From 285886b3cf0b2e886d59ddafb4b06d6a2fb459ce Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 13 Mar 2003 14:55:44 +0000 Subject: Merge cifsntdomain.sgml fixes from 3.0 branch (This used to be commit fb85311941967fa1080b84103a01d16b4fd33926) --- docs/docbook/devdoc/cifsntdomain.sgml | 61 ++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 26 deletions(-) (limited to 'docs') diff --git a/docs/docbook/devdoc/cifsntdomain.sgml b/docs/docbook/devdoc/cifsntdomain.sgml index 0197f4e1be..7c3c22d106 100644 --- a/docs/docbook/devdoc/cifsntdomain.sgml +++ b/docs/docbook/devdoc/cifsntdomain.sgml @@ -2662,18 +2662,22 @@ pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) Protocol - -C->S ReqChal,Cc S->C Cs - + +C->S ReqChal,Cc +S->C Cs + - + C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) - + - -C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), -assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) - + +C: Rc = Cred(Ks,Cc) +C->S Authenticate,Rc +S: Rs = Cred(Ks,Cs), assert(Rc == Cred(Ks,Cc)) +S->C Rs +C: assert(Rs == Cred(Ks,Cs)) + On joining the domain the client will optionally attempt to change its @@ -2681,29 +2685,34 @@ password and the domain controller may refuse to update it depending on registry settings. This will also occur weekly afterwards. - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, -arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: -assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) -S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' - + +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S ServerPasswordSet,Rc',Tc,arc4(Ks[0..7,16],lmowf(randompassword()) +C: Rc = Cred(Ks,Rc+Tc+1) +S: assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() +S: Rs' = Cred(Ks,Rs+Tc+1) +S->C Rs',Ts +C: assert(Rs' == Cred(Ks,Rs+Tc+1)) +S: Rs = Rs' + User: U with password P wishes to login to the domain (incidental data such as workstation and domain omitted) - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, -arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S: -assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: -Ts = Time() - - - -S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: -assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) - + +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) +C->S NetLogonSamLogon,Rc',Tc,U,arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) +S: assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) +S: Ts = Time() + + + +S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) +C: assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) +C: Rc = Cred(Ks,Rc+Tc+1) + -- cgit