ASN.1 and some fun...
Mayers, Philip J
p.mayers at ic.ac.uk
Sun Oct 29 23:41:27 GMT 2000
Hohoho... I've just had a real chuckle...
The serious stuff first - we're going to need a GSSAPI library that can
implement SNEGO (we knew that already). I don't know of any GPL ones, so
we're going to have to write one. This has the advantage we can hook in and
intercept the NTLM mechanism much more easily, too.
So, SNEGO - fine. Does anyone have any recommendations for a good, GPL'd
ASN.1 encoding and decoding library. Ideally, it should be self-contained,
easy to use, and as cross-platform as possible.
Now for the humorous event of the evening:
If the extended security flags option in Flags2 of the SMB is set, the
NegProt response payload will take a different form. The first 16 bytes are
the server GUID (hence my earlier question). The remainder is the ASN.1
encoding of the SNEGO token.
As detailed in the presentation by Craig Russell from Unisys, MS clients
seem to send the wrong OID for the Krb5 mechanism - they send (for the ASN.1
.1.2.840.48018.1.2.2 (encoded as 2A 86 48 82 F7 12 01 02 02)
It should be:
.1.2.840.1135220.127.116.11 (encoded as 2A 86 48 86 F7 12 01 02 02)
In other words, they managed to get bit 3 of octet 4 toggled off, when it
should be on. All Win2K clients (certainly pre-SP1) show this behaviour.
Hahahahahahahahahahahahahahahaha... Laugh, I nearly died...
More information about the samba-technical