ReactOS 0.4.15-dev-7842-g558ab78
audit.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/advapi32/sec/audit.c
5 * PURPOSE: Audit functions
6 * PROGRAMMER: Eric Kohl
7 * UPDATE HISTORY:
8 * Created 07/19/2003
9 */
10
11/* INCLUDES *****************************************************************/
12
13#include <advapi32.h>
15
16/* FUNCTIONS ****************************************************************/
17
18/*
19 * @implemented
20 */
23 LPVOID HandleId,
29 BOOL ObjectCreation,
32 LPBOOL pfGenerateOnClose)
33{
34 UNICODE_STRING SubsystemNameU;
35 UNICODE_STRING ObjectTypeNameU;
36 UNICODE_STRING ObjectNameU;
37 NTSTATUS LocalAccessStatus;
40
42 (PCHAR)SubsystemName);
43 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
47
48 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
49 HandleId,
50 &ObjectTypeNameU,
51 &ObjectNameU,
55 ObjectCreation,
57 &LocalAccessStatus,
59 RtlFreeUnicodeString(&SubsystemNameU);
60 RtlFreeUnicodeString(&ObjectTypeNameU);
61 RtlFreeUnicodeString(&ObjectNameU);
62
63 *pfGenerateOnClose = (BOOL)GenerateOnClose;
64
65 if (!NT_SUCCESS(Status))
66 {
68 return FALSE;
69 }
70
71 if (!NT_SUCCESS (LocalAccessStatus))
72 {
75 return FALSE;
76 }
77
79
80 return TRUE;
81}
82
83
84/*
85 * @implemented
86 */
89 LPVOID HandleId,
95 BOOL ObjectCreation,
98 LPBOOL pfGenerateOnClose)
99{
100 UNICODE_STRING SubsystemNameU;
101 UNICODE_STRING ObjectTypeNameU;
102 UNICODE_STRING ObjectNameU;
103 NTSTATUS LocalAccessStatus;
106
107 RtlInitUnicodeString(&SubsystemNameU,
108 (PWSTR)SubsystemName);
109 RtlInitUnicodeString(&ObjectTypeNameU,
111 RtlInitUnicodeString(&ObjectNameU,
113
114 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
115 HandleId,
116 &ObjectTypeNameU,
117 &ObjectNameU,
121 ObjectCreation,
123 &LocalAccessStatus,
125
126 *pfGenerateOnClose = (BOOL)GenerateOnClose;
127
128 if (!NT_SUCCESS(Status))
129 {
131 return FALSE;
132 }
133
134 if (!NT_SUCCESS(LocalAccessStatus))
135 {
138 return FALSE;
139 }
140
142
143 return TRUE;
144}
145
146
147/*
148 * @implemented
149 */
152 LPVOID HandleId,
154{
157
158 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
159 {
161 return FALSE;
162 }
163
165 HandleId,
168 if (!NT_SUCCESS (Status))
169 {
171 return FALSE;
172 }
173
174 return TRUE;
175}
176
177
178/*
179 * @implemented
180 */
183 LPVOID HandleId,
185{
188
190 (PWSTR)SubsystemName);
191
193 HandleId,
195 if (!NT_SUCCESS(Status))
196 {
198 return FALSE;
199 }
200
201 return TRUE;
202}
203
204
205/*
206 * @implemented
207 */
210 LPVOID HandleId,
212{
215
216 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
217 {
219 return FALSE;
220 }
221
223 HandleId,
226 if (!NT_SUCCESS(Status))
227 {
229 return FALSE;
230 }
231
232 return TRUE;
233}
234
235
236/*
237 * @implemented
238 */
241 LPVOID HandleId,
243{
246
248 (PWSTR)SubsystemName);
249
251 HandleId,
253 if (!NT_SUCCESS(Status))
254 {
256 return FALSE;
257 }
258
259 return TRUE;
260}
261
262
263/*
264 * @implemented
265 */
268 LPVOID HandleId,
271 PSECURITY_DESCRIPTOR pSecurityDescriptor,
272 HANDLE ClientToken,
276 BOOL ObjectCreation,
279{
280 UNICODE_STRING SubsystemNameU;
281 UNICODE_STRING ObjectTypeNameU;
282 UNICODE_STRING ObjectNameU;
284
285 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
286 (PCHAR)SubsystemName);
287 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
291
292 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
293 HandleId,
294 &ObjectTypeNameU,
295 &ObjectNameU,
296 pSecurityDescriptor,
297 ClientToken,
301 ObjectCreation,
304 RtlFreeUnicodeString(&SubsystemNameU);
305 RtlFreeUnicodeString(&ObjectTypeNameU);
306 RtlFreeUnicodeString(&ObjectNameU);
307 if (!NT_SUCCESS(Status))
308 {
310 return FALSE;
311 }
312
313 return TRUE;
314}
315
316
317/*
318 * @implemented
319 */
322 LPVOID HandleId,
325 PSECURITY_DESCRIPTOR pSecurityDescriptor,
326 HANDLE ClientToken,
330 BOOL ObjectCreation,
333{
334 UNICODE_STRING SubsystemNameU;
335 UNICODE_STRING ObjectTypeNameU;
336 UNICODE_STRING ObjectNameU;
338
339 RtlInitUnicodeString(&SubsystemNameU,
340 (PWSTR)SubsystemName);
341 RtlInitUnicodeString(&ObjectTypeNameU,
343 RtlInitUnicodeString(&ObjectNameU,
345
346 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
347 HandleId,
348 &ObjectTypeNameU,
349 &ObjectNameU,
350 pSecurityDescriptor,
351 ClientToken,
355 ObjectCreation,
358 if (!NT_SUCCESS(Status))
359 {
361 return FALSE;
362 }
363
364 return TRUE;
365}
366
367
368/*
369 * @implemented
370 */
373 LPVOID HandleId,
374 HANDLE ClientToken,
378{
379 UNICODE_STRING SubsystemNameU;
381
382 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
383 (PCHAR)SubsystemName);
384
385 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
386 HandleId,
387 ClientToken,
391 RtlFreeUnicodeString (&SubsystemNameU);
392 if (!NT_SUCCESS(Status))
393 {
395 return FALSE;
396 }
397
398 return TRUE;
399}
400
401
402/*
403 * @implemented
404 */
407 LPVOID HandleId,
408 HANDLE ClientToken,
412{
413 UNICODE_STRING SubsystemNameU;
415
416 RtlInitUnicodeString(&SubsystemNameU,
417 (PWSTR)SubsystemName);
418
419 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
420 HandleId,
421 ClientToken,
425 if (!NT_SUCCESS(Status))
426 {
428 return FALSE;
429 }
430
431 return TRUE;
432}
433
434
435/*
436 * @implemented
437 */
441 HANDLE ClientToken,
444{
445 UNICODE_STRING SubsystemNameU;
446 UNICODE_STRING ServiceNameU;
448
449 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
450 (PCHAR)SubsystemName);
453
454 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
455 &ServiceNameU,
456 ClientToken,
459 RtlFreeUnicodeString(&SubsystemNameU);
460 RtlFreeUnicodeString(&ServiceNameU);
461 if (!NT_SUCCESS(Status))
462 {
464 return FALSE;
465 }
466
467 return TRUE;
468}
469
470
471/*
472 * @implemented
473 */
477 HANDLE ClientToken,
480{
481 UNICODE_STRING SubsystemNameU;
482 UNICODE_STRING ServiceNameU;
484
485 RtlInitUnicodeString(&SubsystemNameU,
486 (PWSTR)SubsystemName);
487 RtlInitUnicodeString(&ServiceNameU,
489
490 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
491 &ServiceNameU,
492 ClientToken,
495 if (!NT_SUCCESS(Status))
496 {
498 return FALSE;
499 }
500
501 return TRUE;
502}
503
504
505/*
506 * @unimplemented
507 */
510 IN LPVOID HandleId,
511 IN HANDLE ClientToken,
514 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
515 IN PSID PrincipalSelfSid,
517 IN AUDIT_EVENT_TYPE AuditType,
518 IN DWORD Flags,
519 IN POBJECT_TYPE_LIST ObjectTypeList,
520 IN DWORD ObjectTypeListLength,
522 IN BOOL ObjectCreation,
524 OUT LPDWORD AccessStatusList,
525 OUT LPBOOL pfGenerateOnClose)
526{
527 FIXME("%s() not implemented!\n", __FUNCTION__);
529 return FALSE;
530}
531
532
533/*
534 * @unimplemented
535 */
538 IN LPVOID HandleId,
539 IN HANDLE ClientToken,
542 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
543 IN PSID PrincipalSelfSid,
545 IN AUDIT_EVENT_TYPE AuditType,
546 IN DWORD Flags,
547 IN POBJECT_TYPE_LIST ObjectTypeList,
548 IN DWORD ObjectTypeListLength,
550 IN BOOL ObjectCreation,
552 OUT LPDWORD AccessStatusList,
553 OUT LPBOOL pfGenerateOnClose)
554{
555 FIXME("%s() not implemented!\n", __FUNCTION__);
557 return FALSE;
558}
559
560
561/*
562 * @unimplemented
563 */
566 IN LPVOID HandleId,
569 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
570 IN PSID PrincipalSelfSid,
572 IN AUDIT_EVENT_TYPE AuditType,
573 IN DWORD Flags,
574 IN POBJECT_TYPE_LIST ObjectTypeList,
575 IN DWORD ObjectTypeListLength,
577 IN BOOL ObjectCreation,
579 OUT LPDWORD AccessStatusList,
580 OUT LPBOOL pfGenerateOnClose)
581{
582 FIXME("%s() not implemented!\n", __FUNCTION__);
584 return FALSE;
585}
586
587
588/*
589 * @unimplemented
590 */
593 IN LPVOID HandleId,
596 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
597 IN PSID PrincipalSelfSid,
599 IN AUDIT_EVENT_TYPE AuditType,
600 IN DWORD Flags,
601 IN POBJECT_TYPE_LIST ObjectTypeList,
602 IN DWORD ObjectTypeListLength,
604 IN BOOL ObjectCreation,
606 OUT LPDWORD AccessStatusList,
607 OUT LPBOOL pfGenerateOnClose)
608{
609 FIXME("%s() not implemented!\n", __FUNCTION__);
611 return FALSE;
612}
613
614
615/*
616 * @unimplemented
617 */
620 IN LPVOID HandleId,
623 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
624 IN PSID PrincipalSelfSid,
626 IN AUDIT_EVENT_TYPE AuditType,
627 IN DWORD Flags,
628 IN POBJECT_TYPE_LIST ObjectTypeList,
629 IN DWORD ObjectTypeListLength,
631 IN BOOL ObjectCreation,
634 OUT LPBOOL pfGenerateOnClose)
635{
636 FIXME("%s() not implemented!\n", __FUNCTION__);
638 return FALSE;
639}
640
641
642/*
643 * @unimplemented
644 */
647 IN LPVOID HandleId,
650 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
651 IN PSID PrincipalSelfSid,
653 IN AUDIT_EVENT_TYPE AuditType,
654 IN DWORD Flags,
655 IN POBJECT_TYPE_LIST ObjectTypeList,
656 IN DWORD ObjectTypeListLength,
658 IN BOOL ObjectCreation,
661 OUT LPBOOL pfGenerateOnClose)
662{
663 FIXME("%s() not implemented!\n", __FUNCTION__);
665 return FALSE;
666}
667
668/* EOF */
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct NameRec_ * Name
Definition: cdprocs.h:460
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
LONG NTSTATUS
Definition: precomp.h:26
static WCHAR ServiceName[]
Definition: browser.c:19
#define FIXME(fmt,...)
Definition: debug.h:111
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:182
BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:267
BOOL WINAPI ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:372
BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:22
BOOL WINAPI ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:406
BOOL WINAPI PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:475
BOOL WINAPI AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:619
BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:240
BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:321
BOOL WINAPI ObjectDeleteAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:209
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:565
BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:88
BOOL WINAPI PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:439
BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:151
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:592
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:537
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:509
BOOL WINAPI AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:646
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define SetLastError(x)
Definition: compat.h:752
#define __FUNCTION__
Definition: types.h:116
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
Status
Definition: gdiplustypes.h:25
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
#define BOOL
Definition: nt_native.h:43
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be deleted.
Definition: audit.c:1475
__kernel_entry NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientTokenHandle, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to request a privileged service call.
Definition: audit.c:1883
__kernel_entry NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1622
NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to access a privileged object.
Definition: audit.c:2066
NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be closed.
Definition: audit.c:1358
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2125
uint16_t * PWSTR
Definition: typedefs.h:56
unsigned char * PBOOLEAN
Definition: typedefs.h:53
uint32_t * LPDWORD
Definition: typedefs.h:59
#define IN
Definition: typedefs.h:39
#define OUT
Definition: typedefs.h:40
char * PCHAR
Definition: typedefs.h:51
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
BOOL * LPBOOL
Definition: windef.h:162
#define WINAPI
Definition: msvc.h:6
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
const char * LPCSTR
Definition: xmlstorage.h:183
char * LPSTR
Definition: xmlstorage.h:182
WCHAR * LPWSTR
Definition: xmlstorage.h:184
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185