[01/10] secur32: Implement AcquireCredentialsHandle for Kerberos.
Hans Leidekker
hans at codeweavers.com
Fri Oct 20 03:42:10 CDT 2017
On Fri, 2017-10-20 at 10:51 +0800, Dmitry Timoshkov wrote:
> Hans Leidekker <hans at codeweavers.com> wrote:
>
> > On Mon, 2017-10-16 at 17:55 +0800, Dmitry Timoshkov wrote:
> > diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec
> > > diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec
> > > index d277cee..e92516f 100644
> > > --- a/wine/dlls/kerberos/kerberos.spec
> > > +++ b/wine/dlls/kerberos/kerberos.spec
> > > @@ -1 +1,3 @@
> > > @ stdcall SpLsaModeInitialize(long ptr ptr ptr)
> > > +@ stdcall InitSecurityInterfaceA()
> > > +@ stdcall InitSecurityInterfaceW()
> >
> > The Windows 10 version doesn't export these functions. It does export a
> > SECPKG_USER_FUNCTION_TABLE via SpUserModeInitialize but that doesn't give
> > us everything we need.
>
> It looks like MSDN suggests that both SECPKG_FUNCTION_TABLE (returned by
> SpLsaModeInitialize) and SECPKG_USER_FUNCTION_TABLE (returned by SpUserModeInitialize)
> should be used for an SSPI:
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa380175(v=vs.85).aspx
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa380185(v=vs.85).aspx
>
> Since this requires quite a bit of changing to secur32 SSP management code
> I'd suggest to simply add two above exports for now.
Neither option reflects what Windows does. The dll listed under
SecurityProviders (credssp) doesn't export SpUserModeInitialize or
SpLsaModeInitialize. It does export InitSecurityInterfaceW, but it's
not called kerberos.
It seems to me as if the MSDN pages you are referring to describe the
old situation, and MS has since replaced the list of providers with
credssp, which tunnels SPNEGO over a TLS channel.
More information about the wine-devel
mailing list