Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

125 lines
3.6 KiB

DWORD TestAzAudit(
)
{
DWORD dwError = NO_ERROR;
PCWSTR szMsg = L"<unknown>";
AUTHZ_RM_AUDIT_INFO RmAuditInfo;
AUTHZ_CLIENT_AUDIT_INFO ClAuditInfo;
AUTHZ_AUDIT_INFO AuditInfo;
AUTHZI_CLIENT_CONTEXT ClContext;
// -----------------------------------------------------------------
// test AzpInitRmAuditInfo
// -----------------------------------------------------------------
ZeroMemory((PVOID) &RmAuditInfo, sizeof(RmAuditInfo));
RmAuditInfo.szResourceManagerName = L"TestRm";
HANDLE hToken;
BYTE TokenUserInfoBuf[256];
TOKEN_USER* pTokenUserInfo = (TOKEN_USER*) TokenUserInfoBuf;
DWORD dwSize;
if ( OpenProcessToken( GetCurrentProcess(),
TOKEN_READ,
&hToken ))
{
if ( GetTokenInformation( hToken, TokenUser,
pTokenUserInfo, 250,
&dwSize ))
{
dwSize = RtlLengthSid( pTokenUserInfo->User.Sid );
RmAuditInfo.psidRmProcess = AuthzpAlloc( dwSize );
if ( RmAuditInfo.psidRmProcess )
{
CopyMemory( RmAuditInfo.psidRmProcess,
pTokenUserInfo->User.Sid,
dwSize );
RmAuditInfo.dwRmProcessSidSize = dwSize;
}
else
{
szMsg = L"AuthzpAlloc";
goto Error;
}
}
else
{
szMsg = L"GetTokenInformation";
goto GetError;
}
}
else
{
szMsg = L"OpenProcessToken";
goto GetError;
}
RmAuditInfo.hEventSource = INVALID_HANDLE_VALUE;
RmAuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
RmAuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
dwError = AzpInitRmAuditInfo( &RmAuditInfo );
if ( dwError != NO_ERROR )
{
szMsg = L"AzpInitRmAuditInfo";
goto Error;
}
// -----------------------------------------------------------------
// test AzpInitClientAuditInfo
// -----------------------------------------------------------------
ZeroMemory((PVOID) &ClAuditInfo, sizeof(ClAuditInfo));
ClAuditInfo.psidClient = RmAuditInfo.psidRmProcess;
ClAuditInfo.dwClientSidSize = RmAuditInfo.dwRmProcessSidSize;
ClAuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
ClAuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
dwError = AzpInitClientAuditInfo( &RmAuditInfo, &ClAuditInfo );
if ( dwError != NO_ERROR )
{
szMsg = L"AzpInitClientAuditInfo";
goto Error;
}
// -----------------------------------------------------------------
// test AzpGenerateAuditEvent
// -----------------------------------------------------------------
ZeroMemory((PVOID) &AuditInfo, sizeof(AuditInfo));
AuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
AuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
AuditInfo.szOperationType = L"kkOperation";
AuditInfo.szObjectType = L"kkObjectType";
AuditInfo.szObjectName = L"kkObjectName";
ZeroMemory((PVOID) &ClContext, sizeof(ClContext));
dwError = AzpGenerateAuditEvent( &RmAuditInfo, &ClAuditInfo, &ClContext,
&AuditInfo, 0x1122 );
if ( dwError != NO_ERROR )
{
szMsg = L"AzpGenerateAuditEvent";
goto Error;
}
Finish:
return dwError;
GetError:
dwError = GetLastError();
Error:
(void) wprintf( L"%s: 0x%x\n", szMsg, dwError );
goto Finish;
}