[cifs-protocol] DCE_STYLE, AES and sequence numbers
Andrew Bartlett
abartlet at samba.org
Fri Jul 25 05:16:54 GMT 2008
The documentation in MS-KILE 3.4.5.1 on DCE_STYLE is very terse, and
fails to clarify a few points, one of which is preventing
interoperability with Windows Vista.
The client MUST generate an additional AP reply message exactly as the server would ([RFC4120]
section 3.2.4) as the final message to send to the server. In GSS terms, the client must return
success and a message to the server. It is up to the application to deliver the message to the
server.
The server MUST receive the additional AP reply message and verify that the message is
constructed correctly ([RFC4120] section 3.2.5).
What is unclear here is how the sequence numbers, exchanged in this
message, are expected to be updated. For example, with a WinXP clients,
and arcfour-hmac-md5 encryption, the sequence number (as maintained by
the client, and seen on the server) is unaffected by the receipt of this
extra message.
In Heimdal's implementation here, we reset the sequence numbers after
verifying the AP_REP at line 690.
http://git.samba.org/?p=samba.git;a=blob;f=source/heimdal/lib/gssapi/krb5/accept_sec_context.c;h=73b93ceba4c6bb472c546afd52981bcf13051173;hb=v4-0-test
However, when GSSAPI CFX is used, and therefore an AES key is negotiated
by a Windows Vista client to a Samba4 server, the client seems to
require that the remote (from the server's persective) sequence number
be increased by 1.
(ie, adding 1 to r_seq_number at like 690 allows the next gss_unwrap to
match the expected sequence number correctly, in the DRSUAPI bind
portion of a Vista SP1 domain join).
Simiarly, you will note in line 606, that we must disable timestamp verification.
While the client code (like 663) is comparatively sane...
http://git.samba.org/?p=samba.git;a=blob;f=source/heimdal/lib/gssapi/krb5/init_sec_context.c;h=c455a5dc8b7246c0c8e795206be5b9c3db114cb8;hb=v4-0-test
It seems that this is more than a simple role reversal, and the docs
need to be expanded to clarify this.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080725/69ead716/attachment.bin
More information about the cifs-protocol
mailing list