NTLMSSP in Extended security negotiation...
Mayers, Philip J
p.mayers at ic.ac.uk
Sun Nov 5 13:59:35 GMT 2000
Ok, I need some outside input:
I am working on the extended security support - I've got the Flags2 and
Capabilities and NegProt working, but I'm stumbling at the Session setup. I
decided the best thing to do was implement NTLMSSP first, so the current
code goes like this:
NegProt request from Win2K - Flags2 has 0x0800 set)
NegProt reply from Samba - Flags2 has 0x0800 set, Capabilities has
0x80000000 set, and there's a 16-byte GUID where the 8byte cryptkey & domain
strings normally go.
SesssetupAndX from Win2K, with:
Expecting extended-security Sesssetup
Security blob in session setup:
[000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 B2 08 E0 NTLMSSP. ........
[010] 03 00 03 00 28 00 00 00 08 00 08 00 20 00 00 00 ....(... .... ...
[020] 57 49 4C 44 46 49 52 45 4E 45 54 WILDFIRE NET
Strings in session setup:
[000] 57 69 6E 64 6F 77 73 20 32 30 30 30 20 32 31 39 Windows 2000 219
[010] 35 00 57 69 6E 64 6F 77 73 20 32 30 30 30 20 35 5.Window s 2000 5
[020] 2E 30 00 00 .0..
NTLM negotiation from security blob
Now what? As Craig Russ pointed out in his presentation as CIFS2000, all
NTLMSSP blobs begin "NTLMSSP" - is that 7 bytes, or 8 and a null-terminator?
Anyway, WILDFIRE is the name of my machine, and NET is the NetBIOS name of
the workgroup it's on (actually an MIT K5 domain NET.IC.AC.UK...) - those
values aren't null terminated, so I can't quite figure out how this blob
works...
Anyway, I can't really interpret the contents of the data following the
string. Quite why Microsoft couldn't have just used standard SNEGO/ASN.1 and
a real OID I don't know - they must have monkeys programming for them..
I've a packet trace if anyone thinks they can help... For now, I'm going to
hardcode these values into libsmb and get the next step out.
Regards,
Phil
+----------------------------------+
| Phil Mayers, Network Support |
| Centre for Computing Services |
| Imperial College |
+----------------------------------+
More information about the samba-technical
mailing list