search

hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
707 stars 180 forks source link

why SecurityBuffer not start with NTLMSSP? what is this start string? #750

Closed fengyingkong closed 1 year ago

fengyingkong commented 1 year ago

which support ntlm v1 or ntlm v2? image

hierynomus commented 1 year ago

See this: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a3c2c28-d6b0-48ed-b917-a86b2ca4575f

If the server initiated authentication using SPNEGO, the buffer MUST contain a token as produced by the GSS protocol as specified in section 3.2.4.2.3. If the client initiated authentication, see section 2.2.4, the buffer SHOULD<28> contain a token as produced by an authentication protocol of the client's choice.

fengyingkong commented 1 year ago

i see the buff content is not match ntlm document: image

ntlm document start with ntlmssp, I don't know what went wrong. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b34032e5-3aae-4bc6-84c3-c6d80eadf7f2 image

hierynomus commented 1 year ago

I'm not sure what your question is... Or what you're trying to discern... It might be that due to the LE encoding (Little Endian first) the toStrings make no sense? Look at the bytes to see what's actually in there and work from that

fengyingkong commented 1 year ago

look the picture , there are something before the NTLMSSP character. but the document display startWith the Signature contain the NTLLMSSP. Why it's not the same. image image

hierynomus commented 1 year ago 
 * In the context of this class only the <em>NegTokenInit</em> is covered.
 * <p/>
 * <ul>
 * <li>When an InitToken is sent, it is prepended by the generic GSSAPI header.</li>
 * <li>The "mech" field of the GSSAPI header is always set to the SPNEGO OID (1.3.6.1.5.5.2)</li>
 * <li>The negTokenInit will have a lead byte of <code>0xa0</code> (the CHOICE tagged object).</li>
 * </ul>

You're confusing the NtlmNegotiate with the NegTokenInit. The NtlmNegotiate which is serialized 5 lines higer, does start with NTLMSSP\0, then we wrap that in the NegTokenInit which adds a whole lot of ASN.1 stuff in front of it.

fengyingkong commented 1 year ago

why adds a whole lot of ASN.1 stuff in front of NtlmNegotiate. i can not find related documents.

hierynomus commented 1 year ago

Instead of questioning my implementation, could you please ask a proper question on: A. What you are trying to achieve B. What's not working

The code is pretty hardened and has been tested against a variety of SMB implementations, e.g. Samba, Windows different versions.

The spec you're looking for is this one: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/8e71cf53-e867-4b79-b5b5-38c92be3d472?source=recommendations

It's: MS-SMB2 --authenticates_using_api--> MS-SPNG --uses_protocol--> MS-NLMP

fengyingkong commented 1 year ago

Thank you very much. I am implementing the smb server, in an open source project base to do secondary development. In addition the smbj can support kerberos?

hierynomus commented 1 year ago

Let's take this discussion / q&a session somewhere else than my bug tracker.