Bewerken

Delen via


SeQuerySecurityDescriptorInfo function (ntifs.h)

The SeQuerySecurityDescriptorInfo routine retrieves a copy of an object's security descriptor.

Syntax

NTSTATUS SeQuerySecurityDescriptorInfo(
  [in]      PSECURITY_INFORMATION SecurityInformation,
  [out]     PSECURITY_DESCRIPTOR  SecurityDescriptor,
  [in, out] PULONG                Length,
  [in, out] PSECURITY_DESCRIPTOR  *ObjectsSecurityDescriptor
);

Parameters

[in] SecurityInformation

Pointer to a SECURITY_INFORMATION value specifying which security information is being queried.

Value Meaning
DACL_SECURITY_INFORMATION Indicates the discretionary access control list (DACL) of the object is being queried. Requires READ_CONTROL access.
GROUP_SECURITY_INFORMATION Indicates the primary group identifier of the object is being queried. Requires READ_CONTROL access.
OWNER_SECURITY_INFORMATION Indicates the owner identifier of the object is being queried. Requires READ_CONTROL access.
SACL_SECURITY_INFORMATION Indicates the system ACL (SACL) of the object is being queried. Requires ACCESS_SYSTEM_SECURITY access.

[out] SecurityDescriptor

Caller-allocated user buffer that SeQuerySecurityDescriptorInfo fills with a copy of the specified security descriptor in self-relative format.

[in, out] Length

Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by SecurityDescriptor. Upon return, SeQuerySecurityDescriptorInfo sets this variable to the number of bytes required to store the requested information.

[in, out] ObjectsSecurityDescriptor

Pointer to a pointer to an object's security descriptor. The security descriptor must be in self-relative format.

Return value

Return code Description
STATUS_SUCCESS
The call to SeQuerySecurityDescriptorInfo succeeded.
STATUS_BUFFER_TOO_SMALL
The buffer is too small for the security descriptor. None of the security information was copied to the buffer.

Remarks

A security descriptor can be in absolute or self-relative format. A security descriptor in absolute format contains pointers to the information it contains, rather than containing the information itself. A security descriptor in self-relative format contains the information in a contiguous block of memory. In a self-relative security descriptor, a SECURITY_DESCRIPTOR structure always starts the information, but the security descriptor's other components can follow the SECURITY_DESCRIPTOR structure in any order. Instead of using memory addresses, the components of the security descriptor are identified by offsets from the beginning of the security descriptor. This format is useful when a security descriptor must be stored on a disk or transmitted by means of a communications protocol.

Because the security descriptor is returned in self-relative format, the caller of SeQuerySecurityDescriptorInfo should cast the value returned in the SecurityDescriptor parameter to type PISECURITY_DESCRIPTOR_RELATIVE.

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

Requirements

Requirement Value
Target Platform Universal
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL PASSIVE_LEVEL

See also

ACL

RtlAbsoluteToSelfRelativeSD

RtlCreateSecurityDescriptor

RtlCreateSecurityDescriptorRelative

RtlGetOwnerSecurityDescriptor

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SECURITY_DESCRIPTOR