3.5.4.4.9 NetrServerTrustPasswordsGet (Opnum 42)

  • Article

The NetrServerTrustPasswordsGet method SHOULD<188> return the encrypted current and previous passwords for an account in the domain. This method is called by a client to retrieve the current and previous account passwords from a domain controller. The account name requested MUST be the name used when the secure channel was created, unless the method is called on a PDC by a DC, in which case it can be any valid account name. 

 NTSTATUS NetrServerTrustPasswordsGet(
   [in, unique, string] LOGONSRV_HANDLE TrustedDcName,
   [in, string] wchar_t* AccountName,
   [in] NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
   [in, string] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNewOwfPassword,
   [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedOldOwfPassword
 );

TrustedDcName: The custom binding handle, as defined in section 3.5.4.1.

AccountName: The null-terminated Unicode string that contains the name of the client account in the domain for which the trust password MUST be returned.<189>

SecureChannelType: A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, as specified in section 2.2.1.3.13, that indicates the type of the secure channel being established by this call.

ComputerName: The null-terminated Unicode string that contains the NetBIOS name of the client computer.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the server return authenticator.

EncryptedNewOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in [MS-SAMR] section 2.2.7.3, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the current password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.

EncryptedOldOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in [MS-SAMR] section 2.2.7.3, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the previous password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

Message processing is identical to NetrServerGetTrustInfo, as specified in section 3.5.4.7.6, except for the following:

  • The TrustInfo parameter is not present in NetrServerTrustPasswordsGet.