[01/10] secur32: Implement AcquireCredentialsHandle for Kerberos.

Dmitry Timoshkov dmitry at baikal.ru
Fri Oct 20 04:00:06 CDT 2017 

Hans Leidekker <hans at codeweavers.com> wrote:

> On Fri, 2017-10-20 at 10:51 +0800, Dmitry Timoshkov wrote:
> > Hans Leidekker <hans at codeweavers.com> wrote:
> > 
> > > On Mon, 2017-10-16 at 17:55 +0800, Dmitry Timoshkov wrote:
> > > diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec
> > > > diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec
> > > > index d277cee..e92516f 100644
> > > > --- a/wine/dlls/kerberos/kerberos.spec
> > > > +++ b/wine/dlls/kerberos/kerberos.spec
> > > > @@ -1 +1,3 @@
> > > >  @ stdcall SpLsaModeInitialize(long ptr ptr ptr)
> > > > +@ stdcall InitSecurityInterfaceA()
> > > > +@ stdcall InitSecurityInterfaceW()
> > > 
> > > The Windows 10 version doesn't export these functions. It does export a
> > > SECPKG_USER_FUNCTION_TABLE via SpUserModeInitialize but that doesn't give
> > > us everything we need.
> > 
> > It looks like MSDN suggests that both SECPKG_FUNCTION_TABLE (returned by
> > SpLsaModeInitialize) and SECPKG_USER_FUNCTION_TABLE (returned by SpUserModeInitialize)
> > should be used for an SSPI:
> > https://msdn.microsoft.com/en-us/library/windows/desktop/aa380175(v=vs.85).aspx
> > https://msdn.microsoft.com/en-us/library/windows/desktop/aa380185(v=vs.85).aspx
> > 
> > Since this requires quite a bit of changing to secur32 SSP management code
> > I'd suggest to simply add two above exports for now.
> 
> Neither option reflects what Windows does. The dll listed under
> SecurityProviders (credssp) doesn't export SpUserModeInitialize or 
> SpLsaModeInitialize. It does export InitSecurityInterfaceW, but it's
> not called kerberos.
> 
> It seems to me as if the MSDN pages you are referring to describe the
> old situation, and MS has since replaced the list of providers with
> credssp, which tunnels SPNEGO over a TLS channel.

Yes, it looks like newer Windows versions have changed the behaviour,
so I'd still suggest to create an SSP dll that is compatible with Wine's
secur32 SSP loader expectations.

-- 
Dmitry.

More information about the wine-devel mailing list