[cifs-protocol] DCE_STYLE, AES and sequence numbers

Stefan (metze) Metzmacher metze at samba.org
Tue Aug 12 10:05:22 GMT 2008

Andrew Bartlett schrieb:
> The documentation in MS-KILE on DCE_STYLE is very terse, and
> fails to clarify a few points, one of which is preventing
> interoperability with Windows Vista.
>   The client MUST generate an additional AP reply message exactly as the server would ([RFC4120]
>   section 3.2.4) as the final message to send to the server. In GSS terms, the client must return
>   success and a message to the server. It is up to the application to deliver the message to the
>   server.
>   The server MUST receive the additional AP reply message and verify that the message is
>   constructed correctly ([RFC4120] section 3.2.5).
> What is unclear here is how the sequence numbers, exchanged in this
> message, are expected to be updated.  For example, with a WinXP clients,
> and arcfour-hmac-md5 encryption, the sequence number (as maintained by
> the client, and seen on the server) is unaffected by the receipt of this
> extra message.  
> In Heimdal's implementation here, we reset the sequence numbers after
> verifying the AP_REP at line 690. 
> http://git.samba.org/?p=samba.git;a=blob;f=source/heimdal/lib/gssapi/krb5/accept_sec_context.c;h=73b93ceba4c6bb472c546afd52981bcf13051173;hb=v4-0-test
> However, when GSSAPI CFX is used, and therefore an AES key is negotiated
> by a Windows Vista client to a Samba4 server, the client seems to
> require that the remote (from the server's persective) sequence number
> be increased by 1.
> (ie, adding 1 to r_seq_number at like 690 allows the next gss_unwrap to
> match the expected sequence number correctly, in the DRSUAPI bind
> portion of a Vista SP1 domain join). 

I found why the seq number needs is +1, it's because there's a
GetMIC token in the AlterContext request from the client,
in the same SPNEGO blob as the AP-REP from the client.

And our server seems to miss the call to gss_verify_mic(),
which would increase the seqnum.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080812/58363115/signature.bin

More information about the cifs-protocol mailing list