| Platform SDK: Access Control |
The following example converts a security descriptor string to a self-relative security descriptor using the ConvertStringSecurityDescriptorToSecurityDescriptor function, then converts the self-relative security descriptor to an absolute security descriptor using the MakeAbsoluteSD function.
VARIANT var;
PSECURITY_DESCRIPTOR pSDCNV = NULL;
SECURITY_DESCRIPTOR SD = {0};
DWORD dwSDSize = sizeof(SECURITY_DESCRIPTOR);
PSID pOwnerSID = NULL;
DWORD dwOwnerSIDSize = 0;
PSID pGroupSID = NULL;
DWORD dwGroupSIDSize = 0;
PACL pDACL = NULL;
DWORD dwDACLSize = 0;
PACL pSACL = NULL;
DWORD dwSACLSize = 0;
// ...
// Convert the security descriptor string to a security descriptor.
if ( ! ConvertStringSecurityDescriptorToSecurityDescriptor (
var.bstrVal, SDDL_REVISION_1, &pSDCNV, NULL ))
{
wprintf( L"Error: %d\n", GetLastError() );
goto Cleanup;
}
// Get the required buffer sizes.
if (! MakeAbsoluteSD(pSDCNV, &SD, &dwSDSize,
pDACL, &dwDACLSize,
pSACL, &dwSACLSize,
pOwnerSID, &dwOwnerSIDSize,
pGroupSID, &dwGroupSIDSize) )
{
// Allocate the buffers.
pDACL = (PACL) GlobalAlloc(GPTR, dwDACLSize);
pSACL = (PACL) GlobalAlloc(GPTR, dwSACLSize);
pOwnerSID = (PACL) GlobalAlloc(GPTR, dwOwnerSIDSize);
pGroupSID = (PACL) GlobalAlloc(GPTR, dwGroupSIDSize);
if (! (pDACL && pSACL && pOwnerSID && pGroupSID) )
{
wprintf(L"GlobalAlloc failed: %d\n", GetLastError() );
goto Cleanup;
}
// Convert self-relative security descriptor to absolute.
if (! MakeAbsoluteSD(pSDCNV, &SD, &dwSDSize, pDACL, &dwDACLSize,
pSACL, &dwSACLSize, pOwnerSID, &dwOwnerSIDSize,
pGroupSID, &dwGroupSIDSize) )
{
wprintf(L"MakeAbsoluteSD: %d\n", GetLastError() );
goto Cleanup;
}
}
// Clean up.
Cleanup:
VariantClear(&var);
if (pSDCNV)
LocalFree(pSDCNV);
if (pDACL)
GlobalFree(pDACL);
if (pSACL)
GlobalFree(pSACL);
if (pOwnerSID)
GlobalFree(pOwnerSID);
if (pGroupSID)
GlobalFree(pGroupSID);
if (pNewDACL)
LocalFree(pNewDACL);