2 Structures

Some of the PAC structures are formatted by using the Distributed Computing Environment (DCE) data representation as specified in [C706], and as exposed by the marshaling support in the Remote Procedure Call Protocol Extensions [MS-RPCE]. This requires that an Interface Definition Language (IDL) file for the types be created and that this IDL be used for marshaling the data into a single message. For more information, see [MIDLINF].

For extensibility purposes, the structures used in the encapsulation allow for additional types to be incorporated, as shown in the following figure.

Figure 1: Encapsulation layers

The AuthorizationData element AD-IF-RELEVANT ([RFC4120] section 5.2.6) is the outermost wrapper. It encapsulates another AuthorizationData element of type AD-WIN2K-PAC ([RFC4120] section 7.5.4). Inside this structure is the PACTYPE structure, which serves as a header for the actual PAC elements. Immediately following the PACTYPE header is a series of PAC_INFO_BUFFER structures. These PAC_INFO_BUFFER structures serve as pointers into the contents of the PAC that follows this header.

The preceding figure is illustrative of the way an AuthorizationData element is constructed and is not intended to represent a complete or actual AuthorizationData element. The element starts with a contiguous set of structures, but the remainder of the element consists of a space within which data blocks reside. Those blocks are referenced by a pointer from the initial contiguous structures (as in Type 1, 6, and C blocks in the figure) or from another block (as in the data blocks referenced by the Type C data block). Data blocks in this space are not to overlap, but need not be contiguous or in any particular order.