[PATCH 4/5] kerberos: Allocate a buffer for the package info structure in kerberos_SpQueryContextAttributes.
Hans Leidekker
hans at codeweavers.com
Fri Feb 9 04:03:51 CST 2018
On Fri, 2018-02-09 at 17:13 +0800, Dmitry Timoshkov wrote:
> Hans Leidekker <hans at codeweavers.com> wrote:
>
> > > > This buffer can currently be retrieved directly from NTLM, without
> > > > involving LSA. This way we can free the buffer unconditionally in the
> > > > negotiate tests. Things would change if NTLM was moved behing the LSA
> > > > interface too, but in that case it's still not wrong to do it here, as
> > > > long as the LSA wrapper and the provider agree.
> > >
> > > Speaking of moving NTLM provider to SSP/AP msv1_0.dll, probably it's
> > > worth discussing how to do that. Do you think that using gss-ntlmssp
> > > instead of samba's ntlm_auth is an acceptable approach?
> >
> > I haven't looked at gss-ntlmssp in detail but it would be interesting
> > to use a proper library instead of Samba's ntlm_auth. In any case,
> > considering the potential for regressions it's probably better to do
> > such a change as a separate step.
>
> Sure, if desired it could be even possible to have both: an old
> implementation in secur32 and a new one in msv1_0, and a temporary
> switch (at compile or run time) to choose one of them.
Keeping the old implementation lowers the pressure to fix the new
implementation. I think we should to build an extensive test suite,
make sure it passes and then have a flag day, with ample time before
the next stable release.
More information about the wine-devel
mailing list