RtlGetDaclSecurityDescriptor function (ntifs.h)
The RtlGetDaclSecurityDescriptor routine returns a pointer to the discretionary ACL (DACL) for a security descriptor.
Syntax
NTSYSAPI NTSTATUS RtlGetDaclSecurityDescriptor(
[in] PSECURITY_DESCRIPTOR SecurityDescriptor,
[out] PBOOLEAN DaclPresent,
[out] PACL *Dacl,
[out] PBOOLEAN DaclDefaulted
);
Parameters
[in] SecurityDescriptor
Pointer to the SECURITY_DESCRIPTOR whose DACL is to be returned.
[out] DaclPresent
Pointer to a Boolean variable that indicates the presence of a DACL in the specified security descriptor. If this variable receives TRUE, the security descriptor contains a DACL, and the remaining output parameters receive valid values. If this variable receives FALSE, the security descriptor does not contain a DACL, and the remaining output parameters do not receive valid values.
[out] Dacl
Pointer to a variable that receives the address of the DACL for the security descriptor. If the security descriptor does not have a DACL, this variable does not receive a value. If the security descriptor has a NULL DACL, this variable receives NULL. A NULL DACL implicitly allows all access to an object.
[out] DaclDefaulted
Pointer to a Boolean variable that receives the value of the SE_DACL_DEFAULTED flag in the security descriptor's SECURITY_DESCRIPTOR_CONTROL structure. If this flag is TRUE, the DACL was retrieved by a default mechanism. If it is FALSE, the DACL was explicitly specified by a user. This value is valid only if *Dacl receives a non-NULL value.
Return value
RtlGetDaclSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as the following:
| Return code | Description |
|---|---|
|
The security descriptor's revision level is unknown or is not supported. This is an error code. |
Remarks
A value of TRUE for *DaclPresent does not mean that *Dacl is non-NULL. That is, *DaclPresent can be TRUE while *Dacl is NULL, meaning that a NULL DACL is in effect. A NULL DACL implicitly allows all access to an object and is not the same as an empty DACL. An empty DACL permits no access to an object.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Server 2003 SP1 |
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | <= APC_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for