2.2.5.2 DIGEST_VALIDATION_RESP Message
The DIGEST_VALIDATION_RESP message is a response to a DIGEST_VALIDATION_REQ message (section 2.2.5.1).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
MessageType |
|||||||||||||||||||||||||||||||
|
Version |
Pad2 |
||||||||||||||||||||||||||||||
|
Status |
|||||||||||||||||||||||||||||||
|
SessionKeyLength |
Pad3 |
||||||||||||||||||||||||||||||
|
AuthDataSize |
|||||||||||||||||||||||||||||||
|
AcctNameSize |
Reserved1 |
||||||||||||||||||||||||||||||
|
MessageSize |
|||||||||||||||||||||||||||||||
|
Reserved3 |
|||||||||||||||||||||||||||||||
|
SessionKey |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
SessionKey NULL terminator |
Pad4 |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Pad1 |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
AuthData (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
AccountName (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
MessageType (4 bytes): A 32-bit unsigned integer that MUST specify the Digest validation message type. This member MUST be 0x0000000A.
Version (2 bytes): A 16-bit unsigned integer that MUST specify the version of the Digest validation protocol. The protocol version defined in this document is 1. The value of this member MUST be 0x0001.
Pad2 (2 bytes): An unused 16-bit unsigned integer. MUST be set to zero when sent and MUST be ignored on receipt.
Status (4 bytes): A 32-bit unsigned integer that specifies if the Digest authentication data sent in the DIGEST_VALIDATION_REQ (section 2.2.5.1) was successfully verified by the domain controller. On successful validation, the Status field MUST be set to STATUS_SUCCESS. On failure, it MUST be set to STATUS_LOGON_FAILURE as specified in [MS-ERREF] section 2.3.
SessionKeyLength (2 bytes): A 16-bit unsigned integer that MUST specify the number of bytes of the SessionKey field in the DIGEST_VALIDATION_RESP message plus a terminating null character. It MUST be equal to 33.
Pad3 (2 bytes): An unused 16-bit unsigned integer. MUST be set to zero when sent and MUST be ignored on receipt.
AuthDataSize (4 bytes): A 32-bit unsigned integer that MUST specify the number of bytes of the AuthData field in the DIGEST_VALIDATION_RESP message.
AcctNameSize (2 bytes): A 16-bit unsigned integer that MUST specify the number of bytes of the AccountName field in the DIGEST_VALIDATION_RESP message.
Reserved1 (2 bytes): A 16-bit unsigned integer field reserved for future use. MUST be set to zero when sent and MUST be ignored on receipt.
MessageSize (4 bytes): A 32-bit unsigned integer that MUST specify the number of bytes in the entire DIGEST_VALIDATION_RESP message.
Reserved3 (4 bytes): A 32-bit unsigned integer field reserved for future use. MUST be set to zero when sent and MUST be ignored on receipt.
SessionKey (32 bytes): A 32-byte buffer that MUST contain the Digest SessionKey ([RFC2617] section 3.2.2.2).
SessionKey NULL terminator (1 byte): A single byte to terminate the SessionKey. MUST be set to zero.
Pad4 (7 bytes): An unused 7-byte padding. The value of each byte MUST be set to zero when sent and MUST be ignored on receipt.
Pad1 (8 bytes): An unused 64-bit unsigned integer. MUST be set to zero when sent and MUST be ignored on receipt.
AuthData (variable): This field MUST contain a PACTYPE structure ([MS-PAC] section 2.3). The length of the PACTYPE structure MUST be specified by the AuthDataSize field. The length of this field MUST be 0 if the value of the Status field is STATUS_LOGON_FAILURE.
AccountName (variable): This field MUST contain the NetBIOS name of the user's account. Its length MUST be specified in the AcctNameSize field.