4.2 Manipulating Secret Objects

  • Article

This section illustrates a message exchange pertaining to secret objects.

  1. Message 1: Open the policy object.

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarOpenPolicy2

    SystemName

    "Arbitrary String"

    Send

    LsarOpenPolicy2

    ObjectAttributes

    Ignored, except for the RootDirectory field, which is NULL.

    Send

    LsarOpenPolicy2

    DesiredAccess

    POLICY_VIEW_LOCAL_INFORMATION | POLICY_CREATE_SECRET

  2. Message 2: Success: Policy object opened successfully.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarOpenPolicy2

    Status

    STATUS_SUCCESS

    Receive

    LsarOpenPolicy2

    PolicyHandle

    [Implementation-specific value]

  3. Message 3: Attempt to create a secret objects with name "NL$".

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarCreateSecret

    PolicyHandle

    [Implementation-specific value returned in Step 2.]

    Send

    LsarCreateSecret

    Secretname

    "NL$"

    Send

    LsarCreateSecret

    DesiredAccess

    SECRET_SET_VALUE

  4. Message 4: Failure: Secret name "NL$" is a reserved prefix name and cannot be used.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarCreateSecret

    Status

    STATUS_INVALID_PARAMETER

    Receive

    LsarCreateSecret

    SecretHandle

    NULL

  5. Message 5: Attempt to create a secret object with name "MyBigSecret".

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarCreateSecret

    PolicyHandle

    [Implementation-specific value returned in Step 2.]

    Send

    LsarCreateSecret

    Secretname

    "MyBigSecret"

    Send

    LsarCreateSecret

    DesiredAccess

    SECRET_SET_VALUE

  6. Message 6: Success: Secret created.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarCreateSecret

    Status

    STATUS_SUCCESS

    Receive

    LsarCreateSecret

    SecretHandle

    [Implementation-specific value]

  7. Message 7: Set the value of the secret object.

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarSetSecret

    SecretHandle

    [Implementation-specific value returned in Step 6.]

    Send

    LsarSetSecret

    EncryptedCurrentValue

    Byte BLOB value encrypted with session key.

    Send

    LsarSetSecret

    EncryptedOldValue

    NULL

  8. Message 8: Success: Secret value set.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarSetSecret

    Status

    STATUS_SUCCESS

  9. Message 9: Done with this secret; close the handle.

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarClose

    ObjectHandle

    [Implementation-specific value returned in Step 6.]

  10. Message 10: Success: Secret handle has been closed.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarClose

    Status

    STATUS_SUCCESS

  11. Message 11: Done with the policy handle; close the handle.

    Direction and method

    Parameter field

    Parameter value

    Send

    LsarClose

    ObjectHandle

    [Implementation-specific value returned in Step 2.]

  12. Message 12: Success: Policy handle has been closed.

    Direction and method

    Parameter field

    Parameter value

    Receive

    LsarClose

    Status

    STATUS_SUCCESS