Receiving an EfsRpcAddUsersToFile Message (Opnum 9)

The EfsRpcAddUsersToFile method is used to grant the possessors of the private keys corresponding to certain X.509 certificates the ability to decrypt the object.

 DWORD EfsRpcAddUsersToFile(
   [in] handle_t binding_h,
   [in, string] wchar_t* FileName,
   [in] ENCRYPTION_CERTIFICATE_LIST* EncryptionCertificates

binding_h: This is an RPC binding handle parameter, as specified in [C706] and [MS-RPCE] section 2.

FileName: An EFSRPC nonzero name, as specified in section 2.2.1.

EncryptionCertificates: A list of certificates, represented by an ENCRYPTION_CERTIFICATE_LIST structure, which are to be given access to the object.

Return Values: The server MUST return 0 if it successfully processes the message received from the client. The server MUST return a nonzero value if processing fails.

If no object exists on the server with the specified name, or if the object exists and is not encrypted, the server MUST return a nonzero value. Otherwise, the server MUST modify the object's EFSRPC Metadata such that all the user certificates listed in the Users structure have the ability to decrypt the object.