2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: ntoskrnl/se/semgr.c
5 * PURPOSE: Security manager
7 * PROGRAMMERS: No programmer listed.
10 /* INCLUDES *******************************************************************/
16 /* GLOBALS ********************************************************************/
18 PSE_EXPORTS SeExports
= NULL
;
19 SE_EXPORTS SepExports
;
21 extern ULONG ExpInitializationPhase
;
22 extern ERESOURCE SepSubjectContextLock
;
24 /* PRIVATE FUNCTIONS **********************************************************/
26 static BOOLEAN INIT_FUNCTION
29 SepExports
.SeCreateTokenPrivilege
= SeCreateTokenPrivilege
;
30 SepExports
.SeAssignPrimaryTokenPrivilege
= SeAssignPrimaryTokenPrivilege
;
31 SepExports
.SeLockMemoryPrivilege
= SeLockMemoryPrivilege
;
32 SepExports
.SeIncreaseQuotaPrivilege
= SeIncreaseQuotaPrivilege
;
33 SepExports
.SeUnsolicitedInputPrivilege
= SeUnsolicitedInputPrivilege
;
34 SepExports
.SeTcbPrivilege
= SeTcbPrivilege
;
35 SepExports
.SeSecurityPrivilege
= SeSecurityPrivilege
;
36 SepExports
.SeTakeOwnershipPrivilege
= SeTakeOwnershipPrivilege
;
37 SepExports
.SeLoadDriverPrivilege
= SeLoadDriverPrivilege
;
38 SepExports
.SeCreatePagefilePrivilege
= SeCreatePagefilePrivilege
;
39 SepExports
.SeIncreaseBasePriorityPrivilege
= SeIncreaseBasePriorityPrivilege
;
40 SepExports
.SeSystemProfilePrivilege
= SeSystemProfilePrivilege
;
41 SepExports
.SeSystemtimePrivilege
= SeSystemtimePrivilege
;
42 SepExports
.SeProfileSingleProcessPrivilege
= SeProfileSingleProcessPrivilege
;
43 SepExports
.SeCreatePermanentPrivilege
= SeCreatePermanentPrivilege
;
44 SepExports
.SeBackupPrivilege
= SeBackupPrivilege
;
45 SepExports
.SeRestorePrivilege
= SeRestorePrivilege
;
46 SepExports
.SeShutdownPrivilege
= SeShutdownPrivilege
;
47 SepExports
.SeDebugPrivilege
= SeDebugPrivilege
;
48 SepExports
.SeAuditPrivilege
= SeAuditPrivilege
;
49 SepExports
.SeSystemEnvironmentPrivilege
= SeSystemEnvironmentPrivilege
;
50 SepExports
.SeChangeNotifyPrivilege
= SeChangeNotifyPrivilege
;
51 SepExports
.SeRemoteShutdownPrivilege
= SeRemoteShutdownPrivilege
;
53 SepExports
.SeNullSid
= SeNullSid
;
54 SepExports
.SeWorldSid
= SeWorldSid
;
55 SepExports
.SeLocalSid
= SeLocalSid
;
56 SepExports
.SeCreatorOwnerSid
= SeCreatorOwnerSid
;
57 SepExports
.SeCreatorGroupSid
= SeCreatorGroupSid
;
58 SepExports
.SeNtAuthoritySid
= SeNtAuthoritySid
;
59 SepExports
.SeDialupSid
= SeDialupSid
;
60 SepExports
.SeNetworkSid
= SeNetworkSid
;
61 SepExports
.SeBatchSid
= SeBatchSid
;
62 SepExports
.SeInteractiveSid
= SeInteractiveSid
;
63 SepExports
.SeLocalSystemSid
= SeLocalSystemSid
;
64 SepExports
.SeAliasAdminsSid
= SeAliasAdminsSid
;
65 SepExports
.SeAliasUsersSid
= SeAliasUsersSid
;
66 SepExports
.SeAliasGuestsSid
= SeAliasGuestsSid
;
67 SepExports
.SeAliasPowerUsersSid
= SeAliasPowerUsersSid
;
68 SepExports
.SeAliasAccountOpsSid
= SeAliasAccountOpsSid
;
69 SepExports
.SeAliasSystemOpsSid
= SeAliasSystemOpsSid
;
70 SepExports
.SeAliasPrintOpsSid
= SeAliasPrintOpsSid
;
71 SepExports
.SeAliasBackupOpsSid
= SeAliasBackupOpsSid
;
72 SepExports
.SeAuthenticatedUsersSid
= SeAuthenticatedUsersSid
;
73 SepExports
.SeRestrictedSid
= SeRestrictedSid
;
74 SepExports
.SeAnonymousLogonSid
= SeAnonymousLogonSid
;
76 SepExports
.SeUndockPrivilege
= SeUndockPrivilege
;
77 SepExports
.SeSyncAgentPrivilege
= SeSyncAgentPrivilege
;
78 SepExports
.SeEnableDelegationPrivilege
= SeEnableDelegationPrivilege
;
80 SeExports
= &SepExports
;
87 SepInitializationPhase0(VOID
)
90 if (!SepInitSecurityIDs()) return FALSE
;
91 if (!SepInitDACLs()) return FALSE
;
92 if (!SepInitSDs()) return FALSE
;
94 if (!SepInitExports()) return FALSE
;
96 /* Initialize the subject context lock */
97 ExInitializeResource(&SepSubjectContextLock
);
99 /* Initialize token objects */
100 SepInitializeTokenImplementation();
102 /* Clear impersonation info for the idle thread */
103 PsGetCurrentThread()->ImpersonationInfo
= NULL
;
104 PspClearCrossThreadFlag(PsGetCurrentThread(),
105 CT_ACTIVE_IMPERSONATION_INFO_BIT
);
107 /* Initialize the boot token */
108 ObInitializeFastReference(&PsGetCurrentProcess()->Token
, NULL
);
109 ObInitializeFastReference(&PsGetCurrentProcess()->Token
,
110 SepCreateSystemProcessToken());
116 SepInitializationPhase1(VOID
)
121 /* Insert the system token into the tree */
122 Status
= ObInsertObject((PVOID
)(PsGetCurrentProcess()->Token
.Value
&
129 ASSERT(NT_SUCCESS(Status
));
131 /* FIXME: TODO \\ Security directory */
139 /* Check the initialization phase */
140 switch (ExpInitializationPhase
)
145 return SepInitializationPhase0();
150 return SepInitializationPhase1();
154 /* Don't know any other phase! Bugcheck! */
155 KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL
,
157 ExpInitializationPhase
,
168 OBJECT_ATTRIBUTES ObjectAttributes
;
170 HANDLE DirectoryHandle
;
174 /* Create '\Security' directory */
175 RtlInitUnicodeString(&Name
,
177 InitializeObjectAttributes(&ObjectAttributes
,
182 Status
= ZwCreateDirectoryObject(&DirectoryHandle
,
183 DIRECTORY_ALL_ACCESS
,
185 if (!NT_SUCCESS(Status
))
187 DPRINT1("Failed to create 'Security' directory!\n");
191 /* Create 'LSA_AUTHENTICATION_INITALIZED' event */
192 RtlInitUnicodeString(&Name
,
193 L
"\\LSA_AUTHENTICATION_INITALIZED");
194 InitializeObjectAttributes(&ObjectAttributes
,
199 Status
= ZwCreateEvent(&EventHandle
,
202 SynchronizationEvent
,
204 if (!NT_SUCCESS(Status
))
206 DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n");
207 NtClose(DirectoryHandle
);
211 ZwClose(EventHandle
);
212 ZwClose(DirectoryHandle
);
214 /* FIXME: Create SRM port and listener thread */
221 SeDefaultObjectMethod(IN PVOID Object
,
222 IN SECURITY_OPERATION_CODE OperationType
,
223 IN PSECURITY_INFORMATION SecurityInformation
,
224 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
225 IN OUT PULONG ReturnLength OPTIONAL
,
226 IN OUT PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
227 IN POOL_TYPE PoolType
,
228 IN PGENERIC_MAPPING GenericMapping
)
232 /* Select the operation type */
233 switch (OperationType
)
235 /* Setting a new descriptor */
236 case SetSecurityDescriptor
:
239 ASSERT((PoolType
== PagedPool
) || (PoolType
== NonPagedPool
));
241 /* Set the information */
242 return ObSetSecurityDescriptorInfo(Object
,
245 OldSecurityDescriptor
,
249 case QuerySecurityDescriptor
:
251 /* Query the information */
252 return ObQuerySecurityDescriptorInfo(Object
,
256 OldSecurityDescriptor
);
258 case DeleteSecurityDescriptor
:
261 return ObDeassignSecurity(OldSecurityDescriptor
);
263 case AssignSecurityDescriptor
:
266 ObAssignObjectSecurityDescriptor(Object
, SecurityDescriptor
, PoolType
);
267 return STATUS_SUCCESS
;
272 KeBugCheckEx(SECURITY_SYSTEM
, 0, STATUS_INVALID_PARAMETER
, 0, 0);
275 /* Should never reach here */
277 return STATUS_SUCCESS
;
282 SepSidInToken(PACCESS_TOKEN _Token
,
286 PTOKEN Token
= (PTOKEN
)_Token
;
290 if (Token
->UserAndGroupCount
== 0)
295 for (i
=0; i
<Token
->UserAndGroupCount
; i
++)
297 if (RtlEqualSid(Sid
, Token
->UserAndGroups
[i
].Sid
))
299 if (Token
->UserAndGroups
[i
].Attributes
& SE_GROUP_ENABLED
)
313 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
314 OUT PACCESS_MASK DesiredAccess
)
318 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
|
319 GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
321 *DesiredAccess
|= READ_CONTROL
;
323 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
325 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
330 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
331 OUT PACCESS_MASK DesiredAccess
)
335 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
337 *DesiredAccess
|= WRITE_OWNER
;
339 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
341 *DesiredAccess
|= WRITE_DAC
;
343 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
345 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
349 /* PUBLIC FUNCTIONS ***********************************************************/
355 SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
356 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
357 IN BOOLEAN SubjectContextLocked
,
358 IN ACCESS_MASK DesiredAccess
,
359 IN ACCESS_MASK PreviouslyGrantedAccess
,
360 OUT PPRIVILEGE_SET
* Privileges
,
361 IN PGENERIC_MAPPING GenericMapping
,
362 IN KPROCESSOR_MODE AccessMode
,
363 OUT PACCESS_MASK GrantedAccess
,
364 OUT PNTSTATUS AccessStatus
)
366 LUID_AND_ATTRIBUTES Privilege
;
367 ACCESS_MASK CurrentAccess
, AccessMask
;
378 /* Check if this is kernel mode */
379 if (AccessMode
== KernelMode
)
381 /* Check if kernel wants everything */
382 if (DesiredAccess
& MAXIMUM_ALLOWED
)
385 *GrantedAccess
= GenericMapping
->GenericAll
;
386 *GrantedAccess
|= (DesiredAccess
&~ MAXIMUM_ALLOWED
);
387 *GrantedAccess
|= PreviouslyGrantedAccess
;
391 /* Give the desired and previous access */
392 *GrantedAccess
= DesiredAccess
| PreviouslyGrantedAccess
;
396 *AccessStatus
= STATUS_SUCCESS
;
400 /* Check if we didn't get an SD */
401 if (!SecurityDescriptor
)
403 /* Automatic failure */
404 *AccessStatus
= STATUS_ACCESS_DENIED
;
408 /* Check for invalid impersonation */
409 if ((SubjectSecurityContext
->ClientToken
) &&
410 (SubjectSecurityContext
->ImpersonationLevel
< SecurityImpersonation
))
412 *AccessStatus
= STATUS_BAD_IMPERSONATION_LEVEL
;
416 /* Check for no access desired */
419 /* Check if we had no previous access */
420 if (!PreviouslyGrantedAccess
)
422 /* Then there's nothing to give */
423 *AccessStatus
= STATUS_ACCESS_DENIED
;
427 /* Return the previous access only */
428 *GrantedAccess
= PreviouslyGrantedAccess
;
429 *AccessStatus
= STATUS_SUCCESS
;
434 /* Acquire the lock if needed */
435 if (!SubjectContextLocked
) SeLockSubjectContext(SubjectSecurityContext
);
437 /* Map given accesses */
438 RtlMapGenericMask(&DesiredAccess
, GenericMapping
);
439 if (PreviouslyGrantedAccess
)
440 RtlMapGenericMask(&PreviouslyGrantedAccess
, GenericMapping
);
444 CurrentAccess
= PreviouslyGrantedAccess
;
448 Token
= SubjectSecurityContext
->ClientToken
?
449 SubjectSecurityContext
->ClientToken
: SubjectSecurityContext
->PrimaryToken
;
452 Status
= RtlGetDaclSecurityDescriptor(SecurityDescriptor
,
456 if (!NT_SUCCESS(Status
))
458 if (SubjectContextLocked
== FALSE
)
460 SeUnlockSubjectContext(SubjectSecurityContext
);
463 *AccessStatus
= Status
;
467 /* RULE 1: Grant desired access if the object is unprotected */
468 if (Present
== TRUE
&& Dacl
== NULL
)
470 if (SubjectContextLocked
== FALSE
)
472 SeUnlockSubjectContext(SubjectSecurityContext
);
475 *GrantedAccess
= DesiredAccess
;
476 *AccessStatus
= STATUS_SUCCESS
;
480 CurrentAccess
= PreviouslyGrantedAccess
;
482 /* RULE 2: Check token for 'take ownership' privilege */
483 Privilege
.Luid
= SeTakeOwnershipPrivilege
;
484 Privilege
.Attributes
= SE_PRIVILEGE_ENABLED
;
486 if (SepPrivilegeCheck(Token
,
489 PRIVILEGE_SET_ALL_NECESSARY
,
492 CurrentAccess
|= WRITE_OWNER
;
493 if ((DesiredAccess
& ~VALID_INHERIT_FLAGS
) ==
494 (CurrentAccess
& ~VALID_INHERIT_FLAGS
))
496 if (SubjectContextLocked
== FALSE
)
498 SeUnlockSubjectContext(SubjectSecurityContext
);
501 *GrantedAccess
= CurrentAccess
;
502 *AccessStatus
= STATUS_SUCCESS
;
507 /* RULE 3: Check whether the token is the owner */
508 Status
= RtlGetOwnerSecurityDescriptor(SecurityDescriptor
,
511 if (!NT_SUCCESS(Status
))
513 DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status
);
514 if (SubjectContextLocked
== FALSE
)
516 SeUnlockSubjectContext(SubjectSecurityContext
);
519 *AccessStatus
= Status
;
523 if (Sid
&& SepSidInToken(Token
, Sid
))
525 CurrentAccess
|= (READ_CONTROL
| WRITE_DAC
);
526 if ((DesiredAccess
& ~VALID_INHERIT_FLAGS
) ==
527 (CurrentAccess
& ~VALID_INHERIT_FLAGS
))
529 if (SubjectContextLocked
== FALSE
)
531 SeUnlockSubjectContext(SubjectSecurityContext
);
534 *GrantedAccess
= CurrentAccess
;
535 *AccessStatus
= STATUS_SUCCESS
;
540 /* Fail if DACL is absent */
541 if (Present
== FALSE
)
543 if (SubjectContextLocked
== FALSE
)
545 SeUnlockSubjectContext(SubjectSecurityContext
);
549 *AccessStatus
= STATUS_ACCESS_DENIED
;
553 /* RULE 4: Grant rights according to the DACL */
554 CurrentAce
= (PACE
)(Dacl
+ 1);
555 for (i
= 0; i
< Dacl
->AceCount
; i
++)
557 Sid
= (PSID
)(CurrentAce
+ 1);
558 if (CurrentAce
->Header
.AceType
== ACCESS_DENIED_ACE_TYPE
)
560 if (SepSidInToken(Token
, Sid
))
562 if (SubjectContextLocked
== FALSE
)
564 SeUnlockSubjectContext(SubjectSecurityContext
);
568 *AccessStatus
= STATUS_ACCESS_DENIED
;
573 else if (CurrentAce
->Header
.AceType
== ACCESS_ALLOWED_ACE_TYPE
)
575 if (SepSidInToken(Token
, Sid
))
577 AccessMask
= CurrentAce
->AccessMask
;
578 RtlMapGenericMask(&AccessMask
, GenericMapping
);
579 CurrentAccess
|= AccessMask
;
584 DPRINT1("Unknown Ace type 0x%lx\n", CurrentAce
->Header
.AceType
);
586 CurrentAce
= (PACE
)((ULONG_PTR
)CurrentAce
+ CurrentAce
->Header
.AceSize
);
589 if (SubjectContextLocked
== FALSE
)
591 SeUnlockSubjectContext(SubjectSecurityContext
);
594 DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
595 CurrentAccess
, DesiredAccess
);
597 *GrantedAccess
= CurrentAccess
& DesiredAccess
;
599 if (DesiredAccess
& MAXIMUM_ALLOWED
)
601 *GrantedAccess
= CurrentAccess
;
602 *AccessStatus
= STATUS_SUCCESS
;
605 else if ((*GrantedAccess
& ~VALID_INHERIT_FLAGS
) ==
606 (DesiredAccess
& ~VALID_INHERIT_FLAGS
))
608 *AccessStatus
= STATUS_SUCCESS
;
613 DPRINT1("Denying access for caller: granted 0x%lx, desired 0x%lx (generic mapping %p)\n",
614 *GrantedAccess
, DesiredAccess
, GenericMapping
);
615 *AccessStatus
= STATUS_ACCESS_DENIED
;
620 /* SYSTEM CALLS ***************************************************************/
623 NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
624 IN HANDLE TokenHandle
,
625 IN ACCESS_MASK DesiredAccess
,
626 IN PGENERIC_MAPPING GenericMapping
,
627 OUT PPRIVILEGE_SET PrivilegeSet
,
628 OUT PULONG ReturnLength
,
629 OUT PACCESS_MASK GrantedAccess
,
630 OUT PNTSTATUS AccessStatus
)
632 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
= {0};
633 KPROCESSOR_MODE PreviousMode
;
639 DPRINT("NtAccessCheck() called\n");
641 PreviousMode
= KeGetPreviousMode();
642 if (PreviousMode
== KernelMode
)
644 *GrantedAccess
= DesiredAccess
;
645 *AccessStatus
= STATUS_SUCCESS
;
646 return STATUS_SUCCESS
;
649 Status
= ObReferenceObjectByHandle(TokenHandle
,
655 if (!NT_SUCCESS(Status
))
657 DPRINT1("Failed to reference token (Status %lx)\n", Status
);
661 /* Check token type */
662 if (Token
->TokenType
!= TokenImpersonation
)
664 DPRINT1("No impersonation token\n");
665 ObDereferenceObject(Token
);
666 return STATUS_ACCESS_VIOLATION
;
669 /* Check impersonation level */
670 if (Token
->ImpersonationLevel
< SecurityAnonymous
)
672 DPRINT1("Invalid impersonation level\n");
673 ObDereferenceObject(Token
);
674 return STATUS_ACCESS_VIOLATION
;
677 SubjectSecurityContext
.ClientToken
= Token
;
678 SubjectSecurityContext
.ImpersonationLevel
= Token
->ImpersonationLevel
;
680 /* Lock subject context */
681 SeLockSubjectContext(&SubjectSecurityContext
);
683 if (SeAccessCheck(SecurityDescriptor
,
684 &SubjectSecurityContext
,
694 Status
= *AccessStatus
;
698 Status
= STATUS_ACCESS_DENIED
;
701 /* Unlock subject context */
702 SeUnlockSubjectContext(&SubjectSecurityContext
);
704 ObDereferenceObject(Token
);
706 DPRINT("NtAccessCheck() done\n");
713 NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
714 IN PSID PrincipalSelfSid
,
715 IN HANDLE ClientToken
,
716 IN ACCESS_MASK DesiredAccess
,
717 IN POBJECT_TYPE_LIST ObjectTypeList
,
718 IN ULONG ObjectTypeLength
,
719 IN PGENERIC_MAPPING GenericMapping
,
720 IN PPRIVILEGE_SET PrivilegeSet
,
721 IN ULONG PrivilegeSetLength
,
722 OUT PACCESS_MASK GrantedAccess
,
723 OUT PNTSTATUS AccessStatus
)
726 return STATUS_NOT_IMPLEMENTED
;
731 NtAccessCheckByTypeAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
733 IN PUNICODE_STRING ObjectTypeName
,
734 IN PUNICODE_STRING ObjectName
,
735 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
736 IN PSID PrincipalSelfSid
,
737 IN ACCESS_MASK DesiredAccess
,
738 IN AUDIT_EVENT_TYPE AuditType
,
740 IN POBJECT_TYPE_LIST ObjectTypeList
,
741 IN ULONG ObjectTypeLength
,
742 IN PGENERIC_MAPPING GenericMapping
,
743 IN BOOLEAN ObjectCreation
,
744 OUT PACCESS_MASK GrantedAccess
,
745 OUT PNTSTATUS AccessStatus
,
746 OUT PBOOLEAN GenerateOnClose
)
749 return STATUS_NOT_IMPLEMENTED
;
754 NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
755 IN PSID PrincipalSelfSid
,
756 IN HANDLE ClientToken
,
757 IN ACCESS_MASK DesiredAccess
,
758 IN POBJECT_TYPE_LIST ObjectTypeList
,
759 IN ULONG ObjectTypeLength
,
760 IN PGENERIC_MAPPING GenericMapping
,
761 IN PPRIVILEGE_SET PrivilegeSet
,
762 IN ULONG PrivilegeSetLength
,
763 OUT PACCESS_MASK GrantedAccess
,
764 OUT PNTSTATUS AccessStatus
)
767 return STATUS_NOT_IMPLEMENTED
;
772 NtAccessCheckByTypeResultListAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
774 IN PUNICODE_STRING ObjectTypeName
,
775 IN PUNICODE_STRING ObjectName
,
776 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
777 IN PSID PrincipalSelfSid
,
778 IN ACCESS_MASK DesiredAccess
,
779 IN AUDIT_EVENT_TYPE AuditType
,
781 IN POBJECT_TYPE_LIST ObjectTypeList
,
782 IN ULONG ObjectTypeLength
,
783 IN PGENERIC_MAPPING GenericMapping
,
784 IN BOOLEAN ObjectCreation
,
785 OUT PACCESS_MASK GrantedAccess
,
786 OUT PNTSTATUS AccessStatus
,
787 OUT PBOOLEAN GenerateOnClose
)
790 return STATUS_NOT_IMPLEMENTED
;
795 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(IN PUNICODE_STRING SubsystemName
,
797 IN HANDLE ClientToken
,
798 IN PUNICODE_STRING ObjectTypeName
,
799 IN PUNICODE_STRING ObjectName
,
800 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
801 IN PSID PrincipalSelfSid
,
802 IN ACCESS_MASK DesiredAccess
,
803 IN AUDIT_EVENT_TYPE AuditType
,
805 IN POBJECT_TYPE_LIST ObjectTypeList
,
806 IN ULONG ObjectTypeLength
,
807 IN PGENERIC_MAPPING GenericMapping
,
808 IN BOOLEAN ObjectCreation
,
809 OUT PACCESS_MASK GrantedAccess
,
810 OUT PNTSTATUS AccessStatus
,
811 OUT PBOOLEAN GenerateOnClose
)
814 return STATUS_NOT_IMPLEMENTED
;