3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/audit.c
6 * PURPOSE: Audit functions
7 * PROGRAMMER: Eric Kohl (ekohl@rz-online.de)
12 /* INCLUDES *****************************************************************/
14 #define NTOS_MODE_USER
19 /* FUNCTIONS ****************************************************************/
25 AccessCheckAndAuditAlarmA (LPCSTR SubsystemName,
29 PSECURITY_DESCRIPTOR SecurityDescriptor,
31 PGENERIC_MAPPING GenericMapping,
33 LPDWORD GrantedAccess,
35 LPBOOL pfGenerateOnClose)
37 UNICODE_STRING SubsystemNameU;
38 UNICODE_STRING ObjectTypeNameU;
39 UNICODE_STRING ObjectNameU;
40 NTSTATUS LocalAccessStatus;
41 BOOLEAN GenerateOnClose;
44 RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
45 (PCHAR)SubsystemName);
46 RtlCreateUnicodeStringFromAsciiz (&ObjectTypeNameU,
47 (PCHAR)ObjectTypeName);
48 RtlCreateUnicodeStringFromAsciiz (&ObjectNameU,
51 Status = NtAccessCheckAndAuditAlarm (&SubsystemNameU,
62 RtlFreeUnicodeString (&SubsystemNameU);
63 RtlFreeUnicodeString (&ObjectTypeNameU);
64 RtlFreeUnicodeString (&ObjectNameU);
66 *pfGenerateOnClose = (BOOL)GenerateOnClose;
68 if (!NT_SUCCESS (Status))
70 SetLastError (RtlNtStatusToDosError (Status));
74 if (!NT_SUCCESS (LocalAccessStatus))
76 *AccessStatus = FALSE;
77 SetLastError (RtlNtStatusToDosError (Status));
91 AccessCheckAndAuditAlarmW (LPCWSTR SubsystemName,
93 LPWSTR ObjectTypeName,
95 PSECURITY_DESCRIPTOR SecurityDescriptor,
97 PGENERIC_MAPPING GenericMapping,
99 LPDWORD GrantedAccess,
101 LPBOOL pfGenerateOnClose)
103 UNICODE_STRING SubsystemNameU;
104 UNICODE_STRING ObjectTypeNameU;
105 UNICODE_STRING ObjectNameU;
106 NTSTATUS LocalAccessStatus;
107 BOOLEAN GenerateOnClose;
110 RtlInitUnicodeString (&SubsystemNameU,
111 (PWSTR)SubsystemName);
112 RtlInitUnicodeString (&ObjectTypeNameU,
113 (PWSTR)ObjectTypeName);
114 RtlInitUnicodeString (&ObjectNameU,
117 Status = NtAccessCheckAndAuditAlarm (&SubsystemNameU,
129 *pfGenerateOnClose = (BOOL)GenerateOnClose;
131 if (!NT_SUCCESS (Status))
133 SetLastError (RtlNtStatusToDosError (Status));
137 if (!NT_SUCCESS (LocalAccessStatus))
139 *AccessStatus = FALSE;
140 SetLastError (RtlNtStatusToDosError (Status));
144 *AccessStatus = TRUE;
154 ObjectCloseAuditAlarmA (LPCSTR SubsystemName,
156 BOOL GenerateOnClose)
161 Status = RtlCreateUnicodeStringFromAsciiz (&Name,
162 (PCHAR)SubsystemName);
163 if (!NT_SUCCESS (Status))
165 SetLastError (RtlNtStatusToDosError (Status));
169 Status = NtCloseObjectAuditAlarm (&Name,
172 RtlFreeUnicodeString(&Name);
173 if (!NT_SUCCESS (Status))
175 SetLastError (RtlNtStatusToDosError (Status));
186 ObjectCloseAuditAlarmW (LPCWSTR SubsystemName,
188 BOOL GenerateOnClose)
193 RtlInitUnicodeString (&Name,
194 (PWSTR)SubsystemName);
196 Status = NtCloseObjectAuditAlarm (&Name,
199 if (!NT_SUCCESS (Status))
201 SetLastError (RtlNtStatusToDosError (Status));
213 ObjectDeleteAuditAlarmA (LPCSTR SubsystemName,
215 BOOL GenerateOnClose)
220 Status = RtlCreateUnicodeStringFromAsciiz (&Name,
221 (PCHAR)SubsystemName);
222 if (!NT_SUCCESS (Status))
224 SetLastError (RtlNtStatusToDosError (Status));
228 Status = NtDeleteObjectAuditAlarm (&Name,
231 RtlFreeUnicodeString(&Name);
232 if (!NT_SUCCESS (Status))
234 SetLastError (RtlNtStatusToDosError (Status));
246 ObjectDeleteAuditAlarmW (LPCWSTR SubsystemName,
248 BOOL GenerateOnClose)
253 RtlInitUnicodeString (&Name,
254 (PWSTR)SubsystemName);
256 Status = NtDeleteObjectAuditAlarm (&Name,
259 if (!NT_SUCCESS (Status))
261 SetLastError (RtlNtStatusToDosError (Status));
273 ObjectOpenAuditAlarmA (LPCSTR SubsystemName,
275 LPSTR ObjectTypeName,
277 PSECURITY_DESCRIPTOR pSecurityDescriptor,
281 PPRIVILEGE_SET Privileges,
284 LPBOOL GenerateOnClose)
286 UNICODE_STRING SubsystemNameU;
287 UNICODE_STRING ObjectTypeNameU;
288 UNICODE_STRING ObjectNameU;
291 RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
292 (PCHAR)SubsystemName);
293 RtlCreateUnicodeStringFromAsciiz (&ObjectTypeNameU,
294 (PCHAR)ObjectTypeName);
295 RtlCreateUnicodeStringFromAsciiz (&ObjectNameU,
298 Status = NtOpenObjectAuditAlarm (&SubsystemNameU,
309 (PBOOLEAN)GenerateOnClose);
310 RtlFreeUnicodeString (&SubsystemNameU);
311 RtlFreeUnicodeString (&ObjectTypeNameU);
312 RtlFreeUnicodeString (&ObjectNameU);
313 if (!NT_SUCCESS (Status))
315 SetLastError (RtlNtStatusToDosError (Status));
327 ObjectOpenAuditAlarmW (LPCWSTR SubsystemName,
329 LPWSTR ObjectTypeName,
331 PSECURITY_DESCRIPTOR pSecurityDescriptor,
335 PPRIVILEGE_SET Privileges,
338 LPBOOL GenerateOnClose)
340 UNICODE_STRING SubsystemNameU;
341 UNICODE_STRING ObjectTypeNameU;
342 UNICODE_STRING ObjectNameU;
345 RtlInitUnicodeString (&SubsystemNameU,
346 (PWSTR)SubsystemName);
347 RtlInitUnicodeString (&ObjectTypeNameU,
348 (PWSTR)ObjectTypeName);
349 RtlInitUnicodeString (&ObjectNameU,
352 Status = NtOpenObjectAuditAlarm (&SubsystemNameU,
363 (PBOOLEAN)GenerateOnClose);
364 if (!NT_SUCCESS (Status))
366 SetLastError (RtlNtStatusToDosError (Status));
378 ObjectPrivilegeAuditAlarmA (LPCSTR SubsystemName,
382 PPRIVILEGE_SET Privileges,
385 UNICODE_STRING SubsystemNameU;
388 RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
389 (PCHAR)SubsystemName);
391 Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
397 RtlFreeUnicodeString (&SubsystemNameU);
398 if (!NT_SUCCESS (Status))
400 SetLastError (RtlNtStatusToDosError (Status));
412 ObjectPrivilegeAuditAlarmW (LPCWSTR SubsystemName,
416 PPRIVILEGE_SET Privileges,
419 UNICODE_STRING SubsystemNameU;
422 RtlInitUnicodeString (&SubsystemNameU,
423 (PWSTR)SubsystemName);
425 Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
431 if (!NT_SUCCESS (Status))
433 SetLastError (RtlNtStatusToDosError (Status));
445 PrivilegedServiceAuditAlarmA (LPCSTR SubsystemName,
448 PPRIVILEGE_SET Privileges,
451 UNICODE_STRING SubsystemNameU;
452 UNICODE_STRING ServiceNameU;
455 RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
456 (PCHAR)SubsystemName);
457 RtlCreateUnicodeStringFromAsciiz (&ServiceNameU,
460 Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
465 RtlFreeUnicodeString (&SubsystemNameU);
466 RtlFreeUnicodeString (&ServiceNameU);
467 if (!NT_SUCCESS (Status))
469 SetLastError (RtlNtStatusToDosError (Status));
481 PrivilegedServiceAuditAlarmW (LPCWSTR SubsystemName,
484 PPRIVILEGE_SET Privileges,
487 UNICODE_STRING SubsystemNameU;
488 UNICODE_STRING ServiceNameU;
491 RtlInitUnicodeString (&SubsystemNameU,
492 (PWSTR)SubsystemName);
493 RtlInitUnicodeString (&ServiceNameU,
496 Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
501 if (!NT_SUCCESS (Status))
503 SetLastError (RtlNtStatusToDosError (Status));