Module: wine Branch: master Commit: 72ffc3fad96478ee7565cd03aebfe5ebf6b93064 URL: http://source.winehq.org/git/wine.git/?a=commit;h=72ffc3fad96478ee7565cd03ae...
Author: Rob Shearman rob@codeweavers.com Date: Fri Jan 25 14:05:31 2008 +0000
secur32: Move the detection of NULL credentials from AcquireCredentialsHandle to InitializeSecurityContext.
Only use cached credentials if the credentials were NULL. Don't pass a domain into ntlm_auth when using cached credentials as ntlm_auth/winbindd should be able to figure that out.
---
dlls/secur32/ntlm.c | 131 ++++++++++++++++++++++++-------------------------- 1 files changed, 63 insertions(+), 68 deletions(-)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c index 3dbdd83..7cb83ec 100644 --- a/dlls/secur32/ntlm.c +++ b/dlls/secur32/ntlm.c @@ -133,50 +133,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW( static const char domain_arg[] = "--domain="; int unixcp_size;
- if(pAuthData == NULL) - { - LPWKSTA_USER_INFO_1 ui = NULL; - NET_API_STATUS status; - - status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui); - if (status != NERR_Success || ui == NULL) - { - ret = SEC_E_NO_CREDENTIALS; - phCredential = NULL; - break; - } - - username = HeapAlloc(GetProcessHeap(), 0, - (lstrlenW(ui->wkui1_username)+1) * - sizeof(SEC_WCHAR)); - lstrcpyW(username, ui->wkui1_username); - - /* same for the domain */ - domain = HeapAlloc(GetProcessHeap(), 0, - (lstrlenW(ui->wkui1_logon_domain)+1) * - sizeof(SEC_WCHAR)); - lstrcpyW(domain, ui->wkui1_logon_domain); - NetApiBufferFree(ui); - } - else - { - PSEC_WINNT_AUTH_IDENTITY_W auth_data = - (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData; - - /* Get username and domain from pAuthData */ - username = HeapAlloc(GetProcessHeap(), 0, - (auth_data->UserLength + 1) * sizeof(SEC_WCHAR)); - memcpy(username, auth_data->User, - auth_data->UserLength * sizeof(SEC_WCHAR)); - username[auth_data->UserLength] = '\0'; - - domain = HeapAlloc(GetProcessHeap(), 0, - (auth_data->DomainLength + 1) * sizeof(SEC_WCHAR)); - memcpy(domain, auth_data->Domain, - auth_data->DomainLength * sizeof(SEC_WCHAR)); - domain[auth_data->DomainLength] = '\0'; - } - ntlm_cred = HeapAlloc(GetProcessHeap(), 0, sizeof(*ntlm_cred)); if (!ntlm_cred) { @@ -184,31 +140,37 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW( break; } ntlm_cred->mode = NTLM_CLIENT; + ntlm_cred->username_arg = NULL; + ntlm_cred->domain_arg = NULL; ntlm_cred->password = NULL; ntlm_cred->pwlen = 0;
- TRACE("Username is %s\n", debugstr_w(username)); - unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, - username, -1, NULL, 0, NULL, NULL) + sizeof(username_arg); - ntlm_cred->username_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size); - memcpy(ntlm_cred->username_arg, username_arg, sizeof(username_arg) - 1); - WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, username, -1, - ntlm_cred->username_arg + sizeof(username_arg) - 1, - unixcp_size - sizeof(username_arg) + 1, NULL, NULL); - - TRACE("Domain name is %s\n", debugstr_w(domain)); - unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, - domain, -1, NULL, 0, NULL, NULL) + sizeof(domain_arg); - ntlm_cred->domain_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size); - memcpy(ntlm_cred->domain_arg, domain_arg, sizeof(domain_arg) - 1); - WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, domain, - -1, ntlm_cred->domain_arg + sizeof(domain_arg) - 1, - unixcp_size - sizeof(domain) + 1, NULL, NULL); - if(pAuthData != NULL) { PSEC_WINNT_AUTH_IDENTITY_W auth_data = - (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData; + (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData; + + TRACE("Username is %s\n", debugstr_wn(auth_data->User, auth_data->UserLength)); + TRACE("Domain name is %s\n", debugstr_wn(auth_data->Domain, auth_data->DomainLength)); + + /* Get username and domain from pAuthData */ + unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, + auth_data->User, auth_data->UserLength, NULL, 0, NULL, NULL) + sizeof(username_arg); + ntlm_cred->username_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size); + memcpy(ntlm_cred->username_arg, username_arg, sizeof(username_arg) - 1); + WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, auth_data->User, auth_data->UserLength, + ntlm_cred->username_arg + sizeof(username_arg) - 1, + unixcp_size - sizeof(username_arg) + 1, NULL, NULL); + ntlm_cred->username_arg[unixcp_size - 1] = '\0'; + + unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, + auth_data->Domain, auth_data->DomainLength, NULL, 0, NULL, NULL) + sizeof(domain_arg); + ntlm_cred->domain_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size); + memcpy(ntlm_cred->domain_arg, domain_arg, sizeof(domain_arg) - 1); + WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, auth_data->Domain, + auth_data->DomainLength, ntlm_cred->domain_arg + sizeof(domain_arg) - 1, + unixcp_size - sizeof(domain) + 1, NULL, NULL); + ntlm_cred->domain_arg[unixcp_size - 1] = '\0';
if(auth_data->PasswordLength != 0) { @@ -417,6 +379,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( PBYTE bin; int buffer_len, bin_len, max_len = NTLM_MAX_BUF; int token_idx; + SEC_CHAR *username = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput, @@ -452,7 +415,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( { static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1"; static CHAR credentials_argv[] = "--use-cached-creds"; - SEC_CHAR *client_argv[6]; + SEC_CHAR *client_argv[5];
TRACE("First time in ISC()\n");
@@ -475,10 +438,41 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
client_argv[0] = ntlm_auth; client_argv[1] = helper_protocol; - client_argv[2] = ntlm_cred->username_arg; - client_argv[3] = ntlm_cred->domain_arg; - client_argv[4] = credentials_argv; - client_argv[5] = NULL; + if (!ntlm_cred->username_arg && !ntlm_cred->domain_arg) + { + LPWKSTA_USER_INFO_1 ui = NULL; + NET_API_STATUS status; + int unixcp_size; + static const char username_arg[] = "--username="; + + status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui); + if (status != NERR_Success || ui == NULL) + { + ret = SEC_E_NO_CREDENTIALS; + goto isc_end; + } + + unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, + ui->wkui1_username, -1, NULL, 0, NULL, NULL) + sizeof(username_arg); + username = HeapAlloc(GetProcessHeap(), 0, unixcp_size); + memcpy(username, username_arg, sizeof(username_arg) - 1); + WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, ui->wkui1_username, -1, + username + sizeof(username_arg) - 1, + unixcp_size - sizeof(username_arg) + 1, NULL, NULL); + username[unixcp_size - 1] = '\0'; + + TRACE("using cached credentials\n"); + + client_argv[2] = username; + client_argv[3] = credentials_argv; + client_argv[4] = NULL; + } + else + { + client_argv[2] = ntlm_cred->username_arg; + client_argv[3] = ntlm_cred->domain_arg; + client_argv[4] = NULL; + }
if((ret = fork_helper(&helper, ntlm_auth, client_argv)) != SEC_E_OK) goto isc_end; @@ -840,6 +834,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( }
isc_end: + HeapFree(GetProcessHeap(), 0, username); HeapFree(GetProcessHeap(), 0, want_flags); HeapFree(GetProcessHeap(), 0, buffer); HeapFree(GetProcessHeap(), 0, bin);