Commit 661b4978 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when…

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when InitializeSecurityContext is called more than once.
parent ee47c5a2
......@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if(!phCredential)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phCredential->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
/****************************************
* When communicating with the client, there can be the
* following reply packets:
......@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if((phContext == NULL) && (pInput == NULL))
{
TRACE("First time in ISC()\n");
if(!phCredential)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phCredential->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
/* Allocate space for a maximal string of
* "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
* NTLMSSP_FEATURE_SESSION_KEY"
......@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
/* put the decoded client blob into the out buffer */
phNewContext->dwUpper = ctxt_attr;
phNewContext->dwLower = (ULONG_PTR)helper;
ret = SEC_I_CONTINUE_NEEDED;
}
else
......@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
goto isc_end;
}
if(!phContext)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phContext->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
if (!pInput->pBuffers[0].pvBuffer)
{
ret = SEC_E_INTERNAL_ERROR;
......@@ -752,34 +769,27 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS ret;
SEC_WCHAR *target = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (phCredential)
{
SEC_WCHAR *target = NULL;
if(pszTargetName != NULL)
{
int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
strlen(pszTargetName)+1, NULL, 0);
target = HeapAlloc(GetProcessHeap(), 0, target_size *
sizeof(SEC_WCHAR));
MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
target, target_size);
}
ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry);
HeapFree(GetProcessHeap(), 0, target);
}
else
if(pszTargetName != NULL)
{
ret = SEC_E_INVALID_HANDLE;
int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
strlen(pszTargetName)+1, NULL, 0);
target = HeapAlloc(GetProcessHeap(), 0, target_size *
sizeof(SEC_WCHAR));
MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
target, target_size);
}
ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry);
HeapFree(GetProcessHeap(), 0, target);
return ret;
}
......
......@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr,
ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
&ctxt_attr, &ttl);
......@@ -463,7 +463,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
ret = SEC_I_CONTINUE_NEEDED;
else if(ret == SEC_I_COMPLETE_NEEDED)
ret = SEC_E_OK;
}
}
ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
"InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment