Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
SpAcquireCredentialsHandle
Collapse the table of content
Expand the table of content

SpAcquireCredentialsHandle function

Called to obtain a handle to a principal's credentials. The security package can deny access to the caller if the caller does not have permission to access the credentials.

If the credentials handle is returned to the caller, the package should also specify an expiration time for the handle.

Syntax


NTSTATUS SpAcquireCredentialsHandle(
  _In_  PUNICODE_STRING PrincipalName,
  _In_  ULONG           CredentialUseFlags,
  _In_  PLUID           LogonId,
  _In_  PVOID           AuthorizationData,
  _In_  PVOID           GetKeyFunction,
  _In_  PVOID           GetKeyArgument,
  _Out_ PLSA_SEC_HANDLE CredentialHandle,
  _Out_ PTimeStamp      ExpirationTime
);

Parameters

PrincipalName [in]

Optional. Pointer to a UNICODE_STRING structure containing the name of the security principal whose credentials are being requested. If this value is NULL, the caller requests a handle to the credentials of the user in whose security context the caller is executing.

CredentialUseFlags [in]

Flags indicating how the credentials will be used. The following values are valid.

ValueMeaning
SECPKG_CRED_INBOUND

Credentials will be used with the AcceptSecurityContext (General) function.

SECPKG_CRED_OUTBOUND

Credentials will be used with the InitializeSecurityContext (General) function.

 

LogonId [in]

Optional. Pointer to an LUID containing the logon identifier of the security principal.

AuthorizationData [in]

Optional. Pointer to supplemental authentication data.

GetKeyFunction [in]

Pointer to a function in the caller's address space that generates session keys.

GetKeyArgument [in]

Pointer to the argument used with the GetKeyFunction function.

CredentialHandle [out]

Pointer to an LSA_SEC_HANDLE that receives the credentials. When you have finished using the credentials, free the handle by calling the SpFreeCredentialsHandle function.

ExpirationTime [out]

Pointer to a TimeStamp that receives the time the credentials handle expires.

Return value

If the function succeeds, return STATUS_SUCCESS.

If the function fails, return an NTSTATUS code that indicates the reason it failed. The following table lists common reasons for failure and the error codes that should be returned.

Return codeDescription
SEC_E_NOT_OWNER

The caller is denied access.

SEC_E_NO_CREDENTIALS

There are no credentials available for the specified principal.

 

Remarks

The package can use the Local Security Authority (LSA) support functions to determine whether the caller should be given access to the requested credentials.

Credentials obtained from SpAcquireCredentialsHandle are freed by calling the SpFreeCredentialsHandle function.

SSP/APs must implement the SpAcquireCredentialsHandle function; however, the actual name given to the implementation is up to the developer.

A pointer to the SpAcquireCredentialsHandle function is available in the SECPKG_FUNCTION_TABLE structure received from the SpLsaModeInitialize function.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecpkg.h

See also

SECPKG_FUNCTION_TABLE
SpFreeCredentialsHandle
SpLsaModeInitialize

 

 

Community Additions

ADD
Show:
© 2015 Microsoft