361 lines
8.5 KiB
C
361 lines
8.5 KiB
C
|
|
||
|
|
||
|
#include "precomp.h"
|
||
|
|
||
|
|
||
|
#define MAX_AUDIT_BUFFER 4096
|
||
|
|
||
|
#define MAX_MSG_BUFFER 2048
|
||
|
|
||
|
WCHAR gszAuditBuffer[MAX_AUDIT_BUFFER];
|
||
|
|
||
|
WCHAR * gpszAuditBuffer = gszAuditBuffer;
|
||
|
|
||
|
WCHAR gszAuditMsgBuffer[MAX_MSG_BUFFER];
|
||
|
|
||
|
WCHAR * gpszAuditMsgBuffer = gszAuditMsgBuffer;
|
||
|
|
||
|
|
||
|
DWORD
|
||
|
PerformAudit(
|
||
|
DWORD dwCategoryId,
|
||
|
DWORD dwAuditId,
|
||
|
PSID pSid,
|
||
|
DWORD dwParamCnt,
|
||
|
LPWSTR * ppszArgArray,
|
||
|
BOOL bSuccess,
|
||
|
BOOL bDoAudit
|
||
|
)
|
||
|
{
|
||
|
SE_ADT_PARAMETER_ARRAY * pParArray = NULL;
|
||
|
NTSTATUS ntStatus = STATUS_SUCCESS;
|
||
|
DWORD dwStrSize = 0;
|
||
|
DWORD i = 0;
|
||
|
DWORD dwAllocSize = 0;
|
||
|
BYTE * pbyteCurAddr = NULL;
|
||
|
DWORD dwSidLength = RtlLengthSid(pSid);
|
||
|
UNICODE_STRING * pusStrArray = NULL;
|
||
|
WCHAR * pszModuleName = L"IPSec Server";
|
||
|
|
||
|
|
||
|
//
|
||
|
// dwCategoryId should be equal to SE_CATEGID_POLICY_CHANGE.
|
||
|
//
|
||
|
|
||
|
dwCategoryId = SE_CATEGID_POLICY_CHANGE;
|
||
|
|
||
|
for (i = 0; i < dwParamCnt; i++) {
|
||
|
dwStrSize += (wcslen(ppszArgArray[i]) + 1) * sizeof(WCHAR);
|
||
|
}
|
||
|
|
||
|
dwStrSize += (wcslen(pszModuleName) + 1) * sizeof(WCHAR);
|
||
|
|
||
|
dwAllocSize = sizeof(SE_ADT_PARAMETER_ARRAY) +
|
||
|
dwParamCnt * sizeof(UNICODE_STRING) + dwStrSize;
|
||
|
dwAllocSize += PtrAlignSize(dwSidLength);
|
||
|
|
||
|
if (dwAllocSize > MAX_AUDIT_BUFFER) {
|
||
|
return (ERROR_BUFFER_OVERFLOW);
|
||
|
}
|
||
|
|
||
|
pParArray = (SE_ADT_PARAMETER_ARRAY *) gpszAuditBuffer;
|
||
|
|
||
|
pParArray->CategoryId = dwCategoryId;
|
||
|
pParArray->AuditId = dwAuditId;
|
||
|
pParArray->ParameterCount = dwParamCnt + 2;
|
||
|
pParArray->Length = dwAllocSize;
|
||
|
pParArray->Flags = 0;
|
||
|
|
||
|
if (bSuccess) {
|
||
|
pParArray->Type = EVENTLOG_AUDIT_SUCCESS;
|
||
|
}
|
||
|
else {
|
||
|
pParArray->Type = EVENTLOG_AUDIT_FAILURE;
|
||
|
}
|
||
|
|
||
|
pbyteCurAddr = (BYTE *) (pParArray + 1);
|
||
|
|
||
|
pParArray->Parameters[0].Type = SeAdtParmTypeSid;
|
||
|
pParArray->Parameters[0].Length = dwSidLength;
|
||
|
pParArray->Parameters[0].Data[0] = 0;
|
||
|
pParArray->Parameters[0].Data[1] = 0;
|
||
|
pParArray->Parameters[0].Address = pSid;
|
||
|
|
||
|
memcpy((BYTE *) pbyteCurAddr, (BYTE *) pSid, dwSidLength);
|
||
|
|
||
|
pbyteCurAddr = (BYTE *) pbyteCurAddr + PtrAlignSize(dwSidLength);
|
||
|
|
||
|
pusStrArray = (UNICODE_STRING *) pbyteCurAddr;
|
||
|
|
||
|
pusStrArray[0].Length = wcslen(pszModuleName) * sizeof(WCHAR);
|
||
|
pusStrArray[0].MaximumLength = pusStrArray[0].Length + sizeof(WCHAR);
|
||
|
pusStrArray[0].Buffer = (LPWSTR) pszModuleName;
|
||
|
|
||
|
pParArray->Parameters[1].Type = SeAdtParmTypeString;
|
||
|
pParArray->Parameters[1].Length = sizeof(UNICODE_STRING) +
|
||
|
pusStrArray[0].MaximumLength;
|
||
|
pParArray->Parameters[1].Data[0] = 0;
|
||
|
pParArray->Parameters[1].Data[1] = 0;
|
||
|
pParArray->Parameters[1].Address = (PVOID) &pusStrArray[0];
|
||
|
|
||
|
for (i = 0; i < dwParamCnt; i++) {
|
||
|
|
||
|
pusStrArray[i+1].Length = wcslen(ppszArgArray[i]) * sizeof(WCHAR);
|
||
|
pusStrArray[i+1].MaximumLength = pusStrArray[i+1].Length + sizeof(WCHAR);
|
||
|
pusStrArray[i+1].Buffer = (LPWSTR) ppszArgArray[i];
|
||
|
|
||
|
pParArray->Parameters[i+2].Type = SeAdtParmTypeString;
|
||
|
pParArray->Parameters[i+2].Length = sizeof(UNICODE_STRING) +
|
||
|
pusStrArray[i+1].MaximumLength;
|
||
|
pParArray->Parameters[i+2].Data[0] = 0;
|
||
|
pParArray->Parameters[i+2].Data[1] = 0;
|
||
|
pParArray->Parameters[i+2].Address = (PVOID) &pusStrArray[i+1];
|
||
|
|
||
|
}
|
||
|
|
||
|
if (bDoAudit) {
|
||
|
ntStatus = LsaIWriteAuditEvent(pParArray, 0);
|
||
|
}
|
||
|
|
||
|
return (ERROR_SUCCESS);
|
||
|
}
|
||
|
|
||
|
|
||
|
VOID
|
||
|
AuditEvent(
|
||
|
DWORD dwCategoryId,
|
||
|
DWORD dwAuditId,
|
||
|
DWORD dwStrId,
|
||
|
LPWSTR * ppszArguments,
|
||
|
BOOL bSuccess,
|
||
|
BOOL bDoAudit
|
||
|
)
|
||
|
{
|
||
|
DWORD dwError = 0;
|
||
|
LPWSTR pszArgArray[3];
|
||
|
DWORD dwParamCnt = 0;
|
||
|
|
||
|
|
||
|
EnterCriticalSection(&gcSPDAuditSection);
|
||
|
|
||
|
dwError = FormatMessage(
|
||
|
FORMAT_MESSAGE_FROM_HMODULE |
|
||
|
FORMAT_MESSAGE_ARGUMENT_ARRAY,
|
||
|
ghIpsecServerModule,
|
||
|
dwStrId,
|
||
|
LANG_NEUTRAL,
|
||
|
gpszAuditMsgBuffer,
|
||
|
MAX_MSG_BUFFER,
|
||
|
(va_list *) ppszArguments
|
||
|
);
|
||
|
if (dwError == 0) {
|
||
|
wsprintf(
|
||
|
gpszAuditMsgBuffer,
|
||
|
L"IPSec Services encountered an error while auditing event ID 0x%x",
|
||
|
dwStrId
|
||
|
);
|
||
|
}
|
||
|
|
||
|
gpszAuditMsgBuffer[MAX_MSG_BUFFER - 1] = 0;
|
||
|
|
||
|
if (dwError != 0) {
|
||
|
|
||
|
switch (dwAuditId) {
|
||
|
|
||
|
case SE_AUDITID_IPSEC_POLICY_CHANGED:
|
||
|
dwParamCnt = 1;
|
||
|
pszArgArray[0] = (LPWSTR) gpszAuditMsgBuffer;
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
LeaveCriticalSection(&gcSPDAuditSection);
|
||
|
return;
|
||
|
|
||
|
}
|
||
|
|
||
|
(VOID) PerformAudit(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
gpIpsecServerSid,
|
||
|
dwParamCnt,
|
||
|
(LPWSTR *) pszArgArray,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
|
||
|
}
|
||
|
|
||
|
LeaveCriticalSection(&gcSPDAuditSection);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
VOID
|
||
|
AuditOneArgErrorEvent(
|
||
|
DWORD dwCategoryId,
|
||
|
DWORD dwAuditId,
|
||
|
DWORD dwStrId,
|
||
|
DWORD dwErrorCode,
|
||
|
BOOL bSuccess,
|
||
|
BOOL bDoAudit
|
||
|
)
|
||
|
{
|
||
|
DWORD dwError = 0;
|
||
|
LPVOID lpvMsgBuf = NULL;
|
||
|
WCHAR szAuditLocalMsgBuffer[MAX_PATH];
|
||
|
WCHAR * pszAuditLocalMsgBuffer = szAuditLocalMsgBuffer;
|
||
|
|
||
|
|
||
|
szAuditLocalMsgBuffer[0] = L'\0';
|
||
|
|
||
|
dwError = FormatMessage(
|
||
|
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
||
|
FORMAT_MESSAGE_FROM_SYSTEM |
|
||
|
FORMAT_MESSAGE_IGNORE_INSERTS,
|
||
|
NULL,
|
||
|
dwErrorCode,
|
||
|
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
||
|
(LPWSTR) &lpvMsgBuf,
|
||
|
0,
|
||
|
NULL
|
||
|
);
|
||
|
if (!dwError) {
|
||
|
wsprintf(
|
||
|
pszAuditLocalMsgBuffer,
|
||
|
L"0x%x",
|
||
|
dwErrorCode
|
||
|
);
|
||
|
AuditEvent(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
dwStrId,
|
||
|
(LPWSTR *) &pszAuditLocalMsgBuffer,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
AuditEvent(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
dwStrId,
|
||
|
(LPWSTR *) &lpvMsgBuf,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
|
||
|
if (lpvMsgBuf) {
|
||
|
LocalFree(lpvMsgBuf);
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
VOID
|
||
|
AuditIPSecPolicyEvent(
|
||
|
DWORD dwCategoryId,
|
||
|
DWORD dwAuditId,
|
||
|
DWORD dwStrId,
|
||
|
LPWSTR pszPolicyName,
|
||
|
BOOL bSuccess,
|
||
|
BOOL bDoAudit
|
||
|
)
|
||
|
{
|
||
|
WCHAR szAuditLocalMsgBuffer[MAX_PATH];
|
||
|
WCHAR * pszAuditLocalMsgBuffer = szAuditLocalMsgBuffer;
|
||
|
|
||
|
|
||
|
szAuditLocalMsgBuffer[0] = L'\0';
|
||
|
|
||
|
wsprintf(pszAuditLocalMsgBuffer, L"%s", pszPolicyName);
|
||
|
|
||
|
AuditEvent(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
dwStrId,
|
||
|
(LPWSTR *) &pszAuditLocalMsgBuffer,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
VOID
|
||
|
AuditIPSecPolicyErrorEvent(
|
||
|
DWORD dwCategoryId,
|
||
|
DWORD dwAuditId,
|
||
|
DWORD dwStrId,
|
||
|
LPWSTR pszPolicyName,
|
||
|
DWORD dwErrorCode,
|
||
|
BOOL bSuccess,
|
||
|
BOOL bDoAudit
|
||
|
)
|
||
|
{
|
||
|
DWORD dwError = 0;
|
||
|
WCHAR szAuditPolicyMsgBuffer[MAX_PATH];
|
||
|
WCHAR * pszAuditPolicyMsgBuffer = szAuditPolicyMsgBuffer;
|
||
|
WCHAR szAuditErrorMsgBuffer[MAX_PATH];
|
||
|
WCHAR * pszAuditErrorMsgBuffer = szAuditErrorMsgBuffer;
|
||
|
LPWSTR pszArgArray[2];
|
||
|
LPWSTR * ppszArgArray = pszArgArray;
|
||
|
LPVOID lpvMsgBuf = NULL;
|
||
|
|
||
|
|
||
|
szAuditPolicyMsgBuffer[0] = L'\0';
|
||
|
szAuditErrorMsgBuffer[0] = L'\0';
|
||
|
|
||
|
wsprintf(pszAuditPolicyMsgBuffer, L"%s", pszPolicyName);
|
||
|
|
||
|
dwError = FormatMessage(
|
||
|
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
||
|
FORMAT_MESSAGE_FROM_SYSTEM |
|
||
|
FORMAT_MESSAGE_IGNORE_INSERTS,
|
||
|
NULL,
|
||
|
dwErrorCode,
|
||
|
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
||
|
(LPWSTR) &lpvMsgBuf,
|
||
|
0,
|
||
|
NULL
|
||
|
);
|
||
|
if (!dwError) {
|
||
|
wsprintf(
|
||
|
pszAuditErrorMsgBuffer,
|
||
|
L"0x%x",
|
||
|
dwErrorCode
|
||
|
);
|
||
|
pszArgArray[0] = pszAuditPolicyMsgBuffer;
|
||
|
pszArgArray[1] = pszAuditErrorMsgBuffer;
|
||
|
AuditEvent(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
dwStrId,
|
||
|
(LPWSTR *) ppszArgArray,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
pszArgArray[0] = pszAuditPolicyMsgBuffer;
|
||
|
pszArgArray[1] = (LPWSTR) lpvMsgBuf;
|
||
|
AuditEvent(
|
||
|
dwCategoryId,
|
||
|
dwAuditId,
|
||
|
dwStrId,
|
||
|
(LPWSTR *) ppszArgArray,
|
||
|
bSuccess,
|
||
|
bDoAudit
|
||
|
);
|
||
|
|
||
|
if (lpvMsgBuf) {
|
||
|
LocalFree(lpvMsgBuf);
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|