diff options
Diffstat (limited to 'docs/docbook/devdoc')
| -rw-r--r-- | docs/docbook/devdoc/NetBIOS.sgml | 2 | ||||
| -rw-r--r-- | docs/docbook/devdoc/Tracing.sgml | 4 | ||||
| -rw-r--r-- | docs/docbook/devdoc/cifsntdomain.sgml | 69 | ||||
| -rw-r--r-- | docs/docbook/devdoc/unix-smb.sgml | 2 |
4 files changed, 43 insertions, 34 deletions
diff --git a/docs/docbook/devdoc/NetBIOS.sgml b/docs/docbook/devdoc/NetBIOS.sgml index ec9d3af563..6b4eb34b76 100644 --- a/docs/docbook/devdoc/NetBIOS.sgml +++ b/docs/docbook/devdoc/NetBIOS.sgml @@ -101,7 +101,7 @@ rfc1001.txt describes, amongst other things, the implementation and use of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' which is fully rfc1001/2 compliant, but has had to take specific action with certain NetBIOS names in order to make it useful. (for example, it -deals with the registration of <1c> <1d> <1e> names all in different ways. +deals with the registration of <1c> <1d> <1e> names all in different ways. I recommend the reading of the Microsoft WINS Server Help files for full details). </para> diff --git a/docs/docbook/devdoc/Tracing.sgml b/docs/docbook/devdoc/Tracing.sgml index 3a0e4ba1a9..20515df167 100644 --- a/docs/docbook/devdoc/Tracing.sgml +++ b/docs/docbook/devdoc/Tracing.sgml @@ -80,11 +80,11 @@ stderr output from this command to a file for later perusal. For example, if I'm using a csh style shell: </para> -<para><command>strace -f -p 3872 >& strace.out</command></para> +<para><command>strace -f -p 3872 >& strace.out</command></para> <para>or with a sh style shell:</para> -<para><command>strace -f -p 3872 > strace.out 2>&1</command></para> +<para><command>strace -f -p 3872 > strace.out 2>&1</command></para> <para> Note the "-f" option. This is only available on some systems, and diff --git a/docs/docbook/devdoc/cifsntdomain.sgml b/docs/docbook/devdoc/cifsntdomain.sgml index f64e1b37d6..7c3c22d106 100644 --- a/docs/docbook/devdoc/cifsntdomain.sgml +++ b/docs/docbook/devdoc/cifsntdomain.sgml @@ -2175,7 +2175,7 @@ return 0 - indicates success </sect3> </sect2> -<sect2 +<sect2> <title>LSA SAM Logon</title> <para><emphasis> @@ -2279,7 +2279,7 @@ Note: presumably, the SAM_INFO structure is validated, and a (currently <para><emphasis> Note: mailslots will contain a response mailslot, to which the response - should be sent. the target NetBIOS name is REQUEST_NAME<20>, where + should be sent. the target NetBIOS name is REQUEST_NAME<20>, where REQUEST_NAME is the name of the machine that sent the request. </emphasis></para> @@ -2361,7 +2361,7 @@ Note: mailslots will contain a response mailslot, to which the response </variablelist> </sect3> -</sect2 +</sect2> <sect2> <title>SAM Logon</title> @@ -2662,18 +2662,22 @@ pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) <sect2> <title>Protocol</title> -<para> -C->S ReqChal,Cc S->C Cs -</para> +<programlisting> +C->S ReqChal,Cc +S->C Cs +</programlisting> -<para> -C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) -</para> +<programlisting> +C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) +</programlisting> -<para> -C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), -assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) -</para> +<programlisting> +C: Rc = Cred(Ks,Cc) +C->S Authenticate,Rc +S: Rs = Cred(Ks,Cs), assert(Rc == Cred(Ks,Cc)) +S->C Rs +C: assert(Rs == Cred(Ks,Cs)) +</programlisting> <para> On joining the domain the client will optionally attempt to change its @@ -2681,29 +2685,34 @@ password and the domain controller may refuse to update it depending on registry settings. This will also occur weekly afterwards. </para> -<para> -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, -arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: -assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) -S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' -</para> +<programlisting> +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S ServerPasswordSet,Rc',Tc,arc4(Ks[0..7,16],lmowf(randompassword()) +C: Rc = Cred(Ks,Rc+Tc+1) +S: assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() +S: Rs' = Cred(Ks,Rs+Tc+1) +S->C Rs',Ts +C: assert(Rs' == Cred(Ks,Rs+Tc+1)) +S: Rs = Rs' +</programlisting> <para> User: U with password P wishes to login to the domain (incidental data such as workstation and domain omitted) </para> -<para> -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, -arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S: -assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: -Ts = Time() -</para> - -<para> -S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: -assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) -</para> +<programlisting> +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S NetLogonSamLogon,Rc',Tc,U,arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) +S: assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) +S: Ts = Time() +</programlisting> + +<programlisting> +S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) +C: assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) +C: Rc = Cred(Ks,Rc+Tc+1) +</programlisting> </sect2> diff --git a/docs/docbook/devdoc/unix-smb.sgml b/docs/docbook/devdoc/unix-smb.sgml index aae96edfb7..d6a658089c 100644 --- a/docs/docbook/devdoc/unix-smb.sgml +++ b/docs/docbook/devdoc/unix-smb.sgml @@ -13,7 +13,7 @@ <para> This is a short document that describes some of the issues that confront a SMB implementation on unix, and how Samba copes with -them. They may help people who are looking at unix<->PC +them. They may help people who are looking at unix<->PC interoperability. </para> |