3.1.4.2.41 ApiGetKeySecurity (Opnum 40)

(Protocol Version 3) The ApiGetKeySecurity method retrieves any or all components of the security descriptor for the designated cluster key.

The server SHOULD accept an ApiGetKeySecurity request if its protocol server state is read-only, and the server MUST accept the request for processing if it is in the read/write state, as specified in section 3.1.1.

The server SHOULD accept an ApiGetKeySecurity request if the client's access level is at least "Read" (section 3.1.4).

 error_status_t ApiGetKeySecurity(
   [in] HKEY_RPC hKey,
   [in] DWORD SecurityInformation,
   [in, out] PRPC_SECURITY_DESCRIPTOR pRpcSecurityDescriptor,
   [out] error_status_t *rpc_status
 );

hKey: The HKEY_RPC RPC context handle for a key that was previously obtained by a call to ApiGetRootKey, ApiCreateKey, or ApiOpenKey.

SecurityInformation: A bitmask, as described in [MS-RRP] section 2.2.9, that indicates the components of the security descriptor to retrieve.

pRpcSecurityDescriptor: On successful completion of the method, the server MUST set pRpcSecurityDescriptor to the address of an RPC_SECURITY_DESCRIPTOR structure, as specified in section 2.2.3.1.

rpc_status: A 32-bit integer used to indicate success or failure. The RPC runtime MUST indicate, by writing to this parameter, whether it succeeded in executing this method on the server. The encoding of the value passed in this parameter MUST conform to encoding for  comm_status and fault_status, as specified in Appendix E of [C706].

Return Values: The method MUST return the following error codes for the specified conditions.

Return value/code

Description

0x00000000

ERROR_SUCCESS

Success.

0x00000006

ERROR_INVALID_HANDLE

The hKey parameter does not represent a valid HKEY_RPC context handle.

For any other condition, the server MUST set Status to a value that is not one of the values listed in the preceding table. The client MUST treat all values that are not listed in the preceding table the same, except as specified in section 3.2.4.6.