[jcifs] RE: LMv2 signing fix
Michael B Allen
mba2000 at ioplex.com
Wed Oct 8 04:27:57 EST 2003
> You mentioned
> in your other message that subsequent operations are verified
> with good credentials, but implied that the sequence count isn't reset
(I think); this is interesting, because it indicates that a "real" login
changes the signing key. From what I observed, an initial login would
> signing key and subsequent sessions would use the same key. This would
> to indicate that guest logins are treated as a special case. Does this
> what you are seeing?
I don't know if it actually changed the key. Try it yourself. I used
examples/VerifyGuest.java (I think that's what it's called). It will try
two successive operations; one using GUEST credentials and another with
good credentials. I was originally trying to see if an authentication
failure would put the client into a poor signing state.
What it looked like was happening was that the GUEST credentials were
suitable to etablish signing. The actuall operation performed by guest
failed for one reason or another but subsequent operations using regular
"good" credentials were successfull *if you signed GUEST's SMB*. If you
don't sign the GUEST SMB it failed (of course) and the subsequent
operations with good credentials could not be verified. So this suggested
to me that it was necessary to sign the GUEST SMB for the message digest
to be in the right "phase" or the sequence counter was off. If this is
true it would also imply that the signing key was *not* changed.
> The fallback to LMV2_CROSSDOMAIN_KEY is more of a last-ditch effort
> the "normal" key fails, see if that one happens to work). The
> check could be further refined to say, "if normal verification fails,
> lmCompatibility is set to 3+, then try the cross-domain key", which is more
> accurate; but since we're already failing at that point I figured we
> well just go ahead and try it.
So have you ever seen this key used successfully? I would much prefer that
only code that is understood reasonably well and has been proven to work
correctly be included in the distributed packages. Keep in mind that it is
not uncommon to crash remote systems when experimenting with new messages.
I have done this several times. This is not Darts you know :)
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.
More information about the jcifs