Partager via

3.2.5.2.2 Server Response Checking

  • Article

If ServerBlock == TRUE, then the server MUST return STATUS_NOT_SUPPORTED ([MS-ERREF] section 2.3.1). <71>

If ServerRequire128bitEncryption == TRUE, then if 128-bit encryption is not negotiated then the server MUST return SEC_E_UNSUPPORTED_FUNCTION ([MS-ERREF] section 2.1.1) to the application. <72>

The client MUST compute the expected session key for signing and encryption, which it sends to the server in the AUTHENTICATE_MESSAGE (section 3.1.5.2.1). Using this key from the AUTHENTICATE_MESSAGE, the server MUST check the signature and/or decrypt the protocol response, and compute a response. The response MUST be signed and/or encrypted and sent to the client.

   Set MIC to HMAC_MD5(ResponseKeyNT, ConcatenationOf(
      CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE))

If the AUTHENTICATE_MESSAGE indicates the presence of a MIC field,<73> then the MIC value computed earlier MUST be compared to the MIC field in the message, and if the two MIC values are not equal, then an authentication failure MUST be returned. An AUTHENTICATE_MESSAGE indicates the presence of a MIC field if the TargetInfo field has an AV_PAIR structure whose two fields:

  • AvId == MsvAvFlags

  • Value bit 0x2 == 1

     If (NTLMSSP_NEGOTIATE_KEY_EXCH flag is set in NegFlg
   AND (NTLMSSP_NEGOTIATE_SIGN OR NTLMSSP_NEGOTIATE_SEAL are set in NegFlg) )
     Set ExportedSessionKey to RC4K(KeyExchangeKey, 
         AUTHENTICATE_MESSAGE.EncryptedRandomSessionKey)
     Set MIC to HMAC_MD5(ExportedSessionKey, ConcatenationOf(
         NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE,
         AUTHENTICATE_MESSAGE))
 Else 
     Set MIC to HMAC_MD5(KeyExchangeKey, ConcatenationOf(
         NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE,
         AUTHENTICATE_MESSAGE))
 Endif
 

If NTLM v2 authentication is used and the AUTHENTICATE_MESSAGE.NtChallengeResponse.TimeStamp (section 2.2.2.7) is more than MaxLifetime (section 3.1.1.1) difference from the server time, then the server SHOULD return a failure.<74>

If NTLM v2 authentication is used and channel binding is provided by the application, then the server MUST verify the channel binding<75>:

  • If ServerChannelBindingsUnhashed (section 3.2.1.2) is not NULL

    • If the AUTHENTICATE_MESSAGE contains a nonzero MsvAvChannelBindings AV_PAIR

      • If MD5_HASH(ServerChannelBindingsUnhashed) != MsvAvChannelBindings.AvPair.Value)

        • The server MUST return GSS_S_BAD_BINDINGS

      • Else the server MUST return GSS_S_BAD_BINDINGS

    • Else If ApplicationRequiresCBT (section 3.2.1.2) == TRUE

      • If the AUTHENTICATE_MESSAGE does not contain a nonzero MsvAvChannelBindings AV_PAIR

        • The server MUST return GSS_S_BAD_BINDINGS

  • If the AUTHENTICATE_MESSAGE contains a MsvAvTargetName

    • If MsvAvFlags bit 0x00000004 is set, the server MUST set ClientSuppliedTargetName (section 3.1.1.2) to NULL.<76>

    • AvID == MsvAvTargetName

    • Value == ClientSuppliedTargetName