3.2.4.13 Application Requests Applying File Security

The application provides:

• A handle to the Open identifying a file or named pipe.

• The security information being applied in security descriptor format, as specified in [MS-DTYP] section 2.4.6.

• The security attributes it requires to set for the file, as specified in section 2.2.37.

If the handle is invalid, or if no Open referenced by the handle is found, the client MUST return an implementation-specific error code. If the handle is valid and Open is found, the client MUST proceed as follows.

For the specified Open, the client MUST select a connection as specified in section 3.2.4.1.7. If no connection is available, the client MUST fail the set operation.

Otherwise, the client initializes an SMB2 SET_INFO Request following the syntax specified in section 2.2.37. The SMB2 header MUST be initialized as follows:

• The Command field is set to SMB2 SET_INFO.

• The MessageId field is set as specified in section 3.2.4.1.3.

• The SessionId field is set to Open.TreeConnect.Session.SessionId.

• The TreeId field is set to Open.TreeConnect.TreeConnectId.

The SMB2 SET_INFO Request MUST be initialized as follows:

• The InfoType field is set to SMB2_0_INFO_SECURITY.

• The FileInfoClass field is set to 0.

• The security descriptor that is provided by the client is copied into Buffer[].

• The BufferOffset field is set to the offset, in bytes, from the beginning of the SMB2 header to Buffer[].

• The BufferLength field is set to the length, in bytes, of the security descriptor that is provided by the application.

• The AdditionalInformation is set to the security attributes that are provided by the calling application.

• The FileId field is set to Open.FileId.

The request MUST be sent to the server.