diff options
-rw-r--r-- | docs/docbook/devdoc/cifsntdomain.sgml | 61 |
1 files changed, 35 insertions, 26 deletions
diff --git a/docs/docbook/devdoc/cifsntdomain.sgml b/docs/docbook/devdoc/cifsntdomain.sgml index 0197f4e1be..7c3c22d106 100644 --- a/docs/docbook/devdoc/cifsntdomain.sgml +++ b/docs/docbook/devdoc/cifsntdomain.sgml @@ -2662,18 +2662,22 @@ pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) <sect2> <title>Protocol</title> -<para> -C->S ReqChal,Cc S->C Cs -</para> +<programlisting> +C->S ReqChal,Cc +S->C Cs +</programlisting> -<para> +<programlisting> C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) -</para> +</programlisting> -<para> -C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), -assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) -</para> +<programlisting> +C: Rc = Cred(Ks,Cc) +C->S Authenticate,Rc +S: Rs = Cred(Ks,Cs), assert(Rc == Cred(Ks,Cc)) +S->C Rs +C: assert(Rs == Cred(Ks,Cs)) +</programlisting> <para> On joining the domain the client will optionally attempt to change its @@ -2681,29 +2685,34 @@ password and the domain controller may refuse to update it depending on registry settings. This will also occur weekly afterwards. </para> -<para> -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, -arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: -assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) -S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' -</para> +<programlisting> +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S ServerPasswordSet,Rc',Tc,arc4(Ks[0..7,16],lmowf(randompassword()) +C: Rc = Cred(Ks,Rc+Tc+1) +S: assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() +S: Rs' = Cred(Ks,Rs+Tc+1) +S->C Rs',Ts +C: assert(Rs' == Cred(Ks,Rs+Tc+1)) +S: Rs = Rs' +</programlisting> <para> User: U with password P wishes to login to the domain (incidental data such as workstation and domain omitted) </para> -<para> -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, -arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S: -assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: -Ts = Time() -</para> - -<para> -S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: -assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) -</para> +<programlisting> +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S NetLogonSamLogon,Rc',Tc,U,arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) +S: assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) +S: Ts = Time() +</programlisting> + +<programlisting> +S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) +C: assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) +C: Rc = Cred(Ks,Rc+Tc+1) +</programlisting> </sect2> |