2.2.1 KERB_SID_AND_ATTRIBUTES
The KERB_SID_AND_ATTRIBUTES structure represents a SID and its attributes for use in authentication. It is sent within the KERB_VALIDATION_INFO (section 2.5) structure and used to include additional information about the group that the SID references.
The KERB_SID_AND_ATTRIBUTES structure is defined as follows.
-
typedef struct _KERB_SID_AND_ATTRIBUTES { PISID Sid; ULONG Attributes; } KERB_SID_AND_ATTRIBUTES, *PKERB_SID_AND_ATTRIBUTES;
Sid: A pointer to an RPC_SID structure ([MS-DTYP] section 2.4.2.3).
Attributes: A set of bit flags that describe attributes of the SID in the Sid field.
-
Attributes can contain one or more of the following bits.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
E
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
D
C
B
A
-
Where the bits are defined as:
-
Value
Description
A
This setting means that the group is mandatory for the user and cannot be disabled. Corresponds to SE_GROUP_MANDATORY. For more information, see [SIDATT].
B
This setting means that the group is marked as enabled by default. Corresponds to SE_GROUP_ENABLED_BY_DEFAULT. For more information, see [SIDATT].
C
This setting means that the group is enabled for use. Corresponds to SE_GROUP_ENABLED. For more information, see [SIDATT].
D
This setting means that the group can be assigned as an owner of a resource. Corresponds to SE_GROUP_OWNER. For more information, see [SIDATT].
E
This setting means that the group is a domain-local or resource group. Corresponds to SE_GROUP_RESOURCE. For more information, see [SIDATT].
-
All other bits MUST be set to zero and MUST be ignored on receipt.