samba-technical.10.overbored at samba-technical.10.overbored at
Thu Aug 18 22:44:21 GMT 2005

Hi all, I'm trying to understand the SPNEGO and SSPI security blobs used 
in the SMB protocol. The SNIA reference and the CIFS spec don't talk 
about this at all, and the Implementing CIFS book only skims the subject.

The following are packet dumps illustrating what I'm seeing:

This is an SMB protocol negotiation response (sent by the server) using 
extended security. I don't understand what the security blob is supposed 
to be, only that it's SPNEGO data to list viable security protocols to 
be used subsequently (by SSPI). Is there any API in Windows that will 
let me obtain such a list? Furthermore, how would I format/insert that 
data into this security blob (and what other data might I need)? I think 
(I forgot how I know this) that this also has something to do with ASN.1 

This is the corresponding SMB session setup requests/responses. Are 
these entire security blobs just the direct outputs of the SSPI calls to 
InitializeSecurityContext()/AcceptSecurityContext()? Or is there 
additional (meta-)data/encoding here that I need to be aware of?

Are there any good resources out there that explain these issues in detail?

Thanks in advance for any help!

More information about the samba-technical mailing list