2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/rtl/security.c
5 * PURPOSE: Security related functions and Security Objects
6 * PROGRAMMER: Eric Kohl
9 /* INCLUDES *******************************************************************/
15 /* PRIVATE FUNCTIONS **********************************************************/
19 RtlpSetSecurityObject(IN PVOID Object OPTIONAL
,
20 IN SECURITY_INFORMATION SecurityInformation
,
21 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
22 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
23 IN ULONG AutoInheritFlags
,
25 IN PGENERIC_MAPPING GenericMapping
,
26 IN HANDLE Token OPTIONAL
)
28 PISECURITY_DESCRIPTOR_RELATIVE pNewSd
= NULL
;
29 PSID pOwnerSid
= NULL
;
30 PSID pGroupSid
= NULL
;
35 ULONG ulOwnerSidSize
= 0, ulGroupSidSize
= 0;
36 ULONG ulDaclSize
= 0, ulSaclSize
= 0;
38 SECURITY_DESCRIPTOR_CONTROL Control
= SE_SELF_RELATIVE
;
40 NTSTATUS Status
= STATUS_SUCCESS
;
42 DPRINT("RtlpSetSecurityObject()\n");
44 /* Change the Owner SID */
45 if (SecurityInformation
& OWNER_SECURITY_INFORMATION
)
47 Status
= RtlGetOwnerSecurityDescriptor(ModificationDescriptor
, &pOwnerSid
, &Defaulted
);
48 if (!NT_SUCCESS(Status
))
53 Status
= RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor
, &pOwnerSid
, &Defaulted
);
54 if (!NT_SUCCESS(Status
))
58 if (pOwnerSid
== NULL
|| !RtlValidSid(pOwnerSid
))
59 return STATUS_INVALID_OWNER
;
61 ulOwnerSidSize
= RtlLengthSid(pOwnerSid
);
63 /* Change the Group SID */
64 if (SecurityInformation
& GROUP_SECURITY_INFORMATION
)
66 Status
= RtlGetGroupSecurityDescriptor(ModificationDescriptor
, &pGroupSid
, &Defaulted
);
67 if (!NT_SUCCESS(Status
))
72 Status
= RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor
, &pGroupSid
, &Defaulted
);
73 if (!NT_SUCCESS(Status
))
77 if (pGroupSid
== NULL
|| !RtlValidSid(pGroupSid
))
78 return STATUS_INVALID_PRIMARY_GROUP
;
80 ulGroupSidSize
= ROUND_UP(RtlLengthSid(pGroupSid
), sizeof(ULONG
));
83 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
85 Status
= RtlGetDaclSecurityDescriptor(ModificationDescriptor
, &Present
, &pDacl
, &Defaulted
);
86 if (!NT_SUCCESS(Status
))
89 Control
|= SE_DACL_PRESENT
;
93 Status
= RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor
, &Present
, &pDacl
, &Defaulted
);
94 if (!NT_SUCCESS(Status
))
98 Control
|= SE_DACL_PRESENT
;
101 Control
|= SE_DACL_DEFAULTED
;
105 ulDaclSize
= pDacl
->AclSize
;
107 /* Change the SACL */
108 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
110 Status
= RtlGetSaclSecurityDescriptor(ModificationDescriptor
, &Present
, &pSacl
, &Defaulted
);
111 if (!NT_SUCCESS(Status
))
114 Control
|= SE_SACL_PRESENT
;
118 Status
= RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor
, &Present
, &pSacl
, &Defaulted
);
119 if (!NT_SUCCESS(Status
))
123 Control
|= SE_SACL_PRESENT
;
126 Control
|= SE_SACL_DEFAULTED
;
130 ulSaclSize
= pSacl
->AclSize
;
132 /* Calculate the size of the new security descriptor */
133 ulNewSdSize
= sizeof(SECURITY_DESCRIPTOR_RELATIVE
) +
134 ROUND_UP(ulOwnerSidSize
, sizeof(ULONG
)) +
135 ROUND_UP(ulGroupSidSize
, sizeof(ULONG
)) +
136 ROUND_UP(ulDaclSize
, sizeof(ULONG
)) +
137 ROUND_UP(ulSaclSize
, sizeof(ULONG
));
139 /* Allocate the new security descriptor */
140 pNewSd
= RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize
);
143 Status
= STATUS_NO_MEMORY
;
144 DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status
);
148 /* Initialize the new security descriptor */
149 Status
= RtlCreateSecurityDescriptorRelative(pNewSd
, SECURITY_DESCRIPTOR_REVISION
);
150 if (!NT_SUCCESS(Status
))
152 DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status
);
156 /* Set the security descriptor control flags */
157 pNewSd
->Control
= Control
;
159 pDest
= (PUCHAR
)((ULONG_PTR
)pNewSd
+ sizeof(SECURITY_DESCRIPTOR_RELATIVE
));
164 RtlCopyMemory(pDest
, pSacl
, ulSaclSize
);
165 pNewSd
->Sacl
= (ULONG_PTR
)pDest
- (ULONG_PTR
)pNewSd
;
166 pDest
= pDest
+ ROUND_UP(ulSaclSize
, sizeof(ULONG
));
172 RtlCopyMemory(pDest
, pDacl
, ulDaclSize
);
173 pNewSd
->Dacl
= (ULONG_PTR
)pDest
- (ULONG_PTR
)pNewSd
;
174 pDest
= pDest
+ ROUND_UP(ulDaclSize
, sizeof(ULONG
));
177 /* Copy the Owner SID */
178 RtlCopyMemory(pDest
, pOwnerSid
, ulOwnerSidSize
);
179 pNewSd
->Owner
= (ULONG_PTR
)pDest
- (ULONG_PTR
)pNewSd
;
180 pDest
= pDest
+ ROUND_UP(ulOwnerSidSize
, sizeof(ULONG
));
182 /* Copy the Group SID */
183 RtlCopyMemory(pDest
, pGroupSid
, ulGroupSidSize
);
184 pNewSd
->Group
= (ULONG_PTR
)pDest
- (ULONG_PTR
)pNewSd
;
186 /* Free the old security descriptor */
187 RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID
)*ObjectsSecurityDescriptor
);
189 /* Return the new security descriptor */
190 *ObjectsSecurityDescriptor
= (PSECURITY_DESCRIPTOR
)pNewSd
;
193 if (!NT_SUCCESS(Status
))
196 RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd
);
204 RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
205 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
206 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
207 IN LPGUID
*ObjectTypes
,
209 IN BOOLEAN IsDirectoryObject
,
210 IN ULONG AutoInheritFlags
,
212 IN PGENERIC_MAPPING GenericMapping
)
215 return STATUS_NOT_IMPLEMENTED
;
220 RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
221 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
222 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
223 IN LPGUID ObjectType
,
224 IN BOOLEAN IsDirectoryObject
,
225 IN PGENERIC_MAPPING GenericMapping
)
228 return STATUS_NOT_IMPLEMENTED
;
231 /* PUBLIC FUNCTIONS ***********************************************************/
238 RtlDefaultNpAcl(OUT PACL
*pAcl
)
242 PTOKEN_OWNER OwnerSid
;
243 ULONG ReturnLength
= 0;
245 SID_IDENTIFIER_AUTHORITY NtAuthority
= {SECURITY_NT_AUTHORITY
};
246 SID_IDENTIFIER_AUTHORITY WorldAuthority
= {SECURITY_WORLD_SID_AUTHORITY
};
249 * Temporary buffer large enough to hold a maximum of two SIDs.
250 * An alternative is to call RtlAllocateAndInitializeSid many times...
253 PSID Sid
= (PSID
)&SidBuffer
;
255 ASSERT(RtlLengthRequiredSid(2) == 16);
257 /* Initialize the user ACL pointer */
261 * Try to retrieve the SID of the current owner. For that,
262 * we first attempt to get the current thread level token.
264 Status
= NtOpenThreadToken(NtCurrentThread(),
268 if (Status
== STATUS_NO_TOKEN
)
271 * No thread level token, so use the process level token.
272 * This is the common case since the only time a thread
273 * has a token is when it is impersonating.
275 Status
= NtOpenProcessToken(NtCurrentProcess(),
279 /* Fail if we didn't succeed in retrieving a handle to the token */
280 if (!NT_SUCCESS(Status
)) return Status
;
283 * Retrieve the owner SID from the token.
286 /* Query the needed size... */
287 Status
= NtQueryInformationToken(TokenHandle
,
291 /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */
292 if (Status
!= STATUS_BUFFER_TOO_SMALL
) goto Cleanup1
;
294 /* Allocate space for the owner SID */
295 OwnerSid
= RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength
);
296 if (OwnerSid
== NULL
)
298 Status
= STATUS_NO_MEMORY
;
302 /* Retrieve the owner SID; we must succeed */
303 Status
= NtQueryInformationToken(TokenHandle
,
308 if (!NT_SUCCESS(Status
)) goto Cleanup2
;
311 * Allocate one ACL with 5 ACEs.
313 * NOTE: sizeof(ACE) == sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)NULL)->SidStart)
314 * (see kernel32/client/debugger.c line 54).
316 AclSize
= sizeof(ACL
) + // Header
317 5 * sizeof(ACE
/*ACCESS_ALLOWED_ACE*/) + // 5 ACEs:
318 RtlLengthRequiredSid(1) + // LocalSystem
319 RtlLengthRequiredSid(2) + // Administrators
320 RtlLengthRequiredSid(1) + // Anonymous
321 RtlLengthRequiredSid(1) + // World
322 RtlLengthSid(OwnerSid
->Owner
); // Owner
324 *pAcl
= RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize
);
327 Status
= STATUS_NO_MEMORY
;
332 * Build the ACL and add the five ACEs.
334 Status
= RtlCreateAcl(*pAcl
, AclSize
, ACL_REVISION2
);
335 ASSERT(NT_SUCCESS(Status
));
337 /* Local System SID - Generic All */
338 Status
= RtlInitializeSid(Sid
, &NtAuthority
, 1);
339 ASSERT(NT_SUCCESS(Status
));
340 *RtlSubAuthoritySid(Sid
, 0) = SECURITY_LOCAL_SYSTEM_RID
;
341 Status
= RtlAddAccessAllowedAce(*pAcl
, ACL_REVISION2
, GENERIC_ALL
, Sid
);
342 ASSERT(NT_SUCCESS(Status
));
344 /* Administrators SID - Generic All */
345 Status
= RtlInitializeSid(Sid
, &NtAuthority
, 2);
346 ASSERT(NT_SUCCESS(Status
));
347 *RtlSubAuthoritySid(Sid
, 0) = SECURITY_BUILTIN_DOMAIN_RID
;
348 *RtlSubAuthoritySid(Sid
, 1) = DOMAIN_ALIAS_RID_ADMINS
;
349 Status
= RtlAddAccessAllowedAce(*pAcl
, ACL_REVISION2
, GENERIC_ALL
, Sid
);
350 ASSERT(NT_SUCCESS(Status
));
352 /* Owner SID - Generic All */
353 RtlAddAccessAllowedAce(*pAcl
, ACL_REVISION2
, GENERIC_ALL
, OwnerSid
->Owner
);
354 ASSERT(NT_SUCCESS(Status
));
356 /* Anonymous SID - Generic Read */
357 Status
= RtlInitializeSid(Sid
, &NtAuthority
, 1);
358 ASSERT(NT_SUCCESS(Status
));
359 *RtlSubAuthoritySid(Sid
, 0) = SECURITY_ANONYMOUS_LOGON_RID
;
360 Status
= RtlAddAccessAllowedAce(*pAcl
, ACL_REVISION2
, GENERIC_READ
, Sid
);
361 ASSERT(NT_SUCCESS(Status
));
363 /* World SID - Generic Read */
364 Status
= RtlInitializeSid(Sid
, &WorldAuthority
, 1);
365 ASSERT(NT_SUCCESS(Status
));
366 *RtlSubAuthoritySid(Sid
, 0) = SECURITY_WORLD_RID
;
367 Status
= RtlAddAccessAllowedAce(*pAcl
, ACL_REVISION2
, GENERIC_READ
, Sid
);
368 ASSERT(NT_SUCCESS(Status
));
370 /* If some problem happened, cleanup everything */
371 if (!NT_SUCCESS(Status
))
373 RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl
);
378 /* Get rid of the owner SID */
379 RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid
);
382 /* Close the token handle */
383 NtClose(TokenHandle
);
394 RtlCreateAndSetSD(IN PVOID AceData
,
396 IN PSID OwnerSid OPTIONAL
,
397 IN PSID GroupSid OPTIONAL
,
398 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
)
401 return STATUS_NOT_IMPLEMENTED
;
409 RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR
*ObjectDescriptor
)
411 DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor
);
413 /* Free the object from the heap */
414 RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor
);
415 return STATUS_SUCCESS
;
423 RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
424 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
425 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
426 IN BOOLEAN IsDirectoryObject
,
428 IN PGENERIC_MAPPING GenericMapping
)
430 DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor
);
432 /* Call the internal API */
433 return RtlpNewSecurityObject(ParentDescriptor
,
449 RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
450 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
451 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
452 IN LPGUID ObjectType
,
453 IN BOOLEAN IsDirectoryObject
,
454 IN ULONG AutoInheritFlags
,
456 IN PGENERIC_MAPPING GenericMapping
)
458 DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor
);
460 /* Call the internal API */
461 return RtlpNewSecurityObject(ParentDescriptor
,
464 ObjectType
? &ObjectType
: NULL
,
477 RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
478 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
479 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
480 IN LPGUID
*ObjectTypes
,
482 IN BOOLEAN IsDirectoryObject
,
483 IN ULONG AutoInheritFlags
,
485 IN PGENERIC_MAPPING GenericMapping
)
487 DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor
);
489 /* Call the internal API */
490 return RtlpNewSecurityObject(ParentDescriptor
,
506 RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged
,
507 IN BOOLEAN CreatorDescriptorChanged
,
508 IN PLUID OldClientTokenModifiedId
,
509 OUT PLUID NewClientTokenModifiedId
,
510 IN PSECURITY_DESCRIPTOR ParentDescriptor
,
511 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
512 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
513 IN BOOLEAN IsDirectoryObject
,
515 IN PGENERIC_MAPPING GenericMapping
)
517 TOKEN_STATISTICS TokenStats
;
520 DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor
);
522 /* Query the token statistics */
523 Status
= NtQueryInformationToken(Token
,
528 if (!NT_SUCCESS(Status
)) return Status
;
530 /* Return the LUID */
531 *NewClientTokenModifiedId
= TokenStats
.ModifiedId
;
533 /* Check if the LUID changed */
534 if (RtlEqualLuid(NewClientTokenModifiedId
, OldClientTokenModifiedId
))
536 /* Did nothing change? */
537 if (!(ParentDescriptorChanged
) && !(CreatorDescriptorChanged
))
539 /* There's no new descriptor, we're done */
540 *NewDescriptor
= NULL
;
541 return STATUS_SUCCESS
;
545 /* Call the standard API */
546 return RtlNewSecurityObject(ParentDescriptor
,
559 RtlCreateUserSecurityObject(IN PVOID AceData
,
563 IN BOOLEAN IsDirectoryObject
,
564 IN PGENERIC_MAPPING GenericMapping
,
565 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
)
568 PSECURITY_DESCRIPTOR Sd
;
570 DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData
);
572 /* Create the security descriptor based on the ACE Data */
573 Status
= RtlCreateAndSetSD(AceData
,
578 if (!NT_SUCCESS(Status
)) return Status
;
580 /* Open the process token */
581 Status
= NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY
, &TokenHandle
);
582 if (!NT_SUCCESS(Status
)) goto Quickie
;
584 /* Create the security object */
585 Status
= RtlNewSecurityObject(NULL
,
592 /* We're done, close the token handle */
593 NtClose(TokenHandle
);
596 /* Free the SD and return status */
597 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd
);
606 RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess
,
607 OUT PPRIVILEGE_SET Privileges
,
608 IN OUT PULONG Length
,
610 IN PGENERIC_MAPPING GenericMapping
,
611 OUT PACCESS_MASK RemainingDesiredAccess
)
614 BOOLEAN Granted
, CallerToken
;
615 TOKEN_STATISTICS TokenStats
;
617 DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess
);
619 /* Has the caller passed a token? */
622 /* Remember that we'll have to close the handle */
626 Status
= NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY
, TRUE
, &Token
);
627 if (!NT_SUCCESS(Status
)) return Status
;
635 /* Get information on the token */
636 Status
= NtQueryInformationToken(Token
,
641 ASSERT(NT_SUCCESS(Status
));
643 /* Windows doesn't do anything with the token statistics! */
645 /* Map the access and return it back decoded */
646 RtlMapGenericMask(&DesiredAccess
, GenericMapping
);
647 *RemainingDesiredAccess
= DesiredAccess
;
649 /* Check if one of the rights requested was the SACL right */
650 if (DesiredAccess
& ACCESS_SYSTEM_SECURITY
)
652 /* Pretend that it's allowed FIXME: Do privilege check */
653 DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");
655 *RemainingDesiredAccess
&= ~ACCESS_SYSTEM_SECURITY
;
659 /* Nothing to grant */
663 /* If the caller did not pass in a token, close the handle to ours */
664 if (!CallerToken
) NtClose(Token
);
666 /* We need space to return only 1 privilege -- already part of the struct */
667 Size
= sizeof(PRIVILEGE_SET
);
670 /* Tell the caller how much space we need and fail */
672 return STATUS_BUFFER_TOO_SMALL
;
675 /* Check if the SACL right was granted... */
676 RtlZeroMemory(&Privileges
, Size
);
679 /* Yes, return it in the structure */
680 Privileges
->PrivilegeCount
= 1;
681 Privileges
->Privilege
[0].Luid
.LowPart
= SE_SECURITY_PRIVILEGE
;
682 Privileges
->Privilege
[0].Luid
.HighPart
= 0;
683 Privileges
->Privilege
[0].Attributes
= SE_PRIVILEGE_USED_FOR_ACCESS
;
687 return STATUS_SUCCESS
;
695 RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor
,
696 IN SECURITY_INFORMATION SecurityInformation
,
697 OUT PSECURITY_DESCRIPTOR ResultantDescriptor
,
698 IN ULONG DescriptorLength
,
699 OUT PULONG ReturnLength
)
702 SECURITY_DESCRIPTOR desc
;
703 BOOLEAN defaulted
, present
;
707 Status
= RtlCreateSecurityDescriptor(&desc
, SECURITY_DESCRIPTOR_REVISION
);
708 if (!NT_SUCCESS(Status
)) return Status
;
710 if (SecurityInformation
& OWNER_SECURITY_INFORMATION
)
712 Status
= RtlGetOwnerSecurityDescriptor(ObjectDescriptor
, &psid
, &defaulted
);
713 if (!NT_SUCCESS(Status
)) return Status
;
714 Status
= RtlSetOwnerSecurityDescriptor(&desc
, psid
, defaulted
);
715 if (!NT_SUCCESS(Status
)) return Status
;
718 if (SecurityInformation
& GROUP_SECURITY_INFORMATION
)
720 Status
= RtlGetGroupSecurityDescriptor(ObjectDescriptor
, &psid
, &defaulted
);
721 if (!NT_SUCCESS(Status
)) return Status
;
722 Status
= RtlSetGroupSecurityDescriptor(&desc
, psid
, defaulted
);
723 if (!NT_SUCCESS(Status
)) return Status
;
726 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
728 Status
= RtlGetDaclSecurityDescriptor(ObjectDescriptor
, &present
, &pacl
, &defaulted
);
729 if (!NT_SUCCESS(Status
)) return Status
;
730 Status
= RtlSetDaclSecurityDescriptor(&desc
, present
, pacl
, defaulted
);
731 if (!NT_SUCCESS(Status
)) return Status
;
734 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
736 Status
= RtlGetSaclSecurityDescriptor(ObjectDescriptor
, &present
, &pacl
, &defaulted
);
737 if (!NT_SUCCESS(Status
)) return Status
;
738 Status
= RtlSetSaclSecurityDescriptor(&desc
, present
, pacl
, defaulted
);
739 if (!NT_SUCCESS(Status
)) return Status
;
742 *ReturnLength
= DescriptorLength
;
743 return RtlAbsoluteToSelfRelativeSD(&desc
, ResultantDescriptor
, ReturnLength
);
752 RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation
,
753 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
754 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
755 IN PGENERIC_MAPPING GenericMapping
,
756 IN HANDLE Token OPTIONAL
)
758 /* Call the internal API */
759 return RtlpSetSecurityObject(NULL
,
761 ModificationDescriptor
,
762 ObjectsSecurityDescriptor
,
774 RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation
,
775 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
776 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
777 IN ULONG AutoInheritFlags
,
778 IN PGENERIC_MAPPING GenericMapping
,
779 IN HANDLE Token OPTIONAL
)
781 /* Call the internal API */
782 return RtlpSetSecurityObject(NULL
,
784 ModificationDescriptor
,
785 ObjectsSecurityDescriptor
,
798 RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
799 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
800 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
801 IN LPGUID ObjectType
,
802 IN BOOLEAN IsDirectoryObject
,
803 IN PGENERIC_MAPPING GenericMapping
)
805 /* Call the internal API */
806 return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor
,
819 RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback
)
822 return STATUS_NOT_IMPLEMENTED
;
830 RtlFlushSecureMemoryCache(IN PVOID MemoryCache
,
831 IN OPTIONAL SIZE_T MemoryLength
)