secur32: Make the NTLM SSP cope with a NULL phCredential parameter when…

dlls/secur32/ntlm.c

@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
      debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
      Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 
-    if(!phCredential)
-        return SEC_E_INVALID_HANDLE;
-
-    /* As the server side of sspi never calls this, make sure that
-     * the handler is a client handler.
-     */
-    helper = (PNegoHelper)phCredential->dwLower;
-    if(helper->mode != NTLM_CLIENT)
-    {
-        TRACE("Helper mode = %d\n", helper->mode);
-        return SEC_E_INVALID_HANDLE;
-    }
-
     /****************************************
      * When communicating with the client, there can be the
      * following reply packets:
@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
     if((phContext == NULL) && (pInput == NULL))
     {
         TRACE("First time in ISC()\n");
+
+        if(!phCredential)
+            return SEC_E_INVALID_HANDLE;
+
+        /* As the server side of sspi never calls this, make sure that
+         * the handler is a client handler.
+         */
+        helper = (PNegoHelper)phCredential->dwLower;
+        if(helper->mode != NTLM_CLIENT)
+        {
+            TRACE("Helper mode = %d\n", helper->mode);
+            return SEC_E_INVALID_HANDLE;
+        }
+
         /* Allocate space for a maximal string of 
          * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
          * NTLMSSP_FEATURE_SESSION_KEY"
@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
 
         /* put the decoded client blob into the out buffer */
 
+        phNewContext->dwUpper = ctxt_attr;
+        phNewContext->dwLower = (ULONG_PTR)helper;
+
         ret = SEC_I_CONTINUE_NEEDED;
     }
     else
@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
             goto isc_end;
         }
 
+        if(!phContext)
+            return SEC_E_INVALID_HANDLE;
+
+        /* As the server side of sspi never calls this, make sure that
+         * the handler is a client handler.
+         */
+        helper = (PNegoHelper)phContext->dwLower;
+        if(helper->mode != NTLM_CLIENT)
+        {
+            TRACE("Helper mode = %d\n", helper->mode);
+            return SEC_E_INVALID_HANDLE;
+        }
+
         if (!pInput->pBuffers[0].pvBuffer)
         {
             ret = SEC_E_INTERNAL_ERROR;
@@ -752,14 +769,12 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
  PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 {
     SECURITY_STATUS ret;
+    SEC_WCHAR *target = NULL;
 
     TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
      debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
      Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 
-    if (phCredential)
-    {
-        SEC_WCHAR *target = NULL;
     if(pszTargetName != NULL)
     {
         int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
@@ -775,11 +790,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
             phNewContext, pOutput, pfContextAttr, ptsExpiry);
 
     HeapFree(GetProcessHeap(), 0, target);
-    }
-    else
-    {
-        ret = SEC_E_INVALID_HANDLE;
-    }
     return ret;
 }
 

dlls/secur32/tests/ntlm.c

@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
 
     out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
 
-    ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr, 
+    ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
             0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
             &ctxt_attr, &ttl);