1 /* $Id: audit.c,v 1.5 2004/08/03 19:20:39 ion Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Audit functions
6 * FILE: kernel/se/audit.c
7 * PROGRAMER: Eric Kohl (ekohl@rz-online.de)
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
16 #include <internal/debug.h>
19 /* FUNCTIONS ****************************************************************/
22 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
23 IN PHANDLE ObjectHandle
,
24 IN PUNICODE_STRING ObjectTypeName
,
25 IN PUNICODE_STRING ObjectName
,
26 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
27 IN ACCESS_MASK DesiredAccess
,
28 IN PGENERIC_MAPPING GenericMapping
,
29 IN BOOLEAN ObjectCreation
,
30 OUT PACCESS_MASK GrantedAccess
,
31 OUT PNTSTATUS AccessStatus
,
32 OUT PBOOLEAN GenerateOnClose
36 return(STATUS_NOT_IMPLEMENTED
);
41 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
43 IN BOOLEAN GenerateOnClose
)
46 return(STATUS_NOT_IMPLEMENTED
);
51 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
53 IN BOOLEAN GenerateOnClose
)
56 return(STATUS_NOT_IMPLEMENTED
);
61 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
63 IN PUNICODE_STRING ObjectTypeName
,
64 IN PUNICODE_STRING ObjectName
,
65 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
66 IN HANDLE ClientToken
,
67 IN ULONG DesiredAccess
,
68 IN ULONG GrantedAccess
,
69 IN PPRIVILEGE_SET Privileges
,
70 IN BOOLEAN ObjectCreation
,
71 IN BOOLEAN AccessGranted
,
72 OUT PBOOLEAN GenerateOnClose
)
75 return(STATUS_NOT_IMPLEMENTED
);
80 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName
,
81 IN PUNICODE_STRING ServiceName
,
82 IN HANDLE ClientToken
,
83 IN PPRIVILEGE_SET Privileges
,
84 IN BOOLEAN AccessGranted
)
87 return(STATUS_NOT_IMPLEMENTED
);
92 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
94 IN HANDLE ClientToken
,
95 IN ULONG DesiredAccess
,
96 IN PPRIVILEGE_SET Privileges
,
97 IN BOOLEAN AccessGranted
)
100 return(STATUS_NOT_IMPLEMENTED
);
109 SeAuditHardLinkCreation(
110 IN PUNICODE_STRING FileName
,
111 IN PUNICODE_STRING LinkName
,
123 SeAuditingFileEvents(
124 IN BOOLEAN AccessGranted
,
125 IN PSECURITY_DESCRIPTOR SecurityDescriptor
137 SeAuditingFileEventsWithContext(
138 IN BOOLEAN AccessGranted
,
139 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
140 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
152 SeAuditingHardLinkEvents(
153 IN BOOLEAN AccessGranted
,
154 IN PSECURITY_DESCRIPTOR SecurityDescriptor
166 SeAuditingHardLinkEventsWithContext(
167 IN BOOLEAN AccessGranted
,
168 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
169 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
181 SeAuditingFileOrGlobalEvents(
182 IN BOOLEAN AccessGranted
,
183 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
184 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
196 SeCloseObjectAuditAlarm(
199 IN BOOLEAN PerformAction
209 SeDeleteObjectAuditAlarm(IN PVOID Object
,
220 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
221 IN PVOID Object OPTIONAL
,
222 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
223 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
224 IN PACCESS_STATE AccessState
,
225 IN BOOLEAN ObjectCreated
,
226 IN BOOLEAN AccessGranted
,
227 IN KPROCESSOR_MODE AccessMode
,
228 OUT PBOOLEAN GenerateOnClose
)
238 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
239 IN PVOID Object OPTIONAL
,
240 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
241 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
242 IN PACCESS_STATE AccessState
,
243 IN BOOLEAN ObjectCreated
,
244 IN BOOLEAN AccessGranted
,
245 IN KPROCESSOR_MODE AccessMode
,
246 OUT PBOOLEAN GenerateOnClose
)
256 SePrivilegeObjectAuditAlarm(
258 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
259 IN ACCESS_MASK DesiredAccess
,
260 IN PPRIVILEGE_SET Privileges
,
261 IN BOOLEAN AccessGranted
,
262 IN KPROCESSOR_MODE CurrentMode