0 {
		t.Log("testing with blank SPN")
	} else {
		t.Logf("testing with SPN=%s", SPN)
	}

	serverCred, err := negotiate.AcquireServerCredentials()
	if err != nil {
		t.Fatal(err)
	}
	defer serverCred.Release()

	client, toServerToken, err := negotiate.NewClientContext(clientCred, SPN)
	if err != nil {
		t.Fatal(err)
	}
	defer client.Release()

	if len(toServerToken) == 0 {
		t.Fatal("token for server cannot be empty")
	}
	t.Logf("sent %d bytes to server", len(toServerToken))

	testContextExpiry(t, "clent security context", client)

	server, toClientToken, err := negotiate.NewServerContext(serverCred, toServerToken)
	if err != nil {
		t.Fatal(err)
	}
	defer server.Release()

	testContextExpiry(t, "server security context", server)

	var clientDone, serverDone bool
	for {
		if len(toClientToken) == 0 {
			break
		}
		t.Logf("sent %d bytes to client", len(toClientToken))
		clientDone, toServerToken, err = client.Update(toClientToken)
		if err != nil {
			t.Fatal(err)
		}
		if len(toServerToken) == 0 {
			break
		}
		t.Logf("sent %d bytes to server", len(toServerToken))
		serverDone, toClientToken, err = server.Update(toServerToken)
		if err != nil {
			t.Fatal(err)
		}
	}
	if !clientDone {
		t.Fatal("client authentication should be completed now")
	}
	if !serverDone {
		t.Fatal("server authentication should be completed now")
	}

	runtime.LockOSThread()
	defer runtime.UnlockOSThread()

	err = server.ImpersonateUser()
	if err != nil {
		t.Fatal(err)
	}
	defer server.RevertToSelf()

	_, err = user.Current()
	if err != nil {
		t.Fatal(err)
	}
}
Beispiel #2
0
func TestNegotiateFailure(t *testing.T) {
	clientCred, err := negotiate.AcquireCurrentUserCredentials()
	if err != nil {
		t.Fatal(err)
	}
	defer clientCred.Release()

	serverCred, err := negotiate.AcquireServerCredentials()
	if err != nil {
		t.Fatal(err)
	}
	defer serverCred.Release()

	client, toServerToken, err := negotiate.NewClientContext(clientCred, "HOST/UNKNOWN_HOST_NAME")
	if err != nil {
		t.Fatal(err)
	}
	defer client.Release()

	if len(toServerToken) == 0 {
		t.Fatal("token for server cannot be empty")
	}
	t.Logf("sent %d bytes to server", len(toServerToken))

	server, toClientToken, err := negotiate.NewServerContext(serverCred, toServerToken)
	if err != nil {
		t.Fatal(err)
	}
	defer server.Release()

	for {
		var clientDone, serverDone bool
		if len(toClientToken) == 0 {
			t.Fatal("token for client cannot be empty")
		}
		t.Logf("sent %d bytes to client", len(toClientToken))
		clientDone, toServerToken, err = client.Update(toClientToken)
		if err != nil {
			t.Fatal(err)
		}
		t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone)
		if clientDone {
			//			t.Fatal("client authentication cannot be completed")
		}
		if len(toServerToken) == 0 {
			t.Fatal("token for server cannot be empty")
		}
		t.Logf("sent %d bytes to server", len(toServerToken))
		serverDone, toClientToken, err = server.Update(toServerToken)
		if err != nil {
			if err == sspi.SEC_E_LOGON_DENIED {
				return
			}
			t.Fatalf("unexpected failure 0x%x: %v", uintptr(err.(syscall.Errno)), err)
		}
		t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone)
		if serverDone {
			t.Fatal("server authentication cannot be completed")
		}
	}
}