FltQuerySecurityObject function (fltkernel.h)
FltQuerySecurityObject retrieves a copy of an object's security descriptor.
Syntax
NTSTATUS FLTAPI FltQuerySecurityObject(
[in] PFLT_INSTANCE Instance,
[in] PFILE_OBJECT FileObject,
[in] SECURITY_INFORMATION SecurityInformation,
[in, out] PSECURITY_DESCRIPTOR SecurityDescriptor,
[in] ULONG Length,
[out, optional] PULONG LengthNeeded
);
Parameters
[in] Instance
Opaque instance pointer for the caller. This parameter is required and cannot be NULL.
[in] FileObject
File object pointer for the object whose security descriptor is being queried. This parameter is required and cannot be NULL.
[in] SecurityInformation
SECURITY_INFORMATION value. This parameter is required and must be one of the following:
| SecurityInformation Value | Meaning |
|---|---|
| OWNER_SECURITY_INFORMATION | The owner identifier of the object is being queried. Requires READ_CONTROL access. |
| GROUP_SECURITY_INFORMATION | The primary group identifier of the object is being queried. Requires READ_CONTROL access. |
| DACL_SECURITY_INFORMATION | The discretionary access control list (DACL) of the object is being queried. Requires READ_CONTROL access. |
| SACL_SECURITY_INFORMATION | The system ACL (SACL) of the object is being queried. Requires ACCESS_SYSTEM_SECURITY access. |
[in, out] SecurityDescriptor
Pointer to a caller-supplied output buffer that receives a copy of the security descriptor for the specified object. The SECURITY_DESCRIPTOR structure is returned in self-relative format. This parameter is optional and can be NULL.
[in] Length
Size, in bytes, of the SecurityDescriptor buffer.
[out, optional] LengthNeeded
Pointer to a caller-allocated variable that receives the number of bytes required to store the copied security descriptor returned in the buffer pointed to by the SecurityDescriptor parameter. This parameter is optional and can be NULL.
Return value
FltQuerySecurityObject returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:
| Return code | Description |
|---|---|
|
The caller did not have the required access. This is an error code. |
|
The buffer is too small to contain the security descriptor. None of the security information was copied to the buffer. This is an error code. |
Remarks
A security descriptor can be in absolute or self-relative form. In self-relative form, all members of the structure are located contiguously in memory. In absolute form, the structure contains only pointers to its members.
The NTFS file system imposes a 64-KB limit on the size of the security descriptor that is written to disk for a file. (The FAT file system does not support security descriptors for files.) Thus, a 64-KB buffer pointed to by the SecurityDescriptor parameter is guaranteed to be large enough to hold the returned SECURITY_DESCRIPTOR structure.
The object that the FileObject parameter points to can represent a named data stream. For more information about named data streams, see FILE_STREAM_INFORMATION.
For more information about security and access control, see the Microsoft Windows SDK documentation.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | fltkernel.h (include Fltkernel.h) |
| Library | FltMgr.lib |
| DLL | Fltmgr.sys |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for