NtAccessCheck.3w

Langue: en

Version: Jun 2009 (debian - 07/07/09)

Section: 3 (Bibliothèques de fonctions)

Sommaire

NAME

NtAccessCheck (NTDLL.@)

SYNOPSIS

NTSTATUS NtAccessCheck
 (
  PSECURITY_DESCRIPTOR SecurityDescriptor,
  HANDLE               ClientToken,
  ACCESS_MASK          DesiredAccess,
  PGENERIC_MAPPING     GenericMapping,
  PPRIVILEGE_SET       PrivilegeSet,
  PULONG               ReturnLength,
  PULONG               GrantedAccess,
  NTSTATUS*            AccessStatus
 )

DESCRIPTION

Checks that a user represented by a token is allowed to access an object represented by a security descriptor.

PARAMS

SecurityDescriptor [In] The security descriptor of the object to check.

ClientToken [In] Token of the user accessing the object.

DesiredAccess [In] The desired access to the object.

GenericMapping [In] Mapping used to transform access rights in the SD to their specific forms.

PrivilegeSet [In/Out] Privileges used during the access check.

ReturnLength [Out] Number of bytes stored into PrivilegeSet.

GrantedAccess [Out] The actual access rights granted.

AccessStatus [Out] The status of the access check.

RETURNS

NTSTATUS code.

NOTES

DesiredAccess may be MAXIMUM_ALLOWED, in which case the function determines the maximum access rights allowed by the SD and returns them in GrantedAccess. The SecurityDescriptor must have a valid owner and groups present, otherwise the function will fail.

IMPLEMENTATION

Defined in "winternl.h".

Implemented in "dlls/ntdll/sec.c".

Debug channel "ntdll".