2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB

  • Article

msdn link

The LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure contains a counted buffer of authentication material. Domain trust authentication is specified in [MS-ADTS] section 6.1.6.9.1.

 typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB {
   [range(0,65536)] unsigned long AuthSize;
   [size_is(AuthSize)] unsigned char* AuthBlob;
 } LSAPR_TRUSTED_DOMAIN_AUTH_BLOB,
  *PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB;

AuthSize: The count of bytes in AuthBlob.<35>

AuthBlob: An array of bytes containing the authentication material. If the AuthSize field has a value other than 0, this field MUST NOT be NULL. Always encrypted using algorithms, as specified in section 5.1.1. The plaintext layout is in the following format.

The incoming and outgoing authentication information buffer size included at the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be used to extract the incoming and outgoing authentication information buffers from the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of these buffers contains the byte offset to both the current and the previous authentication information. This information can be used to extract current and (if any) previous authentication information.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

512 bytes of random data (512 bytes)

...

...

CountOutgoingAuthInfos

ByteOffsetCurrentOutgoingAuthInfo

ByteOffsetPreviousOutgoingAuthInfo

CurrentOutgoingAuthInfos (variable)

...

...

PreviousOutgoingAuthInfos (variable)

...

...

CountIncomingAuthInfos

ByteOffsetCurrentIncomingAuthInfo

ByteOffsetPreviousIncomingAuthInfo

CurrentIncomingAuthInfos (variable)

...

...

PreviousIncomingAuthInfos (variable)

...

...

OutgoingAuthInfoSize

IncomingAuthInfoSize

CountOutgoingAuthInfos (4 bytes): Specifies the count of entries present in the CurrentOutgoingAuthInfos field. If optional field PreviousOutgoingAuthInfos is present, the number of entries in PreviousOutgoingAuthInfos is also equal to CountOutgoingAuthInfos.

ByteOffsetCurrentOutgoingAuthInfo (4 bytes): Specifies the byte offset from the beginning of CountOutgoingAuthInfos to the start of the CurrentOutgoingAuthInfos field. If CountOutgoingAuthInfos is 0, this field MUST be ignored.

ByteOffsetPreviousOutgoingAuthInfo (4 bytes): Specifies the byte offset from the beginning of CountOutgoingAuthInfos to the start of the PreviousOutgoingAuthInfos field. If the difference between ByteOffsetPreviousOutgoingAuthInfo and OutgoingAuthInfoSize is 0, the PreviousOutgoingAuthInfos field has zero entries.

CurrentOutgoingAuthInfos: Contains an array of CountOutgoingAuthInfos of LSAPR_AUTH_INFORMATION (section 2.2.7.17) entries in self-relative format. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is necessary to insert unused padding bytes into a buffer for data alignment, such bytes MUST be set to 0.

PreviousOutgoingAuthInfos: Contains an array of CountOutgoingAuthInfos LSAPR_AUTH_INFORMATION entries in self-relative format. See the comments for the ByteOffsetPreviousOutgoingAuthInfo field to determine when this field is present. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is necessary to insert unused padding bytes into a buffer for data alignment, such bytes MUST be set to 0.

CountIncomingAuthInfos (4 bytes): Specifies the count of entries present in the CurrentIncomingAuthInfos field. If optional field PreviousIncomingAuthInfos is present, the number of entries in PreviousIncomingAuthInfos is also equal to CountIncomingAuthInfos.

ByteOffsetCurrentIncomingAuthInfo (4 bytes): Specifies the byte offset from the beginning of CountIncomingAuthInfos to the start of the CurrentIncomingAuthInfos field. If CountIncomingAuthInfos is 0, this field MUST be ignored.

ByteOffsetPreviousIncomingAuthInfo (4 bytes): Specifies the byte offset from the beginning of CountIncomingAuthInfos to the start of the PreviousIncomingAuthInfos field. If the difference between ByteOffsetPreviousIncomingAuthInfo and IncomingAuthInfoSize is 0, the PreviousIncomingAuthInfos field has zero entries.

CurrentIncomingAuthInfos: Contains an array of CountIncomingAuthInfos LSAPR_AUTH_INFORMATION entries in self-relative format. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is necessary to insert unused padding bytes into a buffer for data alignment, such bytes MUST be set to 0.

PreviousIncomingAuthInfos: Contains an array of CountIncomingAuthInfos LSAPR_AUTH_INFORMATION entries in self-relative format. See the comments for the ByteOffsetPreviousIncomingAuthInfo field to determine when this field is present. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is necessary to insert unused padding bytes into a buffer for data alignment, such bytes MUST be set to 0.

OutgoingAuthInfoSize (4 bytes): Specifies the size, in bytes, of the subportion of the structure from the beginning of the CountOutgoingAuthInfos field through the end of the of the PreviousOutgoingAuthInfos field.

IncomingAuthInfoSize (4 bytes): Specifies the size, in bytes, of the sub-portion of the structure from the beginning of the CountIncomingAuthInfos field through the end of the of the PreviousIncomingAuthInfos field.