ReactOS 0.4.16-dev-329-g9223134
audit.c File Reference
#include <advapi32.h>
Include dependency graph for audit.c:

Go to the source code of this file.

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
BOOL WINAPI AccessCheckAndAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckAndAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
 
BOOL WINAPI ObjectCloseAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectCloseAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectDeleteAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectDeleteAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectOpenAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
 
BOOL WINAPI ObjectOpenAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
 
BOOL WINAPI ObjectPrivilegeAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI ObjectPrivilegeAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI PrivilegedServiceAuditAlarmA (LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI PrivilegedServiceAuditAlarmW (LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeAndAuditAlarmW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeAndAuditAlarmA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
 

Function Documentation

◆ AccessCheckAndAuditAlarmA()

BOOL WINAPI AccessCheckAndAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
LPSTR  ObjectTypeName,
LPSTR  ObjectName,
PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  DesiredAccess,
PGENERIC_MAPPING  GenericMapping,
BOOL  ObjectCreation,
LPDWORD  GrantedAccess,
LPBOOL  AccessStatus,
LPBOOL  pfGenerateOnClose 
)

Definition at line 22 of file audit.c.

33{
34 UNICODE_STRING SubsystemNameU;
35 UNICODE_STRING ObjectTypeNameU;
36 UNICODE_STRING ObjectNameU;
37 NTSTATUS LocalAccessStatus;
40
42 (PCHAR)SubsystemName);
43 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
47
48 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
49 HandleId,
50 &ObjectTypeNameU,
51 &ObjectNameU,
55 ObjectCreation,
57 &LocalAccessStatus,
59 RtlFreeUnicodeString(&SubsystemNameU);
60 RtlFreeUnicodeString(&ObjectTypeNameU);
61 RtlFreeUnicodeString(&ObjectNameU);
62
63 *pfGenerateOnClose = (BOOL)GenerateOnClose;
64
65 if (!NT_SUCCESS(Status))
66 {
68 return FALSE;
69 }
70
71 if (!NT_SUCCESS (LocalAccessStatus))
72 {
75 return FALSE;
76 }
77
79
80 return TRUE;
81}
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LONG NTSTATUS
Definition: precomp.h:26
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define SetLastError(x)
Definition: compat.h:752
Status
Definition: gdiplustypes.h:25
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
#define BOOL
Definition: nt_native.h:43
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2125
char * PCHAR
Definition: typedefs.h:51
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

◆ AccessCheckAndAuditAlarmW()

BOOL WINAPI AccessCheckAndAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
LPWSTR  ObjectTypeName,
LPWSTR  ObjectName,
PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  DesiredAccess,
PGENERIC_MAPPING  GenericMapping,
BOOL  ObjectCreation,
LPDWORD  GrantedAccess,
LPBOOL  AccessStatus,
LPBOOL  pfGenerateOnClose 
)

Definition at line 88 of file audit.c.

99{
100 UNICODE_STRING SubsystemNameU;
101 UNICODE_STRING ObjectTypeNameU;
102 UNICODE_STRING ObjectNameU;
103 NTSTATUS LocalAccessStatus;
106
107 RtlInitUnicodeString(&SubsystemNameU,
108 (PWSTR)SubsystemName);
109 RtlInitUnicodeString(&ObjectTypeNameU,
111 RtlInitUnicodeString(&ObjectNameU,
113
114 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
115 HandleId,
116 &ObjectTypeNameU,
117 &ObjectNameU,
121 ObjectCreation,
123 &LocalAccessStatus,
125
126 *pfGenerateOnClose = (BOOL)GenerateOnClose;
127
128 if (!NT_SUCCESS(Status))
129 {
131 return FALSE;
132 }
133
134 if (!NT_SUCCESS(LocalAccessStatus))
135 {
138 return FALSE;
139 }
140
142
143 return TRUE;
144}
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
uint16_t * PWSTR
Definition: typedefs.h:56

◆ AccessCheckByTypeAndAuditAlarmA()

BOOL WINAPI AccessCheckByTypeAndAuditAlarmA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 646 of file audit.c.

662{
663 FIXME("%s() not implemented!\n", __FUNCTION__);
665 return FALSE;
666}
#define FIXME(fmt,...)
Definition: precomp.h:53
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define __FUNCTION__
Definition: types.h:116

◆ AccessCheckByTypeAndAuditAlarmW()

BOOL WINAPI AccessCheckByTypeAndAuditAlarmW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 619 of file audit.c.

635{
636 FIXME("%s() not implemented!\n", __FUNCTION__);
638 return FALSE;
639}

◆ AccessCheckByTypeResultListAndAuditAlarmA()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 592 of file audit.c.

608{
609 FIXME("%s() not implemented!\n", __FUNCTION__);
611 return FALSE;
612}

◆ AccessCheckByTypeResultListAndAuditAlarmByHandleA()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN HANDLE  ClientToken,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 537 of file audit.c.

554{
555 FIXME("%s() not implemented!\n", __FUNCTION__);
557 return FALSE;
558}

◆ AccessCheckByTypeResultListAndAuditAlarmByHandleW()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN HANDLE  ClientToken,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 509 of file audit.c.

526{
527 FIXME("%s() not implemented!\n", __FUNCTION__);
529 return FALSE;
530}

◆ AccessCheckByTypeResultListAndAuditAlarmW()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 565 of file audit.c.

581{
582 FIXME("%s() not implemented!\n", __FUNCTION__);
584 return FALSE;
585}

◆ ObjectCloseAuditAlarmA()

BOOL WINAPI ObjectCloseAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 151 of file audit.c.

154{
157
158 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
159 {
161 return FALSE;
162 }
163
165 HandleId,
168 if (!NT_SUCCESS (Status))
169 {
171 return FALSE;
172 }
173
174 return TRUE;
175}
struct NameRec_ * Name
Definition: cdprocs.h:460
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be closed.
Definition: audit.c:1358

◆ ObjectCloseAuditAlarmW()

BOOL WINAPI ObjectCloseAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 182 of file audit.c.

185{
188
190 (PWSTR)SubsystemName);
191
193 HandleId,
195 if (!NT_SUCCESS(Status))
196 {
198 return FALSE;
199 }
200
201 return TRUE;
202}

◆ ObjectDeleteAuditAlarmA()

BOOL WINAPI ObjectDeleteAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 209 of file audit.c.

212{
215
216 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
217 {
219 return FALSE;
220 }
221
223 HandleId,
226 if (!NT_SUCCESS(Status))
227 {
229 return FALSE;
230 }
231
232 return TRUE;
233}
NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be deleted.
Definition: audit.c:1475

◆ ObjectDeleteAuditAlarmW()

BOOL WINAPI ObjectDeleteAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 240 of file audit.c.

243{
246
248 (PWSTR)SubsystemName);
249
251 HandleId,
253 if (!NT_SUCCESS(Status))
254 {
256 return FALSE;
257 }
258
259 return TRUE;
260}

◆ ObjectOpenAuditAlarmA()

BOOL WINAPI ObjectOpenAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
LPSTR  ObjectTypeName,
LPSTR  ObjectName,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
HANDLE  ClientToken,
DWORD  DesiredAccess,
DWORD  GrantedAccess,
PPRIVILEGE_SET  Privileges,
BOOL  ObjectCreation,
BOOL  AccessGranted,
LPBOOL  GenerateOnClose 
)

Definition at line 267 of file audit.c.

279{
280 UNICODE_STRING SubsystemNameU;
281 UNICODE_STRING ObjectTypeNameU;
282 UNICODE_STRING ObjectNameU;
284
285 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
286 (PCHAR)SubsystemName);
287 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
291
292 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
293 HandleId,
294 &ObjectTypeNameU,
295 &ObjectNameU,
296 pSecurityDescriptor,
297 ClientToken,
301 ObjectCreation,
304 RtlFreeUnicodeString(&SubsystemNameU);
305 RtlFreeUnicodeString(&ObjectTypeNameU);
306 RtlFreeUnicodeString(&ObjectNameU);
307 if (!NT_SUCCESS(Status))
308 {
310 return FALSE;
311 }
312
313 return TRUE;
314}
__kernel_entry NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1622
unsigned char * PBOOLEAN
Definition: typedefs.h:53
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419

◆ ObjectOpenAuditAlarmW()

BOOL WINAPI ObjectOpenAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
LPWSTR  ObjectTypeName,
LPWSTR  ObjectName,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
HANDLE  ClientToken,
DWORD  DesiredAccess,
DWORD  GrantedAccess,
PPRIVILEGE_SET  Privileges,
BOOL  ObjectCreation,
BOOL  AccessGranted,
LPBOOL  GenerateOnClose 
)

Definition at line 321 of file audit.c.

333{
334 UNICODE_STRING SubsystemNameU;
335 UNICODE_STRING ObjectTypeNameU;
336 UNICODE_STRING ObjectNameU;
338
339 RtlInitUnicodeString(&SubsystemNameU,
340 (PWSTR)SubsystemName);
341 RtlInitUnicodeString(&ObjectTypeNameU,
343 RtlInitUnicodeString(&ObjectNameU,
345
346 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
347 HandleId,
348 &ObjectTypeNameU,
349 &ObjectNameU,
350 pSecurityDescriptor,
351 ClientToken,
355 ObjectCreation,
358 if (!NT_SUCCESS(Status))
359 {
361 return FALSE;
362 }
363
364 return TRUE;
365}

◆ ObjectPrivilegeAuditAlarmA()

BOOL WINAPI ObjectPrivilegeAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
HANDLE  ClientToken,
DWORD  DesiredAccess,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 372 of file audit.c.

378{
379 UNICODE_STRING SubsystemNameU;
381
382 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
383 (PCHAR)SubsystemName);
384
385 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
386 HandleId,
387 ClientToken,
391 RtlFreeUnicodeString (&SubsystemNameU);
392 if (!NT_SUCCESS(Status))
393 {
395 return FALSE;
396 }
397
398 return TRUE;
399}
NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to access a privileged object.
Definition: audit.c:2066

◆ ObjectPrivilegeAuditAlarmW()

BOOL WINAPI ObjectPrivilegeAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
HANDLE  ClientToken,
DWORD  DesiredAccess,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 406 of file audit.c.

412{
413 UNICODE_STRING SubsystemNameU;
415
416 RtlInitUnicodeString(&SubsystemNameU,
417 (PWSTR)SubsystemName);
418
419 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
420 HandleId,
421 ClientToken,
425 if (!NT_SUCCESS(Status))
426 {
428 return FALSE;
429 }
430
431 return TRUE;
432}

◆ PrivilegedServiceAuditAlarmA()

BOOL WINAPI PrivilegedServiceAuditAlarmA ( LPCSTR  SubsystemName,
LPCSTR  ServiceName,
HANDLE  ClientToken,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 439 of file audit.c.

444{
445 UNICODE_STRING SubsystemNameU;
446 UNICODE_STRING ServiceNameU;
448
449 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
450 (PCHAR)SubsystemName);
453
454 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
455 &ServiceNameU,
456 ClientToken,
459 RtlFreeUnicodeString(&SubsystemNameU);
460 RtlFreeUnicodeString(&ServiceNameU);
461 if (!NT_SUCCESS(Status))
462 {
464 return FALSE;
465 }
466
467 return TRUE;
468}
static WCHAR ServiceName[]
Definition: browser.c:19
__kernel_entry NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientTokenHandle, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to request a privileged service call.
Definition: audit.c:1883

◆ PrivilegedServiceAuditAlarmW()

BOOL WINAPI PrivilegedServiceAuditAlarmW ( LPCWSTR  SubsystemName,
LPCWSTR  ServiceName,
HANDLE  ClientToken,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 475 of file audit.c.

480{
481 UNICODE_STRING SubsystemNameU;
482 UNICODE_STRING ServiceNameU;
484
485 RtlInitUnicodeString(&SubsystemNameU,
486 (PWSTR)SubsystemName);
487 RtlInitUnicodeString(&ServiceNameU,
489
490 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
491 &ServiceNameU,
492 ClientToken,
495 if (!NT_SUCCESS(Status))
496 {
498 return FALSE;
499 }
500
501 return TRUE;
502}

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( advapi  )