projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Visual C++ backend for rbuild (for now just a hacked mingw backend) and related compi...
[reactos.git] / ntoskrnl / se / audit.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: ntoskrnl/se/audit.c
5 * PURPOSE: Audit functions
6 *
7 * PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
8 */
9
10 /* INCLUDES *******************************************************************/
11
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15
16 /* PRIVATE FUNCTIONS***********************************************************/
17
18 BOOLEAN
19 NTAPI
20 SeDetailedAuditingWithToken(IN PTOKEN Token)
21 {
22 /* FIXME */
23 return FALSE;
24 }
25
26 VOID
27 NTAPI
28 SeAuditProcessCreate(IN PEPROCESS Process)
29 {
30 /* FIXME */
31 }
32
33 VOID
34 NTAPI
35 SeAuditProcessExit(IN PEPROCESS Process)
36 {
37 /* FIXME */
38 }
39
40 NTSTATUS
41 NTAPI
42 SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
43 IN BOOLEAN DoAudit,
44 OUT POBJECT_NAME_INFORMATION *AuditInfo)
45 {
46 OBJECT_NAME_INFORMATION LocalNameInfo;
47 POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
48 ULONG ReturnLength = 8;
49 NTSTATUS Status;
50 PAGED_CODE();
51 ASSERT(AuditInfo);
52
53 /* Check if we should do auditing */
54 if (DoAudit)
55 {
56 /* FIXME: TODO */
57 }
58
59 /* Now query the name */
60 Status = ObQueryNameString(FileObject,
61 &LocalNameInfo,
62 sizeof(LocalNameInfo),
63 &ReturnLength);
64 if (((Status == STATUS_BUFFER_OVERFLOW) ||
65 (Status == STATUS_BUFFER_TOO_SMALL) ||
66 (Status == STATUS_INFO_LENGTH_MISMATCH)) &&
67 (ReturnLength != sizeof(LocalNameInfo)))
68 {
69 /* Allocate required size */
70 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
71 ReturnLength,
72 TAG_SEPA);
73 if (ObjectNameInfo)
74 {
75 /* Query the name again */
76 Status = ObQueryNameString(FileObject,
77 ObjectNameInfo,
78 ReturnLength,
79 &ReturnLength);
80 }
81 }
82
83 /* Check if we got here due to failure */
84 if ((ObjectNameInfo) &&
85 (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
86 {
87 /* First, free any buffer we might've allocated */
88 ASSERT(FALSE);
89 if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
90
91 /* Now allocate a temporary one */
92 ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
93 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
94 sizeof(OBJECT_NAME_INFORMATION),
95 TAG_SEPA);
96 if (ObjectNameInfo)
97 {
98 /* Clear it */
99 RtlZeroMemory(ObjectNameInfo, ReturnLength);
100 Status = STATUS_SUCCESS;
101 }
102 }
103
104 /* Check if memory allocation failed */
105 if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
106
107 /* Return the audit name */
108 *AuditInfo = ObjectNameInfo;
109
110 /* Return status */
111 return Status;
112 }
113
114 NTSTATUS
115 NTAPI
116 SeLocateProcessImageName(IN PEPROCESS Process,
117 OUT PUNICODE_STRING *ProcessImageName)
118 {
119 POBJECT_NAME_INFORMATION AuditName;
120 PUNICODE_STRING ImageName;
121 PFILE_OBJECT FileObject;
122 NTSTATUS Status = STATUS_SUCCESS;
123 PAGED_CODE();
124
125 /* Assume failure */
126 *ProcessImageName = NULL;
127
128 /* Check if we have audit info */
129 AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
130 if (!AuditName)
131 {
132 /* Get the file object */
133 Status = PsReferenceProcessFilePointer(Process, &FileObject);
134 if (!NT_SUCCESS(Status)) return Status;
135
136 /* Initialize the audit structure */
137 Status = SeInitializeProcessAuditName(FileObject, TRUE, &AuditName);
138 if (NT_SUCCESS(Status))
139 {
140 /* Set it */
141 if (InterlockedCompareExchangePointer(&Process->
142 SeAuditProcessCreationInfo,
143 AuditName,
144 NULL))
145 {
146 /* Someone beat us to it, deallocate our copy */
147 ExFreePool(AuditName);
148 }
149 }
150
151 /* Dereference the file object */
152 ObDereferenceObject(FileObject);
153 if (!NT_SUCCESS(Status)) return Status;
154 }
155
156 /* Allocate the output string */
157 ImageName = ExAllocatePoolWithTag(NonPagedPool,
158 AuditName->Name.MaximumLength +
159 sizeof(UNICODE_STRING),
160 TAG_SEPA);
161 if (ImageName)
162 {
163 /* Make a copy of it */
164 RtlCopyMemory(ImageName,
165 &AuditName->Name,
166 AuditName->Name.MaximumLength + sizeof(UNICODE_STRING));
167
168 /* Fix up the buffer */
169 ImageName->Buffer = (PWSTR)(ImageName + 1);
170
171 /* Return it */
172 *ProcessImageName = ImageName;
173 }
174 else
175 {
176 /* Otherwise, fail */
177 Status = STATUS_NO_MEMORY;
178 }
179
180 /* Return status */
181 return Status;
182 }
183
184 /* PUBLIC FUNCTIONS ***********************************************************/
185
186 /*
187 * @unimplemented
188 */
189 VOID
190 STDCALL
191 SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
192 IN PUNICODE_STRING LinkName,
193 IN BOOLEAN bSuccess)
194 {
195 UNIMPLEMENTED;
196 }
197
198 /*
199 * @unimplemented
200 */
201 BOOLEAN
202 STDCALL
203 SeAuditingFileEvents(IN BOOLEAN AccessGranted,
204 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
205 {
206 UNIMPLEMENTED;
207 return FALSE;
208 }
209
210 /*
211 * @unimplemented
212 */
213 BOOLEAN
214 STDCALL
215 SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
216 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
217 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
218 {
219 UNIMPLEMENTED;
220 return FALSE;
221 }
222
223 /*
224 * @unimplemented
225 */
226 BOOLEAN
227 STDCALL
228 SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
229 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
230 {
231 UNIMPLEMENTED;
232 return FALSE;
233 }
234
235 /*
236 * @unimplemented
237 */
238 BOOLEAN
239 STDCALL
240 SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
241 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
242 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
243 {
244 UNIMPLEMENTED;
245 return FALSE;
246 }
247
248 /*
249 * @unimplemented
250 */
251 BOOLEAN
252 STDCALL
253 SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
254 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
255 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
256 {
257 UNIMPLEMENTED;
258 return FALSE;
259 }
260
261 /*
262 * @unimplemented
263 */
264 VOID
265 STDCALL
266 SeCloseObjectAuditAlarm(
267 IN PVOID Object,
268 IN HANDLE Handle,
269 IN BOOLEAN PerformAction
270 )
271 {
272 UNIMPLEMENTED;
273 }
274
275 /*
276 * @unimplemented
277 */
278 VOID STDCALL
279 SeDeleteObjectAuditAlarm(IN PVOID Object,
280 IN HANDLE Handle)
281 {
282 UNIMPLEMENTED;
283 }
284
285 /*
286 * @unimplemented
287 */
288 VOID
289 NTAPI
290 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
291 IN PVOID Object OPTIONAL,
292 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
293 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
294 IN PACCESS_STATE AccessState,
295 IN BOOLEAN ObjectCreated,
296 IN BOOLEAN AccessGranted,
297 IN KPROCESSOR_MODE AccessMode,
298 OUT PBOOLEAN GenerateOnClose)
299 {
300 PAGED_CODE();
301
302 /* Audits aren't done on kernel-mode access */
303 if (AccessMode == KernelMode) return;
304
305 /* Otherwise, unimplemented! */
306 //UNIMPLEMENTED;
307 return;
308 }
309
310 /*
311 * @unimplemented
312 */
313 VOID STDCALL
314 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
315 IN PVOID Object OPTIONAL,
316 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
317 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
318 IN PACCESS_STATE AccessState,
319 IN BOOLEAN ObjectCreated,
320 IN BOOLEAN AccessGranted,
321 IN KPROCESSOR_MODE AccessMode,
322 OUT PBOOLEAN GenerateOnClose)
323 {
324 UNIMPLEMENTED;
325 }
326
327 /*
328 * @unimplemented
329 */
330 VOID
331 STDCALL
332 SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
333 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
334 IN ACCESS_MASK DesiredAccess,
335 IN PPRIVILEGE_SET Privileges,
336 IN BOOLEAN AccessGranted,
337 IN KPROCESSOR_MODE CurrentMode)
338 {
339 UNIMPLEMENTED;
340 }
341
342 /* SYSTEM CALLS ***************************************************************/
343
344 NTSTATUS
345 NTAPI
346 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
347 IN HANDLE HandleId,
348 IN PUNICODE_STRING ObjectTypeName,
349 IN PUNICODE_STRING ObjectName,
350 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
351 IN ACCESS_MASK DesiredAccess,
352 IN PGENERIC_MAPPING GenericMapping,
353 IN BOOLEAN ObjectCreation,
354 OUT PACCESS_MASK GrantedAccess,
355 OUT PNTSTATUS AccessStatus,
356 OUT PBOOLEAN GenerateOnClose)
357 {
358 UNIMPLEMENTED;
359 return STATUS_NOT_IMPLEMENTED;
360 }
361
362
363 NTSTATUS STDCALL
364 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
365 IN PVOID HandleId,
366 IN BOOLEAN GenerateOnClose)
367 {
368 UNIMPLEMENTED;
369 return(STATUS_NOT_IMPLEMENTED);
370 }
371
372
373 NTSTATUS STDCALL
374 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
375 IN PVOID HandleId,
376 IN BOOLEAN GenerateOnClose)
377 {
378 UNIMPLEMENTED;
379 return(STATUS_NOT_IMPLEMENTED);
380 }
381
382
383 NTSTATUS STDCALL
384 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
385 IN PVOID HandleId,
386 IN PUNICODE_STRING ObjectTypeName,
387 IN PUNICODE_STRING ObjectName,
388 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
389 IN HANDLE ClientToken,
390 IN ULONG DesiredAccess,
391 IN ULONG GrantedAccess,
392 IN PPRIVILEGE_SET Privileges,
393 IN BOOLEAN ObjectCreation,
394 IN BOOLEAN AccessGranted,
395 OUT PBOOLEAN GenerateOnClose)
396 {
397 UNIMPLEMENTED;
398 return(STATUS_NOT_IMPLEMENTED);
399 }
400
401
402 NTSTATUS STDCALL
403 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
404 IN PUNICODE_STRING ServiceName,
405 IN HANDLE ClientToken,
406 IN PPRIVILEGE_SET Privileges,
407 IN BOOLEAN AccessGranted)
408 {
409 UNIMPLEMENTED;
410 return(STATUS_NOT_IMPLEMENTED);
411 }
412
413
414 NTSTATUS STDCALL
415 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
416 IN PVOID HandleId,
417 IN HANDLE ClientToken,
418 IN ULONG DesiredAccess,
419 IN PPRIVILEGE_SET Privileges,
420 IN BOOLEAN AccessGranted)
421 {
422 UNIMPLEMENTED;
423 return(STATUS_NOT_IMPLEMENTED);
424 }
425
426 /* EOF */
A free Windows-compatible Operating System