3.5.4.4.9 NetrServerTrustPasswordsGet (Opnum 42)
The NetrServerTrustPasswordsGet method SHOULD<189> return the encrypted current and previous passwords for an account in the domain. This method is called by a client to retrieve the current and previous account passwords from a domain controller. The account name requested MUST be the name used when the secure channel was created, unless the method is called on a PDC by a DC, in which case it can be any valid account name.
-
NTSTATUS NetrServerTrustPasswordsGet( [in, unique, string] LOGONSRV_HANDLE TrustedDcName, [in, string] wchar_t* AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType, [in, string] wchar_t* ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNewOwfPassword, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedOldOwfPassword );
TrustedDcName: The custom binding handle, as defined in section 3.5.4.1.
AccountName: The null-terminated Unicode string that contains the name of the client account in the domain for which the trust password MUST be returned.<190>
SecureChannelType: A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, as specified in section 2.2.1.3.13, that indicates the type of the secure channel being established by this call.
ComputerName: The null-terminated Unicode string that contains the NetBIOS name of the client computer.
Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the client authenticator.
ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section 2.2.1.1.5, that contains the server return authenticator.
EncryptedNewOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in [MS-SAMR] section 2.2.7.3, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the current password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.
EncryptedOldOwfPassword: A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, as specified in [MS-SAMR] section 2.2.7.3, that contains the NTOWFv1 (as specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1) of the previous password, encrypted as specified in [MS-SAMR] section 2.2.11.1.1, Encrypting an NT Hash or LM Hash Value with a specified key. The session key is the specified 16-byte key that is used to derive the password's keys. The specified 16-byte key uses the 16-byte value process, as specified in [MS-SAMR] section 2.2.11.1.4.
Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.
Message processing is identical to NetrServerGetTrustInfo, as specified in section 3.5.4.7.6, except for the following:
The TrustInfo parameter is not present in NetrServerTrustPasswordsGet.