Prev Next

GetSecurityInfoEx info  Overview  Group

[This is a preview of an interface that may appear in future releases of Windows.]

The GetSecurityInfoEx function retrieves a copy of the specified security information for an object identified by a handle.

GetSecurityInfoEx differs from the GetSecurityInfo function in that it allows you to retrieve access-control information for the properties on an object, as well as for the object itself. In addition, GetSecurityInfoEx uses provider-independent access flags, but GetSecurityInfo uses Windows NT-specific access flags.

DWORD GetSecurityInfoEx(

    HANDLE hObject,

// handle to the object

    SE_OBJECT_TYPE ObjectType,

// type of object

    SECURITY_INFORMATION SecurityInfo,

// type of security information to retrieve

    LPCTSTR lpProvider,

// name of provider to handle request

    LPCTSTR lpProperty,

// GUID string of a property on the object

    PACTRL_ACCESS *ppAccessList,

// receives a pointer to access-control info

    PACTRL_AUDIT *ppAuditList,

// receives a pointer to audit-control info

    LPTSTR *lppOwner,

// receives the name of the object’s owner

    LPTSTR *lppGroup

// receives the name of the object’s primary group

   );

Parameters

hObject
A handle to the object from which to retrieve security information.
ObjectType
Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object identified by the hObject parameter.
SecurityInfo
A set of SECURITY_INFORMATION bit flags that indicate the type of security information to retrieve. This parameter can be a combination of the following values.

Value

Meaning

OWNER_SECURITY_INFORMATION

If this flag is set, the lppOwner pointer receives a pointer to a null-terminated string that names the object’s owner.

GROUP_SECURITY_INFORMATION

If this flag is set, the lppGroup pointer receives a pointer to a null-terminated string that names the object’s primary group.

DACL_SECURITY_INFORMATION

If this flag is set, the ppAccessList pointer receives a pointer to a structure that describes discretionary access-control list (DACL) information for the object or for the property identified by the lpProperty parameter.

SACL_SECURITY_INFORMATION

If this flag is set, the ppAuditList pointer receives a pointer to a structure that describes system access-control list (SACL) information for the object or for the property identified by the lpProperty parameter.

lpProvider
Pointer to a null-terminated string that specifies the name of the provider to handle the request. If this parameter is NULL, the system determines the proper provider to handle the request.
lpProperty
Pointer to a null-terminated string that specifies the GUID of a property on the object. You can use the UuidToString function to generate a string representation of a property GUID. If lpProperty is non-NULL, the function retrieves access-control information for the specified property. If lpProperty is NULL, the function retrieves access-control information for the object.

If ObjectType specifies SE_DS_OBJECT_ALL, lpProperty is ignored and the function retrieves access-control information for the object and all its properties.

The SE_DS_OBJECT object type supports setting and retrieving access-control information for the properties on an object. For other object types that do not support access-control for object properties, lpProperty must be NULL. ppAccessList

Pointer to a variable that receives a pointer to an ACTRL_ACCESS structure. The structure describes discretionary access-control information for the object or for the property identified by the lpProperty parameter. The returned pointer is valid only if you set the DACL_SECURITY_INFORMATION flag. Call the LocalFree function to free the returned buffer. This parameter can be NULL if you do not need the DACL information.

If the ObjectType parameter specifies SE_DS_OBJECT_ALL, the pPropertyAccessList member of the ACTRL_ACCESS structure points to an array of ACTRL_PROPERTY_ENTRY structures. Each structure contains access-control information for the object or for a property on the object. Otherwise, pPropertyAccessList points to a single ACTRL_PROPERTY_ENTRY structure for the object or the specified property.

ppAuditList
Pointer to a variable that receives a pointer to an ACTRL_AUDIT structure. The structure describes system access-control information for the object or for the property identified by the lpProperty parameter. The returned pointer is valid only if you set the SACL_SECURITY_INFORMATION flag. Call the LocalFree function to free the returned buffer. This parameter can be NULL if you do not need the SACL information.

If the ObjectType parameter specifies SE_DS_OBJECT_ALL, the pPropertyAccessList member of the ACTRL_AUDIT structure points to an array of ACTRL_PROPERTY_ENTRY structures. Each structure contains audit-control information for the object or for a property on the object. Otherwise, pPropertyAccessList points to a single ACTRL_PROPERTY_ENTRY structure for the object or the specified property.

lppOwner
Pointer to a variable that receives a pointer to a null-terminated string containing the name of the object’s owner. The returned pointer is valid only if you set the OWNER_SECURITY_INFORMATION flag. Call the LocalFree function to free the returned buffer. This parameter can be NULL if you do not need the information.
lppGroup
Pointer to a variable that receives a pointer to a null-terminated string containing the name of the object’s primary group. The returned pointer is valid only if you set the GROUP_SECURITY_INFORMATION flag. Call the LocalFree function to free the returned buffer. This parameter can be NULL if you do not need the information.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value can be one of the following error codes.

Value

Meaning

ERROR_NOT_ENOUGH_MEMORY

A memory allocation failed

ERROR_INVALID_PARAMETER

An invalid parameter was specified.

ERROR_BAD_PROVIDER

The lpProvider parameter specified an invalid provider name.

Remarks

To read the owner, group, or DACL from the object’s security descriptor, the calling process must have been granted READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or the object's DACL must grant the access.

To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

Call the LocalFreefunction to free any pointers returned by the ppAccessList, ppAccessList, lppOwner, or lppOwner parameters.

Currently, the import library for the GetSecurityInfoEx function is ACCSRC.LIB. This is temporary. Eventually, the import library will be ADVAPI32.LIB. Meanwhile, any source code that links with the ACCSRC.LIB library must call the AccProvInit macro as follows:

    DWORD dwErrcode;



    AccProvInit(dwErrcode);

    if(dwErrcode != ERROR_SUCCESS)

    {

         // Consider this an error...

    }

 

See Also

ACTRL_ACCESS, ACTRL_AUDIT, ACTRL_PROPERTY_ENTRY, GetNamedSecurityInfoEx, LocalFree, SE_OBJECT_TYPE, SECURITY_INFORMATION, SetNamedSecurityInfoEx, SetSecurityInfoEx