Question about SPNEGO

[joaoviictorti]

Hi guys,

I'm using the sspi crate with the Negotiate provider via Negotiate::new_client(...), and I noticed that the tokens generated through initialize_security_context are not encapsulated in a valid SPNEGO ASN.1 blob.

For example, in Wireshark, I expected to see the typical SPNEGO header (with OID 1.3.6.1.5.5.2) along with mechTypes but the resulting buffer only contains the raw NTLMSSP token (NTLMSSP\\0 ...).

Am I doing something wrong here? Just to clarify, this is being used in a DCE/RPC authentication context. And sorry if it's a silly question, since I'm just starting to use this library, I'm trying to understand it more precisely.

pub fn new(
    domain: &str,
    user: &str,
    pass: &str,
    protection: Protection,
) -> Result<Self> {
    let identity = AuthIdentity {
        username: Username::parse(&format!("{domain}\\{user}"))?,
        password: pass.to_owned().into(),
    };

    let config = NegotiateConfig::new(
        Box::new(NtlmConfig::default()),
        Some("ntlm,kerberos,!pku2u".to_string()),
        "".to_string(),
    );

    let mut negotiate = Negotiate::new_client(config)?;

    let creds = Credentials::AuthIdentity(identity.clone());
    let mut cred_handle = negotiate
        .acquire_credentials_handle()
        .with_credential_use(CredentialUse::Outbound)
        .with_auth_data(&creds)
        .execute(&mut negotiate)?
        .credentials_handle;

    let mut out = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)];
    let mut builder = negotiate
        .initialize_security_context()
        .with_credentials_handle(&mut cred_handle)
        .with_context_requirements(ClientRequestFlags::CONFIDENTIALITY)
        .with_target_data_representation(DataRepresentation::Native) 
        .with_output(&mut out);

    negotiate.initialize_security_context_impl(&mut builder)?
        .resolve_with_default_network_client()?;

    Ok(Self {
        provider: AuthProvider::Negotiate(negotiate),
        auth_type: RpcAuthType::Spnego,
        auth_level: match protection {
            Protection::Privacy   => RpcAuthLevel::Privacy,
            Protection::Integrity => RpcAuthLevel::Integrity,
            Protection::Connect   => RpcAuthLevel::Connect,
        },
        ctx_id: 0,
        pending_token: out[0].buffer.clone(),
    })

[joaoviictorti]

When I built a DCE/RPC client in Golang, I had to implement the authentication provider manually, and I managed to get it working by constructing the header I mentioned earlier, using SPNEGO

[TheBestTvarynka]

Hi,
You are doing nothing wrong here. It is actually a bug in our library.

Here is my previous answer to the related issue: #433 (comment)

We plan to fix it after finishing our current affairs.

[joaoviictorti]

Hey @CBenoit & @TheBestTvarynka , has anyone here had issues using NTLM authentication with DCERPC using this library? Every time I send an encrypted packet with auth level "privacy," I get the error nca_s_fault_sec_pkg_error. Not sure if you can help me with this, but any tips would be appreciated!

[TheBestTvarynka]

Let me try it today. It should work

[joaoviictorti]

I can try to share my code here, but it is quite large. Basically, I am still building it, and so far I have this struct called DceRpc. Sorry if the code gets too long, I just think it will be easier for you to understand if I send the code

pub struct DceRpc {
    /// Remote endpoint IP:port used for this RPC session.
    pub addr: SocketAddr,

    /// Controls whether to include feature negotiation context.
    pub mode: BindMode,

    /// Active transport object (e.g., TCP socket with connected stream).
    pub transport: Box<dyn DceRpcTransport>,

    /// UUID of the interface to bind to.
    interface: Option<RpcInterfaceId>,

    /// Set to true once a successful bind was performed.
    bind_done: bool,

    /// Unique call ID for the next message (usually starts at 1).
    call_id: u32,

    ///
    auth: Option<Auth>,
}

impl DceRpc {
    /// Parses a DCE/RPC target string and establishes a transport connection.
    ///
    /// Currently only supports: `ncacn_ip_tcp:<ip>[<port>]`
    ///
    /// # Errors
    ///
    /// Returns error if address string is malformed or connection fails.
    pub fn new(address: &str) -> Result<Self> {
        // Ex: ncacn_ip_tcp:192.168.0.10[135]
        let tcp = Regex::new(r"^ncacn_ip_tcp:([\w\.-]+)\[(\d+)\]$")?;
        let _udp =  Regex::new(r"^ncadg_ip_udp:([\w\.-]+)\[(\d+)\]$")?;
        
        let (addr, transport) = if let Some(cap) = tcp.captures(address) {
            let socket_addr = resolve_addr(&cap[1], cap[2].parse::<u16>()?)?;
            let transport = TcpTransport::connect(socket_addr)?;
            (socket_addr, Box::new(transport) as Box<dyn DceRpcTransport>)
        } else {
            bail!("Unsupported address format: '{}'", address);
        };

        Ok(Self {
            addr,
            transport,
            interface: None,
            bind_done: false,
            call_id: 1,
            mode: BindMode::Simple,
            auth: None
        })
    }

    /// Defines the UUID and version of the interface you want to bind to.
    pub fn with_interface(mut self, interface: RpcInterfaceId) -> Self {
        self.interface = Some(interface);
        self
    }

    /// Enables Bind Time Feature Negotiation.
    pub fn with_negotiation(mut self) -> Self {
        self.mode = BindMode::Negotiation;
        self
    }

    ///
    pub fn with_auth(mut self, domain: &str, user: &str, pass: &str) -> Result<Self> {
        self.auth = Some(Auth::new(domain, user, pass, Protection::Privacy)?);
        Ok(self)
    }

    /// Builds and sends a BIND PDU to the remote endpoint.
    ///
    /// This must be called before `request()`, but is triggered automatically if you forget.
    ///
    /// # Errors
    ///
    /// Returns error if UUID is missing or serialization fails.
    pub fn bind(&mut self) -> Result<()> {
        // Ensure the interface UUID has been set before attempting to bind
        let interface = self.interface.ok_or_else(|| {
            anyhow::anyhow!("Cannot bind: missing interface")
        })?;

        // Create interface context
        let mut contexts = vec![
            DceRpcContextItem::new(
                interface,
                vec![DceRpcTransferSyntaxAny::Ndr(DceRpcTransferSyntax::default())],
            )
        ];

        // Optionally append the Bind Time Feature Negotiation context if requested
        if matches!(self.mode, BindMode::Negotiation) {
            contexts.push(
                DceRpcContextItem::new(
                    UUID_BIND_TIME_FEATURE_NEGOTIATION,
                    vec![DceRpcTransferSyntaxAny::BindTime(
                        DceRpcTransferSyntaxBindTime::default()
                    )],
                )
            );
        }

        // Serialize the BIND PDU body (excluding the 16-byte header)
        let bind_pdu = DceRpcBind::new(contexts);
        let mut body = Vec::new();
        let mut body_cursor = Cursor::new(&mut body);
        bind_pdu.write_le(&mut body_cursor)?;
        
        // If authentication is enabled, append the sec_trailer and authentication token.
        // This also returns the size of the authentication data for the header.
        let auth_len = self
            .auth
            .as_mut()
            .map(|auth| auth.build(&mut body))
            .transpose()?
            .flatten()
            .unwrap_or(0);

        // Create the DCERPC header for a BIND packet.
        // The frag_length will be set to 16 (header) + body length.
        let header = DceRpcHeader::new(body.len() as u16, self.call_id, DceRpcPacketType::Bind)
            .with_auth_len(auth_len);

        // Serialize the full PDU
        let mut buf = Vec::new();
        let mut buf_cursor = Cursor::new(&mut buf);
        header.write_le(&mut buf_cursor)?;
        buf_cursor.write_all(&body)?;

        // Send the full BIND message over the transport
        let resp = self.transport.send(&buf, PduSendMode::ExpectResponse)?
            .context("Expected response but got none")?;
        let hdr = DceRpcHeader::read_le(&mut Cursor::new(&resp))?;
        if hdr.packet_type != DceRpcPacketType::BindAck {
            bail!("Error sending package: {:?}", hdr.packet_type);
        }

        if let Some(auth) = &mut self.auth {
            let (_, token) = Auth::parse(&resp, hdr.auth_length as usize)?;
            if auth.next(token)? {
                self.send_auth3()?;
            }
        }

        // Mark bind as completed to avoid rebinding
        self.call_id += 1;
        self.bind_done = true;
        Ok(())
    }

    /// Sends an AUTH3 packet as part of the DCE/RPC authentication handshake.
    ///
    /// This is called after receiving the initial BindAck, if the authentication
    /// scheme indicates that another round trip is required (e.g., NTLM "Authenticate"
    /// step or Kerberos finalization).
    fn send_auth3(&mut self) -> Result<()> {
        // Build the authentication trailer and token to be included in the body.
        let mut body = vec![0u8; 4];
        let auth_len = self
            .auth
            .as_mut()
            .context("Missing authentication context (auth == None)")?
            .build(&mut body)?
            .unwrap_or(0);

        // Construct the DCERPC header with packet type = 0x10 (AUTH3).
        let header = DceRpcHeader::new(body.len() as u16, self.call_id, DceRpcPacketType::Auth3)
            .with_auth_len(auth_len);

        // Combine the header and body into a single raw buffer.
        let mut raw = Vec::new();
        let mut cur = Cursor::new(&mut raw);
        header.write_le(&mut cur)?;
        cur.write_all(&body)?;

        // Send the AUTH3 packet through the transport.
        self.transport.send(&raw, PduSendMode::NoResponseExpected)?;
        Ok(())
    }

    /// Sends an **NDR-encoded** RPC call and returns the strongly-typed reply.
    ///
    /// # Type Parameters
    ///
    /// * T` – the request stub type  
    ///   * must implement [`NdrCall`] → provides the `OPNUM` **and** binds the
    ///     associated response type;  
    ///   * must implement [`NdrType`] → provides `encode`;  
    ///   * `T::Response` must implement `NdrType + Default + Bytes`
    ///     so it can be reconstructed via `from_bytes`.
    ///
    /// # Arguments
    ///
    /// * `input` – the request object that will be sent to the server.
    /// 
    /// # Returns
    ///
    /// * `Ok(T::Response)` - The decoded response struct.
    /// * `Err` - If encoding, network I/O, or decoding fails.
    pub fn request<T>(&mut self, input: T) -> Result<T::Response> 
    where
        T: NdrCall + NdrType,
        T::Response: NdrType + Default + Bytes,
    {
        // Automatically bind to the interface if not yet bound.
        if !self.bind_done {
            self.bind()?;
        }

        // Serialize stub parameters into NDR stream
        let mut stream = NdrStream::new();
        input.encode(&mut stream)?;
        let mut stub = stream.into_bytes();

        if let Some(auth) = &mut self.auth {
            auth.encrypt_message(self.call_id, &mut stub)?;
        }

        let mut body = Vec::with_capacity(8 + stub.len());
        body.extend_from_slice(&(stub.len() as u32).to_le_bytes()); // alloc_hint
        body.extend_from_slice(&0u16.to_le_bytes());                // ctx_id = 0
        body.extend_from_slice(&(T::OPNUM as u16).to_le_bytes());   // opnum
        body.extend_from_slice(&stub);                              // stb

        let auth_len = if let Some(auth) = &mut self.auth {
            auth.build(&mut body)?.unwrap_or(0)
        } else {
            0
        };

        // Build the DCE/RPC header and request PDU.
        let header = DceRpcHeader::new(
             body.len() as u16,
            self.call_id,
            DceRpcPacketType::Request,
        )
        .with_auth_len(auth_len);

        // Construct a DCE/RPC request from the header, opnum and encoded stub.
        let mut raw = Vec::with_capacity(8 + body.len());
        header.write_le(&mut Cursor::new(&mut raw))?;
        raw.extend_from_slice(&body);

        // Send the buffer through the transport
        let response = self
            .transport
            .send(&raw, PduSendMode::ExpectResponse)?
            .context("Expected response but got none")?;

        // Return a response        
        T::Response::from_bytes(&response[24..])
    }
}

And I have this struct responsible for authentication, which is the part that creates the packets and so on:

/// Represents an authentication context for DCERPC connections using SSPI/NTLM.
#[derive(Debug, Clone)]
pub struct Auth {
    /// SSPI provider implementation (NTLM only for now).
    pub provider: Negotiate,

    cred_handle: AcquireCredentialsHandleResult<Option<CredentialsBuffers>>,
    current_state: Option<InitializeSecurityContextResult>,

    /// RPC authentication service used in the `sec_trailer` (e.g., NTLM).
    pub auth_type: RpcAuthType,

    /// Level of protection (connect only, integrity, or privacy).
    pub auth_level: RpcAuthLevel,

    /// Context ID used in sec_trailer (usually 0).
    pub ctx_id: u32,

    /// Security token to include in the next PDU trailer (e.g., NEGOTIATE, CHALLENGE, AUTH).
    pub pending_token: Vec<u8>,
    pub pending_pad: u8,
}

impl Auth {
    /// Creates a new NTLM authentication context using SSPI.
    ///
    /// This initializes the SSPI state and generates the first token (NEGOTIATE)
    /// that will be included in the initial BIND PDU.
    ///
    /// # Arguments
    ///
    /// * `domain` - The user domain (e.g., "CORP").
    /// * `user` - The username (e.g., "alice").
    /// * `password` - The password in plaintext.
    /// * `protection` - Which level of protection to apply (Connect, Integrity, Privacy).
    ///
    /// # Returns
    ///
    /// * `Ok(Auth)` - On success.
    /// * `Err(anyhow::Error)` - If SSPI fails to initialize or token generation fails.
    pub fn new(domain: &str, user: &str, password: &str, protection: Protection) -> Result<Self> {
        // Construct SSPI identity (user@domain + password).
        let identity = AuthIdentity {
            username: Username::parse(&format!("{domain}\\{user}"))?,
            password: password.to_owned().into()
        };

        let package_list = {
            #[cfg(feature = "kerberos")]
            { 
                Some("kerberos,ntlm,!pku2u".to_string()) 
            }
            #[cfg(not(feature = "kerberos"))]
            {
                 Some("ntlm,kerberos,!pku2u".to_string()) 
            }
        };

        // Initialize NTLM provider.
        let mut negotiate = Negotiate::new_client(NegotiateConfig::new(
            Box::new(NtlmConfig::default()),
            package_list,
            String::new()
        ))?;

        // Acquire outbound credentials.
        let mut cred_handle = negotiate
            .acquire_credentials_handle()
            .with_credential_use(CredentialUse::Outbound)
            .with_auth_data(&Credentials::AuthIdentity(identity))
            .execute(&mut negotiate)?;

        // Generate initial security token (NEGOTIATE).
        let (pending_token, auth_type, init_state) = {
            let mut out = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)];
            let mut builder = negotiate
                .initialize_security_context()
                .with_credentials_handle(&mut cred_handle.credentials_handle)
                .with_context_requirements(Self::flags())
                .with_target_data_representation(DataRepresentation::Native)
                .with_output(&mut out);

            // Separate scope to drop the generator before we touch `negotiate` again.
            let protocol = negotiate.negotiated_protocol().clone();
            let init_state = {
                let mut flow = negotiate.initialize_security_context_impl(&mut builder)?;
                #[cfg(feature = "kerberos")]
                {
                    flow.resolve_with_default_network_client()?
                }
                #[cfg(not(feature = "kerberos"))]
                {
                    flow.resolve_to_result()?
                }    
            };

            // builder no longer used, safe to access `out`.
            let token = out[0].buffer.clone();
            let auth_type = match protocol {
                NegotiatedProtocol::Ntlm(_) => RpcAuthType::WinNt,
                NegotiatedProtocol::Kerberos(_) => RpcAuthType::Kerberos,
                NegotiatedProtocol::Pku2u(_) => bail!("Pku2u authentication is not supported for DCERPC")
            };

            (token, auth_type, init_state)
        };

        Ok(Self {
            provider: negotiate,
            cred_handle,
            pending_token,
            auth_type,
            ctx_id: 79231,
            pending_pad: 0,
            current_state: Some(init_state),
            auth_level: match protection {
                Protection::Integrity => RpcAuthLevel::Integrity,
                Protection::Privacy => RpcAuthLevel::Privacy,
                Protection::Connect => RpcAuthLevel::Connect
            },
        })
    }

    /// Returns the set of SSPI client request flags to use for the authentication context.
    #[inline]
    fn flags() -> ClientRequestFlags {
        ClientRequestFlags::MUTUAL_AUTH
            | ClientRequestFlags::INTEGRITY
            | ClientRequestFlags::CONFIDENTIALITY 
            | ClientRequestFlags::SEQUENCE_DETECT
            | ClientRequestFlags::REPLAY_DETECT
            | ClientRequestFlags::CONFIDENTIALITY
    }

    /// This method is called when a response from the server is received during the handshake
    /// (e.g., after a `BindAck` with a challenge). It sends the challenge into SSPI and computes
    /// the next token (e.g., NTLM Authenticate or Kerberos AP-REQ).
    ///
    /// The result is a new `pending_token` to be included in the next PDU,
    /// and `self.current_state` is updated with the SSPI session state.
    ///
    /// # Arguments
    ///
    /// * `token` - The received token from the server (e.g., NTLM CHALLENGE).
    ///
    /// # Returns
    ///
    /// * `Ok(true)` — If the context was completed (`SecurityStatus::Ok`) and a new token is ready.
    /// * `Ok(false)` — If more steps are needed, or no token produced.
    /// * `Err(_)` — If SSPI/GSS-API fails during processing.
    pub fn next(&mut self, token: &[u8]) -> Result<bool> {
        let mut input = vec![SecurityBuffer::new(token.to_vec(), BufferType::Token)];
        let mut output = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)];

        // Build the context initialization request.
        // This includes the credentials handle, flags, and input/output buffers.
        let mut builder = self.provider
            .initialize_security_context()
            .with_credentials_handle(&mut self.cred_handle.credentials_handle)
            .with_context_requirements(Self::flags())
            .with_target_data_representation(DataRepresentation::Native)
            .with_output(&mut output)
            .with_input(&mut input);    
        
        // Execute the context step with the platform-specific resolver.
        let result = {
            let mut flow = self.provider.initialize_security_context_impl(&mut builder)?;
            #[cfg(feature = "kerberos")]
            {
                flow.resolve_with_default_network_client()?
            }
            #[cfg(not(feature = "kerberos"))]
            {
                flow.resolve_to_result()?
            }
        };

        // Store the updated SSPI state for potential future steps.
        self.current_state = Some(result.clone());
        
        // Extract the resulting token (if any) to send in the next PDU.
        // This becomes part of the `sec_trailer` via `Auth::build`.
        self.pending_token = output
            .pop()
            .ok_or_else(|| anyhow!("SSPI output buffer is empty"))?
            .buffer;

        // Return whether the handshake has completed and token is present.
        Ok(result.status == SecurityStatus::Ok && !self.pending_token.is_empty())
    }

    /// Applies SSPI protection to the request stub (signs or seals it).
    ///
    /// Depending on `auth_level`, this method will either:
    /// - Sign the stub (`PKT_INTEGRITY`)
    /// - Seal (encrypt) and sign the stub (`PKT_PRIVACY`)
    /// - Leave the stub unchanged (`CONNECT` or `NONE`)
    ///
    /// The result is a new `pending_token` (signature or encrypted blob)
    /// to be included in the `sec_trailer` of the outgoing PDU.
    ///
    /// # Arguments
    ///
    /// * `seq` - Sequence number used for signing (usually the call_id).
    /// * `stub` - The mutable NDR stub to protect (signed or sealed in-place).
    ///
    /// # Returns
    ///
    /// * `Ok(())` on success.
    /// * `Err(anyhow::Error)` if protection fails.
    pub fn encrypt_message(&mut self, seq: u32, stub: &mut Vec<u8>) -> Result<()> {
        match self.auth_level {
            RpcAuthLevel::Integrity => {
                // Sign-only: generate signature token
                let mut sig = [0u8; 64];
                let token = {
                    let mut bufs = [
                        SecurityBufferRef::data_buf(stub.as_mut_slice()),
                        SecurityBufferRef::token_buf(&mut sig),
                    ];

                    self.provider.make_signature(0, &mut bufs, 0)?;
                    bufs[1].data().to_vec()
                };

                self.pending_token = token;
            },
            RpcAuthLevel::Privacy => {
                // Seal and sign the stub in-place
                let mut sig = [0u8; 64];
                let (cipher, token) = {
                    let mut bufs = [
                        SecurityBufferRef::data_buf(stub.as_mut_slice()),
                        SecurityBufferRef::token_buf(&mut sig),
                    ];

                    self.provider.encrypt_message(EncryptionFlags::empty(), &mut bufs, seq)?;
                    (bufs[0].data().to_vec(), bufs[1].data().to_vec())
                };

                *stub = cipher;
                self.pending_token = token;
            }
            _ => {}
        }

        Ok(())
    }

    /// Appends the authentication trailer (`sec_trailer`) to a PDU body.
    ///
    /// This trailer contains:
    /// - The `auth_type` and `auth_level` used.
    /// - The padding needed for 4-byte alignment.
    /// - The `ctx_id` and the actual `pending_token` (e.g., NTLM NEGOTIATE).
    ///
    /// After writing, `pending_token` is cleared.
    ///
    /// # Arguments
    ///
    /// * `msg` - The PDU buffer to append the trailer to.
    ///
    /// # Returns
    ///
    /// * `Ok(Some(u16))` - Length of the token portion (not including sec_trailer).
    /// * `Ok(None)` - If no token was pending (no trailer written).
    /// * `Err(anyhow::Error)` - On encoding failure.
    pub fn build(&mut self, msg: &mut Vec<u8>) -> Result<Option<u16>> {
        // If no token is pending, skip writing anything.
        if self.pending_token.is_empty() {
            return Ok(None);
        }

        let trailer_offset = DceRpcHeader::LEN as usize + msg.len();
        let pad = (4 - (trailer_offset % 4)) % 4;
        if pad > 0 {
            msg.extend(vec![0u8; pad]);
        }

        // Construct the trailer with metadata and context.
        let trailer = SecTrailer {
            auth_type: self.auth_type as u8,
            auth_level: self.auth_level as u8,
            auth_pad_len: pad as u8,
            auth_reserved: 0,
            auth_context_id: self.ctx_id,
        };

        // Serialize the 8-byte trailer, then append the token.
        let mut trailer_buf = Vec::with_capacity(SEC_TRAILER_LEN + self.pending_token.len());
        trailer.write_le(&mut Cursor::new(&mut trailer_buf))?;
        trailer_buf.extend_from_slice(&self.pending_token);

        // Add trailer + token to the message
        msg.extend(trailer_buf);
        let token_len = self.pending_token.len() as u16;
        self.pending_token.clear();

        // only the token length, not including the trailer header
        Ok(Some(token_len))
    }

    /// Parses the `sec_trailer` and authentication token from a received buffer.
    ///
    /// # Arguments
    ///
    /// * `buf` - The full DCERPC response buffer (including trailer + token).
    /// * `auth_len` - Length of the authentication token only (not including trailer).
    ///
    /// # Returns
    ///
    /// Tuple of:
    /// * `SecTrailer` — the parsed trailer structure
    /// * `&[u8]` — slice of the token buffer
    ///
    /// # Errors
    ///
    /// Returns error if parsing fails or the buffer is too short.
    pub fn parse(buf: &[u8], auth_len: usize) -> Result<(SecTrailer, &[u8])> {
        // Ensure the buffer has enough space for both trailer and token.
        if buf.len() < auth_len + SEC_TRAILER_LEN {
            bail!("Buffer too small for sec_trailer + token");
        }
        
        // The 8-byte sec_trailer sits just before the token at the end of the buffer.
        let start = buf.len() - auth_len - SEC_TRAILER_LEN;

        // Read trailer in little-endian format as per NDR spec
        let mut cursor = Cursor::new(&buf[start..start + SEC_TRAILER_LEN]);
        let trailer = SecTrailer::read_le(&mut cursor)?;

        // Token starts immediately after the trailer
        let token = &buf[start + SEC_TRAILER_LEN..start + SEC_TRAILER_LEN + auth_len];
        Ok((trailer, token))
    }

    /// Checks whether there is a token pending to be sent in the next PDU.
    pub fn has_token(&self) -> bool {
        !self.pending_token.is_empty()
    }

    /// Returns the current `auth_type` as a `u8` for use in trailers.
    pub fn auth_type_byte(&self) -> u8 {
        self.auth_type as u8
    }

    /// Returns the current `auth_level` as a `u8` for use in trailers.
    pub fn auth_level_byte(&self) -> u8 {
        self.auth_level as u8
    }
}

const SEC_TRAILER_LEN: usize = 8;

/// Represents the authentication trailer (sec_trailer) appended to a DCE/RPC PDU.
///
/// This 8-byte structure is written immediately before the authentication token
/// and describes how the token should be interpreted by the receiver.
#[binrw::binrw]
#[derive(Debug, Clone, Copy)]
#[brw(little)]
pub struct SecTrailer {
    /// Indicates the authentication provider (e.g., NTLM, Kerberos).
    pub auth_type: u8,

    /// Specifies the protection level (e.g., Connect, Integrity, Privacy).
    pub auth_level: u8,

    /// Number of padding bytes inserted before the trailer (for 16-byte alignment).
    pub auth_pad_len: u8,

    /// Reserved byte (must be 0).
    pub auth_reserved: u8,

    /// Authentication context ID (usually 0).
    pub auth_context_id: u32,
}

[joaoviictorti]

Basically, the service I'm referring to is SAMR, I'm calling the Connect method:

[joaoviictorti]

Looking at the request, everything seems correct, but I’m confused about this error

[joaoviictorti]

I took the opportunity to run some tests using Impacket with the same authentication setup, and the requests look very similar, but in this case, it successfully receives a valid response:

from impacket.dcerpc.v5 import transport, samr
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_WINNT

rpc_transport = transport.DCERPCTransportFactory("ncacn_ip_tcp:<ip>[<port>]")
dce = rpc_transport.get_dce_rpc()
dce.set_credentials("Example", "Example", "example.local")
dce.set_auth_type(RPC_C_AUTHN_WINNT)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)

dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)

samr.hSamrConnect(dce)

[TheBestTvarynka]

Hi, @joaoviictorti. I finally got a chance to try it.

has anyone here had issues using NTLM authentication with DCERPC using this library? Every time I send an encrypted packet with auth level "privacy," I get the error nca_s_fault_sec_pkg_error. Not sure if you can help me with this, but any tips would be appreciated!

It works for me. In sspi-rs, we have the DPAPI implementation (https://github.com/Devolutions/sspi-rs/tree/master/crates/dpapi) which uses the DCERDP authentication. I just checked it on my environment, and both NTLM and Kerberos authentications work well.

I think you may want to use our DCERDP auth implementation as a reference: https://github.com/Devolutions/sspi-rs/tree/master/crates/dpapi/src/rpc. It contains both: auth provider and RPC client implementations. It may be useful for you.

Also, here is my network traffic recording: dcerdp-ntlm.zip. You can open it with Wireshark and compare it with your packets. Maybe you will find differencies.

I can try to share my code here, but it is quite large. Basically, I am still building it, and so far I have this struct called DceRpc. Sorry if the code gets too long, I just think it will be easier for you to understand if I send the code

I read the code. It looks good. I did not find mistakes (but the compiler in my head can be buggy 😅). If you still have problems with it, can you also attach Wireshark recording?

[joaoviictorti]

Yes, I had seen your DPAPI client. I made a small change to it just to test, and I noticed that when I set sign_header to false, it returns the same error. It's quite strange, it's as if using sign_header as true is mandatory