Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 MakeAbsoluteSD Function

  Switch on low bandwidth view
MakeAbsoluteSD Function

The MakeAbsoluteSD function creates a security descriptor in absolute format by using a security descriptor in self-relative format as a template.

Syntax

C++
BOOL WINAPI MakeAbsoluteSD(
  __in       PSECURITY_DESCRIPTOR pSelfRelativeSD,
  __out_opt  PSECURITY_DESCRIPTOR pAbsoluteSD,
  __inout    LPDWORD lpdwAbsoluteSDSize,
  __out_opt  PACL pDacl,
  __inout    LPDWORD lpdwDaclSize,
  __out_opt  PACL pSacl,
  __inout    LPDWORD lpdwSaclSize,
  __out_opt  PSID pOwner,
  __inout    LPDWORD lpdwOwnerSize,
  __out_opt  PSID pPrimaryGroup,
  __inout    LPDWORD lpdwPrimaryGroupSize
);

Parameters

pSelfRelativeSD [in]

A pointer to a SECURITY_DESCRIPTOR structure in self-relative format. The function creates an absolute-format version of this security descriptor without modifying the original security descriptor.

pAbsoluteSD [out, optional]

A pointer to a buffer that the function fills with the main body of an absolute-format security descriptor. This information is formatted as a SECURITY_DESCRIPTOR structure.

lpdwAbsoluteSDSize [in, out]

A pointer to a variable that specifies the size of the buffer pointed to by the pAbsoluteSD parameter. If the buffer is not large enough for the security descriptor, the function fails and sets this variable to the minimum required size.

pDacl [out, optional]

A pointer to a buffer the function fills with the discretionary access control list (DACL) of the absolute-format security descriptor. The main body of the absolute-format security descriptor references this pointer.

lpdwDaclSize [in, out]

A pointer to a variable that specifies the size of the buffer pointed to by the pDacl parameter. If the buffer is not large enough for the access control list (ACL), the function fails and sets this variable to the minimum required size.

pSacl [out, optional]

A pointer to a buffer the function fills with the system access control list (SACL) of the absolute-format security descriptor. The main body of the absolute-format security descriptor references this pointer.

lpdwSaclSize [in, out]

A pointer to a variable that specifies the size of the buffer pointed to by the pSacl parameter. If the buffer is not large enough for the ACL, the function fails and sets this variable to the minimum required size.

pOwner [out, optional]

A pointer to a buffer the function fills with the security identifier (SID) of the owner of the absolute-format security descriptor. The main body of the absolute-format security descriptor references this pointer.

lpdwOwnerSize [in, out]

A pointer to a variable that specifies the size of the buffer pointed to by the pOwner parameter. If the buffer is not large enough for the SID, the function fails and sets this variable to the minimum required size.

pPrimaryGroup [out, optional]

A pointer to a buffer the function fills with the SID of the absolute-format security descriptor's primary group. The main body of the absolute-format security descriptor references this pointer.

lpdwPrimaryGroupSize [in, out]

A pointer to a variable that specifies the size of the buffer pointed to by the pPrimaryGroup parameter. If the buffer is not large enough for the SID, the function fails and sets this variable to the minimum required size.

Return Value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError. Possible return codes include, but are not limited to, the following.

Return code/valueDescription
STATUS_BUFFER_TOO_SMALL
0xC0000023

One or more of the buffers is too small.

STATUS_INVALID_OWNER
0xC000005A

The security descriptor specified by the pSelfRelativeSD parameter does not contain a valid owner.

 

Remarks

A security descriptor in absolute format contains pointers to the information it contains, rather than the information itself. A security descriptor in self-relative format contains the information in a contiguous block of memory. In a self-relative security descriptor, a SECURITY_DESCRIPTOR structure always starts the information, but the security descriptor's other components can follow the structure in any order. Instead of using memory addresses, the components of the self-relative security descriptor are identified by offsets from the beginning of the security descriptor. This format is useful when a security descriptor must be stored on a floppy disk or transmitted by means of a communications protocol.

A server that copies secured objects to various media can use the MakeAbsoluteSD function to create an absolute security descriptor from a self-relative security descriptor and the MakeSelfRelativeSD function to create a self-relative security descriptor from an absolute security descriptor.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWinbase.h (include Windows.h)
LibraryAdvapi32.lib
DLLAdvapi32.dll

See Also

Low-level Access Control
Low-level Access Control Functions
MakeSelfRelativeSD
SECURITY_DESCRIPTOR

Send comments about this topic to Microsoft

Build date: 6/26/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker