2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: ntoskrnl/se/semgr.c
5 * PURPOSE: Security manager
7 * PROGRAMMERS: No programmer listed.
10 /* INCLUDES *******************************************************************/
16 /* GLOBALS ********************************************************************/
18 PSE_EXPORTS SeExports
= NULL
;
19 SE_EXPORTS SepExports
;
21 extern ULONG ExpInitializationPhase
;
22 extern ERESOURCE SepSubjectContextLock
;
24 /* PRIVATE FUNCTIONS **********************************************************/
26 static BOOLEAN INIT_FUNCTION
29 SepExports
.SeCreateTokenPrivilege
= SeCreateTokenPrivilege
;
30 SepExports
.SeAssignPrimaryTokenPrivilege
= SeAssignPrimaryTokenPrivilege
;
31 SepExports
.SeLockMemoryPrivilege
= SeLockMemoryPrivilege
;
32 SepExports
.SeIncreaseQuotaPrivilege
= SeIncreaseQuotaPrivilege
;
33 SepExports
.SeUnsolicitedInputPrivilege
= SeUnsolicitedInputPrivilege
;
34 SepExports
.SeTcbPrivilege
= SeTcbPrivilege
;
35 SepExports
.SeSecurityPrivilege
= SeSecurityPrivilege
;
36 SepExports
.SeTakeOwnershipPrivilege
= SeTakeOwnershipPrivilege
;
37 SepExports
.SeLoadDriverPrivilege
= SeLoadDriverPrivilege
;
38 SepExports
.SeCreatePagefilePrivilege
= SeCreatePagefilePrivilege
;
39 SepExports
.SeIncreaseBasePriorityPrivilege
= SeIncreaseBasePriorityPrivilege
;
40 SepExports
.SeSystemProfilePrivilege
= SeSystemProfilePrivilege
;
41 SepExports
.SeSystemtimePrivilege
= SeSystemtimePrivilege
;
42 SepExports
.SeProfileSingleProcessPrivilege
= SeProfileSingleProcessPrivilege
;
43 SepExports
.SeCreatePermanentPrivilege
= SeCreatePermanentPrivilege
;
44 SepExports
.SeBackupPrivilege
= SeBackupPrivilege
;
45 SepExports
.SeRestorePrivilege
= SeRestorePrivilege
;
46 SepExports
.SeShutdownPrivilege
= SeShutdownPrivilege
;
47 SepExports
.SeDebugPrivilege
= SeDebugPrivilege
;
48 SepExports
.SeAuditPrivilege
= SeAuditPrivilege
;
49 SepExports
.SeSystemEnvironmentPrivilege
= SeSystemEnvironmentPrivilege
;
50 SepExports
.SeChangeNotifyPrivilege
= SeChangeNotifyPrivilege
;
51 SepExports
.SeRemoteShutdownPrivilege
= SeRemoteShutdownPrivilege
;
53 SepExports
.SeNullSid
= SeNullSid
;
54 SepExports
.SeWorldSid
= SeWorldSid
;
55 SepExports
.SeLocalSid
= SeLocalSid
;
56 SepExports
.SeCreatorOwnerSid
= SeCreatorOwnerSid
;
57 SepExports
.SeCreatorGroupSid
= SeCreatorGroupSid
;
58 SepExports
.SeNtAuthoritySid
= SeNtAuthoritySid
;
59 SepExports
.SeDialupSid
= SeDialupSid
;
60 SepExports
.SeNetworkSid
= SeNetworkSid
;
61 SepExports
.SeBatchSid
= SeBatchSid
;
62 SepExports
.SeInteractiveSid
= SeInteractiveSid
;
63 SepExports
.SeLocalSystemSid
= SeLocalSystemSid
;
64 SepExports
.SeAliasAdminsSid
= SeAliasAdminsSid
;
65 SepExports
.SeAliasUsersSid
= SeAliasUsersSid
;
66 SepExports
.SeAliasGuestsSid
= SeAliasGuestsSid
;
67 SepExports
.SeAliasPowerUsersSid
= SeAliasPowerUsersSid
;
68 SepExports
.SeAliasAccountOpsSid
= SeAliasAccountOpsSid
;
69 SepExports
.SeAliasSystemOpsSid
= SeAliasSystemOpsSid
;
70 SepExports
.SeAliasPrintOpsSid
= SeAliasPrintOpsSid
;
71 SepExports
.SeAliasBackupOpsSid
= SeAliasBackupOpsSid
;
72 SepExports
.SeAuthenticatedUsersSid
= SeAuthenticatedUsersSid
;
73 SepExports
.SeRestrictedSid
= SeRestrictedSid
;
74 SepExports
.SeAnonymousLogonSid
= SeAnonymousLogonSid
;
76 SepExports
.SeUndockPrivilege
= SeUndockPrivilege
;
77 SepExports
.SeSyncAgentPrivilege
= SeSyncAgentPrivilege
;
78 SepExports
.SeEnableDelegationPrivilege
= SeEnableDelegationPrivilege
;
80 SeExports
= &SepExports
;
87 SepInitializationPhase0(VOID
)
92 if (!SepInitSecurityIDs()) return FALSE
;
93 if (!SepInitDACLs()) return FALSE
;
94 if (!SepInitSDs()) return FALSE
;
96 if (!SepInitExports()) return FALSE
;
98 /* Initialize the subject context lock */
99 ExInitializeResource(&SepSubjectContextLock
);
101 /* Initialize token objects */
102 SepInitializeTokenImplementation();
104 /* Clear impersonation info for the idle thread */
105 PsGetCurrentThread()->ImpersonationInfo
= NULL
;
106 PspClearCrossThreadFlag(PsGetCurrentThread(),
107 CT_ACTIVE_IMPERSONATION_INFO_BIT
);
109 /* Initialize the boot token */
110 ObInitializeFastReference(&PsGetCurrentProcess()->Token
, NULL
);
111 ObInitializeFastReference(&PsGetCurrentProcess()->Token
,
112 SepCreateSystemProcessToken());
118 SepInitializationPhase1(VOID
)
123 /* Insert the system token into the tree */
124 Status
= ObInsertObject((PVOID
)(PsGetCurrentProcess()->Token
.Value
&
131 ASSERT(NT_SUCCESS(Status
));
133 /* FIXME: TODO \\ Security directory */
141 /* Check the initialization phase */
142 switch (ExpInitializationPhase
)
147 return SepInitializationPhase0();
152 return SepInitializationPhase1();
156 /* Don't know any other phase! Bugcheck! */
157 KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL
,
159 ExpInitializationPhase
,
170 OBJECT_ATTRIBUTES ObjectAttributes
;
172 HANDLE DirectoryHandle
;
176 /* Create '\Security' directory */
177 RtlInitUnicodeString(&Name
,
179 InitializeObjectAttributes(&ObjectAttributes
,
184 Status
= ZwCreateDirectoryObject(&DirectoryHandle
,
185 DIRECTORY_ALL_ACCESS
,
187 if (!NT_SUCCESS(Status
))
189 DPRINT1("Failed to create 'Security' directory!\n");
193 /* Create 'LSA_AUTHENTICATION_INITALIZED' event */
194 RtlInitUnicodeString(&Name
,
195 L
"\\LSA_AUTHENTICATION_INITALIZED");
196 InitializeObjectAttributes(&ObjectAttributes
,
201 Status
= ZwCreateEvent(&EventHandle
,
204 SynchronizationEvent
,
206 if (!NT_SUCCESS(Status
))
208 DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n");
209 NtClose(DirectoryHandle
);
213 ZwClose(EventHandle
);
214 ZwClose(DirectoryHandle
);
216 /* FIXME: Create SRM port and listener thread */
223 SeDefaultObjectMethod(IN PVOID Object
,
224 IN SECURITY_OPERATION_CODE OperationType
,
225 IN PSECURITY_INFORMATION SecurityInformation
,
226 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
227 IN OUT PULONG ReturnLength OPTIONAL
,
228 IN OUT PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
229 IN POOL_TYPE PoolType
,
230 IN PGENERIC_MAPPING GenericMapping
)
234 /* Select the operation type */
235 switch (OperationType
)
237 /* Setting a new descriptor */
238 case SetSecurityDescriptor
:
241 ASSERT((PoolType
== PagedPool
) || (PoolType
== NonPagedPool
));
243 /* Set the information */
244 return ObSetSecurityDescriptorInfo(Object
,
247 OldSecurityDescriptor
,
251 case QuerySecurityDescriptor
:
253 /* Query the information */
254 return ObQuerySecurityDescriptorInfo(Object
,
258 OldSecurityDescriptor
);
260 case DeleteSecurityDescriptor
:
263 return ObDeassignSecurity(OldSecurityDescriptor
);
265 case AssignSecurityDescriptor
:
268 ObAssignObjectSecurityDescriptor(Object
, SecurityDescriptor
, PoolType
);
269 return STATUS_SUCCESS
;
274 KeBugCheckEx(SECURITY_SYSTEM
, 0, STATUS_INVALID_PARAMETER
, 0, 0);
277 /* Should never reach here */
279 return STATUS_SUCCESS
;
284 SepSidInToken(PACCESS_TOKEN _Token
,
288 PTOKEN Token
= (PTOKEN
)_Token
;
292 if (Token
->UserAndGroupCount
== 0)
297 for (i
=0; i
<Token
->UserAndGroupCount
; i
++)
299 if (RtlEqualSid(Sid
, Token
->UserAndGroups
[i
].Sid
))
301 if (Token
->UserAndGroups
[i
].Attributes
& SE_GROUP_ENABLED
)
315 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
316 OUT PACCESS_MASK DesiredAccess
)
320 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
|
321 GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
323 *DesiredAccess
|= READ_CONTROL
;
325 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
327 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
332 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
333 OUT PACCESS_MASK DesiredAccess
)
337 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
339 *DesiredAccess
|= WRITE_OWNER
;
341 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
343 *DesiredAccess
|= WRITE_DAC
;
345 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
347 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
352 SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
353 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
354 IN BOOLEAN SubjectContextLocked
,
355 IN ACCESS_MASK DesiredAccess
,
356 IN ACCESS_MASK PreviouslyGrantedAccess
,
357 OUT PPRIVILEGE_SET
* Privileges
,
358 IN PGENERIC_MAPPING GenericMapping
,
359 IN KPROCESSOR_MODE AccessMode
,
360 OUT PACCESS_MASK GrantedAccess
,
361 OUT PNTSTATUS AccessStatus
,
362 SECURITY_IMPERSONATION_LEVEL LowestImpersonationLevel
)
364 LUID_AND_ATTRIBUTES Privilege
;
365 ACCESS_MASK CurrentAccess
, AccessMask
;
376 /* Check if this is kernel mode */
377 if (AccessMode
== KernelMode
)
379 /* Check if kernel wants everything */
380 if (DesiredAccess
& MAXIMUM_ALLOWED
)
383 *GrantedAccess
= GenericMapping
->GenericAll
;
384 *GrantedAccess
|= (DesiredAccess
&~ MAXIMUM_ALLOWED
);
385 *GrantedAccess
|= PreviouslyGrantedAccess
;
389 /* Give the desired and previous access */
390 *GrantedAccess
= DesiredAccess
| PreviouslyGrantedAccess
;
394 *AccessStatus
= STATUS_SUCCESS
;
398 /* Check if we didn't get an SD */
399 if (!SecurityDescriptor
)
401 /* Automatic failure */
402 *AccessStatus
= STATUS_ACCESS_DENIED
;
406 /* Check for invalid impersonation */
407 if ((SubjectSecurityContext
->ClientToken
) &&
408 (SubjectSecurityContext
->ImpersonationLevel
< LowestImpersonationLevel
))
410 *AccessStatus
= STATUS_BAD_IMPERSONATION_LEVEL
;
414 /* Check for no access desired */
417 /* Check if we had no previous access */
418 if (!PreviouslyGrantedAccess
)
420 /* Then there's nothing to give */
421 *AccessStatus
= STATUS_ACCESS_DENIED
;
425 /* Return the previous access only */
426 *GrantedAccess
= PreviouslyGrantedAccess
;
427 *AccessStatus
= STATUS_SUCCESS
;
432 /* Acquire the lock if needed */
433 if (!SubjectContextLocked
) SeLockSubjectContext(SubjectSecurityContext
);
435 /* Map given accesses */
436 RtlMapGenericMask(&DesiredAccess
, GenericMapping
);
437 if (PreviouslyGrantedAccess
)
438 RtlMapGenericMask(&PreviouslyGrantedAccess
, GenericMapping
);
442 CurrentAccess
= PreviouslyGrantedAccess
;
446 Token
= SubjectSecurityContext
->ClientToken
?
447 SubjectSecurityContext
->ClientToken
: SubjectSecurityContext
->PrimaryToken
;
450 Status
= RtlGetDaclSecurityDescriptor(SecurityDescriptor
,
454 if (!NT_SUCCESS(Status
))
456 if (SubjectContextLocked
== FALSE
)
458 SeUnlockSubjectContext(SubjectSecurityContext
);
461 *AccessStatus
= Status
;
465 /* RULE 1: Grant desired access if the object is unprotected */
466 if (Present
== TRUE
&& Dacl
== NULL
)
468 if (SubjectContextLocked
== FALSE
)
470 SeUnlockSubjectContext(SubjectSecurityContext
);
473 *GrantedAccess
= DesiredAccess
;
474 *AccessStatus
= STATUS_SUCCESS
;
478 CurrentAccess
= PreviouslyGrantedAccess
;
480 /* RULE 2: Check token for 'take ownership' privilege */
481 Privilege
.Luid
= SeTakeOwnershipPrivilege
;
482 Privilege
.Attributes
= SE_PRIVILEGE_ENABLED
;
484 if (SepPrivilegeCheck(Token
,
487 PRIVILEGE_SET_ALL_NECESSARY
,
490 CurrentAccess
|= WRITE_OWNER
;
491 if ((DesiredAccess
& ~VALID_INHERIT_FLAGS
) ==
492 (CurrentAccess
& ~VALID_INHERIT_FLAGS
))
494 if (SubjectContextLocked
== FALSE
)
496 SeUnlockSubjectContext(SubjectSecurityContext
);
499 *GrantedAccess
= CurrentAccess
;
500 *AccessStatus
= STATUS_SUCCESS
;
505 /* RULE 3: Check whether the token is the owner */
506 Status
= RtlGetOwnerSecurityDescriptor(SecurityDescriptor
,
509 if (!NT_SUCCESS(Status
))
511 DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status
);
512 if (SubjectContextLocked
== FALSE
)
514 SeUnlockSubjectContext(SubjectSecurityContext
);
517 *AccessStatus
= Status
;
521 if (Sid
&& SepSidInToken(Token
, Sid
))
523 CurrentAccess
|= (READ_CONTROL
| WRITE_DAC
);
524 if ((DesiredAccess
& ~VALID_INHERIT_FLAGS
) ==
525 (CurrentAccess
& ~VALID_INHERIT_FLAGS
))
527 if (SubjectContextLocked
== FALSE
)
529 SeUnlockSubjectContext(SubjectSecurityContext
);
532 *GrantedAccess
= CurrentAccess
;
533 *AccessStatus
= STATUS_SUCCESS
;
538 /* Fail if DACL is absent */
539 if (Present
== FALSE
)
541 if (SubjectContextLocked
== FALSE
)
543 SeUnlockSubjectContext(SubjectSecurityContext
);
547 *AccessStatus
= STATUS_ACCESS_DENIED
;
551 /* RULE 4: Grant rights according to the DACL */
552 CurrentAce
= (PACE
)(Dacl
+ 1);
553 for (i
= 0; i
< Dacl
->AceCount
; i
++)
555 Sid
= (PSID
)(CurrentAce
+ 1);
556 if (CurrentAce
->Header
.AceType
== ACCESS_DENIED_ACE_TYPE
)
558 if (SepSidInToken(Token
, Sid
))
560 if (SubjectContextLocked
== FALSE
)
562 SeUnlockSubjectContext(SubjectSecurityContext
);
566 *AccessStatus
= STATUS_ACCESS_DENIED
;
571 else if (CurrentAce
->Header
.AceType
== ACCESS_ALLOWED_ACE_TYPE
)
573 if (SepSidInToken(Token
, Sid
))
575 AccessMask
= CurrentAce
->AccessMask
;
576 RtlMapGenericMask(&AccessMask
, GenericMapping
);
577 CurrentAccess
|= AccessMask
;
582 DPRINT1("Unknown Ace type 0x%lx\n", CurrentAce
->Header
.AceType
);
584 CurrentAce
= (PACE
)((ULONG_PTR
)CurrentAce
+ CurrentAce
->Header
.AceSize
);
587 if (SubjectContextLocked
== FALSE
)
589 SeUnlockSubjectContext(SubjectSecurityContext
);
592 DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
593 CurrentAccess
, DesiredAccess
);
595 *GrantedAccess
= CurrentAccess
& DesiredAccess
;
597 if (DesiredAccess
& MAXIMUM_ALLOWED
)
599 *GrantedAccess
= CurrentAccess
;
600 *AccessStatus
= STATUS_SUCCESS
;
603 else if ((*GrantedAccess
& ~VALID_INHERIT_FLAGS
) ==
604 (DesiredAccess
& ~VALID_INHERIT_FLAGS
))
606 *AccessStatus
= STATUS_SUCCESS
;
611 DPRINT1("HACK: Should deny access for caller: granted 0x%lx, desired 0x%lx (generic mapping %p).\n",
612 *GrantedAccess
, DesiredAccess
, GenericMapping
);
613 //*AccessStatus = STATUS_ACCESS_DENIED;
615 *AccessStatus
= STATUS_SUCCESS
;
620 /* PUBLIC FUNCTIONS ***********************************************************/
626 SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
627 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
628 IN BOOLEAN SubjectContextLocked
,
629 IN ACCESS_MASK DesiredAccess
,
630 IN ACCESS_MASK PreviouslyGrantedAccess
,
631 OUT PPRIVILEGE_SET
* Privileges
,
632 IN PGENERIC_MAPPING GenericMapping
,
633 IN KPROCESSOR_MODE AccessMode
,
634 OUT PACCESS_MASK GrantedAccess
,
635 OUT PNTSTATUS AccessStatus
)
637 /* Call the internal function */
638 return SepAccessCheck(SecurityDescriptor
,
639 SubjectSecurityContext
,
640 SubjectContextLocked
,
642 PreviouslyGrantedAccess
,
648 SecurityImpersonation
);
651 /* SYSTEM CALLS ***************************************************************/
658 NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
659 IN HANDLE TokenHandle
,
660 IN ACCESS_MASK DesiredAccess
,
661 IN PGENERIC_MAPPING GenericMapping
,
662 OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL
,
663 IN OUT PULONG PrivilegeSetLength
,
664 OUT PACCESS_MASK GrantedAccess
,
665 OUT PNTSTATUS AccessStatus
)
667 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
;
668 KPROCESSOR_MODE PreviousMode
= ExGetPreviousMode();
673 /* Check if this is kernel mode */
674 if (PreviousMode
== KernelMode
)
676 /* Check if kernel wants everything */
677 if (DesiredAccess
& MAXIMUM_ALLOWED
)
680 *GrantedAccess
= GenericMapping
->GenericAll
;
681 *GrantedAccess
|= (DesiredAccess
&~ MAXIMUM_ALLOWED
);
685 /* Just give the desired access */
686 *GrantedAccess
= DesiredAccess
;
690 *AccessStatus
= STATUS_SUCCESS
;
691 return STATUS_SUCCESS
;
694 /* Reference the token */
695 Status
= ObReferenceObjectByHandle(TokenHandle
,
701 if (!NT_SUCCESS(Status
))
703 DPRINT1("Failed to reference token (Status %lx)\n", Status
);
707 /* Check token type */
708 if (Token
->TokenType
!= TokenImpersonation
)
710 DPRINT1("No impersonation token\n");
711 ObDereferenceObject(Token
);
712 return STATUS_ACCESS_DENIED
;
715 /* Set up the subject context, and lock it */
716 SubjectSecurityContext
.ClientToken
= Token
;
717 SubjectSecurityContext
.ImpersonationLevel
= Token
->ImpersonationLevel
;
718 SubjectSecurityContext
.PrimaryToken
= NULL
;
719 SubjectSecurityContext
.ProcessAuditId
= NULL
;
720 SeLockSubjectContext(&SubjectSecurityContext
);
722 /* Now perform the access check */
723 SepAccessCheck(SecurityDescriptor
,
724 &SubjectSecurityContext
,
728 &PrivilegeSet
, //FIXME
733 SecurityIdentification
);
735 /* Unlock subject context and dereference the token */
736 SeUnlockSubjectContext(&SubjectSecurityContext
);
737 ObDereferenceObject(Token
);
739 /* Check succeeded */
740 return STATUS_SUCCESS
;
746 NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
747 IN PSID PrincipalSelfSid
,
748 IN HANDLE ClientToken
,
749 IN ACCESS_MASK DesiredAccess
,
750 IN POBJECT_TYPE_LIST ObjectTypeList
,
751 IN ULONG ObjectTypeLength
,
752 IN PGENERIC_MAPPING GenericMapping
,
753 IN PPRIVILEGE_SET PrivilegeSet
,
754 IN ULONG PrivilegeSetLength
,
755 OUT PACCESS_MASK GrantedAccess
,
756 OUT PNTSTATUS AccessStatus
)
759 return STATUS_NOT_IMPLEMENTED
;
764 NtAccessCheckByTypeAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
766 IN PUNICODE_STRING ObjectTypeName
,
767 IN PUNICODE_STRING ObjectName
,
768 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
769 IN PSID PrincipalSelfSid
,
770 IN ACCESS_MASK DesiredAccess
,
771 IN AUDIT_EVENT_TYPE AuditType
,
773 IN POBJECT_TYPE_LIST ObjectTypeList
,
774 IN ULONG ObjectTypeLength
,
775 IN PGENERIC_MAPPING GenericMapping
,
776 IN BOOLEAN ObjectCreation
,
777 OUT PACCESS_MASK GrantedAccess
,
778 OUT PNTSTATUS AccessStatus
,
779 OUT PBOOLEAN GenerateOnClose
)
782 return STATUS_NOT_IMPLEMENTED
;
787 NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
788 IN PSID PrincipalSelfSid
,
789 IN HANDLE ClientToken
,
790 IN ACCESS_MASK DesiredAccess
,
791 IN POBJECT_TYPE_LIST ObjectTypeList
,
792 IN ULONG ObjectTypeLength
,
793 IN PGENERIC_MAPPING GenericMapping
,
794 IN PPRIVILEGE_SET PrivilegeSet
,
795 IN ULONG PrivilegeSetLength
,
796 OUT PACCESS_MASK GrantedAccess
,
797 OUT PNTSTATUS AccessStatus
)
800 return STATUS_NOT_IMPLEMENTED
;
805 NtAccessCheckByTypeResultListAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
807 IN PUNICODE_STRING ObjectTypeName
,
808 IN PUNICODE_STRING ObjectName
,
809 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
810 IN PSID PrincipalSelfSid
,
811 IN ACCESS_MASK DesiredAccess
,
812 IN AUDIT_EVENT_TYPE AuditType
,
814 IN POBJECT_TYPE_LIST ObjectTypeList
,
815 IN ULONG ObjectTypeLength
,
816 IN PGENERIC_MAPPING GenericMapping
,
817 IN BOOLEAN ObjectCreation
,
818 OUT PACCESS_MASK GrantedAccess
,
819 OUT PNTSTATUS AccessStatus
,
820 OUT PBOOLEAN GenerateOnClose
)
823 return STATUS_NOT_IMPLEMENTED
;
828 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(IN PUNICODE_STRING SubsystemName
,
830 IN HANDLE ClientToken
,
831 IN PUNICODE_STRING ObjectTypeName
,
832 IN PUNICODE_STRING ObjectName
,
833 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
834 IN PSID PrincipalSelfSid
,
835 IN ACCESS_MASK DesiredAccess
,
836 IN AUDIT_EVENT_TYPE AuditType
,
838 IN POBJECT_TYPE_LIST ObjectTypeList
,
839 IN ULONG ObjectTypeLength
,
840 IN PGENERIC_MAPPING GenericMapping
,
841 IN BOOLEAN ObjectCreation
,
842 OUT PACCESS_MASK GrantedAccess
,
843 OUT PNTSTATUS AccessStatus
,
844 OUT PBOOLEAN GenerateOnClose
)
847 return STATUS_NOT_IMPLEMENTED
;