NetrLogonSendToSam (Opnum 32)

The NetrLogonSendToSam method allows a BDC or RODC to forward user account password changes to the PDC. It SHOULD<217> be used by the client to deliver an opaque buffer to the SAM database ([MS-SAMR] section 3.1.1) on the server side.

 NTSTATUS NetrLogonSendToSam(
   [in, unique, string] LOGONSRV_HANDLE PrimaryName,
   [in, string] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in, size_is(OpaqueBufferSize)] 
     UCHAR * OpaqueBuffer,
   [in] ULONG OpaqueBufferSize

PrimaryName: The custom binding handle, as defined in

ComputerName: A null-terminated Unicode string that contains the NetBIOS name of the client computer making the call.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section, that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section, that contains the server return authenticator.

OpaqueBuffer: A buffer to be passed to the Security Account Manager (SAM) service on the PDC. The buffer is encrypted on the wire.

OpaqueBufferSize: The size, in bytes, of the OpaqueBuffer parameter.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

On receiving this call, the server MUST perform the following validation steps:

  • Apply Common Error Processing Rule A, specified in section 3.

  • Using the ComputerName for the secure channel to find the corresponding record in the ClientSessionInfo table, verify the Authenticator parameter (section If the Authenticator parameter is valid, compute the ReturnAuthenticator parameter returned (section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

If the PrimaryName parameter is not NULL, it is compared against the server's computer name. If the PrimaryName parameter does not match the server's computer name, the server MUST return STATUS_INVALID_COMPUTER_NAME. If the PrimaryName parameter matches the server's computer name, or the PrimaryName parameter is NULL, then processing proceeds.

The server MUST check whether the caller is a BDC or RODC; otherwise, it MUST return STATUS_ACCESS_DENIED. The server determines whether the caller is BDC or RODC by examining the value of SecureChannelType parameter in the ClientSessionInfo table. The caller is a BDC if SecureChannelType is ServerSecureChannel. The caller is an RODC if the SecureChannelType is CdcServerSecureChannel.

The server MUST decrypt the message passed in the OpaqueBuffer parameter using the negotiated encryption algorithm (determined by bits C, O, or W, respectively, in the NegotiateFlags member of the ClientSessionInfo table entry for ComputerName) and the established session key as the decryption key. The server passes the decrypted data to the local SAM for processing. The buffer specified by OpaqueBuffer is completely opaque to the Netlogon Protocol.

This method can be called only by a machine that has established a secure channel with the server.