Hans Leidekker hans@codeweavers.com wrote:
On Tue, 2017-10-24 at 11:44 +0200, Alexandre Julliard wrote:
I liked the idea of putting this in kerberos.dll. Have you given up on
> this?
I liked it too, but it turns out that this dll doesn't implement the interface secur32 uses to load SSP modules (a SecurityFunctionTable returned by InitSecurityInterface).
It's also clear now that native doesn't use the SecurityProviders registry key to load the Kerberos provider.
Yes, but isn't that a matter of figuring out how secur32 is supposed to load it instead? Or do you believe that it's now all inside secur32 on Windows too?
It looks like it. Searching the registry didn't turn up anything relevant. I looked for other dlls which export InitSecurityInterface (assuming it would use the same mechanism) but found none that implements Kerberos.
secur32.dll in Windows 7 doesn't have any references or snippets of the words resembling "Kerberos" in any combination of cases.
On the other hand kerberos.dll has the references to sspicli.dll and secur32.dll.
So it looks like secur32.dll in Windows doesn't implement Kerberos SSP.
If the presence of the following unicode text is more convincing
+#define KERBEROS_COMMENT \
- {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0}
+static CHAR kerberos_comment_A[] = KERBEROS_COMMENT; +static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT;
then this text does present in kerberos.dll in Windows 7.
Well, this dll implements the Kerberos LSA security package. It's listed under Control\LSA\Security Packages along with msv1_0 and schannel, and it exports SpLsaModeInitialize.
kerberos.dll implements both SSP/SA providers. If secure32.dll would implement anything kerberos related it would contain at least single ansi/unicode string "kerberos", but it does not.
I'm looking for the Kerberos Security Support Provider (SSP). SSPs are loaded through a different key and obtained with InitSecurityInterface.
Then probably you are looking in the wrong direction.