RFC4178 says SPNEGO negTokenInit reqFlags is BIT STRING: NegTokenInit ::= SEQUENCE { ... reqFlags [1] ContextFlags OPTIONAL, -- inherited from RFC 2478 for backward compatibility, -- RECOMMENDED to be left out ... } ContextFlags ::= BIT STRING { ... } (SIZE (32)) from http://tools.ietf.org/html/rfc4178#section-4.2.1 source4/auth/gensec/spnego_parse.c:read_negTokenInit() reads reqFlags as INTEGER (asn1_read_Integer() is used) not BIT STRING. NOTE: Likewise(*1) sends reqFlags. Likewise can't join Samba4's Active Directory domain because Samba4 reports an error in asn1_read_Integer(). FYI: Samba3 doesn't have this bug. source3/libsmb/clispnego.c:parse_negTokenTarg() handles reqFlags as BIT STRING not INTEGER.
I have some solution ideas. Which solution do you like? (1) We implement asn1_{read,write}_BitString() and use them in {read,write}_negTokenInit(). (2) We just ignore reqFlags because RFC4178 says "RECOMMENDED to be left out ". This is the same solution as source3/libsmb/clispnego.c:parse_negTokenTarg(). (2) will be easier rather than (1).
I'd like to see solution 1. Can you attach a network capture please. metze
Created attachment 4551 [details] a packet capture screenshot I lined a target packet with red. 0xa1: reqFlags tag 0x04: reqFlags packet length 0x03: BIT STRING tag (not INTEGER = 0x02) 0x02: BIT STRING packet length 0x01: number of unused bit 0x7c: flags (the last bit is unused)
By packet capture we do mean the PCAP formatted file. Please save the capture and attach it to this bug. Screen-shots are not helpful, sorry.
Created attachment 4552 [details] PCAP
Created attachment 4553 [details] an implementation.
Created attachment 4554 [details] revised patch. Oops. The previous patch has a memory leak...
can you point me to the documentation where the encoding of BIT Strings is defined. I can't find a definition that has understandable examples. As heimdal does this correct I looked add asn1_compile and its output, but I didn't understand it... Are more that 32 bits allowed in ASN.1? MIT has this #define»BIT_STRING_PADDING»·····0x01 Is this real padding (why has it a non zero value then) or does that have a meaning? metze
(In reply to comment #8) > can you point me to the documentation where the encoding of BIT Strings is > defined. I can't find a definition that has understandable examples. I showed it in Bug #6625. Please see section 8.6 in http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Metze, could you comment on the latest patch? So we could apply it and close this one.
looking into this.
Ok, a slightly modified version has been pushed to master. Thanks!