Export (0) Print
Expand All

3.5.4.4.8 NetrServerTrustPasswordsGet (Opnum 42)

The NetrServerTrustPasswordsGet method<252> returns the encrypted current and previous passwords for an account in the domain. This method is called by a client to retrieve the current and previous account passwords from a domain controller. The account name requested MUST be the name used when the secure channel was created, unless the method is called on a PDC by a DC, in which case it can be any valid account name.

NTSTATUS NetrServerTrustPasswordsGet(
  [in, unique, string] LOGONSRV_HANDLE TrustedDcName,
  [in, string] wchar_t* AccountName,
  [in] NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
  [in, string] wchar_t* ComputerName,
  [in] PNETLOGON_AUTHENTICATOR Authenticator,
  [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
  [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNewOwfPassword,
  [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedOldOwfPassword
);

TrustedDcName: The custom RPC binding handle, as specified in section 3.5.4.1.

AccountName: The null-terminated Unicode string that contains the name of the client account in the domain for which the trust password MUST be returned.<253>

SecureChannelType: A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, as specified in section 2.2.1.3.13, that indicates the type of the secure channel being established by this call.

ComputerName: The null-terminated Unicode string that contains the NetBIOS name of the client computer.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the server return authenticator.

EncryptedNewOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in section 2.2.1.1.4, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the current password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.

EncryptedOldOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in section 2.2.1.1.4, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the previous password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

Message processing is identical to NetrServerGetTrustInfo, as specified in section 3.5.4.7.6, except for the following:

  • The TrustInfo parameter is not present in NetrServerTrustPasswordsGet.

 
Show:
© 2014 Microsoft