3.3.5.59.5 Receiving an NT_TRANSACT_QUERY_SECURITY_DESC Request

Upon receipt of an NT_TRANSACT_QUERY_SECURITY_DESC Request (section 2.2.7.6.1), the NT Trans subsystem MUST query the underlying file system to retrieve the security descriptors indicated by SecurityInfoFields for the file indicated by FID. SecurityInfoFields and FID are passed in the NT_Trans_Parameters block of the request.<352>

If the request fails, the server MUST return an error response indicating the error that caused the failure and perform no further processing.

If the size of the NT_Trans_Data.SecurityDescriptor field is less than the size required by the underlying file system to fit the requested security descriptors, the NT_Trans_Parameters.LengthNeeded field MUST be set to the length required as indicated by the underlying file system in an implementation-specific manner, and the NT_Trans_Data.SecurityDescriptor field of the response remains empty. The server MUST return an NT_TRANSACT_QUERY_SECURITY_DESC Response (section 2.2.7.6.2).

Otherwise, the NT_Trans_Parameters.LengthNeeded field MUST be set to the length of the security descriptors retrieved, and the NT_Trans_Data.SecurityDescriptor field of the response contains the security descriptors retrieved from the file system. The server MUST return an NT_TRANSACT_QUERY_SECURITY_DESC Response (section 2.2.7.6.2).