3.1.4 Message Processing Events and Sequencing Rules

  • Article

This section contains detailed information about each protocol message and the steps taken by the server to process caller requests.<56> <57> <58>

Methods in RPC Opnum Order

Method

Description

LsarClose

This method closes an open handle.

Opnum: 0

Opnum1NotUsedOnWire

Opnum: 1

LsarEnumeratePrivileges

This method is invoked to enumerate all privileges known to the system.

Opnum: 2

LsarQuerySecurityObject

This method is invoked to query security information that is assigned to a database object. It returns the security descriptor of the object.

Opnum: 3

LsarSetSecurityObject

This method is invoked to set a security descriptor on an object.

Opnum: 4

Opnum5NotUsedOnWire

Opnum: 5

LsarOpenPolicy

This method is exactly the same as LsarOpenPolicy2, except that the SystemName parameter in this function, because of its syntactic definition, contains only one character instead of a full string.

Opnum: 6

LsarQueryInformationPolicy

This method is invoked to query values representing the server's information policy.

Opnum: 7

LsarSetInformationPolicy

This method is invoked to set some policy on the server.

Opnum: 8

Opnum9NotUsedOnWire

Opnum: 9

LsarCreateAccount

This method is invoked to create a new account object in the server's database.

Opnum: 10

LsarEnumerateAccounts

This method is invoked to request a list of account objects in the server's database.

Opnum: 11

LsarCreateTrustedDomain

This method is invoked to create an object of type trusted domain in the server's database.

Opnum: 12

LsarEnumerateTrustedDomains

This method is invoked to request a list of TDOs in the server's database.

Opnum: 13

Lsar_LSA_TM_14

Opnum: 14

Lsar_LSA_TM_15

Opnum: 15

LsarCreateSecret

This method is invoked to create a new secret object in the server's database.

Opnum: 16

LsarOpenAccount

This method is invoked to obtain a handle to an account object.

Opnum: 17

LsarEnumeratePrivilegesAccount

This method is invoked to retrieve a list of privileges granted to an account on the server.

Opnum: 18

LsarAddPrivilegesToAccount

This method is invoked to add new privileges to an existing account object.

Opnum: 19

LsarRemovePrivilegesFromAccount

This method is invoked to remove privileges from an account object.

Opnum: 20

Opnum21NotUsedOnWire

Opnum: 21

Opnum22NotUsedOnWire

Opnum: 22

LsarGetSystemAccessAccount

This method is invoked to retrieve system access account flags for an account object.

Opnum: 23

LsarSetSystemAccessAccount

This method is invoked to set system access account flags for an account object.

Opnum: 24

LsarOpenTrustedDomain

This method is invoked to obtain a handle to a TDO.

Opnum: 25

LsarQueryInfoTrustedDomain

This method is invoked to retrieve information on a TDO.

Opnum: 26

LsarSetInformationTrustedDomain

This method is invoked to set information on a TDO.

Opnum: 27

LsarOpenSecret

This method is invoked to obtain a handle to an existing secret object.

Opnum: 28

LsarSetSecret

This method is invoked to set the current and old values of the secret object.

Opnum: 29

LsarQuerySecret

This method is invoked to retrieve the current and old (or previous) value of the secret object.

Opnum: 30

LsarLookupPrivilegeValue

This method is invoked to map the name of a privilege into the LUID by which the privilege is known on the server.

Opnum: 31

LsarLookupPrivilegeName

This method is invoked to map the LUID of a privilege into the string name by which the privilege is known on the server.

Opnum: 32

LsarLookupPrivilegeDisplayName

This method is invoked to map the name of a privilege into a display text string in the caller's language.

Opnum: 33

LsarDeleteObject

This method is invoked to delete an open account, secret, or TDO.

Opnum: 34

LsarEnumerateAccountsWithUserRight

This method is invoked to return a list of account objects that have the user right equal to the passed-in value.

Opnum: 35

LsarEnumerateAccountRights

This method is invoked to retrieve a list of rights that are associated with an existing account.

Opnum: 36

LsarAddAccountRights

This method is invoked to add new rights to an account object.

Opnum: 37

LsarRemoveAccountRights

This method is invoked to remove rights from an account object.

Opnum: 38

LsarQueryTrustedDomainInfo

This method is invoked to retrieve information on a TDO.

Opnum: 39

LsarSetTrustedDomainInfo

This method is invoked to set information on a TDO.

Opnum: 40

LsarDeleteTrustedDomain

This method is invoked to delete a TDO.

Opnum: 41

LsarStorePrivateData

This method is invoked to store a secret value.

Opnum: 42

LsarRetrievePrivateData

This method is invoked to retrieve a secret value.

Opnum: 43

LsarOpenPolicy2

This method opens a context handle to the RPC server.

Opnum: 44

Lsar_LSA_TM_45

Opnum: 45

LsarQueryInformationPolicy2

This method is identical to LsarQueryInformationPolicy.

Opnum: 46

LsarSetInformationPolicy2

This method is identical to LsarSetInformationPolicy.

Opnum: 47

LsarQueryTrustedDomainInfoByName

This method is invoked to retrieve information on a TDO by its string name.

Opnum: 48

LsarSetTrustedDomainInfoByName

This method is invoked to set information on a TDO by its string name.

Opnum: 49

LsarEnumerateTrustedDomainsEx

This method is invoked to enumerate TDOs in the server's database.

Opnum: 50

LsarCreateTrustedDomainEx

This method is invoked to create a new TDO.

Opnum: 51

Opnum52NotUsedOnWire

Opnum: 52

LsarQueryDomainInformationPolicy

This method is invoked to retrieve policy settings pertaining to the current domain.

Opnum: 53

LsarSetDomainInformationPolicy

This method is invoked to change policy settings pertaining to the current domain.

Opnum: 54

LsarOpenTrustedDomainByName

This method is invoked to open a TDO handle by supplying the name of the trusted domain.

Opnum: 55

Opnum56NotUsedOnWire

Opnum: 56

Lsar_LSA_TM_57

Opnum: 57

Lsar_LSA_TM_58

Opnum: 58

LsarCreateTrustedDomainEx2

This method is invoked to create a new TDO.

Opnum: 59

Opnum60NotUsedOnWire

Opnum: 60

Opnum61NotUsedOnWire

Opnum: 61

Opnum62NotUsedOnWire

Opnum: 62

Opnum63NotUsedOnWire

Opnum: 63

Opnum64NotUsedOnWire

Opnum: 64

Opnum65NotUsedOnWire

Opnum: 65

Opnum66NotUsedOnWire

Opnum: 66

Opnum67NotUsedOnWire

Opnum: 67

Lsar_LSA_TM_68

Opnum: 68

Opnum69NotUsedOnWire

Opnum: 69

Opnum70NotUsedOnWire

Opnum: 70

Opnum71NotUsedOnWire

Opnum: 71

Opnum72NotUsedOnWire

Opnum: 72

LsarQueryForestTrustInformation

This method is invoked to retrieve information on a trust relationship with another forest.

Opnum: 73

LsarSetForestTrustInformation

This method is invoked to establish a trust relationship with another forest by attaching a set of records called the forest trust information to the TDO.

Opnum: 74

Opnum75NotUsedOnWire

Opnum: 75

LsarLookupSids3

Opnum: 76

LsarLookupNames4

Opnum: 77

Opnum78NotUsedOnWire

Opnum: 78

Opnum79NotUsedOnWire

Opnum: 79

Opnum80NotUsedOnWire

Opnum: 80

Opnum81NotUsedOnWire

Opnum: 81

Opnum82NotUsedOnWire

Opnum: 82

Opnum83NotUsedOnWire

Opnum: 83

Opnum84NotUsedOnWire

Opnum: 84

Opnum85NotUsedOnWire

Opnum: 85

Opnum86NotUsedOnWire

Opnum: 86

Opnum87NotUsedOnWire

Opnum: 87

Opnum88NotUsedOnWire

Opnum: 88

Opnum89NotUsedOnWire

Opnum: 89

Opnum90NotUsedOnWire

Opnum: 90

Opnum91NotUsedOnWire

Opnum: 91

Opnum92NotUsedOnWire

Opnum: 92

Opnum93NotUsedOnWire

Opnum: 93

Opnum94NotUsedOnWire

Opnum: 94

Opnum95NotUsedOnWire

Opnum: 95

Opnum96NotUsedOnWire

Opnum: 96

Opnum97NotUsedOnWire

Opnum: 97

Opnum98NotUsedOnWire

Opnum: 98

Opnum99NotUsedOnWire

Opnum: 99

Opnum100NotUsedOnWire

Opnum: 100

Opnum101NotUsedOnWire

Opnum: 101

Opnum102NotUsedOnWire

Opnum: 102

Opnum103NotUsedOnWire

Opnum: 103

Opnum104NotUsedOnWire

Opnum: 104

Opnum105NotUsedOnWire

Opnum: 105

Opnum106NotUsedOnWire

Opnum: 106

Opnum107NotUsedOnWire

Opnum: 107

Opnum108NotUsedOnWire

Opnum: 108

Opnum109NotUsedOnWire

Opnum: 109

Opnum110NotUsedOnWire

Opnum: 110

Opnum111NotUsedOnWire

Opnum: 111

Opnum112NotUsedOnWire

Opnum: 112                               

Opnum113NotUsedOnWire

Opnum: 113

Opnum114NotUsedOnWire

Opnum: 114

Opnum115NotUsedOnWire

Opnum: 115

Opnum116NotUsedOnWire

Opnum: 116

Opnum117NotUsedOnWire

Opnum: 117

Opnum118NotUsedOnWire

Opnum: 118

Opnum119NotUsedOnWire

Opnum: 119

Opnum120NotUsedOnWire

Opnum: 120

Opnum121NotUsedOnWire

Opnum: 121

Opnum122NotUsedOnWire

Opnum: 122

Opnum123NotUsedOnWire

Opnum: 123

Opnum124NotUsedOnWire

Opnum: 124

Opnum125NotUsedOnWire

Opnum: 125

Opnum126NotUsedOnWire

Opnum: 126

Opnum127NotUsedOnWire

Opnum: 127

Opnum128NotUsedOnWire

Opnum: 128

LsarCreateTrustedDomainEx3

This method creates a new trusted domain object (TDO).

Opnum: 129

LsarOpenPolicy3

This method opens a context handle to the RPC server.

Opnum: 130

Opnum131NotUsedOnWire

Opnum: 131

LsarQueryForestTrustInformation2

This method retrieves information about a trust relationship with another forest.

Opnum: 132

LsarSetForestTrustInformation2

This method is invoked to establish a trust relationship with another forest by attaching a set of records known as forest trust information to a trusted domain object (TDO).

Opnum: 133

Opnum134NotUsedOnWire

Opnum: 134

LsarOpenPolicyWithCreds

This method opens a context handle to the RPC server.

Opnum: 135

LsarOpenSecret2

This method is invoked to obtain a handle to an existing secret object.

Opnum: 136

LsarCreateSecret2

This method is invoked to create a new secret object in the server's database.

Opnum: 137

LsarSetSecret2

This method is invoked to set the current and old values of the secret object.

Opnum: 138

LsarQuerySecret2

This method is invoked to retrieve the current and old (or previous) value of the secret object.

Opnum: 139

LsarStorePrivateData2

This method is invoked to store a secret value.

Opnum: 140

LsarRetrievePrivateData2

This method is invoked to retrieve a secret value.

Opnum: 141

The following citation contains a timeline of when each method value was introduced.<59>

Note Gaps in the opnum numbering sequence represent opnums of methods that are specified in [MS-LSAT], or opnums that MUST NOT be used over the wire.<60>

Note Exceptions MUST NOT be thrown beyond those thrown by the underlying RPC protocol (as specified in [MS-RPCE]), unless otherwise specified.

The return values of all methods MUST conform to the specification of NTSTATUS, as specified in [MS-ERREF] section 2.3. Specific return values for normative processing conditions are specified in this document in the subsections of this section.

Unless otherwise specified, all negative values returned by an implementation are treated equivalently by the client as a message processing error. Unless otherwise specified, all non-negative values returned by an implementation are treated equivalently by the client as a success (of message processing).

Return values for implementation-specific conditions are left to the implementer's discretion, subject to the constraints specified in [MS-ERREF]. For example, an implementation can re-use an existing value in [MS-ERREF], such as 0xC0000017 (no memory).

All methods in this protocol MUST perform data validation (as specified in section 3.1.4.10) for all parameters that are specified as input parameters. If data validation fails for some reason, processing MUST end, and the server MUST respond back with a failure.

In the following sections, the first general idea behind the common operations is explained in sections 3.1.4.1, 3.1.4.2, and 3.1.4.3. The methods are grouped by functionality: policies, accounts, secrets, trusted domains, privileges, and common object methods. Section 3.1.4.10 explains the data validation rules.