Windows Driver Kit: Kernel-Mode Driver Architecture
RtlSetDaclSecurityDescriptor
The RtlSetDaclSecurityDescriptor routine sets the DACL information of an absolute-format security descriptor, or if there is already a DACL present in the security descriptor, it is superseded.
NTSTATUS
RtlSetDaclSecurityDescriptor(
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN DaclPresent,
IN PACL Dacl OPTIONAL,
IN BOOLEAN DaclDefaulted OPTIONAL
);
Parameters
- SecurityDescriptor
- Pointer to the SECURITY_DESCRIPTOR to which the DACL is to be applied.
- DaclPresent
- If FALSE, indicates that the DaclPresent flag in the security descriptor should be set to FALSE. In this case, the remaining optional parameters are ignored. Otherwise, the DaclPresent control flag in the security descriptor is set to TRUE and the remaining optional parameters are not ignored.
- Dacl
- Pointer to the DACL for the security descriptor. If this parameter is NULL, a NULL ACL is assigned to the security descriptor. A NULL DACL unconditionally grants access. The DACL is referenced by, but not copied into, the security descriptor.
- DaclDefaulted
- When set, indicates that the DACL was picked up from some default mechanism rather than explicitly specified by the caller. This value is set in the DaclDefaulted control flag in the security descriptor. If this parameter is NULL, the DaclDefaulted flag will be cleared.
Return Value
RtlSetDaclSecurityDescriptor can return one of the following:
- STATUS_SUCCESS
- The call completed successfully.
- STATUS_UNKNOWN_REVISION
- The revision of the security descriptor is unknown.
- STATUS_INVALID_SECURITY_DESCR
- The security descriptor is not an absolute format security descriptor.
Requirements
IRQL: PASSIVE_LEVEL
Headers: Declared in Ntddk.h. Include Ntddk.h.
See Also
RtlCreateSecurityDescriptor, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, SECURITY_DESCRIPTOR