svn commit: samba r21991 - in branches/SAMBA_3_0/source: include lib libsmb smbd

Jeremy Allison jra at samba.org
Sat Mar 31 18:33:34 GMT 2007 

On Sat, Mar 31, 2007 at 12:47:02PM +0200, Kai Blin wrote:
> On Saturday 31 March 2007 00:26, Jeremy Allison wrote:
> > On Sat, Mar 31, 2007 at 12:25:33AM +0200, Kai Blin wrote:
> > > On Thursday 29 March 2007 18:41, Jeremy Allison wrote:
> > > > Do you have an example of GSS-SPNEGO negotiated NTLM from Microsoft's
> > > > SSPI showing where the signature goes ? I'd change it to be compatible
> > > > on the wire with SSPI transport, if there's a spec for it with NTLM ?
> > >
> > > I don't have a trace of this at hand, but if you still want one, I can
> > > easily provide this for a plain SSPI application. The test cases I wrote
> > > the last summers work like that, just not via Negotiate for now. Changing
> > > that to get you the right traces is trivial.
> > >
> > > Signature only, sign+seal or both?
> >
> > Both please !
> 
> Attached is the Wireshark capture of a Negotiate handshake negotiating NTLMSSP 
> from Win2k to Win2k using a simple wrapper protocol I created for my tests. 
> The first 8 data bytes are my protocol, feel free to ignore that.
> 
> Now, what I am doing to create the package is to sequentially copy the 
> SecBufferDesc struct into my send buffer and sending that off.
> 
> As SSPI leaves sending the crypt data to the application using SSPI, there's 
> no guarantee other applications are handling this the same, but this trace 
> shows how the data comes out of SSPI.
> 
> The buffers in the SecBufferDesc struct are initialized like this:
> 
>         crypt_data[0].BufferType = SECBUFFER_TOKEN;
>         crypt_data[0].cbBuffer = ctxt_sizes.cbSecurityTrailer;
>         crypt_data[0].pvBuffer = malloc(crypt_data[0].cbBuffer);
> 
>         crypt_data[1].BufferType = SECBUFFER_DATA;
>         crypt_data[1].cbBuffer = sd->max_token;
>         crypt_data[1].pvBuffer = malloc(sd->max_token);
> 
> As you can see, the first buffer contains the security trailer and is a token 
> type. "Security trailer" is a fancy name for "signature" in the NTLM case.
> 
> Hope that helps,
> Kai
> 
> PS: If you want, I can get you the code that produced these traces.

Yes please, the code would help so I can match
the data flows with the calls.

Thanks,

	Jeremy.

More information about the samba-technical mailing list