3.1.4.4.9 LsarOpenPolicy3 (Opnum 130)

Articolo
04/23/2024

The LsarOpenPolicy3 method, as specified below, opens a context handle to the RPC server. This is the first function that MUST be called to contact the Local Security Authority (Domain Policy) (LSAD) Remote Protocol database.

 NTSTATUS
 LsarOpenPolicy3(
     [in,unique,string] PLSAPR_SERVER_NAME               SystemName,
     [in] PLSAPR_OBJECT_ATTRIBUTES                       ObjectAttributes,
     [in] ACCESS_MASK                                    DesiredAccess,
     [in] ULONG                                          InVersion,
     [in] [switch_is(InVersion)] LSAPR_REVISION_INFO*    InRevisionInfo,
     [out] ULONG*                                        OutVersion,
     [out] [switch_is(*OutVersion)] LSAPR_REVISION_INFO* OutRevisionInfo,
     [out] LSAPR_HANDLE*                                 PolicyHandle
     );

SystemName: This parameter has no effect on message processing in any environment. It MUST be ignored on receipt.

ObjectAttributes: This parameter has no effect on message processing in any environment. All fields MUST <67> be ignored except RootDirectory, which MUST be NULL.

DesiredAccess: An ACCESS_MASK value (section 2.2.1.1) that specifies the requested access rights that MUST be granted on the returned PolicyHandle, if the request is successful.

InVersion: Indicates which field of the InRevisionInfo union is used.

InRevisionInfo: Revision information. For details, see the definition of the LSAPR_REVISION_INFO_V1 structure (section 2.2.2.6), which is contained in the LSAPR_REVISION_INFO union (section 2.2.2.7).

OutVersion: Indicates which field of the OutRevisionInfo union is used.

OutRevisionInfo: Revision information. For details, see the definition of the LSAPR_REVISION_INFO_V1 structure (section 2.2.2.6), which is contained in the LSAPR_REVISION_INFO union (section 2.2.2.7).

PolicyHandle: An RPC context handle (section 2.2.2.1) that represents a reference to the abstract data model of a policy object, as specified in section 3.1.1.1.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing below.

Return value/code	Description
0x00000000 STATUS_SUCCESS	The request was successfully completed.
0xC0000022 STATUS_ACCESS_DENIED	The caller does not have the permissions to perform this operation.
0xC000000D STATUS_INVALID_PARAMETER	One of the supplied parameters is incorrect. For example, this can happen when ObjectAttributes is NULL or DesiredAccess is zero.
0xC00000BB STATUS_NOT_SUPPORTED	The operation is not supported for this object.

Server processing instructions upon receiving this message are the same as LsarOpenPolicy2 with exception of the following:

If InVersion is not equal to 1, the server MUST return STATUS_NOT_SUPPORTED (0xC00000BB).
The server MUST set OutVersion to 1 and OutRevisionInfo.Revision to 1.
To indicate support for AES encryption of trust authentication information (sections 2.2.7.29 and 2.2.7.30), the OutRevisionInfo.SupportedFeatures field MUST be set to 1.
To indicate support for name lookups with authentication other than RPC_C_AUTHN_NETLOGON security provider, the OutRevisionInfo.SupportedFeatures field MUST be set to 2.<68>
To indicate support for AES encryption of secrets (section 2.2.6.2), the OutRevisionInfo.SupportedFeatures field MUST be set to 4.

Note: LsarOpenPolicy3 supersedes LsarOpenPolicy2 and MUST be used whenever possible.

Condividi tramite

3.1.4.4.9 LsarOpenPolicy3 (Opnum 130)

Risorse aggiuntive