Single sign-on SoC project summary

Kai Blin blin at gmx.net
Sun Sep 25 16:44:39 CDT 2005 

Hi folks,

Dimi asked me to give a little status about the single sing-on summer of
code project I was doing to the list, and I'm happy to oblige.

Applications running on win32 can use the Security Support Provider
Interface (SSPI) to handle authentication via a number of protocols,
like kerberos, NTLM, Negotiate and Schannel. My project was to implement
the NTLM and Negotiate protocols, using Andrew Bartlett's GENSEC
implementation from samba4.

Samba offers a command line tool to provide NTLM ( and, in samba 4,
Negotiate ) style authentication for other programs, so my task was to
get wine to use ntlm_auth.

Things that got done:
---------------------

* Base64 codec
  ntlm_auth was first designed as a helper for squid. Squid talks to
  it's helpers using base64, wine just had an encoder for it.

* Code to run ntlm_auth
  ntlm_auth doesn't store all the state information needed for the
  protocol handshake, so some wrapping code was needed.

* Code that implements the security support providers for NTLM and
  Negotiate.
  To make the sspi functions behave properly, the api functions have to
  do the right thing.

Work still left to do:
----------------------

* Getting the code into cvs:
  While most of the code was already submitted to the wine-patches list,
  a lot of it was still in need of improvements. I'm currently working
  on this.

* Getting more of the stubs to actually do something
  While the code that exists so far can handle the basic NTLM and
  Negotiate authentication, a lot of functions defined in the API still
  are stubs.

Conclusion:
-----------

As soon as the code is in cvs, wine should be able to do basic NTLM and
Negotiate authentication, server and client side. Client side just
requires ntlm_auth, server side also requires samba to be set up
correctly, and when using samba 3, access to the winbindd named pipe for
the user running wine. 

Real use of this code seems limited, as most use cases also use the
schannel protocol, which isn't implmented yet. Juan Lang is working on
this, but needs to get more of crypt32 implemented for that.

I will continue to work on this, there's still a lot of providers to go.

I would like to use this summary to extend my thanks to Google and Chris
DiBona for getting the whole Summer of Code set up.

Also, I'd like to thank you guys, particularly Juan, for the help I have
recieved so far. It's really fun to work with the project, I hope to
keep doing so for a while.

Kai

-- 
Kai Blin, (blin at gmx dot net)
"Of course power tools and alcohol don't mix.  Everyone knows power tools aren't
soluble in alcohol..."
-- Crazy Nigel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20050925/94418486/attachment.pgp

More information about the wine-devel mailing list