Re: IRP_MJ_QUERY_SECURITY with NULL SECURITY_DESCRIPT OR

NTFSD
1

Note I don’t have experience with this particular IRP but for
STATUS_BUFFER_OVERFLOW Irp->IoStatus.Information should be usually set to
size of data you want return. Sometimes it can differ; search docs for this
status name for examples. You should examine IRPs returned by NTFS to see
what is exactly expected.

Best regards,

Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]

From: xxxxx@magicsquare.com[SMTP:xxxxx@magicsquare.com]
Reply To: xxxxx@lists.osr.com
Sent: Friday, July 25, 2003 4:02 AM
To: xxxxx@lists.osr.com
Subject: [ntfsd] Re: IRP_MJ_QUERY_SECURITY with NULL
SECURITY_DESCRIPTOR

Additional information: when using Filemon, I noticed that in NTFS drives
the first IRP_MJ_QUERY_SECURITY returns a status of
STATUS_BUFFER_OVERFLOW, presumably when the buffer pointer is NULL. The
next IRP_MJ_QUERY_SECURITY IRP shown by Filemon returns a SUCCESS status.

I have modified my FSD to return STATUS_BUFFER_OVERFLOW when the buffer is
NULL, and then received a 2nd IRP_MJ_QUERY_SECURITY, this time with
non-NULL Irp->UserBuffer, but with buffer length of 0. Not sure what to
do with that; an attempt to return a SUCCESS status when the length=0
caused blue screen, which actually would made sense because the caller
probably got confused.

So what gives?

> Hi,
>
> I want to support DACLs in my FSD. When I open a file’s properties in
> Explorer and select the Security tab, the FSD received a
> IRP_MJ_QUERY_SECURITY, with NULL in Irp->UserBuffer (where a pointer to
> SECURITY_DESCRIPTOR is supposed to be found).
>
> I get this in both Win 2K and in 2003.
>
> Does anyone know what to do in this case?
>
> BTW, IrpSp->Parameters.QuerySecurity.SecurityInformation contains 0x4,
> which is const DACL_SECURITY_INFORMATION. However, the DDK says that
> Parameters.QuerySecurity.SecurityInformation should include a *pointer*
to
> a SECURITY_INFORMATION value. I assume it’s a typo in the DDK.
>
> Thanks in advance
> CS havit

You are currently subscribed to ntfsd as: michal.vodicka@st.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

2

It has nothing to do with Irp->UserBuffer. It has to do with the declared
size of the buffer (which, unless I’m missing my guess, is ZERO.)

The whole point is the application has no idea how big the buffer should be

  • it is ASKING you to tell it how big it should be. Hence the
    STATUS_BUFFER_OVERFLOW and setting the Information field to the necessary
    size. Next time it calls, it passes a (probably newly allocated) buffer of
    the requisite size.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@magicsquare.com [mailto:xxxxx@magicsquare.com]
Sent: Thursday, July 24, 2003 10:02 PM
To: File Systems Developers
Subject: [ntfsd] Re: IRP_MJ_QUERY_SECURITY with NULL SECURITY_DESCRIPTOR

Additional information: when using Filemon, I noticed that in NTFS drives
the first IRP_MJ_QUERY_SECURITY returns a status of
STATUS_BUFFER_OVERFLOW, presumably when the buffer pointer is NULL. The
next IRP_MJ_QUERY_SECURITY IRP shown by Filemon returns a SUCCESS status.

I have modified my FSD to return STATUS_BUFFER_OVERFLOW when the buffer is
NULL, and then received a 2nd IRP_MJ_QUERY_SECURITY, this time with
non-NULL Irp->UserBuffer, but with buffer length of 0. Not sure what to
do with that; an attempt to return a SUCCESS status when the length=0
caused blue screen, which actually would made sense because the caller
probably got confused.

So what gives?

Hi,

I want to support DACLs in my FSD. When I open a file’s properties in
Explorer and select the Security tab, the FSD received a
IRP_MJ_QUERY_SECURITY, with NULL in Irp->UserBuffer (where a pointer to
SECURITY_DESCRIPTOR is supposed to be found).

I get this in both Win 2K and in 2003.

Does anyone know what to do in this case?

BTW, IrpSp->Parameters.QuerySecurity.SecurityInformation contains 0x4,
which is const DACL_SECURITY_INFORMATION. However, the DDK says that
Parameters.QuerySecurity.SecurityInformation should include a *pointer* to
a SECURITY_INFORMATION value. I assume it’s a typo in the DDK.

Thanks in advance
CS havit

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com