SO_WSK_SECURITY
The SO_WSK_SECURITY socket option allows a WSK application to either apply a security descriptor to a socket or retrieve a cached copy of a socket's security descriptor from a socket. The security descriptor controls the sharing of the local transport address to which the socket is bound.
This socket option applies only to listening sockets, datagram sockets, and connection-oriented sockets.
If a WSK application uses this socket option to apply a security descriptor to a socket, it must do so before the socket is bound to a local transport address.
To apply a security descriptor to a socket, a WSK application calls the WskControlSocket function with the following parameters.
| Parameter | Value |
|---|---|
RequestType |
WskSetOption |
ControlCode |
SO_WSK_SECURITY |
Level |
SOL_SOCKET |
InputSize |
sizeof(PSECURITY_DESCRIPTOR) |
InputBuffer |
A pointer to a PSECURITY_DESCRIPTOR-typed variable. This variable must contain a pointer to a cached copy of a security descriptor that was obtained by calling the WskControlClient function with the WSK_CACHE_SD control code. |
OutputSize |
0 |
OutputBuffer |
NULL |
OutputSizeReturned |
NULL |
A WSK application must specify a pointer to an IRP when calling the WskControlSocket function to apply a security descriptor to a socket.
If a WSK application uses this socket option to apply a security descriptor to a socket, the new security descriptor replaces any security descriptor that was previously applied to the socket.
A WSK application must not release the cached copy of the security descriptor until after the IRP is completed.
A WSK application can also apply a security descriptor to a socket when the socket is initially created by specifying a pointer to a cached copy of a security descriptor in the SecurityDescriptor parameter when it calls the WskSocket or WskSocketConnect function.
If a WSK application does not apply a security descriptor to a socket, the WSK subsystem uses a default security descriptor that does not allow sharing of the local transport address.
To retrieve a cached copy of a socket's security descriptor from a socket, a WSK application calls the WskControlSocket function with the following parameters.
| Parameter | Value |
|---|---|
RequestType |
WskGetOption |
ControlCode |
SO_WSK_SECURITY |
Level |
SOL_SOCKET |
InputSize |
0 |
InputBuffer |
NULL |
OutputSize |
sizeof(PSECURITY_DESCRIPTOR) |
OutputBuffer |
A pointer to a PSECURITY_DESCRIPTOR-typed variable. This variable receives a pointer to a cached copy of the socket's security descriptor. |
OutputSizeReturned |
NULL |
A WSK application must specify a pointer to an IRP when calling the WskControlSocket function to retrieve a cached copy of a socket's security descriptor from a socket.
A WSK application must call the WskControlClient function with the WSK_RELEASE_SD control code to release the cached copy of the security descriptor when it is no longer needed.
See the reference page for the SECURITY_DESCRIPTOR structure for more information.
Requirements
Version |
Available in Windows Vista and later versions of the Windows operating systems. |
Header |
Wsk.h (include Wsk.h) |