3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/audit.c
6 * PURPOSE: Audit functions
7 * PROGRAMMER: Eric Kohl
12 /* INCLUDES *****************************************************************/
15 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
17 /* FUNCTIONS ****************************************************************/
23 AccessCheckAndAuditAlarmA(LPCSTR SubsystemName
,
27 PSECURITY_DESCRIPTOR SecurityDescriptor
,
29 PGENERIC_MAPPING GenericMapping
,
31 LPDWORD GrantedAccess
,
33 LPBOOL pfGenerateOnClose
)
35 UNICODE_STRING SubsystemNameU
;
36 UNICODE_STRING ObjectTypeNameU
;
37 UNICODE_STRING ObjectNameU
;
38 NTSTATUS LocalAccessStatus
;
39 BOOLEAN GenerateOnClose
;
42 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
43 (PCHAR
)SubsystemName
);
44 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
45 (PCHAR
)ObjectTypeName
);
46 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
49 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
60 RtlFreeUnicodeString(&SubsystemNameU
);
61 RtlFreeUnicodeString(&ObjectTypeNameU
);
62 RtlFreeUnicodeString(&ObjectNameU
);
64 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
66 if (!NT_SUCCESS(Status
))
68 SetLastError(RtlNtStatusToDosError(Status
));
72 if (!NT_SUCCESS (LocalAccessStatus
))
74 *AccessStatus
= FALSE
;
75 SetLastError(RtlNtStatusToDosError(Status
));
89 AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName
,
91 LPWSTR ObjectTypeName
,
93 PSECURITY_DESCRIPTOR SecurityDescriptor
,
95 PGENERIC_MAPPING GenericMapping
,
97 LPDWORD GrantedAccess
,
99 LPBOOL pfGenerateOnClose
)
101 UNICODE_STRING SubsystemNameU
;
102 UNICODE_STRING ObjectTypeNameU
;
103 UNICODE_STRING ObjectNameU
;
104 NTSTATUS LocalAccessStatus
;
105 BOOLEAN GenerateOnClose
;
108 RtlInitUnicodeString(&SubsystemNameU
,
109 (PWSTR
)SubsystemName
);
110 RtlInitUnicodeString(&ObjectTypeNameU
,
111 (PWSTR
)ObjectTypeName
);
112 RtlInitUnicodeString(&ObjectNameU
,
115 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
127 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
129 if (!NT_SUCCESS(Status
))
131 SetLastError(RtlNtStatusToDosError(Status
));
135 if (!NT_SUCCESS(LocalAccessStatus
))
137 *AccessStatus
= FALSE
;
138 SetLastError(RtlNtStatusToDosError(Status
));
142 *AccessStatus
= TRUE
;
152 ObjectCloseAuditAlarmA(LPCSTR SubsystemName
,
154 BOOL GenerateOnClose
)
159 Status
= RtlCreateUnicodeStringFromAsciiz(&Name
,
160 (PCHAR
)SubsystemName
);
161 if (!NT_SUCCESS(Status
))
163 SetLastError(RtlNtStatusToDosError(Status
));
167 Status
= NtCloseObjectAuditAlarm(&Name
,
170 RtlFreeUnicodeString(&Name
);
171 if (!NT_SUCCESS (Status
))
173 SetLastError(RtlNtStatusToDosError(Status
));
185 ObjectCloseAuditAlarmW(LPCWSTR SubsystemName
,
187 BOOL GenerateOnClose
)
192 RtlInitUnicodeString(&Name
,
193 (PWSTR
)SubsystemName
);
195 Status
= NtCloseObjectAuditAlarm(&Name
,
198 if (!NT_SUCCESS(Status
))
200 SetLastError(RtlNtStatusToDosError(Status
));
212 ObjectDeleteAuditAlarmA(LPCSTR SubsystemName
,
214 BOOL GenerateOnClose
)
219 Status
= RtlCreateUnicodeStringFromAsciiz(&Name
,
220 (PCHAR
)SubsystemName
);
221 if (!NT_SUCCESS(Status
))
223 SetLastError(RtlNtStatusToDosError(Status
));
227 Status
= NtDeleteObjectAuditAlarm(&Name
,
230 RtlFreeUnicodeString(&Name
);
231 if (!NT_SUCCESS(Status
))
233 SetLastError(RtlNtStatusToDosError(Status
));
245 ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName
,
247 BOOL GenerateOnClose
)
252 RtlInitUnicodeString(&Name
,
253 (PWSTR
)SubsystemName
);
255 Status
= NtDeleteObjectAuditAlarm(&Name
,
258 if (!NT_SUCCESS(Status
))
260 SetLastError(RtlNtStatusToDosError(Status
));
272 ObjectOpenAuditAlarmA(LPCSTR SubsystemName
,
274 LPSTR ObjectTypeName
,
276 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
280 PPRIVILEGE_SET Privileges
,
283 LPBOOL GenerateOnClose
)
285 UNICODE_STRING SubsystemNameU
;
286 UNICODE_STRING ObjectTypeNameU
;
287 UNICODE_STRING ObjectNameU
;
290 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
291 (PCHAR
)SubsystemName
);
292 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
293 (PCHAR
)ObjectTypeName
);
294 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
297 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
308 (PBOOLEAN
)GenerateOnClose
);
309 RtlFreeUnicodeString(&SubsystemNameU
);
310 RtlFreeUnicodeString(&ObjectTypeNameU
);
311 RtlFreeUnicodeString(&ObjectNameU
);
312 if (!NT_SUCCESS(Status
))
314 SetLastError(RtlNtStatusToDosError(Status
));
326 ObjectOpenAuditAlarmW(LPCWSTR SubsystemName
,
328 LPWSTR ObjectTypeName
,
330 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
334 PPRIVILEGE_SET Privileges
,
337 LPBOOL GenerateOnClose
)
339 UNICODE_STRING SubsystemNameU
;
340 UNICODE_STRING ObjectTypeNameU
;
341 UNICODE_STRING ObjectNameU
;
344 RtlInitUnicodeString(&SubsystemNameU
,
345 (PWSTR
)SubsystemName
);
346 RtlInitUnicodeString(&ObjectTypeNameU
,
347 (PWSTR
)ObjectTypeName
);
348 RtlInitUnicodeString(&ObjectNameU
,
351 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
362 (PBOOLEAN
)GenerateOnClose
);
363 if (!NT_SUCCESS(Status
))
365 SetLastError(RtlNtStatusToDosError(Status
));
377 ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName
,
381 PPRIVILEGE_SET Privileges
,
384 UNICODE_STRING SubsystemNameU
;
387 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
388 (PCHAR
)SubsystemName
);
390 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
396 RtlFreeUnicodeString (&SubsystemNameU
);
397 if (!NT_SUCCESS(Status
))
399 SetLastError(RtlNtStatusToDosError(Status
));
411 ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName
,
415 PPRIVILEGE_SET Privileges
,
418 UNICODE_STRING SubsystemNameU
;
421 RtlInitUnicodeString(&SubsystemNameU
,
422 (PWSTR
)SubsystemName
);
424 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
430 if (!NT_SUCCESS(Status
))
432 SetLastError(RtlNtStatusToDosError(Status
));
444 PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName
,
447 PPRIVILEGE_SET Privileges
,
450 UNICODE_STRING SubsystemNameU
;
451 UNICODE_STRING ServiceNameU
;
454 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
455 (PCHAR
)SubsystemName
);
456 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU
,
459 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
464 RtlFreeUnicodeString(&SubsystemNameU
);
465 RtlFreeUnicodeString(&ServiceNameU
);
466 if (!NT_SUCCESS(Status
))
468 SetLastError(RtlNtStatusToDosError(Status
));
480 PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName
,
483 PPRIVILEGE_SET Privileges
,
486 UNICODE_STRING SubsystemNameU
;
487 UNICODE_STRING ServiceNameU
;
490 RtlInitUnicodeString(&SubsystemNameU
,
491 (PWSTR
)SubsystemName
);
492 RtlInitUnicodeString(&ServiceNameU
,
495 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
500 if (!NT_SUCCESS(Status
))
502 SetLastError(RtlNtStatusToDosError(Status
));
514 AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName
,
516 IN HANDLE ClientToken
,
517 IN LPCWSTR ObjectTypeName
,
518 IN LPCWSTR ObjectName
,
519 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
520 IN PSID PrincipalSelfSid
,
521 IN DWORD DesiredAccess
,
522 IN AUDIT_EVENT_TYPE AuditType
,
524 IN POBJECT_TYPE_LIST ObjectTypeList
,
525 IN DWORD ObjectTypeListLength
,
526 IN PGENERIC_MAPPING GenericMapping
,
527 IN BOOL ObjectCreation
,
528 OUT LPDWORD GrantedAccess
,
529 OUT LPDWORD AccessStatusList
,
530 OUT LPBOOL pfGenerateOnClose
)
532 FIXME("%s() not implemented!\n", __FUNCTION__
);
533 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
542 AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName
,
544 IN HANDLE ClientToken
,
545 IN LPCSTR ObjectTypeName
,
546 IN LPCSTR ObjectName
,
547 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
548 IN PSID PrincipalSelfSid
,
549 IN DWORD DesiredAccess
,
550 IN AUDIT_EVENT_TYPE AuditType
,
552 IN POBJECT_TYPE_LIST ObjectTypeList
,
553 IN DWORD ObjectTypeListLength
,
554 IN PGENERIC_MAPPING GenericMapping
,
555 IN BOOL ObjectCreation
,
556 OUT LPDWORD GrantedAccess
,
557 OUT LPDWORD AccessStatusList
,
558 OUT LPBOOL pfGenerateOnClose
)
560 FIXME("%s() not implemented!\n", __FUNCTION__
);
561 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
570 AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName
,
572 IN LPCWSTR ObjectTypeName
,
573 IN LPCWSTR ObjectName
,
574 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
575 IN PSID PrincipalSelfSid
,
576 IN DWORD DesiredAccess
,
577 IN AUDIT_EVENT_TYPE AuditType
,
579 IN POBJECT_TYPE_LIST ObjectTypeList
,
580 IN DWORD ObjectTypeListLength
,
581 IN PGENERIC_MAPPING GenericMapping
,
582 IN BOOL ObjectCreation
,
583 OUT LPDWORD GrantedAccess
,
584 OUT LPDWORD AccessStatusList
,
585 OUT LPBOOL pfGenerateOnClose
)
587 FIXME("%s() not implemented!\n", __FUNCTION__
);
588 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
597 AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName
,
599 IN LPCSTR ObjectTypeName
,
600 IN LPCSTR ObjectName
,
601 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
602 IN PSID PrincipalSelfSid
,
603 IN DWORD DesiredAccess
,
604 IN AUDIT_EVENT_TYPE AuditType
,
606 IN POBJECT_TYPE_LIST ObjectTypeList
,
607 IN DWORD ObjectTypeListLength
,
608 IN PGENERIC_MAPPING GenericMapping
,
609 IN BOOL ObjectCreation
,
610 OUT LPDWORD GrantedAccess
,
611 OUT LPDWORD AccessStatusList
,
612 OUT LPBOOL pfGenerateOnClose
)
614 FIXME("%s() not implemented!\n", __FUNCTION__
);
615 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
624 AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName
,
626 IN LPCWSTR ObjectTypeName
,
627 IN LPCWSTR ObjectName
,
628 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
629 IN PSID PrincipalSelfSid
,
630 IN DWORD DesiredAccess
,
631 IN AUDIT_EVENT_TYPE AuditType
,
633 IN POBJECT_TYPE_LIST ObjectTypeList
,
634 IN DWORD ObjectTypeListLength
,
635 IN PGENERIC_MAPPING GenericMapping
,
636 IN BOOL ObjectCreation
,
637 OUT LPDWORD GrantedAccess
,
638 OUT LPBOOL AccessStatus
,
639 OUT LPBOOL pfGenerateOnClose
)
641 FIXME("%s() not implemented!\n", __FUNCTION__
);
642 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
651 AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName
,
653 IN LPCSTR ObjectTypeName
,
654 IN LPCSTR ObjectName
,
655 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
656 IN PSID PrincipalSelfSid
,
657 IN DWORD DesiredAccess
,
658 IN AUDIT_EVENT_TYPE AuditType
,
660 IN POBJECT_TYPE_LIST ObjectTypeList
,
661 IN DWORD ObjectTypeListLength
,
662 IN PGENERIC_MAPPING GenericMapping
,
663 IN BOOL ObjectCreation
,
664 OUT LPDWORD GrantedAccess
,
665 OUT LPBOOL AccessStatus
,
666 OUT LPBOOL pfGenerateOnClose
)
668 FIXME("%s() not implemented!\n", __FUNCTION__
);
669 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);