3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: ntoskrnl/se/audit.c
6 * PURPOSE: Audit functions
8 * PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
11 /* INCLUDES *****************************************************************/
14 #include <internal/debug.h>
16 /* INTERNAL *****************************************************************/
20 SeDetailedAuditingWithToken(IN PTOKEN Token
)
28 SeAuditProcessExit(IN PEPROCESS Process
)
33 /* FUNCTIONS ****************************************************************/
37 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
39 IN PUNICODE_STRING ObjectTypeName
,
40 IN PUNICODE_STRING ObjectName
,
41 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
42 IN ACCESS_MASK DesiredAccess
,
43 IN PGENERIC_MAPPING GenericMapping
,
44 IN BOOLEAN ObjectCreation
,
45 OUT PACCESS_MASK GrantedAccess
,
46 OUT PNTSTATUS AccessStatus
,
47 OUT PBOOLEAN GenerateOnClose
)
50 return(STATUS_NOT_IMPLEMENTED
);
55 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
57 IN BOOLEAN GenerateOnClose
)
60 return(STATUS_NOT_IMPLEMENTED
);
65 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
67 IN BOOLEAN GenerateOnClose
)
70 return(STATUS_NOT_IMPLEMENTED
);
75 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
77 IN PUNICODE_STRING ObjectTypeName
,
78 IN PUNICODE_STRING ObjectName
,
79 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
80 IN HANDLE ClientToken
,
81 IN ULONG DesiredAccess
,
82 IN ULONG GrantedAccess
,
83 IN PPRIVILEGE_SET Privileges
,
84 IN BOOLEAN ObjectCreation
,
85 IN BOOLEAN AccessGranted
,
86 OUT PBOOLEAN GenerateOnClose
)
89 return(STATUS_NOT_IMPLEMENTED
);
94 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName
,
95 IN PUNICODE_STRING ServiceName
,
96 IN HANDLE ClientToken
,
97 IN PPRIVILEGE_SET Privileges
,
98 IN BOOLEAN AccessGranted
)
101 return(STATUS_NOT_IMPLEMENTED
);
106 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
108 IN HANDLE ClientToken
,
109 IN ULONG DesiredAccess
,
110 IN PPRIVILEGE_SET Privileges
,
111 IN BOOLEAN AccessGranted
)
114 return(STATUS_NOT_IMPLEMENTED
);
123 SeAuditHardLinkCreation(
124 IN PUNICODE_STRING FileName
,
125 IN PUNICODE_STRING LinkName
,
137 SeAuditingFileEvents(
138 IN BOOLEAN AccessGranted
,
139 IN PSECURITY_DESCRIPTOR SecurityDescriptor
151 SeAuditingFileEventsWithContext(
152 IN BOOLEAN AccessGranted
,
153 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
154 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
166 SeAuditingHardLinkEvents(
167 IN BOOLEAN AccessGranted
,
168 IN PSECURITY_DESCRIPTOR SecurityDescriptor
180 SeAuditingHardLinkEventsWithContext(
181 IN BOOLEAN AccessGranted
,
182 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
183 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
195 SeAuditingFileOrGlobalEvents(
196 IN BOOLEAN AccessGranted
,
197 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
198 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
210 SeCloseObjectAuditAlarm(
213 IN BOOLEAN PerformAction
223 SeDeleteObjectAuditAlarm(IN PVOID Object
,
234 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
235 IN PVOID Object OPTIONAL
,
236 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
237 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
238 IN PACCESS_STATE AccessState
,
239 IN BOOLEAN ObjectCreated
,
240 IN BOOLEAN AccessGranted
,
241 IN KPROCESSOR_MODE AccessMode
,
242 OUT PBOOLEAN GenerateOnClose
)
244 DPRINT1("SeOpenObjectAuditAlarm is UNIMPLEMENTED!\n");
252 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
253 IN PVOID Object OPTIONAL
,
254 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
255 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
256 IN PACCESS_STATE AccessState
,
257 IN BOOLEAN ObjectCreated
,
258 IN BOOLEAN AccessGranted
,
259 IN KPROCESSOR_MODE AccessMode
,
260 OUT PBOOLEAN GenerateOnClose
)
270 SePrivilegeObjectAuditAlarm(
272 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
273 IN ACCESS_MASK DesiredAccess
,
274 IN PPRIVILEGE_SET Privileges
,
275 IN BOOLEAN AccessGranted
,
276 IN KPROCESSOR_MODE CurrentMode