Rob Shearman : secur32:
Make the NTLM SSP cope with a NULL phCredential parameter when
InitializeSecurityContext is called more than once .
Alexandre Julliard
julliard at wine.codeweavers.com
Fri May 25 14:43:39 CDT 2007
Module: wine
Branch: master
Commit: 661b49785e3e6c523004dc8e719be721857eb193
URL: http://source.winehq.org/git/wine.git/?a=commit;h=661b49785e3e6c523004dc8e719be721857eb193
Author: Rob Shearman <rob at codeweavers.com>
Date: Thu May 24 20:03:32 2007 +0100
secur32: Make the NTLM SSP cope with a NULL phCredential parameter when InitializeSecurityContext is called more than once.
---
dlls/secur32/ntlm.c | 80 +++++++++++++++++++++++++-------------------
dlls/secur32/tests/ntlm.c | 4 +-
2 files changed, 47 insertions(+), 37 deletions(-)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 6768bab..5da4488 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -390,19 +390,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
- if(!phCredential)
- return SEC_E_INVALID_HANDLE;
-
- /* As the server side of sspi never calls this, make sure that
- * the handler is a client handler.
- */
- helper = (PNegoHelper)phCredential->dwLower;
- if(helper->mode != NTLM_CLIENT)
- {
- TRACE("Helper mode = %d\n", helper->mode);
- return SEC_E_INVALID_HANDLE;
- }
-
/****************************************
* When communicating with the client, there can be the
* following reply packets:
@@ -432,6 +419,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if((phContext == NULL) && (pInput == NULL))
{
TRACE("First time in ISC()\n");
+
+ if(!phCredential)
+ return SEC_E_INVALID_HANDLE;
+
+ /* As the server side of sspi never calls this, make sure that
+ * the handler is a client handler.
+ */
+ helper = (PNegoHelper)phCredential->dwLower;
+ if(helper->mode != NTLM_CLIENT)
+ {
+ TRACE("Helper mode = %d\n", helper->mode);
+ return SEC_E_INVALID_HANDLE;
+ }
+
/* Allocate space for a maximal string of
* "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
* NTLMSSP_FEATURE_SESSION_KEY"
@@ -548,6 +549,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
/* put the decoded client blob into the out buffer */
+ phNewContext->dwUpper = ctxt_attr;
+ phNewContext->dwLower = (ULONG_PTR)helper;
+
ret = SEC_I_CONTINUE_NEEDED;
}
else
@@ -560,6 +564,19 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
goto isc_end;
}
+ if(!phContext)
+ return SEC_E_INVALID_HANDLE;
+
+ /* As the server side of sspi never calls this, make sure that
+ * the handler is a client handler.
+ */
+ helper = (PNegoHelper)phContext->dwLower;
+ if(helper->mode != NTLM_CLIENT)
+ {
+ TRACE("Helper mode = %d\n", helper->mode);
+ return SEC_E_INVALID_HANDLE;
+ }
+
if (!pInput->pBuffers[0].pvBuffer)
{
ret = SEC_E_INTERNAL_ERROR;
@@ -752,34 +769,27 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS ret;
+ SEC_WCHAR *target = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
-
- if (phCredential)
- {
- SEC_WCHAR *target = NULL;
- if(pszTargetName != NULL)
- {
- int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
- strlen(pszTargetName)+1, NULL, 0);
- target = HeapAlloc(GetProcessHeap(), 0, target_size *
- sizeof(SEC_WCHAR));
- MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
- target, target_size);
- }
-
- ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
- fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
- phNewContext, pOutput, pfContextAttr, ptsExpiry);
-
- HeapFree(GetProcessHeap(), 0, target);
- }
- else
+
+ if(pszTargetName != NULL)
{
- ret = SEC_E_INVALID_HANDLE;
+ int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
+ strlen(pszTargetName)+1, NULL, 0);
+ target = HeapAlloc(GetProcessHeap(), 0, target_size *
+ sizeof(SEC_WCHAR));
+ MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
+ target, target_size);
}
+
+ ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
+ fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
+ phNewContext, pOutput, pfContextAttr, ptsExpiry);
+
+ HeapFree(GetProcessHeap(), 0, target);
return ret;
}
diff --git a/dlls/secur32/tests/ntlm.c b/dlls/secur32/tests/ntlm.c
index 9163f88..6b8f5a8 100644
--- a/dlls/secur32/tests/ntlm.c
+++ b/dlls/secur32/tests/ntlm.c
@@ -452,7 +452,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
out_buf->pBuffers[0].cbBuffer = sspi_data->max_token;
- ret = pInitializeSecurityContextA(sspi_data->cred, first?NULL:sspi_data->ctxt, NULL, req_attr,
+ ret = pInitializeSecurityContextA(first?sspi_data->cred:NULL, first?NULL:sspi_data->ctxt, NULL, req_attr,
0, data_rep, first?NULL:in_buf, 0, sspi_data->ctxt, out_buf,
&ctxt_attr, &ttl);
@@ -463,7 +463,7 @@ static SECURITY_STATUS runClient(SspiData *sspi_data, BOOL first, ULONG data_rep
ret = SEC_I_CONTINUE_NEEDED;
else if(ret == SEC_I_COMPLETE_NEEDED)
ret = SEC_E_OK;
- }
+ }
ok(out_buf->pBuffers[0].cbBuffer < sspi_data->max_token,
"InitializeSecurityContext set buffer size to %lu\n", out_buf->pBuffers[0].cbBuffer);
More information about the wine-cvs
mailing list