Dmitry Timoshkov : kerberos: Calling InitializeSecurityContext without a token buffer is not an error.

Alexandre Julliard julliard at winehq.org
Mon Feb 5 16:48:26 CST 2018 

Module: wine
Branch: master
Commit: b8f0649851f5ed59b7a333f0e915be1b786fc5c5
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=b8f0649851f5ed59b7a333f0e915be1b786fc5c5

Author: Dmitry Timoshkov <dmitry at baikal.ru>
Date:   Mon Feb  5 12:49:16 2018 +0800

kerberos: Calling InitializeSecurityContext without a token buffer is not an error.

This patch makes Kerberos Authentication Tester work with https and dotnet40.
Apparently that's a dotnet40 quirk that it passes not NULL input buffers
but doesn't mark any of buffers as a token, dotnet20 passes NULL input.

Note, that in order to make version 2.0 applications work (Kerberos
Authentication Tester is such an application) with dotnet40+ one
needs to add to the registry key
[Software\\Microsoft\\.NETFramework]
"OnlyUseLatestCLR"=dword:00000001

Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/kerberos/krb5_ap.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index 8b5b612..1bba926 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -913,9 +913,13 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
     if (!input) input_token.length = 0;
     else
     {
-        if ((idx = get_buffer_index( input, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
-        input_token.length = input->pBuffers[idx].cbBuffer;
-        input_token.value  = input->pBuffers[idx].pvBuffer;
+        if ((idx = get_buffer_index( input, SECBUFFER_TOKEN )) == -1)
+            input_token.length = 0;
+        else
+        {
+            input_token.length = input->pBuffers[idx].cbBuffer;
+            input_token.value  = input->pBuffers[idx].pvBuffer;
+        }
     }
 
     if ((idx = get_buffer_index( output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;

More information about the wine-cvs mailing list