Prev Next
The MakeAbsoluteSD function creates a security descriptor in absolute
format by using a security descriptor in self-relative format as a template.
BOOL MakeAbsoluteSD(
|
PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
|
// address self-relative SD
|
|
PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
|
// address of absolute SD
|
|
LPDWORD lpdwAbsoluteSecurityDescriptorSize,
|
// address of size of absolute SD
|
|
PACL pDacl,
|
// address of discretionary ACL
|
|
LPDWORD lpdwDaclSize,
|
// address of size of discretionary ACL
|
|
PACL pSacl,
|
// address of system ACL
|
|
LPDWORD lpdwSaclSize,
|
// address of size of system ACL
|
|
PSID pOwner,
|
// address of owner SID
|
|
LPDWORD lpdwOwnerSize,
|
// address of size of owner SID
|
|
PSID pPrimaryGroup,
|
// address of primary-group SID
|
|
LPDWORD lpdwPrimaryGroupSize
|
// address of size of group SID
|
|
);
|
|
Parameters
-
pSelfRelativeSecurityDescriptor
-
Points to a SECURITY_DESCRIPTOR
structure in self-relative format. The function creates an absolute-format
version of this security descriptor without modifying the original security
descriptor.
-
pAbsoluteSecurityDescriptor
-
Points to a buffer that the function fills with the main body of an
absolute-format security descriptor. This information is formatted as a SECURITY_DESCRIPTOR
structure.
-
lpdwAbsoluteSecurityDescriptorSize
-
Points to a variable specifying the size of the buffer pointed to by the pAbsoluteSecurityDescriptor
parameter. If the buffer is not large enough for the security descriptor, the
function fails and sets this variable to the minimum required size.
-
pDacl
-
Points to a buffer the function fills with the discretionary access-control
list (ACL) of the absolute-format security
descriptor. The main body of the absolute-format security descriptor
references this pointer.
-
lpdwDaclSize
-
Points to a variable specifying the size of the buffer pointed to by the pDacl
parameter. If the buffer is not large enough for the ACL, the function fails
and sets this variable to the minimum required size.
-
pSacl
-
Points to a buffer the function fills with the system ACL of the
absolute-format security descriptor. The main body of the absolute-format
security descriptor references this pointer.
-
lpdwSaclSize
-
Points to a variable specifying the size of the buffer pointed to by the pSacl
parameter. If the buffer is not large enough for the ACL, the function fails
and sets this variable to the minimum required size.
-
pOwner
-
Points to a buffer the function fills with the security identifier (SID) of
the owner of the absolute-format security descriptor. The main body of the
absolute-format security descriptor references this pointer.
-
lpdwOwnerSize
-
Points to a variable specifying the size of the buffer pointed to by the pOwner
parameter. If the buffer is not large enough for the SID, the function fails
and sets this variable to the minimum required size.
-
pPrimaryGroup
-
Points to a buffer the function fills with the SID of the absolute-format
security descriptor’s primary group. The main body of the absolute-format
security descriptor references this pointer.
-
lpdwPrimaryGroupSize
-
Points to a variable specifying the size of the buffer pointed to by the pPrimaryGroup
parameter. If the buffer is not large enough for the SID, the function fails
and sets this variable to the minimum required size.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call GetLastError.
Remarks
A security descriptor in absolute format contains pointers to the information
it contains, rather than the information itself. A security descriptor in
self-relative format contains the information in a contiguous block of memory.
In a self-relative security descriptor, a SECURITY_DESCRIPTOR
structure always starts the information, but the security descriptor’s other
components can follow the structure in any order. Instead of using memory
addresses, the components of the self-relative security descriptor are
identified by offsets from the beginning of the security descriptor. This
format is useful when an security descriptor must be stored on a floppy disk
or transmitted by means of a communications protocol.
A server that copies secured objects to various media can use the MakeAbsoluteSD
function to create an absolute security descriptor from a self-relative
security descriptor and the MakeSelfRelativeSD function to create a
self-relative security descriptor from an absolute security descriptor.
See Also
MakeSelfRelativeSD, SECURITY_DESCRIPTOR
See: