BOOL WINAPI AddAccessAllowedAce(
PACL pAcl,
DWORD dwAceRevision,
ACCESS_MASK AccessMask,
PSID pSid
);
| Parameter | Description |
|---|---|
| pAcl | Pointer to an ACL structure that receives the new ACE. |
| dwAceRevision | Revision level of the ACL. Use ACL_REVISION or ACL_REVISION_DS. |
| AccessMask | Access rights to be granted to the SID. |
| pSid | Pointer to the SID to which the access rights apply. |
Returns TRUE if the function succeeds; otherwise FALSE. Use GetLastError for extended error information.
InitializeAcl before calling this function.dwAceRevision must match the revision used when the ACL was created.ACCESS_ALLOWED_ACE structure.ERROR_ALLOTTED_SPACE_EXCEEDED.#include <windows.h>
#include <aclapi.h>
int main()
{
PACL pAcl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
PSID pSid = NULL;
BOOL bResult = FALSE;
// Create SID for the BUILTIN\\Users group
SID_IDENTIFIER_AUTHORITy SIDAuth = SECURITY_BUILTIN_DOMAIN_RID;
if(!AllocateAndInitializeSid(&SIDAuth,1,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,0,&pSid))
return 1;
// Initialize an empty ACL
pAcl = (PACL)LocalAlloc(LPTR, 1024);
if(!InitializeAcl(pAcl,1024,ACL_REVISION))
goto cleanup;
// Add an ACCESS_ALLOWED_ACE granting read/write
if(!AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_READ|GENERIC_WRITE, pSid))
goto cleanup;
// Create a security descriptor and set the DACL
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if(!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
goto cleanup;
if(!SetSecurityDescriptorDacl(pSD, TRUE, pAcl, FALSE))
goto cleanup;
// Apply security descriptor to a file
bResult = SetFileSecurity(L"example.txt", DACL_SECURITY_INFORMATION, pSD);
cleanup:
if(pSid) FreeSid(pSid);
if(pSD) LocalFree(pSD);
if(pAcl) LocalFree(pAcl);
return bResult ? 0 : 1;
}