3.1.4.4 LsarGetUserName (Opnum 45)

  • Article

The LsarGetUserName method returns the name and the domain name of the security principal that is invoking the method.

 NTSTATUS LsarGetUserName(
   [in, unique, string] wchar_t* SystemName,
   [in, out] PRPC_UNICODE_STRING* UserName,
   [in, out, unique] PRPC_UNICODE_STRING* DomainName
 );

SystemName: This parameter has no effect on message processing in any environment. It MUST be ignored.

UserName: On return, contains the name of the security principal that is making the call. The string MUST be of the form sAMAccountName. On input, this parameter MUST be ignored. The RPC_UNICODE_STRING structure is defined in [MS-DTYP] section 2.3.10.

DomainName: On return, contains the domain name of the security principal that is invoking the method. This string MUST be a NetBIOS name. On input, this parameter MUST be ignored.

Return Values: The following table contains a summary of the return values that an implementation MUST return, as specified by the message processing shown after the table.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

The server MUST determine the SID of the caller; to do so, the server MUST invoke the GetRpcImpersonationAccessToken abstract interface ([MS-RPCE] section 3.3.3.4.3.1).

If GetRpcImpersonationAccessToken succeeds, the server MUST use the SID in the Token.Sids[OwnerIndex] element ([MS-DTYP] section 2.5.2) for further processing.

If GetRpcImpersonationAccessToken fails, the server MUST use the ANONYMOUS SID ([MS-DTYP] section 2.4.2.4) for further processing.

The server MUST locate the security principal that is making the request using the SID that was determined previously. To do so, a search MUST be performed in the following views and MUST end as soon as the security principal is located in some view:

  • Predefined Translation View.

  • Configurable Translation View.

  • Account Domain View of the account database served on that machine.

    • If the machine is not joined to a domain, the search ends here.

  • If this machine is not a domain controller: Account Domain View of the domain to which this machine is joined.

  • Forest View of the forest of the domain to which this machine is joined.

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

After the security principal is located, the RPC server MUST return the security principal name in the UserName parameter and MUST return the domain NetBIOS name in the DomainName parameter if DomainName is not NULL. The return value MUST be set to STATUS_SUCCESS in this case. In other cases, an implementation-specific negative value MUST be returned.