authsrv(6): fix arrows

This commit is contained in:
cinap_lenrek 2016-01-19 11:08:29 +01:00
parent 4a47b264ac
commit 7b31d5e494

View file

@ -94,16 +94,16 @@ client's desired ID on server
.BR suid ) .BR suid )
.TP .TP
.I YAc .I YAc
client \(-> AS DH public key client AS DH public key
.TP .TP
.I YBc .I YBc
AS \(-> client DH public key AS client DH public key
.TP .TP
.I YAs .I YAs
server \(-> AS DH public key server AS DH public key
.TP .TP
.I YBs .I YBs
AS \(-> server DH public key AS server DH public key
.TP .TP
.I RNc .I RNc
client's 32-byte random string client's 32-byte random string
@ -155,7 +155,7 @@ is the client's responsibility.
.PP .PP
The protocol to obtain a ticket pair is: The protocol to obtain a ticket pair is:
.TP .TP
.IR C \(-> A .I C→A:
.IR AuthTreq , .IR AuthTreq ,
.IR IDs , .IR IDs ,
.IR DN , .IR DN ,
@ -163,7 +163,7 @@ The protocol to obtain a ticket pair is:
.IR IDc , .IR IDc ,
.IR IDr .IR IDr
.TP .TP
.IR A \(-> C .I A→C:
.IR AuthOK , .IR AuthOK ,
.IR Kc { AuthTc , .IR Kc { AuthTc ,
.IR CHs , .IR CHs ,
@ -228,12 +228,12 @@ The Plan 9 shared key protocol
allows a client and server to authenticate each other. allows a client and server to authenticate each other.
The protocol is: The protocol is:
.TP .TP
.IR C \(-> S .I C→S:
.I CHc .I CHc
.br .br
The client starts by sending a random challenge to the server. The client starts by sending a random challenge to the server.
.TP .TP
.IR S \(-> C .I S→C:
.IR AuthTreq , .IR AuthTreq ,
.IR IDs , .IR IDs ,
.IR DN , .IR DN ,
@ -245,7 +245,7 @@ The server replies with a ticket request giving its
id and authentication domain along with its own id and authentication domain along with its own
random challenge. random challenge.
.TP .TP
.IR C \(-> S .I C→S:
.IR Ks { AuthTs , .IR Ks { AuthTs ,
.IR CHs , .IR CHs ,
.IR IDc , .IR IDc ,
@ -275,7 +275,7 @@ and is therefore allowed to authenticate as
.IR CHs .IR CHs
in the authenticator avoids replay attacks.) in the authenticator avoids replay attacks.)
.TP .TP
.IR S \(-> C .I S→C:
.IR Kn { AuthAs , .IR Kn { AuthAs ,
.IR CHc } .IR CHc }
.br .br
@ -353,7 +353,7 @@ and
.I IDc .I IDc
is: is:
.TP .TP
.IR C \(-> A .I C→A:
.IR AuthPAK , .IR AuthPAK ,
.IR IDs , .IR IDs ,
.IR DN , .IR DN ,
@ -363,7 +363,7 @@ is:
.IR YAs , .IR YAs ,
.I YAc .I YAc
.TP .TP
.IR A \(-> C .I A→C:
.IR AuthOK , .IR AuthOK ,
.IR YBs , .IR YBs ,
.I YBc .I YBc
@ -376,7 +376,7 @@ to establish a single server key
for for
.IR IDs : .IR IDs :
.TP .TP
.IR C \(-> A .I C→A:
.IR AuthPAK , .IR AuthPAK ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -385,7 +385,7 @@ for
.IR IDc , .IR IDc ,
.I YAs .I YAs
.TP .TP
.IR A \(-> C .I A→C:
.IR AuthOK , .IR AuthOK ,
.I YBs .I YBs
.PP .PP
@ -396,7 +396,7 @@ to establish a single client key
for for
.IR IDc : .IR IDc :
.TP .TP
.IR C \(-> A .I C→A:
.IR AuthPAK , .IR AuthPAK ,
.IR \- , .IR \- ,
.IR \- , .IR \- ,
@ -405,7 +405,7 @@ for
.IR IDc , .IR IDc ,
.I YAc .I YAc
.TP .TP
.IR A \(-> C .I A→C:
.IR AuthOK , .IR AuthOK ,
.I YBc .I YBc
.SS "Dp9ik" .SS "Dp9ik"
@ -426,12 +426,12 @@ to derive the ticket encryption keys
and and
.IR Kc : .IR Kc :
.TP .TP
.IR C \(-> S .I C→S:
.I CHc .I CHc
.br .br
The client starts by sending a random challenge to the server. The client starts by sending a random challenge to the server.
.TP .TP
.IR S \(-> C .I S→C:
.IR AuthPAK , .IR AuthPAK ,
.IR IDs , .IR IDs ,
.IR DN , .IR DN ,
@ -453,7 +453,7 @@ along with its own random challenge
and its public key and its public key
.IR YAs . .IR YAs .
.TP .TP
.IR C \(-> S .I C→S:
.IR YBs , .IR YBs ,
.IR Ks { AuthTs , .IR Ks { AuthTs ,
.IR CHs , .IR CHs ,
@ -515,7 +515,7 @@ The random string
.I RNc .I RNc
is used in the derivation of the session secret. is used in the derivation of the session secret.
.TP .TP
.IR S \(-> C .I S→C:
.IR Kn { AuthAs , .IR Kn { AuthAs ,
.IR CHc , .IR CHc ,
.IR RNs } .IR RNs }
@ -540,17 +540,17 @@ protocol, followed by the agreed-upon protocol.
.PP .PP
The negotiation protocol is: The negotiation protocol is:
.TP .TP
.IR S \(-> C .I S→C:
.B v.2 .B v.2
.IB proto@authdom .IB proto@authdom
.IB proto@authdom .IB proto@authdom
.I ... .I ...
.TP .TP
.IR C \(-> S .I C→S:
.I proto .I proto
.I dom .I dom
.TP .TP
.IR S \(-> C .I S→C:
.B OK .B OK
.PP .PP
Each message is a NUL-terminated UTF string. Each message is a NUL-terminated UTF string.
@ -602,7 +602,7 @@ Users connect directly to the AS
to change their passwords. to change their passwords.
The protocol is: The protocol is:
.TP .TP
.IR C \(-> A .I C→A:
.IR AuthPass , .IR AuthPass ,
.IR \- , .IR \- ,
.IR \- , .IR \- ,
@ -612,7 +612,7 @@ The protocol is:
.br .br
The client sends a password change ticket request. The client sends a password change ticket request.
.TP .TP
.IR A \(-> C .I A→C:
.IR Kc { AuthTp , .IR Kc { AuthTp ,
.IR CHc , .IR CHc ,
.IR IDc , .IR IDc ,
@ -624,7 +624,7 @@ The server responds with a ticket containing the key
encrypted with the client's key encrypted with the client's key
.IR Kc .IR Kc
.TP .TP
.IR C \(-> A .I C→A:
.IR Kn { AuthPass , .IR Kn { AuthPass ,
.IR old , .IR old ,
.IR new , .IR new ,
@ -643,7 +643,7 @@ the user's
.IR secret , .IR secret ,
the password used for non-Plan 9 authentications. the password used for non-Plan 9 authentications.
.TP .TP
.IR A \(-> C .I A→C:
.I AuthOK .I AuthOK
or or
.IR AuthErr , .IR AuthErr ,
@ -727,7 +727,7 @@ message is expected, a
message may be substituted. message may be substituted.
.de Ok .de Ok
.TP .TP
.IR A \(-> S .I A→S:
.IR AuthOK , .IR AuthOK ,
.IR Ks { AuthTs , .IR Ks { AuthTs ,
.IR CHs , .IR CHs ,
@ -739,7 +739,7 @@ message may be substituted.
.. ..
.PP .PP
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthChal , .IR AuthChal ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -747,11 +747,11 @@ message may be substituted.
.IR IDs , .IR IDs ,
.IR IDc .IR IDc
.TP .TP
.IR A \(-> S .I A→S:
.IR AuthOK , .IR AuthOK ,
.IR challenge .IR challenge
.TP .TP
.IR S \(-> A .I S→A:
.IR response .IR response
.Ok .Ok
.IP .IP
@ -811,7 +811,7 @@ lines map from Plan 9 user ids to RADIUS ids.
Users not listed are assumed to have the Users not listed are assumed to have the
same id in both places. same id in both places.
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthApop , .IR AuthApop ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -819,11 +819,11 @@ same id in both places.
.IR IDs , .IR IDs ,
.IR \- .IR \-
.TP .TP
.IR A \(-> S .I A→S:
.IR AuthOKvar , .IR AuthOKvar ,
.IR challenge .IR challenge
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthApop , .IR AuthApop ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -862,7 +862,7 @@ is the keyed MD5 hash using the user's secret as the key
in in
.IR sechash (2)). .IR sechash (2)).
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthChap , .IR AuthChap ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -870,10 +870,10 @@ in
.IR IDs , .IR IDs ,
.IR \- .IR \-
.TP .TP
.IR A \(-> S .I A→S:
.I challenge .I challenge
.TP .TP
.IR S \(-> A .I S→A:
.IR pktid , .IR pktid ,
.IR IDc , .IR IDc ,
.IR response .IR response
@ -892,7 +892,7 @@ The reply packet is defined as
in in
.BR <authsrv.h> . .BR <authsrv.h> .
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthMSchap , .IR AuthMSchap ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -900,10 +900,10 @@ in
.IR IDs , .IR IDs ,
.IR \- .IR \-
.TP .TP
.IR A \(-> S .I A→S:
.I challenge .I challenge
.TP .TP
.IR S \(-> A .I S→A:
.IR IDc , .IR IDc ,
.IR lm-response , .IR lm-response ,
.IR nt-response .IR nt-response
@ -924,7 +924,7 @@ The reply packet is defined as
in in
.BR <authsrv.h> . .BR <authsrv.h> .
.TP .TP
.IR S \(-> A .I S→A:
.IR AuthVNC , .IR AuthVNC ,
.IR \- , .IR \- ,
.IR DN , .IR DN ,
@ -932,11 +932,11 @@ in
.IR IDs , .IR IDs ,
.IR IDc .IR IDc
.TP .TP
.IR A \(-> S .I A→S:
.IR AuthOKvar , .IR AuthOKvar ,
.I challenge .I challenge
.TP .TP
.IR S \(-> A .I S→A:
.I response .I response
.Ok .Ok
.IP .IP