Hans Leidekker hans@codeweavers.com wrote:
This buffer can currently be retrieved directly from NTLM, without involving LSA. This way we can free the buffer unconditionally in the negotiate tests. Things would change if NTLM was moved behing the LSA interface too, but in that case it's still not wrong to do it here, as long as the LSA wrapper and the provider agree.
Speaking of moving NTLM provider to SSP/AP msv1_0.dll, probably it's worth discussing how to do that. Do you think that using gss-ntlmssp instead of samba's ntlm_auth is an acceptable approach?
I haven't looked at gss-ntlmssp in detail but it would be interesting to use a proper library instead of Samba's ntlm_auth. In any case, considering the potential for regressions it's probably better to do such a change as a separate step.
Sure, if desired it could be even possible to have both: an old implementation in secur32 and a new one in msv1_0, and a temporary switch (at compile or run time) to choose one of them.