2.10 UPN_DNS_INFO
The UPN_DNS_INFO structure contains the client's UPN, fully qualified domain name (FQDN), SAM name (optional), and SID (optional). It is used to provide the UPN, FQDN, SAM name, and SID that corresponds to the client of the ticket. The UPN_DNS_INFO structure is placed directly after the Buffers array of the topmost PACTYPE structure (section 2.3), at the offset specified in the Offset field of the corresponding PAC_INFO_BUFFER structure (section 2.4) in the Buffers array. The ulType field of the corresponding PAC_INFO_BUFFER is set to 0x0000000C.<23>
The UPN_DNS_INFO structure is defined as follows.
typedef struct _UPN_DNS_INFO { USHORT UpnLength; USHORT UpnOffset; USHORT DnsDomainNameLength; USHORT DnsDomainNameOffset; ULONG Flags; } UPN_DNS_INFO, *PUPN_DNS_INFO;
The format of the UPN_DNS_INFO structure is defined as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
UpnLength |
UpnOffset |
||||||||||||||||||||||||||||||
DnsDomainNameLength |
DnsDomainNameOffset |
||||||||||||||||||||||||||||||
Flags |
|||||||||||||||||||||||||||||||
SamNameLength |
SamNameOffset |
||||||||||||||||||||||||||||||
SidLength |
SidOffset |
UpnLength (2 bytes): An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN information. The location of the UPN information is described later in this section.
UpnOffset (2 bytes): An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the UPN information, in bytes, from the beginning of the UPN_DNS_INFO structure (section 2.10).
DnsDomainNameLength (2 bytes): An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the DNS information. The location of the DNS information is described later in this section.
DnsDomainNameOffset (2 bytes): An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the DNS information, in bytes, from the beginning of the UPN_DNS_INFO structure.
Flags (4 bytes): A set of bit flags in little-endian format. A flag is TRUE (or set) if its value is equal to 1. The value is constructed from zero or more bit flags from the following table:
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
S
U
-
Where the bits are defined as:
-
Value
Description
U
The user account object does not have the userPrincipalName attribute ([MS-ADA3] section 2.349) set. A UPN constructed by concatenating the user name with the DNS domain name of the account domain is provided.
S
The UPN_DNS_INFO structure has been extended with the user account’s SAM Name and SID.
-
All other bits are set to zero and MUST be ignored on receipt.
SamNameLength (2 bytes): An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the SAM name. The location of the SAM name is described later in this section. This field is only present if the S flag bit is set.
SamNameOffset (2 bytes): An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the SAM name, in bytes, from the beginning of the UPN_DNS_INFO structure. This field is only present if the S flag bit is set.
SidLength (2 bytes): An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the client’s SID. The location of the SID is described later in this section. This field is only present if the S flag bit is set.
SidOffset (2 byte): An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the client’s SID, in bytes, from the beginning of the UPN_DNS_INFO structure. This field is only present if the S flag bit is set.
The actual DNS and UPN information (and, if the S flag bit is set, the SAM name and SID) is placed after the UPN_DNS_INFO structure following the header and starting with the corresponding offset in a consecutive buffer. The UPN, FQDN, and SAM name are encoded using a two-byte UTF16 scheme, in little-endian order.