[01/10] secur32: Implement AcquireCredentialsHandle for Kerberos.

Tue Oct 24 09:01:35 CDT 2017

On Tue, 2017-10-24 at 21:10 +0800, Dmitry Timoshkov wrote:
> mitry Timoshkov <dmitry at baikal.ru> wrote:
> 
> > Hans Leidekker <hans at codeweavers.com> wrote:
> > 
> > > On Tue, 2017-10-24 at 11:44 +0200, Alexandre Julliard wrote:
> > > > I liked the idea of putting this in kerberos.dll. Have you given up on
> > > > > > this?
> > > > > 
> > > > > I liked it too, but it turns out that this dll doesn't implement the
> > > > > interface secur32 uses to load SSP modules (a SecurityFunctionTable
> > > > > returned by InitSecurityInterface).
> > > > > 
> > > > > It's also clear now that native doesn't use the SecurityProviders
> > > > > registry key to load the Kerberos provider.
> > > > 
> > > > Yes, but isn't that a matter of figuring out how secur32 is supposed to
> > > > load it instead?  Or do you believe that it's now all inside secur32 on
> > > > Windows too?
> > > 
> > > It looks like it. Searching the registry didn't turn up anything
> > > relevant. I looked for other dlls which export InitSecurityInterface
> > > (assuming it would use the same mechanism) but found none that
> > > implements Kerberos.
> > 
> > secur32.dll in Windows 7 doesn't have any references or snippets of
> > the words resembling "Kerberos" in any combination of cases.
> > 
> > On the other hand kerberos.dll has the references to sspicli.dll and
> > secur32.dll.
> > 
> > So it looks like secur32.dll in Windows doesn't implement Kerberos SSP.
> 
> If the presence of the following unicode text is more convincing
> 
> +#define KERBEROS_COMMENT \
> +    {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0}
> +static CHAR kerberos_comment_A[] = KERBEROS_COMMENT;
> +static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT;
> 
> then this text does present in kerberos.dll in Windows 7.

Well, this dll implements the Kerberos LSA security package. It's
listed under Control\LSA\Security Packages along with msv1_0 and
schannel, and it exports SpLsaModeInitialize.

I'm looking for the Kerberos Security Support Provider (SSP). SSPs
are loaded through a different key and obtained with
InitSecurityInterface.