secur32: Make the NTLM SSP cope with a NULL phCredential parameter when…

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when InitializeSecurityContext is called more than once.

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when…
661b4978 · Rob Shearman · Alexandre Julliard · ee47c5a2 · 661b4978 · 661b4978
Commit 661b4978 authored May 24, 2007 by Rob Shearman Committed by Alexandre Julliard May 25, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 37 deletions

ntlm.c dlls/secur32/ntlm.c +45 -35

ntlm.c dlls/secur32/tests/ntlm.c +2 -2

No files found.
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
     debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
     Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);

-    if(!phCredential)
-        return SEC_E_INVALID_HANDLE;
-
-    /* As the server side of sspi never calls this, make sure that
-     * the handler is a client handler.
-     */
-    helper = (PNegoHelper)phCredential->dwLower;
-    if(helper->mode != NTLM_CLIENT)
-    {
-        TRACE("Helper mode = %d\n", helper->mode);
-        return SEC_E_INVALID_HANDLE;
-    }
-
    /****************************************
     * When communicating with the client, there can be the
     * following reply packets:
@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
    if((phContext == NULL) && (pInput == NULL))
    {
        TRACE("First time in ISC()\n");
+
+        if(!phCredential)
+            return SEC_E_INVALID_HANDLE;
+
+        /* As the server side of sspi never calls this, make sure that
+         * the handler is a client handler.
+         */
+        helper = (PNegoHelper)phCredential->dwLower;
+        if(helper->mode != NTLM_CLIENT)
+        {
+            TRACE("Helper mode = %d\n", helper->mode);
+            return SEC_E_INVALID_HANDLE;
+        }
+
        /* Allocate space for a maximal string of 
         * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
         * NTLMSSP_FEATURE_SESSION_KEY"
@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(

        /* put the decoded client blob into the out buffer */

+        phNewContext->dwUpper = ctxt_attr;
+        phNewContext->dwLower = (ULONG_PTR)helper;
+
        ret = SEC_I_CONTINUE_NEEDED;
    }
    else
@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
            goto isc_end;
        }

+        if(!phContext)
+            return SEC_E_INVALID_HANDLE;
+
+        /* As the server side of sspi never calls this, make sure that
+         * the handler is a client handler.
+         */
+        helper = (PNegoHelper)phContext->dwLower;
+        if(helper->mode != NTLM_CLIENT)
+        {
+            TRACE("Helper mode = %d\n", helper->mode);
+            return SEC_E_INVALID_HANDLE;
+        }
+
        if (!pInput->pBuffers[0].pvBuffer)
        {
            ret = SEC_E_INTERNAL_ERROR;
@@ -752,34 +769,27 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 {
    SECURITY_STATUS ret;
+    SEC_WCHAR *target = NULL;

    TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
     debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
     Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
-    
-    if (phCredential)
-    {
-        SEC_WCHAR *target = NULL;
-        if(pszTargetName != NULL)
-        {
-            int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName, 
-                strlen(pszTargetName)+1, NULL, 0);
-            target = HeapAlloc(GetProcessHeap(), 0, target_size * 
-                    sizeof(SEC_WCHAR));
-            MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
-                target, target_size);
-        }
-        
-        ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target, 
-                fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
-                phNewContext, pOutput, pfContextAttr, ptsExpiry);
-        
-        HeapFree(GetProcessHeap(), 0, target);
-    }
-    else
+
+    if(pszTargetName != NULL)
    {
-        ret = SEC_E_INVALID_HANDLE;
+        int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
+            strlen(pszTargetName)+1, NULL, 0);
+        target = HeapAlloc(GetProcessHeap(), 0, target_size *
+                sizeof(SEC_WCHAR));
+        MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
+            target, target_size);
    }
+
+    ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
+            fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
+            phNewContext, pOutput, pfContextAttr, ptsExpiry);
+
+    HeapFree(GetProcessHeap(), 0, target);
    return ret;
 }


--- a/dlls/secur32/tests/ntlm.c
+++ b/dlls/secur32/tests/ntlm.c
@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep

    out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;

-    ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr, 
+    ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
            0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
            &ctxt_attr, &ttl);

@@ -463,7 +463,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
            ret = SEC_I_CONTINUE_NEEDED;
        else if(ret == SEC_I_COMPLETE_NEEDED)
            ret = SEC_E_OK;
-    }       
+    }

    ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
       "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);