[PATCH v3 1/3] ntdll: Add NtAccessCheckByTypeAndAuditAlarm stub.
Mohamad Al-Jaf
mohamadaljaf at gmail.com
Tue Mar 8 02:22:45 CST 2022
Signed-off-by: Mohamad Al-Jaf <mohamadaljaf at gmail.com>
---
v2: - Add entries to ntdll/unix/loader and ntdll/ntdll.spec.
- Add entry to ntoskrnl.exe/ntoskrnl.exe.spec.
- Add function to wow64/security.
v3: - Add missing parameter.
- Fix formatting.
- Fix access_status type.
---
dlls/ntdll/ntdll.spec | 4 ++--
dlls/ntdll/unix/loader.c | 1 +
dlls/ntdll/unix/security.c | 18 +++++++++++++++
dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 1 +
dlls/wow64/security.c | 34 +++++++++++++++++++++++++++++
dlls/wow64/syscall.h | 1 +
include/winnt.h | 7 ++++++
include/winternl.h | 1 +
8 files changed, 65 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
index d514bca5e11..90c0f3fb649 100644
--- a/dlls/ntdll/ntdll.spec
+++ b/dlls/ntdll/ntdll.spec
@@ -131,7 +131,7 @@
@ stdcall -syscall NtAccessCheck(ptr long long ptr ptr ptr ptr ptr)
@ stdcall -syscall NtAccessCheckAndAuditAlarm(ptr long ptr ptr ptr long ptr long ptr ptr ptr)
# @ stub NtAccessCheckByType
-# @ stub NtAccessCheckByTypeAndAuditAlarm
+@ stdcall -syscall NtAccessCheckByTypeAndAuditAlarm(ptr long ptr ptr ptr ptr long long long ptr long ptr long ptr ptr ptr)
# @ stub NtAccessCheckByTypeResultList
# @ stub NtAccessCheckByTypeResultListAndAuditAlarm
# @ stub NtAccessCheckByTypeResultListAndAuditAlarmByHandle
@@ -1155,7 +1155,7 @@
@ stdcall -private -syscall ZwAccessCheck(ptr long long ptr ptr ptr ptr ptr) NtAccessCheck
@ stdcall -private -syscall ZwAccessCheckAndAuditAlarm(ptr long ptr ptr ptr long ptr long ptr ptr ptr) NtAccessCheckAndAuditAlarm
# @ stub ZwAccessCheckByType
-# @ stub ZwAccessCheckByTypeAndAuditAlarm
+@ stdcall -private -syscall ZwAccessCheckByTypeAndAuditAlarm(ptr long ptr ptr ptr ptr long long long ptr long ptr long ptr ptr ptr) NtAccessCheckByTypeAndAuditAlarm
# @ stub ZwAccessCheckByTypeResultList
# @ stub ZwAccessCheckByTypeResultListAndAuditAlarm
# @ stub ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
diff --git a/dlls/ntdll/unix/loader.c b/dlls/ntdll/unix/loader.c
index 5eb201bd90b..4a0c70d5a2c 100644
--- a/dlls/ntdll/unix/loader.c
+++ b/dlls/ntdll/unix/loader.c
@@ -124,6 +124,7 @@ static void * const syscalls[] =
NtAcceptConnectPort,
NtAccessCheck,
NtAccessCheckAndAuditAlarm,
+ NtAccessCheckByTypeAndAuditAlarm,
NtAddAtom,
NtAdjustGroupsToken,
NtAdjustPrivilegesToken,
diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
index 2955355353e..728ee961aa2 100644
--- a/dlls/ntdll/unix/security.c
+++ b/dlls/ntdll/unix/security.c
@@ -796,6 +796,24 @@ NTSTATUS WINAPI NtAccessCheckAndAuditAlarm( UNICODE_STRING *subsystem, HANDLE ha
}
+/***********************************************************************
+ * NtAccessCheckByTypeAndAuditAlarm (NTDLL.@)
+ */
+NTSTATUS WINAPI NtAccessCheckByTypeAndAuditAlarm( UNICODE_STRING *subsystem, HANDLE handle,
+ UNICODE_STRING *type_name, UNICODE_STRING *name,
+ PSECURITY_DESCRIPTOR descr, PSID sid, ACCESS_MASK access,
+ AUDIT_EVENT_TYPE type, ULONG flags, POBJECT_TYPE_LIST list,
+ ULONG length, GENERIC_MAPPING *mapping, BOOLEAN creation,
+ ACCESS_MASK *access_granted, NTSTATUS *access_status,
+ BOOLEAN *on_close )
+{
+ FIXME( "(%s, %p, %s, %s, %p, %p, 0x%08x, %u, 0x%08x, %p, %u, %p, %d, %p, %p, %p), stub\n",
+ debugstr_us(subsystem), handle, debugstr_us(type_name), debugstr_us(name), descr, sid,
+ access, type, flags, list, length, mapping, creation, access_granted, access_status, on_close );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+
/***********************************************************************
* NtQuerySecurityObject (NTDLL.@)
*/
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
index d445c5a5557..19b27adc891 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
+++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
@@ -1383,6 +1383,7 @@
@ stub WmiUpdateTrace
@ stub XIPDispatch
@ stdcall -private ZwAccessCheckAndAuditAlarm(ptr long ptr ptr ptr long ptr long ptr ptr ptr) NtAccessCheckAndAuditAlarm
+@ stdcall -private ZwAccessCheckByTypeAndAuditAlarm(ptr long ptr ptr ptr ptr long long long ptr long ptr long ptr ptr ptr) NtAccessCheckByTypeAndAuditAlarm
@ stub ZwAddBootEntry
@ stdcall -private ZwAdjustPrivilegesToken(long long ptr long ptr ptr) NtAdjustPrivilegesToken
@ stdcall -private ZwAlertThread(long) NtAlertThread
diff --git a/dlls/wow64/security.c b/dlls/wow64/security.c
index 680f5a6ec56..2d0ef1cd008 100644
--- a/dlls/wow64/security.c
+++ b/dlls/wow64/security.c
@@ -98,6 +98,40 @@ NTSTATUS WINAPI wow64_NtAccessCheckAndAuditAlarm( UINT *args )
}
+/**********************************************************************
+ * wow64_NtAccessCheckByTypeAndAuditAlarm
+ */
+NTSTATUS WINAPI wow64_NtAccessCheckByTypeAndAuditAlarm( UINT *args )
+{
+ UNICODE_STRING32 *subsystem32 = get_ptr( &args );
+ HANDLE handle = get_handle( &args );
+ UNICODE_STRING32 *typename32 = get_ptr( &args );
+ UNICODE_STRING32 *objname32 = get_ptr( &args );
+ SECURITY_DESCRIPTOR *sd32 = get_ptr( &args );
+ SID *sid = get_ptr( &args );
+ ACCESS_MASK access = get_ulong( &args );
+ AUDIT_EVENT_TYPE type = get_ulong( &args );
+ ULONG flags = get_ulong( &args );
+ OBJECT_TYPE_LIST *list = get_ptr( &args );
+ ULONG length = get_ulong( &args );
+ GENERIC_MAPPING *mapping = get_ptr( &args );
+ BOOLEAN creation = get_ulong( &args );
+ ACCESS_MASK *access_granted = get_ptr( &args );
+ NTSTATUS *access_status = get_ptr( &args );
+ BOOLEAN *onclose = get_ptr( &args );
+
+ UNICODE_STRING subsystem, typename, objname;
+ SECURITY_DESCRIPTOR sd;
+
+ return NtAccessCheckByTypeAndAuditAlarm( unicode_str_32to64( &subsystem, subsystem32 ), handle,
+ unicode_str_32to64( &typename, typename32 ),
+ unicode_str_32to64( &objname, objname32 ),
+ secdesc_32to64( &sd, sd32 ), sid, access, type, flags,
+ list, length, mapping, creation, access_granted,
+ access_status, onclose );
+}
+
+
/**********************************************************************
* wow64_NtAdjustGroupsToken
*/
diff --git a/dlls/wow64/syscall.h b/dlls/wow64/syscall.h
index 0c2ba574031..17ebde65826 100644
--- a/dlls/wow64/syscall.h
+++ b/dlls/wow64/syscall.h
@@ -25,6 +25,7 @@
SYSCALL_ENTRY( NtAcceptConnectPort ) \
SYSCALL_ENTRY( NtAccessCheck ) \
SYSCALL_ENTRY( NtAccessCheckAndAuditAlarm ) \
+ SYSCALL_ENTRY( NtAccessCheckByTypeAndAuditAlarm ) \
SYSCALL_ENTRY( NtAddAtom ) \
SYSCALL_ENTRY( NtAdjustGroupsToken ) \
SYSCALL_ENTRY( NtAdjustPrivilegesToken ) \
diff --git a/include/winnt.h b/include/winnt.h
index 079858d2f7d..939c2f8d7dd 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -3633,6 +3633,13 @@ typedef PVOID PACCESS_TOKEN;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef PVOID PSID;
+typedef enum _AUDIT_EVENT_TYPE {
+ AuditEventObjectAccess,
+ AuditEventDirectoryServiceAccess
+} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
+
+#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
+
typedef enum _TOKEN_ELEVATION_TYPE {
TokenElevationTypeDefault = 1,
TokenElevationTypeFull,
diff --git a/include/winternl.h b/include/winternl.h
index 6a95c4e0fdc..8e236f9d97d 100644
--- a/include/winternl.h
+++ b/include/winternl.h
@@ -3912,6 +3912,7 @@ NTSYSAPI NTSTATUS WINAPI LdrUnregisterDllNotification(void*);
NTSYSAPI NTSTATUS WINAPI NtAcceptConnectPort(PHANDLE,ULONG,PLPC_MESSAGE,BOOLEAN,PLPC_SECTION_WRITE,PLPC_SECTION_READ);
NTSYSAPI NTSTATUS WINAPI NtAccessCheck(PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,PGENERIC_MAPPING,PPRIVILEGE_SET,PULONG,PULONG,NTSTATUS*);
NTSYSAPI NTSTATUS WINAPI NtAccessCheckAndAuditAlarm(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,ACCESS_MASK,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,PBOOLEAN,PBOOLEAN);
+NTSYSAPI NTSTATUS WINAPI NtAccessCheckByTypeAndAuditAlarm(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,PSID,ACCESS_MASK,AUDIT_EVENT_TYPE,ULONG,POBJECT_TYPE_LIST,ULONG,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,NTSTATUS*,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtAddAtom(const WCHAR*,ULONG,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI NtAdjustGroupsToken(HANDLE,BOOLEAN,PTOKEN_GROUPS,ULONG,PTOKEN_GROUPS,PULONG);
NTSYSAPI NTSTATUS WINAPI NtAdjustPrivilegesToken(HANDLE,BOOLEAN,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD);
--
2.35.1
More information about the wine-devel
mailing list