InitializeAcl
The InitializeAcl
function creates a new ACL structure.
An ACL is an
access-control list.
BOOL InitializeAcl(
|
PACL pAcl, |
// address of
access-control list |
|
DWORD nAclLength, |
// size of
access-control list |
|
DWORD dwAclRevision |
// revision level
of access-control list |
|
); |
|
Parameters
pAcl
Points to an ACL structure initialized by
this function.
nAclLength
Specifies the
length, in bytes, of the buffer pointed to by the pAcl parameter. This
value must be large enough to contain the ACL header and all of the
access-control entries (ACEs) to be stored in the ACL.
When
calculating the size of an ACL, note that each ACE in an ACL
gets the SID
specified by its SidStart member copied to the ACE structure,
starting at the ACE s SidStart member. Thus, each ACE
added to the ACL requires room for the ACE plus room for its SID
minus the size of the SidStart member (a DWORD).
For example,
the size of an ACL buffer large enough to contain a single ACCESS_ALLOWED_ACE is :
cbAcl
= sizeof(ACL) +
sizeof(ACCESS_ALLOWED_ACE)
+
GetLengthSid(pSid) - sizeof(DWORD) ;
Another
example: the size of an ACL buffer large enough to contain seven ACCESS_DENIED_ACE structures is :
cbAcl
= sizeof(ACL) + 7 * ( sizeof(ACCESS_DENIED_ACE) -
sizeof(DWORD)) +
GetLengthSid(pSid1) + GetLengthSid(pSid2) + ... + GetLengthSid(pSid7)
dwAclRevision
Specifies the
revision level of the ACL. This parameter must be set to the current revision
level, defined as ACL_REVISION for this version of Windows.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Remarks
The ACL
initialized by this function contains no ACEs. It is empty, as opposed to being
a nonexistent ACL. If an empty ACL is applied to an object, it implicitly denies
all access to that object.
See Also