[PATCH] Some tests for lsa
Bruno Jesus
00cpxxx at gmail.com
Mon Feb 6 04:43:07 CST 2017
On Sun, Feb 5, 2017 at 5:57 PM, Julius Schwartzenberg
<julius.schwartzenberg at gmail.com> wrote:
> ---
> dlls/secur32/tests/Makefile.in | 1 +
> dlls/secur32/tests/lsa.c | 215 +++++++++++++++++++++++++++++++++++++++++
> include/ntsecapi.h | 38 ++++++++
> 3 files changed, 254 insertions(+)
> create mode 100644 dlls/secur32/tests/lsa.c
Hi, thanks for the patch. Unfortunately as is it cannot be used.
Somethings are stated below but mostly you have to check the compiler
warnings and guarantee there is none. Also, although very minor, git
apply complains about 7 lines adding trailing whitespaces.
> diff --git a/dlls/secur32/tests/Makefile.in b/dlls/secur32/tests/Makefile.in
> index 089d1c3..d9f140a 100644
> --- a/dlls/secur32/tests/Makefile.in
> +++ b/dlls/secur32/tests/Makefile.in
> @@ -2,6 +2,7 @@ TESTDLL = secur32.dll
> IMPORTS = secur32 crypt32 advapi32 ws2_32
>
> C_SRCS = \
> + lsa.c \
> main.c \
> negotiate.c \
> ntlm.c \
> diff --git a/dlls/secur32/tests/lsa.c b/dlls/secur32/tests/lsa.c
> new file mode 100644
> index 0000000..6fa1564
> --- /dev/null
> +++ b/dlls/secur32/tests/lsa.c
> @@ -0,0 +1,215 @@
> +/*
> + * Lsa tests
The copyright line is missing, example:
Copyright 2017 Julius Schwartzenberg
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
> + */
> +
> +#include <stdio.h>
> +#include <windows.h>
> +#include <ntsecapi.h>
> +#define SECURITY_WIN32
> +#include <ntstatus.h>
> +#include <winternl.h>
Compiling the patch generates dozens of warnings due to duplicated
definitions, please review the headers in use.
> +#include "wine/test.h"
> +
> +static HMODULE secdll;
This variable is basically not used anywhere, you don't load the DLL
so there is no need to free it.
> +char *package_name_kerberos = MICROSOFT_KERBEROS_NAME_A;
Is this really necessary? Can't you use the define directly?
> +static void test_LsaConnectUntrusted_null_handle(void)
> +{
> + NTSTATUS status;
> +
> + status = LsaConnectUntrusted(NULL);
> +
> + todo_wine {
> + ok(status == STATUS_ACCESS_VIOLATION || status == RPC_NT_NULL_REF_POINTER,
> + "LsaConnectUntrusted(NULL) returned 0x%x\n", status);
> + }
> +}
> +
> +static void test_LsaConnectUntrsuted_correct_handle(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> +
> + status = LsaConnectUntrusted(&lsa_handle);
> +
> + ok(status == STATUS_SUCCESS, "LsaConnectUntrusted(valid_handle) returned 0x%x\n", status);
> +}
You are leaking the handle, according to MSDN you need to call
LsaDeregisterLogonProcess to close it. This applies to every function
that calls this function.
> +static void test_LsaLookupAuthenticationPackage_null_handle(void)
> +{
> + NTSTATUS status;
> + LSA_STRING package_name;
> + ULONG auth_package;
> + package_name.Buffer = package_name_kerberos;
> + package_name.Length = (USHORT)strlen(package_name.Buffer);
If you use the #define you can use sizeof(MICROSOFT_KERBEROS_NAME_A) -
1 instead of strlen since the buffer is constant.
> + status = LsaLookupAuthenticationPackage(NULL, &package_name, &auth_package);
> +
> + todo_wine {
> + ok(status == STATUS_INVALID_HANDLE || status == STATUS_INVALID_CONNECTION,
> + "LsaLookupAuthenticationPackage(NULL, \"Kerberos\", ...) returned 0x%x\n", status);
> + }
No need for a block in the todo_wine since it is only one ok call.
> +}
> +
> +static void test_LsaLookupAuthenticationPackage_correct_handle(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> + LSA_STRING package_name;
> + ULONG auth_package;
> + package_name.Buffer = package_name_kerberos;
> + package_name.Length = (USHORT)strlen(package_name.Buffer);
> +
> + LsaConnectUntrusted(&lsa_handle);
> + status = LsaLookupAuthenticationPackage(lsa_handle, &package_name, &auth_package);
> +
> + ok(status == STATUS_SUCCESS,
> + "LsaLookupAuthenticationPackage(valid_handle, \"Kerberos\", ...) returned 0x%x\n", status);
Is it possible to test that auth_package somehow?
> +}
> +
> +static void test_LsaLookupAuthenticationPackage_correct_handle_wrong_name(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> + LSA_STRING package_name;
> + ULONG auth_package;
> + package_name.Buffer = "this is probably not a valid authentication package name";
> + package_name.Length = (USHORT)strlen(package_name.Buffer);
> +
> + LsaConnectUntrusted(&lsa_handle);
> + status = LsaLookupAuthenticationPackage(lsa_handle, &package_name, &auth_package);
> +
> + todo_wine {
> + ok(status == STATUS_NO_SUCH_PACKAGE,
> + "LsaLookupAuthenticationPackage(valid_handle, invalid, ...) returned 0x%x\n", status);
> + }
> +}
> +
> +static void test_LsaCallAuthenticationPackage_invalid_handle(void)
> +{
> + NTSTATUS status;
> + ULONG submit_buffer_length = 0;
> +
> + VOID *protocol_return_buffer;
> + ULONG *return_buffer_length;
> + PNTSTATUS protocol_status;
> +
> + status = LsaCallAuthenticationPackage(
> + NULL, 0xdeadbeef, NULL, submit_buffer_length,
> + protocol_return_buffer, return_buffer_length, protocol_status
> + );
> +
> + todo_wine {
> + ok(status == STATUS_INVALID_HANDLE || status == STATUS_INVALID_CONNECTION,
> + "LsaCallAuthenticationPackage(NULL, ...) returned 0x%x\n", status);
> + }
> +}
> +
> +static void test_LsaCallAuthenticationPackage_invalid_package(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> + ULONG submit_buffer_length = 0;
> +
> + VOID *protocol_return_buffer;
> + ULONG *return_buffer_length;
> + PNTSTATUS protocol_status;
> +
> + LsaConnectUntrusted(&lsa_handle);
> + status = LsaCallAuthenticationPackage(
> + lsa_handle, 0xdeadbeef, NULL, submit_buffer_length,
> + protocol_return_buffer, return_buffer_length, protocol_status
> + );
Bad parameters passed to the function, see compiler warnings.
> +
> + todo_wine {
> + ok(status == STATUS_NO_SUCH_PACKAGE,
> + "LsaCallAuthenticationPackage(valid_handle, invalid, ...) returned 0x%x\n", status);
> + }
> +}
> +
> +static void test_LsaCallAuthenticationPackage_null_submit_buffer(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> + LSA_STRING package_name;
> + ULONG auth_package;
> + package_name.Buffer = package_name_kerberos;
> + package_name.Length = (USHORT)strlen(package_name.Buffer);
> + ULONG submit_buffer_length = 0;
Very specific compiler warning that you can't declare variables after code.
> +
> + VOID *protocol_return_buffer;
> + ULONG *return_buffer_length;
> + PNTSTATUS protocol_status;
> +
> + LsaConnectUntrusted(&lsa_handle);
> + LsaLookupAuthenticationPackage(lsa_handle, &package_name, &auth_package);
> + status = LsaCallAuthenticationPackage(
> + lsa_handle, auth_package, NULL, submit_buffer_length,
> + protocol_return_buffer, return_buffer_length, protocol_status
> + );
Bad parameters passed to the function, see compiler warnings.
> + todo_wine {
> + ok(status == STATUS_INVALID_PARAMETER,
> + "LsaCallAuthenticationPackage(...) returned 0x%x\n", status);
> + }
> +}
> +
> +static void test_LsaCallAuthenticationPackage_correct_submit_buffer(void)
> +{
> + NTSTATUS status;
> + HANDLE lsa_handle;
> + LSA_STRING package_name;
> + ULONG auth_package;
> + package_name.Buffer = package_name_kerberos;
> + package_name.Length = (USHORT)strlen(package_name.Buffer);
> + PKERB_RETRIEVE_TKT_REQUEST protocol_submit_buffer;
> +
> + VOID *protocol_return_buffer;
> + ULONG *return_buffer_length;
> + PNTSTATUS protocol_status;
> +
> + LsaConnectUntrusted(&lsa_handle);
> + LsaLookupAuthenticationPackage(lsa_handle, &package_name, &auth_package);
> +
> + protocol_submit_buffer = LocalAlloc(LMEM_ZEROINIT, sizeof(KERB_RETRIEVE_TKT_REQUEST));
> + protocol_submit_buffer->MessageType = KerbRetrieveEncodedTicketMessage;
> +
> + status = LsaCallAuthenticationPackage(
> + lsa_handle, auth_package, protocol_submit_buffer, sizeof(KERB_RETRIEVE_TKT_REQUEST),
> + protocol_return_buffer, return_buffer_length, protocol_status
> + );
> +
> + ok(status == STATUS_SUCCESS, "LsaCallAuthenticationPackage(...) returned 0x%x\n", status);
> +}
> +
> +START_TEST(lsa)
> +{
> + test_LsaConnectUntrusted_null_handle();
> + test_LsaConnectUntrsuted_correct_handle();
Untrusted misspelling.
> + test_LsaLookupAuthenticationPackage_null_handle();
> + test_LsaLookupAuthenticationPackage_correct_handle();
> + test_LsaLookupAuthenticationPackage_correct_handle_wrong_name();
> + test_LsaCallAuthenticationPackage_invalid_handle();
> + test_LsaCallAuthenticationPackage_invalid_package();
> + test_LsaCallAuthenticationPackage_null_submit_buffer();
> + test_LsaCallAuthenticationPackage_correct_submit_buffer();
> +
> + if(secdll)
> + FreeLibrary(secdll);
As I said earlier this is not required.
> +}
> diff --git a/include/ntsecapi.h b/include/ntsecapi.h
> index 2bb3d31..439f67e 100644
> --- a/include/ntsecapi.h
> +++ b/include/ntsecapi.h
> @@ -387,6 +387,44 @@ NTSTATUS WINAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID,TRUSTED_INFORMATI
> NTSTATUS WINAPI LsaStorePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,PLSA_UNICODE_STRING);
> NTSTATUS WINAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS,HANDLE);
>
> +#ifndef MICROSOFT_KERBEROS_NAME_A
> +
> +#define MICROSOFT_KERBEROS_NAME_A "Kerberos"
> +#define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
You can't use L to define WCHAR data.
> +#ifdef WIN32_CHICAGO
Where is this from? Not a single Wine header has that name.
> +#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A
> +#else
> +#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W
> +#endif
> +#endif
> +
> +typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
> + KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage,
> + KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage,
> + KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage,
> + KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage,
> + KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message
These lines are too long, try to keep around 100 columns.
> +} KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE;
> +
> +#ifndef __SECHANDLE_DEFINED__
> + typedef struct _SecHandle {
> + ULONG_PTR dwLower;
> + ULONG_PTR dwUpper;
> + } SecHandle,*PSecHandle;
> +
> +#define __SECHANDLE_DEFINED__
> +#endif
> +
> +typedef struct _KERB_RETRIEVE_TKT_REQUEST {
> + KERB_PROTOCOL_MESSAGE_TYPE MessageType;
> + LUID LogonId;
> + UNICODE_STRING TargetName;
> + ULONG TicketFlags;
> + ULONG CacheOptions;
> + LONG EncryptionType;
> + SecHandle CredentialsHandle;
> +} KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST;
> +
> #ifdef __cplusplus
> } /* extern "C" */
> #endif /* defined(__cplusplus) */
> --
> 1.9.1
>
>
>
More information about the wine-devel
mailing list