IRP_MJ_QUERY_SECURITY with NULL SECURITY_DESCRIPTOR

Hi,

I want to support DACLs in my FSD. When I open a file’s properties in
Explorer and select the Security tab, the FSD received a
IRP_MJ_QUERY_SECURITY, with NULL in Irp->UserBuffer (where a pointer to
SECURITY_DESCRIPTOR is supposed to be found).

I get this in both Win 2K and in 2003.

Does anyone know what to do in this case?

BTW, IrpSp->Parameters.QuerySecurity.SecurityInformation contains 0x4,
which is const DACL_SECURITY_INFORMATION. However, the DDK says that
Parameters.QuerySecurity.SecurityInformation should include a *pointer* to
a SECURITY_INFORMATION value. I assume it’s a typo in the DDK.

Thanks in advance
CS havit

Additional information: when using Filemon, I noticed that in NTFS drives
the first IRP_MJ_QUERY_SECURITY returns a status of
STATUS_BUFFER_OVERFLOW, presumably when the buffer pointer is NULL. The
next IRP_MJ_QUERY_SECURITY IRP shown by Filemon returns a SUCCESS status.

I have modified my FSD to return STATUS_BUFFER_OVERFLOW when the buffer is
NULL, and then received a 2nd IRP_MJ_QUERY_SECURITY, this time with
non-NULL Irp->UserBuffer, but with buffer length of 0. Not sure what to
do with that; an attempt to return a SUCCESS status when the length=0
caused blue screen, which actually would made sense because the caller
probably got confused.

So what gives?

Hi,

I want to support DACLs in my FSD. When I open a file’s properties in
Explorer and select the Security tab, the FSD received a
IRP_MJ_QUERY_SECURITY, with NULL in Irp->UserBuffer (where a pointer to
SECURITY_DESCRIPTOR is supposed to be found).

I get this in both Win 2K and in 2003.

Does anyone know what to do in this case?

BTW, IrpSp->Parameters.QuerySecurity.SecurityInformation contains 0x4,
which is const DACL_SECURITY_INFORMATION. However, the DDK says that
Parameters.QuerySecurity.SecurityInformation should include a *pointer* to
a SECURITY_INFORMATION value. I assume it’s a typo in the DDK.

Thanks in advance
CS havit

It seems to be that way:

The first call, the caller supplies NULL buffer and wants to know
how much memory he needs to allocate for the security
information.

The second call, the caller has allocated the buffer, gives you
the buffer and its size. Now he wants the security info from you.

L.


Hork? l?to s VOLN?: Vyhraj Ford s klimatizac?! Vice na
http://soutez.volny.cz