SeQuerySecurityDescriptorInfo function (ntifs.h)
The SeQuerySecurityDescriptorInfo routine retrieves a copy of an object's security descriptor.
Syntax
NTSTATUS SeQuerySecurityDescriptorInfo(
[in] PSECURITY_INFORMATION SecurityInformation,
[out] PSECURITY_DESCRIPTOR SecurityDescriptor,
[in, out] PULONG Length,
[in, out] PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
);
Parameters
[in] SecurityInformation
Pointer to a SECURITY_INFORMATION value specifying which security information is being queried.
| Value | Meaning |
|---|---|
| DACL_SECURITY_INFORMATION | Indicates the discretionary access control list (DACL) of the object is being queried. Requires READ_CONTROL access. |
| GROUP_SECURITY_INFORMATION | Indicates the primary group identifier of the object is being queried. Requires READ_CONTROL access. |
| OWNER_SECURITY_INFORMATION | Indicates the owner identifier of the object is being queried. Requires READ_CONTROL access. |
| SACL_SECURITY_INFORMATION | Indicates the system ACL (SACL) of the object is being queried. Requires ACCESS_SYSTEM_SECURITY access. |
[out] SecurityDescriptor
Caller-allocated user buffer that SeQuerySecurityDescriptorInfo fills with a copy of the specified security descriptor in self-relative format.
[in, out] Length
Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by SecurityDescriptor. Upon return, SeQuerySecurityDescriptorInfo sets this variable to the number of bytes required to store the requested information.
[in, out] ObjectsSecurityDescriptor
Pointer to a pointer to an object's security descriptor. The security descriptor must be in self-relative format.
Return value
| Return code | Description |
|---|---|
|
The call to SeQuerySecurityDescriptorInfo succeeded. |
|
The buffer is too small for the security descriptor. None of the security information was copied to the buffer. |
Remarks
A security descriptor can be in absolute or self-relative format. A security descriptor in absolute format contains pointers to the information it contains, rather than containing the information itself. A security descriptor in self-relative format contains the information in a contiguous block of memory. In a self-relative security descriptor, a SECURITY_DESCRIPTOR structure always starts the information, but the security descriptor's other components can follow the SECURITY_DESCRIPTOR structure in any order. Instead of using memory addresses, the components of the security descriptor are identified by offsets from the beginning of the security descriptor. This format is useful when a security descriptor must be stored on a disk or transmitted by means of a communications protocol.
Because the security descriptor is returned in self-relative format, the caller of SeQuerySecurityDescriptorInfo should cast the value returned in the SecurityDescriptor parameter to type PISECURITY_DESCRIPTOR_RELATIVE.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for