3.1.4.1 Obtaining Handles

  • Article

The Local Security Authority (Domain Policy) Remote Protocol recognizes four types of handles: Policy, Account, Secret, and Trusted Domain. A handle of each type can be obtained only by calling one of a well-defined set of methods. These handles are listed in the following table.

Handle type

Methods that return this type of handle

Policy

LsarOpenPolicy

LsarOpenPolicy2

Account

LsarCreateAccount

LsarOpenAccount

Secret

LsarCreateSecret

LsarOpenSecret

Trusted Domain

LsarCreateTrustedDomain

LsarOpenTrustedDomain

LsarCreateTrustedDomainEx

LsarOpenTrustedDomainByName

LsarCreateTrustedDomainEx2

The server MUST keep track of all handles of each type that every caller opens, from the moment of creation until the handle has been closed (by calling LsarClose or LsarDeleteObject) or until the client disconnects.

Upon receipt of a handle parameter, the server MUST check to see that the handle is one of the valid handles of a type relevant for that operation; if the handle is not valid, the server MUST fail the request by returning STATUS_INVALID_HANDLE.

The RPC protocol provides a mechanism to clean up any resources related to a context handle if a client that is holding the context handle exits, dies, disconnects, or reboots. See section 3.1.6.1 for this protocol's context handle rundown specification.