On Wed, 28 Aug 2002, Guy Harris wrote:
> On Wed, Aug 28, 2002 at 05:15:40PM +0930, Richard Sharpe wrote:
> > I assumed that this means that I would find a negTokenTarg consisting of:
> >
> > OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
>
> That's not part of a negTokenTarg. That's the thisMech member of an
> InitialContextToken, as per section 3.1 or RFC 2078.
>
> Everything that follows it is the innerContextToken.
> complnent of the initial token of a GSS-API context establishment
> sequence, as per section 3.1 of RFC 2078.
>
> > However, what I seem to find is:
> >
> > <60 50>
> > 0000 60 50: [APPLICATION 0] {
> > <06 06>
> > 0002 06 6: OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
>
> Yup, that's an InitialContextToken, as per RFC 2078:
>
> InitialContextToken ::=
> -- option indication (delegation, etc.) indicated within
> -- mechanism-specific token
> [APPLICATION 0] IMPLICIT SEQUENCE {
> thisMech MechType,
> innerContextToken ANY DEFINED BY thisMech
> -- contents mechanism-specific
> -- ASN.1 structure not required
> }
>
> and all the stuff that follows is the innerContextToken, which, as RFC
> 2478 says, is described by the syntax you quoted.
OK, so I included too much ASN.1 stuff.
>
> > <A0 46>
> > 000A A0 46: [0] {
>
> So that's the "CHOICE { [0] {" part of a NegotiationToken, and it chose
> [0], or a NegTokenInit.
>
> > <30 44>
> > 000C 30 44: SEQUENCE {
>
> So that's the "SEQUENCE {" part of a NegTokenInit...
>
> > <A0 0E>
> > 000E A0 E: [0] {
>
> ...and that's the "[0]" part of a NegTokenInit, so the next item
> is a MechTypeList.
>
> > <30 0C>
> > 0010 30 C: SEQUENCE {
>
> SEQUENCE and SEQUENCE OF both have a tag of universal class and number
> 16, so they both start with hex 30, so that's actually
>
> <30 0C>
> 0010 30 C: SEQUENCE OF {
>
> which means this is a MechTypeList, or a sequence of MechTypes, which
> are OBJECT IDENTIFIERs.
>
> > <06 0A>
> > 0012 06 A: OBJECT IDENTIFIER
> > : Microsoft NTLMSSP (1 3 6 1 4 1 311 2 2 10
> > : }
> > : }
>
> and there's the first (and presumably only) member of that list.
>
> > <A2 32>
> > 001E A2 32: [2] {
>
> That's the [2] part of a NegTokenInit; all parts are optional, and the
> reqFlags part ([1]) was omitted.
>
> > <04 30>
> > 0020 04 30: OCTET STRING
>
> ...and that introduces the mechToken.
Well, the only problem is that we have already seen the negTokenInit in
the negprot reply. What I gave you was from the sess setup & X Request.
Perhaps I am missunderstanding? Gotta read the spec some more and focus on
mechanism as well as structures ...
Regards
-----
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
