[cifs-protocol] DCE_STYLE, AES and sequence numbers
Stefan (metze) Metzmacher
metze at samba.org
Tue Aug 12 10:05:22 GMT 2008
Andrew Bartlett schrieb:
> The documentation in MS-KILE 184.108.40.206 on DCE_STYLE is very terse, and
> fails to clarify a few points, one of which is preventing
> interoperability with Windows Vista.
> The client MUST generate an additional AP reply message exactly as the server would ([RFC4120]
> section 3.2.4) as the final message to send to the server. In GSS terms, the client must return
> success and a message to the server. It is up to the application to deliver the message to the
> The server MUST receive the additional AP reply message and verify that the message is
> constructed correctly ([RFC4120] section 3.2.5).
> What is unclear here is how the sequence numbers, exchanged in this
> message, are expected to be updated. For example, with a WinXP clients,
> and arcfour-hmac-md5 encryption, the sequence number (as maintained by
> the client, and seen on the server) is unaffected by the receipt of this
> extra message.
> In Heimdal's implementation here, we reset the sequence numbers after
> verifying the AP_REP at line 690.
> However, when GSSAPI CFX is used, and therefore an AES key is negotiated
> by a Windows Vista client to a Samba4 server, the client seems to
> require that the remote (from the server's persective) sequence number
> be increased by 1.
> (ie, adding 1 to r_seq_number at like 690 allows the next gss_unwrap to
> match the expected sequence number correctly, in the DRSUAPI bind
> portion of a Vista SP1 domain join).
I found why the seq number needs is +1, it's because there's a
GetMIC token in the AlterContext request from the client,
in the same SPNEGO blob as the AP-REP from the client.
And our server seems to miss the call to gss_verify_mic(),
which would increase the seqnum.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080812/58363115/signature.bin
More information about the cifs-protocol