Geoff Chappell - Software Analyst
This function produces security attributes suitable for granting all access to any securable object.
PSECURITY_ATTRIBUTES CreateAllAccessSecurityAttributes ( PSECURITY_ATTRIBUTES pSecurityAttributes, PSECURITY_DESCRIPTOR pSecurityDescriptor, PACL pDacl);
The pSecurityAttributes argument provides the address of a SECURITY_ATTRIBUTES structure for the function to initialise, or is NULL to have the function provide its own SECURITY_ATTRIBUTES structure.
The pSecurityDescriptor argument provides the address of a SECURITY_DESCRIPTOR structure for the function to initialise and to use for the security attributes. This argument is ignored if pSecurityAttributes is NULL.
The pDacl argument provides the address of a variable that is to receive the address of any ACL that the function prepares as the DACL for the given security descriptor, or is NULL.
The function returns the address of a SECURITY_ATTRIBUTES structure, if successful, else NULL.
The function fails trivially if not running on NT.
SHLWAPI provides for a master instance of suitable all-access security attributes to be prepared once per process. This means a SECURITY_ATTRIBUTES structure, which in turn points to a SECURITY_DESCRIPTOR structure in a memory block that also includes a DACL that would grant the following uninheritable access rights:
|User or Group||SID||Access Rights|
|World||S-1-1-0||GENERIC_READ, GENERIC_WRITE, GENERIC_EXECUTE, SYNCHRONIZE|
If this master instance of all-access security attributes has not yet been created and an attempt to create it now fails, then the function fails (including to store NULL at the address given by pDacl, if this address is not NULL).
If pSecurityAttributes is NULL, there is nothing more to do. The function returns the address of the master SECURITY_ATTRIBUTES structure (and stores NULL at the address given by pDacl, if this address is not NULL).
Otherwise, pSecurityAttributes and pSecurityDescriptor are respectively the addresses of SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR structures that the function is to initialise using a DACL that is copied from the master. The copy is made in memory obtained from LocalAlloc and may be freed through LocalFree when the caller is done with it. The function returns the address of the caller’s SECURITY_ATTRIBUTES structure and puts the address of the DACL copy into the variable addressed by the pDacl argument, if this is not NULL.
The CreateAllAccessSecurityAttributes function is exported from SHLWAPI as ordinal 356 in version 5.0 and higher, except in some builds of version 6.0:
Builds of version 6.0 from Windows Vista, and higher, export the function but only as a forward to SHUNIMPL so that the function always fails.
Though this function dates from as long ago as 1999, it was still not documented by Microsoft in the MSDN Library at least as late as the CD edition dated January 2004.