3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/audit.c
6 * PURPOSE: Audit functions
7 * PROGRAMMER: Eric Kohl
12 /* INCLUDES *****************************************************************/
15 #include <wine/debug.h>
17 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
19 /* FUNCTIONS ****************************************************************/
25 AccessCheckAndAuditAlarmA(LPCSTR SubsystemName
,
29 PSECURITY_DESCRIPTOR SecurityDescriptor
,
31 PGENERIC_MAPPING GenericMapping
,
33 LPDWORD GrantedAccess
,
35 LPBOOL pfGenerateOnClose
)
37 UNICODE_STRING SubsystemNameU
;
38 UNICODE_STRING ObjectTypeNameU
;
39 UNICODE_STRING ObjectNameU
;
40 NTSTATUS LocalAccessStatus
;
41 BOOLEAN GenerateOnClose
;
44 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
45 (PCHAR
)SubsystemName
);
46 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
47 (PCHAR
)ObjectTypeName
);
48 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
51 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
62 RtlFreeUnicodeString(&SubsystemNameU
);
63 RtlFreeUnicodeString(&ObjectTypeNameU
);
64 RtlFreeUnicodeString(&ObjectNameU
);
66 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
68 if (!NT_SUCCESS(Status
))
70 SetLastError(RtlNtStatusToDosError(Status
));
74 if (!NT_SUCCESS (LocalAccessStatus
))
76 *AccessStatus
= FALSE
;
77 SetLastError(RtlNtStatusToDosError(Status
));
91 AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName
,
93 LPWSTR ObjectTypeName
,
95 PSECURITY_DESCRIPTOR SecurityDescriptor
,
97 PGENERIC_MAPPING GenericMapping
,
99 LPDWORD GrantedAccess
,
101 LPBOOL pfGenerateOnClose
)
103 UNICODE_STRING SubsystemNameU
;
104 UNICODE_STRING ObjectTypeNameU
;
105 UNICODE_STRING ObjectNameU
;
106 NTSTATUS LocalAccessStatus
;
107 BOOLEAN GenerateOnClose
;
110 RtlInitUnicodeString(&SubsystemNameU
,
111 (PWSTR
)SubsystemName
);
112 RtlInitUnicodeString(&ObjectTypeNameU
,
113 (PWSTR
)ObjectTypeName
);
114 RtlInitUnicodeString(&ObjectNameU
,
117 Status
= NtAccessCheckAndAuditAlarm(&SubsystemNameU
,
129 *pfGenerateOnClose
= (BOOL
)GenerateOnClose
;
131 if (!NT_SUCCESS(Status
))
133 SetLastError(RtlNtStatusToDosError(Status
));
137 if (!NT_SUCCESS(LocalAccessStatus
))
139 *AccessStatus
= FALSE
;
140 SetLastError(RtlNtStatusToDosError(Status
));
144 *AccessStatus
= TRUE
;
154 ObjectCloseAuditAlarmA(LPCSTR SubsystemName
,
156 BOOL GenerateOnClose
)
161 Status
= RtlCreateUnicodeStringFromAsciiz(&Name
,
162 (PCHAR
)SubsystemName
);
163 if (!NT_SUCCESS(Status
))
165 SetLastError(RtlNtStatusToDosError(Status
));
169 Status
= NtCloseObjectAuditAlarm(&Name
,
172 RtlFreeUnicodeString(&Name
);
173 if (!NT_SUCCESS (Status
))
175 SetLastError(RtlNtStatusToDosError(Status
));
187 ObjectCloseAuditAlarmW(LPCWSTR SubsystemName
,
189 BOOL GenerateOnClose
)
194 RtlInitUnicodeString(&Name
,
195 (PWSTR
)SubsystemName
);
197 Status
= NtCloseObjectAuditAlarm(&Name
,
200 if (!NT_SUCCESS(Status
))
202 SetLastError(RtlNtStatusToDosError(Status
));
214 ObjectDeleteAuditAlarmA(LPCSTR SubsystemName
,
216 BOOL GenerateOnClose
)
221 Status
= RtlCreateUnicodeStringFromAsciiz(&Name
,
222 (PCHAR
)SubsystemName
);
223 if (!NT_SUCCESS(Status
))
225 SetLastError(RtlNtStatusToDosError(Status
));
229 Status
= NtDeleteObjectAuditAlarm(&Name
,
232 RtlFreeUnicodeString(&Name
);
233 if (!NT_SUCCESS(Status
))
235 SetLastError(RtlNtStatusToDosError(Status
));
247 ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName
,
249 BOOL GenerateOnClose
)
254 RtlInitUnicodeString(&Name
,
255 (PWSTR
)SubsystemName
);
257 Status
= NtDeleteObjectAuditAlarm(&Name
,
260 if (!NT_SUCCESS(Status
))
262 SetLastError(RtlNtStatusToDosError(Status
));
274 ObjectOpenAuditAlarmA(LPCSTR SubsystemName
,
276 LPSTR ObjectTypeName
,
278 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
282 PPRIVILEGE_SET Privileges
,
285 LPBOOL GenerateOnClose
)
287 UNICODE_STRING SubsystemNameU
;
288 UNICODE_STRING ObjectTypeNameU
;
289 UNICODE_STRING ObjectNameU
;
292 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
293 (PCHAR
)SubsystemName
);
294 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU
,
295 (PCHAR
)ObjectTypeName
);
296 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU
,
299 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
310 (PBOOLEAN
)GenerateOnClose
);
311 RtlFreeUnicodeString(&SubsystemNameU
);
312 RtlFreeUnicodeString(&ObjectTypeNameU
);
313 RtlFreeUnicodeString(&ObjectNameU
);
314 if (!NT_SUCCESS(Status
))
316 SetLastError(RtlNtStatusToDosError(Status
));
328 ObjectOpenAuditAlarmW(LPCWSTR SubsystemName
,
330 LPWSTR ObjectTypeName
,
332 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
336 PPRIVILEGE_SET Privileges
,
339 LPBOOL GenerateOnClose
)
341 UNICODE_STRING SubsystemNameU
;
342 UNICODE_STRING ObjectTypeNameU
;
343 UNICODE_STRING ObjectNameU
;
346 RtlInitUnicodeString(&SubsystemNameU
,
347 (PWSTR
)SubsystemName
);
348 RtlInitUnicodeString(&ObjectTypeNameU
,
349 (PWSTR
)ObjectTypeName
);
350 RtlInitUnicodeString(&ObjectNameU
,
353 Status
= NtOpenObjectAuditAlarm(&SubsystemNameU
,
364 (PBOOLEAN
)GenerateOnClose
);
365 if (!NT_SUCCESS(Status
))
367 SetLastError(RtlNtStatusToDosError(Status
));
379 ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName
,
383 PPRIVILEGE_SET Privileges
,
386 UNICODE_STRING SubsystemNameU
;
389 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
390 (PCHAR
)SubsystemName
);
392 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
398 RtlFreeUnicodeString (&SubsystemNameU
);
399 if (!NT_SUCCESS(Status
))
401 SetLastError(RtlNtStatusToDosError(Status
));
413 ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName
,
417 PPRIVILEGE_SET Privileges
,
420 UNICODE_STRING SubsystemNameU
;
423 RtlInitUnicodeString(&SubsystemNameU
,
424 (PWSTR
)SubsystemName
);
426 Status
= NtPrivilegeObjectAuditAlarm(&SubsystemNameU
,
432 if (!NT_SUCCESS(Status
))
434 SetLastError(RtlNtStatusToDosError(Status
));
446 PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName
,
449 PPRIVILEGE_SET Privileges
,
452 UNICODE_STRING SubsystemNameU
;
453 UNICODE_STRING ServiceNameU
;
456 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU
,
457 (PCHAR
)SubsystemName
);
458 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU
,
461 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
466 RtlFreeUnicodeString(&SubsystemNameU
);
467 RtlFreeUnicodeString(&ServiceNameU
);
468 if (!NT_SUCCESS(Status
))
470 SetLastError(RtlNtStatusToDosError(Status
));
482 PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName
,
485 PPRIVILEGE_SET Privileges
,
488 UNICODE_STRING SubsystemNameU
;
489 UNICODE_STRING ServiceNameU
;
492 RtlInitUnicodeString(&SubsystemNameU
,
493 (PWSTR
)SubsystemName
);
494 RtlInitUnicodeString(&ServiceNameU
,
497 Status
= NtPrivilegedServiceAuditAlarm(&SubsystemNameU
,
502 if (!NT_SUCCESS(Status
))
504 SetLastError(RtlNtStatusToDosError(Status
));
516 AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName
,
518 IN HANDLE ClientToken
,
519 IN LPCWSTR ObjectTypeName
,
520 IN LPCWSTR ObjectName
,
521 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
522 IN PSID PrincipalSelfSid
,
523 IN DWORD DesiredAccess
,
524 IN AUDIT_EVENT_TYPE AuditType
,
526 IN POBJECT_TYPE_LIST ObjectTypeList
,
527 IN DWORD ObjectTypeListLength
,
528 IN PGENERIC_MAPPING GenericMapping
,
529 IN BOOL ObjectCreation
,
530 OUT LPDWORD GrantedAccess
,
531 OUT LPDWORD AccessStatusList
,
532 OUT LPBOOL pfGenerateOnClose
)
534 FIXME("%s() not implemented!\n", __FUNCTION__
);
535 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
544 AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName
,
546 IN HANDLE ClientToken
,
547 IN LPCSTR ObjectTypeName
,
548 IN LPCSTR ObjectName
,
549 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
550 IN PSID PrincipalSelfSid
,
551 IN DWORD DesiredAccess
,
552 IN AUDIT_EVENT_TYPE AuditType
,
554 IN POBJECT_TYPE_LIST ObjectTypeList
,
555 IN DWORD ObjectTypeListLength
,
556 IN PGENERIC_MAPPING GenericMapping
,
557 IN BOOL ObjectCreation
,
558 OUT LPDWORD GrantedAccess
,
559 OUT LPDWORD AccessStatusList
,
560 OUT LPBOOL pfGenerateOnClose
)
562 FIXME("%s() not implemented!\n", __FUNCTION__
);
563 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
572 AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName
,
574 IN LPCWSTR ObjectTypeName
,
575 IN LPCWSTR ObjectName
,
576 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
577 IN PSID PrincipalSelfSid
,
578 IN DWORD DesiredAccess
,
579 IN AUDIT_EVENT_TYPE AuditType
,
581 IN POBJECT_TYPE_LIST ObjectTypeList
,
582 IN DWORD ObjectTypeListLength
,
583 IN PGENERIC_MAPPING GenericMapping
,
584 IN BOOL ObjectCreation
,
585 OUT LPDWORD GrantedAccess
,
586 OUT LPDWORD AccessStatusList
,
587 OUT LPBOOL pfGenerateOnClose
)
589 FIXME("%s() not implemented!\n", __FUNCTION__
);
590 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
599 AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName
,
601 IN LPCSTR ObjectTypeName
,
602 IN LPCSTR ObjectName
,
603 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
604 IN PSID PrincipalSelfSid
,
605 IN DWORD DesiredAccess
,
606 IN AUDIT_EVENT_TYPE AuditType
,
608 IN POBJECT_TYPE_LIST ObjectTypeList
,
609 IN DWORD ObjectTypeListLength
,
610 IN PGENERIC_MAPPING GenericMapping
,
611 IN BOOL ObjectCreation
,
612 OUT LPDWORD GrantedAccess
,
613 OUT LPDWORD AccessStatusList
,
614 OUT LPBOOL pfGenerateOnClose
)
616 FIXME("%s() not implemented!\n", __FUNCTION__
);
617 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
626 AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName
,
628 IN LPCWSTR ObjectTypeName
,
629 IN LPCWSTR ObjectName
,
630 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
631 IN PSID PrincipalSelfSid
,
632 IN DWORD DesiredAccess
,
633 IN AUDIT_EVENT_TYPE AuditType
,
635 IN POBJECT_TYPE_LIST ObjectTypeList
,
636 IN DWORD ObjectTypeListLength
,
637 IN PGENERIC_MAPPING GenericMapping
,
638 IN BOOL ObjectCreation
,
639 OUT LPDWORD GrantedAccess
,
640 OUT LPBOOL AccessStatus
,
641 OUT LPBOOL pfGenerateOnClose
)
643 FIXME("%s() not implemented!\n", __FUNCTION__
);
644 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
653 AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName
,
655 IN LPCSTR ObjectTypeName
,
656 IN LPCSTR ObjectName
,
657 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
658 IN PSID PrincipalSelfSid
,
659 IN DWORD DesiredAccess
,
660 IN AUDIT_EVENT_TYPE AuditType
,
662 IN POBJECT_TYPE_LIST ObjectTypeList
,
663 IN DWORD ObjectTypeListLength
,
664 IN PGENERIC_MAPPING GenericMapping
,
665 IN BOOL ObjectCreation
,
666 OUT LPDWORD GrantedAccess
,
667 OUT LPBOOL AccessStatus
,
668 OUT LPBOOL pfGenerateOnClose
)
670 FIXME("%s() not implemented!\n", __FUNCTION__
);
671 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);