Platform SDK: Access Control |
The InitializeAcl function creates a new ACL structure.
An ACL is an access-control list.
BOOL InitializeAcl( PACL pAcl, // ACL DWORD nAclLength, // size of ACL DWORD dwAclRevision // revision level of ACL );
Windows NT 4.0 and earlier: This value must be ACL_REVISION.
Windows 2000: This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL supports object-specific ACEs.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The ACL initialized by this function contains no ACEs. It is empty, as opposed to being a nonexistent ACL. If an empty ACL is applied to an object, it implicitly denies all access to that object.
To calculate the size of an ACL, add sizeof(ACL) to the size of all the ACEs to be stored in the ACL. To calculate the size of an ACE, add the size of the ACE structure, such as sizeof(ACCESS_ALLOWED_ACE), to the length of the SID associated with the ACE, and then subtract the size of the SidStart member (which is part of both the ACE structure and the SID). Use the GetSidLength function to get the length of a specified SID.
The following example shows how to calculate the size of an access-allowed ACE:
sizeof (ACCESS_ALLOWED_ACE) - sizeof (ACCESS_ALLOWED_ACE.SidStart) + GetLengthSid (pAceSid);
To calculate the size of an ACL, use the following algorithm, substituting the appropriate ACE structure in the sizeof(ACE) expression:
cbAcl = sizeof (ACL); for (i = 0 ; i < nAceCount ; i++) { // subtract ACE.SidStart from the size cbAce = sizeof (ACE) - sizeof (DWORD); // add this ACE's SID length cbAce += GetLengthSid (pAceSid[i]); // add the length of each ACE to the total ACL length cbAcl += cbAce; }
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, AddAccessAllowedAce, AddAccessDeniedAce, AddAce, AddAuditAccessAce, DeleteAce, GetAce, GetAclInformation, IsValidAcl, SetAclInformation, SID