2.2.6.3 NEGO_MESSAGE
The NEGO_MESSAGE structure message is used to begin and exchange negotiation of security mechanisms. This message is sent from the initiator to the acceptor with the message type set to MESSAGE_TYPE_INITIATOR_NEGO to begin the negotiation. The initiator uses this message to specify the set of supported security mechanisms. The acceptor then responds with a NEGO_MESSAGE message, with the message type set to MESSAGE_TYPE_ACCEPTOR_NEGO and with its own list of supported security mechanisms. This message contains signatures for protecting the NEGOEX negotiation and might also contain the optimistic mechanism token.
The NEGO_MESSAGE structure has the following definition.
-
struct { MESSAGE_HEADER Header; UCHAR Random[32]; ULONG64 ProtocolVersion; AUTH_SCHEME_VECTOR AuthSchemes; EXTENSION_VECTOR Extensions; } NEGO_MESSAGE;
Header: A MESSAGE_HEADER structure, as specified in section 2.2.6.2. Its MessageType field can carry from the MESSAGE_TYPE enumeration (section 2.2.6.1) either the value MESSAGE_TYPE_INITIATOR_NEGO for the initiator or the value MESSAGE_TYPE_ACCEPTOR_NEGO for the acceptor.
Random: A UCHAR integer array. The Random field is filled using a secure random number generator, as specified in section 2.2.4.
ProtocolVersion: A ULONG64 type that indicates the numbered version of this protocol. This field contains 0.
AuthSchemes: An AUTH_SCHEME_VECTOR structure, as specified in section 2.2.5.2.2, that contains an ordered list of available, supported security mechanism IDs in decreasing order of preference.
Extensions: All negative extension types are critical (the highest bit is set to 1). If the receiver does not understand a critical extension, the authentication attempt MUST be rejected.