projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge trunk head (r43756)
[reactos.git] / reactos / ntoskrnl / se / audit.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: ntoskrnl/se/audit.c
5 * PURPOSE: Audit functions
6 *
7 * PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
8 */
9
10 /* INCLUDES *******************************************************************/
11
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15
16 /* PRIVATE FUNCTIONS***********************************************************/
17
18 BOOLEAN
19 NTAPI
20 SeDetailedAuditingWithToken(IN PTOKEN Token)
21 {
22 /* FIXME */
23 return FALSE;
24 }
25
26 VOID
27 NTAPI
28 SeAuditProcessCreate(IN PEPROCESS Process)
29 {
30 /* FIXME */
31 }
32
33 VOID
34 NTAPI
35 SeAuditProcessExit(IN PEPROCESS Process)
36 {
37 /* FIXME */
38 }
39
40 NTSTATUS
41 NTAPI
42 SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
43 IN BOOLEAN DoAudit,
44 OUT POBJECT_NAME_INFORMATION *AuditInfo)
45 {
46 OBJECT_NAME_INFORMATION LocalNameInfo;
47 POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
48 ULONG ReturnLength = 8;
49 NTSTATUS Status;
50 PAGED_CODE();
51 ASSERT(AuditInfo);
52
53 /* Check if we should do auditing */
54 if (DoAudit)
55 {
56 /* FIXME: TODO */
57 }
58
59 /* Now query the name */
60 Status = ObQueryNameString(FileObject,
61 &LocalNameInfo,
62 sizeof(LocalNameInfo),
63 &ReturnLength);
64 if (((Status == STATUS_BUFFER_OVERFLOW) ||
65 (Status == STATUS_BUFFER_TOO_SMALL) ||
66 (Status == STATUS_INFO_LENGTH_MISMATCH)) &&
67 (ReturnLength != sizeof(LocalNameInfo)))
68 {
69 /* Allocate required size */
70 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
71 ReturnLength,
72 TAG_SEPA);
73 if (ObjectNameInfo)
74 {
75 /* Query the name again */
76 Status = ObQueryNameString(FileObject,
77 ObjectNameInfo,
78 ReturnLength,
79 &ReturnLength);
80 }
81 }
82
83 /* Check if we got here due to failure */
84 if ((ObjectNameInfo) &&
85 (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
86 {
87 /* First, free any buffer we might've allocated */
88 ASSERT(FALSE);
89 if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
90
91 /* Now allocate a temporary one */
92 ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
93 ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
94 sizeof(OBJECT_NAME_INFORMATION),
95 TAG_SEPA);
96 if (ObjectNameInfo)
97 {
98 /* Clear it */
99 RtlZeroMemory(ObjectNameInfo, ReturnLength);
100 Status = STATUS_SUCCESS;
101 }
102 }
103
104 /* Check if memory allocation failed */
105 if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
106
107 /* Return the audit name */
108 *AuditInfo = ObjectNameInfo;
109
110 /* Return status */
111 return Status;
112 }
113
114 NTSTATUS
115 NTAPI
116 SeLocateProcessImageName(IN PEPROCESS Process,
117 OUT PUNICODE_STRING *ProcessImageName)
118 {
119 POBJECT_NAME_INFORMATION AuditName;
120 PUNICODE_STRING ImageName;
121 PFILE_OBJECT FileObject;
122 NTSTATUS Status = STATUS_SUCCESS;
123 PAGED_CODE();
124
125 /* Assume failure */
126 *ProcessImageName = NULL;
127
128 /* Check if we have audit info */
129 AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
130 if (!AuditName)
131 {
132 /* Get the file object */
133 Status = PsReferenceProcessFilePointer(Process, &FileObject);
134 if (!NT_SUCCESS(Status)) return Status;
135
136 /* Initialize the audit structure */
137 Status = SeInitializeProcessAuditName(FileObject, TRUE, &AuditName);
138 if (NT_SUCCESS(Status))
139 {
140 /* Set it */
141 if (InterlockedCompareExchangePointer((PVOID*)&Process->
142 SeAuditProcessCreationInfo.ImageFileName,
143 AuditName,
144 NULL))
145 {
146 /* Someone beat us to it, deallocate our copy */
147 ExFreePool(AuditName);
148 }
149 }
150
151 /* Dereference the file object */
152 ObDereferenceObject(FileObject);
153 if (!NT_SUCCESS(Status)) return Status;
154 }
155
156 /* Get audit info again, now we have it for sure */
157 AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
158
159 /* Allocate the output string */
160 ImageName = ExAllocatePoolWithTag(NonPagedPool,
161 AuditName->Name.MaximumLength +
162 sizeof(UNICODE_STRING),
163 TAG_SEPA);
164 if (!ImageName) return STATUS_NO_MEMORY;
165
166 /* Make a copy of it */
167 RtlCopyMemory(ImageName,
168 &AuditName->Name,
169 AuditName->Name.MaximumLength + sizeof(UNICODE_STRING));
170
171 /* Fix up the buffer */
172 ImageName->Buffer = (PWSTR)(ImageName + 1);
173
174 /* Return it */
175 *ProcessImageName = ImageName;
176
177 /* Return status */
178 return Status;
179 }
180
181 /* PUBLIC FUNCTIONS ***********************************************************/
182
183 /*
184 * @unimplemented
185 */
186 VOID
187 NTAPI
188 SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
189 IN PUNICODE_STRING LinkName,
190 IN BOOLEAN bSuccess)
191 {
192 UNIMPLEMENTED;
193 }
194
195 /*
196 * @unimplemented
197 */
198 BOOLEAN
199 NTAPI
200 SeAuditingFileEvents(IN BOOLEAN AccessGranted,
201 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
202 {
203 UNIMPLEMENTED;
204 return FALSE;
205 }
206
207 /*
208 * @unimplemented
209 */
210 BOOLEAN
211 NTAPI
212 SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
213 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
214 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
215 {
216 UNIMPLEMENTED;
217 return FALSE;
218 }
219
220 /*
221 * @unimplemented
222 */
223 BOOLEAN
224 NTAPI
225 SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
226 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
227 {
228 UNIMPLEMENTED;
229 return FALSE;
230 }
231
232 /*
233 * @unimplemented
234 */
235 BOOLEAN
236 NTAPI
237 SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
238 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
239 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
240 {
241 UNIMPLEMENTED;
242 return FALSE;
243 }
244
245 /*
246 * @unimplemented
247 */
248 BOOLEAN
249 NTAPI
250 SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
251 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
252 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
253 {
254 UNIMPLEMENTED;
255 return FALSE;
256 }
257
258 /*
259 * @unimplemented
260 */
261 VOID
262 NTAPI
263 SeCloseObjectAuditAlarm(
264 IN PVOID Object,
265 IN HANDLE Handle,
266 IN BOOLEAN PerformAction
267 )
268 {
269 UNIMPLEMENTED;
270 }
271
272 /*
273 * @unimplemented
274 */
275 VOID NTAPI
276 SeDeleteObjectAuditAlarm(IN PVOID Object,
277 IN HANDLE Handle)
278 {
279 UNIMPLEMENTED;
280 }
281
282 /*
283 * @unimplemented
284 */
285 VOID
286 NTAPI
287 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
288 IN PVOID Object OPTIONAL,
289 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
290 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
291 IN PACCESS_STATE AccessState,
292 IN BOOLEAN ObjectCreated,
293 IN BOOLEAN AccessGranted,
294 IN KPROCESSOR_MODE AccessMode,
295 OUT PBOOLEAN GenerateOnClose)
296 {
297 PAGED_CODE();
298
299 /* Audits aren't done on kernel-mode access */
300 if (AccessMode == KernelMode) return;
301
302 /* Otherwise, unimplemented! */
303 //UNIMPLEMENTED;
304 return;
305 }
306
307 /*
308 * @unimplemented
309 */
310 VOID NTAPI
311 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
312 IN PVOID Object OPTIONAL,
313 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
314 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
315 IN PACCESS_STATE AccessState,
316 IN BOOLEAN ObjectCreated,
317 IN BOOLEAN AccessGranted,
318 IN KPROCESSOR_MODE AccessMode,
319 OUT PBOOLEAN GenerateOnClose)
320 {
321 UNIMPLEMENTED;
322 }
323
324 /*
325 * @unimplemented
326 */
327 VOID
328 NTAPI
329 SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
330 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
331 IN ACCESS_MASK DesiredAccess,
332 IN PPRIVILEGE_SET Privileges,
333 IN BOOLEAN AccessGranted,
334 IN KPROCESSOR_MODE CurrentMode)
335 {
336 UNIMPLEMENTED;
337 }
338
339 /* SYSTEM CALLS ***************************************************************/
340
341 NTSTATUS
342 NTAPI
343 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
344 IN HANDLE HandleId,
345 IN PUNICODE_STRING ObjectTypeName,
346 IN PUNICODE_STRING ObjectName,
347 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
348 IN ACCESS_MASK DesiredAccess,
349 IN PGENERIC_MAPPING GenericMapping,
350 IN BOOLEAN ObjectCreation,
351 OUT PACCESS_MASK GrantedAccess,
352 OUT PNTSTATUS AccessStatus,
353 OUT PBOOLEAN GenerateOnClose)
354 {
355 UNIMPLEMENTED;
356 return STATUS_NOT_IMPLEMENTED;
357 }
358
359
360 NTSTATUS NTAPI
361 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
362 IN PVOID HandleId,
363 IN BOOLEAN GenerateOnClose)
364 {
365 UNIMPLEMENTED;
366 return(STATUS_NOT_IMPLEMENTED);
367 }
368
369
370 NTSTATUS NTAPI
371 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
372 IN PVOID HandleId,
373 IN BOOLEAN GenerateOnClose)
374 {
375 UNIMPLEMENTED;
376 return(STATUS_NOT_IMPLEMENTED);
377 }
378
379
380 NTSTATUS NTAPI
381 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
382 IN PVOID HandleId,
383 IN PUNICODE_STRING ObjectTypeName,
384 IN PUNICODE_STRING ObjectName,
385 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
386 IN HANDLE ClientToken,
387 IN ULONG DesiredAccess,
388 IN ULONG GrantedAccess,
389 IN PPRIVILEGE_SET Privileges,
390 IN BOOLEAN ObjectCreation,
391 IN BOOLEAN AccessGranted,
392 OUT PBOOLEAN GenerateOnClose)
393 {
394 UNIMPLEMENTED;
395 return(STATUS_NOT_IMPLEMENTED);
396 }
397
398
399 NTSTATUS NTAPI
400 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
401 IN PUNICODE_STRING ServiceName,
402 IN HANDLE ClientToken,
403 IN PPRIVILEGE_SET Privileges,
404 IN BOOLEAN AccessGranted)
405 {
406 UNIMPLEMENTED;
407 return(STATUS_NOT_IMPLEMENTED);
408 }
409
410
411 NTSTATUS NTAPI
412 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
413 IN PVOID HandleId,
414 IN HANDLE ClientToken,
415 IN ULONG DesiredAccess,
416 IN PPRIVILEGE_SET Privileges,
417 IN BOOLEAN AccessGranted)
418 {
419 UNIMPLEMENTED;
420 return(STATUS_NOT_IMPLEMENTED);
421 }
422
423 /* EOF */
A free Windows-compatible Operating System