On Thu, 2018-01-18 at 23:54 +0800, Dmitry Timoshkov wrote:
diff --git a/dlls/secur32/negotiate.c b/dlls/secur32/negotiate.c index bf16258fc2..c7ab97ef79 100644 --- a/dlls/secur32/negotiate.c +++ b/dlls/secur32/negotiate.c @@ -62,20 +62,41 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW( PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry ) { static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
- static SEC_WCHAR kerberosW[] = {'K','e','r','b','e','r','o','s',0};
SECURITY_STATUS ret;
- SecurePackage *package;
- CredHandle myCred;
TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
- FIXME("forwarding to NTLM\n");
- ret = ntlm_AcquireCredentialsHandleW( pszPrincipal, ntlmW, fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument,phCredential, ptsExpiry );
- if (!pszPackage)
return SEC_E_SECPKG_NOT_FOUND;- package = SECUR32_findPackageW(kerberosW);
- if (!package || !package->provider)
- {
package = SECUR32_findPackageW(ntlmW);if (!package || !package->provider)return SEC_E_SECPKG_NOT_FOUND;- }
For inbound credentials you can't decide at this point whether Kerberos or NTLM will be used, it has to be done when AcceptSecurityContext is called.
- if (!package->provider->fnTableW.AcquireCredentialsHandleW)
- {
FIXME("Package doesn't support this API\n");return SEC_E_UNSUPPORTED_FUNCTION;- }
- ret = package->provider->fnTableW.AcquireCredentialsHandleW(
pszPrincipal, package->infoW.Name, fCredentialUse, pLogonID,pAuthData, pGetKeyFn, pGetKeyArgument, &myCred,ptsExpiry);if (ret == SEC_E_OK) {
NtlmCredentials *cred = (NtlmCredentials *)phCredential->dwLower;cred->no_cached_credentials = (pAuthData == NULL);
[..]
--- a/dlls/secur32/ntlm.c +++ b/dlls/secur32/ntlm.c @@ -151,7 +151,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW( ntlm_cred->domain_arg = NULL; ntlm_cred->password = NULL; ntlm_cred->pwlen = 0;
ntlm_cred->no_cached_credentials = 0;
ntlm_cred->no_cached_credentials = (pAuthData == NULL);
This will break NTLM. no_cached_credentials should only be set when NTLM is called from Negotiate.