Ethereal-dev: Re: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <rsharpe@xxxxxxxxxx>
Date: Thu, 29 Aug 2002 01:39:25 +0930 (CST)
On Wed, 28 Aug 2002, Guy Harris wrote:

> On Wed, Aug 28, 2002 at 05:15:40PM +0930, Richard Sharpe wrote:
> > I assumed that this means that I would find a negTokenTarg consisting of:
> > 
> >  OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
> 
> That's not part of a negTokenTarg.  That's the thisMech member of an
> InitialContextToken, as per section 3.1 or RFC 2078.
> 
> Everything that follows it is the innerContextToken.
> complnent of the initial token of a GSS-API context establishment
> sequence, as per section 3.1 of RFC 2078.
> 
> > However, what I seem to find is:
> > 
> >     <60 50>
> > 0000 60   50: [APPLICATION 0] {
> >     <06 06>
> > 0002 06    6:   OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
> 
> Yup, that's an InitialContextToken, as per RFC 2078:
> 
>        InitialContextToken ::=
>        -- option indication (delegation, etc.) indicated within
>        -- mechanism-specific token
>        [APPLICATION 0] IMPLICIT SEQUENCE {
>                thisMech MechType,
>                innerContextToken ANY DEFINED BY thisMech
>                   -- contents mechanism-specific
>                   -- ASN.1 structure not required
>                }
> 
> and all the stuff that follows is the innerContextToken, which, as RFC
> 2478 says, is described by the syntax you quoted.

OK, so I included too much ASN.1 stuff.
 
> 
> >     <A0 46>
> > 000A A0   46:   [0] {
> 
> So that's the "CHOICE { [0] {" part of a NegotiationToken, and it chose
> [0], or a NegTokenInit.
> 
> >     <30 44>
> > 000C 30   44:     SEQUENCE {
> 
> So that's the "SEQUENCE {" part of a NegTokenInit...
> 
> >     <A0 0E>
> > 000E A0    E:       [0] {
> 
> ...and that's the "[0]" part of a NegTokenInit, so the next item
> is a MechTypeList.
> 
> >     <30 0C>
> > 0010 30    C:         SEQUENCE {
> 
> SEQUENCE and SEQUENCE OF both have a tag of universal class and number
> 16, so they both start with hex 30, so that's actually
> 
>     <30 0C>
> 0010 30    C:         SEQUENCE OF {
> 
> which means this is a MechTypeList, or a sequence of MechTypes, which
> are OBJECT IDENTIFIERs.
> 
> >     <06 0A>
> > 0012 06    A:           OBJECT IDENTIFIER
> >             :             Microsoft NTLMSSP (1 3 6 1 4 1 311 2 2 10
> >             :           }
> >             :         }
> 
> and there's the first (and presumably only) member of that list.
> 
> >     <A2 32>
> > 001E A2   32:       [2] {
> 
> That's the [2] part of a NegTokenInit; all parts are optional, and the
> reqFlags part ([1]) was omitted.
> 
> >     <04 30>
> > 0020 04   30:         OCTET STRING    
> 
> ...and that introduces the mechToken.

Well, the only problem is that we have already seen the negTokenInit in 
the negprot reply. What I gave you was from the sess setup & X Request.

Perhaps I am missunderstanding? Gotta read the spec some more and focus on 
mechanism as well as structures ... 

Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx, 
sharpe@xxxxxxxxxxxx