3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/audit.c
6 * PURPOSE: Audit functions
7 * PROGRAMMER: Eric Kohl
12 /* INCLUDES *****************************************************************/
15 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
17 /* FUNCTIONS ****************************************************************/
23 AccessCheckAndAuditAlarmA(LPCSTR SubsystemName
,
27 PSECURITY_DESCRIPTOR SecurityDescriptor
,
29 PGENERIC_MAPPING GenericMapping
,
31 LPDWORD GrantedAccess
,
33 LPBOOL pfGenerateOnClose
)
35 UNICODE_STRING SubsystemNameU
;
36 UNICODE_STRING ObjectTypeNameU
;
37 UNICODE_STRING ObjectNameU
;
38 NTSTATUS LocalAccessStatus
;
39 BOOLEAN GenerateOnClose
;
42 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
43 (PCHAR
)SubsystemName
);
44 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
45 (PCHAR
)ObjectTypeName
);
46 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
49 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
60 RtlFreeUnicodeString(&SubsystemNameU
);
61 RtlFreeUnicodeString(&ObjectTypeNameU
);
62 RtlFreeUnicodeString(&ObjectNameU
);
64 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
66 if (!NT_SUCCESS(Status
))
68 SetLastError(RtlNtStatusToDosError(Status
));
72 if (!NT_SUCCESS (LocalAccessStatus
))
74 *AccessStatus
= FALSE
;
75 SetLastError(RtlNtStatusToDosError(Status
));
89 AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName
,
91 LPWSTR ObjectTypeName
,
93 PSECURITY_DESCRIPTOR SecurityDescriptor
,
95 PGENERIC_MAPPING GenericMapping
,
97 LPDWORD GrantedAccess
,
99 LPBOOL pfGenerateOnClose
)
101 UNICODE_STRING SubsystemNameU
;
102 UNICODE_STRING ObjectTypeNameU
;
103 UNICODE_STRING ObjectNameU
;
104 NTSTATUS LocalAccessStatus
;
105 BOOLEAN GenerateOnClose
;
108 RtlInitUnicodeString(&SubsystemNameU
,
109 (PWSTR
)SubsystemName
);
110 RtlInitUnicodeString(&ObjectTypeNameU
,
111 (PWSTR
)ObjectTypeName
);
112 RtlInitUnicodeString(&ObjectNameU
,
115 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
127 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
129 if (!NT_SUCCESS(Status
))
131 SetLastError(RtlNtStatusToDosError(Status
));
135 if (!NT_SUCCESS(LocalAccessStatus
))
137 *AccessStatus
= FALSE
;
138 SetLastError(RtlNtStatusToDosError(Status
));
142 *AccessStatus
= TRUE
;
152 ObjectCloseAuditAlarmA(LPCSTR SubsystemName
,
154 BOOL GenerateOnClose
)
159 if (!RtlCreateUnicodeStringFromAsciiz(&Name
, SubsystemName
))
161 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
165 Status
= NtCloseObjectAuditAlarm(&Name
,
168 RtlFreeUnicodeString(&Name
);
169 if (!NT_SUCCESS (Status
))
171 SetLastError(RtlNtStatusToDosError(Status
));
183 ObjectCloseAuditAlarmW(LPCWSTR SubsystemName
,
185 BOOL GenerateOnClose
)
190 RtlInitUnicodeString(&Name
,
191 (PWSTR
)SubsystemName
);
193 Status
= NtCloseObjectAuditAlarm(&Name
,
196 if (!NT_SUCCESS(Status
))
198 SetLastError(RtlNtStatusToDosError(Status
));
210 ObjectDeleteAuditAlarmA(LPCSTR SubsystemName
,
212 BOOL GenerateOnClose
)
217 if (!RtlCreateUnicodeStringFromAsciiz(&Name
, SubsystemName
))
219 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
223 Status
= NtDeleteObjectAuditAlarm(&Name
,
226 RtlFreeUnicodeString(&Name
);
227 if (!NT_SUCCESS(Status
))
229 SetLastError(RtlNtStatusToDosError(Status
));
241 ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName
,
243 BOOL GenerateOnClose
)
248 RtlInitUnicodeString(&Name
,
249 (PWSTR
)SubsystemName
);
251 Status
= NtDeleteObjectAuditAlarm(&Name
,
254 if (!NT_SUCCESS(Status
))
256 SetLastError(RtlNtStatusToDosError(Status
));
268 ObjectOpenAuditAlarmA(LPCSTR SubsystemName
,
270 LPSTR ObjectTypeName
,
272 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
276 PPRIVILEGE_SET Privileges
,
279 LPBOOL GenerateOnClose
)
281 UNICODE_STRING SubsystemNameU
;
282 UNICODE_STRING ObjectTypeNameU
;
283 UNICODE_STRING ObjectNameU
;
286 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
287 (PCHAR
)SubsystemName
);
288 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
289 (PCHAR
)ObjectTypeName
);
290 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
293 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
304 (PBOOLEAN
)GenerateOnClose
);
305 RtlFreeUnicodeString(&SubsystemNameU
);
306 RtlFreeUnicodeString(&ObjectTypeNameU
);
307 RtlFreeUnicodeString(&ObjectNameU
);
308 if (!NT_SUCCESS(Status
))
310 SetLastError(RtlNtStatusToDosError(Status
));
322 ObjectOpenAuditAlarmW(LPCWSTR SubsystemName
,
324 LPWSTR ObjectTypeName
,
326 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
330 PPRIVILEGE_SET Privileges
,
333 LPBOOL GenerateOnClose
)
335 UNICODE_STRING SubsystemNameU
;
336 UNICODE_STRING ObjectTypeNameU
;
337 UNICODE_STRING ObjectNameU
;
340 RtlInitUnicodeString(&SubsystemNameU
,
341 (PWSTR
)SubsystemName
);
342 RtlInitUnicodeString(&ObjectTypeNameU
,
343 (PWSTR
)ObjectTypeName
);
344 RtlInitUnicodeString(&ObjectNameU
,
347 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
358 (PBOOLEAN
)GenerateOnClose
);
359 if (!NT_SUCCESS(Status
))
361 SetLastError(RtlNtStatusToDosError(Status
));
373 ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName
,
377 PPRIVILEGE_SET Privileges
,
380 UNICODE_STRING SubsystemNameU
;
383 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
384 (PCHAR
)SubsystemName
);
386 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
392 RtlFreeUnicodeString (&SubsystemNameU
);
393 if (!NT_SUCCESS(Status
))
395 SetLastError(RtlNtStatusToDosError(Status
));
407 ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName
,
411 PPRIVILEGE_SET Privileges
,
414 UNICODE_STRING SubsystemNameU
;
417 RtlInitUnicodeString(&SubsystemNameU
,
418 (PWSTR
)SubsystemName
);
420 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
426 if (!NT_SUCCESS(Status
))
428 SetLastError(RtlNtStatusToDosError(Status
));
440 PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName
,
443 PPRIVILEGE_SET Privileges
,
446 UNICODE_STRING SubsystemNameU
;
447 UNICODE_STRING ServiceNameU
;
450 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
451 (PCHAR
)SubsystemName
);
452 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU
,
455 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
460 RtlFreeUnicodeString(&SubsystemNameU
);
461 RtlFreeUnicodeString(&ServiceNameU
);
462 if (!NT_SUCCESS(Status
))
464 SetLastError(RtlNtStatusToDosError(Status
));
476 PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName
,
479 PPRIVILEGE_SET Privileges
,
482 UNICODE_STRING SubsystemNameU
;
483 UNICODE_STRING ServiceNameU
;
486 RtlInitUnicodeString(&SubsystemNameU
,
487 (PWSTR
)SubsystemName
);
488 RtlInitUnicodeString(&ServiceNameU
,
491 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
496 if (!NT_SUCCESS(Status
))
498 SetLastError(RtlNtStatusToDosError(Status
));
510 AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName
,
512 IN HANDLE ClientToken
,
513 IN LPCWSTR ObjectTypeName
,
514 IN LPCWSTR ObjectName
,
515 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
516 IN PSID PrincipalSelfSid
,
517 IN DWORD DesiredAccess
,
518 IN AUDIT_EVENT_TYPE AuditType
,
520 IN POBJECT_TYPE_LIST ObjectTypeList
,
521 IN DWORD ObjectTypeListLength
,
522 IN PGENERIC_MAPPING GenericMapping
,
523 IN BOOL ObjectCreation
,
524 OUT LPDWORD GrantedAccess
,
525 OUT LPDWORD AccessStatusList
,
526 OUT LPBOOL pfGenerateOnClose
)
528 FIXME("%s() not implemented!\n", __FUNCTION__
);
529 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
538 AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName
,
540 IN HANDLE ClientToken
,
541 IN LPCSTR ObjectTypeName
,
542 IN LPCSTR ObjectName
,
543 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
544 IN PSID PrincipalSelfSid
,
545 IN DWORD DesiredAccess
,
546 IN AUDIT_EVENT_TYPE AuditType
,
548 IN POBJECT_TYPE_LIST ObjectTypeList
,
549 IN DWORD ObjectTypeListLength
,
550 IN PGENERIC_MAPPING GenericMapping
,
551 IN BOOL ObjectCreation
,
552 OUT LPDWORD GrantedAccess
,
553 OUT LPDWORD AccessStatusList
,
554 OUT LPBOOL pfGenerateOnClose
)
556 FIXME("%s() not implemented!\n", __FUNCTION__
);
557 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
566 AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName
,
568 IN LPCWSTR ObjectTypeName
,
569 IN LPCWSTR ObjectName
,
570 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
571 IN PSID PrincipalSelfSid
,
572 IN DWORD DesiredAccess
,
573 IN AUDIT_EVENT_TYPE AuditType
,
575 IN POBJECT_TYPE_LIST ObjectTypeList
,
576 IN DWORD ObjectTypeListLength
,
577 IN PGENERIC_MAPPING GenericMapping
,
578 IN BOOL ObjectCreation
,
579 OUT LPDWORD GrantedAccess
,
580 OUT LPDWORD AccessStatusList
,
581 OUT LPBOOL pfGenerateOnClose
)
583 FIXME("%s() not implemented!\n", __FUNCTION__
);
584 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
593 AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName
,
595 IN LPCSTR ObjectTypeName
,
596 IN LPCSTR ObjectName
,
597 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
598 IN PSID PrincipalSelfSid
,
599 IN DWORD DesiredAccess
,
600 IN AUDIT_EVENT_TYPE AuditType
,
602 IN POBJECT_TYPE_LIST ObjectTypeList
,
603 IN DWORD ObjectTypeListLength
,
604 IN PGENERIC_MAPPING GenericMapping
,
605 IN BOOL ObjectCreation
,
606 OUT LPDWORD GrantedAccess
,
607 OUT LPDWORD AccessStatusList
,
608 OUT LPBOOL pfGenerateOnClose
)
610 FIXME("%s() not implemented!\n", __FUNCTION__
);
611 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
620 AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName
,
622 IN LPCWSTR ObjectTypeName
,
623 IN LPCWSTR ObjectName
,
624 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
625 IN PSID PrincipalSelfSid
,
626 IN DWORD DesiredAccess
,
627 IN AUDIT_EVENT_TYPE AuditType
,
629 IN POBJECT_TYPE_LIST ObjectTypeList
,
630 IN DWORD ObjectTypeListLength
,
631 IN PGENERIC_MAPPING GenericMapping
,
632 IN BOOL ObjectCreation
,
633 OUT LPDWORD GrantedAccess
,
634 OUT LPBOOL AccessStatus
,
635 OUT LPBOOL pfGenerateOnClose
)
637 FIXME("%s() not implemented!\n", __FUNCTION__
);
638 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
647 AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName
,
649 IN LPCSTR ObjectTypeName
,
650 IN LPCSTR ObjectName
,
651 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
652 IN PSID PrincipalSelfSid
,
653 IN DWORD DesiredAccess
,
654 IN AUDIT_EVENT_TYPE AuditType
,
656 IN POBJECT_TYPE_LIST ObjectTypeList
,
657 IN DWORD ObjectTypeListLength
,
658 IN PGENERIC_MAPPING GenericMapping
,
659 IN BOOL ObjectCreation
,
660 OUT LPDWORD GrantedAccess
,
661 OUT LPBOOL AccessStatus
,
662 OUT LPBOOL pfGenerateOnClose
)
664 FIXME("%s() not implemented!\n", __FUNCTION__
);
665 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);