[cifs-protocol] [REG:116031113818575] GSSAPI context establishment Confidentiality/Integrity protection levels

Simo simo at samba.org
Tue Apr 5 01:52:30 UTC 2016 

Thanks Obaid,
crystal clear!

Simo.

On Tue, 2016-04-05 at 00:19 +0000, Obaid Farooqi wrote:
> Hi Simo:
> My investigation reveal that the issue you are encountering is not in
> the GSS API implementation of Microsoft (SSPI). It is due to a wrong
> assumption in the implementation of NNS protocol. As a matter of
> fact, the code is public so you can see for yourself at the following
> link:
> http://referencesource.microsoft.com/#System/net/System/Net/_NTAuthen
> tication.cs,f5122807ad1e911b
> 
> In method Decrypt, the following check is made
> 
> if (IsConfidentialityFlag)
>             {
>                 errorCode =
> SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, m_SecurityContext,
> securityBuffer, expectedSeqNumber);
>             }
>             else
>             {
>                 errorCode =
> SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, m_SecurityContext,
> securityBuffer, expectedSeqNumber);
>             }
> 
> And on the same link, IsConfidentialityFlag is defined as:
> 
> internal bool IsConfidentialityFlag {
>             get {
>                 return (m_ContextFlags &
> ContextFlags.Confidentiality) != 0;
>             }
> 
> And m_ContextFlags is returned from the calls to
> IntializeSecurityContext and AcceptSecurityContext.
> 
> So, it is the NNS protocol that requires that if the conf_avail flag
> is set, it means that every message must be encrypted (and signed). I
> have filed a bug against the document to make it explicit. 
> 
> The document MS-NNS already alludes to that in section " 2.2.2	
> Data Message ":
> 
> ".... Thus, if the negotiated security context in the handshake phase
> results in a context that does not support message confidentiality or
> integrity, then the data transferred is not framed, and does not
> follow the format specified in this section (that is, application-
> supplied data is written directly to the underlying TCP stream)."
> 
> I agree that it is not crisp and rigorous. But it makes it clear that
> if signing and sealing is not required, the protocol would not even
> do the framing i.e. might as well just use TCP without this protocol.
> 
> To do the signing only, the above code suggest that you just need to
> clear the confidentiality flag and signing will be assumed.
> 
> Please let me know if it does not answer your question.
> 
> 
> 
> 
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
> 
> Exceeding your expectations is my highest priority.  If you would
> like to provide feedback on your case you may contact my manager at
> nkang at Microsoft dot com
> 
> -----Original Message-----
> From: "Obaid Farooqi" <obaidf at microsoft.com> Sent: Friday, March 11, 2016 11:50 AM
> To: "Simo" <simo at samba.org>
> Cc: "cifs-protocol" <cifs-protocol at samba.org>; "MSSolve Case Email" <
> casemail at microsoft.com>
> Subject: [REG:116031113818575] GSSAPI context establishment
> Confidentiality/Integrity protection levels
> 
> Hi Simo: 
> Thanks for contacting Microsoft. I have created a case to track this
> issue. I'll help you with this issue and will be in touch as soon as
> I have an answer.
> 
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft 
> 
> Exceeding your expectations is my highest priority.  If you would
> like to provide feedback on your case you may contact my manager at
> nkang at Microsoft dot com
> 
> 
> -----Original Message-----
> From: idra at samba.org [mailto:idra at samba.org] On Behalf Of Simo
> Sent: Friday, March 11, 2016 11:30 AM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol <cifs-protocol at samba.org>
> Subject: GSSAPI context establishment Confidentiality/Integrity
> protection levels 
> 
> Dear dochelp,
> I am look at an interoperability issue between MIT client and Windows
> Servers when it comes to GSSAPi/SSPI based/using protocols.
> 
> [cifs-protocol in CC because it may affect that crowd too] 
> 
> At least for some protocols it appears as Microsoft Servers assume
> that the flags negotiated during context establishment directly
> indicate what is the minimum protection level that the server should
> expect.
> 
> To be more concrete, it appears that if a client negotiates the
> GSS_C_CONF_FLAG then the server seem to expect that the client will
> always use confidentiality protected packets and not allow integrity
> protected only packets, by returning an error if such a packet is
> sent by the client.
> 
> We've seen this behavior in 2 distinct cases, one less clear with
> SASL, where the negotiated flags are also used in lieu of the normal
> SASL SSF negotiation.
> 
> The other protocol where we encountered this is MS-NNS, the document
> seem to implicitly indicate that by calling the flags by the name
> "negotiated protection level".
> 
> Now the rub of the problem here is that RFC 2743 seem to take a
> completely different stance on the meaning of the negotiate flags.
> 
> In "RFC 2743 1.2.2 Per-Message Security Service Availability" the
> document describe the returned flags with the name conf_avail and
> integ_avail and the document is quite clear that their meaning is
> just that the confidentiality and integrity service are available.
> That is a missinf conf_avail flag would mean the confidentiality
> services are not available but its presence doesn't mean
> confidentiality is required.
> 
> For this reason the MIT GSSAPI krb5 mechanism, always forcibly sets
> the GSS_C_CONF_FLAG and the GSS_S_INTEG_FLAG in the context request,
> to indicate that the client does support both.
> 
> However it appears that by doing so we have an interpo issue where
> MIT GSSAPI clients are unable to negotiate a context where
> confidentiality can be used but is only optional.
> 
> We've been able to interoperate in the relevant cases by adding a way
> to turn off the forceful setting of those flags during client context
> establishment.
> 
> Now the question is whether Windows SSPI services always
> unconditionally treat the negotiated flags as the required negotiated
> protection level for a GSSAPI negotiated context or if this
> enforcement is instead a matter of the specific protocol/application
> using SSPI/GSSAPI on a Windows Server.
> 
> The documentation I was able to find so far is not very clear on this
> issue and it would be nice to have it documented in MS-KILE if
> Windows Kerberos mechanisms enforce different rules on
> confidentiality/integrity context establishment than what is
> indicated in RFC 2743.
> 
> Thanks,
> Simo. 
> 
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol

More information about the cifs-protocol mailing list