ReactOS  0.4.15-dev-4616-g17e0e44
audit.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS system libraries
4  * FILE: lib/advapi32/sec/audit.c
5  * PURPOSE: Audit functions
6  * PROGRAMMER: Eric Kohl
7  * UPDATE HISTORY:
8  * Created 07/19/2003
9  */
10 
11 /* INCLUDES *****************************************************************/
12 
13 #include <advapi32.h>
14 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
15 
16 /* FUNCTIONS ****************************************************************/
17 
18 /*
19  * @implemented
20  */
21 BOOL WINAPI
22 AccessCheckAndAuditAlarmA(LPCSTR SubsystemName,
23  LPVOID HandleId,
24  LPSTR ObjectTypeName,
25  LPSTR ObjectName,
26  PSECURITY_DESCRIPTOR SecurityDescriptor,
27  DWORD DesiredAccess,
28  PGENERIC_MAPPING GenericMapping,
29  BOOL ObjectCreation,
30  LPDWORD GrantedAccess,
31  LPBOOL AccessStatus,
32  LPBOOL pfGenerateOnClose)
33 {
34  UNICODE_STRING SubsystemNameU;
35  UNICODE_STRING ObjectTypeNameU;
36  UNICODE_STRING ObjectNameU;
37  NTSTATUS LocalAccessStatus;
38  BOOLEAN GenerateOnClose;
39  NTSTATUS Status;
40 
41  RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
42  (PCHAR)SubsystemName);
43  RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
44  (PCHAR)ObjectTypeName);
45  RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
46  (PCHAR)ObjectName);
47 
48  Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
49  HandleId,
50  &ObjectTypeNameU,
51  &ObjectNameU,
52  SecurityDescriptor,
53  DesiredAccess,
54  GenericMapping,
55  ObjectCreation,
56  GrantedAccess,
57  &LocalAccessStatus,
58  &GenerateOnClose);
59  RtlFreeUnicodeString(&SubsystemNameU);
60  RtlFreeUnicodeString(&ObjectTypeNameU);
61  RtlFreeUnicodeString(&ObjectNameU);
62 
63  *pfGenerateOnClose = (BOOL)GenerateOnClose;
64 
65  if (!NT_SUCCESS(Status))
66  {
67  SetLastError(RtlNtStatusToDosError(Status));
68  return FALSE;
69  }
70 
71  if (!NT_SUCCESS (LocalAccessStatus))
72  {
73  *AccessStatus = FALSE;
74  SetLastError(RtlNtStatusToDosError(Status));
75  return FALSE;
76  }
77 
78  *AccessStatus = TRUE;
79 
80  return TRUE;
81 }
82 
83 
84 /*
85  * @implemented
86  */
87 BOOL WINAPI
88 AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName,
89  LPVOID HandleId,
90  LPWSTR ObjectTypeName,
91  LPWSTR ObjectName,
92  PSECURITY_DESCRIPTOR SecurityDescriptor,
93  DWORD DesiredAccess,
94  PGENERIC_MAPPING GenericMapping,
95  BOOL ObjectCreation,
96  LPDWORD GrantedAccess,
97  LPBOOL AccessStatus,
98  LPBOOL pfGenerateOnClose)
99 {
100  UNICODE_STRING SubsystemNameU;
101  UNICODE_STRING ObjectTypeNameU;
102  UNICODE_STRING ObjectNameU;
103  NTSTATUS LocalAccessStatus;
104  BOOLEAN GenerateOnClose;
105  NTSTATUS Status;
106 
107  RtlInitUnicodeString(&SubsystemNameU,
108  (PWSTR)SubsystemName);
109  RtlInitUnicodeString(&ObjectTypeNameU,
110  (PWSTR)ObjectTypeName);
111  RtlInitUnicodeString(&ObjectNameU,
112  (PWSTR)ObjectName);
113 
114  Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
115  HandleId,
116  &ObjectTypeNameU,
117  &ObjectNameU,
118  SecurityDescriptor,
119  DesiredAccess,
120  GenericMapping,
121  ObjectCreation,
122  GrantedAccess,
123  &LocalAccessStatus,
124  &GenerateOnClose);
125 
126  *pfGenerateOnClose = (BOOL)GenerateOnClose;
127 
128  if (!NT_SUCCESS(Status))
129  {
130  SetLastError(RtlNtStatusToDosError(Status));
131  return FALSE;
132  }
133 
134  if (!NT_SUCCESS(LocalAccessStatus))
135  {
136  *AccessStatus = FALSE;
137  SetLastError(RtlNtStatusToDosError(Status));
138  return FALSE;
139  }
140 
141  *AccessStatus = TRUE;
142 
143  return TRUE;
144 }
145 
146 
147 /*
148  * @implemented
149  */
150 BOOL WINAPI
151 ObjectCloseAuditAlarmA(LPCSTR SubsystemName,
152  LPVOID HandleId,
153  BOOL GenerateOnClose)
154 {
155  UNICODE_STRING Name;
156  NTSTATUS Status;
157 
158  if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
159  {
160  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
161  return FALSE;
162  }
163 
164  Status = NtCloseObjectAuditAlarm(&Name,
165  HandleId,
166  GenerateOnClose);
167  RtlFreeUnicodeString(&Name);
168  if (!NT_SUCCESS (Status))
169  {
170  SetLastError(RtlNtStatusToDosError(Status));
171  return FALSE;
172  }
173 
174  return TRUE;
175 }
176 
177 
178 /*
179  * @implemented
180  */
181 BOOL WINAPI
182 ObjectCloseAuditAlarmW(LPCWSTR SubsystemName,
183  LPVOID HandleId,
184  BOOL GenerateOnClose)
185 {
186  UNICODE_STRING Name;
187  NTSTATUS Status;
188 
189  RtlInitUnicodeString(&Name,
190  (PWSTR)SubsystemName);
191 
192  Status = NtCloseObjectAuditAlarm(&Name,
193  HandleId,
194  GenerateOnClose);
195  if (!NT_SUCCESS(Status))
196  {
197  SetLastError(RtlNtStatusToDosError(Status));
198  return FALSE;
199  }
200 
201  return TRUE;
202 }
203 
204 
205 /*
206  * @implemented
207  */
208 BOOL WINAPI
209 ObjectDeleteAuditAlarmA(LPCSTR SubsystemName,
210  LPVOID HandleId,
211  BOOL GenerateOnClose)
212 {
213  UNICODE_STRING Name;
214  NTSTATUS Status;
215 
216  if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
217  {
218  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
219  return FALSE;
220  }
221 
222  Status = NtDeleteObjectAuditAlarm(&Name,
223  HandleId,
224  GenerateOnClose);
225  RtlFreeUnicodeString(&Name);
226  if (!NT_SUCCESS(Status))
227  {
228  SetLastError(RtlNtStatusToDosError(Status));
229  return FALSE;
230  }
231 
232  return TRUE;
233 }
234 
235 
236 /*
237  * @implemented
238  */
239 BOOL WINAPI
240 ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName,
241  LPVOID HandleId,
242  BOOL GenerateOnClose)
243 {
244  UNICODE_STRING Name;
245  NTSTATUS Status;
246 
247  RtlInitUnicodeString(&Name,
248  (PWSTR)SubsystemName);
249 
250  Status = NtDeleteObjectAuditAlarm(&Name,
251  HandleId,
252  GenerateOnClose);
253  if (!NT_SUCCESS(Status))
254  {
255  SetLastError(RtlNtStatusToDosError(Status));
256  return FALSE;
257  }
258 
259  return TRUE;
260 }
261 
262 
263 /*
264  * @implemented
265  */
266 BOOL WINAPI
267 ObjectOpenAuditAlarmA(LPCSTR SubsystemName,
268  LPVOID HandleId,
269  LPSTR ObjectTypeName,
270  LPSTR ObjectName,
271  PSECURITY_DESCRIPTOR pSecurityDescriptor,
272  HANDLE ClientToken,
273  DWORD DesiredAccess,
274  DWORD GrantedAccess,
275  PPRIVILEGE_SET Privileges,
276  BOOL ObjectCreation,
277  BOOL AccessGranted,
278  LPBOOL GenerateOnClose)
279 {
280  UNICODE_STRING SubsystemNameU;
281  UNICODE_STRING ObjectTypeNameU;
282  UNICODE_STRING ObjectNameU;
283  NTSTATUS Status;
284 
285  RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
286  (PCHAR)SubsystemName);
287  RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
288  (PCHAR)ObjectTypeName);
289  RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
290  (PCHAR)ObjectName);
291 
292  Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
293  HandleId,
294  &ObjectTypeNameU,
295  &ObjectNameU,
296  pSecurityDescriptor,
297  ClientToken,
298  DesiredAccess,
299  GrantedAccess,
300  Privileges,
301  ObjectCreation,
302  AccessGranted,
303  (PBOOLEAN)GenerateOnClose);
304  RtlFreeUnicodeString(&SubsystemNameU);
305  RtlFreeUnicodeString(&ObjectTypeNameU);
306  RtlFreeUnicodeString(&ObjectNameU);
307  if (!NT_SUCCESS(Status))
308  {
309  SetLastError(RtlNtStatusToDosError(Status));
310  return FALSE;
311  }
312 
313  return TRUE;
314 }
315 
316 
317 /*
318  * @implemented
319  */
320 BOOL WINAPI
321 ObjectOpenAuditAlarmW(LPCWSTR SubsystemName,
322  LPVOID HandleId,
323  LPWSTR ObjectTypeName,
324  LPWSTR ObjectName,
325  PSECURITY_DESCRIPTOR pSecurityDescriptor,
326  HANDLE ClientToken,
327  DWORD DesiredAccess,
328  DWORD GrantedAccess,
329  PPRIVILEGE_SET Privileges,
330  BOOL ObjectCreation,
331  BOOL AccessGranted,
332  LPBOOL GenerateOnClose)
333 {
334  UNICODE_STRING SubsystemNameU;
335  UNICODE_STRING ObjectTypeNameU;
336  UNICODE_STRING ObjectNameU;
337  NTSTATUS Status;
338 
339  RtlInitUnicodeString(&SubsystemNameU,
340  (PWSTR)SubsystemName);
341  RtlInitUnicodeString(&ObjectTypeNameU,
342  (PWSTR)ObjectTypeName);
343  RtlInitUnicodeString(&ObjectNameU,
344  (PWSTR)ObjectName);
345 
346  Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
347  HandleId,
348  &ObjectTypeNameU,
349  &ObjectNameU,
350  pSecurityDescriptor,
351  ClientToken,
352  DesiredAccess,
353  GrantedAccess,
354  Privileges,
355  ObjectCreation,
356  AccessGranted,
357  (PBOOLEAN)GenerateOnClose);
358  if (!NT_SUCCESS(Status))
359  {
360  SetLastError(RtlNtStatusToDosError(Status));
361  return FALSE;
362  }
363 
364  return TRUE;
365 }
366 
367 
368 /*
369  * @implemented
370  */
371 BOOL WINAPI
372 ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName,
373  LPVOID HandleId,
374  HANDLE ClientToken,
375  DWORD DesiredAccess,
376  PPRIVILEGE_SET Privileges,
377  BOOL AccessGranted)
378 {
379  UNICODE_STRING SubsystemNameU;
380  NTSTATUS Status;
381 
382  RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
383  (PCHAR)SubsystemName);
384 
385  Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
386  HandleId,
387  ClientToken,
388  DesiredAccess,
389  Privileges,
390  AccessGranted);
391  RtlFreeUnicodeString (&SubsystemNameU);
392  if (!NT_SUCCESS(Status))
393  {
394  SetLastError(RtlNtStatusToDosError(Status));
395  return FALSE;
396  }
397 
398  return TRUE;
399 }
400 
401 
402 /*
403  * @implemented
404  */
405 BOOL WINAPI
406 ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName,
407  LPVOID HandleId,
408  HANDLE ClientToken,
409  DWORD DesiredAccess,
410  PPRIVILEGE_SET Privileges,
411  BOOL AccessGranted)
412 {
413  UNICODE_STRING SubsystemNameU;
414  NTSTATUS Status;
415 
416  RtlInitUnicodeString(&SubsystemNameU,
417  (PWSTR)SubsystemName);
418 
419  Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
420  HandleId,
421  ClientToken,
422  DesiredAccess,
423  Privileges,
424  AccessGranted);
425  if (!NT_SUCCESS(Status))
426  {
427  SetLastError(RtlNtStatusToDosError(Status));
428  return FALSE;
429  }
430 
431  return TRUE;
432 }
433 
434 
435 /*
436  * @implemented
437  */
438 BOOL WINAPI
439 PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName,
440  LPCSTR ServiceName,
441  HANDLE ClientToken,
442  PPRIVILEGE_SET Privileges,
443  BOOL AccessGranted)
444 {
445  UNICODE_STRING SubsystemNameU;
446  UNICODE_STRING ServiceNameU;
447  NTSTATUS Status;
448 
449  RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
450  (PCHAR)SubsystemName);
451  RtlCreateUnicodeStringFromAsciiz(&ServiceNameU,
452  (PCHAR)ServiceName);
453 
454  Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
455  &ServiceNameU,
456  ClientToken,
457  Privileges,
458  AccessGranted);
459  RtlFreeUnicodeString(&SubsystemNameU);
460  RtlFreeUnicodeString(&ServiceNameU);
461  if (!NT_SUCCESS(Status))
462  {
463  SetLastError(RtlNtStatusToDosError(Status));
464  return FALSE;
465  }
466 
467  return TRUE;
468 }
469 
470 
471 /*
472  * @implemented
473  */
474 BOOL WINAPI
475 PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName,
476  LPCWSTR ServiceName,
477  HANDLE ClientToken,
478  PPRIVILEGE_SET Privileges,
479  BOOL AccessGranted)
480 {
481  UNICODE_STRING SubsystemNameU;
482  UNICODE_STRING ServiceNameU;
483  NTSTATUS Status;
484 
485  RtlInitUnicodeString(&SubsystemNameU,
486  (PWSTR)SubsystemName);
487  RtlInitUnicodeString(&ServiceNameU,
488  (PWSTR)ServiceName);
489 
490  Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
491  &ServiceNameU,
492  ClientToken,
493  Privileges,
494  AccessGranted);
495  if (!NT_SUCCESS(Status))
496  {
497  SetLastError(RtlNtStatusToDosError(Status));
498  return FALSE;
499  }
500 
501  return TRUE;
502 }
503 
504 
505 /*
506  * @unimplemented
507  */
508 BOOL WINAPI
509 AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName,
510  IN LPVOID HandleId,
511  IN HANDLE ClientToken,
512  IN LPCWSTR ObjectTypeName,
513  IN LPCWSTR ObjectName,
514  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
515  IN PSID PrincipalSelfSid,
516  IN DWORD DesiredAccess,
517  IN AUDIT_EVENT_TYPE AuditType,
518  IN DWORD Flags,
519  IN POBJECT_TYPE_LIST ObjectTypeList,
520  IN DWORD ObjectTypeListLength,
521  IN PGENERIC_MAPPING GenericMapping,
522  IN BOOL ObjectCreation,
523  OUT LPDWORD GrantedAccess,
524  OUT LPDWORD AccessStatusList,
525  OUT LPBOOL pfGenerateOnClose)
526 {
527  FIXME("%s() not implemented!\n", __FUNCTION__);
528  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
529  return FALSE;
530 }
531 
532 
533 /*
534  * @unimplemented
535  */
536 BOOL WINAPI
537 AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName,
538  IN LPVOID HandleId,
539  IN HANDLE ClientToken,
540  IN LPCSTR ObjectTypeName,
541  IN LPCSTR ObjectName,
542  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
543  IN PSID PrincipalSelfSid,
544  IN DWORD DesiredAccess,
545  IN AUDIT_EVENT_TYPE AuditType,
546  IN DWORD Flags,
547  IN POBJECT_TYPE_LIST ObjectTypeList,
548  IN DWORD ObjectTypeListLength,
549  IN PGENERIC_MAPPING GenericMapping,
550  IN BOOL ObjectCreation,
551  OUT LPDWORD GrantedAccess,
552  OUT LPDWORD AccessStatusList,
553  OUT LPBOOL pfGenerateOnClose)
554 {
555  FIXME("%s() not implemented!\n", __FUNCTION__);
556  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
557  return FALSE;
558 }
559 
560 
561 /*
562  * @unimplemented
563  */
564 BOOL WINAPI
565 AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName,
566  IN LPVOID HandleId,
567  IN LPCWSTR ObjectTypeName,
568  IN LPCWSTR ObjectName,
569  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
570  IN PSID PrincipalSelfSid,
571  IN DWORD DesiredAccess,
572  IN AUDIT_EVENT_TYPE AuditType,
573  IN DWORD Flags,
574  IN POBJECT_TYPE_LIST ObjectTypeList,
575  IN DWORD ObjectTypeListLength,
576  IN PGENERIC_MAPPING GenericMapping,
577  IN BOOL ObjectCreation,
578  OUT LPDWORD GrantedAccess,
579  OUT LPDWORD AccessStatusList,
580  OUT LPBOOL pfGenerateOnClose)
581 {
582  FIXME("%s() not implemented!\n", __FUNCTION__);
583  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
584  return FALSE;
585 }
586 
587 
588 /*
589  * @unimplemented
590  */
591 BOOL WINAPI
592 AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName,
593  IN LPVOID HandleId,
594  IN LPCSTR ObjectTypeName,
595  IN LPCSTR ObjectName,
596  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
597  IN PSID PrincipalSelfSid,
598  IN DWORD DesiredAccess,
599  IN AUDIT_EVENT_TYPE AuditType,
600  IN DWORD Flags,
601  IN POBJECT_TYPE_LIST ObjectTypeList,
602  IN DWORD ObjectTypeListLength,
603  IN PGENERIC_MAPPING GenericMapping,
604  IN BOOL ObjectCreation,
605  OUT LPDWORD GrantedAccess,
606  OUT LPDWORD AccessStatusList,
607  OUT LPBOOL pfGenerateOnClose)
608 {
609  FIXME("%s() not implemented!\n", __FUNCTION__);
610  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
611  return FALSE;
612 }
613 
614 
615 /*
616  * @unimplemented
617  */
618 BOOL WINAPI
619 AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName,
620  IN LPVOID HandleId,
621  IN LPCWSTR ObjectTypeName,
622  IN LPCWSTR ObjectName,
623  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
624  IN PSID PrincipalSelfSid,
625  IN DWORD DesiredAccess,
626  IN AUDIT_EVENT_TYPE AuditType,
627  IN DWORD Flags,
628  IN POBJECT_TYPE_LIST ObjectTypeList,
629  IN DWORD ObjectTypeListLength,
630  IN PGENERIC_MAPPING GenericMapping,
631  IN BOOL ObjectCreation,
632  OUT LPDWORD GrantedAccess,
633  OUT LPBOOL AccessStatus,
634  OUT LPBOOL pfGenerateOnClose)
635 {
636  FIXME("%s() not implemented!\n", __FUNCTION__);
637  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
638  return FALSE;
639 }
640 
641 
642 /*
643  * @unimplemented
644  */
645 BOOL WINAPI
646 AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName,
647  IN LPVOID HandleId,
648  IN LPCSTR ObjectTypeName,
649  IN LPCSTR ObjectName,
650  IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
651  IN PSID PrincipalSelfSid,
652  IN DWORD DesiredAccess,
653  IN AUDIT_EVENT_TYPE AuditType,
654  IN DWORD Flags,
655  IN POBJECT_TYPE_LIST ObjectTypeList,
656  IN DWORD ObjectTypeListLength,
657  IN PGENERIC_MAPPING GenericMapping,
658  IN BOOL ObjectCreation,
659  OUT LPDWORD GrantedAccess,
660  OUT LPBOOL AccessStatus,
661  OUT LPBOOL pfGenerateOnClose)
662 {
663  FIXME("%s() not implemented!\n", __FUNCTION__);
664  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
665  return FALSE;
666 }
667 
668 /* EOF */
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
PCHAR
signed char * PCHAR
Definition: retypes.h:7
ObjectDeleteAuditAlarmA
BOOL WINAPI ObjectDeleteAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:209
IN
#define IN
Definition: typedefs.h:39
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
AccessCheckAndAuditAlarmW
BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:88
_SID
Definition: ms-dtyp.idl:198
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
ObjectCloseAuditAlarmA
BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:151
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
TRUE
#define TRUE
Definition: types.h:120
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
AccessCheckByTypeAndAuditAlarmW
BOOL WINAPI AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:619
ObjectPrivilegeAuditAlarmW
BOOL WINAPI ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:406
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ObjectPrivilegeAuditAlarmA
BOOL WINAPI ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:372
_PRIVILEGE_SET
Definition: setypes.h:85
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ObjectOpenAuditAlarmA
BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:267
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
BOOL
#define BOOL
Definition: nt_native.h:43
NtPrivilegeObjectAuditAlarm
NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to access a privileged object.
Definition: audit.c:2167
ObjectOpenAuditAlarmW
BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:321
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
AUDIT_EVENT_TYPE
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
FALSE
#define FALSE
Definition: types.h:117
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
Name
struct NameRec_ * Name
Definition: cdprocs.h:459
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NameRec_
Definition: apinames.c:48
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
AccessCheckByTypeResultListAndAuditAlarmW
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:565
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2226
Status
Status
Definition: gdiplustypes.h:24
NtPrivilegedServiceAuditAlarm
__kernel_entry NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientTokenHandle, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to request a privileged service call.
Definition: audit.c:1984
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ServiceName
LPTSTR ServiceName
Definition: ServiceMain.c:15
_GENERIC_MAPPING
Definition: nt_native.h:564
_OBJECT_TYPE_LIST
Definition: setypes.h:852
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
WINAPI
#define WINAPI
Definition: msvc.h:6
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
PrivilegedServiceAuditAlarmA
BOOL WINAPI PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:439
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
SetLastError
#define SetLastError(x)
Definition: compat.h:611
AccessCheckByTypeResultListAndAuditAlarmByHandleA
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:537
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
AccessCheckByTypeAndAuditAlarmA
BOOL WINAPI AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:646
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
NtDeleteObjectAuditAlarm
NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be deleted.
Definition: audit.c:1576
AccessCheckByTypeResultListAndAuditAlarmByHandleW
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:509
PrivilegedServiceAuditAlarmW
BOOL WINAPI PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:475
NtOpenObjectAuditAlarm
__kernel_entry NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1723
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_UNICODE_STRING
Definition: env_spec_w32.h:368
ObjectCloseAuditAlarmW
BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:182
LPBOOL
BOOL * LPBOOL
Definition: windef.h:162
WINE_DEFAULT_DEBUG_CHANNEL
WINE_DEFAULT_DEBUG_CHANNEL(advapi)
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
AccessCheckByTypeResultListAndAuditAlarmA
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:592
OUT
#define OUT
Definition: typedefs.h:40
LPDWORD
uint32_t * LPDWORD
Definition: typedefs.h:59
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
AccessCheckAndAuditAlarmA
BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:22
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
ObjectDeleteAuditAlarmW
BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:240
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
__FUNCTION__
#define __FUNCTION__
Definition: types.h:112
NtCloseObjectAuditAlarm
NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be closed.
Definition: audit.c:1459