The LookupSecurityDescriptorParts function retrieves security information from a self-relative security descriptor.
DWORD LookupSecurityDescriptorParts(
PTRUSTEE *pOwner, |
// receives the owner SID from the security descriptor |
PTRUSTEE *pGroup, |
// receives the group SID from the security descriptor |
PULONG cCountOfAccessEntries, |
// receives number of access-control entries |
PEXPLICIT_ACCESS *pListOfAccessEntries, |
// receives an array of DACL access-control entries |
PULONG cCountOfAuditEntries, |
// receives number of audit-control entries |
PEXPLICIT_ACCESS *pListOfAuditEntries, |
// receives an array of SACL audit-control entries |
PSECURITY_DESCRIPTOR pSD |
// pointer to the security descriptor |
); |
This parameter can be NULL if you are not interested in the name of the owner.
This parameter can be NULL if you are not interested in the name of the group.
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
The LookupSecurityDescriptorParts function retrieves the names of the owner and primary group of the security descriptor. It also returns descriptions of the access-control entries in the DACL and audit-control entries in the SACL of the security descriptor.
The parameters other than pSD can be NULL if you are not interested in the information. If you do not want information about the DACL, both pListOfAccessEntries and cCountOfAccessEntries must be NULL. If you do not want information about the SACL, both pListOfAuditEntries and cCountOfAuditEntries must be NULL. Similarly, if you do want DACL or SACL information, both of the corresponding parameters must be non-NULL.
You must call the LocalFree function to free any buffers returned by the pOwner, pGroup, pListOfAccessEntries, or pListOfAuditEntries parameters.
The LookupSecurityDescriptorParts function is intended for trusted servers that implement or expose security on their own objects. The function works with a self-relative security descriptor suitable for serializing into a stream and storing to disk, as a trusted server might require.
ACE, ACL, EXPLICIT_ACCESS, LocalFree, SECURITY_DESCRIPTOR, GetExplicitEntriesFromAcl, SID, TRUSTEE