projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[CLT2012]
[reactos.git] / ntoskrnl / se / audit.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: ntoskrnl/se/audit.c
5 * PURPOSE: Audit functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10 /* INCLUDES *******************************************************************/
11
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15
16 /* PRIVATE FUNCTIONS***********************************************************/
17
18 BOOLEAN
19 NTAPI
20 SeDetailedAuditingWithToken(IN PTOKEN Token)
21 {
22 /* FIXME */
23 return FALSE;
24 }
25
26 VOID
27 NTAPI
28 SeAuditProcessCreate(IN PEPROCESS Process)
29 {
30 /* FIXME */
31 }
32
33 VOID
34 NTAPI
35 SeAuditProcessExit(IN PEPROCESS Process)
36 {
37 /* FIXME */
38 }
39
40 NTSTATUS
41 NTAPI
42 SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
43 IN BOOLEAN DoAudit,
44 OUT POBJECT_NAME_INFORMATION *AuditInfo)
45 {
46 OBJECT_NAME_INFORMATION LocalNameInfo;
47 POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
48 ULONG ReturnLength = 8;
49 NTSTATUS Status;
50
51 PAGED_CODE();
52 ASSERT(AuditInfo);
53
54 /* Check if we should do auditing */
55 if (DoAudit)
56 {
57 /* FIXME: TODO */
58 }
59
60 /* Now query the name */
61 Status = ObQueryNameString(FileObject,
62 &LocalNameInfo,
63 sizeof(LocalNameInfo),
64 &ReturnLength);
65 if (((Status == STATUS_BUFFER_OVERFLOW) ||
66 (Status == STATUS_BUFFER_TOO_SMALL) ||
67 (Status == STATUS_INFO_LENGTH_MISMATCH)) &&
68 (ReturnLength != sizeof(LocalNameInfo)))
69 {
70 /* Allocate required size */
71 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
72 ReturnLength,
73 TAG_SEPA);
74 if (ObjectNameInfo)
75 {
76 /* Query the name again */
77 Status = ObQueryNameString(FileObject,
78 ObjectNameInfo,
79 ReturnLength,
80 &ReturnLength);
81 }
82 }
83
84 /* Check if we got here due to failure */
85 if ((ObjectNameInfo) &&
86 (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
87 {
88 /* First, free any buffer we might've allocated */
89 ASSERT(FALSE);
90 if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
91
92 /* Now allocate a temporary one */
93 ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
94 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
95 sizeof(OBJECT_NAME_INFORMATION),
96 TAG_SEPA);
97 if (ObjectNameInfo)
98 {
99 /* Clear it */
100 RtlZeroMemory(ObjectNameInfo, ReturnLength);
101 Status = STATUS_SUCCESS;
102 }
103 }
104
105 /* Check if memory allocation failed */
106 if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
107
108 /* Return the audit name */
109 *AuditInfo = ObjectNameInfo;
110
111 /* Return status */
112 return Status;
113 }
114
115 NTSTATUS
116 NTAPI
117 SeLocateProcessImageName(IN PEPROCESS Process,
118 OUT PUNICODE_STRING *ProcessImageName)
119 {
120 POBJECT_NAME_INFORMATION AuditName;
121 PUNICODE_STRING ImageName;
122 PFILE_OBJECT FileObject;
123 NTSTATUS Status = STATUS_SUCCESS;
124
125 PAGED_CODE();
126
127 /* Assume failure */
128 *ProcessImageName = NULL;
129
130 /* Check if we have audit info */
131 AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
132 if (!AuditName)
133 {
134 /* Get the file object */
135 Status = PsReferenceProcessFilePointer(Process, &FileObject);
136 if (!NT_SUCCESS(Status)) return Status;
137
138 /* Initialize the audit structure */
139 Status = SeInitializeProcessAuditName(FileObject, TRUE, &AuditName);
140 if (NT_SUCCESS(Status))
141 {
142 /* Set it */
143 if (InterlockedCompareExchangePointer((PVOID*)&Process->
144 SeAuditProcessCreationInfo.ImageFileName,
145 AuditName,
146 NULL))
147 {
148 /* Someone beat us to it, deallocate our copy */
149 ExFreePool(AuditName);
150 }
151 }
152
153 /* Dereference the file object */
154 ObDereferenceObject(FileObject);
155 if (!NT_SUCCESS(Status)) return Status;
156 }
157
158 /* Get audit info again, now we have it for sure */
159 AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
160
161 /* Allocate the output string */
162 ImageName = ExAllocatePoolWithTag(NonPagedPool,
163 AuditName->Name.MaximumLength +
164 sizeof(UNICODE_STRING),
165 TAG_SEPA);
166 if (!ImageName) return STATUS_NO_MEMORY;
167
168 /* Make a copy of it */
169 RtlCopyMemory(ImageName,
170 &AuditName->Name,
171 AuditName->Name.MaximumLength + sizeof(UNICODE_STRING));
172
173 /* Fix up the buffer */
174 ImageName->Buffer = (PWSTR)(ImageName + 1);
175
176 /* Return it */
177 *ProcessImageName = ImageName;
178
179 /* Return status */
180 return Status;
181 }
182
183 /* PUBLIC FUNCTIONS ***********************************************************/
184
185 /*
186 * @unimplemented
187 */
188 VOID
189 NTAPI
190 SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
191 IN PUNICODE_STRING LinkName,
192 IN BOOLEAN bSuccess)
193 {
194 UNIMPLEMENTED;
195 }
196
197 /*
198 * @unimplemented
199 */
200 BOOLEAN
201 NTAPI
202 SeAuditingFileEvents(IN BOOLEAN AccessGranted,
203 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
204 {
205 UNIMPLEMENTED;
206 return FALSE;
207 }
208
209 /*
210 * @unimplemented
211 */
212 BOOLEAN
213 NTAPI
214 SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
215 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
216 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
217 {
218 UNIMPLEMENTED;
219 return FALSE;
220 }
221
222 /*
223 * @unimplemented
224 */
225 BOOLEAN
226 NTAPI
227 SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
228 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
229 {
230 UNIMPLEMENTED;
231 return FALSE;
232 }
233
234 /*
235 * @unimplemented
236 */
237 BOOLEAN
238 NTAPI
239 SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
240 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
241 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
242 {
243 UNIMPLEMENTED;
244 return FALSE;
245 }
246
247 /*
248 * @unimplemented
249 */
250 BOOLEAN
251 NTAPI
252 SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
253 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
254 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
255 {
256 UNIMPLEMENTED;
257 return FALSE;
258 }
259
260 /*
261 * @unimplemented
262 */
263 VOID
264 NTAPI
265 SeCloseObjectAuditAlarm(IN PVOID Object,
266 IN HANDLE Handle,
267 IN BOOLEAN PerformAction)
268 {
269 UNIMPLEMENTED;
270 }
271
272 /*
273 * @unimplemented
274 */
275 VOID NTAPI
276 SeDeleteObjectAuditAlarm(IN PVOID Object,
277 IN HANDLE Handle)
278 {
279 UNIMPLEMENTED;
280 }
281
282 /*
283 * @unimplemented
284 */
285 VOID
286 NTAPI
287 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
288 IN PVOID Object OPTIONAL,
289 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
290 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
291 IN PACCESS_STATE AccessState,
292 IN BOOLEAN ObjectCreated,
293 IN BOOLEAN AccessGranted,
294 IN KPROCESSOR_MODE AccessMode,
295 OUT PBOOLEAN GenerateOnClose)
296 {
297 PAGED_CODE();
298
299 /* Audits aren't done on kernel-mode access */
300 if (AccessMode == KernelMode) return;
301
302 /* Otherwise, unimplemented! */
303 //UNIMPLEMENTED;
304 return;
305 }
306
307 /*
308 * @unimplemented
309 */
310 VOID NTAPI
311 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
312 IN PVOID Object OPTIONAL,
313 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
314 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
315 IN PACCESS_STATE AccessState,
316 IN BOOLEAN ObjectCreated,
317 IN BOOLEAN AccessGranted,
318 IN KPROCESSOR_MODE AccessMode,
319 OUT PBOOLEAN GenerateOnClose)
320 {
321 UNIMPLEMENTED;
322 }
323
324 /*
325 * @unimplemented
326 */
327 VOID
328 NTAPI
329 SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
330 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
331 IN ACCESS_MASK DesiredAccess,
332 IN PPRIVILEGE_SET Privileges,
333 IN BOOLEAN AccessGranted,
334 IN KPROCESSOR_MODE CurrentMode)
335 {
336 UNIMPLEMENTED;
337 }
338
339 /* SYSTEM CALLS ***************************************************************/
340
341 NTSTATUS
342 NTAPI
343 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
344 IN HANDLE HandleId,
345 IN PUNICODE_STRING ObjectTypeName,
346 IN PUNICODE_STRING ObjectName,
347 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
348 IN ACCESS_MASK DesiredAccess,
349 IN PGENERIC_MAPPING GenericMapping,
350 IN BOOLEAN ObjectCreation,
351 OUT PACCESS_MASK GrantedAccess,
352 OUT PNTSTATUS AccessStatus,
353 OUT PBOOLEAN GenerateOnClose)
354 {
355 UNIMPLEMENTED;
356 return STATUS_NOT_IMPLEMENTED;
357 }
358
359
360 NTSTATUS NTAPI
361 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
362 IN PVOID HandleId,
363 IN BOOLEAN GenerateOnClose)
364 {
365 UNIMPLEMENTED;
366 return STATUS_NOT_IMPLEMENTED;
367 }
368
369
370 NTSTATUS NTAPI
371 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
372 IN PVOID HandleId,
373 IN BOOLEAN GenerateOnClose)
374 {
375 UNIMPLEMENTED;
376 return STATUS_NOT_IMPLEMENTED;
377 }
378
379
380 NTSTATUS NTAPI
381 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
382 IN PVOID HandleId,
383 IN PUNICODE_STRING ObjectTypeName,
384 IN PUNICODE_STRING ObjectName,
385 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
386 IN HANDLE ClientToken,
387 IN ULONG DesiredAccess,
388 IN ULONG GrantedAccess,
389 IN PPRIVILEGE_SET Privileges,
390 IN BOOLEAN ObjectCreation,
391 IN BOOLEAN AccessGranted,
392 OUT PBOOLEAN GenerateOnClose)
393 {
394 UNIMPLEMENTED;
395 return STATUS_NOT_IMPLEMENTED;
396 }
397
398
399 NTSTATUS NTAPI
400 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
401 IN PUNICODE_STRING ServiceName,
402 IN HANDLE ClientToken,
403 IN PPRIVILEGE_SET Privileges,
404 IN BOOLEAN AccessGranted)
405 {
406 UNIMPLEMENTED;
407 return STATUS_NOT_IMPLEMENTED;
408 }
409
410
411 NTSTATUS NTAPI
412 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
413 IN PVOID HandleId,
414 IN HANDLE ClientToken,
415 IN ULONG DesiredAccess,
416 IN PPRIVILEGE_SET Privileges,
417 IN BOOLEAN AccessGranted)
418 {
419 UNIMPLEMENTED;
420 return STATUS_NOT_IMPLEMENTED;
421 }
422
423 /* EOF */
A free Windows-compatible Operating System