3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: ntoskrnl/se/audit.c
6 * PURPOSE: Audit functions
8 * PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
11 /* INCLUDES *****************************************************************/
14 #include <internal/debug.h>
17 /* FUNCTIONS ****************************************************************/
21 NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
23 IN PUNICODE_STRING ObjectTypeName
,
24 IN PUNICODE_STRING ObjectName
,
25 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
26 IN ACCESS_MASK DesiredAccess
,
27 IN PGENERIC_MAPPING GenericMapping
,
28 IN BOOLEAN ObjectCreation
,
29 OUT PACCESS_MASK GrantedAccess
,
30 OUT PNTSTATUS AccessStatus
,
31 OUT PBOOLEAN GenerateOnClose
)
34 return(STATUS_NOT_IMPLEMENTED
);
39 NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
41 IN BOOLEAN GenerateOnClose
)
44 return(STATUS_NOT_IMPLEMENTED
);
49 NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
51 IN BOOLEAN GenerateOnClose
)
54 return(STATUS_NOT_IMPLEMENTED
);
59 NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
61 IN PUNICODE_STRING ObjectTypeName
,
62 IN PUNICODE_STRING ObjectName
,
63 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
64 IN HANDLE ClientToken
,
65 IN ULONG DesiredAccess
,
66 IN ULONG GrantedAccess
,
67 IN PPRIVILEGE_SET Privileges
,
68 IN BOOLEAN ObjectCreation
,
69 IN BOOLEAN AccessGranted
,
70 OUT PBOOLEAN GenerateOnClose
)
73 return(STATUS_NOT_IMPLEMENTED
);
78 NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName
,
79 IN PUNICODE_STRING ServiceName
,
80 IN HANDLE ClientToken
,
81 IN PPRIVILEGE_SET Privileges
,
82 IN BOOLEAN AccessGranted
)
85 return(STATUS_NOT_IMPLEMENTED
);
90 NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
92 IN HANDLE ClientToken
,
93 IN ULONG DesiredAccess
,
94 IN PPRIVILEGE_SET Privileges
,
95 IN BOOLEAN AccessGranted
)
98 return(STATUS_NOT_IMPLEMENTED
);
107 SeAuditHardLinkCreation(
108 IN PUNICODE_STRING FileName
,
109 IN PUNICODE_STRING LinkName
,
121 SeAuditingFileEvents(
122 IN BOOLEAN AccessGranted
,
123 IN PSECURITY_DESCRIPTOR SecurityDescriptor
135 SeAuditingFileEventsWithContext(
136 IN BOOLEAN AccessGranted
,
137 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
138 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
150 SeAuditingHardLinkEvents(
151 IN BOOLEAN AccessGranted
,
152 IN PSECURITY_DESCRIPTOR SecurityDescriptor
164 SeAuditingHardLinkEventsWithContext(
165 IN BOOLEAN AccessGranted
,
166 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
167 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
179 SeAuditingFileOrGlobalEvents(
180 IN BOOLEAN AccessGranted
,
181 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
182 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
194 SeCloseObjectAuditAlarm(
197 IN BOOLEAN PerformAction
207 SeDeleteObjectAuditAlarm(IN PVOID Object
,
218 SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
219 IN PVOID Object OPTIONAL
,
220 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
221 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
222 IN PACCESS_STATE AccessState
,
223 IN BOOLEAN ObjectCreated
,
224 IN BOOLEAN AccessGranted
,
225 IN KPROCESSOR_MODE AccessMode
,
226 OUT PBOOLEAN GenerateOnClose
)
228 DPRINT1("SeOpenObjectAuditAlarm is UNIMPLEMENTED!\n");
236 SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName
,
237 IN PVOID Object OPTIONAL
,
238 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
239 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
240 IN PACCESS_STATE AccessState
,
241 IN BOOLEAN ObjectCreated
,
242 IN BOOLEAN AccessGranted
,
243 IN KPROCESSOR_MODE AccessMode
,
244 OUT PBOOLEAN GenerateOnClose
)
254 SePrivilegeObjectAuditAlarm(
256 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
257 IN ACCESS_MASK DesiredAccess
,
258 IN PPRIVILEGE_SET Privileges
,
259 IN BOOLEAN AccessGranted
,
260 IN KPROCESSOR_MODE CurrentMode