[akhaldi] 62866: [SECUR32_WINETEST] * Sync with Wine 1.7.17. CORE-8080 - Ros-diffs

22 Apr 2014

Author: akhaldi
Date: Tue Apr 22 11:12:43 2014
New Revision: 62866
URL: http://svn.reactos.org/svn/reactos?rev=62866&view=rev
Log:
[SECUR32_WINETEST]
* Sync with Wine 1.7.17.
CORE-8080
Added:
    trunk/rostests/winetests/secur32/negotiate.c   (with props)
Modified:
    trunk/rostests/winetests/secur32/CMakeLists.txt
    trunk/rostests/winetests/secur32/main.c
    trunk/rostests/winetests/secur32/ntlm.c
    trunk/rostests/winetests/secur32/schannel.c
    trunk/rostests/winetests/secur32/secur32.c
    trunk/rostests/winetests/secur32/testlist.c
Modified: trunk/rostests/winetests/secur32/CMakeLists.txt
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/CMakeLis...
==============================================================================

--- trunk/rostests/winetests/secur32/CMakeLists.txt	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/CMakeLists.txt	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -1,17 +1,13 @@
-
-add_definitions(
-    -D__ROS_LONG64__
-    -D_DLL -D__USE_CRTIMP)
list(APPEND SOURCE
     main.c
+    negotiate.c
     ntlm.c
     schannel.c
     secur32.c
     testlist.c)
add_executable(secur32_winetest ${SOURCE})
-target_link_libraries(secur32_winetest wine)
 set_module_type(secur32_winetest win32cui)
-add_importlibs(secur32_winetest advapi32 msvcrt kernel32 ntdll)
+add_importlibs(secur32_winetest advapi32 ws2_32 msvcrt kernel32)
 add_cd_file(TARGET secur32_winetest DESTINATION reactos/bin FOR all)
Modified: trunk/rostests/winetests/secur32/main.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/main.c?r...
==============================================================================
--- trunk/rostests/winetests/secur32/main.c	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/main.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -22,7 +22,7 @@
#include <stdarg.h>
 #include <stdio.h>
-#include <assert.h>
+
 #include <windef.h>
 #include <winbase.h>
 #include <sspi.h>
@@ -108,7 +108,7 @@
 /* Helper for testQuerySecurityPagageInfo */
static SECURITY_STATUS setupPackageA(SEC_CHAR *p_package_name, 
-        PSecPkgInfo *p_pkg_info)
+        PSecPkgInfoA *p_pkg_info)
 {
     SECURITY_STATUS ret;
@@ -121,7 +121,7 @@
static void testInitSecurityInterface(void)
 {
-    PSecurityFunctionTable sec_fun_table = NULL;
+    PSecurityFunctionTableA sec_fun_table = NULL;
sec_fun_table = pInitSecurityInterfaceA();
     ok(sec_fun_table != NULL, "InitSecurityInterface() returned NULL.\n");
@@ -133,7 +133,7 @@
SECURITY_STATUS sec_status;
     ULONG           num_packages, i;
-    PSecPkgInfo     pkg_info = NULL;
+    PSecPkgInfoA    pkg_info = NULL;
trace("Running testEnumerateSecurityPackages\n");
@@ -197,7 +197,7 @@
 static void testQuerySecurityPackageInfo(void)
 {
     SECURITY_STATUS     sec_status;
-    PSecPkgInfo         pkg_info;
+    PSecPkgInfoA        pkg_info;
     static SEC_CHAR     ntlm[]     = "NTLM",
                         winetest[] = "Winetest";
Added: trunk/rostests/winetests/secur32/negotiate.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/negotiat...
==============================================================================
--- trunk/rostests/winetests/secur32/negotiate.c	(added)
+++ trunk/rostests/winetests/secur32/negotiate.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -0,0 +1,387 @@
+/*
+ * Tests for the Negotiate security provider
+ *
+ * Copyright 2005, 2006 Kai Blin
+ * Copyright 2012 Hans Leidekker for CodeWeavers
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <windef.h>
+#include <winbase.h>
+#define SECURITY_WIN32
+#include <sspi.h>
+#include <rpc.h>
+#include <rpcdce.h>
+#include <secext.h>
+
+#include "wine/test.h"
+
+static HMODULE hsecur32;
+static SECURITY_STATUS (SEC_ENTRY * pAcceptSecurityContext)(PCredHandle, PCtxtHandle,
+    PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc, PULONG, PTimeStamp);
+static SECURITY_STATUS (SEC_ENTRY * pAcquireCredentialsHandleA)(SEC_CHAR *, SEC_CHAR *,
+    ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp);
+static SECURITY_STATUS (SEC_ENTRY * pCompleteAuthToken)(PCtxtHandle, PSecBufferDesc);
+static SECURITY_STATUS (SEC_ENTRY * pDecryptMessage)(PCtxtHandle, PSecBufferDesc, ULONG, PULONG);
+static SECURITY_STATUS (SEC_ENTRY * pDeleteSecurityContext)(PCtxtHandle);
+static SECURITY_STATUS (SEC_ENTRY * pEncryptMessage)(PCtxtHandle, ULONG, PSecBufferDesc, ULONG);
+static SECURITY_STATUS (SEC_ENTRY * pFreeContextBuffer)(PVOID);
+static SECURITY_STATUS (SEC_ENTRY * pFreeCredentialsHandle)(PCredHandle);
+static SECURITY_STATUS (SEC_ENTRY * pInitializeSecurityContextA)(PCredHandle, PCtxtHandle,
+    SEC_CHAR *, ULONG, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle, PSecBufferDesc,
+    PULONG, PTimeStamp);
+static PSecurityFunctionTableA (SEC_ENTRY * pInitSecurityInterfaceA)(void);
+static SECURITY_STATUS (SEC_ENTRY * pMakeSignature)(PCtxtHandle, ULONG, PSecBufferDesc, ULONG);
+static SECURITY_STATUS (SEC_ENTRY * pQueryContextAttributesA)(PCtxtHandle, ULONG, PVOID);
+static SECURITY_STATUS (SEC_ENTRY * pQuerySecurityPackageInfoA)(SEC_CHAR *, PSecPkgInfoA *);
+static SECURITY_STATUS (SEC_ENTRY * pVerifySignature)(PCtxtHandle, PSecBufferDesc, ULONG, PULONG);
+
+static void init_function_ptrs(void)
+{
+    if (!(hsecur32 = LoadLibraryA("secur32.dll"))) return;
+    pAcceptSecurityContext      = (void *)GetProcAddress(hsecur32, "AcceptSecurityContext");
+    pAcquireCredentialsHandleA  = (void *)GetProcAddress(hsecur32, "AcquireCredentialsHandleA");
+    pCompleteAuthToken          = (void *)GetProcAddress(hsecur32, "CompleteAuthToken");
+    pDecryptMessage             = (void *)GetProcAddress(hsecur32, "DecryptMessage");
+    pDeleteSecurityContext      = (void *)GetProcAddress(hsecur32, "DeleteSecurityContext");
+    pEncryptMessage             = (void *)GetProcAddress(hsecur32, "EncryptMessage");
+    pFreeContextBuffer          = (void *)GetProcAddress(hsecur32, "FreeContextBuffer");
+    pFreeCredentialsHandle      = (void *)GetProcAddress(hsecur32, "FreeCredentialsHandle");
+    pInitializeSecurityContextA = (void *)GetProcAddress(hsecur32, "InitializeSecurityContextA");
+    pInitSecurityInterfaceA     = (void *)GetProcAddress(hsecur32, "InitSecurityInterfaceA");
+    pMakeSignature              = (void *)GetProcAddress(hsecur32, "MakeSignature");
+    pQueryContextAttributesA    = (void *)GetProcAddress(hsecur32, "QueryContextAttributesA");
+    pQuerySecurityPackageInfoA  = (void *)GetProcAddress(hsecur32, "QuerySecurityPackageInfoA");
+    pVerifySignature            = (void *)GetProcAddress(hsecur32, "VerifySignature");
+}
+
+#define NEGOTIATE_BASE_CAPS ( \
+    SECPKG_FLAG_INTEGRITY  | \
+    SECPKG_FLAG_PRIVACY    | \
+    SECPKG_FLAG_CONNECTION | \
+    SECPKG_FLAG_MULTI_REQUIRED | \
+    SECPKG_FLAG_EXTENDED_ERROR | \
+    SECPKG_FLAG_IMPERSONATION  | \
+    SECPKG_FLAG_ACCEPT_WIN32_NAME | \
+    SECPKG_FLAG_NEGOTIABLE        | \
+    SECPKG_FLAG_GSS_COMPATIBLE    | \
+    SECPKG_FLAG_LOGON )
+
+#define NTLM_BASE_CAPS ( \
+    SECPKG_FLAG_INTEGRITY  | \
+    SECPKG_FLAG_PRIVACY    | \
+    SECPKG_FLAG_TOKEN_ONLY | \
+    SECPKG_FLAG_CONNECTION | \
+    SECPKG_FLAG_MULTI_REQUIRED    | \
+    SECPKG_FLAG_IMPERSONATION     | \
+    SECPKG_FLAG_ACCEPT_WIN32_NAME | \
+    SECPKG_FLAG_NEGOTIABLE        | \
+    SECPKG_FLAG_LOGON )
+
+struct sspi_data
+{
+    CredHandle cred;
+    CtxtHandle ctxt;
+    PSecBufferDesc in_buf;
+    PSecBufferDesc out_buf;
+    PSEC_WINNT_AUTH_IDENTITY_A id;
+    ULONG max_token;
+};
+
+static void cleanup_buffers( struct sspi_data *data )
+{
+    unsigned int i;
+
+    if (data->in_buf)
+    {
+        for (i = 0; i < data->in_buf->cBuffers; ++i)
+            HeapFree( GetProcessHeap(), 0, data->in_buf->pBuffers[i].pvBuffer );
+        HeapFree( GetProcessHeap(), 0, data->in_buf->pBuffers );
+        HeapFree( GetProcessHeap(), 0, data->in_buf );
+    }
+    if (data->out_buf)
+    {
+        for (i = 0; i < data->out_buf->cBuffers; ++i)
+            HeapFree( GetProcessHeap(), 0, data->out_buf->pBuffers[i].pvBuffer );
+        HeapFree( GetProcessHeap(), 0, data->out_buf->pBuffers );
+        HeapFree( GetProcessHeap(), 0, data->out_buf );
+    }
+}
+
+static void setup_buffers( struct sspi_data *data, SecPkgInfoA *info )
+{
+    SecBuffer *buffer = HeapAlloc( GetProcessHeap(), 0, sizeof(SecBuffer) );
+
+    data->in_buf  = HeapAlloc( GetProcessHeap(), 0, sizeof(SecBufferDesc) );
+    data->out_buf = HeapAlloc( GetProcessHeap(), 0, sizeof(SecBufferDesc) );
+    data->max_token = info->cbMaxToken;
+
+    data->in_buf->ulVersion = SECBUFFER_VERSION;
+    data->in_buf->cBuffers  = 1;
+    data->in_buf->pBuffers  = buffer;
+
+    buffer->cbBuffer   = info->cbMaxToken;
+    buffer->BufferType = SECBUFFER_TOKEN;
+    buffer->pvBuffer   = HeapAlloc( GetProcessHeap(), 0, info->cbMaxToken );
+
+    buffer = HeapAlloc( GetProcessHeap(), 0, sizeof(SecBuffer) );
+
+    data->out_buf->ulVersion = SECBUFFER_VERSION;
+    data->out_buf->cBuffers  = 1;
+    data->out_buf->pBuffers  = buffer;
+
+    buffer->cbBuffer   = info->cbMaxToken;
+    buffer->BufferType = SECBUFFER_TOKEN;
+    buffer->pvBuffer   = HeapAlloc( GetProcessHeap(), 0, info->cbMaxToken );
+}
+
+static SECURITY_STATUS setup_client( struct sspi_data *data, SEC_CHAR *provider )
+{
+    SECURITY_STATUS ret;
+    SecPkgInfoA *info;
+    TimeStamp ttl;
+
+    trace( "setting up client\n" );
+
+    ret = pQuerySecurityPackageInfoA( provider, &info );
+    ok( ret == SEC_E_OK, "QuerySecurityPackageInfo returned %08x\n", ret );
+
+    setup_buffers( data, info );
+    pFreeContextBuffer( info );
+
+    ret = pAcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL,
+                                      data->id, NULL, NULL, &data->cred, &ttl );
+    ok( ret == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", ret );
+    return ret;
+}
+
+static SECURITY_STATUS setup_server( struct sspi_data *data, SEC_CHAR *provider )
+{
+    SECURITY_STATUS ret;
+    SecPkgInfoA *info;
+    TimeStamp ttl;
+
+    trace( "setting up server\n" );
+
+    ret = pQuerySecurityPackageInfoA( provider, &info );
+    ok( ret == SEC_E_OK, "QuerySecurityPackageInfo returned %08x\n", ret );
+
+    setup_buffers( data, info );
+    pFreeContextBuffer( info );
+
+    ret = pAcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_INBOUND, NULL,
+                                      NULL, NULL, NULL, &data->cred, &ttl );
+    ok( ret == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", ret );
+    return ret;
+}
+
+static SECURITY_STATUS run_client( struct sspi_data *data, BOOL first )
+{
+    SECURITY_STATUS ret;
+    TimeStamp ttl;
+    ULONG attr;
+
+    trace( "running client for the %s time\n", first ? "first" : "second" );
+
+    data->out_buf->pBuffers[0].cbBuffer = data->max_token;
+    data->out_buf->pBuffers[0].BufferType = SECBUFFER_TOKEN;
+
+    ret = pInitializeSecurityContextA( first ? &data->cred : NULL, first ? NULL : &data->ctxt,
+                                       NULL, 0, 0, SECURITY_NETWORK_DREP, first ? NULL : data->in_buf,
+                                       0, &data->ctxt, data->out_buf, &attr, &ttl );
+    if (ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
+    {
+        pCompleteAuthToken( &data->ctxt, data->out_buf );
+        if (ret == SEC_I_COMPLETE_AND_CONTINUE)
+            ret = SEC_I_CONTINUE_NEEDED;
+        else if (ret == SEC_I_COMPLETE_NEEDED)
+            ret = SEC_E_OK;
+    }
+    ok( data->out_buf->pBuffers[0].BufferType == SECBUFFER_TOKEN,
+        "buffer type changed from SECBUFFER_TOKEN to %u\n", data->out_buf->pBuffers[0].BufferType );
+    ok( data->out_buf->pBuffers[0].cbBuffer < data->max_token,
+        "InitializeSecurityContext didn't change buffer size\n" );
+    return ret;
+}
+
+static SECURITY_STATUS run_server( struct sspi_data *data, BOOL first )
+{
+    SECURITY_STATUS ret;
+    TimeStamp ttl;
+    ULONG attr;
+
+    trace( "running server for the %s time\n", first ? "first" : "second" );
+
+    ret = pAcceptSecurityContext( &data->cred, first ? NULL : &data->ctxt,
+                                  data->in_buf, 0, SECURITY_NETWORK_DREP,
+                                  &data->ctxt, data->out_buf, &attr, &ttl );
+    if (ret == SEC_I_COMPLETE_AND_CONTINUE || ret == SEC_I_COMPLETE_NEEDED)
+    {
+        pCompleteAuthToken( &data->ctxt, data->out_buf );
+        if (ret == SEC_I_COMPLETE_AND_CONTINUE)
+            ret = SEC_I_CONTINUE_NEEDED;
+        else if (ret == SEC_I_COMPLETE_NEEDED)
+            ret = SEC_E_OK;
+    }
+    return ret;
+}
+
+static void communicate( struct sspi_data *from, struct sspi_data *to )
+{
+    trace( "running communicate\n" );
+    memset( to->in_buf->pBuffers[0].pvBuffer, 0, to->max_token );
+    memcpy( to->in_buf->pBuffers[0].pvBuffer, from->out_buf->pBuffers[0].pvBuffer,
+            from->out_buf->pBuffers[0].cbBuffer );
+    to->in_buf->pBuffers[0].cbBuffer = from->out_buf->pBuffers[0].cbBuffer;
+    memset( from->out_buf->pBuffers[0].pvBuffer, 0, from->max_token );
+}
+
+static void test_authentication(void)
+{
+    SECURITY_STATUS status_c = SEC_I_CONTINUE_NEEDED,
+                    status_s = SEC_I_CONTINUE_NEEDED, status;
+    struct sspi_data client, server;
+    SEC_WINNT_AUTH_IDENTITY_A id;
+    SecPkgContext_NegotiationInfoA info;
+    SecPkgContext_Sizes sizes;
+    SecPkgInfoA *pi;
+    BOOL first = TRUE;
+
+    id.User = (unsigned char *)"user";
+    id.UserLength = strlen( "user" );
+    id.Domain = (unsigned char *)"domain";
+    id.DomainLength = strlen( "domain" );
+    id.Password = (unsigned char *)"password";
+    id.PasswordLength = strlen( "password" );
+    id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+
+    client.id = &id;
+    if ((status = setup_client( &client, (SEC_CHAR *)"Negotiate" )))
+    {
+        skip( "setup_client returned %08x, skipping test\n", status );
+        return;
+    }
+    if ((status = setup_server( &server, (SEC_CHAR *)"Negotiate" )))
+    {
+        skip( "setup_server returned %08x, skipping test\n", status );
+        pFreeCredentialsHandle( &client.cred );
+        return;
+    }
+
+    while (status_c == SEC_I_CONTINUE_NEEDED && status_s == SEC_I_CONTINUE_NEEDED)
+    {
+        status_c = run_client( &client, first );
+        ok( status_c == SEC_E_OK || status_c == SEC_I_CONTINUE_NEEDED,
+            "client returned %08x, more tests will fail\n", status_c );
+
+        communicate( &client, &server );
+
+        status_s = run_server( &server, first );
+        ok( status_s == SEC_E_OK || status_s == SEC_I_CONTINUE_NEEDED ||
+            status_s == SEC_E_LOGON_DENIED,
+            "server returned %08x, more tests will fail\n", status_s );
+
+        communicate( &server, &client );
+        trace( "looping\n");
+        first = FALSE;
+    }
+    if (status_c != SEC_E_OK)
+    {
+        skip( "authentication failed, skipping remaining tests\n" );
+        goto done;
+    }
+
+    sizes.cbMaxToken        = 0xdeadbeef;
+    sizes.cbMaxSignature    = 0xdeadbeef;
+    sizes.cbSecurityTrailer = 0xdeadbeef;
+    sizes.cbBlockSize       = 0xdeadbeef;
+    status_c = pQueryContextAttributesA( &client.ctxt, SECPKG_ATTR_SIZES, &sizes );
+    ok( status_c == SEC_E_OK, "pQueryContextAttributesA returned %08x\n", status_c );
+    ok( sizes.cbMaxToken == 2888 || sizes.cbMaxToken == 1904,
+        "expected 2888 or 1904, got %u\n", sizes.cbMaxToken );
+    ok( sizes.cbMaxSignature == 16, "expected 16, got %u\n", sizes.cbMaxSignature );
+    ok( sizes.cbSecurityTrailer == 16, "expected 16, got %u\n", sizes.cbSecurityTrailer );
+    ok( !sizes.cbBlockSize, "expected 0, got %u\n", sizes.cbBlockSize );
+
+    memset( &info, 0, sizeof(info) );
+    status_c = pQueryContextAttributesA( &client.ctxt, SECPKG_ATTR_NEGOTIATION_INFO, &info );
+    ok( status_c == SEC_E_OK, "pQueryContextAttributesA returned %08x\n", status_c );
+
+    pi = info.PackageInfo;
+    ok( info.NegotiationState == SECPKG_NEGOTIATION_COMPLETE, "got %u\n", info.NegotiationState );
+    ok( pi != NULL, "expected non-NULL PackageInfo\n" );
+    if (pi)
+    {
+        ok( pi->fCapabilities == NTLM_BASE_CAPS ||
+            pi->fCapabilities == (NTLM_BASE_CAPS|SECPKG_FLAG_READONLY_WITH_CHECKSUM) ||
+            pi->fCapabilities == (NTLM_BASE_CAPS|SECPKG_FLAG_RESTRICTED_TOKENS) ||
+            pi->fCapabilities == (NTLM_BASE_CAPS|SECPKG_FLAG_RESTRICTED_TOKENS|
+                                  SECPKG_FLAG_APPCONTAINER_CHECKS),
+            "got %08x\n", pi->fCapabilities );
+        ok( pi->wVersion == 1, "got %u\n", pi->wVersion );
+        ok( pi->wRPCID == RPC_C_AUTHN_WINNT, "got %u\n", pi->wRPCID );
+        ok( !lstrcmpA( pi->Name, "NTLM" ), "got %s\n", pi->Name );
+    }
+
+done:
+    cleanup_buffers( &client );
+    cleanup_buffers( &server );
+
+    status_c = pDeleteSecurityContext( &client.ctxt );
+    ok( status_c == SEC_E_OK, "DeleteSecurityContext returned %08x\n", status_c );
+
+    status_s = pDeleteSecurityContext( &server.ctxt );
+    ok( status_s == SEC_E_OK, "DeleteSecurityContext returned %08x\n", status_s );
+
+    status_c = pFreeCredentialsHandle( &client.cred );
+    ok( status_c == SEC_E_OK, "FreeCredentialsHandle returned %08x\n", status_c );
+
+    status_s = pFreeCredentialsHandle(&server.cred);
+    ok( status_s == SEC_E_OK, "FreeCredentialsHandle returned %08x\n", status_s );
+}
+
+START_TEST(negotiate)
+{
+    SecPkgInfoA *info;
+
+    init_function_ptrs();
+
+    if (!pFreeCredentialsHandle || !pAcquireCredentialsHandleA || !pQuerySecurityPackageInfoA ||
+        !pFreeContextBuffer)
+    {
+        win_skip("functions are not available\n");
+        return;
+    }
+    if (pQuerySecurityPackageInfoA( (SEC_CHAR *)"Negotiate", &info ))
+    {
+        ok( 0, "Negotiate package not installed, skipping test\n" );
+        return;
+    }
+    ok( info->fCapabilities == NEGOTIATE_BASE_CAPS ||
+        info->fCapabilities == (NEGOTIATE_BASE_CAPS|SECPKG_FLAG_READONLY_WITH_CHECKSUM) ||
+        info->fCapabilities == (NEGOTIATE_BASE_CAPS|SECPKG_FLAG_RESTRICTED_TOKENS) ||
+        info->fCapabilities == (NEGOTIATE_BASE_CAPS|SECPKG_FLAG_RESTRICTED_TOKENS|
+                                SECPKG_FLAG_APPCONTAINER_CHECKS),
+        "got %08x\n", info->fCapabilities );
+    ok( info->wVersion == 1, "got %u\n", info->wVersion );
+    ok( info->wRPCID == RPC_C_AUTHN_GSS_NEGOTIATE, "got %u\n", info->wRPCID );
+    ok( !lstrcmpA( info->Name, "Negotiate" ), "got %s\n", info->Name );
+    pFreeContextBuffer( info );
+
+    test_authentication();
+}
Propchange: trunk/rostests/winetests/secur32/negotiate.c
------------------------------------------------------------------------------
    svn:eol-style = native
Modified: trunk/rostests/winetests/secur32/ntlm.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/ntlm.c?r...
==============================================================================
--- trunk/rostests/winetests/secur32/ntlm.c	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/ntlm.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -67,7 +67,7 @@
     CtxtHandle ctxt;
     PSecBufferDesc in_buf;
     PSecBufferDesc out_buf;
-    PSEC_WINNT_AUTH_IDENTITY id;
+    PSEC_WINNT_AUTH_IDENTITY_A id;
     ULONG max_token;
 } SspiData;
@@ -113,7 +113,7 @@
    {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, 0x6f, 0x72,
     0x6c, 0x64, 0x21};
-static char message[] = "Hello, world!";
+static const char message[] = "Hello, world!";
static char message_header[] = "Header Test";
@@ -565,9 +565,9 @@
 static void testInitializeSecurityContextFlags(void)
 {
     SECURITY_STATUS         sec_status;
-    PSecPkgInfo             pkg_info = NULL;
+    PSecPkgInfoA            pkg_info = NULL;
     SspiData                client;
-    SEC_WINNT_AUTH_IDENTITY id;
+    SEC_WINNT_AUTH_IDENTITY_A id;
     static char             sec_pkg_name[] = "NTLM",
                             test_user[]    = "testuser",
                             workgroup[]    = "WORKGROUP",
@@ -578,7 +578,7 @@
if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
     {
-        skip("Package not installed, skipping test!\n");
+        ok(0, "NTLM package not installed, skipping test.\n");
         return;
     }
@@ -788,10 +788,10 @@
     SECURITY_STATUS         client_stat = SEC_I_CONTINUE_NEEDED;
     SECURITY_STATUS         server_stat = SEC_I_CONTINUE_NEEDED;
     SECURITY_STATUS         sec_status;
-    PSecPkgInfo             pkg_info = NULL;
+    PSecPkgInfoA            pkg_info = NULL;
     BOOL                    first = TRUE;
     SspiData                client, server;
-    SEC_WINNT_AUTH_IDENTITY id;
+    SEC_WINNT_AUTH_IDENTITY_A id;
     SecPkgContext_Sizes     ctxt_sizes;
     static char             sec_pkg_name[] = "NTLM",
                             test_user[] = "testuser",
@@ -800,7 +800,7 @@
if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info)!= SEC_E_OK)
     {
-        skip("Package not installed, skipping test.\n");
+        ok(0, "NTLM package not installed, skipping test.\n");
         return;
     }
@@ -921,10 +921,10 @@
     SECURITY_STATUS         client_stat = SEC_I_CONTINUE_NEEDED;
     SECURITY_STATUS         server_stat = SEC_I_CONTINUE_NEEDED;
     SECURITY_STATUS         sec_status;
-    PSecPkgInfo             pkg_info = NULL;
+    PSecPkgInfoA            pkg_info = NULL;
     BOOL                    first = TRUE;
     SspiData                client, server;
-    SEC_WINNT_AUTH_IDENTITY id;
+    SEC_WINNT_AUTH_IDENTITY_A id;
     static char             sec_pkg_name[] = "NTLM";
     SecBufferDesc           crypt;
     SecBuffer               data[2], fake_data[2], complex_data[4];
@@ -942,7 +942,7 @@
      */
     if(pQuerySecurityPackageInfoA( sec_pkg_name, &pkg_info) != SEC_E_OK)
     {
-        skip("Package not installed, skipping test.\n");
+        ok(0, "NTLM package not installed, skipping test.\n");
         return;
     }
@@ -968,6 +968,7 @@
     }
sec_status = setupFakeServer(&server, sec_pkg_name);
+    ok(sec_status == SEC_E_OK, "setupFakeServer returned %s\n", getSecError(sec_status));
while(client_stat == SEC_I_CONTINUE_NEEDED && server_stat == SEC_I_CONTINUE_NEEDED)
     {
@@ -1003,7 +1004,7 @@
     fake_data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[0].cbBuffer);
fake_data[1].BufferType = SECBUFFER_DATA;
-    fake_data[1].cbBuffer = lstrlen(message);
+    fake_data[1].cbBuffer = lstrlenA(message);
     fake_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, fake_data[1].cbBuffer);
sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
@@ -1018,7 +1019,7 @@
     data[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[0].cbBuffer);
data[1].BufferType = SECBUFFER_DATA;
-    data[1].cbBuffer = lstrlen(message);
+    data[1].cbBuffer = lstrlenA(message);
     data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
     memcpy(data[1].pvBuffer, message, data[1].cbBuffer);
@@ -1057,23 +1058,91 @@
     ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
             getSecError(sec_status));
-    ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
-               crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
-    if (memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
-               crypt.pBuffers[0].cbBuffer))
-    {
-        int i;
-        for (i = 0; i < crypt.pBuffers[0].cbBuffer; i++)
+    /* first 8 bytes must always be the same */
+    ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, 8), "Crypt trailer not as expected.\n");
+
+    /* the rest depends on the session key */
+    if (!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client, crypt.pBuffers[0].cbBuffer))
+    {
+        ok(!memcmp(crypt.pBuffers[0].pvBuffer, crypt_trailer_client,
+                   crypt.pBuffers[0].cbBuffer), "Crypt trailer not as expected.\n");
+        ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
+                   crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
+        if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
+                   crypt.pBuffers[1].cbBuffer))
         {
-            if (i % 8 == 0) printf("     ");
-            printf("0x%02x,", ((unsigned char *)crypt.pBuffers[0].pvBuffer)[i]);
-            if (i % 8 == 7) printf("\n");
+            int i;
+            for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++)
+            {
+                if (i % 8 == 0) printf("     ");
+                printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]);
+                if (i % 8 == 7) printf("\n");
+            }
+            printf("\n");
         }
-        printf("\n");
-    }
-    ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
+
+        data[0].cbBuffer = sizeof(crypt_trailer_server);
+        data[1].cbBuffer = sizeof(crypt_message_server);
+        memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
+        memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
+
+        sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop);
+
+        ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
+           getSecError(sec_status));
+        ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
+                   crypt.pBuffers[1].cbBuffer),
+           "Failed to decrypt message correctly.\n");
+    }
+    else trace( "A different session key is being used\n" );
+
+    trace("Testing with more than one buffer.\n");
+
+    crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
+    crypt.pBuffers = complex_data;
+
+    complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
+    complex_data[0].cbBuffer = sizeof(message_header);
+    complex_data[0].pvBuffer = message_header;
+
+    complex_data[1].BufferType = SECBUFFER_DATA;
+    complex_data[1].cbBuffer = lstrlenA(message);
+    complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
+    memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
+
+    complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
+    complex_data[2].cbBuffer = sizeof(message_header);
+    complex_data[2].pvBuffer = message_header;
+
+    complex_data[3].BufferType = SECBUFFER_TOKEN;
+    complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
+    complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
+
+    /* We should get a dummy signature again. */
+    sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
+    ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
+            getSecError(sec_status));
+    ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
+               crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
+
+    /* Being a dummy signature, it will verify right away, as if the server
+     * sent it */
+    sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop);
+    ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
+            getSecError(sec_status));
+
+    sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0);
+    ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
+            getSecError(sec_status));
+
+    ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2, 8), "Crypt trailer not as expected.\n");
+
+    if (memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
+               crypt.pBuffers[3].cbBuffer)) goto end;
+
+    ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
                crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
-    if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client,
+    if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
                crypt.pBuffers[1].cbBuffer))
     {
         int i;
@@ -1086,88 +1155,6 @@
         printf("\n");
     }
-    data[0].cbBuffer = sizeof(crypt_trailer_server);
-    data[1].cbBuffer = sizeof(crypt_message_server);
-    memcpy(data[0].pvBuffer, crypt_trailer_server, data[0].cbBuffer);
-    memcpy(data[1].pvBuffer, crypt_message_server, data[1].cbBuffer);
-
-    sec_status = pDecryptMessage(&client.ctxt, &crypt, 0, &qop);
-
-    ok(sec_status == SEC_E_OK, "DecryptMessage returned %s, not SEC_E_OK.\n",
-            getSecError(sec_status));
-    ok(!memcmp(crypt.pBuffers[1].pvBuffer, message_binary,
-               crypt.pBuffers[1].cbBuffer),
-            "Failed to decrypt message correctly.\n");
-
-    trace("Testing with more than one buffer.\n");
-
-    crypt.cBuffers = sizeof(complex_data)/sizeof(complex_data[0]);
-    crypt.pBuffers = complex_data;
-
-    complex_data[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
-    complex_data[0].cbBuffer = sizeof(message_header);
-    complex_data[0].pvBuffer = message_header;
-
-    complex_data[1].BufferType = SECBUFFER_DATA;
-    complex_data[1].cbBuffer = lstrlen(message);
-    complex_data[1].pvBuffer = HeapAlloc(GetProcessHeap(), 0, data[1].cbBuffer);
-    memcpy(complex_data[1].pvBuffer, message, complex_data[1].cbBuffer);
-
-    complex_data[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
-    complex_data[2].cbBuffer = sizeof(message_header);
-    complex_data[2].pvBuffer = message_header;
-
-    complex_data[3].BufferType = SECBUFFER_TOKEN;
-    complex_data[3].cbBuffer = ctxt_sizes.cbSecurityTrailer;
-    complex_data[3].pvBuffer = HeapAlloc(GetProcessHeap(), 0, complex_data[3].cbBuffer);
-
-    /* We should get a dummy signature again. */
-    sec_status = pMakeSignature(&client.ctxt, 0, &crypt, 0);
-    ok(sec_status == SEC_E_OK, "MakeSignature returned %s, not SEC_E_OK.\n",
-            getSecError(sec_status));
-    ok(!memcmp(crypt.pBuffers[3].pvBuffer, message_signature,
-               crypt.pBuffers[3].cbBuffer), "Signature is not as expected.\n");
-
-    /* Being a dummy signature, it will verify right away, as if the server
-     * sent it */
-    sec_status = pVerifySignature(&client.ctxt, &crypt, 0, &qop);
-    ok(sec_status == SEC_E_OK, "VerifySignature returned %s, not SEC_E_OK\n",
-            getSecError(sec_status));
-
-    sec_status = pEncryptMessage(&client.ctxt, 0, &crypt, 0);
-    ok(sec_status == SEC_E_OK, "EncryptMessage returned %s, not SEC_E_OK.\n",
-            getSecError(sec_status));
-
-    ok(!memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
-               crypt.pBuffers[3].cbBuffer), "Crypt trailer not as expected.\n");
-    if (memcmp(crypt.pBuffers[3].pvBuffer, crypt_trailer_client2,
-               crypt.pBuffers[3].cbBuffer))
-    {
-        int i;
-        for (i = 0; i < crypt.pBuffers[3].cbBuffer; i++)
-        {
-            if (i % 8 == 0) printf("     ");
-            printf("0x%02x,", ((unsigned char *)crypt.pBuffers[3].pvBuffer)[i]);
-            if (i % 8 == 7) printf("\n");
-        }
-        printf("\n");
-    }
-
-    ok(!memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
-               crypt.pBuffers[1].cbBuffer), "Crypt message not as expected.\n");
-    if (memcmp(crypt.pBuffers[1].pvBuffer, crypt_message_client2,
-               crypt.pBuffers[1].cbBuffer))
-    {
-        int i;
-        for (i = 0; i < crypt.pBuffers[1].cbBuffer; i++)
-        {
-            if (i % 8 == 0) printf("     ");
-            printf("0x%02x,", ((unsigned char *)crypt.pBuffers[1].pvBuffer)[i]);
-            if (i % 8 == 7) printf("\n");
-        }
-        printf("\n");
-    }
-
     memcpy(complex_data[1].pvBuffer, crypt_message_server2, complex_data[1].cbBuffer);
     memcpy(complex_data[3].pvBuffer, crypt_trailer_server2, complex_data[3].cbBuffer);
@@ -1191,7 +1178,7 @@
     HeapFree(GetProcessHeap(), 0, complex_data[3].pvBuffer);
 }
-static void testAcquireCredentialsHandle(void)
+static BOOL testAcquireCredentialsHandle(void)
 {
     CredHandle cred;
     TimeStamp ttl;
@@ -1200,13 +1187,13 @@
                 test_pass[] = "testpass",
                 sec_pkg_name[] = "NTLM";
     SECURITY_STATUS ret;
-    SEC_WINNT_AUTH_IDENTITY id;
-    PSecPkgInfo             pkg_info = NULL;
+    SEC_WINNT_AUTH_IDENTITY_A id;
+    PSecPkgInfoA pkg_info = NULL;
if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
     {
-        skip("NTLM package not installed, skipping test\n");
-        return;
+        ok(0, "NTLM package not installed, skipping test\n");
+        return FALSE;
     }
     pFreeContextBuffer(pkg_info);
@@ -1257,6 +1244,7 @@
     ok(ret == SEC_E_OK, "AcquireCredentialsHande() returned %s\n",
             getSecError(ret));
     pFreeCredentialsHandle(&cred);
+    return TRUE;
 }
static void test_cred_multiple_use(void)
@@ -1266,8 +1254,8 @@
                 test_pass[] = "testpass",
                 sec_pkg_name[] = "NTLM";
     SECURITY_STATUS ret;
-    SEC_WINNT_AUTH_IDENTITY id;
-    PSecPkgInfo             pkg_info = NULL;
+    SEC_WINNT_AUTH_IDENTITY_A id;
+    PSecPkgInfoA            pkg_info = NULL;
     CredHandle              cred;
     CtxtHandle              ctxt1;
     CtxtHandle              ctxt2;
@@ -1278,7 +1266,7 @@
if(pQuerySecurityPackageInfoA(sec_pkg_name, &pkg_info) != SEC_E_OK)
     {
-        skip("NTLM package not installed, skipping test\n");
+        ok(0, "NTLM package not installed, skipping test\n");
         return;
     }
     buffers[0].cbBuffer = pkg_info->cbMaxToken;
@@ -1327,7 +1315,7 @@
 static void test_null_auth_data(void)
 {
     SECURITY_STATUS status;
-    PSecPkgInfo info;
+    PSecPkgInfoA info;
     CredHandle cred;
     CtxtHandle ctx;
     SecBufferDesc buffer_desc;
@@ -1339,7 +1327,7 @@
if(pQuerySecurityPackageInfoA((SEC_CHAR *)"NTLM", &info) != SEC_E_OK)
     {
-        skip("NTLM package not installed, skipping test\n");
+        ok(0, "NTLM package not installed, skipping test\n");
         return;
     }
@@ -1382,7 +1370,8 @@
        pInitializeSecurityContextA && pCompleteAuthToken &&
        pQuerySecurityPackageInfoA)
     {
-        testAcquireCredentialsHandle();
+        if(!testAcquireCredentialsHandle())
+            goto cleanup;
         testInitializeSecurityContextFlags();
         if(pAcceptSecurityContext)
         {
@@ -1401,6 +1390,7 @@
     else
         win_skip("Needed functions are not available\n");
+cleanup:
     if(secdll)
         FreeLibrary(secdll);
 }
Modified: trunk/rostests/winetests/secur32/schannel.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/schannel...
==============================================================================
--- trunk/rostests/winetests/secur32/schannel.c	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/schannel.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -24,6 +24,8 @@
 #define SECURITY_WIN32
 #include <security.h>
 #include <schannel.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
#include "wine/test.h"
@@ -34,14 +36,20 @@
 static FREE_CONTEXT_BUFFER_FN pFreeContextBuffer;
 static FREE_CREDENTIALS_HANDLE_FN pFreeCredentialsHandle;
 static QUERY_CREDENTIALS_ATTRIBUTES_FN_A pQueryCredentialsAttributesA;
+static INITIALIZE_SECURITY_CONTEXT_FN_A pInitializeSecurityContextA;
+static QUERY_CONTEXT_ATTRIBUTES_FN_A pQueryContextAttributesA;
+static DELETE_SECURITY_CONTEXT_FN pDeleteSecurityContext;
+static DECRYPT_MESSAGE_FN pDecryptMessage;
+static ENCRYPT_MESSAGE_FN pEncryptMessage;
static PCCERT_CONTEXT (WINAPI *pCertCreateCertificateContext)(DWORD,const BYTE*,DWORD);
 static BOOL (WINAPI *pCertFreeCertificateContext)(PCCERT_CONTEXT);
 static BOOL (WINAPI *pCertSetCertificateContextProperty)(PCCERT_CONTEXT,DWORD,DWORD,const void*);
+static PCCERT_CONTEXT (WINAPI *pCertEnumCertificatesInStore)(HCERTSTORE,PCCERT_CONTEXT);
static BOOL (WINAPI *pCryptAcquireContextW)(HCRYPTPROV*, LPCWSTR, LPCWSTR, DWORD, DWORD);
 static BOOL (WINAPI *pCryptDestroyKey)(HCRYPTKEY);
-static BOOL (WINAPI *pCryptImportKey)(HCRYPTPROV,CONST BYTE*,DWORD,HCRYPTKEY,DWORD,HCRYPTKEY*);
+static BOOL (WINAPI *pCryptImportKey)(HCRYPTPROV,const BYTE*,DWORD,HCRYPTKEY,DWORD,HCRYPTKEY*);
 static BOOL (WINAPI *pCryptReleaseContext)(HCRYPTPROV,ULONG_PTR);
static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
@@ -115,7 +123,7 @@
     secdll = LoadLibraryA("secur32.dll");
     if(!secdll)
         secdll = LoadLibraryA("security.dll");
-    advapi32dll = GetModuleHandleA("advapi32.dll");
+    advapi32dll = LoadLibraryA("advapi32.dll");
#define GET_PROC(h, func)  p ## func = (void*)GetProcAddress(h, #func)
@@ -126,6 +134,11 @@
         GET_PROC(secdll, FreeContextBuffer);
         GET_PROC(secdll, FreeCredentialsHandle);
         GET_PROC(secdll, QueryCredentialsAttributesA);
+        GET_PROC(secdll, InitializeSecurityContextA);
+        GET_PROC(secdll, QueryContextAttributesA);
+        GET_PROC(secdll, DeleteSecurityContext);
+        GET_PROC(secdll, DecryptMessage);
+        GET_PROC(secdll, EncryptMessage);
     }
GET_PROC(advapi32dll, CryptAcquireContextW);
@@ -136,6 +149,7 @@
     GET_PROC(crypt32dll, CertFreeCertificateContext);
     GET_PROC(crypt32dll, CertSetCertificateContextProperty);
     GET_PROC(crypt32dll, CertCreateCertificateContext);
+    GET_PROC(crypt32dll, CertEnumCertificatesInStore);
#undef GET_PROC
 }
@@ -152,6 +166,31 @@
     trace("strength %d - %d\n", strength.dwMinimumCipherStrength, strength.dwMaximumCipherStrength);
 }
+static void test_supported_protocols(CredHandle *handle, unsigned exprots)
+{
+    SecPkgCred_SupportedProtocols protocols;
+    SECURITY_STATUS status;
+
+    status = pQueryCredentialsAttributesA(handle, SECPKG_ATTR_SUPPORTED_PROTOCOLS, &protocols);
+    ok(status == SEC_E_OK, "QueryCredentialsAttributes failed: %08x\n", status);
+
+    if(exprots)
+        ok(protocols.grbitProtocol == exprots, "protocols.grbitProtocol = %x, expected %x\n", protocols.grbitProtocol, exprots);
+
+    trace("Supported protocols:\n");
+
+#define X(flag, name) do { if(protocols.grbitProtocol & flag) { trace(name "\n"); protocols.grbitProtocol &= ~flag; } }while(0)
+    X(SP_PROT_SSL2_CLIENT, "SSL 2 client");
+    X(SP_PROT_SSL3_CLIENT, "SSL 3 client");
+    X(SP_PROT_TLS1_0_CLIENT, "TLS 1.0 client");
+    X(SP_PROT_TLS1_1_CLIENT, "TLS 1.1 client");
+    X(SP_PROT_TLS1_2_CLIENT, "TLS 1.2 client");
+#undef X
+
+    if(protocols.grbitProtocol)
+        trace("Unknown flags: %x\n", protocols.grbitProtocol);
+}
+
 static void testAcquireSecurityContext(void)
 {
     BOOL has_schannel = FALSE;
@@ -159,6 +198,7 @@
     ULONG i;
     SECURITY_STATUS st;
     CredHandle cred;
+    SecPkgCredentials_NamesA names;
     TimeStamp exp;
     SCHANNEL_CRED schanCred;
     PCCERT_CONTEXT certs[2];
@@ -229,34 +269,41 @@
         /* Crashes on Win2K */
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
          NULL, NULL, NULL);
-        ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
-         st);
-    }
-    st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
-     NULL, NULL, NULL, NULL, NULL);
-    ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
-     st);
-    st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
-     NULL, NULL, NULL, NULL, NULL, NULL);
-    ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
-     st);
-    if (0)
-    {
+        ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
+
+        /* Crashes on WinNT */
+        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
+         NULL, NULL, NULL, NULL, NULL);
+        ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
+
+        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
+         NULL, NULL, NULL, NULL, NULL, NULL);
+        ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
+
         /* Crashes */
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
+        pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
          NULL, NULL, NULL, NULL, NULL, NULL);
     }
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
      NULL, NULL, NULL, NULL, &cred, NULL);
     ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
-    if(st == SEC_E_OK)
+    if(st == SEC_E_OK) {
+        st = pQueryCredentialsAttributesA(&cred, SECPKG_ATTR_SUPPORTED_PROTOCOLS, NULL);
+        ok(st == SEC_E_INTERNAL_ERROR, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", st);
+
+        test_supported_protocols(&cred, 0);
         pFreeCredentialsHandle(&cred);
+    }
     memset(&cred, 0, sizeof(cred));
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
      NULL, NULL, NULL, NULL, &cred, &exp);
     ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
     /* expriy is indeterminate in win2k3 */
     trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
+
+    st = pQueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
+    ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
+
     pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
@@ -264,13 +311,13 @@
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
      NULL, &schanCred, NULL, NULL, NULL, NULL);
     ok(st == SEC_E_INTERNAL_ERROR ||
-       st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-       "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+       st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
+       st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
      NULL, &schanCred, NULL, NULL, NULL, NULL);
     ok(st == SEC_E_INTERNAL_ERROR ||
-       st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-       "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+       st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
+       st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
     schanCred.dwVersion = SCHANNEL_CRED_VERSION;
@@ -289,7 +336,7 @@
     {
         /* Crashes with bad paCred pointer */
         schanCred.cCreds = 1;
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
+        pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
          NULL, &schanCred, NULL, NULL, NULL, NULL);
     }
@@ -300,14 +347,14 @@
     schanCred.paCred = &certs[0];
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
      NULL, &schanCred, NULL, NULL, NULL, NULL);
-    ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS,
-     "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
-     st);
+    ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
+       st == SEC_E_NO_CREDENTIALS ||
+       st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
     st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
      NULL, &schanCred, NULL, NULL, NULL, NULL);
-    ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS,
-     "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
-     st);
+    ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
+       st == SEC_E_NO_CREDENTIALS ||
+       st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* Good cert, but missing private key. Windows fails with
      * SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
@@ -333,14 +380,15 @@
         ret = pCertSetCertificateContextProperty(certs[1],
               CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
         schanCred.dwVersion = SCH_CRED_V3;
+        ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
              NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_UNKNOWN_CREDENTIALS,
-           "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+        ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
+           "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
              NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_UNKNOWN_CREDENTIALS,
-           "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+        ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
+           "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
     }
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
@@ -359,32 +407,34 @@
         if (0)
         {
             /* Crashes */
+            pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
+             NULL, &schanCred, NULL, NULL, NULL, NULL);
+
+            /* Crashes on WinNT */
+            /* Good cert with private key, bogus version */
+            schanCred.dwVersion = SCH_CRED_V1;
+            st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
+                NULL, &schanCred, NULL, NULL, &cred, NULL);
+            ok(st == SEC_E_INTERNAL_ERROR ||
+                st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
+                "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
             st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
-             NULL, &schanCred, NULL, NULL, NULL, NULL);
+                NULL, &schanCred, NULL, NULL, &cred, NULL);
+            ok(st == SEC_E_INTERNAL_ERROR ||
+                st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
+                "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+            schanCred.dwVersion = SCH_CRED_V2;
+            st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
+                NULL, &schanCred, NULL, NULL, &cred, NULL);
+            ok(st == SEC_E_INTERNAL_ERROR ||
+                st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
+                "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+            st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
+                NULL, &schanCred, NULL, NULL, &cred, NULL);
+            ok(st == SEC_E_INTERNAL_ERROR ||
+                st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
+                "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
         }
-        /* Good cert with private key, bogus version */
-        schanCred.dwVersion = SCH_CRED_V1;
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
-         NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_INTERNAL_ERROR ||
-           st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-           "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
-         NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_INTERNAL_ERROR ||
-           st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-           "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
-        schanCred.dwVersion = SCH_CRED_V2;
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
-         NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_INTERNAL_ERROR ||
-           st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-           "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
-        st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
-         NULL, &schanCred, NULL, NULL, &cred, NULL);
-        ok(st == SEC_E_INTERNAL_ERROR ||
-           st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
-           "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* Succeeds on V3 or higher */
         schanCred.dwVersion = SCH_CRED_V3;
@@ -417,21 +467,21 @@
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
          NULL, &schanCred, NULL, NULL, &cred, NULL);
         ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
-           st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */,
-           "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n", st);
+           st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
+           st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
          NULL, &schanCred, NULL, NULL, &cred, NULL);
         ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
-           st == SEC_E_NO_CREDENTIALS,
-           "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+           st == SEC_E_NO_CREDENTIALS ||
+           st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
         tmp = certs[0];
         certs[0] = certs[1];
         certs[1] = tmp;
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
          NULL, &schanCred, NULL, NULL, &cred, NULL);
         ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
-           st == SEC_E_NO_CREDENTIALS,
-           "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
+           st == SEC_E_NO_CREDENTIALS ||
+           st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
         st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
          NULL, &schanCred, NULL, NULL, &cred, NULL);
         ok(st == SEC_E_UNKNOWN_CREDENTIALS,
@@ -454,11 +504,407 @@
     }
 }
+static void test_remote_cert(PCCERT_CONTEXT remote_cert)
+{
+    PCCERT_CONTEXT iter = NULL;
+    BOOL incl_remote = FALSE;
+    unsigned cert_cnt = 0;
+
+    ok(remote_cert->hCertStore != NULL, "hCertStore == NULL\n");
+
+    while((iter = pCertEnumCertificatesInStore(remote_cert->hCertStore, iter))) {
+        if(iter == remote_cert)
+            incl_remote = TRUE;
+        cert_cnt++;
+    }
+
+    ok(cert_cnt == 2, "cert_cnt = %u\n", cert_cnt);
+    ok(incl_remote, "context does not contain cert itself\n");
+}
+
+static const char http_request[] = "HEAD /test.html HTTP/1.1\r\nHost: www.winehq.org\r\nConnection: close\r\n\r\n";
+
+static void init_cred(SCHANNEL_CRED *cred)
+{
+    cred->dwVersion = SCHANNEL_CRED_VERSION;
+    cred->cCreds = 0;
+    cred->paCred = 0;
+    cred->hRootStore = NULL;
+    cred->cMappers = 0;
+    cred->aphMappers = NULL;
+    cred->cSupportedAlgs = 0;
+    cred->palgSupportedAlgs = NULL;
+    cred->grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
+    cred->dwMinimumCipherStrength = 0;
+    cred->dwMaximumCipherStrength = 0;
+    cred->dwSessionLifespan = 0;
+    cred->dwFlags = 0;
+}
+
+static void init_buffers(SecBufferDesc *desc, unsigned count, unsigned size)
+{
+    desc->ulVersion = SECBUFFER_VERSION;
+    desc->cBuffers = count;
+    desc->pBuffers = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count*sizeof(SecBuffer));
+
+    desc->pBuffers[0].cbBuffer = size;
+    desc->pBuffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, size);
+}
+
+static void reset_buffers(SecBufferDesc *desc)
+{
+    unsigned i;
+
+    for (i = 0; i < desc->cBuffers; ++i)
+    {
+        desc->pBuffers[i].BufferType = SECBUFFER_EMPTY;
+        if (i > 0)
+        {
+            desc->pBuffers[i].cbBuffer = 0;
+            desc->pBuffers[i].pvBuffer = NULL;
+        }
+    }
+}
+
+static void free_buffers(SecBufferDesc *desc)
+{
+    HeapFree(GetProcessHeap(), 0, desc->pBuffers[0].pvBuffer);
+    HeapFree(GetProcessHeap(), 0, desc->pBuffers);
+}
+
+static int receive_data(SOCKET sock, SecBuffer *buf)
+{
+    unsigned received = 0;
+
+    while (1)
+    {
+        unsigned char *data = buf->pvBuffer;
+        unsigned expected = 0;
+        int ret;
+
+        ret = recv(sock, (char *)data+received, buf->cbBuffer-received, 0);
+        if (ret == -1)
+        {
+            skip("recv failed\n");
+            return -1;
+        }
+        else if(ret == 0)
+        {
+            skip("connection closed\n");
+            return -1;
+        }
+        received += ret;
+
+        while (expected < received)
+        {
+            unsigned frame_size = 5 + ((data[3]<<8) | data[4]);
+            expected += frame_size;
+            data += frame_size;
+        }
+
+        if (expected == received)
+            break;
+    }
+
+    buf->cbBuffer = received;
+
+    return received;
+}
+
+static void test_communication(void)
+{
+    int ret;
+
+    WSADATA wsa_data;
+    SOCKET sock;
+    struct hostent *host;
+    struct sockaddr_in addr;
+
+    SECURITY_STATUS status;
+    ULONG attrs;
+
+    SCHANNEL_CRED cred;
+    CredHandle cred_handle;
+    CtxtHandle context;
+    SecPkgCredentials_NamesA names;
+    SecPkgContext_StreamSizes sizes;
+    SecPkgContext_ConnectionInfo conn_info;
+    CERT_CONTEXT *cert;
+
+    SecBufferDesc buffers[2];
+    SecBuffer *buf;
+    unsigned buf_size = 4000;
+    unsigned char *data;
+    unsigned data_size;
+
+    if (!pAcquireCredentialsHandleA || !pFreeCredentialsHandle ||
+        !pInitializeSecurityContextA || !pDeleteSecurityContext ||
+        !pQueryContextAttributesA || !pDecryptMessage || !pEncryptMessage)
+    {
+        skip("Required secur32 functions not available\n");
+        return;
+    }
+
+    /* Create a socket and connect to www.winehq.org */
+    ret = WSAStartup(0x0202, &wsa_data);
+    if (ret)
+    {
+        skip("Can't init winsock 2.2\n");
+        return;
+    }
+
+    host = gethostbyname("www.winehq.org");
+    if (!host)
+    {
+        skip("Can't resolve www.winehq.org\n");
+        return;
+    }
+
+    addr.sin_family = host->h_addrtype;
+    addr.sin_addr = *(struct in_addr *)host->h_addr_list[0];
+    addr.sin_port = htons(443);
+    sock = socket(host->h_addrtype, SOCK_STREAM, 0);
+    if (sock == SOCKET_ERROR)
+    {
+        skip("Can't create socket\n");
+        return;
+    }
+
+    ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
+    if (ret == SOCKET_ERROR)
+    {
+        skip("Can't connect to www.winehq.org\n");
+        return;
+    }
+
+    /* Create client credentials */
+    init_cred(&cred);
+    cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
+
+    status = pAcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
+        &cred, NULL, NULL, &cred_handle, NULL);
+    ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
+    if (status != SEC_E_OK) return;
+
+    test_supported_protocols(&cred_handle, SP_PROT_SSL3_CLIENT);
+
+    /* Initialize the connection */
+    init_buffers(&buffers[0], 4, buf_size);
+    init_buffers(&buffers[1], 4, buf_size);
+
+    buffers[0].pBuffers[0].BufferType = SECBUFFER_TOKEN;
+    status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
+        ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+        0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
+    ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
+
+    buffers[1].cBuffers = 1;
+    buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
+    buffers[0].pBuffers[0].cbBuffer = 1;
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+    ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
+todo_wine
+    ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
+
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+todo_wine
+    ok(status == SEC_E_INSUFFICIENT_MEMORY || status == SEC_E_INVALID_TOKEN,
+       "Expected SEC_E_INSUFFICIENT_MEMORY or SEC_E_INVALID_TOKEN, got %08x\n", status);
+
+    buffers[0].pBuffers[0].cbBuffer = buf_size;
+
+    status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
+    ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
+
+    buf = &buffers[0].pBuffers[0];
+    send(sock, buf->pvBuffer, buf->cbBuffer, 0);
+    buf->cbBuffer = buf_size;
+
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, NULL, 0, NULL, &buffers[0], &attrs, NULL);
+    ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
+    ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
+    ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
+
+    buffers[1].cBuffers = 4;
+    buffers[1].pBuffers[0].cbBuffer = 0;
+
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+    ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
+    ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
+    ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
+
+    buf = &buffers[1].pBuffers[0];
+    buf->cbBuffer = buf_size;
+    ret = receive_data(sock, buf);
+    if (ret == -1)
+        return;
+
+    buffers[1].pBuffers[0].cbBuffer = 4;
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+    ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
+    ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
+    ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
+
+    buffers[1].pBuffers[0].cbBuffer = 5;
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+    ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
+    ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
+    ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
+
+    buffers[1].pBuffers[0].cbBuffer = ret;
+    status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+    buffers[1].pBuffers[0].cbBuffer = buf_size;
+    while (status == SEC_I_CONTINUE_NEEDED)
+    {
+        buf = &buffers[0].pBuffers[0];
+        send(sock, buf->pvBuffer, buf->cbBuffer, 0);
+        buf->cbBuffer = buf_size;
+
+        buf = &buffers[1].pBuffers[0];
+        ret = receive_data(sock, buf);
+        if (ret == -1)
+            return;
+
+        buf->BufferType = SECBUFFER_TOKEN;
+
+        status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
+            ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
+            0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
+        buffers[1].pBuffers[0].cbBuffer = buf_size;
+    }
+
+    ok(status == SEC_E_OK || broken(status == SEC_E_INVALID_TOKEN) /* WinNT */,
+        "InitializeSecurityContext failed: %08x\n", status);
+    if(status != SEC_E_OK) {
+        win_skip("Handshake failed\n");
+        return;
+    }
+
+    status = pQueryCredentialsAttributesA(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names);
+    ok(status == SEC_E_NO_CREDENTIALS || status == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", status);
+
+    status = pQueryContextAttributesA(&context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (void*)&cert);
+    ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: %08x\n", status);
+    if(status == SEC_E_OK) {
+        test_remote_cert(cert);
+        pCertFreeCertificateContext(cert);
+    }
+
+    status = pQueryContextAttributesA(&context, SECPKG_ATTR_CONNECTION_INFO, (void*)&conn_info);
+    ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08x\n", status);
+    if(status == SEC_E_OK) {
+        ok(conn_info.dwCipherStrength == 128 || conn_info.dwCipherStrength == 168,
+           "conn_info.dwCipherStrength = %d\n", conn_info.dwCipherStrength);
+        ok(conn_info.dwHashStrength >= 128, "conn_info.dwHashStrength = %d\n", conn_info.dwHashStrength);
+    }
+
+    status = pQueryContextAttributesA(&context, SECPKG_ATTR_STREAM_SIZES, &sizes);
+    ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_STREAM_SIZES) failed: %08x\n", status);
+
+    reset_buffers(&buffers[0]);
+
+    /* Send a simple request so we get data for testing DecryptMessage */
+    buf = &buffers[0].pBuffers[0];
+    data = buf->pvBuffer;
+    buf->BufferType = SECBUFFER_STREAM_HEADER;
+    buf->cbBuffer = sizes.cbHeader;
+    ++buf;
+    buf->BufferType = SECBUFFER_DATA;
+    buf->pvBuffer = data + sizes.cbHeader;
+    buf->cbBuffer = sizeof(http_request) - 1;
+    memcpy(buf->pvBuffer, http_request, sizeof(http_request) - 1);
+    ++buf;
+    buf->BufferType = SECBUFFER_STREAM_TRAILER;
+    buf->pvBuffer = data + sizes.cbHeader + sizeof(http_request) -1;
+    buf->cbBuffer = sizes.cbTrailer;
+
+    status = pEncryptMessage(&context, 0, &buffers[0], 0);
+    ok(status == SEC_E_OK, "EncryptMessage failed: %08x\n", status);
+    if (status != SEC_E_OK)
+        return;
+
+    buf = &buffers[0].pBuffers[0];
+    send(sock, buf->pvBuffer, buffers[0].pBuffers[0].cbBuffer + buffers[0].pBuffers[1].cbBuffer + buffers[0].pBuffers[2].cbBuffer, 0);
+
+    reset_buffers(&buffers[0]);
+    buf->cbBuffer = buf_size;
+    data_size = receive_data(sock, buf);
+
+    /* Too few buffers */
+    --buffers[0].cBuffers;
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
+
+    /* No data buffer */
+    ++buffers[0].cBuffers;
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
+
+    /* Two data buffers */
+    buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
+    buffers[0].pBuffers[1].BufferType = SECBUFFER_DATA;
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
+
+    /* Too few empty buffers */
+    buffers[0].pBuffers[1].BufferType = SECBUFFER_EXTRA;
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
+
+    /* Incomplete data */
+    buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
+    buffers[0].pBuffers[0].cbBuffer = (data[3]<<8) | data[4];
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_INCOMPLETE_MESSAGE, "Expected SEC_E_INCOMPLETE_MESSAGE, got %08x\n", status);
+    ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_MISSING, "Expected first buffer to be SECBUFFER_MISSING\n");
+    ok(buffers[0].pBuffers[0].cbBuffer == 5, "Expected first buffer to be a five bytes\n");
+
+    buffers[0].pBuffers[0].cbBuffer = data_size;
+    buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
+    buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
+    status = pDecryptMessage(&context, &buffers[0], 0, NULL);
+    ok(status == SEC_E_OK, "DecryptMessage failed: %08x\n", status);
+    if (status == SEC_E_OK)
+    {
+        ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
+        ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "Expected second buffer to be SECBUFFER_DATA\n");
+        ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
+
+        data = buffers[0].pBuffers[1].pvBuffer;
+        data[buffers[0].pBuffers[1].cbBuffer] = 0;
+    }
+
+    pDeleteSecurityContext(&context);
+    pFreeCredentialsHandle(&cred_handle);
+
+    free_buffers(&buffers[0]);
+    free_buffers(&buffers[1]);
+
+    closesocket(sock);
+}
+
 START_TEST(schannel)
 {
     InitFunctionPtrs();
testAcquireSecurityContext();
+    test_communication();
if(secdll)
         FreeLibrary(secdll);
Modified: trunk/rostests/winetests/secur32/secur32.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/secur32....
==============================================================================
--- trunk/rostests/winetests/secur32/secur32.c	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/secur32.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -118,7 +118,7 @@
     }
if (0) /* Crashes on Windows */
-        rc = pGetUserNameExA(NameSamCompatible, NULL, NULL);
+        pGetUserNameExA(NameSamCompatible, NULL, NULL);
size = 0;
     rc = pGetUserNameExA(NameSamCompatible, NULL, &size);
@@ -128,7 +128,7 @@
     if (0) /* Crashes on Windows with big enough size */
     {
         /* Returned size is already big enough */
-        rc = pGetUserNameExA(NameSamCompatible, NULL, &size);
+        pGetUserNameExA(NameSamCompatible, NULL, &size);
     }
size = 0;
@@ -165,7 +165,7 @@
     }
if (0) /* Crashes on Windows */
-        rc = pGetUserNameExW(NameSamCompatible, NULL, NULL);
+        pGetUserNameExW(NameSamCompatible, NULL, NULL);
size = 0;
     rc = pGetUserNameExW(NameSamCompatible, NULL, &size);
@@ -175,7 +175,7 @@
     if (0) /* Crashes on Windows with big enough size */
     {
         /* Returned size is already big enough */
-        rc = pGetUserNameExW(NameSamCompatible, NULL, &size);
+        pGetUserNameExW(NameSamCompatible, NULL, &size);
     }
size = 0;
@@ -198,14 +198,12 @@
     sftA = pInitSecurityInterfaceA();
     ok(sftA != NULL, "pInitSecurityInterfaceA failed\n");
     ok(sftA->dwVersion == SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION, "wrong dwVersion %d in security function table\n", sftA->dwVersion);
-    ok(!sftA->Reserved2 || broken(sftA->Reserved2 != NULL) /* WinME */,
+    ok(!sftA->Reserved2,
        "Reserved2 should be NULL instead of %p in security function table\n",
        sftA->Reserved2);
-    ok(sftA->Reserved3 == sftA->EncryptMessage ||
-       broken(sftA->Reserved3 != sftA->EncryptMessage) /* Win9x */,
+    ok(sftA->Reserved3 == sftA->EncryptMessage,
        "Reserved3 should be equal to EncryptMessage in the security function table\n");
-    ok(sftA->Reserved4 == sftA->DecryptMessage ||
-       broken(sftA->Reserved4 != sftA->DecryptMessage) /* Win9x */,
+    ok(sftA->Reserved4 == sftA->DecryptMessage,
        "Reserved4 should be equal to DecryptMessage in the security function table\n");
if (!pInitSecurityInterfaceW)
Modified: trunk/rostests/winetests/secur32/testlist.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/secur32/testlist...
==============================================================================
--- trunk/rostests/winetests/secur32/testlist.c	[iso-8859-1] (original)
+++ trunk/rostests/winetests/secur32/testlist.c	[iso-8859-1] Tue Apr 22 11:12:43 2014
@@ -1,21 +1,20 @@
 /* Automatically generated file; DO NOT EDIT!! */
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
+#define STANDALONE
+#include <wine/test.h>
-#define STANDALONE
-#include "wine/test.h"
-
+extern void func_main(void);
+extern void func_negotiate(void);
+extern void func_ntlm(void);
+extern void func_schannel(void);
 extern void func_secur32(void);
-extern void func_schannel(void);
-extern void func_ntlm(void);
-extern void func_main(void);
const struct test winetest_testlist[] =
 {
+    { "main", func_main },
+    { "negotiate", func_negotiate },
+    { "ntlm", func_ntlm },
+    { "schannel", func_schannel },
     { "secur32", func_secur32 },
-	{ "schannel", func_schannel },
-	{ "ntlm", func_ntlm },
-	{ "main", func_main },
     { 0, 0 }
 };

    