Funny security blob in sesssetup&X.
Steven French
sfrench at us.ibm.com
Wed Aug 28 06:52:00 GMT 2002
Jim convinced me that my theory was wrong - the mystery blob is a
negTokenInit - there are two negTokenInits in the overall flow then (one in
the negprot response and one in the first sesssetup request). I hate it
when this stuff finally makes sense
Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at us.ibm.com
---------------------- Forwarded by Steven French/Austin/IBM on 08/28/2002
10:45 AM ---------------------------
Steven French
08/28/2002 10:15 AM
To: samba-technical at samba.org
cc:
From: Steven French/Austin/IBM at IBMUS
Subject: Funny security blob in sesssetup&X.
It looks like a negTokenTarg to me. Note that the NTLMSSP format is mostly
described in chapter 11 of the ActiveX reference book, now online on the
OpenGroup site at
http://www.opengroup.org/onlinepubs/009899899/NCH1222X.HTM (the rest of the
book covers ActiveX and MS DCE/RPC and is at
http://www.opengroup.org/onlinepubs/009899899/toc.htm). I wish I had seen
that document years ago it would have saved us some time. I had been
putting off getting a copy for a long time.
For the SPNEGO formatting it seems that the negTokenInit and negTokenTarg
are distinguished by context (the negTokenInit coming first) but the [0]
and [2] in the dumpasn output probably refer to the field numberings in the
RFC, specifically "supportedMech" and "responseToken" respectively even
though based on RFC2478 you would expect the targ to include [0] as
negResult not just the optional fields [1] as supportedMech and [2] as
responseToken
From: Richard Sharpe <rsharpe at ns.aus.com>
To: <samba-technical at samba.org>
>Here is the content of the security blob in a sessionsetup&X from a Win2K
box.
>
>It looks wrong because it seems to be a negTokenInit, not the
>negTokenTarg I would expect.
>
>Can anyone comment?
Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at us.ibm.com
More information about the samba-technical
mailing list