InitializeSecurityContext(Schannel)不更改BufferType

时间:2016-10-20 12:32:35

标签: windows sockets windows-server-2012-r2 security-context schannel

所以我有以下代码:

SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;

/* we need to try and perform the second (next) step of the init */
input_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;

SecBufferDesc input_buffers_desc;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;

output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;

SecBufferDesc output_buffers_desc;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;

unsigned long flags = ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS;
SECURITY_STATUS status = InitializeSecurityContext(&tls_io_instance->credential_handle,
                        &tls_io_instance->security_context, (SEC_CHAR*)tls_io_instance->host_name, flags, 0, 0, 
                        &input_buffers_desc, 0,
                        &tls_io_instance->security_context, &output_buffers_desc, &context_attributes, NULL);

问题是,在 Windows 8.1 Windows 10 平台上执行此代码后,input_buffers[1].BufferType设置为 4 。如果它在 Windows Server 2012 R2 上执行,input_buffers[1].BufferType会保持 0(SECBUFFER_MISSING),我最终会收到错误消息。有谁知道为什么InitializeSecurityContext (Schannel) function没有改变Windows Server上input_buffers[1]的类型?

我非常感谢您提供的任何帮助。

修改1 返回的状态在两个平台上都是相同的(-2146893032),只是在Win 8.1 / 10函数更改input_buffers[1].BufferType到4。

编辑2 在Win 8.1 / 10上,它进入本案例选项的else分支,在Win Server 2012 R2中,它进入if分支..在所有平台上状态设置为SEC_E_INCOMPLETE_MESSAGE(-2146893032)

   switch (status)
            {
            case SEC_E_INCOMPLETE_MESSAGE:
                if (input_buffers[1].BufferType != SECBUFFER_MISSING)
                {
                    tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
                    if (tls_io_instance->on_io_open_complete != NULL)
                    {
                        tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
                    }
                }
                else
                {
                    tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
                    tls_io_instance->consumed_bytes += tls_io_instance->needed_bytes;
                    if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
                    {
                        tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
                        if (tls_io_instance->on_io_open_complete != NULL)
                        {
                            tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
                        }
                    }
                }

1 个答案:

答案 0 :(得分:0)

好的,所以我联系了创建者,看起来这是他们的实用程序库代码中的一个错误,他们在utility library的Developer分支中修复了它们并且正在测试它。谢谢大家的回复!

相关问题
最新问题