3.1.4.28 NetrpSetFileSecurity (Opnum 40)

  • Article

The NetrpSetFileSecurity method sets the security of a file or directory.

 DWORD NetrpSetFileSecurity(
   [in, string, unique] SRVSVC_HANDLE ServerName,
   [in, string, unique] WCHAR* ShareName,
   [in, string] WCHAR* lpFileName,
   [in] SECURITY_INFORMATION SecurityInformation,
   [in] PADT_SECURITY_DESCRIPTOR SecurityDescriptor
 );

ServerName: An SRVSVC_HANDLE (section 2.2.1.1) pointer that identifies the server. The client MUST map this structure to an RPC binding handle (see [C706] sections 4.3.5 and 5.1.5.2). The server MUST ignore this parameter.

ShareName: A pointer to a null-terminated UTF-16 string that specifies the share name on which the file is found.

lpFileName: A pointer to a null-terminated UTF-16 string that specifies the name of the file or directory whose security is being set.

SecurityInformation: The type of security information being set, as specified in [MS-DTYP] section 2.4.7.

SecurityDescriptor: A pointer to a PADT_SECURITY_DESCRIPTOR structure, which provides the security descriptor to set.

Return Values: The method returns 0x00000000 (NERR_Success) to indicate success; otherwise, it returns a nonzero error code. The method can take any specific error code value, as specified in [MS-ERREF] section 2.2.

In response to a NetrpSetFileSecurity message, the server MUST set the security descriptor of the specified file or directory on the server or return an error code.

The ShareName parameter specifies a local share name on the server. The server MUST locate a Share from ShareList, where ShareName matches Share.ShareName. If no share is found, the server MUST fail the call with NERR_NetNameNotFound. The server MUST then combine Share.LocalPath with the lpFileName parameter to create a fully qualified path name that is local to the server. If the file does not exist, the server MUST fail the call with ERROR_FILE_NOT_FOUND.

The SecurityDescriptor parameter has a Buffer member that contains a security descriptor in self-relative format and a Length member that specifies the length, in bytes, of the Buffer member. The server MUST apply the descriptor in the Buffer member to the local file, whose PathName was computed as previously specified, by combining the local path that corresponds to the ShareName parameter and the lpFileName parameter.

The server SHOULD<106> enforce security measures to verify that the caller has the required permissions to execute this call. If the caller does not have the required credentials, the server SHOULD<107> fail the call.