secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken…

secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials". This reverts commit 7788c8ed, as well as commit ec443be7. Due to erroneous user input, these commits actually broke more than they fixed.

secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken…
e6ac20e8 · Kai Blin · Alexandre Julliard · dfb2b429 · e6ac20e8
Commit e6ac20e8 authored Aug 11, 2009 by Kai Blin Committed by Alexandre Julliard Aug 12, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 10 deletions

ntlm.c dlls/secur32/ntlm.c +9 -10

No files found.
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -471,6 +471,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
    if((phContext == NULL) && (pInput == NULL))
    {
        static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
+        static CHAR credentials_argv[] = "--use-cached-creds";
        SEC_CHAR *client_argv[5];
        int pwlen = 0;

@@ -549,10 +550,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                }
                username = ntlm_GetUsernameArg(ui->wkui1_username, -1);

-                FIXME("using ntlm_auth cached credentials not supported\n");
+                TRACE("using cached credentials\n");

                client_argv[2] = username;
-                client_argv[3] = NULL;
+                client_argv[3] = credentials_argv;
                client_argv[4] = NULL;
            }
        }
@@ -644,8 +645,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
        if(fContextReq & ISC_REQ_DELEGATE)
            ctxt_attr |= ISC_RET_DELEGATE;

-        /* If no password is given, use an empty password instead. This is the
-         * SMB way to do "anonymous" authentication. */
+        /* If no password is given, try to use cached credentials. Fall back to an empty
+         * password if this failed. */
        if(!password && !ntlm_cred->password)
        {
            lstrcpynA(buffer, "OK", max_len-1);
@@ -654,17 +655,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
                cleanup_helper(helper);
                goto isc_end;
            }
-            /* If the helper replied with "PW", give an empty password. */
+            /* If the helper replied with "PW", using cached credentials failed */
            if(!strncmp(buffer, "PW", 2))
            {
                TRACE("Using cached credentials failed.\n");
-                lstrcpynA(buffer, "PW AA==", max_len-1);
+                ret = SEC_E_NO_CREDENTIALS;
+                goto isc_end;
            }
-            else
-            {
-                /* Just do a noop on the next run */
+            else /* Just do a noop on the next run */
                lstrcpynA(buffer, "OK", max_len-1);
-            }
        }
        else
        {