2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/advapi32/sec/audit.c
5 * PURPOSE: Audit functions
6 * PROGRAMMER: Eric Kohl
11 /* INCLUDES *****************************************************************/
14 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
16 /* FUNCTIONS ****************************************************************/
22 AccessCheckAndAuditAlarmA(LPCSTR SubsystemName
,
26 PSECURITY_DESCRIPTOR SecurityDescriptor
,
28 PGENERIC_MAPPING GenericMapping
,
30 LPDWORD GrantedAccess
,
32 LPBOOL pfGenerateOnClose
)
34 UNICODE_STRING SubsystemNameU
;
35 UNICODE_STRING ObjectTypeNameU
;
36 UNICODE_STRING ObjectNameU
;
37 NTSTATUS LocalAccessStatus
;
38 BOOLEAN GenerateOnClose
;
41 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
42 (PCHAR
)SubsystemName
);
43 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
44 (PCHAR
)ObjectTypeName
);
45 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
48 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
59 RtlFreeUnicodeString(&SubsystemNameU
);
60 RtlFreeUnicodeString(&ObjectTypeNameU
);
61 RtlFreeUnicodeString(&ObjectNameU
);
63 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
65 if (!NT_SUCCESS(Status
))
67 SetLastError(RtlNtStatusToDosError(Status
));
71 if (!NT_SUCCESS (LocalAccessStatus
))
73 *AccessStatus
= FALSE
;
74 SetLastError(RtlNtStatusToDosError(Status
));
88 AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName
,
90 LPWSTR ObjectTypeName
,
92 PSECURITY_DESCRIPTOR SecurityDescriptor
,
94 PGENERIC_MAPPING GenericMapping
,
96 LPDWORD GrantedAccess
,
98 LPBOOL pfGenerateOnClose
)
100 UNICODE_STRING SubsystemNameU
;
101 UNICODE_STRING ObjectTypeNameU
;
102 UNICODE_STRING ObjectNameU
;
103 NTSTATUS LocalAccessStatus
;
104 BOOLEAN GenerateOnClose
;
107 RtlInitUnicodeString(&SubsystemNameU
,
108 (PWSTR
)SubsystemName
);
109 RtlInitUnicodeString(&ObjectTypeNameU
,
110 (PWSTR
)ObjectTypeName
);
111 RtlInitUnicodeString(&ObjectNameU
,
114 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
126 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
128 if (!NT_SUCCESS(Status
))
130 SetLastError(RtlNtStatusToDosError(Status
));
134 if (!NT_SUCCESS(LocalAccessStatus
))
136 *AccessStatus
= FALSE
;
137 SetLastError(RtlNtStatusToDosError(Status
));
141 *AccessStatus
= TRUE
;
151 ObjectCloseAuditAlarmA(LPCSTR SubsystemName
,
153 BOOL GenerateOnClose
)
158 if (!RtlCreateUnicodeStringFromAsciiz(&Name
, SubsystemName
))
160 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
164 Status
= NtCloseObjectAuditAlarm(&Name
,
167 RtlFreeUnicodeString(&Name
);
168 if (!NT_SUCCESS (Status
))
170 SetLastError(RtlNtStatusToDosError(Status
));
182 ObjectCloseAuditAlarmW(LPCWSTR SubsystemName
,
184 BOOL GenerateOnClose
)
189 RtlInitUnicodeString(&Name
,
190 (PWSTR
)SubsystemName
);
192 Status
= NtCloseObjectAuditAlarm(&Name
,
195 if (!NT_SUCCESS(Status
))
197 SetLastError(RtlNtStatusToDosError(Status
));
209 ObjectDeleteAuditAlarmA(LPCSTR SubsystemName
,
211 BOOL GenerateOnClose
)
216 if (!RtlCreateUnicodeStringFromAsciiz(&Name
, SubsystemName
))
218 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
222 Status
= NtDeleteObjectAuditAlarm(&Name
,
225 RtlFreeUnicodeString(&Name
);
226 if (!NT_SUCCESS(Status
))
228 SetLastError(RtlNtStatusToDosError(Status
));
240 ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName
,
242 BOOL GenerateOnClose
)
247 RtlInitUnicodeString(&Name
,
248 (PWSTR
)SubsystemName
);
250 Status
= NtDeleteObjectAuditAlarm(&Name
,
253 if (!NT_SUCCESS(Status
))
255 SetLastError(RtlNtStatusToDosError(Status
));
267 ObjectOpenAuditAlarmA(LPCSTR SubsystemName
,
269 LPSTR ObjectTypeName
,
271 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
275 PPRIVILEGE_SET Privileges
,
278 LPBOOL GenerateOnClose
)
280 UNICODE_STRING SubsystemNameU
;
281 UNICODE_STRING ObjectTypeNameU
;
282 UNICODE_STRING ObjectNameU
;
285 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
286 (PCHAR
)SubsystemName
);
287 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
288 (PCHAR
)ObjectTypeName
);
289 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
292 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
303 (PBOOLEAN
)GenerateOnClose
);
304 RtlFreeUnicodeString(&SubsystemNameU
);
305 RtlFreeUnicodeString(&ObjectTypeNameU
);
306 RtlFreeUnicodeString(&ObjectNameU
);
307 if (!NT_SUCCESS(Status
))
309 SetLastError(RtlNtStatusToDosError(Status
));
321 ObjectOpenAuditAlarmW(LPCWSTR SubsystemName
,
323 LPWSTR ObjectTypeName
,
325 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
329 PPRIVILEGE_SET Privileges
,
332 LPBOOL GenerateOnClose
)
334 UNICODE_STRING SubsystemNameU
;
335 UNICODE_STRING ObjectTypeNameU
;
336 UNICODE_STRING ObjectNameU
;
339 RtlInitUnicodeString(&SubsystemNameU
,
340 (PWSTR
)SubsystemName
);
341 RtlInitUnicodeString(&ObjectTypeNameU
,
342 (PWSTR
)ObjectTypeName
);
343 RtlInitUnicodeString(&ObjectNameU
,
346 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
357 (PBOOLEAN
)GenerateOnClose
);
358 if (!NT_SUCCESS(Status
))
360 SetLastError(RtlNtStatusToDosError(Status
));
372 ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName
,
376 PPRIVILEGE_SET Privileges
,
379 UNICODE_STRING SubsystemNameU
;
382 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
383 (PCHAR
)SubsystemName
);
385 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
391 RtlFreeUnicodeString (&SubsystemNameU
);
392 if (!NT_SUCCESS(Status
))
394 SetLastError(RtlNtStatusToDosError(Status
));
406 ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName
,
410 PPRIVILEGE_SET Privileges
,
413 UNICODE_STRING SubsystemNameU
;
416 RtlInitUnicodeString(&SubsystemNameU
,
417 (PWSTR
)SubsystemName
);
419 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
425 if (!NT_SUCCESS(Status
))
427 SetLastError(RtlNtStatusToDosError(Status
));
439 PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName
,
442 PPRIVILEGE_SET Privileges
,
445 UNICODE_STRING SubsystemNameU
;
446 UNICODE_STRING ServiceNameU
;
449 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
450 (PCHAR
)SubsystemName
);
451 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU
,
454 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
459 RtlFreeUnicodeString(&SubsystemNameU
);
460 RtlFreeUnicodeString(&ServiceNameU
);
461 if (!NT_SUCCESS(Status
))
463 SetLastError(RtlNtStatusToDosError(Status
));
475 PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName
,
478 PPRIVILEGE_SET Privileges
,
481 UNICODE_STRING SubsystemNameU
;
482 UNICODE_STRING ServiceNameU
;
485 RtlInitUnicodeString(&SubsystemNameU
,
486 (PWSTR
)SubsystemName
);
487 RtlInitUnicodeString(&ServiceNameU
,
490 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
495 if (!NT_SUCCESS(Status
))
497 SetLastError(RtlNtStatusToDosError(Status
));
509 AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName
,
511 IN HANDLE ClientToken
,
512 IN LPCWSTR ObjectTypeName
,
513 IN LPCWSTR ObjectName
,
514 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
515 IN PSID PrincipalSelfSid
,
516 IN DWORD DesiredAccess
,
517 IN AUDIT_EVENT_TYPE AuditType
,
519 IN POBJECT_TYPE_LIST ObjectTypeList
,
520 IN DWORD ObjectTypeListLength
,
521 IN PGENERIC_MAPPING GenericMapping
,
522 IN BOOL ObjectCreation
,
523 OUT LPDWORD GrantedAccess
,
524 OUT LPDWORD AccessStatusList
,
525 OUT LPBOOL pfGenerateOnClose
)
527 FIXME("%s() not implemented!\n", __FUNCTION__
);
528 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
537 AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName
,
539 IN HANDLE ClientToken
,
540 IN LPCSTR ObjectTypeName
,
541 IN LPCSTR ObjectName
,
542 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
543 IN PSID PrincipalSelfSid
,
544 IN DWORD DesiredAccess
,
545 IN AUDIT_EVENT_TYPE AuditType
,
547 IN POBJECT_TYPE_LIST ObjectTypeList
,
548 IN DWORD ObjectTypeListLength
,
549 IN PGENERIC_MAPPING GenericMapping
,
550 IN BOOL ObjectCreation
,
551 OUT LPDWORD GrantedAccess
,
552 OUT LPDWORD AccessStatusList
,
553 OUT LPBOOL pfGenerateOnClose
)
555 FIXME("%s() not implemented!\n", __FUNCTION__
);
556 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
565 AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName
,
567 IN LPCWSTR ObjectTypeName
,
568 IN LPCWSTR ObjectName
,
569 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
570 IN PSID PrincipalSelfSid
,
571 IN DWORD DesiredAccess
,
572 IN AUDIT_EVENT_TYPE AuditType
,
574 IN POBJECT_TYPE_LIST ObjectTypeList
,
575 IN DWORD ObjectTypeListLength
,
576 IN PGENERIC_MAPPING GenericMapping
,
577 IN BOOL ObjectCreation
,
578 OUT LPDWORD GrantedAccess
,
579 OUT LPDWORD AccessStatusList
,
580 OUT LPBOOL pfGenerateOnClose
)
582 FIXME("%s() not implemented!\n", __FUNCTION__
);
583 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
592 AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName
,
594 IN LPCSTR ObjectTypeName
,
595 IN LPCSTR ObjectName
,
596 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
597 IN PSID PrincipalSelfSid
,
598 IN DWORD DesiredAccess
,
599 IN AUDIT_EVENT_TYPE AuditType
,
601 IN POBJECT_TYPE_LIST ObjectTypeList
,
602 IN DWORD ObjectTypeListLength
,
603 IN PGENERIC_MAPPING GenericMapping
,
604 IN BOOL ObjectCreation
,
605 OUT LPDWORD GrantedAccess
,
606 OUT LPDWORD AccessStatusList
,
607 OUT LPBOOL pfGenerateOnClose
)
609 FIXME("%s() not implemented!\n", __FUNCTION__
);
610 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
619 AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName
,
621 IN LPCWSTR ObjectTypeName
,
622 IN LPCWSTR ObjectName
,
623 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
624 IN PSID PrincipalSelfSid
,
625 IN DWORD DesiredAccess
,
626 IN AUDIT_EVENT_TYPE AuditType
,
628 IN POBJECT_TYPE_LIST ObjectTypeList
,
629 IN DWORD ObjectTypeListLength
,
630 IN PGENERIC_MAPPING GenericMapping
,
631 IN BOOL ObjectCreation
,
632 OUT LPDWORD GrantedAccess
,
633 OUT LPBOOL AccessStatus
,
634 OUT LPBOOL pfGenerateOnClose
)
636 FIXME("%s() not implemented!\n", __FUNCTION__
);
637 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
646 AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName
,
648 IN LPCSTR ObjectTypeName
,
649 IN LPCSTR ObjectName
,
650 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
651 IN PSID PrincipalSelfSid
,
652 IN DWORD DesiredAccess
,
653 IN AUDIT_EVENT_TYPE AuditType
,
655 IN POBJECT_TYPE_LIST ObjectTypeList
,
656 IN DWORD ObjectTypeListLength
,
657 IN PGENERIC_MAPPING GenericMapping
,
658 IN BOOL ObjectCreation
,
659 OUT LPDWORD GrantedAccess
,
660 OUT LPBOOL AccessStatus
,
661 OUT LPBOOL pfGenerateOnClose
)
663 FIXME("%s() not implemented!\n", __FUNCTION__
);
664 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);