Hi Juan,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those. I know you have a partial implementation of an ASN.1 DER parser in crypt32, but I think it would be kind of silly to keep two seperate copies. Think it would make sense to create our own asn dll? Or is there any method to find out what functions msasn1.dll provides?
Cheers, Kai
Hi Kai,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those. I know you have a partial implementation of an ASN.1 DER parser in crypt32, but I think it would be kind of silly to keep two seperate copies. Think it would make sense to create our own asn dll? Or is there any method to find out what functions msasn1.dll provides?
Well, finding out the functions is easy enough: winedump can do that for you. The trouble is they're undocumented. Some very sparse information is available for at least one function [1] based on describing a vulnerability someone discovered in msasn1.dll. You could use that as a starting point for test cases for msasn1, and you could implement one based on those.
I think you could get Kerberos and Negotiate working quicker just by copying code as needed. No non-MS application I'm aware of uses msasn1 directly, so Wine wouldn't gain much from a compatible version. Doing the "right" thing could be sort of a hassle for crypt32 too (not that so many apps use it right now.)
The only thing is how much duplicated code offends you. I'm trying to prevent you from diving into a black hole, like I did with crypt32 when what I was really after was SSL ;)
[1] http://www.phreedom.org/solar/exploits/msasn1-bitstring/
____________________________________________________________________________________ Sponsored Link
Online degrees - find the right program to advance your career. Www.nextag.com
On Saturday 18 November 2006 01:12, Juan Lang wrote:
Hi Kai,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those. I know you have a partial implementation of an ASN.1 DER parser in crypt32, but I think it would be kind of silly to keep two seperate copies. Think it would make sense to create our own asn dll? Or is there any method to find out what functions msasn1.dll provides?
I think you could get Kerberos and Negotiate working quicker just by copying code as needed. No non-MS application I'm aware of uses msasn1 directly, so Wine wouldn't gain much from a compatible version. Doing the "right" thing could be sort of a hassle for crypt32 too (not that so many apps use it right now.)
Ok, never mind then. I'll trust you on that one. :)
The only thing is how much duplicated code offends you. I'm trying to prevent you from diving into a black hole, like I did with crypt32 when what I was really after was SSL ;)
Well, an alternative option for Kerberos and Negotiate would be using GSSAPI, but I now agree with Dan Kegel on that one, it's a bit too bloated for what we want to do with it. The api is a bit too different from SSPI to enable making SPPI a thin wrapper for GSSAPI and implementing our providers as GSSAPI plugins... It was a nice plan, though ;)
I'll just copy what I need then. Kai
On Sat, 2006-11-18 at 09:10 +0100, Kai Blin wrote:
On Saturday 18 November 2006 01:12, Juan Lang wrote:
Hi Kai,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those. I know you have a partial implementation of an ASN.1 DER parser in crypt32, but I think it would be kind of silly to keep two seperate copies. Think it would make sense to create our own asn dll? Or is there any method to find out what functions msasn1.dll provides?
I think you could get Kerberos and Negotiate working quicker just by copying code as needed. No non-MS application I'm aware of uses msasn1 directly, so Wine wouldn't gain much from a compatible version. Doing the "right" thing could be sort of a hassle for crypt32 too (not that so many apps use it right now.)
Ok, never mind then. I'll trust you on that one. :)
The only thing is how much duplicated code offends you. I'm trying to prevent you from diving into a black hole, like I did with crypt32 when what I was really after was SSL ;)
Well, an alternative option for Kerberos and Negotiate would be using GSSAPI, but I now agree with Dan Kegel on that one, it's a bit too bloated for what we want to do with it. The api is a bit too different from SSPI to enable making SPPI a thin wrapper for GSSAPI and implementing our providers as GSSAPI plugins... It was a nice plan, though ;)
I strongly recommend against trying to do what Samba3 did, and thinking that GSSAPI is 'too much'. That has created problems for us, and does not produce the same network results as using 'real' GSSAPI.
Andrew Bartlett
On Sa, 2006-11-18 at 00:57 +0100, Kai Blin wrote:
Hi Juan,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those.
Or is there any method to find out what functions msasn1.dll provides?
Ask MS for "msasn1.dll": http://support.microsoft.com/dllhelp/?dlltype=file&l=55&S=1&alph...
Newest Results: http://support.microsoft.com/dllhelp/?fid=198605&l=55&det=1
---------- Next Try:
Search Google for "ASN.1 LGPL" or "ASN.1 Lesser General Public License":
http://josefsson.org/libtasn1/ Libtasn1 is licensed under the GNU Lesser General Public License.
Documentation: http://www.gnu.org/software/gnutls/manual/libtasn1/html_node/index.html
-
Andrew Bartlett -
Detlef Riekenberg -
Juan Lang -
Kai Blin