NTSTATUS SepAccessCheckAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PHANDLE ClientToken OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose, IN BOOLEAN ReturnResultList ); Routine Description: This system service is used to perform both an access validation and generate the corresponding audit and alarm messages. This service may only be used by a protected server that chooses to impersonate its client and thereby specifies the client security context implicitly. Arguments: SubsystemName - Supplies a name string identifying the subsystem calling the routine. HandleId - A unique value that will be used to represent the client's handle to the object. This value is ignored (and may be re-used) if the access is denied. ClientToken - Supplies the client token so that the caller does not have to impersonate before making the kernel call. ObjectTypeName - Supplies the name of the type of the object being created or accessed. ObjectName - Supplies the name of the object being created or accessed. SecurityDescriptor - A pointer to the Security Descriptor against which access is to be checked. DesiredAccess - The desired access mask. This mask must have been previously mapped to contain no generic accesses. AuditType - Specifies the type of audit to be generated. Valid value is: AuditEventObjectAccess Flags - Flags modifying the execution of the API: AUDIT_ALLOW_NO_PRIVILEGE - If the called does not have AuditPrivilege, the call will silently continue to check access and will generate no audit. ObjectTypeList - Supplies a list of GUIDs representing the object (and sub-objects) being accessed. If no list is present, AccessCheckByType behaves identically to AccessCheck. ObjectTypeListLength - Specifies the number of elements in the ObjectTypeList. GenericMapping - Supplies a pointer to the generic mapping associated with this object type. ObjectCreation - A boolean flag indicated whether the access will result in a new object being created if granted. A value of TRUE indicates an object will be created, FALSE indicates an existing object will be opened. GrantedAccess - Receives a masking indicating which accesses have been granted. AccessStatus - Receives an indication of the success or failure of the access check. If access is granted, STATUS_SUCCESS is returned. If access is denied, a value appropriate for return to the client is returned. This will be STATUS_ACCESS_DENIED or, when mandatory access controls are implemented, STATUS_OBJECT_NOT_FOUND. GenerateOnClose - Points to a boolean that is set by the audity generation routine and must be passed to NtCloseObjectAuditAlarm when the object handle is closed. ReturnResultList - If true, GrantedAccess and AccessStatus are actually arrays of entries ObjectTypeListLength elements long. Return Value: STATUS_SUCCESS - Indicates the call completed successfully. In this case, ClientStatus receives the result of the access check. STATUS_PRIVILEGE_NOT_HELD - Indicates the caller does not have sufficient privilege to use this privileged system service.