MSV1_0_LM20_LOGON structure (ntsecapi.h)
The MSV1_0_LM20_LOGON structure contains logon information used in network logons.
It is used by LsaLogonUser.
Syntax
typedef struct _MSV1_0_LM20_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING CaseSensitiveChallengeResponse;
STRING CaseInsensitiveChallengeResponse;
ULONG ParameterControl;
} MSV1_0_LM20_LOGON, *PMSV1_0_LM20_LOGON;
Members
MessageType
A MSV1_0_LOGON_SUBMIT_TYPE value that specifies the type of logon being requested. This member must be set to MsV1_0Lm20Logon or MsV1_0NetworkLogon.
If this member is set to MsV1_0Lm20Logon, the MSV1_0 package ignores the ParameterControl member.
LogonDomainName
A UNICODE_STRING that contains the name of the logon domain. The specified domain name must be a Windows domain (or mixed domain) that is in the trusted domain list of this computer. If the logon domain name is not known (for example, for clients that do not supply this information), this member should be passed in as a zero-length string. This domain is the authenticating authority.
UserName
A UNICODE_STRING that represents the account name of the user. The name can be up to 255 bytes long. The name is treated as case insensitive.
Workstation
A UNICODE_STRING that contains the computer name of the client workstation from which the user logon request was initiated.
ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
Contains the challenge returned from a previous call to LsaCallAuthenticationPackage, when MsV1_0Lm20ChallengeRequest was specified as the message type. For more information, see the description of MsV1_0Lm20ChallengeRequest in MSV1_0_PROTOCOL_MESSAGE_TYPE. This enables the authentication package to determine whether the challenge response is correct.
CaseSensitiveChallengeResponse
Contains some function of the case-sensitive Unicode password of the client. Typically, it will be the ChallengeToClient member encrypted by a case-sensitive version of the password.
Some clients will simply supply the plaintext case-sensitive Unicode password. In that case, this member points to that plaintext password. The MSV1_0 Authentication Package may accept this nonencrypted form depending on a configuration option.
Some clients do not support case-sensitive Unicode passwords. In that case, this member should contain a zero-length string.
CaseInsensitiveChallengeResponse
Contains some function of the case-insensitive multiple-byte character set (MBCS) password of the client. Typically, it will be the ChallengeToClient member encrypted by a case-insensitive version of the password.
Clients that support only MBCS and not Unicode supply a plaintext case-insensitive MBCS password. In that case, this member points to that plaintext password. The MSV1_0 authentication package will accept this nonencrypted form depending on a configuration option.
ParameterControl
Specifies attributes of the other parameters. This can be one or more of the following flags.
| Value | Meaning |
|---|---|
|
LanMan2.0 or LanMan1.0 send a plaintext password instead of a challenge response. To allow plaintext passwords to be used in the NetworkLogon message, an application must supply this flag. |
|
Update the logon statistics for the account. If this flag is not set, the bad password count is set to zero upon successful logon. |
|
If this flag is specified, the UserParameters member of the MSV1_0_LM20_LOGON_PROFILE return buffer is valid. |
|
Prevents the user from logging on with a guest account. |
|
If this flag is set, domain controller accounts can be used for authentication; otherwise, only user accounts can be used. |
|
Causes the password expiration time to be returned in the LogoffTime member of the MSV1_0_LM20_LOGON_PROFILE structure returned in the output buffer. |
|
Denotes that the CaseInsensitiveChallengeResponse contains a client challenge in the first 8 bytes. |
|
Causes the user to log on using the guest account. |
|
Returns the profile path for Encrypting File System (EFS). The profile path is used by EFS to locate the profile of the user and find the user's keys for encrypting and decrypting files. This information is not returned to the caller; it is stored within the LSA and used by internal processes. |
|
In normal operation, the LogonDomainName member is used as a suggestion. The package (using the NetLogon service) will continue passing the logon request to domain controllers higher in the trusted domain path until one authoritatively rejects the logon.
This flag overrides that behavior so that only the specified domain controller will attempt to process the logon. If LogonDomainName is blank, the logon will not be attempted. |
|
Permits remote-boot clients to log on using a computer account. |
|
Permits the user of a clear text password.
Windows XP and Windows Server 2003: Not supported. |
|
Permits the domain to be used for routing only.
Windows XP and Windows Server 2003: Not supported. |
|
Permits SubAuthentication log on.
Windows XP and Windows Server 2003: Not supported. |
|
Permits S4U clients to log on without a password.
Windows Vista, Windows Server 2003 with SP2, Windows XP and Windows Server 2003: Not supported. |
|
Check the log on hours for a S4U log on client.
Windows Vista, Windows Server 2003 with SP2, Windows XP and Windows Server 2003: Not supported. |
|
Permits log on for Internet users. This flag should be used by calls from authentication packages directly and not from netlogon.
Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows XP and Windows Server 2003: Not supported. |
Remarks
If the UserName, CaseSensitiveChallengeResponse, and CaseInsensitiveChallengeResponse members all contain zero-length strings, an anonymous token will be generated for the logon. This anonymous token gives the user no ability to access protected system resources but does allow access to nonprotected system resources. The server uses this method to support a NULL session.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | ntsecapi.h |