Share via

2.2.7.3.1 Request

  • Article

The NT_TRANSACT_SET_SECURITY_DESC request format is a special case of SMB_COM_NT_TRANSACT (section 2.2.4.62) SMB. Only the NT_TRANSACT_SET_SECURITY_DESC request specifics are described here.

 NT_Trans_Parameters
   {
   USHORT FID;
   USHORT Reserved;
   ULONG  SecurityInformation;
   }
 NT_Trans_Data
   {
   SECURITY_DESCRIPTOR SecurityDescriptor (variable);
   }
 

SMB_Parameters:

WordCount (1 byte): UCHAR This field MUST be 0x13.

Words (38 bytes): Array of USHORT

Function (2 bytes): USHORT This field MUST be NT_TRANSACT_SET_SECURITY_DESC (0x0003).

MaxSetupCount (1 byte): This field MUST be 0x00.

MaxDataCount (4 bytes): This field MUST be 0x00000000.

MaxParameterCount (4 bytes): This field MUST be 0x00000000.

SetupCount (1 byte): UCHAR This field MUST be 0x00.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

NT_Trans_Parameters

...

NT_Trans_Data (variable)

...

NT_Trans_Parameters (8 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

FID

Reserved

SecurityInformation

FID (2 bytes): USHORT File identifier or handle of the target file.

Reserved (2 bytes): USHORT Reserved. This value MUST be 0x0000.

SecurityInformation (4 bytes): ULONG Fields of security descriptor to be set. This is a bit field. These values can be logically OR-ed together to set several descriptors in one request. The server MUST set only the descriptors requested by SecurityInformation.

Name and  bitmask

Meaning

OWNER_SECURITY_INFORMATION

0x00000001

Owner of the object or resource.

GROUP_SECURITY_INFORMATION

0x00000002

Group associated with the object or resource.

DACL_SECURITY_INFORMATION

0x00000004

Discretionary access control list (DACL) associated with the object or resource.

SACL_SECURITY_INFORMATION

0x00000008

System access control list (SACL) associated with the object or resource.

NT_Trans_Data  (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SecurityDescriptor (variable)

...

SecurityDescriptor (variable): SECURITY_DESCRIPTOR The requested security descriptor structure. The self-relative form of a SECURITY_DESCRIPTOR is required. For details, see [MS-DTYP] SECURITY_DESCRIPTOR (section 2.4.6).