3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Audit functions
6 * FILE: kernel/se/audit.c
7 * PROGRAMER: Eric Kohl (ekohl@rz-online.de)
12 /* INCLUDES *****************************************************************/
15 #include <internal/debug.h>
18 /* FUNCTIONS ****************************************************************/
21 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
22 IN PHANDLE ObjectHandle
,
23 IN PUNICODE_STRING ObjectTypeName
,
24 IN PUNICODE_STRING ObjectName
,
25 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
26 IN ACCESS_MASK DesiredAccess
,
27 IN PGENERIC_MAPPING GenericMapping
,
28 IN BOOLEAN ObjectCreation
,
29 OUT PACCESS_MASK GrantedAccess
,
30 OUT PNTSTATUS AccessStatus
,
31 OUT PBOOLEAN GenerateOnClose
35 return(STATUS_NOT_IMPLEMENTED
);
40 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
42 IN BOOLEAN GenerateOnClose
)
45 return(STATUS_NOT_IMPLEMENTED
);
50 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
52 IN BOOLEAN GenerateOnClose
)
55 return(STATUS_NOT_IMPLEMENTED
);
60 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
62 IN PUNICODE_STRING ObjectTypeName
,
63 IN PUNICODE_STRING ObjectName
,
64 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
65 IN HANDLE ClientToken
,
66 IN ULONG DesiredAccess
,
67 IN ULONG GrantedAccess
,
68 IN PPRIVILEGE_SET Privileges
,
69 IN BOOLEAN ObjectCreation
,
70 IN BOOLEAN AccessGranted
,
71 OUT PBOOLEAN GenerateOnClose
)
74 return(STATUS_NOT_IMPLEMENTED
);
79 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName
,
80 IN PUNICODE_STRING ServiceName
,
81 IN HANDLE ClientToken
,
82 IN PPRIVILEGE_SET Privileges
,
83 IN BOOLEAN AccessGranted
)
86 return(STATUS_NOT_IMPLEMENTED
);
91 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
93 IN HANDLE ClientToken
,
94 IN ULONG DesiredAccess
,
95 IN PPRIVILEGE_SET Privileges
,
96 IN BOOLEAN AccessGranted
)
99 return(STATUS_NOT_IMPLEMENTED
);
108 SeAuditHardLinkCreation(
109 IN PUNICODE_STRING FileName
,
110 IN PUNICODE_STRING LinkName
,
122 SeAuditingFileEvents(
123 IN BOOLEAN AccessGranted
,
124 IN PSECURITY_DESCRIPTOR SecurityDescriptor
136 SeAuditingFileEventsWithContext(
137 IN BOOLEAN AccessGranted
,
138 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
139 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
151 SeAuditingHardLinkEvents(
152 IN BOOLEAN AccessGranted
,
153 IN PSECURITY_DESCRIPTOR SecurityDescriptor
165 SeAuditingHardLinkEventsWithContext(
166 IN BOOLEAN AccessGranted
,
167 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
168 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
180 SeAuditingFileOrGlobalEvents(
181 IN BOOLEAN AccessGranted
,
182 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
183 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
195 SeCloseObjectAuditAlarm(
198 IN BOOLEAN PerformAction
208 SeDeleteObjectAuditAlarm(IN PVOID Object
,
219 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
220 IN PVOID Object OPTIONAL
,
221 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
222 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
223 IN PACCESS_STATE AccessState
,
224 IN BOOLEAN ObjectCreated
,
225 IN BOOLEAN AccessGranted
,
226 IN KPROCESSOR_MODE AccessMode
,
227 OUT PBOOLEAN GenerateOnClose
)
237 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
238 IN PVOID Object OPTIONAL
,
239 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
240 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
241 IN PACCESS_STATE AccessState
,
242 IN BOOLEAN ObjectCreated
,
243 IN BOOLEAN AccessGranted
,
244 IN KPROCESSOR_MODE AccessMode
,
245 OUT PBOOLEAN GenerateOnClose
)
255 SePrivilegeObjectAuditAlarm(
257 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
258 IN ACCESS_MASK DesiredAccess
,
259 IN PPRIVILEGE_SET Privileges
,
260 IN BOOLEAN AccessGranted
,
261 IN KPROCESSOR_MODE CurrentMode