[This is a preview of an interface that may appear in future releases of Windows.]
The GetNamedSecurityInfoEx function retrieves a copy of the specified security information for an object specified by name. This function differs from the GetNamedSecurityInfo function in that it allows you to retrieve access-control information for the properties on an object, as well as for the object itself.
DWORD GetNamedSecurityInfoEx(
LPCTSTR lpObject, |
// name of the object |
SE_OBJECT_TYPE ObjectType, |
// type of object |
SECURITY_INFORMATION SecurityInfo, |
// type of security information to retrieve |
LPCTSTR lpProvider, |
// name of provider to handle request |
LPCTSTR lpProperty, |
// GUID string of a property on the object |
PACTRL_ACCESS *ppAccessList, |
// receives a pointer to access-control info |
PACTRL_AUDIT *ppAuditList, |
// receives a pointer to audit-control info |
LPTSTR *lppOwner, |
// receives the name of the object’s owner |
LPTSTR *lppGroup |
// receives the name of the object’s primary group |
); |
Value |
Meaning |
OWNER_SECURITY_INFORMATION |
If this flag is set, the lppOwner pointer receives a pointer to a null-terminated string that names the object’s owner. |
GROUP_SECURITY_INFORMATION |
If this flag is set, the lppGroup pointer receives a pointer to a null-terminated string that names the object’s primary group. |
DACL_SECURITY_INFORMATION |
If this flag is set, the ppAccessList pointer receives a pointer to a structure that describes discretionary access-control list (DACL) information for the object or for the property identified by the lpProperty parameter. |
SACL_SECURITY_INFORMATION |
If this flag is set, the ppAuditList pointer receives a pointer to a structure that describes system access-control list (SACL) information for the object or for the property identified by the lpProperty parameter. |
If ObjectType specifies SE_DS_OBJECT_ALL, lpProperty is ignored and the function retrieves access-control information for the object and all its properties.
The SE_DS_OBJECT object type supports setting and retrieving access-control information for the properties on an object. For other object types that do not support access-control for object properties, lpProperty must be NULL.
If the ObjectType parameter specifies SE_DS_OBJECT_ALL, the pPropertyAccessList
member of the ACTRL_ACCESS structure points to an array of ACTRL_PROPERTY_ENTRY
structures. Each structure contains access-control information for the object
or a property on the object. Otherwise, pPropertyAccessList points to a
single ACTRL_PROPERTY_ENTRY structure for the object or the specified
property.
If the ObjectType parameter specifies SE_DS_OBJECT_ALL, the pPropertyAccessList
member of the ACTRL_AUDIT structure points to an array of ACTRL_PROPERTY_ENTRY
structures. Each structure contains audit-control information for the object
or a property on the object. Otherwise, pPropertyAccessList points to a
single ACTRL_PROPERTY_ENTRY structure for the object or the specified
property.
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value can be one of the following error codes.
Value |
Meaning |
ERROR_BAD_PROVIDER |
The lpProvider parameter specified an invalid provider name. |
ERROR_INVALID_PARAMETER |
An invalid parameter was specified. |
ERROR_NOT_ENOUGH_MEMORY |
A memory allocation failed |
To read the owner, group, or DACL from the object’s security descriptor, the object’s DACL must grant READ_CONTROL access to the caller or the caller must be the owner of the object.
To read the system access-control list (SACL) of the object, the SE_SECURITY_NAME privilege must be enabled for the calling process.
Call the LocalFree function to free any pointers returned by the ppAccessList, ppAccessList, lppOwner, or lppOwner parameters.
Currently, the import library for the GetNamedSecurityInfoEx function is ACCSRC.LIB. This is temporary. Eventually, the import library will be ADVAPI32.LIB. Meanwhile, any source code that links with the ACCSRC.LIB library must call the AccProvInit macro as follows:
DWORD dwErrcode; AccProvInit(dwErrcode); if(dwErrcode != ERROR_SUCCESS) { // Consider this an error... }
ACTRL_ACCESS, ACTRL_AUDIT, ACTRL_PROPERTY_ENTRY, GetSecurityInfoEx, LocalFree, SE_OBJECT_TYPE, SECURITY_INFORMATION, SetNamedSecurityInfoEx, SetSecurityInfoEx
Comments: