Strange secblob returned from WIndows 2008 server
Love Hörnquist Åstrand
lha at kth.se
Sun Jun 1 04:35:34 GMT 2008
Maybe this is credssp ?
http://msdn.microsoft.com/en-us/library/bb204772.aspx
Love
16 apr 2008 kl. 12.53 skrev ronnie sahlberg:
> http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.2.html
>
> is part of the tree for Microsoft authenticode objects.
> .2.30 is however not known by alvestrand nor by
> http://www.oid-info.com/get/1.3.6.1.4.1.311.2
>
> :-(
>
>
> On Thu, Apr 17, 2008 at 4:40 AM, Dan Sledz <dan.sledz at isilon.com>
> wrote:
>> We had a report of a winbindd (v3.0.24 + Todd Stecher's 2k8 patches)
>> core on a customer's Windows 2008 forest. On investigation, it
>> appears
>> that the negTokenInit returned via Negotiate Protocol Response is
>> strangely formed. In particular, it has a new OID that I've never
>> seen
>> before (1.3.6.1.4.1.311.2.2.30) as well as a zero length mechToken
>> instead of it being omitted per spec. All I have right now is the
>> blob
>> itself since I've been unable to get a pcap of it occurring.
>>
>> Has anyone seen anything like this before?
>>
>> secblob:
>> 0x60 0x7a <-- GSSAPI
>> 0x06 0x06 <-- SPNEGO OID
>> 0x2b 0x06 0x01 0x05 0x05 0x02
>> 0xa0 0x70 <-- NegTokenInit
>> 0x30 0x6e
>> 0xa0 0x3 <-- mechTypes
>> 0x30 0x3a
>> 0x06 0x0a <-- 1.3.6.1.4.1.311.2.2.30 Unknown
>> OID
>> 0x2b 0x06 0x01 0x04 0x01
>> 0x82 0x37 0x02
>> 0x02 0x1e
>> 0x06 0x09 <-- KRB5
>> 0x2a 0x86 0x48 0x82 0xf7
>> 0x12 0x01 0x02
>> 0x02
>> 0x06 0x09 <-- MS KRB5
>> 0x2a 0x86 0x48 0x86 0xf7
>> 0x12 0x01 0x02
>> 0x02
>> 0x06 0x0a <-- MS KRB5 U2U
>> 0x2a 0x86 0x48 0x86 0xf7
>> 0x12 0x01 0x02
>> 0x02 0x03
>> 0x06 0x0a <-- NTLMSSP
>> 0x2b 0x06 0x01 0x04 0x01
>> 0x82 0x37 0x02
>> 0x02 0x0a
>> 0xa2 0x02 <-- mechToken
>> 0x04 0x00
>> 0xa3 0x2a <-- negHints
>> 0x30 0x28
>> 0xa0 0x26 <-- nameHints
>> 0x1b 0x24
>> "not_defined_in_RFC4178 at please_ignore"
>> 0x6e 0x6f 0x74 0x5f
>> 0x64 0x65 0x66 0x69
>> 0x6e 0x65 0x64 0x5f
>> 0x69 0x6e 0x5f 0x52
>> 0x46 0x43 0x34 0x31
>> 0x37 0x38 0x40 0x70
>> 0x6c 0x65 0x61 0x73
>> 0x65 0x5f 0x69 0x67
>> 0x6e 0x6f 0x72 0x65
>>
More information about the samba-technical
mailing list