Export (0) Print
Expand All
Expand Minimize

BuildSecurityDescriptor function

The BuildSecurityDescriptor function allocates and initializes a new security descriptor. This function can initialize the new security descriptor by merging specified security information with the information in an existing security descriptor. If you do not specify an existing security descriptor, the function initializes a new security descriptor based on the specified security information.

The BuildSecurityDescriptor function creates a self-relative security descriptor. The self-relative format makes the security descriptor suitable for storing in a stream.

Syntax


DWORD WINAPI BuildSecurityDescriptor(
  _In_opt_  PTRUSTEE pOwner,
  _In_opt_  PTRUSTEE pGroup,
  _In_      ULONG cCountOfAccessEntries,
  _In_opt_  PEXPLICIT_ACCESS pListOfAccessEntries,
  _In_      ULONG cCountOfAuditEntries,
  _In_opt_  PEXPLICIT_ACCESS pListOfAuditEntries,
  _In_opt_  PSECURITY_DESCRIPTOR pOldSD,
  _Out_     PULONG pSizeNewSD,
  _Out_     PSECURITY_DESCRIPTOR *pNewSD
);

Parameters

pOwner [in, optional]

A pointer to a TRUSTEE structure that identifies the owner for the new security descriptor. If the structure uses the TRUSTEE_IS_NAME form, BuildSecurityDescriptor looks up the security identifier (SID) associated with the specified trustee name.

If this parameter is NULL, the function uses the owner SID from the original security descriptor pointed to by pOldSD. If pOldSD is NULL, or if the owner SID in pOldSD is NULL, the owner SID is NULL in the new security descriptor.

pGroup [in, optional]

A pointer to a TRUSTEE structure that identifies the primary group SID for the new security descriptor. If the structure uses the TRUSTEE_IS_NAME form, BuildSecurityDescriptor looks up the SID associated with the specified trustee name.

If this parameter is NULL, the function uses the group SID from the original security descriptor pointed to by pOldSD. If pOldSD is NULL, or if the group SID in pOldSD is NULL, the group SID is NULL in the new security descriptor.

cCountOfAccessEntries [in]

The number of EXPLICIT_ACCESS structures in the pListOfAccessEntries array.

pListOfAccessEntries [in, optional]

A pointer to an array of EXPLICIT_ACCESS structures that describe access control information for the discretionary access control list (DACL) of the new security descriptor. The function creates the new DACL by merging the information in the array with the DACL in pOldSD, if any. If pOldSD is NULL, or if the DACL in pOldSD is NULL, the function creates a new DACL based solely on the information in the array. For a description of the rules for creating an ACL from an array of EXPLICIT_ACCESS structures, see the SetEntriesInAcl function.

If pListOfAccessEntries is NULL, the new security descriptor gets the DACL from pOldSD. In this case, if pOldSD is NULL, or if the DACL in pOldSD is NULL, the new DACL is NULL.

cCountOfAuditEntries [in]

The number of EXPLICIT_ACCESS structures in the pListOfAuditEntries array.

pListOfAuditEntries [in, optional]

A pointer to an array of EXPLICIT_ACCESS structures that describe audit control information for the SACL of the new security descriptor. The function creates the new SACL by merging the information in the array with the SACL in pOldSD, if any. If pOldSD is NULL, or the SACL in pOldSD is NULL, the function creates a new SACL based solely on the information in the array.

If pListOfAuditEntries is NULL, the new security descriptor gets the SACL from pOldSD. In this case, if pOldSD is NULL, or the SACL in pOldSD is NULL, the new SACL is NULL.

pOldSD [in, optional]

A pointer to an existing self-relative SECURITY_DESCRIPTOR structure and its associated security information. The function builds the new security descriptor by merging the specified owner, group, access control, and audit-control information with the information in this security descriptor. This parameter can be NULL.

pSizeNewSD [out]

A pointer to a variable that receives the size, in bytes, of the security descriptor.

pNewSD [out]

A pointer to a variable that receives a pointer to the new security descriptor. The function allocates memory for the new security descriptor. You must call the LocalFree function to free the returned buffer.

Return value

If the function succeeds, the function returns ERROR_SUCCESS.

If the function fails, it returns a nonzero error code defined in WinError.h.

Remarks

The BuildSecurityDescriptor function is intended for trusted servers that implement or expose security on their own objects. The function uses self-relative security descriptors suitable for serializing into a stream and storing to disk, as a trusted server might require.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Aclapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

Unicode and ANSI names

BuildSecurityDescriptorW (Unicode) and BuildSecurityDescriptorA (ANSI)

See also

Client/Server Access Control Overview
Client/Server Access Control Functions
ACL
EXPLICIT_ACCESS
LocalFree
SECURITY_DESCRIPTOR
SetEntriesInAcl
SID
TRUSTEE

 

 

Community Additions

ADD
Show:
© 2014 Microsoft