Skip to content

NTLM: Enable MIC generation with the gss-ntlmssp provider #65627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
filipnavara wants to merge 1 commit into from
Closed

NTLM: Enable MIC generation with the gss-ntlmssp provider #65627

filipnavara wants to merge 1 commit into from

Conversation

@filipnavara
Copy link
Member

@filipnavara filipnavara commented Feb 20, 2022
edited
Loading

Ref: #65611 (comment)

The MIC is currently not sent due to this code branch.

It seems like there may be a way to enforce it by calling gss_inquire_sec_context_by_oid with the 1.3.6.1.4.1.7165.655.1.2 OID. The provider implements it here.

@ghost ghost added area-System.Net.Security community-contribution Indicates that the PR has been added by a community member labels Feb 20, 2022
@ghost
Copy link

ghost commented Feb 20, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Ref: #65611 (comment)

Author: filipnavara
Assignees: -
Labels:

area-System.Net.Security, community-contribution
Milestone: -

@filipnavara
Copy link
Member Author

filipnavara commented Feb 21, 2022

Closing for now since the necessary tests are missing and the MIC calculation doesn't pass them. Either the tests are incorrect (even though they pass on Windows and macOS) or the calculation in gss-ntlmssp is incorrect.

@filipnavara
Copy link
Member Author

filipnavara commented Feb 21, 2022
edited
Loading

Preliminary analysis seems to suggest that gss-ntlmssp incorrectly interprets the lack of version negotiation as lack of the VERSION field in the messages. The MIC offset would those be shifted. This doesn't seem to be in line with the specification which says the VERSION should still be present be can be set to zeros.

@wfurt
Copy link
Member

wfurt commented Feb 23, 2022

BTW I'm not sure if we should force it anyhow. We certainly don't on macOS so if gss-ntlmssp does not do it on it's own that looks like improvement that can be made there.

@filipnavara
Copy link
Member Author

filipnavara commented Feb 23, 2022

macOS always generates it and so does any recent version of Windows. I already filed bug on gss-ntlmssp to fix it there.

@ghost ghost locked as resolved and limited conversation to collaborators Mar 25, 2022
@karelz karelz added this to the 7.0.0 milestone Apr 8, 2022
@filipnavara filipnavara deleted the ntlm_linux_mic1 branch June 5, 2025 07:45
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

area-System.Net.Security community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@filipnavara @wfurt @karelz