Export (0) Print
Expand All

2.2.2.1 AV_PAIR

The AV_PAIR structure defines an attribute/value pair. Sequences of AV_PAIR structures are used in the CHALLENGE_MESSAGE (section 2.2.1.2) and AUTHENTICATE_MESSAGE (section 2.2.1.3) messages.

Although the following figure suggests that the most significant bit (MSB) of AvId is aligned with the MSB of a 32-bit word, an AV_PAIR can be aligned on any byte boundary and can be 4+N bytes long for arbitrary N (N = the contents of AvLen).


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

AvId

AvLen

Value (variable)

...

AvId (2 bytes): A 16-bit unsigned integer that defines the information type in the Value field. The contents of this field MUST be one of the values from the following table. The corresponding Value field in this AV_PAIR MUST contain the information specified in the description of that AvId.

Value Meaning

MsvAvEOL
0x0000

Indicates that this is the last AV_PAIR in the list. AvLen MUST be 0. This type of information MUST be present in the AV pair list.

MsvAvNbComputerName
0x0001

The server's NetBIOS computer name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.

MsvAvNbDomainName
0x0002

The server's NetBIOS domain name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.

MsvAvDnsComputerName
0x0003

The fully qualified domain name (FQDN (1)) of the computer. The name MUST be in Unicode, and is not null-terminated.

MsvAvDnsDomainName
0x0004

The FQDN (2) of the domain. The name MUST be in Unicode, and is not null-terminated.

MsvAvDnsTreeName
0x0005

The FQDN (2) of the forest. The name MUST be in Unicode, and is not null-terminated.<11>

MsvAvFlags
0x0006

A 32-bit value indicating server or client configuration.

0x00000001: indicates to the client that the account authentication is constrained.

0x00000002: indicates that the client is providing message integrity in the MIC field (section 2.2.1.3) in the AUTHENTICATE_MESSAGE.<12>

0x00000004: indicates that the client is providing a target SPN generated from an untrusted source.<13>

MsvAvTimestamp
0x0007

A FILETIME structure ([MS-DTYP] section 2.3.3) in little-endian byte order that contains the server local time.<14>

MsvAvSingleHost
0x0008

A Single_Host_Data (section 2.2.2.2) structure. The Value field contains a platform-specific blob, as well as a MachineID created at computer startup to identify the calling machine.<15>

MsvAvTargetName
0x0009

The SPN of the target server. The name MUST be in Unicode and is not null-terminated.<16>

MsvChannelBindings
0x000A

A channel bindings hash. The Value field contains an MD5 hash ([RFC4121] section 4.1.1.2) of a gss_channel_bindings_struct ([RFC2744] section 3.11). An all-zero value of the hash is used to indicate absence of channel bindings.<17>

AvLen (2 bytes): A 16-bit unsigned integer that defines the length, in bytes, of the Value field.

Value (variable): A variable-length byte-array that contains the value defined for this AV pair entry. The contents of this field depend on the type expressed in the AvId field. The available types and resulting format and contents of this field are specified in the table within the AvId field description in this topic.

When AV pairs are specified, MsvAvEOL MUST be the last item specified. All other AV pairs, if present, can be specified in any order.

 
Show:
© 2014 Microsoft