Home Library Learn Samples Downloads Support Community Forums
0 out of 1 rated this helpful - Rate this topic

ZwSetSecurityObject routine

The ZwSetSecurityObject routine sets an object's security state.

Syntax

C++
Copy 

NTSTATUS ZwSetSecurityObject(
  _In_  HANDLE Handle,
  _In_  SECURITY_INFORMATION SecurityInformation,
  _In_  PSECURITY_DESCRIPTOR SecurityDescriptor
);

Parameters

Handle [in]

Handle for the object whose security state is to be set. This handle must have the access specified in the Meaning column of the table shown in the description of the SecurityInformation parameter.

SecurityInformation [in]

SECURITY_INFORMATION value specifying the information to be set. Can be a combination of one or more of the following.

ValueMeaning

DACL_SECURITY_INFORMATION

Indicates the discretionary access control list (DACL) of the object is to be set. Requires WRITE_DAC access.

GROUP_SECURITY_INFORMATION

Indicates the primary group identifier of the object is to be set. Requires WRITE_OWNER access.

OWNER_SECURITY_INFORMATION

Indicates the owner identifier of the object is to be set. Requires WRITE_OWNER access.

SACL_SECURITY_INFORMATION

Indicates the system ACL (SACL) of the object is to be set. Requires ACCESS_SYSTEM_SECURITY access.

 

SecurityDescriptor [in]

Pointer to the security descriptor to be set for the object.

Return value

ZwSetSecurityObject returns STATUS_SUCCESS or an appropriate error status. Possible error status codes include the following:

Return codeDescription
STATUS_ACCESS_DENIED

Handle does not have the required access rights.

STATUS_ACCESS_VIOLATION

SecurityDescriptor is a NULL pointer.

STATUS_INSUFFICIENT_RESOURCES

The object's security descriptor could not be captured.

STATUS_INVALID_ACL

The object's security descriptor contains an invalid ACL.

STATUS_INVALID_HANDLE

Handle is not a valid handle.

STATUS_INVALID_SECURITY_DESCR

SecurityDescriptor does not point to a valid security descriptor.

STATUS_INVALID_SID

The object's security descriptor contains an invalid SID.

STATUS_OBJECT_TYPE_MISMATCH

Handle is not a handle of the expected type.

STATUS_UNKNOWN_REVISION

The revision level of the object's security descriptor is unknown or is not supported.

 

Remarks

A security descriptor can be in absolute or self-relative form. In self-relative form, all members of the structure are located contiguously in memory. In absolute form, the structure only contains pointers to the members. For more information, see "Absolute and Self-Relative Security Descriptors" in the Security section of the Windows SDK documentation.

For more information about security and access control, see the documentation on these topics in the Windows SDK.

Minifilters should use FltSetSecurityObject instead of ZwSetSecurityObject.

Callers of ZwSetSecurityObject must be running at IRQL = PASSIVE_LEVEL and with special kernel APCs enabled.

Note  If the call to the ZwSetSecurityObject function occurs in user mode, you should use the name "NtSetSecurityObject" instead of "ZwSetSecurityObject".

Requirements

Version

Available starting with Windows XP.

Header
Ntifs.h (include Ntifs.h)

Library
Contained in Ntoskrnl.lib.

IRQL

PASSIVE_LEVEL (see Remarks section)

DDI compliance rules

 PowerIrpDDis, HwStorPortProhibitedDDIs

See also

FltSetSecurityObject
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
ZwQuerySecurityObject

 

 

Send comments about this topic to Microsoft

Build date: 5/22/2013

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.
|
Site Feedback
© 2013 Microsoft. All rights reserved.