func TestNTLMHTTPClient(t *testing.T) { // TODO: combine client and server tests so we don't need external server if len(*testURL) == 0 { t.Skip("Skipping due to empty \"url\" parameter") } cred, err := negotiate.AcquireCurrentUserCredentials() if err != nil { t.Fatal(err) } defer cred.Release() secctx, clientToken1, err := negotiate.NewClientContext(cred, "") if err != nil { t.Fatal(err) } defer secctx.Release() client := newHTTPClient(*testURL) defer client.CloseIdleConnections() err = client.canDoNegotiate() if err != nil { t.Fatal(err) } serverToken1, err := client.startAuthorization(clientToken1) if err != nil { t.Fatal(err) } authCompleted, clientToken2, err := secctx.Update(serverToken1) if err != nil { t.Fatal(err) } if len(clientToken2) == 0 { t.Fatal("secctx.Update returns empty token for the peer, but our authentication is not done yet") } res, _, err := client.completeAuthorization(clientToken2) if err != nil { t.Fatal(err) } if authCompleted { return } serverToken2, err := findAuthHeader(res) if err != nil { t.Fatal(err) } authCompleted, lastToken, err := secctx.Update(serverToken2) if err != nil { t.Fatal(err) } if !authCompleted { t.Fatal("client authentication should be completed now") } if len(lastToken) > 0 { t.Fatalf("last token supposed to be empty, but %v returned", lastToken) } }
func TestKerberosHTTPClient(t *testing.T) { // TODO: combine client and server tests so we don't need external server if len(*testURL) == 0 { t.Skip("Skipping due to empty \"url\" parameter") } u, err := url.Parse(*testURL) if err != nil { t.Fatal(err) } targetName := "http/" + strings.ToUpper(u.Host) cred, err := negotiate.AcquireCurrentUserCredentials() if err != nil { t.Fatal(err) } defer cred.Release() secctx, token, err := negotiate.NewClientContext(cred, targetName) if err != nil { t.Fatal(err) } defer secctx.Release() client := newHTTPClient(*testURL) defer client.CloseIdleConnections() err = client.canDoNegotiate() if err != nil { t.Fatal(err) } res, _, err := client.completeAuthorization(token) if err != nil { t.Fatal(err) } serverToken, err := findAuthHeader(res) if err != nil { t.Fatal(err) } authCompleted, lastToken, err := secctx.Update(serverToken) if err != nil { t.Fatal(err) } if !authCompleted { t.Fatal("client authentication should be completed now") } if len(lastToken) > 0 { t.Fatalf("last token supposed to be empty, but %v returned", lastToken) } }
func TestNegotiate(t *testing.T) { cred, err := negotiate.AcquireCurrentUserCredentials() if err != nil { t.Fatal(err) } defer cred.Release() testNegotiate(t, cred, "") hostname, err := os.Hostname() if err != nil { t.Fatal(err) } testNegotiate(t, cred, "HOST/"+strings.ToUpper(hostname)) testNegotiate(t, cred, "HOST/127.0.0.1") }
func TestNegotiateFailure(t *testing.T) { clientCred, err := negotiate.AcquireCurrentUserCredentials() if err != nil { t.Fatal(err) } defer clientCred.Release() serverCred, err := negotiate.AcquireServerCredentials() if err != nil { t.Fatal(err) } defer serverCred.Release() client, toServerToken, err := negotiate.NewClientContext(clientCred, "HOST/UNKNOWN_HOST_NAME") if err != nil { t.Fatal(err) } defer client.Release() if len(toServerToken) == 0 { t.Fatal("token for server cannot be empty") } t.Logf("sent %d bytes to server", len(toServerToken)) server, toClientToken, err := negotiate.NewServerContext(serverCred, toServerToken) if err != nil { t.Fatal(err) } defer server.Release() for { var clientDone, serverDone bool if len(toClientToken) == 0 { t.Fatal("token for client cannot be empty") } t.Logf("sent %d bytes to client", len(toClientToken)) clientDone, toServerToken, err = client.Update(toClientToken) if err != nil { t.Fatal(err) } t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone) if clientDone { // t.Fatal("client authentication cannot be completed") } if len(toServerToken) == 0 { t.Fatal("token for server cannot be empty") } t.Logf("sent %d bytes to server", len(toServerToken)) serverDone, toClientToken, err = server.Update(toServerToken) if err != nil { if err == sspi.SEC_E_LOGON_DENIED { return } t.Fatalf("unexpected failure 0x%x: %v", uintptr(err.(syscall.Errno)), err) } t.Logf("clientDone=%v serverDone=%v", clientDone, serverDone) if serverDone { t.Fatal("server authentication cannot be completed") } } }