2.2.2 PasswordUpdate Request Message
The PasswordUpdate request message requests a change in password-related attributes for the directory object specified in the message. The message processing details are specified in section 3.3.5.2.
The layout of the PasswordUpdate request message is shown in the following diagram. This message MUST be carried in the Message field of the structure defined in section 2.2.1.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Flags |
|||||||||||||||||||||||||||||||
|
Size |
|||||||||||||||||||||||||||||||
|
AccountRid |
|||||||||||||||||||||||||||||||
|
PasswordExp |
Reserved |
||||||||||||||||||||||||||||||
|
OffsetLengthArray (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Data (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Flags (4 bytes): A bitmask with the following
values defined. All bits that can be set, as specified below, can be set in any
combination by the requestor
with the exception of LM and NT; these bits MUST both be set or both be
cleared. The responder
MUST ignore the LM bit if it is set and the NT bit is not set.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Y |
X |
L M |
N T |
U N |
P E |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
Y (Reserved): This bit SHOULD be set to zero and MUST be ignored on receipt.<2>
X (Reserved): These bits MUST be set to zero.
LM (FLAG_LM_HASH): This bit MUST be set if the message contains an LM hash. The hash value MUST be 16 bytes long.
NT (FLAG_NT_HASH): This bit MUST be set if the message contains an NT hash. The hash value MUST be 16 bytes long.
UN (FLAG_ACCOUNT_UNLOCKED): This bit MUST be set if the target account is to be unlocked. The corresponding Offset and Length fields in Data and OffsetLengthArray MUST be zero on request and MUST be ignored on receipt.
PE (FLAG_MANUAL_PWD_EXPIRY): This bit MUST be set if the PasswordExp field is valid for this request. The corresponding Offset and Length fields in Data and OffsetLengthArray MUST be zero on request and MUST be ignored on receipt.<3>
Size (4 bytes): A 32-bit, unsigned integer that contains the number of bytes in the PasswordUpdate request message, starting with (and including) the Flags field to (and including) the variable length of OffsetLengthArray. This information (the size) can be inferred on receipt from the bits set in the Flags field; for more information, see the description for OffsetLengthArray. This field is useful to quickly determine the start of the Data section.
AccountRid (4 bytes): A 32-bit, unsigned integer that contains a relative identifier (RID) for a SID structure.
PasswordExp (1 byte): This byte is only tested against zero, so all non-zero values are equivalent within the protocol. This field MUST be used to infer the length of the time period for which a password is valid. Details about message processing are specified in section 3.3.5.2.
Reserved (3 bytes): This portion of the message MUST be filled with zeros and MUST be ignored on receipt.
OffsetLengthArray (variable): An array of 8-byte elements used as offset and length descriptors for the data associated with this request message. Elements in this array correspond to bits in the Flags field. The number of elements in this array MUST be equal to the position of the most significant bit that is set in the Flags field. The entries MUST be in the same order as the bits in the Flags field. For example, if just bit 5 (FLAG_MANUAL_PWD_EXPIRY) is set, the length of the array is 6 (elements), or 48 bytes and the elements are ordered from least significant to most significant.
-
For an illustration of the relationship between the Flags field and the OffsetLengthArray element, see the protocol example in section 4.1.
-
Each OffsetLengthArray element contains two 32-bit unsigned integers that MUST consist of the following fields:
Offset: The offset, in bytes, from the start of the Data field to the first byte of the data that corresponds to this particular element. The offset MUST be double-byte aligned.
Length: The length, in bytes, of the data that corresponds to this particular element. The length MUST be double-byte aligned.
-
If a Flags bit is not set, or is set but has no data associated with it (for example, the UN flag), both Offset and Length MUST be zero in the corresponding OffsetLengthArray element and MUST be ignored on receipt.
Data (variable): A variable-sized field that MUST hold the data associated with the request. The descriptors for this data are the (Offset, Length) fields that constitute each OffsetLengthArray element. The length of the Data section MUST be no less than the maximum of Offset + Length for all elements of the OffsetLengthArray. This field is double-byte aligned and each entry is ordered the same as the elements in OffsetLengthArray; any bytes added to achieve alignment MUST have no bits set.