QueryServiceObjectSecurity
The QueryServiceObjectSecurity
function retrieves a copy of the security descriptor protecting a service
object.
BOOL QueryServiceObjectSecurity(
|
SC_HANDLE hService, |
// handle of
service |
|
SECURITY_INFORMATION dwSecurityInformation, |
// type of security
information requested |
|
PSECURITY_DESCRIPTOR lpSecurityDescriptor, |
// address of security
descriptor |
|
DWORD cbBufSize, |
// size of security
descriptor buffer |
|
LPDWORD pcbBytesNeeded |
// address of
variable for bytes needed |
|
); |
|
Parameters
hService
Identifies
the service. This handle is returned by the OpenService or CreateService function, and it must have
READ_CONTROL access.
dwSecurityInformation
Specifies the
security information being requested. Any or all of the following flags can be
specified:
|
Value |
Meaning |
|
OWNER_SECURITY_INFORMATION |
Requests
the object s owner security identifier (SID). |
|
GROUP_SECURITY_INFORMATION |
Requests
the object s primary group SID. |
|
DACL_SECURITY_INFORMATION |
Requests
the object s discretionary access control list (ACL). |
|
SACL_SECURITY_INFORMATION |
Requests
the object s system ACL. The calling process must have the
SE_SECURITY_NAME privilege. For more information about privileges, see Privileges. |
lpSecurityDescriptor
Points to a
buffer that receives a copy of the security descriptor of the specified service
object. The calling process must have the appropriate access to view the
specified aspects of the object s security
descriptor. The SECURITY_DESCRIPTOR structure is returned in self-relative
format.
cbBufSize
Specifies the
size, in bytes, of the buffer pointed to by the lpSecurityDescriptor
parameter.
pcbBytesNeeded
Points to a
variable that receives the number of bytes needed to return all the requested
security descriptor information.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Errors
The following
error codes may be set by the service control manager. Other error codes may be
set by the registry functions that are called by the service control manager.
|
Value |
Meaning |
|
ERROR_ACCESS_DENIED |
The
specified handle was not opened with READ_CONTROL access, or the calling
process is not the owner of the object. |
|
ERROR_INVALID_HANDLE |
The
specified handle is invalid. |
|
ERROR_INSUFFICIENT_BUFFER |
There is
more security descriptor information than would fit into the lpSecurityDescriptor
buffer. The number of bytes required to get all the information is returned
in the pcbBytesNeeded parameter. Nothing is written to the lpSecurityDescriptor
buffer. |
|
ERROR_INVALID_PARAMETER |
The
specified security information is invalid. |
Remarks
The initial
security descriptor of a service object is created by the service control
manager, based on the security descriptor of the process that called the CreateService
function to create the service. The security descriptor can be changed by
calling the SetServiceObjectSecurity function.
See Also