Kai Blin : secur32: Don't try to use ntlm_auth --use-cred-cache.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: ec443be73800258f8c921ace0f15e250617e98f0
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ec443be73800258f8c921ace0f15e250617e98f0

Author: Kai Blin <kai.blin at gmail.com>
Date:   Wed May 20 11:06:05 2009 +0200

secur32: Don't try to use ntlm_auth --use-cred-cache.

If ntlm_auth actually uses the cred cache, it will not give a session key.
As the Wine NTLM code depends on the session key to do transport crypto, don't
attempt to use the winbind cred cache.

This completely reverts my attempted fix 7788c8ed and also parts of Rob's
888a8e27 and 8a2125f9. It does not affect the code using wine's own credential
cache.

---

 dlls/secur32/ntlm.c |   25 +++++++------------------
 1 files changed, 7 insertions(+), 18 deletions(-)

diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 5e2450a..2f0c5aa 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -471,7 +471,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
     if((phContext == NULL) && (pInput == NULL))
     {
         static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
-        static CHAR credentials_argv[] = "--use-cached-creds";
         SEC_CHAR *client_argv[5];
         int pwlen = 0;
 
@@ -550,10 +549,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                 }
                 username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
 
-                TRACE("using cached credentials\n");
+                FIXME("using ntlm_auth cached credentials not supported\n");
 
                 client_argv[2] = username;
-                client_argv[3] = credentials_argv;
+                client_argv[3] = NULL;
                 client_argv[4] = NULL;
             }
         }
@@ -645,8 +644,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
         if(fContextReq & ISC_REQ_DELEGATE)
             ctxt_attr |= ISC_RET_DELEGATE;
 
-        /* If no password is given, try to use cached credentials. Fall back to an empty
-         * password if this failed. */
+        /* If no password is given, use an empty password instead. This is the
+         * SMB way to do "anonymous" authentication. */
         if(!password && !ntlm_cred->password)
         {
             lstrcpynA(buffer, "OK", max_len-1);
@@ -655,25 +654,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                 cleanup_helper(helper);
                 goto isc_end;
             }
-            /* If the helper replied with "PW", using cached credentials failed */
+            /* If the helper replied with "PW", give an empty password. */
             if(!strncmp(buffer, "PW", 2))
             {
                 TRACE("Using cached credentials failed.\n");
-                ret = SEC_E_NO_CREDENTIALS;
-                goto isc_end;
+                lstrcpynA(buffer, "PW AA==", max_len-1);
             }
             else
             {
-                /* Some versions of Samba have a broken ntlm_auth that can
-                 * return "BH" here. Catch this and abort. */
-                if(!strncmp(buffer, "BH", 2))
-                {
-                    ERR("ntlm_auth replied 'BH'. This should not happen. "
-                        "Please fix your ntlm_auth install and try again.\n");
-                    ret = SEC_E_INTERNAL_ERROR;
-                    goto isc_end;
-                }
-                /* Otherwise, just do a noop on the next run */
+                /* Just do a noop on the next run */
                 lstrcpynA(buffer, "OK", max_len-1);
             }
         }