mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
125 lines
3.6 KiB
125 lines
3.6 KiB
DWORD TestAzAudit(
|
|
)
|
|
|
|
{
|
|
DWORD dwError = NO_ERROR;
|
|
PCWSTR szMsg = L"<unknown>";
|
|
AUTHZ_RM_AUDIT_INFO RmAuditInfo;
|
|
AUTHZ_CLIENT_AUDIT_INFO ClAuditInfo;
|
|
AUTHZ_AUDIT_INFO AuditInfo;
|
|
AUTHZI_CLIENT_CONTEXT ClContext;
|
|
|
|
// -----------------------------------------------------------------
|
|
// test AzpInitRmAuditInfo
|
|
// -----------------------------------------------------------------
|
|
|
|
ZeroMemory((PVOID) &RmAuditInfo, sizeof(RmAuditInfo));
|
|
RmAuditInfo.szResourceManagerName = L"TestRm";
|
|
|
|
HANDLE hToken;
|
|
BYTE TokenUserInfoBuf[256];
|
|
TOKEN_USER* pTokenUserInfo = (TOKEN_USER*) TokenUserInfoBuf;
|
|
DWORD dwSize;
|
|
|
|
if ( OpenProcessToken( GetCurrentProcess(),
|
|
TOKEN_READ,
|
|
&hToken ))
|
|
{
|
|
if ( GetTokenInformation( hToken, TokenUser,
|
|
pTokenUserInfo, 250,
|
|
&dwSize ))
|
|
{
|
|
dwSize = RtlLengthSid( pTokenUserInfo->User.Sid );
|
|
RmAuditInfo.psidRmProcess = AuthzpAlloc( dwSize );
|
|
if ( RmAuditInfo.psidRmProcess )
|
|
{
|
|
CopyMemory( RmAuditInfo.psidRmProcess,
|
|
pTokenUserInfo->User.Sid,
|
|
dwSize );
|
|
RmAuditInfo.dwRmProcessSidSize = dwSize;
|
|
}
|
|
else
|
|
{
|
|
szMsg = L"AuthzpAlloc";
|
|
goto Error;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
szMsg = L"GetTokenInformation";
|
|
goto GetError;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
szMsg = L"OpenProcessToken";
|
|
goto GetError;
|
|
}
|
|
|
|
RmAuditInfo.hEventSource = INVALID_HANDLE_VALUE;
|
|
RmAuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
|
|
RmAuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
|
|
|
|
dwError = AzpInitRmAuditInfo( &RmAuditInfo );
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
szMsg = L"AzpInitRmAuditInfo";
|
|
goto Error;
|
|
}
|
|
|
|
// -----------------------------------------------------------------
|
|
// test AzpInitClientAuditInfo
|
|
// -----------------------------------------------------------------
|
|
|
|
ZeroMemory((PVOID) &ClAuditInfo, sizeof(ClAuditInfo));
|
|
|
|
ClAuditInfo.psidClient = RmAuditInfo.psidRmProcess;
|
|
ClAuditInfo.dwClientSidSize = RmAuditInfo.dwRmProcessSidSize;
|
|
|
|
ClAuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
|
|
ClAuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
|
|
|
|
|
|
dwError = AzpInitClientAuditInfo( &RmAuditInfo, &ClAuditInfo );
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
szMsg = L"AzpInitClientAuditInfo";
|
|
goto Error;
|
|
}
|
|
|
|
// -----------------------------------------------------------------
|
|
// test AzpGenerateAuditEvent
|
|
// -----------------------------------------------------------------
|
|
|
|
ZeroMemory((PVOID) &AuditInfo, sizeof(AuditInfo));
|
|
|
|
AuditInfo.hAuditEvent = INVALID_HANDLE_VALUE;
|
|
AuditInfo.hAuditEventPropSubset = INVALID_HANDLE_VALUE;
|
|
|
|
AuditInfo.szOperationType = L"kkOperation";
|
|
AuditInfo.szObjectType = L"kkObjectType";
|
|
AuditInfo.szObjectName = L"kkObjectName";
|
|
|
|
ZeroMemory((PVOID) &ClContext, sizeof(ClContext));
|
|
|
|
dwError = AzpGenerateAuditEvent( &RmAuditInfo, &ClAuditInfo, &ClContext,
|
|
&AuditInfo, 0x1122 );
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
szMsg = L"AzpGenerateAuditEvent";
|
|
goto Error;
|
|
}
|
|
|
|
Finish:
|
|
return dwError;
|
|
|
|
GetError:
|
|
dwError = GetLastError();
|
|
|
|
Error:
|
|
(void) wprintf( L"%s: 0x%x\n", szMsg, dwError );
|
|
goto Finish;
|
|
}
|