Partager via


5.64.1 Record

Each Record is represented in the following manner.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

RecordLen

Flags

Timestamp

...

RecordType

ForestTrustData (variable)

...

RecordLen (4 bytes): The length, in bytes, of the entire record.

Flags (4 bytes): Individual bit flags that control how the forest trust information in this record can be used.

If RecordType = 0 or 1, the Flags field can have one or more of the following bits, which are presented in little-endian byte order.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

X

X

X

X

X

T
D
C

T
D
A

T
DN

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X: Unused. Must be zero and ignored.

TDN (LSA_TLN_DISABLED_NEW, 0x00000001): The entry is not yet enabled.

TDA (LSA_TLN_DISABLED_ADMIN, 0x00000002): The entry is disabled by the administrator.

TDC (LSA_TLN_DISABLED_CONFLICT, 0x00000004): The entry is disabled due to a conflict with another trusted domain.

If RecordType = 2, the Flags field can have one or more of the following bits, which are presented in little-endian byte order.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

X

X

X

X

N D C

N D A

S D C

S D A

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X: Unused. MUST be zero and ignored.

SDA (LSA_SID_DISABLED_ADMIN, 0x00000001): The entry is disabled for SID-based matches by the administrator.

SDC (LSA_SID_DISABLED_CONFLICT, 0x00000002): The entry is disabled due to a SID conflict with another trusted domain.

NDA (LSA_NB_DISABLED_ADMIN, 0x00000004): The entry is disabled for NetBIOS name-based matches by the administrator.

NDC (LSA_NB_DISABLED_CONFLICT, 0x00000008): The entry is disabled due to a NetBIOS domain name conflict with another trusted domain.

For RecordType = 2, NETBIOS_DISABLED_MASK is defined as a mask on the lower 4 bits of the Flags field.

For all record types, LSA_FTRECORD_DISABLED_REASONS is defined as a mask on the lower 16 bits of the Flags field. Unused bits covered by the mask are reserved for future use.

Timestamp (8 bytes): A FILETIME (section 5.59) that contains the time when this entry was created.

RecordType (1 byte): An 8-bit value that specifies the type of record contained in this specific entry. The allowed values are specified in section 5.65.

ForestTrustData (variable): A variable length, type-specific record, depending on the RecordType value, that contains the specific type of data about the forest trust relationship.

Important The type-specific ForestTrustData record is not necessarily aligned to a 32-bit boundary. Each record starts at the byte following the RecordType field.

There are three different type-specific records. Depending on the value of the RecordType field, the structure of the type-specific record differs as described below.

  • If RecordType = 0 or RecordType = 1, then the type-specific record is represented in the following manner.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    NameLen

    Name (variable length)...

    NameLen: The length, in bytes, of the Name field.

    Name: The top-level name of the trusted forest, in UTF-8 format.

  • If RecordType = 2, then the type-specific record is represented in the following manner. Note that the record contains the following structures one after another. It is important to note that none of the data shown below is necessarily aligned to 32-bit boundaries.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    SidLen

    Sid (variable length)...

    DnsNameLen

    DnsName (variable length)...

    NetbiosNameLen

    NetbiosName (variable length)...

    SidLen: The length, in bytes, of the Sid field.

    Sid: The SID of a domain in the trusted forest, specified as a SID structure, which is defined in [MS-DTYP] section 2.4.2.

    DnsNameLen: The length, in bytes, of the DnsName field.

    DnsName: The FQDN (1) of a domain in the trusted forest, in UTF-8 format.

    NetbiosNameLen: The length, in bytes, of the NetbiosName field.

    NetbiosName: The NetBIOS name of a domain in the trusted forest, in UTF-8 format.

  • If RecordType is not one of the preceding values, then the type-specific record is represented in the following manner.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    BinaryDataLen

    BinaryData (variable length)...

    BinaryDataLen: The length, in bytes, of the BinaryData field.

    BinaryData: Trusted forest data.