ReactOS 0.4.15-dev-7958-gcd0bb1a
Functions
audit.c File Reference
#include <advapi32.h>
Include dependency graph for audit.c:

Go to the source code of this file.

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
BOOL WINAPI AccessCheckAndAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckAndAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
 
BOOL WINAPI ObjectCloseAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectCloseAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectDeleteAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectDeleteAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
 
BOOL WINAPI ObjectOpenAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
 
BOOL WINAPI ObjectOpenAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
 
BOOL WINAPI ObjectPrivilegeAuditAlarmA (LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI ObjectPrivilegeAuditAlarmW (LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI PrivilegedServiceAuditAlarmA (LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI PrivilegedServiceAuditAlarmW (LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeAndAuditAlarmW (IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
 
BOOL WINAPI AccessCheckByTypeAndAuditAlarmA (IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
 

Function Documentation

◆ AccessCheckAndAuditAlarmA()

BOOL WINAPI AccessCheckAndAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
LPSTR  ObjectTypeName,
LPSTR  ObjectName,
PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  DesiredAccess,
PGENERIC_MAPPING  GenericMapping,
BOOL  ObjectCreation,
LPDWORD  GrantedAccess,
LPBOOL  AccessStatus,
LPBOOL  pfGenerateOnClose 
)

Definition at line 22 of file audit.c.

33{
34 UNICODE_STRING SubsystemNameU;
35 UNICODE_STRING ObjectTypeNameU;
36 UNICODE_STRING ObjectNameU;
37 NTSTATUS LocalAccessStatus;
38 BOOLEAN GenerateOnClose;
39 NTSTATUS Status;
40
41 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
42 (PCHAR)SubsystemName);
43 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
44 (PCHAR)ObjectTypeName);
45 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
46 (PCHAR)ObjectName);
47
48 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
49 HandleId,
50 &ObjectTypeNameU,
51 &ObjectNameU,
52 SecurityDescriptor,
53 DesiredAccess,
54 GenericMapping,
55 ObjectCreation,
56 GrantedAccess,
57 &LocalAccessStatus,
58 &GenerateOnClose);
59 RtlFreeUnicodeString(&SubsystemNameU);
60 RtlFreeUnicodeString(&ObjectTypeNameU);
61 RtlFreeUnicodeString(&ObjectNameU);
62
63 *pfGenerateOnClose = (BOOL)GenerateOnClose;
64
65 if (!NT_SUCCESS(Status))
66 {
67 SetLastError(RtlNtStatusToDosError(Status));
68 return FALSE;
69 }
70
71 if (!NT_SUCCESS (LocalAccessStatus))
72 {
73 *AccessStatus = FALSE;
74 SetLastError(RtlNtStatusToDosError(Status));
75 return FALSE;
76 }
77
78 *AccessStatus = TRUE;
79
80 return TRUE;
81}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SetLastError
#define SetLastError(x)
Definition: compat.h:752
Status
Status
Definition: gdiplustypes.h:25
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
BOOL
#define BOOL
Definition: nt_native.h:43
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2125
_UNICODE_STRING
Definition: env_spec_w32.h:368
PCHAR
char * PCHAR
Definition: typedefs.h:51
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

◆ AccessCheckAndAuditAlarmW()

BOOL WINAPI AccessCheckAndAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
LPWSTR  ObjectTypeName,
LPWSTR  ObjectName,
PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  DesiredAccess,
PGENERIC_MAPPING  GenericMapping,
BOOL  ObjectCreation,
LPDWORD  GrantedAccess,
LPBOOL  AccessStatus,
LPBOOL  pfGenerateOnClose 
)

Definition at line 88 of file audit.c.

99{
100 UNICODE_STRING SubsystemNameU;
101 UNICODE_STRING ObjectTypeNameU;
102 UNICODE_STRING ObjectNameU;
103 NTSTATUS LocalAccessStatus;
104 BOOLEAN GenerateOnClose;
105 NTSTATUS Status;
106
107 RtlInitUnicodeString(&SubsystemNameU,
108 (PWSTR)SubsystemName);
109 RtlInitUnicodeString(&ObjectTypeNameU,
110 (PWSTR)ObjectTypeName);
111 RtlInitUnicodeString(&ObjectNameU,
112 (PWSTR)ObjectName);
113
114 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
115 HandleId,
116 &ObjectTypeNameU,
117 &ObjectNameU,
118 SecurityDescriptor,
119 DesiredAccess,
120 GenericMapping,
121 ObjectCreation,
122 GrantedAccess,
123 &LocalAccessStatus,
124 &GenerateOnClose);
125
126 *pfGenerateOnClose = (BOOL)GenerateOnClose;
127
128 if (!NT_SUCCESS(Status))
129 {
130 SetLastError(RtlNtStatusToDosError(Status));
131 return FALSE;
132 }
133
134 if (!NT_SUCCESS(LocalAccessStatus))
135 {
136 *AccessStatus = FALSE;
137 SetLastError(RtlNtStatusToDosError(Status));
138 return FALSE;
139 }
140
141 *AccessStatus = TRUE;
142
143 return TRUE;
144}
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56

◆ AccessCheckByTypeAndAuditAlarmA()

BOOL WINAPI AccessCheckByTypeAndAuditAlarmA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 646 of file audit.c.

662{
663 FIXME("%s() not implemented!\n", __FUNCTION__);
664 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
665 return FALSE;
666}
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116

◆ AccessCheckByTypeAndAuditAlarmW()

BOOL WINAPI AccessCheckByTypeAndAuditAlarmW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 619 of file audit.c.

635{
636 FIXME("%s() not implemented!\n", __FUNCTION__);
637 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
638 return FALSE;
639}

◆ AccessCheckByTypeResultListAndAuditAlarmA()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 592 of file audit.c.

608{
609 FIXME("%s() not implemented!\n", __FUNCTION__);
610 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
611 return FALSE;
612}

◆ AccessCheckByTypeResultListAndAuditAlarmByHandleA()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA ( IN LPCSTR  SubsystemName,
IN LPVOID  HandleId,
IN HANDLE  ClientToken,
IN LPCSTR  ObjectTypeName,
IN LPCSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 537 of file audit.c.

554{
555 FIXME("%s() not implemented!\n", __FUNCTION__);
556 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
557 return FALSE;
558}

◆ AccessCheckByTypeResultListAndAuditAlarmByHandleW()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN HANDLE  ClientToken,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 509 of file audit.c.

526{
527 FIXME("%s() not implemented!\n", __FUNCTION__);
528 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
529 return FALSE;
530}

◆ AccessCheckByTypeResultListAndAuditAlarmW()

BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW ( IN LPCWSTR  SubsystemName,
IN LPVOID  HandleId,
IN LPCWSTR  ObjectTypeName,
IN LPCWSTR  ObjectName,
IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN DWORD  DesiredAccess,
IN AUDIT_EVENT_TYPE  AuditType,
IN DWORD  Flags,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN DWORD  ObjectTypeListLength,
IN PGENERIC_MAPPING  GenericMapping,
IN BOOL  ObjectCreation,
OUT LPDWORD  GrantedAccess,
OUT LPDWORD  AccessStatusList,
OUT LPBOOL  pfGenerateOnClose 
)

Definition at line 565 of file audit.c.

581{
582 FIXME("%s() not implemented!\n", __FUNCTION__);
583 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
584 return FALSE;
585}

◆ ObjectCloseAuditAlarmA()

BOOL WINAPI ObjectCloseAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 151 of file audit.c.

154{
155 UNICODE_STRING Name;
156 NTSTATUS Status;
157
158 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
159 {
160 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
161 return FALSE;
162 }
163
164 Status = NtCloseObjectAuditAlarm(&Name,
165 HandleId,
166 GenerateOnClose);
167 RtlFreeUnicodeString(&Name);
168 if (!NT_SUCCESS (Status))
169 {
170 SetLastError(RtlNtStatusToDosError(Status));
171 return FALSE;
172 }
173
174 return TRUE;
175}
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
NtCloseObjectAuditAlarm
NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be closed.
Definition: audit.c:1358
NameRec_
Definition: apinames.c:49

◆ ObjectCloseAuditAlarmW()

BOOL WINAPI ObjectCloseAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 182 of file audit.c.

185{
186 UNICODE_STRING Name;
187 NTSTATUS Status;
188
189 RtlInitUnicodeString(&Name,
190 (PWSTR)SubsystemName);
191
192 Status = NtCloseObjectAuditAlarm(&Name,
193 HandleId,
194 GenerateOnClose);
195 if (!NT_SUCCESS(Status))
196 {
197 SetLastError(RtlNtStatusToDosError(Status));
198 return FALSE;
199 }
200
201 return TRUE;
202}

◆ ObjectDeleteAuditAlarmA()

BOOL WINAPI ObjectDeleteAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 209 of file audit.c.

212{
213 UNICODE_STRING Name;
214 NTSTATUS Status;
215
216 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
217 {
218 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
219 return FALSE;
220 }
221
222 Status = NtDeleteObjectAuditAlarm(&Name,
223 HandleId,
224 GenerateOnClose);
225 RtlFreeUnicodeString(&Name);
226 if (!NT_SUCCESS(Status))
227 {
228 SetLastError(RtlNtStatusToDosError(Status));
229 return FALSE;
230 }
231
232 return TRUE;
233}
NtDeleteObjectAuditAlarm
NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be deleted.
Definition: audit.c:1475

◆ ObjectDeleteAuditAlarmW()

BOOL WINAPI ObjectDeleteAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
BOOL  GenerateOnClose 
)

Definition at line 240 of file audit.c.

243{
244 UNICODE_STRING Name;
245 NTSTATUS Status;
246
247 RtlInitUnicodeString(&Name,
248 (PWSTR)SubsystemName);
249
250 Status = NtDeleteObjectAuditAlarm(&Name,
251 HandleId,
252 GenerateOnClose);
253 if (!NT_SUCCESS(Status))
254 {
255 SetLastError(RtlNtStatusToDosError(Status));
256 return FALSE;
257 }
258
259 return TRUE;
260}

◆ ObjectOpenAuditAlarmA()

BOOL WINAPI ObjectOpenAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
LPSTR  ObjectTypeName,
LPSTR  ObjectName,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
HANDLE  ClientToken,
DWORD  DesiredAccess,
DWORD  GrantedAccess,
PPRIVILEGE_SET  Privileges,
BOOL  ObjectCreation,
BOOL  AccessGranted,
LPBOOL  GenerateOnClose 
)

Definition at line 267 of file audit.c.

279{
280 UNICODE_STRING SubsystemNameU;
281 UNICODE_STRING ObjectTypeNameU;
282 UNICODE_STRING ObjectNameU;
283 NTSTATUS Status;
284
285 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
286 (PCHAR)SubsystemName);
287 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
288 (PCHAR)ObjectTypeName);
289 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
290 (PCHAR)ObjectName);
291
292 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
293 HandleId,
294 &ObjectTypeNameU,
295 &ObjectNameU,
296 pSecurityDescriptor,
297 ClientToken,
298 DesiredAccess,
299 GrantedAccess,
300 Privileges,
301 ObjectCreation,
302 AccessGranted,
303 (PBOOLEAN)GenerateOnClose);
304 RtlFreeUnicodeString(&SubsystemNameU);
305 RtlFreeUnicodeString(&ObjectTypeNameU);
306 RtlFreeUnicodeString(&ObjectNameU);
307 if (!NT_SUCCESS(Status))
308 {
309 SetLastError(RtlNtStatusToDosError(Status));
310 return FALSE;
311 }
312
313 return TRUE;
314}
NtOpenObjectAuditAlarm
__kernel_entry NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1622
PBOOLEAN
unsigned char * PBOOLEAN
Definition: typedefs.h:53
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419

◆ ObjectOpenAuditAlarmW()

BOOL WINAPI ObjectOpenAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
LPWSTR  ObjectTypeName,
LPWSTR  ObjectName,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
HANDLE  ClientToken,
DWORD  DesiredAccess,
DWORD  GrantedAccess,
PPRIVILEGE_SET  Privileges,
BOOL  ObjectCreation,
BOOL  AccessGranted,
LPBOOL  GenerateOnClose 
)

Definition at line 321 of file audit.c.

333{
334 UNICODE_STRING SubsystemNameU;
335 UNICODE_STRING ObjectTypeNameU;
336 UNICODE_STRING ObjectNameU;
337 NTSTATUS Status;
338
339 RtlInitUnicodeString(&SubsystemNameU,
340 (PWSTR)SubsystemName);
341 RtlInitUnicodeString(&ObjectTypeNameU,
342 (PWSTR)ObjectTypeName);
343 RtlInitUnicodeString(&ObjectNameU,
344 (PWSTR)ObjectName);
345
346 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
347 HandleId,
348 &ObjectTypeNameU,
349 &ObjectNameU,
350 pSecurityDescriptor,
351 ClientToken,
352 DesiredAccess,
353 GrantedAccess,
354 Privileges,
355 ObjectCreation,
356 AccessGranted,
357 (PBOOLEAN)GenerateOnClose);
358 if (!NT_SUCCESS(Status))
359 {
360 SetLastError(RtlNtStatusToDosError(Status));
361 return FALSE;
362 }
363
364 return TRUE;
365}

◆ ObjectPrivilegeAuditAlarmA()

BOOL WINAPI ObjectPrivilegeAuditAlarmA ( LPCSTR  SubsystemName,
LPVOID  HandleId,
HANDLE  ClientToken,
DWORD  DesiredAccess,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 372 of file audit.c.

378{
379 UNICODE_STRING SubsystemNameU;
380 NTSTATUS Status;
381
382 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
383 (PCHAR)SubsystemName);
384
385 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
386 HandleId,
387 ClientToken,
388 DesiredAccess,
389 Privileges,
390 AccessGranted);
391 RtlFreeUnicodeString (&SubsystemNameU);
392 if (!NT_SUCCESS(Status))
393 {
394 SetLastError(RtlNtStatusToDosError(Status));
395 return FALSE;
396 }
397
398 return TRUE;
399}
NtPrivilegeObjectAuditAlarm
NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to access a privileged object.
Definition: audit.c:2066

◆ ObjectPrivilegeAuditAlarmW()

BOOL WINAPI ObjectPrivilegeAuditAlarmW ( LPCWSTR  SubsystemName,
LPVOID  HandleId,
HANDLE  ClientToken,
DWORD  DesiredAccess,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 406 of file audit.c.

412{
413 UNICODE_STRING SubsystemNameU;
414 NTSTATUS Status;
415
416 RtlInitUnicodeString(&SubsystemNameU,
417 (PWSTR)SubsystemName);
418
419 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
420 HandleId,
421 ClientToken,
422 DesiredAccess,
423 Privileges,
424 AccessGranted);
425 if (!NT_SUCCESS(Status))
426 {
427 SetLastError(RtlNtStatusToDosError(Status));
428 return FALSE;
429 }
430
431 return TRUE;
432}

◆ PrivilegedServiceAuditAlarmA()

BOOL WINAPI PrivilegedServiceAuditAlarmA ( LPCSTR  SubsystemName,
LPCSTR  ServiceName,
HANDLE  ClientToken,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 439 of file audit.c.

444{
445 UNICODE_STRING SubsystemNameU;
446 UNICODE_STRING ServiceNameU;
447 NTSTATUS Status;
448
449 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
450 (PCHAR)SubsystemName);
451 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU,
452 (PCHAR)ServiceName);
453
454 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
455 &ServiceNameU,
456 ClientToken,
457 Privileges,
458 AccessGranted);
459 RtlFreeUnicodeString(&SubsystemNameU);
460 RtlFreeUnicodeString(&ServiceNameU);
461 if (!NT_SUCCESS(Status))
462 {
463 SetLastError(RtlNtStatusToDosError(Status));
464 return FALSE;
465 }
466
467 return TRUE;
468}
ServiceName
static WCHAR ServiceName[]
Definition: browser.c:19
NtPrivilegedServiceAuditAlarm
__kernel_entry NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientTokenHandle, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to request a privileged service call.
Definition: audit.c:1883

◆ PrivilegedServiceAuditAlarmW()

BOOL WINAPI PrivilegedServiceAuditAlarmW ( LPCWSTR  SubsystemName,
LPCWSTR  ServiceName,
HANDLE  ClientToken,
PPRIVILEGE_SET  Privileges,
BOOL  AccessGranted 
)

Definition at line 475 of file audit.c.

480{
481 UNICODE_STRING SubsystemNameU;
482 UNICODE_STRING ServiceNameU;
483 NTSTATUS Status;
484
485 RtlInitUnicodeString(&SubsystemNameU,
486 (PWSTR)SubsystemName);
487 RtlInitUnicodeString(&ServiceNameU,
488 (PWSTR)ServiceName);
489
490 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
491 &ServiceNameU,
492 ClientToken,
493 Privileges,
494 AccessGranted);
495 if (!NT_SUCCESS(Status))
496 {
497 SetLastError(RtlNtStatusToDosError(Status));
498 return FALSE;
499 }
500
501 return TRUE;
502}

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( advapi  )