InitializeSecurityContext (Schannel) 不改变 BufferType
InitializeSecurityContext (Schannel) not changing BufferType
所以我有以下代码:
SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;
/* we need to try and perform the second (next) step of the init */
input_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;
SecBufferDesc input_buffers_desc;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;
output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;
SecBufferDesc output_buffers_desc;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;
unsigned long flags = ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS;
SECURITY_STATUS status = InitializeSecurityContext(&tls_io_instance->credential_handle,
&tls_io_instance->security_context, (SEC_CHAR*)tls_io_instance->host_name, flags, 0, 0,
&input_buffers_desc, 0,
&tls_io_instance->security_context, &output_buffers_desc, &context_attributes, NULL);
问题是,此代码在 Windows 8.1 或 Windows 10 平台上执行后,input_buffers[1].BufferType 设置为 4。如果它在 Windows Server 2012 R2 上执行,input_buffers[1].BufferType 保持 0 (SECBUFFER_MISSING) 并且我最终出错了。有谁知道为什么 InitializeSecurityContext (Schannel) function 没有改变 Windows 服务器上 input_buffers[1] 的类型?
非常感谢您提供的任何帮助。
编辑 1
返回的状态在两个平台上相同 (-2146893032),只是在 Win 8.1/10 上函数将 input_buffers[1].BufferType 更改为 4.
编辑 2
在 Win 8.1/10 上,它进入此案例选项的 else 分支,而在 Win Server 2012 R2 中,它进入 if 分支。在所有平台上,状态设置为 SEC_E_INCOMPLETE_MESSAGE (-2146893032)
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (input_buffers[1].BufferType != SECBUFFER_MISSING)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
tls_io_instance->consumed_bytes += tls_io_instance->needed_bytes;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
}
好的,所以我联系了创作者,这似乎是他们实用程序库代码中的错误,他们在 utility library 的开发人员分支中修复了它,并且他们正在测试它。谢谢大家的回复!
所以我有以下代码:
SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;
/* we need to try and perform the second (next) step of the init */
input_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;
SecBufferDesc input_buffers_desc;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;
output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;
SecBufferDesc output_buffers_desc;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;
unsigned long flags = ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS;
SECURITY_STATUS status = InitializeSecurityContext(&tls_io_instance->credential_handle,
&tls_io_instance->security_context, (SEC_CHAR*)tls_io_instance->host_name, flags, 0, 0,
&input_buffers_desc, 0,
&tls_io_instance->security_context, &output_buffers_desc, &context_attributes, NULL);
问题是,此代码在 Windows 8.1 或 Windows 10 平台上执行后,input_buffers[1].BufferType 设置为 4。如果它在 Windows Server 2012 R2 上执行,input_buffers[1].BufferType 保持 0 (SECBUFFER_MISSING) 并且我最终出错了。有谁知道为什么 InitializeSecurityContext (Schannel) function 没有改变 Windows 服务器上 input_buffers[1] 的类型?
非常感谢您提供的任何帮助。
编辑 1
返回的状态在两个平台上相同 (-2146893032),只是在 Win 8.1/10 上函数将 input_buffers[1].BufferType 更改为 4.
编辑 2 在 Win 8.1/10 上,它进入此案例选项的 else 分支,而在 Win Server 2012 R2 中,它进入 if 分支。在所有平台上,状态设置为 SEC_E_INCOMPLETE_MESSAGE (-2146893032)
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (input_buffers[1].BufferType != SECBUFFER_MISSING)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
tls_io_instance->consumed_bytes += tls_io_instance->needed_bytes;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
}
好的,所以我联系了创作者,这似乎是他们实用程序库代码中的错误,他们在 utility library 的开发人员分支中修复了它,并且他们正在测试它。谢谢大家的回复!