Monday, February 12, 2007

Creating a Discretionary Access Control List (DACL)

Needed to create a DACL for a Named Pipe today. Here's what I ended up with.

Microsoft Developer Documentation Links:

SECURITY_ATTRIBUTES
Creating a DACL
SDDL

Some code below, (note LocalFree needs to be used on the SECURITY_ATTRIBUTES lpSecurityDescriptor member.)

#include <sddl.h>
BOOL CreateDACL( SECURITY_ATTRIBUTES * pSA ) {
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(D;OICI;GA;;;BG)") // Deny access to built-in guests
TEXT("(D;OICI;GA;;;AN)") // Deny access to anonymous logon
TEXT("(A;OICI;GRGWGX;;;AU)") // Allow read/write/execute to authenticated users
TEXT("(A;OICI;GA;;;BA)"); // Allow full control to administrators

if ( NULL == pSA ) { return FALSE; }
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL );
}

No comments: