please dont rip this site Prev Next

QueryServiceObjectSecurity info  Overview  Group

The QueryServiceObjectSecurity function retrieves a copy of the security descriptor associated with a service object.

BOOL QueryServiceObjectSecurity(

    SC_HANDLE hService,

// handle of service

    SECURITY_INFORMATION dwSecurityInformation,

// type of security information requested

    PSECURITY_DESCRIPTOR lpSecurityDescriptor,

// address of security descriptor

    DWORD cbBufSize,

// size of security descriptor buffer

    LPDWORD pcbBytesNeeded 

// address of variable for bytes needed

   );

Parameters

hService
Identifies the service. This handle is returned by the OpenService or CreateService function, and it must have READ_CONTROL access.
dwSecurityInformation
Specifies the security information being requested. Any or all of the following flags can be specified:

Value

Meaning

OWNER_SECURITY_INFORMATION

Requests the object’s owner security identifier (SID).

GROUP_SECURITY_INFORMATION

Requests the object’s primary group SID.

DACL_SECURITY_INFORMATION

Requests the object’s discretionary access control list (ACL).

SACL_SECURITY_INFORMATION

Requests the object’s system ACL. The calling process must have the SE_SECURITY_NAME privilege. For more information about privileges, see Privileges.

lpSecurityDescriptor
Points to a buffer that receives a copy of the security descriptor of the specified service object. The calling process must have the appropriate access to view the specified aspects of the object’s security descriptor. The SECURITY_DESCRIPTOR structure is returned in self-relative format.
cbBufSize
Specifies the size, in bytes, of the buffer pointed to by the lpSecurityDescriptor parameter.
pcbBytesNeeded
Points to a variable that receives the number of bytes needed to return all the requested security descriptor information, if the function fails.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Errors

The following error codes may be set by the service control manager. Other error codes may be set by the registry functions that are called by the service control manager.

Value

Meaning

ERROR_ACCESS_DENIED

The specified handle was not opened with READ_CONTROL access, or the calling process is not the owner of the object.

ERROR_INVALID_HANDLE

The specified handle is invalid.

ERROR_INSUFFICIENT_BUFFER

There is more security descriptor information than would fit into the lpSecurityDescriptor buffer. The number of bytes required to get all the information is returned in the pcbBytesNeeded parameter. Nothing is written to the lpSecurityDescriptor buffer.

ERROR_INVALID_PARAMETER

The specified security information is invalid.

Remarks

The initial security descriptor of a service object is created by the service control manager, based on the security descriptor specified by the service control program that called the CreateService function to create the service. You can change the security descriptor by calling the SetServiceObjectSecurity function.

To read the owner, group, or DACL from the service object’s security descriptor, the calling process must have been granted READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or the object's DACL must grant the access.

To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

See Also

CreateService, OpenService, SECURITY_DESCRIPTOR, SetServiceObjectSecurity


file: /Techref/os/win/api/win32/func/src/f69_10.htm, 7KB, , updated: 2000/4/7 11:19, local time: 2024/11/9 14:50,
TOP NEW HELP FIND: 
3.138.181.42:LOG IN
©2024 PLEASE DON'T RIP! THIS SITE CLOSES OCT 28, 2024 SO LONG AND THANKS FOR ALL THE FISH!

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/techref/os/win/api/win32/func/src/f69_10.htm"> QueryServiceObjectSecurity</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?