secur32: Don't try to use ntlm_auth --use-cred-cache.

If ntlm_auth actually uses the cred cache, it will not give a session key.
As the Wine NTLM code depends on the session key to do transport crypto, don't
attempt to use the winbind cred cache.

This completely reverts my attempted fix 7788c8ed and also parts of Rob's
888a8e27 and 8a2125f9. It does not affect the code using wine's own credential
cache.
This commit is contained in:
Kai Blin 2009-05-20 11:06:05 +02:00 committed by Alexandre Julliard
parent 1d362c90a4
commit ec443be738
1 changed files with 7 additions and 18 deletions

View File

@ -471,7 +471,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if((phContext == NULL) && (pInput == NULL)) if((phContext == NULL) && (pInput == NULL))
{ {
static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1"; static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
static CHAR credentials_argv[] = "--use-cached-creds";
SEC_CHAR *client_argv[5]; SEC_CHAR *client_argv[5];
int pwlen = 0; int pwlen = 0;
@ -550,10 +549,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
} }
username = ntlm_GetUsernameArg(ui->wkui1_username, -1); username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
TRACE("using cached credentials\n"); FIXME("using ntlm_auth cached credentials not supported\n");
client_argv[2] = username; client_argv[2] = username;
client_argv[3] = credentials_argv; client_argv[3] = NULL;
client_argv[4] = NULL; client_argv[4] = NULL;
} }
} }
@ -645,8 +644,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if(fContextReq & ISC_REQ_DELEGATE) if(fContextReq & ISC_REQ_DELEGATE)
ctxt_attr |= ISC_RET_DELEGATE; ctxt_attr |= ISC_RET_DELEGATE;
/* If no password is given, try to use cached credentials. Fall back to an empty /* If no password is given, use an empty password instead. This is the
* password if this failed. */ * SMB way to do "anonymous" authentication. */
if(!password && !ntlm_cred->password) if(!password && !ntlm_cred->password)
{ {
lstrcpynA(buffer, "OK", max_len-1); lstrcpynA(buffer, "OK", max_len-1);
@ -655,25 +654,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
cleanup_helper(helper); cleanup_helper(helper);
goto isc_end; goto isc_end;
} }
/* If the helper replied with "PW", using cached credentials failed */ /* If the helper replied with "PW", give an empty password. */
if(!strncmp(buffer, "PW", 2)) if(!strncmp(buffer, "PW", 2))
{ {
TRACE("Using cached credentials failed.\n"); TRACE("Using cached credentials failed.\n");
ret = SEC_E_NO_CREDENTIALS; lstrcpynA(buffer, "PW AA==", max_len-1);
goto isc_end;
} }
else else
{ {
/* Some versions of Samba have a broken ntlm_auth that can /* Just do a noop on the next run */
* return "BH" here. Catch this and abort. */
if(!strncmp(buffer, "BH", 2))
{
ERR("ntlm_auth replied 'BH'. This should not happen. "
"Please fix your ntlm_auth install and try again.\n");
ret = SEC_E_INTERNAL_ERROR;
goto isc_end;
}
/* Otherwise, just do a noop on the next run */
lstrcpynA(buffer, "OK", max_len-1); lstrcpynA(buffer, "OK", max_len-1);
} }
} }