3.5.4.5.2 NetrLogonSamLogonWithFlags (Opnum 45)

msdn link

The NetrLogonSamLogonWithFlags method SHOULD<210> handle logon requests for the SAM accounts.

 NTSTATUS NetrLogonSamLogonWithFlags(
   [in, unique, string] LOGONSRV_HANDLE LogonServer,
   [in, string, unique] wchar_t* ComputerName,
   [in, unique] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out, unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] NETLOGON_LOGON_INFO_CLASS LogonLevel,
   [in, switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation,
   [in] NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
   [out, switch_is(ValidationLevel)] 
     PNETLOGON_VALIDATION ValidationInformation,
   [out] UCHAR * Authoritative,
   [in, out] ULONG * ExtraFlags
 );

LogonServer: The custom binding handle, as defined in section 3.5.4.1.

ComputerName: The Unicode string that contains the NetBIOS name of the client computer calling this method.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the server return authenticator.

LogonLevel: A NETLOGON_LOGON_INFO_CLASS structure, as specified in section 2.2.1.4.16, that specifies the type of logon information passed in the LogonInformation parameter.

LogonInformation: A pointer to a NETLOGON_LEVEL structure, as specified in section 2.2.1.4.6, that describes the logon request information.

ValidationLevel: A NETLOGON_VALIDATION_INFO_CLASS enumerated type, as specified in section 2.2.1.4.17, that contains the validation level requested by the client.

ValidationInformation: A pointer to a NETLOGON_VALIDATION structure, as specified in section 2.2.1.4.14, that describes the user validation information returned to the client. The type of the NETLOGON_VALIDATION used is determined by the value of the ValidationLevel parameter.

Authoritative: A pointer to a char value representing a Boolean condition. FALSE is indicated by the value 0x00; TRUE SHOULD<211> be indicated by the value 0x01 and MAY also be indicated by any nonzero value.

This Boolean value indicates whether the validation information is an authoritative response. This field is necessary because the request might be forwarded through multiple servers. A value of TRUE indicates that the validation information is final and MUST remain unchanged. The value FALSE indicates that the validation information is not an authoritative response and that the client SHOULD resend the request to another server. 

ExtraFlags: A pointer to a set of bit flags that specify delivery settings. A flag is TRUE (or set) if its value is equal to 1. The value is constructed from zero or more bit flags from the following table.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

D

C

B

A

Where the bits SHOULD<212> defined as:

Value

Description

A

Request is passed to the domain controller at the root of the forest.

B

Request is passed to the DC at the end of the first hop over a cross-forest trust.

C

Request is passed by an RODC to a DC in a different domain.

D

Request is an NTLM authentication package request passed by an RODC.

All other bits MUST be set to zero and MUST be ignored on receipt.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

Message processing is identical to NetrLogonSamLogon, as specified in section 3.5.4.5.3, except for the following:

  • NetrLogonSamLogonWithFlags contains an additional parameter named ExtraFlags.