Wireshark · Ethereal-dev: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...

Ethereal-dev: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxx>

Date: Wed, 28 Aug 2002 17:15:40 +0930 (CST)

Hi,

I am confused.

RFC2478 says:

NegotiationToken ::= CHOICE {
                              negTokenInit  [0]  NegTokenInit,
                              negTokenTarg  [1]  NegTokenTarg }

MechTypeList ::= SEQUENCE OF MechType

NegTokenInit ::= SEQUENCE {
                            mechTypes       [0] MechTypeList  OPTIONAL,
                            reqFlags        [1] ContextFlags  OPTIONAL,
                            mechToken       [2] OCTET STRING  OPTIONAL,
                            mechListMIC     [3] OCTET STRING  OPTIONAL
                         }
NegTokenTarg ::= SEQUENCE {
    negResult      [0] ENUMERATED {
                            accept_completed    (0),
                            accept_incomplete   (1),
                            reject              (2) }          OPTIONAL,
    supportedMech  [1] MechType                                OPTIONAL,
    responseToken  [2] OCTET STRING                            OPTIONAL,
    mechListMIC    [3] OCTET STRING                            OPTIONAL
}

I assumed that this means that I would find a negTokenTarg consisting of:

 OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
 [1] {
    SEQUENCE {
     [0] { INTEGER (0)}
     [1] supportedMech { OID ...}
     [2] OCTET STREAM { NTLMSSP or whatever}
   }
 }

However, what I seem to find is:

    <60 50>
0000 60   50: [APPLICATION 0] {
    <06 06>
0002 06    6:   OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
    <A0 46>
000A A0   46:   [0] {
    <30 44>
000C 30   44:     SEQUENCE {
    <A0 0E>
000E A0    E:       [0] {
    <30 0C>
0010 30    C:         SEQUENCE {
    <06 0A>
0012 06    A:           OBJECT IDENTIFIER
            :             Microsoft NTLMSSP (1 3 6 1 4 1 311 2 2 10
            :           }
            :         }
    <A2 32>
001E A2   32:       [2] {
    <04 30>
0020 04   30:         OCTET STRING    

Which seems to have used the negTokenInit value, dropped the negResult, 
used [0] (mechTypes) for supportedMech and included a responseToken [2].

Does anyone have any comments?
 
Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx, 
sharpe@xxxxxxxxxxxx

Follow-Ups:
- Re: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Accessing low level protocol's info
Next by Date: Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
Previous by thread: Re: [Ethereal-dev] Accessing low level protocol's info
Next by thread: Re: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$