Hi, I am trying to learn and implement SMB2 Server. I am very interested to learn GSS-API (NTLMSSP, NTLMSSP_AUTH) inside. So, I am doing experiment with my own component of GSS-API. I read the description of mechListMIC in RFC4178 & RFC2478. But I couldn't understand how to calculate mechListMIC. Actually, I can create the mechListMIC for negTokenInit phase of 'NegotiateProtocol Response'. But the problem is, when client sends 'SessionSetup Request, NTLMSSP_AUTH, User: Domain\Administrator, Unknown message type' request, I can't understand how is it generating 'mechListMIC: 01 00 00 00 e8 6a 19 59 61 dc 96 9d 00 00 00 00' and how should I send response back in 'SessionSetup Response, Unknown message type' with corresponding mechListMIC based on the previous SessionSetup Request. I tried with the following data: SMB2.CSessionSetup.securityBlob.GSSAPI.InitialContextToken.InnerContextToken .SpnegoToken.NegTokenInit.MechTypes , hex data = 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A AND SMB2.CSessionSetup.securityBlob.GSSAPI.NegotiationToken.NegTokenResp.MechLis tMic, hex data = 01 00 00 00 78 1E E9 4A DB 99 7F E9 00 00 00 00 SecBuffer SignBuffers[2]; SignBufferDesc.ulVersion = SECBUFFER_VERSION; // SECBUFFER_VERSION = 0 SignBufferDesc.cBuffers = 2; SignBufferDesc.pBuffers = SignBuffers; SignBuffers[0] = 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A; SignBuffers[1] = 01 00 00 00 78 1E E9 4A DB 99 7F E9 00 00 00 00; SignBuffers[0].BufferType = SECBUFFER_DATA; // SECBUFFER_DATA = 1 SignBuffers[1].BufferType = SECBUFFER_TOKEN; // SECBUFFER_TOKEN = 2 Can anybody please tell me what information do I need to use inside HMAC-MD5 (key, data) algorithm to generate mechListMIC for SessionSetup Response and how? If you can create a step-by-step example using my test case to calculate mechListMIC for 'SessionSetup Response, Unknown message type' response, that would be very helpful for me. Please let me know if you need any further information. Thanks,
Shishir ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
