by hbelusca | January 4, 2017

Hi everyone, let me first wish you a happy new year 2017!

During the second half of last month (December) I did not have much time to work on ReactOS, hence the fact I could not write more reports for you to read. I was however able to test some stuff I started to work on during last November. I have started to familiarize and play a bit with the user-profile APIs inside userenv.dll . I then was able to add a temporary hack (see CORE-12541) in the Services Control Manager (SCM, in services.exe) to create (if needed) and always load the user profiles for the system service profiles "NT AUTHORITY\Local Service" and "NT AUTHORITY\Network Service", the latter being needed for the Word 2010 installation. The hack was committed in revisions 73486 and 73487. Some people have however spotted minor regressions due to the hack, with the former (CORE-12613) due to the fact that, since the hack consists in indistinctly loading all the service profiles in memory (instead of when only needed).

After the hack being in place, I retested the Word 2010 installation. Now the MSI installation step "CAInitSPPTokenStore.x86" (related to the initialization of the Office Software Protection service) passes with success; however the next installation steps, "CAInstallSppPlugin.x86" , "CAInstallLicenses" and "CAPopulateSPPCache" just fail completely with the following error:

fixme:(dll\win32\rpcrt4\rpc_binding.c:1865) unsupported AuthnSvc 10

(with AuthnSvc == 10 == RPC_C_AUTHN_WINNT, meaning "NTLM"). They however succeed when testing the installation in Wine.

I was able to trace this problem back to the fact that ReactOS does not implement one of the security authentication providers that is normally found in MS Windows, namely the NTLM authentication provider. This security provider is built in the secur32.dll (in %SystemRoot%\System32). I have created a JIRA report, CORE-12601, where you can find more details about how the missing provider problem appears when trying to install Word 2010. It is interesting to note that on Wine, the NTLM support is actually already somewhat present in secur32.dll, by wrapping around Samba's "ntlm_auth" helper utility (thus it needs a 3rd-party program to be already installed). Therefore this is not satisfactory for ReactOS, and a proper support has to be implemented for it.

It appears that such a support was actually being worked on, in a separate branch "sspi-bringup" by Samuel Serapión since some time around 2011-2012. The support currently bails out to a modified secur32.dll, the NTLM authentication package in a second dll ntlmsspi.dll, and one registry modification. I talked to him about this, and he kindly provided me with a binary build of these dls from his branch with updated code, that I was able to test in ReactOS (by replacing the dlls). With this, the above-mentioned MSI installation steps (the "CA...SPP..." ones) now seem to work OK (they return success); however I now get new problems: during the MSI installation step "CAInstallLicenses" I get a bunch of the following errors:

err:(dll\win32\rpcrt4\rpc_message.c:1845) we got fault packet with status 0xc004f012

(not present in Wine), which may indicate a possible memory corruption. Then the next MSI installation step "CAPopulateSPPCache" is run and subsequently fails (making the full installation failing).

These last problems need more investigation. I hope obtaining new interesting results during the next weeks! Stay tuned!