ReactOS 0.4.15-dev-7196-g0fe0b40
audit.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/advapi32/sec/audit.c
5 * PURPOSE: Audit functions
6 * PROGRAMMER: Eric Kohl
7 * UPDATE HISTORY:
8 * Created 07/19/2003
9 */
10
11/* INCLUDES *****************************************************************/
12
13#include <advapi32.h>
14WINE_DEFAULT_DEBUG_CHANNEL(advapi);
15
16/* FUNCTIONS ****************************************************************/
17
18/*
19 * @implemented
20 */
21BOOL WINAPI
22AccessCheckAndAuditAlarmA(LPCSTR SubsystemName,
23 LPVOID HandleId,
24 LPSTR ObjectTypeName,
25 LPSTR ObjectName,
26 PSECURITY_DESCRIPTOR SecurityDescriptor,
27 DWORD DesiredAccess,
28 PGENERIC_MAPPING GenericMapping,
29 BOOL ObjectCreation,
30 LPDWORD GrantedAccess,
31 LPBOOL AccessStatus,
32 LPBOOL pfGenerateOnClose)
33{
34 UNICODE_STRING SubsystemNameU;
35 UNICODE_STRING ObjectTypeNameU;
36 UNICODE_STRING ObjectNameU;
37 NTSTATUS LocalAccessStatus;
38 BOOLEAN GenerateOnClose;
39 NTSTATUS Status;
40
41 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
42 (PCHAR)SubsystemName);
43 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
44 (PCHAR)ObjectTypeName);
45 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
46 (PCHAR)ObjectName);
47
48 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
49 HandleId,
50 &ObjectTypeNameU,
51 &ObjectNameU,
52 SecurityDescriptor,
53 DesiredAccess,
54 GenericMapping,
55 ObjectCreation,
56 GrantedAccess,
57 &LocalAccessStatus,
58 &GenerateOnClose);
59 RtlFreeUnicodeString(&SubsystemNameU);
60 RtlFreeUnicodeString(&ObjectTypeNameU);
61 RtlFreeUnicodeString(&ObjectNameU);
62
63 *pfGenerateOnClose = (BOOL)GenerateOnClose;
64
65 if (!NT_SUCCESS(Status))
66 {
67 SetLastError(RtlNtStatusToDosError(Status));
68 return FALSE;
69 }
70
71 if (!NT_SUCCESS (LocalAccessStatus))
72 {
73 *AccessStatus = FALSE;
74 SetLastError(RtlNtStatusToDosError(Status));
75 return FALSE;
76 }
77
78 *AccessStatus = TRUE;
79
80 return TRUE;
81}
82
83
84/*
85 * @implemented
86 */
87BOOL WINAPI
88AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName,
89 LPVOID HandleId,
90 LPWSTR ObjectTypeName,
91 LPWSTR ObjectName,
92 PSECURITY_DESCRIPTOR SecurityDescriptor,
93 DWORD DesiredAccess,
94 PGENERIC_MAPPING GenericMapping,
95 BOOL ObjectCreation,
96 LPDWORD GrantedAccess,
97 LPBOOL AccessStatus,
98 LPBOOL pfGenerateOnClose)
99{
100 UNICODE_STRING SubsystemNameU;
101 UNICODE_STRING ObjectTypeNameU;
102 UNICODE_STRING ObjectNameU;
103 NTSTATUS LocalAccessStatus;
104 BOOLEAN GenerateOnClose;
105 NTSTATUS Status;
106
107 RtlInitUnicodeString(&SubsystemNameU,
108 (PWSTR)SubsystemName);
109 RtlInitUnicodeString(&ObjectTypeNameU,
110 (PWSTR)ObjectTypeName);
111 RtlInitUnicodeString(&ObjectNameU,
112 (PWSTR)ObjectName);
113
114 Status = NtAccessCheckAndAuditAlarm(&SubsystemNameU,
115 HandleId,
116 &ObjectTypeNameU,
117 &ObjectNameU,
118 SecurityDescriptor,
119 DesiredAccess,
120 GenericMapping,
121 ObjectCreation,
122 GrantedAccess,
123 &LocalAccessStatus,
124 &GenerateOnClose);
125
126 *pfGenerateOnClose = (BOOL)GenerateOnClose;
127
128 if (!NT_SUCCESS(Status))
129 {
130 SetLastError(RtlNtStatusToDosError(Status));
131 return FALSE;
132 }
133
134 if (!NT_SUCCESS(LocalAccessStatus))
135 {
136 *AccessStatus = FALSE;
137 SetLastError(RtlNtStatusToDosError(Status));
138 return FALSE;
139 }
140
141 *AccessStatus = TRUE;
142
143 return TRUE;
144}
145
146
147/*
148 * @implemented
149 */
150BOOL WINAPI
151ObjectCloseAuditAlarmA(LPCSTR SubsystemName,
152 LPVOID HandleId,
153 BOOL GenerateOnClose)
154{
155 UNICODE_STRING Name;
156 NTSTATUS Status;
157
158 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
159 {
160 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
161 return FALSE;
162 }
163
164 Status = NtCloseObjectAuditAlarm(&Name,
165 HandleId,
166 GenerateOnClose);
167 RtlFreeUnicodeString(&Name);
168 if (!NT_SUCCESS (Status))
169 {
170 SetLastError(RtlNtStatusToDosError(Status));
171 return FALSE;
172 }
173
174 return TRUE;
175}
176
177
178/*
179 * @implemented
180 */
181BOOL WINAPI
182ObjectCloseAuditAlarmW(LPCWSTR SubsystemName,
183 LPVOID HandleId,
184 BOOL GenerateOnClose)
185{
186 UNICODE_STRING Name;
187 NTSTATUS Status;
188
189 RtlInitUnicodeString(&Name,
190 (PWSTR)SubsystemName);
191
192 Status = NtCloseObjectAuditAlarm(&Name,
193 HandleId,
194 GenerateOnClose);
195 if (!NT_SUCCESS(Status))
196 {
197 SetLastError(RtlNtStatusToDosError(Status));
198 return FALSE;
199 }
200
201 return TRUE;
202}
203
204
205/*
206 * @implemented
207 */
208BOOL WINAPI
209ObjectDeleteAuditAlarmA(LPCSTR SubsystemName,
210 LPVOID HandleId,
211 BOOL GenerateOnClose)
212{
213 UNICODE_STRING Name;
214 NTSTATUS Status;
215
216 if (!RtlCreateUnicodeStringFromAsciiz(&Name, SubsystemName))
217 {
218 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
219 return FALSE;
220 }
221
222 Status = NtDeleteObjectAuditAlarm(&Name,
223 HandleId,
224 GenerateOnClose);
225 RtlFreeUnicodeString(&Name);
226 if (!NT_SUCCESS(Status))
227 {
228 SetLastError(RtlNtStatusToDosError(Status));
229 return FALSE;
230 }
231
232 return TRUE;
233}
234
235
236/*
237 * @implemented
238 */
239BOOL WINAPI
240ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName,
241 LPVOID HandleId,
242 BOOL GenerateOnClose)
243{
244 UNICODE_STRING Name;
245 NTSTATUS Status;
246
247 RtlInitUnicodeString(&Name,
248 (PWSTR)SubsystemName);
249
250 Status = NtDeleteObjectAuditAlarm(&Name,
251 HandleId,
252 GenerateOnClose);
253 if (!NT_SUCCESS(Status))
254 {
255 SetLastError(RtlNtStatusToDosError(Status));
256 return FALSE;
257 }
258
259 return TRUE;
260}
261
262
263/*
264 * @implemented
265 */
266BOOL WINAPI
267ObjectOpenAuditAlarmA(LPCSTR SubsystemName,
268 LPVOID HandleId,
269 LPSTR ObjectTypeName,
270 LPSTR ObjectName,
271 PSECURITY_DESCRIPTOR pSecurityDescriptor,
272 HANDLE ClientToken,
273 DWORD DesiredAccess,
274 DWORD GrantedAccess,
275 PPRIVILEGE_SET Privileges,
276 BOOL ObjectCreation,
277 BOOL AccessGranted,
278 LPBOOL GenerateOnClose)
279{
280 UNICODE_STRING SubsystemNameU;
281 UNICODE_STRING ObjectTypeNameU;
282 UNICODE_STRING ObjectNameU;
283 NTSTATUS Status;
284
285 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
286 (PCHAR)SubsystemName);
287 RtlCreateUnicodeStringFromAsciiz(&ObjectTypeNameU,
288 (PCHAR)ObjectTypeName);
289 RtlCreateUnicodeStringFromAsciiz(&ObjectNameU,
290 (PCHAR)ObjectName);
291
292 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
293 HandleId,
294 &ObjectTypeNameU,
295 &ObjectNameU,
296 pSecurityDescriptor,
297 ClientToken,
298 DesiredAccess,
299 GrantedAccess,
300 Privileges,
301 ObjectCreation,
302 AccessGranted,
303 (PBOOLEAN)GenerateOnClose);
304 RtlFreeUnicodeString(&SubsystemNameU);
305 RtlFreeUnicodeString(&ObjectTypeNameU);
306 RtlFreeUnicodeString(&ObjectNameU);
307 if (!NT_SUCCESS(Status))
308 {
309 SetLastError(RtlNtStatusToDosError(Status));
310 return FALSE;
311 }
312
313 return TRUE;
314}
315
316
317/*
318 * @implemented
319 */
320BOOL WINAPI
321ObjectOpenAuditAlarmW(LPCWSTR SubsystemName,
322 LPVOID HandleId,
323 LPWSTR ObjectTypeName,
324 LPWSTR ObjectName,
325 PSECURITY_DESCRIPTOR pSecurityDescriptor,
326 HANDLE ClientToken,
327 DWORD DesiredAccess,
328 DWORD GrantedAccess,
329 PPRIVILEGE_SET Privileges,
330 BOOL ObjectCreation,
331 BOOL AccessGranted,
332 LPBOOL GenerateOnClose)
333{
334 UNICODE_STRING SubsystemNameU;
335 UNICODE_STRING ObjectTypeNameU;
336 UNICODE_STRING ObjectNameU;
337 NTSTATUS Status;
338
339 RtlInitUnicodeString(&SubsystemNameU,
340 (PWSTR)SubsystemName);
341 RtlInitUnicodeString(&ObjectTypeNameU,
342 (PWSTR)ObjectTypeName);
343 RtlInitUnicodeString(&ObjectNameU,
344 (PWSTR)ObjectName);
345
346 Status = NtOpenObjectAuditAlarm(&SubsystemNameU,
347 HandleId,
348 &ObjectTypeNameU,
349 &ObjectNameU,
350 pSecurityDescriptor,
351 ClientToken,
352 DesiredAccess,
353 GrantedAccess,
354 Privileges,
355 ObjectCreation,
356 AccessGranted,
357 (PBOOLEAN)GenerateOnClose);
358 if (!NT_SUCCESS(Status))
359 {
360 SetLastError(RtlNtStatusToDosError(Status));
361 return FALSE;
362 }
363
364 return TRUE;
365}
366
367
368/*
369 * @implemented
370 */
371BOOL WINAPI
372ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName,
373 LPVOID HandleId,
374 HANDLE ClientToken,
375 DWORD DesiredAccess,
376 PPRIVILEGE_SET Privileges,
377 BOOL AccessGranted)
378{
379 UNICODE_STRING SubsystemNameU;
380 NTSTATUS Status;
381
382 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
383 (PCHAR)SubsystemName);
384
385 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
386 HandleId,
387 ClientToken,
388 DesiredAccess,
389 Privileges,
390 AccessGranted);
391 RtlFreeUnicodeString (&SubsystemNameU);
392 if (!NT_SUCCESS(Status))
393 {
394 SetLastError(RtlNtStatusToDosError(Status));
395 return FALSE;
396 }
397
398 return TRUE;
399}
400
401
402/*
403 * @implemented
404 */
405BOOL WINAPI
406ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName,
407 LPVOID HandleId,
408 HANDLE ClientToken,
409 DWORD DesiredAccess,
410 PPRIVILEGE_SET Privileges,
411 BOOL AccessGranted)
412{
413 UNICODE_STRING SubsystemNameU;
414 NTSTATUS Status;
415
416 RtlInitUnicodeString(&SubsystemNameU,
417 (PWSTR)SubsystemName);
418
419 Status = NtPrivilegeObjectAuditAlarm(&SubsystemNameU,
420 HandleId,
421 ClientToken,
422 DesiredAccess,
423 Privileges,
424 AccessGranted);
425 if (!NT_SUCCESS(Status))
426 {
427 SetLastError(RtlNtStatusToDosError(Status));
428 return FALSE;
429 }
430
431 return TRUE;
432}
433
434
435/*
436 * @implemented
437 */
438BOOL WINAPI
439PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName,
440 LPCSTR ServiceName,
441 HANDLE ClientToken,
442 PPRIVILEGE_SET Privileges,
443 BOOL AccessGranted)
444{
445 UNICODE_STRING SubsystemNameU;
446 UNICODE_STRING ServiceNameU;
447 NTSTATUS Status;
448
449 RtlCreateUnicodeStringFromAsciiz(&SubsystemNameU,
450 (PCHAR)SubsystemName);
451 RtlCreateUnicodeStringFromAsciiz(&ServiceNameU,
452 (PCHAR)ServiceName);
453
454 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
455 &ServiceNameU,
456 ClientToken,
457 Privileges,
458 AccessGranted);
459 RtlFreeUnicodeString(&SubsystemNameU);
460 RtlFreeUnicodeString(&ServiceNameU);
461 if (!NT_SUCCESS(Status))
462 {
463 SetLastError(RtlNtStatusToDosError(Status));
464 return FALSE;
465 }
466
467 return TRUE;
468}
469
470
471/*
472 * @implemented
473 */
474BOOL WINAPI
475PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName,
476 LPCWSTR ServiceName,
477 HANDLE ClientToken,
478 PPRIVILEGE_SET Privileges,
479 BOOL AccessGranted)
480{
481 UNICODE_STRING SubsystemNameU;
482 UNICODE_STRING ServiceNameU;
483 NTSTATUS Status;
484
485 RtlInitUnicodeString(&SubsystemNameU,
486 (PWSTR)SubsystemName);
487 RtlInitUnicodeString(&ServiceNameU,
488 (PWSTR)ServiceName);
489
490 Status = NtPrivilegedServiceAuditAlarm(&SubsystemNameU,
491 &ServiceNameU,
492 ClientToken,
493 Privileges,
494 AccessGranted);
495 if (!NT_SUCCESS(Status))
496 {
497 SetLastError(RtlNtStatusToDosError(Status));
498 return FALSE;
499 }
500
501 return TRUE;
502}
503
504
505/*
506 * @unimplemented
507 */
508BOOL WINAPI
509AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName,
510 IN LPVOID HandleId,
511 IN HANDLE ClientToken,
512 IN LPCWSTR ObjectTypeName,
513 IN LPCWSTR ObjectName,
514 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
515 IN PSID PrincipalSelfSid,
516 IN DWORD DesiredAccess,
517 IN AUDIT_EVENT_TYPE AuditType,
518 IN DWORD Flags,
519 IN POBJECT_TYPE_LIST ObjectTypeList,
520 IN DWORD ObjectTypeListLength,
521 IN PGENERIC_MAPPING GenericMapping,
522 IN BOOL ObjectCreation,
523 OUT LPDWORD GrantedAccess,
524 OUT LPDWORD AccessStatusList,
525 OUT LPBOOL pfGenerateOnClose)
526{
527 FIXME("%s() not implemented!\n", __FUNCTION__);
528 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
529 return FALSE;
530}
531
532
533/*
534 * @unimplemented
535 */
536BOOL WINAPI
537AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName,
538 IN LPVOID HandleId,
539 IN HANDLE ClientToken,
540 IN LPCSTR ObjectTypeName,
541 IN LPCSTR ObjectName,
542 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
543 IN PSID PrincipalSelfSid,
544 IN DWORD DesiredAccess,
545 IN AUDIT_EVENT_TYPE AuditType,
546 IN DWORD Flags,
547 IN POBJECT_TYPE_LIST ObjectTypeList,
548 IN DWORD ObjectTypeListLength,
549 IN PGENERIC_MAPPING GenericMapping,
550 IN BOOL ObjectCreation,
551 OUT LPDWORD GrantedAccess,
552 OUT LPDWORD AccessStatusList,
553 OUT LPBOOL pfGenerateOnClose)
554{
555 FIXME("%s() not implemented!\n", __FUNCTION__);
556 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
557 return FALSE;
558}
559
560
561/*
562 * @unimplemented
563 */
564BOOL WINAPI
565AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName,
566 IN LPVOID HandleId,
567 IN LPCWSTR ObjectTypeName,
568 IN LPCWSTR ObjectName,
569 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
570 IN PSID PrincipalSelfSid,
571 IN DWORD DesiredAccess,
572 IN AUDIT_EVENT_TYPE AuditType,
573 IN DWORD Flags,
574 IN POBJECT_TYPE_LIST ObjectTypeList,
575 IN DWORD ObjectTypeListLength,
576 IN PGENERIC_MAPPING GenericMapping,
577 IN BOOL ObjectCreation,
578 OUT LPDWORD GrantedAccess,
579 OUT LPDWORD AccessStatusList,
580 OUT LPBOOL pfGenerateOnClose)
581{
582 FIXME("%s() not implemented!\n", __FUNCTION__);
583 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
584 return FALSE;
585}
586
587
588/*
589 * @unimplemented
590 */
591BOOL WINAPI
592AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName,
593 IN LPVOID HandleId,
594 IN LPCSTR ObjectTypeName,
595 IN LPCSTR ObjectName,
596 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
597 IN PSID PrincipalSelfSid,
598 IN DWORD DesiredAccess,
599 IN AUDIT_EVENT_TYPE AuditType,
600 IN DWORD Flags,
601 IN POBJECT_TYPE_LIST ObjectTypeList,
602 IN DWORD ObjectTypeListLength,
603 IN PGENERIC_MAPPING GenericMapping,
604 IN BOOL ObjectCreation,
605 OUT LPDWORD GrantedAccess,
606 OUT LPDWORD AccessStatusList,
607 OUT LPBOOL pfGenerateOnClose)
608{
609 FIXME("%s() not implemented!\n", __FUNCTION__);
610 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
611 return FALSE;
612}
613
614
615/*
616 * @unimplemented
617 */
618BOOL WINAPI
619AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName,
620 IN LPVOID HandleId,
621 IN LPCWSTR ObjectTypeName,
622 IN LPCWSTR ObjectName,
623 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
624 IN PSID PrincipalSelfSid,
625 IN DWORD DesiredAccess,
626 IN AUDIT_EVENT_TYPE AuditType,
627 IN DWORD Flags,
628 IN POBJECT_TYPE_LIST ObjectTypeList,
629 IN DWORD ObjectTypeListLength,
630 IN PGENERIC_MAPPING GenericMapping,
631 IN BOOL ObjectCreation,
632 OUT LPDWORD GrantedAccess,
633 OUT LPBOOL AccessStatus,
634 OUT LPBOOL pfGenerateOnClose)
635{
636 FIXME("%s() not implemented!\n", __FUNCTION__);
637 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
638 return FALSE;
639}
640
641
642/*
643 * @unimplemented
644 */
645BOOL WINAPI
646AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName,
647 IN LPVOID HandleId,
648 IN LPCSTR ObjectTypeName,
649 IN LPCSTR ObjectName,
650 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
651 IN PSID PrincipalSelfSid,
652 IN DWORD DesiredAccess,
653 IN AUDIT_EVENT_TYPE AuditType,
654 IN DWORD Flags,
655 IN POBJECT_TYPE_LIST ObjectTypeList,
656 IN DWORD ObjectTypeListLength,
657 IN PGENERIC_MAPPING GenericMapping,
658 IN BOOL ObjectCreation,
659 OUT LPDWORD GrantedAccess,
660 OUT LPBOOL AccessStatus,
661 OUT LPBOOL pfGenerateOnClose)
662{
663 FIXME("%s() not implemented!\n", __FUNCTION__);
664 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
665 return FALSE;
666}
667
668/* EOF */
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
WINE_DEFAULT_DEBUG_CHANNEL
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ServiceName
static WCHAR ServiceName[]
Definition: browser.c:19
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObjectCloseAuditAlarmW
BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:182
ObjectOpenAuditAlarmA
BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:267
ObjectPrivilegeAuditAlarmA
BOOL WINAPI ObjectPrivilegeAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:372
AccessCheckAndAuditAlarmA
BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:22
ObjectPrivilegeAuditAlarmW
BOOL WINAPI ObjectPrivilegeAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:406
PrivilegedServiceAuditAlarmW
BOOL WINAPI PrivilegedServiceAuditAlarmW(LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:475
AccessCheckByTypeAndAuditAlarmW
BOOL WINAPI AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:619
ObjectDeleteAuditAlarmW
BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:240
ObjectOpenAuditAlarmW
BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, LPBOOL GenerateOnClose)
Definition: audit.c:321
ObjectDeleteAuditAlarmA
BOOL WINAPI ObjectDeleteAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:209
AccessCheckByTypeResultListAndAuditAlarmW
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:565
AccessCheckAndAuditAlarmW
BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
Definition: audit.c:88
PrivilegedServiceAuditAlarmA
BOOL WINAPI PrivilegedServiceAuditAlarmA(LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
Definition: audit.c:439
ObjectCloseAuditAlarmA
BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
Definition: audit.c:151
AccessCheckByTypeResultListAndAuditAlarmA
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:592
AccessCheckByTypeResultListAndAuditAlarmByHandleA
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:537
AccessCheckByTypeResultListAndAuditAlarmByHandleW
BOOL WINAPI AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName, IN LPVOID HandleId, IN HANDLE ClientToken, IN LPCWSTR ObjectTypeName, IN LPCWSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPDWORD AccessStatusList, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:509
AccessCheckByTypeAndAuditAlarmA
BOOL WINAPI AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName, IN LPVOID HandleId, IN LPCSTR ObjectTypeName, IN LPCSTR ObjectName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID PrincipalSelfSid, IN DWORD DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN DWORD Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOL ObjectCreation, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus, OUT LPBOOL pfGenerateOnClose)
Definition: audit.c:646
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
SetLastError
#define SetLastError(x)
Definition: compat.h:752
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
Status
Status
Definition: gdiplustypes.h:25
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
BOOL
#define BOOL
Definition: nt_native.h:43
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NtDeleteObjectAuditAlarm
NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be deleted.
Definition: audit.c:1475
NtPrivilegedServiceAuditAlarm
__kernel_entry NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientTokenHandle, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to request a privileged service call.
Definition: audit.c:1883
NtOpenObjectAuditAlarm
__kernel_entry NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1622
NtPrivilegeObjectAuditAlarm
NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Raises an alarm audit message when a caller attempts to access a privileged object.
Definition: audit.c:2066
NtCloseObjectAuditAlarm
NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be closed.
Definition: audit.c:1358
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2125
NameRec_
Definition: apinames.c:49
_GENERIC_MAPPING
Definition: nt_native.h:564
_OBJECT_TYPE_LIST
Definition: setypes.h:856
_PRIVILEGE_SET
Definition: setypes.h:85
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING
Definition: env_spec_w32.h:368
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PBOOLEAN
unsigned char * PBOOLEAN
Definition: typedefs.h:53
LPDWORD
uint32_t * LPDWORD
Definition: typedefs.h:59
IN
#define IN
Definition: typedefs.h:39
OUT
#define OUT
Definition: typedefs.h:40
PCHAR
char * PCHAR
Definition: typedefs.h:51
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
LPBOOL
BOOL * LPBOOL
Definition: windef.h:162
WINAPI
#define WINAPI
Definition: msvc.h:6
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
AUDIT_EVENT_TYPE
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185