2.1.5.17 Server Requests Setting of Security Information

This operation is also referred to as SET_SECURITY when it is used in switch statements.

If the object store does not implement security, the operation MUST be failed with STATUS_INVALID_DEVICE_REQUEST.<193>

The server provides:

  • Open - The Open on which security information is being applied.

  • SecurityInformation - A SECURITY_INFORMATION data type as defined in [MS-DTYP] section 2.4.7.

  • InputBuffer - A buffer that contains the security descriptor to be applied to the object. The security descriptor is a SECURITY_DESCRIPTOR structure in self-relative format, as described in [MS-DTYP] section 2.4.6.

  • InputBufferSize - The size of the buffer provided.

On completion, the object store MUST return:

  • Status - An NTSTATUS code indicating the result of the operation.

This routine uses the following local variables:

  • Boolean values (initialized to FALSE): DisableOwnerAces, ServerObject, DaclUntrusted

The operation MUST be failed with STATUS_ACCESS_DENIED under any of the following conditions:

  • SecurityInformation contains any of OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION, or LABEL_SECURITY_INFORMATION, and Open.GrantedAccess does not contain WRITE_OWNER.

  • SecurityInformation contains DACL_SECURITY_INFORMATION and Open.GrantedAccess does not contain WRITE_DAC.

  • SecurityInformation contains SACL_SECURITY_INFORMATION and Open.GrantedAccess does not contain ACCESS_SYSTEM_SECURITY.

Pseudocode for the operation is as follows:

  • If Open.Stream.StreamType is DataStream and Open.Stream.Name is not zero-length, the operation MUST be failed with STATUS_INVALID_PARAMETER; security information can be set on a file or directory handle, not on a stream handle.

  • If Open.Stream.Oplock is not empty, the object store MUST check for an oplock break according to the algorithm in section 2.1.4.12, with input values as follows:

    • Open equal to this operation's Open

    • Oplock equal to Open.Stream.Oplock

    • Operation equal to "SET_SECURITY"

    • OpParams empty

  • The object store MUST post a USN change as specified in section 2.1.4.11 with File equal to File, Reason equal to USN_REASON_SECURITY_CHANGE, and FileName equal to Open.Link.Name.

  • If the Server Security (SS) bit is set in InputBuffer.Control, set ServerObject to TRUE, otherwise set it to FALSE.

  • If the DACL Trusted (DT) bit is set in InputBuffer.Control, set DaclUntrusted to FALSE, otherwise set it to TRUE.

  • If SecurityInformation contains OWNER_SECURITY_INFORMATION:

    • If SecurityInformation contains DACL_SECURITY_INFORMATION, set DisableOwnerAces to FALSE, otherwise set it to TRUE.

    • If InputBuffer.OwnerSid is not present, the operation MUST be failed with STATUS_INVALID_OWNER.

    • If InputBuffer.OwnerSid is not a valid owner SID for a file in the object store, as determined in an implementation-specific manner, the object store MUST return STATUS_INVALID_OWNER.

  • Else

    • If Open.File.SecurityDescriptor.Owner is NULL, the operation MUST be failed with STATUS_INVALID_OWNER.

  • EndIf

  • The object store MUST set Open.File.SecurityDescriptor to InputBuffer. See [MS-DTYP] section 2.4.6 for additional details.

  • If Open.File.FileType is not DirectoryFile:

    • The object store MUST set Open.File.FileAttributes.FILE_ATTRIBUTE_ARCHIVE.

    • The object store MUST update Open.File.LastChangeTime.<194>

  • EndIf

  • The operation returns STATUS_SUCCESS.