4.1 Adding an Entry to the Permissions List
In this example, the client is adding an entry for "user8" to the permissions list on the Calendar folder. To retrieve the current permissions on the folder, the client starts by trying to read the deprecated PidTagSecurityDescriptorAsXml property ([MS-XWDVSEC] section 2.2.2) of the folder, as described in section 3.1.4.1. To read this property, the client sends the following RopOpenStream ROP request ([MS-OXCROPS] section 2.2.9.1).
The RopOpenStream ROP request buffer contains the following data (9 bytes).
-
0000: 2B 00 01 02 1F 00 6A 0E-00
RopId: 0x2B
LogonId: 0
InputHandleIndex: 1 (HSOT=0x000001DA)
OutputHandleIndex: 2 (HSOT=0xFFFFFFFF)
PropertyTag: 0x0E6A001F (PidTagSecurityDescriptorAsXml property)
OpenModeFlags: 0x00 (ReadOnly flag is set)
The server returns the following ROP response buffer, which indicates that it does not support the PidTagSecurityDescriptorAsXml property on this folder.
The RopOpenStream ROP response buffer contains the following data (6 bytes):
-
0000: 2B 02 02 01 04 80
RopId: 0x2B
OutputHandleIndex: 2 (HSOT=0xFFFFFFFF)
ReturnValue: 0x80040102 (ecNotImplemented)
Because the server does not support the PidTagSecurityDescriptorAsXml property, the client falls back to using the RopGetPermissionsTable ROP ([MS-OXCROPS] section 2.2.10.2) as described in section 3.1.4.1. To retrieve a table that contains the current permissions list of the folder, the client sends the following three ROP requests, batched together into a single remote procedure call (RPC).
The RopGetPermissionsTable ROP request buffer contains the following data (5 bytes):
-
0000: 3E 00 00 01 02
RopId: 0x3E
LogonId: 0
InputHandleIndex: 0 (HSOT=0x000001DA)
OutputHandleIndex: 1 (HSOT=0xFFFFFFFF)
TableFlags: 0x02 (IncludeFreeBusy flag is set)
The RopSetColumns ROP request buffer ([MS-OXCROPS] section 2.2.5.1) contains the following data (22 bytes):
-
0000: 12 00 01 00 04 00 14 00-71 66 1F 00 72 66 03 00 ........qf..rf.. 0010: 73 66 02 01 FF 0F sf....
RopId: 0x12
LogonId: 0
InputHandleIndex: 1 (HSOT=0xFFFFFFFF)
SetColumnsFlags: 0x00 (Wait flag is set)
PropertyTagCount: 0x0004 (four property tags in the PropertyTags field)
PropertyTags:
0x66710014 (PidTagMemberId property (section 2.2.5))
0x6672001F (PidTagMemberName property (section 2.2.6))
0x66730003 (PidTagMemberRights property (section 2.2.7))
0x0FFF0102 (PidTagEntryId property (section 2.2.4))
The RopQueryRows ROP request buffer ([MS-OXCROPS] section 2.2.5.4) contains the following data (7 bytes):
-
0000: 15 00 01 00 01 00 10
RopId: 0x15
LogonId: 0
InputHandleIndex: 1 (HSOT=0xFFFFFFFF)
QueryRowsFlags: 0x00 (Advance)
ForwardRead: 0x01 (True)
RowCount: 0x1000 (4096)
The server returns the following three ROP response buffers. The folder's current permissions list is in the RowData field of the RopQueryRows ROP response buffer.
The RopGetPermissionsTable ROP response buffer contains the following data (6 bytes):
-
0000: 3E 01 00 00 00 00
RopId: 0x3E
OutputHandleIndex: 1 (HSOT=0x000000CA)
ReturnValue: 0x00000000 (success)
The RopSetColumns ROP response buffer contains the following data (7 bytes):
-
0000: 12 01 00 00 00 00 00
RopId: 0x12
InputHandleIndex: 1 (HSOT=0x000000CA)
ReturnValue: 0x00000000 (success)
TableStatus: 0x00 (TBLSTAT_COMPLETE flag is set)
The RopQueryRows ROP response buffer contains the following data (61 bytes):
-
0000: 15 01 00 00 00 00 02 02-00 00 00 00 00 00 00 00 ................ 0010: 00 00 00 00 00 08 00 00-00 00 00 FF FF FF FF FF ................ 0020: FF FF FF 41 00 6E 00 6F-00 6E 00 79 00 6D 00 6F ...A.n.o.n.y.m.o 0030: 00 75 00 73 00 00 00 00-00 00 00 00 00 .u.s.........
RopId: 0x15
InputHandleIndex: 1 (HSOT=0x000000CA)
ReturnValue: 0x00000000 (success)
Origin: 0x02 (BOOKMARK_END flag is set)
RowCount: 0x0002 (two PropertyRow structures in the RowData field)
RowData:
PropertyRow structure #1 (beginning at address 0x0009 in the RopQueryRows ROP response buffer):
Flag: 0x00 (no errors)
ValueArray: This field contains the values of the properties that were specified in the PropertyTags field of the previous RopSetColumns request and are in the same order as those properties.
0x0000000000000000 (default user)
0x0000 (Unicode null)
0x00000800 (FreeBusySimple flag is set)
0x0000 (byte count is zero bytes, indicating that no PermanentEntryID structure ([MS-OXNSPI] section 2.2.9.3) is present)
PropertyRow structure #2 (beginning at address 0x001A in the RopQueryRows ROP response buffer):
Flag: 0x00 (no errors)
ValueArray:
0xFFFFFFFFFFFFFFFF (anonymous user)
"Anonymous"
0x00000000 (no permissions flags are set)
0x0000 (byte count is zero bytes, indicating that no PermanentEntryID structure is present)
Note that the current permissions list on this folder has two entries. The default user entry, contained in PropertyRow structure #1, has the FreeBusySimple permissions (0x00000800) on this folder. The anonymous user entry, contained in PropertyRow structure #2, has no permissions (0x00000000) on this folder.
Finally, the client sends the following RopModifyPermissions ROP request ([MS-OXCROPS] section 2.2.10.1) to add "user8" to the permissions list with the FreeBusyDetailed, FreeBusySimple, FolderVisible, FolderContact, FolderOwner, CreateSubFolder, DeleteAny, EditAny, DeleteOwned, EditOwned, Create, and ReadAny permissions flags set (0x00001FFB) for "user8" on this folder:
The RopModifyPermissions ROP request buffer contains the following data (147 bytes):
-
0000: 40 00 02 02 01 00 01 02-00 02 01 FF 0F 7C 00 00 @............|.. 0010: 00 00 00 DC A7 40 C8 C0-42 10 1A B4 B9 08 00 2B .....@..B......+ 0020: 2F E1 82 01 00 00 00 00-00 00 00 2F 6F 3D 46 69 /........../o=Fi 0030: 72 73 74 20 4F 72 67 61-6E 69 7A 61 74 69 6F 6E rst Organization 0040: 2F 6F 75 3D 45 78 63 68-61 6E 67 65 20 41 64 6D /ou=Exchange Adm 0050: 69 6E 69 73 74 72 61 74-69 76 65 20 47 72 6F 75 inistrative Grou 0060: 70 20 28 46 59 44 49 42-4F 48 46 32 33 53 50 44 p (FYDIBOHF23SPD 0070: 4C 54 29 2F 63 6E 3D 52-65 63 69 70 69 65 6E 74 LT)/cn=Recipient 0080: 73 2F 63 6E 3D 75 73 65-72 38 00 03 00 73 66 FB s/cn=user8...sf. 0090: 1F 00 00 ...
RopId: 0x40
LogonId: 0
InputHandleIndex: 2 (HSOT=0x000001DA)
ModifyFlags: 0x02 (IncludeFreeBusy flag is set)
ModifyCount: 0x0001 (one PermissionData structure in the PermissionsData field)
PermissionsData:
PermissionData structure (beginning at address 0x0006 in the RopModifyPermissions ROP request buffer):
PermissionDataFlags: 0x01 (AddRow flag is set)
PropertyValueCount: 0x0002 (two TaggedPropertyValue structures in the PropertyValues field)
PropertyValues:
TaggedPropertyValue structure #1 (beginning at address 0x0009 in the RopModifyPermissions ROP request buffer):
PropertyTag: 0x0FFF0102 (PidTagEntryId property)
PropertyValue: Beginning at address 0x000D in the RopModifyPermissions ROP request buffer, this field contains the byte-count, 0x007C (124), followed by the 124-byte PermanentEntryID structure.
TaggedPropertyValue structure #2 (beginning at address 0x008B in the RopModifyPermissions ROP request buffer):
PropertyTag: 0x66730003 (PidTagMemberRights property)
PropertyValue: 0x00001FFB (FreeBusyDetailed, FreeBusySimple, FolderVisible, FolderContact, FolderOwner, CreateSubFolder, DeleteAny, EditAny, DeleteOwned, EditOwned, Create, and ReadAny flags are set)
The server returns the following response buffer, which indicates that it has successfully updated the permissions list for the folder.
The RopModifyPermissions ROP response buffer contains the following data (6 bytes):
-
0000: 40 02 00 00 00 00
RopId: 0x40
InputHandleIndex: 2 (HSOT=0x000001DA)
ReturnValue: 0x00000000 (success)