NTSTATUS
RtlNewInstanceSecurityObject(
IN BOOLEAN ParentDescriptorChanged,
IN BOOLEAN CreatorDescriptorChanged,
IN PLUID OldClientTokenModifiedId,
OUT PLUID NewClientTokenModifiedId,
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR CreatorDescriptor OPTIONAL,
OUT PSECURITY_DESCRIPTOR * NewDescriptor,
IN BOOLEAN IsDirectoryObject,
IN HANDLE Token,
IN PGENERIC_MAPPING GenericMapping
);
Routine Description:
If the return status is STATUS_SUCCESS and the NewSecurity return
value is NULL, then the security desscriptor of the original
instance of the object is valid for this instance as well.
Arguments:
ParentDescriptorChanged - Supplies a flag indicating whether the
parent security descriptor has changed since the last time
this set of parameters was used.
CreatorDescriptorChanged - Supplies a flag indicating whether the
creator security descriptor has changed since the last time
this set of parameters was used.
OldClientTokenModifiedId - Supplies the ModifiedId from the passed
token that was in effect when this call was last made with
these parameters. If the current ModifiedId is different from
the one passed in here, the security descriptor must be
rebuilt.
NewClientTokenModifiedId - Returns the current ModifiedId from the
passed token.
ParentDescriptor - Supplies the Security Descriptor for the parent
directory under which a new object is being created. If there is
no parent directory, then this argument is specified as NULL.
CreatorDescriptor - (Optionally) Points to a security descriptor
presented by the creator of the object. If the creator of the
object did not explicitly pass security information for the new
object, then a null pointer should be passed.
NewDescriptor - Points to a pointer that is to be made to point to the
newly allocated self-relative security descriptor.
IsDirectoryObject - Specifies if the new object is going to be a
directory object. A value of TRUE indicates the object is a
container of other objects.
Token - Supplies the token for the client on whose behalf the
object is being created. If it is an impersonation token,
then it must be at SecurityIdentification level or higher. If
it is not an impersonation token, the operation proceeds
normally.
A client token is used to retrieve default security
information for the new object, such as default owner, primary
group, and discretionary access control. The token must be
open for TOKEN_QUERY access.
GenericMapping - Supplies a pointer to a generic mapping array denoting
the mapping between each generic right to specific rights.
Return Value:
return-value - Description of conditions needed to return value. - or -
None.