NTLMSSP in Extended security negotiation...

Mayers, Philip J p.mayers at ic.ac.uk
Sun Nov 5 13:59:35 GMT 2000 

Ok, I need some outside input:

I am working on the extended security support - I've got the Flags2 and
Capabilities and NegProt working, but I'm stumbling at the Session setup. I
decided the best thing to do was implement NTLMSSP first, so the current
code goes like this:

NegProt request from Win2K - Flags2 has 0x0800 set)

NegProt reply from Samba - Flags2 has 0x0800 set, Capabilities has
0x80000000 set, and there's a 16-byte GUID where the 8byte cryptkey & domain
strings normally go.

SesssetupAndX from Win2K, with:

Expecting extended-security Sesssetup
Security blob in session setup:
[000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 97 B2 08 E0  NTLMSSP. ........
[010] 03 00 03 00 28 00 00 00  08 00 08 00 20 00 00 00  ....(... .... ...
[020] 57 49 4C 44 46 49 52 45  4E 45 54                 WILDFIRE NET
Strings in session setup:
[000] 57 69 6E 64 6F 77 73 20  32 30 30 30 20 32 31 39  Windows  2000 219
[010] 35 00 57 69 6E 64 6F 77  73 20 32 30 30 30 20 35  5.Window s 2000 5
[020] 2E 30 00 00                                       .0..
NTLM negotiation from security blob

Now what? As Craig Russ pointed out in his presentation as CIFS2000, all
NTLMSSP blobs begin "NTLMSSP" - is that 7 bytes, or 8 and a null-terminator?
Anyway, WILDFIRE is the name of my machine, and NET is the NetBIOS name of
the workgroup it's on (actually an MIT K5 domain NET.IC.AC.UK...) - those
values aren't null terminated, so I can't quite figure out how this blob
works...

Anyway, I can't really interpret the contents of the data following the
string. Quite why Microsoft couldn't have just used standard SNEGO/ASN.1 and
a real OID I don't know - they must have monkeys programming for them..

I've a packet trace if anyone thinks they can help... For now, I'm going to
hardcode these values into libsmb and get the next step out.

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+

More information about the samba-technical mailing list