archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/authz/adtgen.c

225 lines
4.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 2000
  6. //
  7. // File: A D T G E N . C
  8. //
  9. // Contents: definitions of types/functions required for
  10. // generating generic audits.
  11. //
  12. //
  13. // History:
  14. // 07-January-2000 kumarp created
  15. //
  16. //------------------------------------------------------------------------
  19. #include "pch.h"
  20. #pragma hdrstop
  22. #include "authz.h"
  24. //------------------------------------------------------------------------
  25. //
  26. // internal routines
  27. //
  28. NTSTATUS
  29. LsapApiReturnResult(
  30. ULONG ExceptionCode
  31. );
  34. //------------------------------------------------------------------------
  37. BOOL
  38. AuthzpRegisterAuditEvent(
  39. IN PAUTHZ_AUDIT_EVENT_TYPE_OLD pAuditEventType,
  40. OUT AUDIT_HANDLE* phAuditContext
  41. )
  42. /*++
  44. Routine Description:
  45. Register the specified event with LSA. This causes LSA to
  46. generate and return an audit context. This context handle
  47. is required to publish event of the specified type.
  49. Arguments:
  50. pAuditEventType - pointer to audit event info structure
  51. that defines which event to register.
  53. phAuditContext - pointer to audit context handle returned
  55. Return Value:
  57. NTSTATUS - Standard Nt Result Code
  59. Notes:
  60. Note that this function does NOT register the schema of an event. It is
  61. assumed that the schema has been registered *before* calling
  62. this function.
  64. The schema of legacy audit events is stored in a .mc file.
  66. --*/
  67. {
  68. DWORD dwStatus;
  70. //
  71. // since we use the same var to store NTSTATUS and win32 error
  72. // make sure that this is not a problem
  73. //
  74. ASSERT( sizeof(NTSTATUS) == sizeof(DWORD) );
  76. //
  77. // we generate a unique ID and store it in the audit handle
  78. // the server will copy this into the corresponding structure
  79. // on the server side. This ID allows us to track which server side
  80. // audit-context corresponds to which client side event handle.
  81. // This is very useful in debugging.
  82. //
  83. NtAllocateLocallyUniqueId( &pAuditEventType->LinkId );
  85. RpcTryExcept
  86. {
  87. dwStatus = LsarRegisterAuditEvent( pAuditEventType, phAuditContext );
  88. }
  89. RpcExcept( EXCEPTION_EXECUTE_HANDLER )
  90. {
  91. dwStatus = LsapApiReturnResult(I_RpcMapWin32Status(RpcExceptionCode()));
  93. } RpcEndExcept;
  96. if (!NT_SUCCESS(dwStatus))
  97. {
  98. dwStatus = RtlNtStatusToDosError( dwStatus );
  99. SetLastError( dwStatus );
  101. return FALSE;
  102. }
  104. return TRUE;
  105. }
  108. BOOL
  109. AuthzpSendAuditToLsa(
  110. IN AUDIT_HANDLE hAuditContext,
  111. IN DWORD dwFlags,
  112. IN AUDIT_PARAMS* pAuditParams,
  113. IN PVOID pReserved
  114. )
  115. /*++
  117. Routine Description:
  118. Send an event to LSA for publishing.
  121. Arguments:
  123. hAuditContext - handle of audit-context previously obtained
  124. by calling LsaRegisterAuditEvent
  126. dwFlags - TBD
  128. pAuditParams - pointer to audit event parameters
  130. pReserved - reserved for future enhancements
  132. Return Value:
  134. STATUS_SUCCESS -- if all is well
  135. NTSTATUS error code otherwise.
  137. Notes:
  139. --*/
  140. {
  141. DWORD dwStatus;
  143. UNREFERENCED_PARAMETER(pReserved);
  145. //
  146. // since we use the same var to store NTSTATUS and win32 error
  147. // make sure that this is not a problem
  148. //
  149. ASSERT( sizeof(NTSTATUS) == sizeof(DWORD) );
  151. RpcTryExcept
  152. {
  153. dwStatus = LsarGenAuditEvent( hAuditContext, dwFlags, pAuditParams );
  154. }
  155. RpcExcept( EXCEPTION_EXECUTE_HANDLER )
  156. {
  157. dwStatus = LsapApiReturnResult(I_RpcMapWin32Status(RpcExceptionCode()));
  159. } RpcEndExcept;
  161. if (!NT_SUCCESS(dwStatus))
  162. {
  163. dwStatus = RtlNtStatusToDosError( dwStatus );
  164. SetLastError( dwStatus );
  166. return FALSE;
  167. }
  169. return TRUE;
  170. }
  173. BOOL
  174. AuthzpUnregisterAuditEvent(
  175. IN OUT AUDIT_HANDLE* phAuditContext
  176. )
  177. /*++
  179. Routine Description:
  180. Unregister the specified event. This causes LSA to
  181. free resources associated with the context.
  184. Arguments:
  186. hAuditContext - handle to the audit context to unregister
  188. Return Value:
  190. NTSTATUS - Standard Nt Result Code
  192. Notes:
  195. --*/
  196. {
  197. DWORD dwStatus;
  199. //
  200. // since we use the same var to store NTSTATUS and win32 error
  201. // make sure that this is not a problem
  202. //
  203. ASSERT( sizeof(NTSTATUS) == sizeof(DWORD) );
  205. RpcTryExcept
  206. {
  207. dwStatus = LsarUnregisterAuditEvent( phAuditContext );
  208. }
  209. RpcExcept( EXCEPTION_EXECUTE_HANDLER )
  210. {
  211. dwStatus = LsapApiReturnResult(I_RpcMapWin32Status(RpcExceptionCode()));
  213. } RpcEndExcept;
  215. if (!NT_SUCCESS(dwStatus))
  216. {
  217. dwStatus = RtlNtStatusToDosError( dwStatus );
  218. SetLastError( dwStatus );
  220. return FALSE;
  221. }
  223. return TRUE;
  224. }