Hi,
I am confused.
RFC2478 says:
NegotiationToken ::= CHOICE {
negTokenInit [0] NegTokenInit,
negTokenTarg [1] NegTokenTarg }
MechTypeList ::= SEQUENCE OF MechType
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList OPTIONAL,
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
}
NegTokenTarg ::= SEQUENCE {
negResult [0] ENUMERATED {
accept_completed (0),
accept_incomplete (1),
reject (2) } OPTIONAL,
supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
}
I assumed that this means that I would find a negTokenTarg consisting of:
OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
[1] {
SEQUENCE {
[0] { INTEGER (0)}
[1] supportedMech { OID ...}
[2] OCTET STREAM { NTLMSSP or whatever}
}
}
However, what I seem to find is:
<60 50>
0000 60 50: [APPLICATION 0] {
<06 06>
0002 06 6: OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
<A0 46>
000A A0 46: [0] {
<30 44>
000C 30 44: SEQUENCE {
<A0 0E>
000E A0 E: [0] {
<30 0C>
0010 30 C: SEQUENCE {
<06 0A>
0012 06 A: OBJECT IDENTIFIER
: Microsoft NTLMSSP (1 3 6 1 4 1 311 2 2 10
: }
: }
<A2 32>
001E A2 32: [2] {
<04 30>
0020 04 30: OCTET STRING
Which seems to have used the negTokenInit value, dropped the negResult,
used [0] (mechTypes) for supportedMech and included a responseToken [2].
Does anyone have any comments?
Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx,
sharpe@xxxxxxxxxxxx