Duration (Pacific Standard Time):
To (Pacific Standard Time):
Impact:
User Action:

Retrieving Logon Session Information

The following example calls the LsaGetLogonSessionData function to retrieve information about a logon session.

The GetSessionData function, which is used only for illustrative purposes, takes a pointer to a valid LUID logon session identifier. For an example that demonstrates obtaining the valid logon session identifiers available on a system, see Enumerating the Logon Sessions.

The LsaNtStatusToWinError function converts an NTSTATUS code to a Windows error code.

#include <windows.h>
#include <stdio.h>

VOID GetSessionData(PLUID session)
{
  PSECURITY_LOGON_SESSION_DATA sessionData = NULL;
  NTSTATUS retval;
  WCHAR buffer[256];
  WCHAR *usBuffer;
  int usLength;

  // Check for a valid session.
  if (!session ) {
    wprintf(L"Error - Invalid logon session identifier.\n");
    return;
  }
  // Get the session information.
  retval = LsaGetLogonSessionData (session, &sessionData);
  if (retval != STATUS_SUCCESS) {
    // An error occurred. Tell the world.
    wprintf (L"LsaGetLogonSessionData failed %lu \n",
      LsaNtStatusToWinError(retval));
    // If session information was returned, free it.
    if (sessionData) {
      LsaFreeReturnBuffer(sessionData);
    }
    return;
  } 
  // Determine whether there is session data to parse. 
  if (!sessionData) { // no data for session
    wprintf(L"Invalid logon session data. \n");
    return;
  }
  if (sessionData->UserName.Buffer != NULL) {
    // Get the user name.
    usBuffer = (sessionData->UserName).Buffer;
    usLength = (sessionData->UserName).Length;
    if(usLength < 256)
    {
        wcsncpy_s (buffer, 256, usBuffer, usLength);
        wcscat_s (buffer, 256, L"");
    }
    else
    {
        wprintf(L"\nUser name too long for buffer. Exiting program.");
        exit(1);
    }
    
    wprintf (L"user %s was authenticated ",buffer);
  } else {
    wprintf (L"\nMissing user name.\n");
    LsaFreeReturnBuffer(sessionData);
    return;
  }
  if ((SECURITY_LOGON_TYPE) sessionData->LogonType == Interactive) {
    wprintf(L"interactively ");
  }
  if (sessionData->AuthenticationPackage.Buffer != NULL) {
    // Get the authentication package name.
    usBuffer = (sessionData->AuthenticationPackage).Buffer;
    usLength = (sessionData->AuthenticationPackage).Length;
    if(usLength < 256)
    {
        wcsncpy_s (buffer, 256, usBuffer, usLength);
        wcscat_s (buffer, 256, L"");
    }
    else
    {
        wprintf(L"\nAuthentication package too long for buffer."
            L" Exiting program.");
        exit(1);
    }
    wprintf(L"using %s ",buffer);
  } else {
    wprintf (L"\nMissing authentication package.");
    LsaFreeReturnBuffer(sessionData);
    return;
  }
  if (sessionData->LogonDomain.Buffer != NULL) {
    // Get the domain name.
    usBuffer = (sessionData->LogonDomain).Buffer;
    usLength = (sessionData->LogonDomain).Length;
    if(usLength < 256)
    {
        wcsncpy_s (buffer, 256, usBuffer, usLength);
        wcscat_s (buffer, 256, L"");
    }
    else
    {
        wprintf(L"\nLogon domain too long for buffer."
            L" Exiting program.");
        exit(1);
    }
    wprintf(L"in the %s domain.\n",buffer);
  } else {
    wprintf (L"\nMissing authenticating domain information. ");
    LsaFreeReturnBuffer(sessionData);
    return;
  }
  // Free the memory returned by the LSA.
  LsaFreeReturnBuffer(sessionData);
  return;
}

 

 

Send comments about this topic to Microsoft

Build date: 4/6/2010