3.1.4.2.9 Receiving an EfsRpcRemoveUsersFromFile Message (Opnum 8)
The EfsRpcRemoveUsersFromFile method is used to revoke a user's access to an encrypted object. This method revokes the ability of the private key corresponding to a given X.509 certificate to decrypt the object.
-
DWORD EfsRpcRemoveUsersFromFile( [in] handle_t binding_h, [in, string] wchar_t* FileName, [in] ENCRYPTION_CERTIFICATE_HASH_LIST* Users );
binding_h: This is an RPC binding handle parameter, as specified in [C706] and [MS-RPCE] section 2.
FileName: An EFSRPC identifier as specified in section 2.2.1.
Users: A list of certificate hashes, represented by an ENCRYPTION_CERTIFICATE_HASH_LIST structure, whose access is to be removed.
Return Values: The server MUST return 0 if it successfully processes the message received from the client. The server MUST return a nonzero value if processing fails.
-
If no object exists on the server with the specified name, or if the object exists and is not encrypted, the server MUST return a nonzero value. The server SHOULD verify that the calling user is authorized to access the object, SHOULD verify that the calling user possesses a private key corresponding to a user certificate present in the EFSRPC Metadata for the object, and MUST return a nonzero value if this verification fails. If the calling user is authorized to access the object and the set of user certificates on the object contains only one entry, the server MUST return a nonzero value.
If none of the preceding errors occur, the server MUST remove the parts of the object's EFSRPC Metadata that refer to the user certificates listed in the Users structure.