3.5.4.5.3 NetrLogonSamLogon (Opnum 2)

The NetrLogonSamLogon method<216> is a predecessor to the NetrLogonSamLogonWithFlags method (section 3.5.4.5.2). All parameters of this method have the same meanings as the identically named parameters of the NetrLogonSamLogonWithFlags method.

 NTSTATUS NetrLogonSamLogon(
   [in, unique, string] LOGONSRV_HANDLE LogonServer,
   [in, string, unique] wchar_t* ComputerName,
   [in, unique] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out, unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] NETLOGON_LOGON_INFO_CLASS LogonLevel,
   [in, switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation,
   [in] NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
   [out, switch_is(ValidationLevel)] 
     PNETLOGON_VALIDATION ValidationInformation,
   [out] UCHAR * Authoritative
 );

Message processing<217> is identical to NetrLogonSamLogonEx, as specified in section 3.5.4.5.1, except for the following:

  • The method uses Netlogon authenticators, so instead of checking for Secure RPC, the server MUST confirm the validity of the Authenticator (section 3.1.4.5) that it received using the ComputerName for the secure channel to find the corresponding record in the ClientSessionInfo table. If the Authenticator parameter is valid, the server MUST compute the ReturnAuthenticator parameter returned (section 3.1.4.5). Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  • The ExtraFlags parameter is not processed.

This method SHOULD only be called by a machine that has established a secure channel with the server.

On receiving this call, the server MUST perform the following validation step:

  • Apply Common Error Processing Rule A, specified in section 3.