2.2.2.1 AV_PAIR
The AV_PAIR structure defines an attribute/value pair. Sequences of AV_PAIR structures are used in the CHALLENGE_MESSAGE (section 2.2.1.2) directly. They are also in the AUTHENTICATE_MESSAGE (section 2.2.1.3) via the NTLMv2_CLIENT_CHALLENGE (section 2.2.2.7) structure.
Although the following figure suggests that the most significant bit (MSB) of AvId is aligned with the MSB of a 32-bit word, an AV_PAIR can be aligned on any byte boundary and can be 4+N bytes long for arbitrary N (N = the contents of AvLen).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
AvId |
AvLen |
||||||||||||||||||||||||||||||
|
Value (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
AvId (2 bytes): A 16-bit unsigned integer that defines the information type in the Value field. The contents of this field MUST be a value from the following table. The corresponding Value field in this AV_PAIR MUST contain the information specified in the description of that AvId.
-
Value
Meaning
MsvAvEOL
0x0000
Indicates that this is the last AV_PAIR in the list. AvLen MUST be 0. This type of information MUST be present in the AV pair list.
MsvAvNbComputerName
0x0001
The server's NetBIOS computer name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
MsvAvNbDomainName
0x0002
The server's NetBIOS domain name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
MsvAvDnsComputerName
0x0003
The fully qualified domain name (FQDN) of the computer. The name MUST be in Unicode, and is not null-terminated.
MsvAvDnsDomainName
0x0004
The FQDN of the domain. The name MUST be in Unicode, and is not null-terminated.
MsvAvDnsTreeName
0x0005
The FQDN of the forest. The name MUST be in Unicode, and is not null-terminated.<13>
MsvAvFlags
0x0006
A 32-bit value indicating server or client configuration.
0x00000001: Indicates to the client that the account authentication is constrained.
0x00000002: Indicates that the client is providing message integrity in the MIC field (section 2.2.1.3) in the AUTHENTICATE_MESSAGE.<14>
0x00000004: Indicates that the client is providing a target SPN generated from an untrusted source.<15>
MsvAvTimestamp
0x0007
A FILETIME structure ([MS-DTYP] section 2.3.3) in little-endian byte order that contains the server local time. This structure is always sent in the CHALLENGE_MESSAGE.<16>
MsvAvSingleHost
0x0008
A Single_Host_Data (section 2.2.2.2) structure. The Value field contains a platform-specific blob, as well as a MachineID created at computer startup to identify the calling machine.<17>
MsvAvTargetName
0x0009
The SPN of the target server. The name MUST be in Unicode and is not null-terminated.<18>
MsvAvChannelBindings
0x000A
A channel bindings hash. The Value field contains an MD5 hash ([RFC4121] section 4.1.1.2) of a gss_channel_bindings_struct ([RFC2744] section 3.11). An all-zero value of the hash is used to indicate absence of channel bindings.<19>
AvLen (2 bytes): A 16-bit unsigned integer that defines the length, in bytes, of the Value field.
Value (variable): A variable-length byte-array that contains the value defined for this AV pair entry. The contents of this field depend on the type expressed in the AvId field. The available types and resulting format and contents of this field are specified in the table within the AvId field description in this topic.
When AV pairs are specified, MsvAvEOL MUST be the last item specified. All other AV pairs, if present, can be specified in any order.