[PATCH 4/5] kerberos: Allocate a buffer for the package info structure in kerberos_SpQueryContextAttributes.

[Dmitry Timoshkov]

Hans Leidekker <hans at codeweavers.com> wrote:

> > > > > This buffer can currently be retrieved directly from NTLM, without
> > > > > involving LSA. This way we can free the buffer unconditionally in the
> > > > > negotiate tests. Things would change if NTLM was moved behing the LSA
> > > > > interface too, but in that case it's still not wrong to do it here, as
> > > > > long as the LSA wrapper and the provider agree.
> > > > 
> > > > Speaking of moving NTLM provider to SSP/AP msv1_0.dll, probably it's
> > > > worth discussing how to do that. Do you think that using gss-ntlmssp
> > > > instead of samba's ntlm_auth is an acceptable approach?
> > > 
> > > I haven't looked at gss-ntlmssp in detail but it would be interesting
> > > to use a proper library instead of Samba's ntlm_auth. In any case,
> > > considering the potential for regressions it's probably better to do
> > > such a change as a separate step.
> > 
> > Sure, if desired it could be even possible to have both: an old
> > implementation in secur32 and a new one in msv1_0, and a temporary
> > switch (at compile or run time) to choose one of them.
> 
> Keeping the old implementation lowers the pressure to fix the new
> implementation.

Something suggests me that it mostly depends on the default choice :)

> I think we should to build an extensive test suite,
> make sure it passes and then have a flag day, with ample time before
> the next stable release.

Sounds like a nice answer: "Don't look at me!" :)

-- 
Dmitry.