From: Hans Leidekker hans@codeweavers.com
This enables fallback to NTLM if we can acquire a Kerberos credential handle but fail to initialize a context. --- dlls/secur32/negotiate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/dlls/secur32/negotiate.c b/dlls/secur32/negotiate.c index 11826af8043..cc2e6b67de6 100644 --- a/dlls/secur32/negotiate.c +++ b/dlls/secur32/negotiate.c @@ -238,9 +238,15 @@ static NTSTATUS NTAPI nego_SpInitLsaModeContext( LSA_SEC_HANDLE credential, LSA_ if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && new_context) { ctxt->ntlm = NULL; + ctxt->user_ntlm = NULL; *new_context = (LSA_SEC_HANDLE)ctxt; if (new_ctxt == ctxt) new_ctxt = NULL; } + else + { + ctxt->krb = NULL; + ctxt->user_krb = NULL; + } }
if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm) @@ -251,6 +257,7 @@ static NTSTATUS NTAPI nego_SpInitLsaModeContext( LSA_SEC_HANDLE credential, LSA_ if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && new_context) { ctxt->krb = NULL; + ctxt->user_krb = NULL; *new_context = (LSA_SEC_HANDLE)ctxt; if (new_ctxt == ctxt) new_ctxt = NULL; } @@ -294,9 +301,15 @@ static NTSTATUS NTAPI nego_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential, LS if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && new_context) { ctxt->ntlm = NULL; + ctxt->user_ntlm = NULL; *new_context = (LSA_SEC_HANDLE)ctxt; if (new_ctxt == ctxt) new_ctxt = NULL; } + else + { + ctxt->krb = NULL; + ctxt->user_krb = NULL; + } }
if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm) @@ -308,6 +321,7 @@ static NTSTATUS NTAPI nego_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential, LS if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && new_context) { ctxt->krb = NULL; + ctxt->user_krb = NULL; *new_context = (LSA_SEC_HANDLE)ctxt; if (new_ctxt == ctxt) new_ctxt = NULL; }