The GetSecurityInfo function retrieves a copy of the security descriptor for an object specified by a handle.
DWORD GetSecurityInfo(
HANDLE handle, |
// handle to the object |
SE_OBJECT_TYPE ObjectType, |
// type of object |
SECURITY_INFORMATION SecurityInfo, |
// type of security information to retrieve |
PSID *ppsidOwner, |
// receives a pointer to the owner SID |
PSID *ppsidGroup, |
// receives a pointer to the primary group SID |
PACL *ppDacl, |
// receives a pointer to the DACL |
PACL *ppSacl, |
// receives a pointer to the SACL |
PSECURITY_DESCRIPTOR *ppSecurityDescriptor |
// receives a pointer to the security descriptor |
); |
Value |
Meaning |
OWNER_SECURITY_INFORMATION |
If this flag is set, the ppsidOwner parameter receives the security identifier (SID) of the object’s owner. |
GROUP_SECURITY_INFORMATION |
If this flag is set, the ppsidGroup parameter receives the SID of the object’s primary group. |
DACL_SECURITY_INFORMATION |
If this flag is set, the ppDacl parameter receives the object’s discretionary access-control list (DACL). |
SACL_SECURITY_INFORMATION |
If this flag is set, the ppSacl parameter receives the object’s system access-control list (SACL).. |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
If the ppsidOwner, ppsidGroup, ppDacl, ppSacl parameters are non-NULL, and the SecurityInfo parameter specifies that they be retrieved from the object, those parameters will point to the corresponding parameters in the security descriptor returned in ppSecurityDescriptor.
To read the owner, group, or DACL from the object’s security descriptor, the calling process must have been granted READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or the object's DACL must grant the access.
To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.
ACL, GetNamedSecurityInfo, LocalFree, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetNamedSecurityInfo, SetSecurityInfo, SID
file: /Techref/os/win/api/win32/func/src/f38_16.htm, 7KB, , updated: 2000/4/7 11:19, local time: 2025/1/26 02:26,
18.222.15.173:LOG IN
|
©2025 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions? <A HREF="http://linistepper.com/techref/os/win/api/win32/func/src/f38_16.htm"> GetSecurityInfo</A> |
Did you find what you needed? |