IRP_MJ_QUERY_SECURITY

How is this irp IRP_MJ_QUERY_SECURITY used? i.e.
What inputs fields need set?
What is returned?

It does not seems to be documented anywhere.

Ken

The stack parameters union member for QuerySecurity looks like this:

struct {
SECURITY_INFORMATION SecurityInformation;
ULONG POINTER_ALIGNMENT Length;
} QuerySecurity;

where the Length is the length of a buffer pointer to by Irp.UserBuffer.
This buffer gets filled in with a security descriptor containing the
information indicated by the SECURITY_INFORMATION constant that is passed
in.
If you are going to be ‘rolling your own’ IRP_MJ_QUERY_SECURITY irps, be
sure to clean up the MDL describing the irp.UserBuffer in your completion
routine.

-----Original Message-----
From: Ken Galipeau [mailto:xxxxx@legato.com]
Sent: Sunday, September 24, 2000 7:00 PM
To: File Systems Developers
Subject: [ntfsd] IRP_MJ_QUERY_SECURITY

How is this irp IRP_MJ_QUERY_SECURITY used? i.e.
What inputs fields need set?
What is returned?

It does not seems to be documented anywhere.

Ken

1. self relative
2. You could use ZwQuerySecurityObject:

ZwQuerySecurityObject (
IN HANDLE FileHandle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Length,
OUT PULONG ResultLength

Be careful, though: it is undocumented (I think) and thus
(presumably) subject to change, context sensitive, and will cause recursion
back through the device stack (you will quickly learn that such recursion
can be a royal in the arse). However, it may suit your application just
fine.

3. I dunno. I just pass in a 1K buffer and don’t worry about it. Sloppy,
   perhaps. If you do use a big buffer, don’t
   pass it on the stack due to kernel stack constraints.

Hope this helps,
Joel

-----Original Message-----
From: Ken Galipeau [mailto:xxxxx@legato.com]
Sent: Tuesday, September 26, 2000 12:34 AM
To: xxxxx@ntpsoftware.com
Subject: RE: IRP_MJ_QUERY_SECURITY

Thanks! I have three follow up questions:

1. Does the descriptor come back in self relative format or absolute?
2. Is there another way to get the info without rolling your own IRP?
3. How big of a buffer should be passed?

Thanks,
Ken

-----Original Message-----

Date: Mon, 25 Sep 2000 10:26:33 -0400
From: “Smith, Joel”
Subject: RE: IRP_MJ_QUERY_SECURITY

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=NextPart_001_01C026FC.99CE8DDE

The stack parameters union member for QuerySecurity looks like this:

struct {
SECURITY_INFORMATION SecurityInformation;
ULONG POINTER_ALIGNMENT Length;
} QuerySecurity;

where the Length is the length of a buffer pointer to by Irp.UserBuffer.
This buffer gets filled in with a security descriptor containing the
information indicated by the SECURITY_INFORMATION constant that is passed
in.
If you are going to be ‘rolling your own’ IRP_MJ_QUERY_SECURITY irps, be
sure to clean up the MDL describing the irp.UserBuffer in your completion
routine.

-----Original Message-----
From: Ken Galipeau [mailto:xxxxx@legato.com]
Sent: Sunday, September 24, 2000 7:00 PM
To: File Systems Developers
Subject: [ntfsd] IRP_MJ_QUERY_SECURITY

How is this irp IRP_MJ_QUERY_SECURITY used? i.e.
What inputs fields need set?
What is returned?

It does not seems to be documented anywhere.

Ken

------=_NextPart_001_01C026FC.99CE8DDE
Content-Type: text/html;
charset=“iso-8859-1”

How is this
irp
IRP_MJ_QUERY_SECURITY used? i.e.

What inputs
fields
need set?

What is
returned?

class=968245222-24092000>

It does not
seems
to be documented anywhere.

class=968245222-24092000>

class=968245222-24092000>Ken

class=968245222-24092000>