archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/screg/sc/server/scaudit.cxx

224 lines
4.9 KiB
Raw Permalink Blame History

/*++
Copyright (c) 2001 Microsoft Corporation
Module Name:
scaudit.cxx
Abstract:
Auditing related functions.
Author:
16-May-2001 kumarp
*/
#include "precomp.hxx"
#pragma hdrstop
#include "scaudit.h"
#include "authz.h"
#include "authzi.h"
#include "msaudite.h"
#include "account.h"
DWORD
ScGenerateServiceInstallAudit(
IN PCWSTR pszServiceName,
IN PCWSTR pszServiceImageName,
IN DWORD dwServiceType,
IN DWORD dwStartType,
IN PCWSTR pszServiceAccount
)
/*++
Routine Description:
Generate SE_AUDITID_SERVICE_INSTALL audit event.
Arguments:
pszServiceName - name of the service installed
pszServiceImageName - name of the service binary
dwServiceType - type of the service
dwStartType - start type of the service
pszServiceAccount - user account under which the service will run
Return Value:
Win32 error code
Notes:
--*/
{
NTSTATUS Status = STATUS_SUCCESS;
DWORD dwError = NO_ERROR;
BOOL fResult = FALSE;
BOOL fImpersonated = FALSE;
AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType = NULL;
AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent = NULL;
AUDIT_PARAMS AuditParams = {0};
#define NUM_AUDIT_PARAMS 8
AUDIT_PARAM ParamArray[NUM_AUDIT_PARAMS];
PSID pUserSid = NULL;
ASSERT( pszServiceName && *pszServiceName );
ASSERT( pszServiceImageName && *pszServiceImageName );
ASSERT( pszServiceAccount ? *pszServiceAccount : TRUE );
ASSERT( (dwStartType == SERVICE_BOOT_START) ||
(dwStartType <= SERVICE_DISABLED) );
ASSERT( !(dwServiceType & ~SERVICE_TYPE_ALL) );
RtlZeroMemory( ParamArray, sizeof(AUDIT_PARAM)*NUM_AUDIT_PARAMS );
if ( pszServiceAccount == NULL )
{
pszServiceAccount = SC_LOCAL_SYSTEM_USER_NAME;
}
//
// initialize the event of type SE_AUDITID_SERVICE_INSTALL
//
fResult = AuthziInitializeAuditEventType(
0,
SE_CATEGID_DETAILED_TRACKING,
SE_AUDITID_SERVICE_INSTALL,
6,
&hAuditEventType
);
if ( !fResult )
{
goto Error;
}
//
// impersonate the client so that AuthziInitializeAuditParams can
// get the client context from the thread token
//
Status = I_RpcMapWin32Status(RpcImpersonateClient( NULL ));
if ( !NT_SUCCESS( Status ))
{
dwError = RtlNtStatusToDosError( Status );
goto Cleanup;
}
fImpersonated = TRUE;
AuditParams.Parameters = ParamArray;
//
// add parameter values to the event
//
fResult = AuthziInitializeAuditParams(
APF_AuditSuccess,
&AuditParams,
&pUserSid,
L"Security",
6,
APT_String, pszServiceName,
APT_String, pszServiceImageName,
APT_Ulong, dwServiceType,
APT_Ulong, dwStartType,
APT_String, pszServiceAccount,
APT_LogonId | AP_ClientLogonId
);
if ( !fResult )
{
goto Error;
}
//
// some more initialization
//
fResult = AuthziInitializeAuditEvent(
0, // flags
NULL, // resource manager
hAuditEventType,
&AuditParams,
NULL, // hAuditQueue
INFINITE, // time out
L"", L"", L"", L"", // obj access strings
&hAuditEvent);
if ( !fResult )
{
goto Error;
}
if ( fImpersonated )
{
fImpersonated = FALSE;
(void) I_RpcMapWin32Status(RpcRevertToSelf());
}
//
// finally, send the event to auditing module
//
fResult = AuthziLogAuditEvent(
0, // flags
hAuditEvent,
NULL); // reserved
if ( !fResult )
{
goto Error;
}
Cleanup:
if ( fImpersonated )
{
Status = I_RpcMapWin32Status(RpcRevertToSelf());
if ( !NT_SUCCESS( Status ))
{
dwError = RtlNtStatusToDosError( Status );
}
}
if ( hAuditEvent )
{
AuthzFreeAuditEvent( hAuditEvent );
}
if ( hAuditEventType )
{
AuthziFreeAuditEventType( hAuditEventType );
}
if ( pUserSid )
{
LocalFree( pUserSid );
}
#if DBG
if ( dwError != NO_ERROR )
{
SC_LOG1(ERROR, "ScGenerateServiceInstallAudit failed: %lx\n", dwError);
}
#endif
return dwError;
Error:
dwError = GetLastError();
goto Cleanup;
}