Kai Blin : secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0. 28a being broken for cached credentials".

Wed Aug 12 11:08:56 CDT 2009

Module: wine
Branch: master
Commit: e6ac20e8146b6cd2e7f4e244924384fd41f3adfa
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=e6ac20e8146b6cd2e7f4e244924384fd41f3adfa

Author: Kai Blin <kai.blin at gmail.com>
Date:   Tue Aug 11 22:08:02 2009 +0200

secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials".

This reverts commit 7788c8ed0d84be2537280c188fb07fb7118b3883, as well
as commit ec443be73800258f8c921ace0f15e250617e98f0. Due to erroneous
user input, these commits actually broke more than they fixed.

---

 dlls/secur32/ntlm.c |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 2f0c5aa..7e44dd7 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -471,6 +471,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
     if((phContext == NULL) && (pInput == NULL))
     {
         static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
+        static CHAR credentials_argv[] = "--use-cached-creds";
         SEC_CHAR *client_argv[5];
         int pwlen = 0;
 
@@ -549,10 +550,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                 }
                 username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
 
-                FIXME("using ntlm_auth cached credentials not supported\n");
+                TRACE("using cached credentials\n");
 
                 client_argv[2] = username;
-                client_argv[3] = NULL;
+                client_argv[3] = credentials_argv;
                 client_argv[4] = NULL;
             }
         }
@@ -644,8 +645,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
         if(fContextReq & ISC_REQ_DELEGATE)
             ctxt_attr |= ISC_RET_DELEGATE;
 
-        /* If no password is given, use an empty password instead. This is the
-         * SMB way to do "anonymous" authentication. */
+        /* If no password is given, try to use cached credentials. Fall back to an empty
+         * password if this failed. */
         if(!password && !ntlm_cred->password)
         {
             lstrcpynA(buffer, "OK", max_len-1);
@@ -654,17 +655,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                 cleanup_helper(helper);
                 goto isc_end;
             }
-            /* If the helper replied with "PW", give an empty password. */
+            /* If the helper replied with "PW", using cached credentials failed */
             if(!strncmp(buffer, "PW", 2))
             {
                 TRACE("Using cached credentials failed.\n");
-                lstrcpynA(buffer, "PW AA==", max_len-1);
+                ret = SEC_E_NO_CREDENTIALS;
+                goto isc_end;
             }
-            else
-            {
-                /* Just do a noop on the next run */
+            else /* Just do a noop on the next run */
                 lstrcpynA(buffer, "OK", max_len-1);
-            }
         }
         else
         {


