4.1 SAM Server-to-Server Request Example
The following example shows a requestor successfully making a PasswordUpdate (section 2.2.2) request.
The message flow is trivial: The requestor makes a PasswordUpdate request (arrow A in the following figure), and the responder returns a status code (arrow B in the figure), as specified in section 2.2.2.
Figure 1: A requestor makes a PasswordUpdate request
The following content shows an example of a PasswordUpdate request message (arrow A in the preceding figure).
-
00000000 00 00 00 00 60 00 00 00-2C 00 00 00 40 00 00 00 00000010 F8 03 00 00 01 00 00 00-00 00 00 00 00 00 00 00 00000020 00 00 00 00 00 00 00 00-00 00 00 00 10 00 00 00 00000030 10 00 00 00 10 00 00 00-00 00 00 00 00 00 00 00 00000040 00 00 00 00 00 00 00 00-D3 58 D4 AC 2F 3C DA 54 00000050 3C FA 06 98 89 F4 AD 23-4C 23 A5 D3 67 46 2A F3 00000060 22 3D DC 54 58 34 EA 5E
The binary data shown above expresses the following information:
This is a PasswordUpdate request (a value of 0 for the first 32-bit value).
Size of the remaining data is 0x60 bytes.
For the PasswordUpdate message:
The following flags are set:
FLAG_LM_HASH (0x04)
FLAG_NT_HASH (0x08)
FLAG_MANUAL_PWD_EXPIRY (0x20)
Because FLAG_MANUAL_PWD_EXPIRY represents bit 5 in the Flag field, there are six elements in the OffsetLengthArray.
The amount of header information for the PasswordUpdate message is 0x40 bytes.
The RID of the target directory object is 0x3F8.
The password is to be expired immediately.
The first two and last two elements of the OffsetLengthArray do not have corresponding data in the Data portion of the message.
The offset of the LM hash value is 0 bytes from the end of the header, and the length of the value is 0x10; therefore, the LM hash value is 0xACD458D354DA3C2F9806FA3C23ADF489.
The offset of the NT hash value is 0x10 bytes from the end of the header, and the length of the value is 0x10; therefore, the NT hash value is 0xD3A5234CF32A466754DC3D225EEA3458.
The PasswordUpdate response message (arrow B in the preceding figure) is STATUS_SUCCESS (value 0). This is simply the RPC return code of the Netlogon RPC method NetrLogonSendToSam.