Hans Leidekker hans@codeweavers.com wrote:
On Fri, 2017-10-20 at 10:51 +0800, Dmitry Timoshkov wrote:
Hans Leidekker hans@codeweavers.com wrote:
On Mon, 2017-10-16 at 17:55 +0800, Dmitry Timoshkov wrote: diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec
diff --git a/wine/dlls/kerberos/kerberos.spec b/wine/dlls/kerberos/kerberos.spec index d277cee..e92516f 100644 --- a/wine/dlls/kerberos/kerberos.spec +++ b/wine/dlls/kerberos/kerberos.spec @@ -1 +1,3 @@ @ stdcall SpLsaModeInitialize(long ptr ptr ptr) +@ stdcall InitSecurityInterfaceA() +@ stdcall InitSecurityInterfaceW()
The Windows 10 version doesn't export these functions. It does export a SECPKG_USER_FUNCTION_TABLE via SpUserModeInitialize but that doesn't give us everything we need.
It looks like MSDN suggests that both SECPKG_FUNCTION_TABLE (returned by SpLsaModeInitialize) and SECPKG_USER_FUNCTION_TABLE (returned by SpUserModeInitialize) should be used for an SSPI: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380175(v=vs.85).a... https://msdn.microsoft.com/en-us/library/windows/desktop/aa380185(v=vs.85).a...
Since this requires quite a bit of changing to secur32 SSP management code I'd suggest to simply add two above exports for now.
Neither option reflects what Windows does. The dll listed under SecurityProviders (credssp) doesn't export SpUserModeInitialize or SpLsaModeInitialize. It does export InitSecurityInterfaceW, but it's not called kerberos.
It seems to me as if the MSDN pages you are referring to describe the old situation, and MS has since replaced the list of providers with credssp, which tunnels SPNEGO over a TLS channel.
Yes, it looks like newer Windows versions have changed the behaviour, so I'd still suggest to create an SSP dll that is compatible with Wine's secur32 SSP loader expectations.