IRP_MJ_QUERY_SECURITY

When Sent

The IRP_MJ_QUERY_SECURITY request is sent by the I/O Manager. It can be sent, for example, when a user-mode application has called a Microsoft Win32 function such as GetSecurityInfo.

Operation: File System Drivers

The file system driver should extract and decode the file object to determine whether it represents a user file or directory open. If it does, the driver should process the query and complete the IRP. Otherwise, the driver should complete the IRP as appropriate without processing the query.

Operation: File System Filter Drivers

The filter driver should pass this IRP down to the next-lower driver on the stack.

Parameters

A file system or filter driver calls IoGetCurrentIrpStackLocation with the given IRP to get a pointer to its own stack location in the IRP, shown in the following list as IrpSp. (The IRP is shown as Irp.) The driver can use the information that is set in the following members of the IRP and the IRP stack location in processing a query security request:

DeviceObject

A pointer to the target device object.

Irp->IoStatus

A pointer to an IO_STATUS_BLOCK structure that receives the final completion status and information about the requested operation.

Irp->UserBuffer

A pointer to a caller-supplied output buffer that receives a copy of the security descriptor of the specified object. The calling process must have the right to view the specified aspects of the object's security status. The SECURITY_DESCRIPTOR structure is returned in self-relative format.

IrpSp->FileObject

A pointer to the file object that is associated with DeviceObject.

On Windows XP and later, the file object can represent a named data stream. For more information about named data streams, see FILE_STREAM_INFORMATION.

The IrpSp->FileObject parameter contains a pointer to the RelatedFileObject field, which is also a FILE_OBJECT structure. The RelatedFileObject field of the FILE_OBJECT structure is not valid during the processing of IRP_MJ_QUERY_SECURITY and should not be used.

IrpSp->MajorFunction

Specifies IRP_MJ_QUERY_SECURITY.

IrpSp->Parameters.QuerySecurity.Length

The size, in bytes, of the buffer pointed to by the Irp->UserBuffer parameter.

IrpSp->Parameters.QuerySecurity.SecurityInformation

A pointer to the SECURITY_INFORMATION structure for the operation.

SecurityInformation ValueMeaning

OWNER_SECURITY_INFORMATION

Indicates that the owner identifier of the object is being queried. Requires READ_CONTROL access.

GROUP_SECURITY_INFORMATION

Indicates that the primary group identifier of the object is being queried. Requires READ_CONTROL access.

DACL_SECURITY_INFORMATION

Indicates that the discretionary access control list (DACL) of the object is being queried. Requires READ_CONTROL access.

SACL_SECURITY_INFORMATION

Indicates that the system ACL (SACL) of the object is being queried. Requires ACCESS_SYSTEM_SECURITY access.

 

See also

FILE_STREAM_INFORMATION
IO_STACK_LOCATION
IO_STATUS_BLOCK
IoGetCurrentIrpStackLocation
IRP
IRP_MJ_SET_SECURITY
SECURITY_DESCRIPTOR
SECURITY_INFORMATION

 

 

Send comments about this topic to Microsoft

Show: