4.2 Manipulating Secret Objects
This section illustrates a message exchange pertaining to secret objects.
Message 1: Open the policy object.
Direction and method
Parameter field
Parameter value
Send
LsarOpenPolicy2
SystemName
"Arbitrary String"
Send
LsarOpenPolicy2
ObjectAttributes
Ignored, except for the RootDirectory field, which is NULL.
Send
LsarOpenPolicy2
DesiredAccess
POLICY_VIEW_LOCAL_INFORMATION | POLICY_CREATE_SECRET
Message 2: Success: Policy object opened successfully.
Direction and method
Parameter field
Parameter value
Receive
LsarOpenPolicy2
Status
STATUS_SUCCESS
Receive
LsarOpenPolicy2
PolicyHandle
[Implementation-specific value]
Message 3: Attempt to create a secret objects with name "NL$".
Direction and method
Parameter field
Parameter value
Send
LsarCreateSecret
PolicyHandle
[Implementation-specific value returned in Step 2.]
Send
LsarCreateSecret
Secretname
"NL$"
Send
LsarCreateSecret
DesiredAccess
SECRET_SET_VALUE
Message 4: Failure: Secret name "NL$" is a reserved prefix name and cannot be used.
Direction and method
Parameter field
Parameter value
Receive
LsarCreateSecret
Status
STATUS_INVALID_PARAMETER
Receive
LsarCreateSecret
SecretHandle
NULL
Message 5: Attempt to create a secret object with name "MyBigSecret".
Direction and method
Parameter field
Parameter value
Send
LsarCreateSecret
PolicyHandle
[Implementation-specific value returned in Step 2.]
Send
LsarCreateSecret
Secretname
"MyBigSecret"
Send
LsarCreateSecret
DesiredAccess
SECRET_SET_VALUE
Message 6: Success: Secret created.
Direction and method
Parameter field
Parameter value
Receive
LsarCreateSecret
Status
STATUS_SUCCESS
Receive
LsarCreateSecret
SecretHandle
[Implementation-specific value]
Message 7: Set the value of the secret object.
Direction and method
Parameter field
Parameter value
Send
LsarSetSecret
SecretHandle
[Implementation-specific value returned in Step 6.]
Send
LsarSetSecret
EncryptedCurrentValue
Byte BLOB value encrypted with session key.
Send
LsarSetSecret
EncryptedOldValue
NULL
Message 8: Success: Secret value set.
Direction and method
Parameter field
Parameter value
Receive
LsarSetSecret
Status
STATUS_SUCCESS
Message 9: Done with this secret; close the handle.
Direction and method
Parameter field
Parameter value
Send
LsarClose
ObjectHandle
[Implementation-specific value returned in Step 6.]
Message 10: Success: Secret handle has been closed.
Direction and method
Parameter field
Parameter value
Receive
LsarClose
Status
STATUS_SUCCESS
Message 11: Done with the policy handle; close the handle.
Direction and method
Parameter field
Parameter value
Send
LsarClose
ObjectHandle
[Implementation-specific value returned in Step 2.]
Message 12: Success: Policy handle has been closed.
Direction and method
Parameter field
Parameter value
Receive
LsarClose
Status
STATUS_SUCCESS