Commit 661b4978 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when…

secur32: Make the NTLM SSP cope with a NULL phCredential parameter when InitializeSecurityContext is called more than once.
parent ee47c5a2
...@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput, debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if(!phCredential)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phCredential->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
/**************************************** /****************************************
* When communicating with the client, there can be the * When communicating with the client, there can be the
* following reply packets: * following reply packets:
...@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if((phContext == NULL) && (pInput == NULL)) if((phContext == NULL) && (pInput == NULL))
{ {
TRACE("First time in ISC()\n"); TRACE("First time in ISC()\n");
if(!phCredential)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phCredential->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
/* Allocate space for a maximal string of /* Allocate space for a maximal string of
* "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
* NTLMSSP_FEATURE_SESSION_KEY" * NTLMSSP_FEATURE_SESSION_KEY"
...@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
/* put the decoded client blob into the out buffer */ /* put the decoded client blob into the out buffer */
phNewContext->dwUpper = ctxt_attr;
phNewContext->dwLower = (ULONG_PTR)helper;
ret = SEC_I_CONTINUE_NEEDED; ret = SEC_I_CONTINUE_NEEDED;
} }
else else
...@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
goto isc_end; goto isc_end;
} }
if(!phContext)
return SEC_E_INVALID_HANDLE;
/* As the server side of sspi never calls this, make sure that
* the handler is a client handler.
*/
helper = (PNegoHelper)phContext->dwLower;
if(helper->mode != NTLM_CLIENT)
{
TRACE("Helper mode = %d\n", helper->mode);
return SEC_E_INVALID_HANDLE;
}
if (!pInput->pBuffers[0].pvBuffer) if (!pInput->pBuffers[0].pvBuffer)
{ {
ret = SEC_E_INTERNAL_ERROR; ret = SEC_E_INTERNAL_ERROR;
...@@ -752,34 +769,27 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA( ...@@ -752,34 +769,27 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret;
SEC_WCHAR *target = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput, debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (phCredential) if(pszTargetName != NULL)
{
SEC_WCHAR *target = NULL;
if(pszTargetName != NULL)
{
int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
strlen(pszTargetName)+1, NULL, 0);
target = HeapAlloc(GetProcessHeap(), 0, target_size *
sizeof(SEC_WCHAR));
MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
target, target_size);
}
ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry);
HeapFree(GetProcessHeap(), 0, target);
}
else
{ {
ret = SEC_E_INVALID_HANDLE; int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
strlen(pszTargetName)+1, NULL, 0);
target = HeapAlloc(GetProcessHeap(), 0, target_size *
sizeof(SEC_WCHAR));
MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
target, target_size);
} }
ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry);
HeapFree(GetProcessHeap(), 0, target);
return ret; return ret;
} }
......
...@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep ...@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
out_buf->pBuffers[0].cbBuffer = sspi_data->max_token; out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr, ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf, 0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
&ctxt_attr, &ttl); &ctxt_attr, &ttl);
...@@ -463,7 +463,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep ...@@ -463,7 +463,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
ret = SEC_I_CONTINUE_NEEDED; ret = SEC_I_CONTINUE_NEEDED;
else if(ret == SEC_I_COMPLETE_NEEDED) else if(ret == SEC_I_COMPLETE_NEEDED)
ret = SEC_E_OK; ret = SEC_E_OK;
} }
ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token, ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
"InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer); "InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment