secur32: Don't try to use ntlm_auth --use-cred-cache.
If ntlm_auth actually uses the cred cache, it will not give a session key. As the Wine NTLM code depends on the session key to do transport crypto, don't attempt to use the winbind cred cache. This completely reverts my attempted fix7788c8ed
and also parts of Rob's888a8e27
and8a2125f9
. It does not affect the code using wine's own credential cache.
This commit is contained in:
parent
1d362c90a4
commit
ec443be738
|
@ -471,7 +471,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||||
if((phContext == NULL) && (pInput == NULL))
|
if((phContext == NULL) && (pInput == NULL))
|
||||||
{
|
{
|
||||||
static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
|
static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
|
||||||
static CHAR credentials_argv[] = "--use-cached-creds";
|
|
||||||
SEC_CHAR *client_argv[5];
|
SEC_CHAR *client_argv[5];
|
||||||
int pwlen = 0;
|
int pwlen = 0;
|
||||||
|
|
||||||
|
@ -550,10 +549,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||||
}
|
}
|
||||||
username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
|
username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
|
||||||
|
|
||||||
TRACE("using cached credentials\n");
|
FIXME("using ntlm_auth cached credentials not supported\n");
|
||||||
|
|
||||||
client_argv[2] = username;
|
client_argv[2] = username;
|
||||||
client_argv[3] = credentials_argv;
|
client_argv[3] = NULL;
|
||||||
client_argv[4] = NULL;
|
client_argv[4] = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -645,8 +644,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||||
if(fContextReq & ISC_REQ_DELEGATE)
|
if(fContextReq & ISC_REQ_DELEGATE)
|
||||||
ctxt_attr |= ISC_RET_DELEGATE;
|
ctxt_attr |= ISC_RET_DELEGATE;
|
||||||
|
|
||||||
/* If no password is given, try to use cached credentials. Fall back to an empty
|
/* If no password is given, use an empty password instead. This is the
|
||||||
* password if this failed. */
|
* SMB way to do "anonymous" authentication. */
|
||||||
if(!password && !ntlm_cred->password)
|
if(!password && !ntlm_cred->password)
|
||||||
{
|
{
|
||||||
lstrcpynA(buffer, "OK", max_len-1);
|
lstrcpynA(buffer, "OK", max_len-1);
|
||||||
|
@ -655,25 +654,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||||
cleanup_helper(helper);
|
cleanup_helper(helper);
|
||||||
goto isc_end;
|
goto isc_end;
|
||||||
}
|
}
|
||||||
/* If the helper replied with "PW", using cached credentials failed */
|
/* If the helper replied with "PW", give an empty password. */
|
||||||
if(!strncmp(buffer, "PW", 2))
|
if(!strncmp(buffer, "PW", 2))
|
||||||
{
|
{
|
||||||
TRACE("Using cached credentials failed.\n");
|
TRACE("Using cached credentials failed.\n");
|
||||||
ret = SEC_E_NO_CREDENTIALS;
|
lstrcpynA(buffer, "PW AA==", max_len-1);
|
||||||
goto isc_end;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Some versions of Samba have a broken ntlm_auth that can
|
/* Just do a noop on the next run */
|
||||||
* return "BH" here. Catch this and abort. */
|
|
||||||
if(!strncmp(buffer, "BH", 2))
|
|
||||||
{
|
|
||||||
ERR("ntlm_auth replied 'BH'. This should not happen. "
|
|
||||||
"Please fix your ntlm_auth install and try again.\n");
|
|
||||||
ret = SEC_E_INTERNAL_ERROR;
|
|
||||||
goto isc_end;
|
|
||||||
}
|
|
||||||
/* Otherwise, just do a noop on the next run */
|
|
||||||
lstrcpynA(buffer, "OK", max_len-1);
|
lstrcpynA(buffer, "OK", max_len-1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue