Using SPNEGO/SSPI in SMB
samba-technical.10.overbored at spamgourmet.com
samba-technical.10.overbored at spamgourmet.com
Fri Aug 19 08:44:58 GMT 2005
Thus spake Michael B Allen - mba2000 at ioplex.com on 8/18/2005 11:33 PM:
> On Thu, 18 Aug 2005 15:44:21 -0700
> samba-technical.10.overbored at spamgourmet.com wrote:
>
>
>>This is the corresponding SMB session setup requests/responses. Are
>>these entire security blobs just the direct outputs of the SSPI calls to
>>InitializeSecurityContext()/AcceptSecurityContext()?
>
>
> Pretty much. I think GSSAPI handles everything from NegToken* down
> but you might want to create a little Windows proggie that negotiates
> a security context with itself and then hexdump the buffers to verify
> what layers are handled exactly.
>
> Mike
I did as you suggested. I got the NTLMSSP buffers outputted by
InitializeSecurityContext/AcceptSecurityContext from this program
(change "Kerberos" to "NTLM"):
http://www.pluralsight.com/samplecontent/sspi_auth.cpp
I compared these to my Ethereal dumps. It turns out that the portion of
the Security Blob that is under the section of the Ethereal's dissection
called "NTLMSSP" (see my screenshots). Everything in the Security Blob
outside that is a mystery!
So, can anybody pinpoint what all that other stuff is, and how to
generate it? (Using Windows APIs, perhaps?) Also, the entire Security
Blob in the protocol negotiation response (the SPNEGO stuff) is just as
mysterious.
Hopefully Samba4's gensec source won't be my only hope!
More information about the samba-technical
mailing list