3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33)

msdn link

The LsarLookupPrivilegeDisplayName method is invoked to map the name of a privilege into a display text string in the caller's language.

 NTSTATUS LsarLookupPrivilegeDisplayName(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] PRPC_UNICODE_STRING Name,
   [in] short ClientLanguage,
   [in] short ClientSystemDefaultLanguage,
   [out] PRPC_UNICODE_STRING* DisplayName,
   [out] unsigned short* LanguageReturned
 );

PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.

Name: A string containing the name of a privilege.

ClientLanguage: An identifier of the client's language.

ClientSystemDefaultLanguage: An identifier of the default language of the caller's machine.

DisplayName: Used to return the display name of the privilege in the language pointed to by the LanguageReturned value.

LanguageReturned: An identifier of the language in which DisplayName was returned.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC000000D

STATUS_INVALID_PARAMETER

One or more of the supplied parameters was invalid.

0xC0000060

STATUS_NO_SUCH_PRIVILEGE

The supplied LUID is not recognized by the server.

0xC0000008

STATUS_INVALID_HANDLE

PolicyHandle is not a valid handle.

Processing:

This method takes six arguments:

PolicyHandle: An open handle to the policy object. If the handle is not a valid context handle to the policy object or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to POLICY_LOOKUP_NAMES.

Name: A string name of the privilege. The server MUST attempt to locate the entry with the same name in the data store specified in section 3.1.1.2.1. If the entry cannot be located, the server MUST return STATUS_NO_SUCH_PRIVILEGE.

ClientLanguage: A numerical identifier of the language in which the caller wishes to receive the display name. The server MUST try to locate the privilege description in the language that is identified by this parameter. If the data store does not have this language, the server MUST try the next parameter.

ClientSystemDefaultLanguage: An identifier of the default language of the caller. This might be different than the ClientLanguage parameter. If the data store does not have the description in the previous language, the server MUST try to find the description in this language.

DisplayName: Used to return the description of the privilege. If neither ClientLanguage nor ClientSystemDefaultLanguage can be found, the server MUST return the description in the server's own language.

LanguageReturned: Used to return the language ID of DisplayName. This might be different from the language ID that was requested.