Share via

3.1.4.9.3 LsarDeleteObject (Opnum 34)

  • Article

The LsarDeleteObject method is invoked to delete an open account object, secret object, or trusted domain object.

 NTSTATUS LsarDeleteObject(
   [in, out] LSAPR_HANDLE* ObjectHandle
 );

ObjectHandle: A handle to an open object of the correct type to be deleted. After successful completion of the call, the handle value cannot be reused.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC000000D

STATUS_INVALID_PARAMETER

One or more of the supplied parameters was invalid.

0xC0000008

STATUS_INVALID_HANDLE

ObjectHandle is not a valid handle.

Processing:

This message takes one input parameter.

ObjectHandle: An open handle to an object that is to be deleted. If the handle is not a valid context handle to an object or ObjectHandle.PolicyType is not one of the following:

  • "Policy" for handles to policy objects

  • "Account" for handles to account objects

  • "Secret" for handles to secret objects

  • "Trusted Domain" for handles to trusted domain objects

The server MUST return STATUS_INVALID_HANDLE. Policy objects cannot be deleted. Attempts to delete policy objects MUST fail with STATUS_INVALID_PARAMETER. For other object types, the server MUST verify that ObjectHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to DELETE.

The server MUST make all subsequent requests to deleted objects through already opened handles fail with STATUS_INVALID_HANDLE. The deleted handle MUST be automatically closed by the server; the caller need not close it.

If the object being deleted is a trusted domain, then the server MUST also check whether an interdomain trust account with name "<Trusted Domain NetBIOS Name>$" exists. If it exists, the server MUST delete that account along with the trusted domain.

The server MUST free any resources associated with the LsaContextHandle element (section 3.1.1.7) that is represented by ObjectHandle, as specified in section 3.1.6.1, LSAPR_HANDLE_rundown.

The fact that a handle is no longer usable is communicated to the RPC transport by returning a NULL value in the handle parameter, as specified in [C706] section 5.1.6.