2.1.5.14.1 Algorithm for Copying Audit or Label ACEs Into a Buffer

The inputs for an ACE copy are:

  • DestSacl: A destination buffer formatted as an access control list (ACL), as defined in [MS-DTYP] section 2.4.5.

  • SrcSacl: A source buffer formatted as an ACL, as defined in [MS-DTYP] section 2.4.5.

  • CopyAudit: A Boolean value. If TRUE, this algorithm copies only ACEs whose AceType field is not SYSTEM_MANDATORY_LABEL_ACE_TYPE. If FALSE, this algorithm copies only ACEs whose AceType field is SYSTEM_MANDATORY_LABEL_ACE_TYPE.

The ACE copy algorithm uses the following local variables:

  • ACE (as defined in [MS-DTYP] section 2.4.4): ThisAce

  • Byte pointer: NextFree

Pseudocode for the algorithm is as follows:

  • Copy (size of ACL as defined in [MS-DTYP] section 2.4.5) bytes from SrcSacl to DestSacl.

  • Set DestSacl.AceCount to 0.

  • Set DestSacl.AclSize to (size of ACL as defined in [MS-DTYP] section 2.4.5).

  • Set NextFree to (size of ACL as defined in [MS-DTYP] section 2.4.5) bytes from the beginning of DestSacl.

  • For each ACE ThisAce in SrcSacl:

    • If ((CopyAudit is TRUE and ThisAce.AceType is not SYSTEM_MANDATORY_LABEL_ACE_TYPE) or (CopyAudit is FALSE and ThisAce.AceType is SYSTEM_MANDATORY_LABEL_ACE_TYPE)):

      • Copy ThisAce.AceSize bytes from ThisAce to NextFree.

      • DestSacl.AceCount += 1

      • DestSacl.AclSize = DestSacl.AclSize + ThisAce.AceSize

      • Advance NextFree by ThisAce.AceSize bytes.

    • EndIf

  • EndFor