4.1 Adding an Entry to the Permissions List

In this example, the client is adding an entry for "user8" to the permissions list on the Calendar folder. To retrieve the current permissions on the folder, the client starts by trying to read the deprecated PidTagSecurityDescriptorAsXml property ([MS-XWDVSEC] section 2.2.2) of the folder, as described in section 3.1.4.1. To read this property, the client sends the following RopOpenStream ROP request ([MS-OXCROPS] section 2.2.9.1).

The RopOpenStream ROP request buffer contains the following data (9 bytes).

 0000: 2B 00 01 02 1F 00 6A 0E-00

RopId: 0x2B

LogonId: 0

InputHandleIndex: 1 (HSOT=0x000001DA)

OutputHandleIndex: 2 (HSOT=0xFFFFFFFF)

PropertyTag: 0x0E6A001F (PidTagSecurityDescriptorAsXml property)

OpenModeFlags: 0x00 (ReadOnly flag is set)

The server returns the following ROP response buffer, which indicates that it does not support the PidTagSecurityDescriptorAsXml property on this folder.

The RopOpenStream ROP response buffer contains the following data (6 bytes):

 0000: 2B 02 02 01 04 80

RopId: 0x2B

OutputHandleIndex: 2 (HSOT=0xFFFFFFFF)

ReturnValue: 0x80040102 (ecNotImplemented)

Because the server does not support the PidTagSecurityDescriptorAsXml property, the client falls back to using the RopGetPermissionsTable ROP ([MS-OXCROPS] section 2.2.10.2) as described in section 3.1.4.1. To retrieve a table that contains the current permissions list of the folder, the client sends the following three ROP requests, batched together into a single remote procedure call (RPC).

The RopGetPermissionsTable ROP request buffer contains the following data (5 bytes):

 0000: 3E 00 00 01 02

RopId: 0x3E

LogonId: 0

InputHandleIndex: 0 (HSOT=0x000001DA)

OutputHandleIndex: 1 (HSOT=0xFFFFFFFF)

TableFlags: 0x02 (IncludeFreeBusy flag is set)

The RopSetColumns ROP request buffer ([MS-OXCROPS] section 2.2.5.1) contains the following data (22 bytes):

 0000: 12 00 01 00 04 00 14 00-71 66 1F 00 72 66 03 00 ........qf..rf..
 0010: 73 66 02 01 FF 0F                               sf....

RopId: 0x12

LogonId: 0

InputHandleIndex: 1 (HSOT=0xFFFFFFFF)

SetColumnsFlags: 0x00 (Wait flag is set)

PropertyTagCount: 0x0004 (four property tags in the PropertyTags field)

PropertyTags:

0x66710014 (PidTagMemberId property (section 2.2.5))

0x6672001F (PidTagMemberName property (section 2.2.6))

0x66730003 (PidTagMemberRights property (section 2.2.7))

0x0FFF0102 (PidTagEntryId property (section 2.2.4))

The RopQueryRows ROP request buffer ([MS-OXCROPS] section 2.2.5.4) contains the following data (7 bytes):

 0000: 15 00 01 00 01 00 10

RopId: 0x15

LogonId: 0

InputHandleIndex: 1 (HSOT=0xFFFFFFFF)

QueryRowsFlags: 0x00 (Advance)

ForwardRead: 0x01 (True)

RowCount: 0x1000 (4096)

The server returns the following three ROP response buffers. The folder's current permissions list is in the RowData field of the RopQueryRows ROP response buffer.

The RopGetPermissionsTable ROP response buffer contains the following data (6 bytes):

 0000: 3E 01 00 00 00 00

RopId: 0x3E

OutputHandleIndex: 1 (HSOT=0x000000CA)

ReturnValue: 0x00000000 (success)

The RopSetColumns ROP response buffer contains the following data (7 bytes):

 0000: 12 01 00 00 00 00 00

RopId: 0x12

InputHandleIndex: 1 (HSOT=0x000000CA)

ReturnValue: 0x00000000 (success)

TableStatus: 0x00 (TBLSTAT_COMPLETE flag is set)

The RopQueryRows ROP response buffer contains the following data (61 bytes):

 0000: 15 01 00 00 00 00 02 02-00 00 00 00 00 00 00 00 ................
 0010: 00 00 00 00 00 08 00 00-00 00 00 FF FF FF FF FF ................
 0020: FF FF FF 41 00 6E 00 6F-00 6E 00 79 00 6D 00 6F ...A.n.o.n.y.m.o
 0030: 00 75 00 73 00 00 00 00-00 00 00 00 00          .u.s.........

RopId: 0x15

InputHandleIndex: 1 (HSOT=0x000000CA)

ReturnValue: 0x00000000 (success)

Origin: 0x02 (BOOKMARK_END flag is set)

RowCount: 0x0002 (two PropertyRow structures in the RowData field)

RowData:

PropertyRow structure #1 (beginning at address 0x0009 in the RopQueryRows ROP response buffer):

Flag: 0x00 (no errors)

ValueArray: This field contains the values of the properties that were specified in the PropertyTags field of the previous RopSetColumns request and are in the same order as those properties.

0x0000000000000000 (default user)

0x0000 (Unicode null)

0x00000800 (FreeBusySimple flag is set)

0x0000 (byte count is zero bytes, indicating that no PermanentEntryID structure ([MS-OXNSPI] section 2.2.9.3) is present)

PropertyRow structure #2 (beginning at address 0x001A in the RopQueryRows ROP response buffer):

Flag: 0x00 (no errors)

ValueArray:

0xFFFFFFFFFFFFFFFF (anonymous user)

"Anonymous"

0x00000000 (no permissions flags are set)

0x0000 (byte count is zero bytes, indicating that no PermanentEntryID structure is present)

Note that the current permissions list on this folder has two entries. The default user entry, contained in PropertyRow structure #1, has the FreeBusySimple permissions (0x00000800) on this folder. The anonymous user entry, contained in PropertyRow structure #2, has no permissions (0x00000000) on this folder.

Finally, the client sends the following RopModifyPermissions ROP request ([MS-OXCROPS] section 2.2.10.1) to add "user8" to the permissions list with the FreeBusyDetailed, FreeBusySimple, FolderVisible, FolderContact, FolderOwner, CreateSubFolder, DeleteAny, EditAny, DeleteOwned, EditOwned, Create, and ReadAny permissions flags set (0x00001FFB) for "user8" on this folder:

The RopModifyPermissions ROP request buffer contains the following data (147 bytes):

 0000: 40 00 02 02 01 00 01 02-00 02 01 FF 0F 7C 00 00 @............|..
 0010: 00 00 00 DC A7 40 C8 C0-42 10 1A B4 B9 08 00 2B .....@..B......+
 0020: 2F E1 82 01 00 00 00 00-00 00 00 2F 6F 3D 46 69 /........../o=Fi
 0030: 72 73 74 20 4F 72 67 61-6E 69 7A 61 74 69 6F 6E rst Organization
 0040: 2F 6F 75 3D 45 78 63 68-61 6E 67 65 20 41 64 6D /ou=Exchange Adm
 0050: 69 6E 69 73 74 72 61 74-69 76 65 20 47 72 6F 75 inistrative Grou
 0060: 70 20 28 46 59 44 49 42-4F 48 46 32 33 53 50 44 p (FYDIBOHF23SPD
 0070: 4C 54 29 2F 63 6E 3D 52-65 63 69 70 69 65 6E 74 LT)/cn=Recipient
 0080: 73 2F 63 6E 3D 75 73 65-72 38 00 03 00 73 66 FB s/cn=user8...sf.
 0090: 1F 00 00                                        ...

RopId: 0x40

LogonId: 0

InputHandleIndex: 2 (HSOT=0x000001DA)

ModifyFlags: 0x02 (IncludeFreeBusy flag is set)

ModifyCount: 0x0001 (one PermissionData structure in the PermissionsData field)

PermissionsData:

PermissionData structure (beginning at address 0x0006 in the RopModifyPermissions ROP request buffer):

PermissionDataFlags: 0x01 (AddRow flag is set)

PropertyValueCount: 0x0002 (two TaggedPropertyValue structures in the PropertyValues field)

PropertyValues:

TaggedPropertyValue structure #1 (beginning at address 0x0009 in the RopModifyPermissions ROP request buffer):

PropertyTag: 0x0FFF0102 (PidTagEntryId property)

PropertyValue: Beginning at address 0x000D in the RopModifyPermissions ROP request buffer, this field contains the byte-count, 0x007C (124), followed by the 124-byte PermanentEntryID structure.

TaggedPropertyValue structure #2 (beginning at address 0x008B in the RopModifyPermissions ROP request buffer):

PropertyTag: 0x66730003 (PidTagMemberRights property)

PropertyValue: 0x00001FFB (FreeBusyDetailed, FreeBusySimple, FolderVisible, FolderContact, FolderOwner, CreateSubFolder, DeleteAny, EditAny, DeleteOwned, EditOwned, Create, and ReadAny flags are set)

The server returns the following response buffer, which indicates that it has successfully updated the permissions list for the folder.

The RopModifyPermissions ROP response buffer contains the following data (6 bytes):

 0000: 40 02 00 00 00 00

RopId: 0x40

InputHandleIndex: 2 (HSOT=0x000001DA)

ReturnValue: 0x00000000 (success)

Show: