please dont rip this site Prev Next

BuildSecurityDescriptor info  Overview  Group

The BuildSecurityDescriptor function allocates and initializes a new security descriptor. A security descriptor is an opaque structure that contains the security information associated with an object. The function can initialize the new security descriptor by merging specified security information with the information in an existing security descriptor. If you don’t specify an existing security descriptor, the function initializes a new security descriptor based on the specified security information.

BuildSecurityDescriptor creates a self-relative security descriptor, which means that the security descriptor stores a SECURITY_DESCRIPTOR structure and associated security information in a contiguous block of memory. The self-relative format makes the security descriptor suitable for storing in a stream.

DWORD BuildSecurityDescriptor(

    PTRUSTEE pOwner,

// identifies owner for new security descriptor

    PTRUSTEE pGroup,

// identifies group for new security descriptor

    ULONG cCountOfAccessEntries,

// number of access-control entries in the list

    PEXPLICIT_ACCESS pListOfAccessEntries,

// pointer to list of access-control entries for DACL

    ULONG cCountOfAuditEntries,

// number of audit-control entries in the list

    PEXPLICIT_ACCESS pListOfAuditEntries,

// pointer to list of audit-control entries for SACL

    PSECURITY_DESCRIPTOR pOldSD,

// pointer to an existing security descriptor

    PULONG pSizeNewSD,

// pointer to the size of the new security descriptor

    PSECURITY_DESCRIPTOR * pNewSD

// pointer that receives the new security descriptor

   );

Parameters

pOwner
Pointer to a TRUSTEE structure that identifies the owner for the new security descriptor. If the structure uses the TRUSTEE_IS_NAME form, BuildSecurityDescriptor looks up the SID associated with the specified trustee name.

If this parameter is NULL, the function uses the owner SID from the original security descriptor pointed to by pOldSD. If pOldSD is NULL, or if the owner SID in pOldSD is NULL, the owner SID is NULL in the new security descriptor.

pGroup
Pointer to a TRUSTEE structure that identifies the primary group SID for the new security descriptor. If the structure uses the TRUSTEE_IS_NAME form, BuildSecurityDescriptor looks up the SID associated with the specified trustee name.

If this parameter is NULL, the function uses the group SID from the original security descriptor pointed to by pOldSD. If pOldSD is NULL, or if the group SID in pOldSD is NULL, the group SID is NULL in the new security descriptor.

cCountOfAccessEntries
Specifies the number of EXPLICIT_ACCESS structures in the pListOfAccessEntries array.
pListOfAccessEntries
Pointer to an array of EXPLICIT_ACCESS structures that describe access control information for the DACL of the new security descriptor. The function creates the new DACL by merging the information in the array with the DACL in pOldSD, if any. If pOldSD is NULL, or if the DACL in pOldSD is NULL, the function creates a new DACL based solely on the information in the array. For a description of the rules for creating an ACL from an array of EXPLICIT_ACCESS structures, see the SetEntriesInAcl function.

If pListOfAccessEntries is NULL, the new security descriptor gets the DACL from pOldSD. In this case, if pOldSD is NULL, or if the DACL in pOldSD is NULL, the new DACL is NULL.

cCountOfAuditEntries
Specifies the number of EXPLICIT_ACCESS structures in the pListOfAuditEntries array.
pListOfAuditEntries
Pointer to an array of EXPLICIT_ACCESS structures that describe audit control information for the SACL of the new security descriptor. The function creates the new SACL by merging the information in the array with the SACL in pOldSD, if any. If pOldSD is NULL, or the SACL in pOldSD is NULL, the function creates a new SACL based solely on the information in the array.

If pListOfAuditEntries is NULL, the new security descriptor gets the SACL from pOldSD. In this case, if pOldSD is NULL, or the SACL in pOldSD is NULL, the new SACL is NULL.

pOldSD
Pointer to an existing self-relative SECURITY_DESCRIPTOR structure and its associated security information. The function builds the new security descriptor by merging the specified owner, group, access-control, and audit-control information with the information in this security descriptor. This parameter can be NULL.
pSizeNewSD
Pointer to a ULONG variable that receives the size, in bytes, of the returned security descriptor.
pNewSD
Pointer to a variable that receives a pointer to the new security descriptor. The function allocates memory for the new security descriptor. You must call the LocalFree function to free the returned buffer.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

Remarks

The BuildSecurityDescriptor function is intended for trusted servers that implement or expose security on their own objects. The function uses self-relative security descriptors suitable for serializing into a stream and storing to disk, as a trusted server might require.

See Also

ACL, EXPLICIT_ACCESS, LocalFree, SECURITY_DESCRIPTOR, SetEntriesInAcl, SID, TRUSTEE 


file: /Techref/os/win/api/win32/func/src/f03_20.htm, 9KB, , updated: 2000/4/7 11:19, local time: 2024/12/27 01:57,
TOP NEW HELP FIND: 
3.147.51.72:LOG IN

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://massmind.org/Techref/os/win/api/win32/func/src/f03_20.htm"> BuildSecurityDescriptor</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

 

Welcome to massmind.org!

 

Welcome to massmind.org!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  .