lib/advapi32/sec/audit.c

   1 /* $Id$
   2  *
   3  * COPYRIGHT:       See COPYING in the top level directory
   4  * PROJECT:         ReactOS system libraries
   5  * FILE:            lib/advapi32/sec/audit.c
   6  * PURPOSE:         Audit functions
   7  * PROGRAMMER:      Eric Kohl (ekohl@rz-online.de)
   8  * UPDATE HISTORY:
   9  *                  Created 07/19/2003
  10  */
  11
  12 /* INCLUDES *****************************************************************/
  13
  14 #define NTOS_MODE_USER
  15 #include <ntos.h>
  16 #include <windows.h>
  17
  18
  19 /* FUNCTIONS ****************************************************************/
  20
  21 /*
  22  * @implemented
  23  */
  24 BOOL STDCALL
  25 AccessCheckAndAuditAlarmA (LPCSTR SubsystemName,
  26                            LPVOID HandleId,
  27                            LPSTR ObjectTypeName,
  28                            LPSTR ObjectName,
  29                            PSECURITY_DESCRIPTOR SecurityDescriptor,
  30                            DWORD DesiredAccess,
  31                            PGENERIC_MAPPING GenericMapping,
  32                            BOOL ObjectCreation,
  33                            LPDWORD GrantedAccess,
  34                            LPBOOL AccessStatus,
  35                            LPBOOL pfGenerateOnClose)
  36 {
  37   UNICODE_STRING SubsystemNameU;
  38   UNICODE_STRING ObjectTypeNameU;
  39   UNICODE_STRING ObjectNameU;
  40   NTSTATUS LocalAccessStatus;
  41   BOOLEAN GenerateOnClose;
  42   NTSTATUS Status;
  43
  44   RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
  45                                     (PCHAR)SubsystemName);
  46   RtlCreateUnicodeStringFromAsciiz (&ObjectTypeNameU,
  47                                     (PCHAR)ObjectTypeName);
  48   RtlCreateUnicodeStringFromAsciiz (&ObjectNameU,
  49                                     (PCHAR)ObjectName);
  50
  51   Status = NtAccessCheckAndAuditAlarm (&SubsystemNameU,
  52                                        HandleId,
  53                                        &ObjectTypeNameU,
  54                                        &ObjectNameU,
  55                                        SecurityDescriptor,
  56                                        DesiredAccess,
  57                                        GenericMapping,
  58                                        ObjectCreation,
  59                                        GrantedAccess,
  60                                        &LocalAccessStatus,
  61                                        &GenerateOnClose);
  62   RtlFreeUnicodeString (&SubsystemNameU);
  63   RtlFreeUnicodeString (&ObjectTypeNameU);
  64   RtlFreeUnicodeString (&ObjectNameU);
  65
  66   *pfGenerateOnClose = (BOOL)GenerateOnClose;
  67
  68   if (!NT_SUCCESS (Status))
  69     {
  70       SetLastError (RtlNtStatusToDosError (Status));
  71       return FALSE;
  72     }
  73
  74   if (!NT_SUCCESS (LocalAccessStatus))
  75     {
  76       *AccessStatus = FALSE;
  77       SetLastError (RtlNtStatusToDosError (Status));
  78       return FALSE;
  79     }
  80
  81   *AccessStatus = TRUE;
  82
  83   return TRUE;
  84 }
  85
  86
  87 /*
  88  * @implemented
  89  */
  90 BOOL STDCALL
  91 AccessCheckAndAuditAlarmW (LPCWSTR SubsystemName,
  92                            LPVOID HandleId,
  93                            LPWSTR ObjectTypeName,
  94                            LPWSTR ObjectName,
  95                            PSECURITY_DESCRIPTOR SecurityDescriptor,
  96                            DWORD DesiredAccess,
  97                            PGENERIC_MAPPING GenericMapping,
  98                            BOOL ObjectCreation,
  99                            LPDWORD GrantedAccess,
 100                            LPBOOL AccessStatus,
 101                            LPBOOL pfGenerateOnClose)
 102 {
 103   UNICODE_STRING SubsystemNameU;
 104   UNICODE_STRING ObjectTypeNameU;
 105   UNICODE_STRING ObjectNameU;
 106   NTSTATUS LocalAccessStatus;
 107   BOOLEAN GenerateOnClose;
 108   NTSTATUS Status;
 109
 110   RtlInitUnicodeString (&SubsystemNameU,
 111                         (PWSTR)SubsystemName);
 112   RtlInitUnicodeString (&ObjectTypeNameU,
 113                         (PWSTR)ObjectTypeName);
 114   RtlInitUnicodeString (&ObjectNameU,
 115                         (PWSTR)ObjectName);
 116
 117   Status = NtAccessCheckAndAuditAlarm (&SubsystemNameU,
 118                                        HandleId,
 119                                        &ObjectTypeNameU,
 120                                        &ObjectNameU,
 121                                        SecurityDescriptor,
 122                                        DesiredAccess,
 123                                        GenericMapping,
 124                                        ObjectCreation,
 125                                        GrantedAccess,
 126                                        &LocalAccessStatus,
 127                                        &GenerateOnClose);
 128
 129   *pfGenerateOnClose = (BOOL)GenerateOnClose;
 130
 131   if (!NT_SUCCESS (Status))
 132     {
 133       SetLastError (RtlNtStatusToDosError (Status));
 134       return FALSE;
 135     }
 136
 137   if (!NT_SUCCESS (LocalAccessStatus))
 138     {
 139       *AccessStatus = FALSE;
 140       SetLastError (RtlNtStatusToDosError (Status));
 141       return FALSE;
 142     }
 143
 144   *AccessStatus = TRUE;
 145
 146   return TRUE;
 147 }
 148
 149
 150 /*
 151  * @implemented
 152  */
 153 BOOL STDCALL
 154 ObjectCloseAuditAlarmA (LPCSTR SubsystemName,
 155                         LPVOID HandleId,
 156                         BOOL GenerateOnClose)
 157 {
 158   UNICODE_STRING Name;
 159   NTSTATUS Status;
 160
 161   Status = RtlCreateUnicodeStringFromAsciiz (&Name,
 162                                              (PCHAR)SubsystemName);
 163   if (!NT_SUCCESS (Status))
 164     {
 165       SetLastError (RtlNtStatusToDosError (Status));
 166       return FALSE;
 167     }
 168
 169   Status = NtCloseObjectAuditAlarm (&Name,
 170                                     HandleId,
 171                                     GenerateOnClose);
 172   RtlFreeUnicodeString(&Name);
 173   if (!NT_SUCCESS (Status))
 174     {
 175       SetLastError (RtlNtStatusToDosError (Status));
 176       return FALSE;
 177     }
 178
 179   return TRUE;
 180 }
 181
 182 /*
 183  * @implemented
 184  */
 185 BOOL STDCALL
 186 ObjectCloseAuditAlarmW (LPCWSTR SubsystemName,
 187                         LPVOID HandleId,
 188                         BOOL GenerateOnClose)
 189 {
 190   UNICODE_STRING Name;
 191   NTSTATUS Status;
 192
 193   RtlInitUnicodeString (&Name,
 194                         (PWSTR)SubsystemName);
 195
 196   Status = NtCloseObjectAuditAlarm (&Name,
 197                                     HandleId,
 198                                     GenerateOnClose);
 199   if (!NT_SUCCESS (Status))
 200     {
 201       SetLastError (RtlNtStatusToDosError (Status));
 202       return FALSE;
 203     }
 204
 205   return TRUE;
 206 }
 207
 208
 209 /*
 210  * @implemented
 211  */
 212 BOOL STDCALL
 213 ObjectDeleteAuditAlarmA (LPCSTR SubsystemName,
 214                          LPVOID HandleId,
 215                          BOOL GenerateOnClose)
 216 {
 217   UNICODE_STRING Name;
 218   NTSTATUS Status;
 219
 220   Status = RtlCreateUnicodeStringFromAsciiz (&Name,
 221                                              (PCHAR)SubsystemName);
 222   if (!NT_SUCCESS (Status))
 223     {
 224       SetLastError (RtlNtStatusToDosError (Status));
 225       return FALSE;
 226     }
 227
 228   Status = NtDeleteObjectAuditAlarm (&Name,
 229                                      HandleId,
 230                                      GenerateOnClose);
 231   RtlFreeUnicodeString(&Name);
 232   if (!NT_SUCCESS (Status))
 233     {
 234       SetLastError (RtlNtStatusToDosError (Status));
 235       return FALSE;
 236     }
 237
 238   return TRUE;
 239 }
 240
 241
 242 /*
 243  * @implemented
 244  */
 245 BOOL STDCALL
 246 ObjectDeleteAuditAlarmW (LPCWSTR SubsystemName,
 247                          LPVOID HandleId,
 248                          BOOL GenerateOnClose)
 249 {
 250   UNICODE_STRING Name;
 251   NTSTATUS Status;
 252
 253   RtlInitUnicodeString (&Name,
 254                         (PWSTR)SubsystemName);
 255
 256   Status = NtDeleteObjectAuditAlarm (&Name,
 257                                      HandleId,
 258                                      GenerateOnClose);
 259   if (!NT_SUCCESS (Status))
 260     {
 261       SetLastError (RtlNtStatusToDosError (Status));
 262       return FALSE;
 263     }
 264
 265   return TRUE;
 266 }
 267
 268
 269 /*
 270  * @implemented
 271  */
 272 BOOL STDCALL
 273 ObjectOpenAuditAlarmA (LPCSTR SubsystemName,
 274                        LPVOID HandleId,
 275                        LPSTR ObjectTypeName,
 276                        LPSTR ObjectName,
 277                        PSECURITY_DESCRIPTOR pSecurityDescriptor,
 278                        HANDLE ClientToken,
 279                        DWORD DesiredAccess,
 280                        DWORD GrantedAccess,
 281                        PPRIVILEGE_SET Privileges,
 282                        BOOL ObjectCreation,
 283                        BOOL AccessGranted,
 284                        LPBOOL GenerateOnClose)
 285 {
 286   UNICODE_STRING SubsystemNameU;
 287   UNICODE_STRING ObjectTypeNameU;
 288   UNICODE_STRING ObjectNameU;
 289   NTSTATUS Status;
 290
 291   RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
 292                                     (PCHAR)SubsystemName);
 293   RtlCreateUnicodeStringFromAsciiz (&ObjectTypeNameU,
 294                                     (PCHAR)ObjectTypeName);
 295   RtlCreateUnicodeStringFromAsciiz (&ObjectNameU,
 296                                     (PCHAR)ObjectName);
 297
 298   Status = NtOpenObjectAuditAlarm (&SubsystemNameU,
 299                                    HandleId,
 300                                    &ObjectTypeNameU,
 301                                    &ObjectNameU,
 302                                    pSecurityDescriptor,
 303                                    ClientToken,
 304                                    DesiredAccess,
 305                                    GrantedAccess,
 306                                    Privileges,
 307                                    ObjectCreation,
 308                                    AccessGranted,
 309                                    (PBOOLEAN)GenerateOnClose);
 310   RtlFreeUnicodeString (&SubsystemNameU);
 311   RtlFreeUnicodeString (&ObjectTypeNameU);
 312   RtlFreeUnicodeString (&ObjectNameU);
 313   if (!NT_SUCCESS (Status))
 314     {
 315       SetLastError (RtlNtStatusToDosError (Status));
 316       return FALSE;
 317     }
 318
 319   return TRUE;
 320 }
 321
 322
 323 /*
 324  * @implemented
 325  */
 326 BOOL STDCALL
 327 ObjectOpenAuditAlarmW (LPCWSTR SubsystemName,
 328                        LPVOID HandleId,
 329                        LPWSTR ObjectTypeName,
 330                        LPWSTR ObjectName,
 331                        PSECURITY_DESCRIPTOR pSecurityDescriptor,
 332                        HANDLE ClientToken,
 333                        DWORD DesiredAccess,
 334                        DWORD GrantedAccess,
 335                        PPRIVILEGE_SET Privileges,
 336                        BOOL ObjectCreation,
 337                        BOOL AccessGranted,
 338                        LPBOOL GenerateOnClose)
 339 {
 340   UNICODE_STRING SubsystemNameU;
 341   UNICODE_STRING ObjectTypeNameU;
 342   UNICODE_STRING ObjectNameU;
 343   NTSTATUS Status;
 344
 345   RtlInitUnicodeString (&SubsystemNameU,
 346                         (PWSTR)SubsystemName);
 347   RtlInitUnicodeString (&ObjectTypeNameU,
 348                         (PWSTR)ObjectTypeName);
 349   RtlInitUnicodeString (&ObjectNameU,
 350                         (PWSTR)ObjectName);
 351
 352   Status = NtOpenObjectAuditAlarm (&SubsystemNameU,
 353                                    HandleId,
 354                                    &ObjectTypeNameU,
 355                                    &ObjectNameU,
 356                                    pSecurityDescriptor,
 357                                    ClientToken,
 358                                    DesiredAccess,
 359                                    GrantedAccess,
 360                                    Privileges,
 361                                    ObjectCreation,
 362                                    AccessGranted,
 363                                    (PBOOLEAN)GenerateOnClose);
 364   if (!NT_SUCCESS (Status))
 365     {
 366       SetLastError (RtlNtStatusToDosError (Status));
 367       return FALSE;
 368     }
 369
 370   return TRUE;
 371 }
 372
 373
 374 /*
 375  * @implemented
 376  */
 377 BOOL STDCALL
 378 ObjectPrivilegeAuditAlarmA (LPCSTR SubsystemName,
 379                             LPVOID HandleId,
 380                             HANDLE ClientToken,
 381                             DWORD DesiredAccess,
 382                             PPRIVILEGE_SET Privileges,
 383                             BOOL AccessGranted)
 384 {
 385   UNICODE_STRING SubsystemNameU;
 386   NTSTATUS Status;
 387
 388   RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
 389                                     (PCHAR)SubsystemName);
 390
 391   Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
 392                                         HandleId,
 393                                         ClientToken,
 394                                         DesiredAccess,
 395                                         Privileges,
 396                                         AccessGranted);
 397   RtlFreeUnicodeString (&SubsystemNameU);
 398   if (!NT_SUCCESS (Status))
 399     {
 400       SetLastError (RtlNtStatusToDosError (Status));
 401       return FALSE;
 402     }
 403
 404   return TRUE;
 405 }
 406
 407
 408 /*
 409  * @implemented
 410  */
 411 BOOL STDCALL
 412 ObjectPrivilegeAuditAlarmW (LPCWSTR SubsystemName,
 413                             LPVOID HandleId,
 414                             HANDLE ClientToken,
 415                             DWORD DesiredAccess,
 416                             PPRIVILEGE_SET Privileges,
 417                             BOOL AccessGranted)
 418 {
 419   UNICODE_STRING SubsystemNameU;
 420   NTSTATUS Status;
 421
 422   RtlInitUnicodeString (&SubsystemNameU,
 423                         (PWSTR)SubsystemName);
 424
 425   Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
 426                                         HandleId,
 427                                         ClientToken,
 428                                         DesiredAccess,
 429                                         Privileges,
 430                                         AccessGranted);
 431   if (!NT_SUCCESS (Status))
 432     {
 433       SetLastError (RtlNtStatusToDosError (Status));
 434       return FALSE;
 435     }
 436
 437   return TRUE;
 438 }
 439
 440
 441 /*
 442  * @implemented
 443  */
 444 BOOL STDCALL
 445 PrivilegedServiceAuditAlarmA (LPCSTR SubsystemName,
 446                               LPCSTR ServiceName,
 447                               HANDLE ClientToken,
 448                               PPRIVILEGE_SET Privileges,
 449                               BOOL AccessGranted)
 450 {
 451   UNICODE_STRING SubsystemNameU;
 452   UNICODE_STRING ServiceNameU;
 453   NTSTATUS Status;
 454
 455   RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
 456                                     (PCHAR)SubsystemName);
 457   RtlCreateUnicodeStringFromAsciiz (&ServiceNameU,
 458                                     (PCHAR)ServiceName);
 459
 460   Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
 461                                           &ServiceNameU,
 462                                           ClientToken,
 463                                           Privileges,
 464                                           AccessGranted);
 465   RtlFreeUnicodeString (&SubsystemNameU);
 466   RtlFreeUnicodeString (&ServiceNameU);
 467   if (!NT_SUCCESS (Status))
 468     {
 469       SetLastError (RtlNtStatusToDosError (Status));
 470       return FALSE;
 471     }
 472
 473   return TRUE;
 474 }
 475
 476
 477 /*
 478  * @implemented
 479  */
 480 BOOL STDCALL
 481 PrivilegedServiceAuditAlarmW (LPCWSTR SubsystemName,
 482                               LPCWSTR ServiceName,
 483                               HANDLE ClientToken,
 484                               PPRIVILEGE_SET Privileges,
 485                               BOOL AccessGranted)
 486 {
 487   UNICODE_STRING SubsystemNameU;
 488   UNICODE_STRING ServiceNameU;
 489   NTSTATUS Status;
 490
 491   RtlInitUnicodeString (&SubsystemNameU,
 492                         (PWSTR)SubsystemName);
 493   RtlInitUnicodeString (&ServiceNameU,
 494                         (PWSTR)ServiceName);
 495
 496   Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
 497                                           &ServiceNameU,
 498                                           ClientToken,
 499                                           Privileges,
 500                                           AccessGranted);
 501   if (!NT_SUCCESS (Status))
 502     {
 503       SetLastError (RtlNtStatusToDosError (Status));
 504       return FALSE;
 505     }
 506
 507   return TRUE;
 508 }
 509
 510 /* EOF */