3.1.5.12.2 SamrQuerySecurityObject (Opnum 3)
The SamrQuerySecurityObject method queries the access control on a server, domain, user, group, or alias object.
-
long SamrQuerySecurityObject( [in] SAMPR_HANDLE ObjectHandle, [in] SECURITY_INFORMATION SecurityInformation, [out] PSAMPR_SR_SECURITY_DESCRIPTOR* SecurityDescriptor );
ObjectHandle: An RPC context handle, as specified in section 2.2.7.2, representing a server, domain, user, group, or alias object.
SecurityInformation: A bit field that specifies which fields of SecurityDescriptor the client is requesting to be returned.
-
The SECURITY_INFORMATION type is defined in [MS-DTYP] section 2.4.7. The following bits are valid; all other bits MUST be zero when sent and ignored on receipt.
-
Value
Meaning
OWNER_SECURITY_INFORMATION
0x00000001
If this bit is set, the client requests that the Owner member be returned.
If this bit is not set, the client requests that the Owner member not be returned.
GROUP_SECURITY_INFORMATION
0x00000002
If this bit is set, the client requests that the Group member be returned.
If this bit is not set, the client requests that the Group member not be returned.
DACL_SECURITY_INFORMATION
0x00000004
If this bit is set, the client requests that the DACL be returned.
If this bit is not set, the client requests that the DACL not be returned.
SACL_SECURITY_INFORMATION
0x00000008
If this bit is set, the client requests that the SACL be returned.
If this bit is not set, the client requests that the SACL not be returned.
SecurityDescriptor: A security descriptor expressing accesses that are specific to the ObjectHandle and the owner and group of the object. [MS-DTYP] section 2.4.6 contains the specification for a valid security descriptor.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Message processing for this method is specified in the following two sections.