Author: tkreuzer Date: Sun Feb 16 09:08:22 2014 New Revision: 62207

URL: http://svn.reactos.org/svn/reactos?rev=62207&view=rev Log: [NTOSKRNL] - Halfplement SeReportSecurityEvent, stub SeSetAuditParameter and enable both exports, which are SP1!

Modified: trunk/reactos/ntoskrnl/ntoskrnl.spec trunk/reactos/ntoskrnl/se/semgr.c

Modified: trunk/reactos/ntoskrnl/ntoskrnl.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ntoskrnl.spec?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/ntoskrnl.spec [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ntoskrnl.spec [iso-8859-1] Sun Feb 16 09:08:22 2014 @@ -1373,9 +1373,9 @@ @ stdcall SeRegisterLogonSessionTerminatedRoutine(ptr) @ stdcall SeReleaseSecurityDescriptor(ptr long long) @ stdcall SeReleaseSubjectContext(ptr) -;@ cdecl -arch=x86_64 SeReportSecurityEvent +@ stdcall SeReportSecurityEvent(long ptr ptr ptr) @ stdcall SeSetAccessStateGenericMapping(ptr ptr) -;SeSetAuditParameter +@ stdcall SeSetAuditParameter(ptr long long ptr) @ stdcall SeSetSecurityDescriptorInfo(ptr ptr ptr ptr long ptr) @ stdcall SeSetSecurityDescriptorInfoEx(ptr ptr ptr ptr long long ptr) @ stdcall SeSinglePrivilegeCheck(long long long)

Modified: trunk/reactos/ntoskrnl/se/semgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=622... ============================================================================== --- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Sun Feb 16 09:08:22 2014 @@ -311,4 +311,86 @@ } }

+NTSTATUS +NTAPI +SeReportSecurityEvent( + _In_ ULONG Flags, + _In_ PUNICODE_STRING SourceName, + _In_opt_ PSID UserSid, + _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters) +{ + SECURITY_SUBJECT_CONTEXT SubjectContext; + PTOKEN EffectiveToken; + PISID Sid; + NTSTATUS Status; + + /* Validate parameters */ + if ((Flags != 0) || + (SourceName == NULL) || + (SourceName->Buffer == NULL) || + (SourceName->Length == 0) || + (AuditParameters == NULL) || + (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4)) + { + return STATUS_INVALID_PARAMETER; + } + + /* Validate the source name */ + Status = RtlValidateUnicodeString(0, SourceName); + if (!NT_SUCCESS(Status)) + { + return Status; + } + + /* Check if we have a user SID */ + if (UserSid != NULL) + { + /* Validate it */ + if (!RtlValidSid(UserSid)) + { + return STATUS_INVALID_PARAMETER; + } + + /* Use the user SID */ + Sid = UserSid; + } + else + { + /* No user SID, capture the security subject context */ + SeCaptureSubjectContext(&SubjectContext); + + /* Extract the effective token */ + EffectiveToken = SubjectContext.ClientToken ? + SubjectContext.ClientToken : SubjectContext.PrimaryToken; + + /* Use the user-and-groups SID */ + Sid = EffectiveToken->UserAndGroups->Sid; + } + + UNIMPLEMENTED; + + /* Check if we captured the subject context */ + if (Sid != UserSid) + { + /* Release it */ + SeReleaseSubjectContext(&SubjectContext); + } + + /* Return success */ + return STATUS_SUCCESS; +} + +_Const_ +NTSTATUS +NTAPI +SeSetAuditParameter( + _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, + _In_ SE_ADT_PARAMETER_TYPE Type, + _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, + _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data) +{ + UNIMPLEMENTED; + return STATUS_SUCCESS; +} + /* EOF */