[NTOSKRNL]

- Halfplement SeReportSecurityEvent, stub SeSetAuditParameter and enable both exports, which are SP1! svn path=/trunk/; revision=62207
2025-08-03 20:35:43 +00:00 · 2014-02-16 09:08:22 +00:00 · 2014-02-16 09:08:22 +00:00 · c01564fe18
commit c01564fe18
parent 5c9eeb7616
2 changed files with 84 additions and 2 deletions
--- a/reactos/ntoskrnl/ntoskrnl.spec
+++ b/reactos/ntoskrnl/ntoskrnl.spec
@ -1373,9 +1373,9 @@
@ stdcall SeRegisterLogonSessionTerminatedRoutine(ptr)
@ stdcall SeReleaseSecurityDescriptor(ptr long long)
@ stdcall SeReleaseSubjectContext(ptr)
-;@ cdecl -arch=x86_64 SeReportSecurityEvent
+@ stdcall SeReportSecurityEvent(long ptr ptr ptr)
@ stdcall SeSetAccessStateGenericMapping(ptr ptr)
-;SeSetAuditParameter
+@ stdcall SeSetAuditParameter(ptr long long ptr)
@ stdcall SeSetSecurityDescriptorInfo(ptr ptr ptr ptr long ptr)
@ stdcall SeSetSecurityDescriptorInfoEx(ptr ptr ptr ptr long long ptr)
@ stdcall SeSinglePrivilegeCheck(long long long)
--- a/reactos/ntoskrnl/se/semgr.c
+++ b/reactos/ntoskrnl/se/semgr.c
@ -311,4 +311,86 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
    }
 }

+NTSTATUS
+NTAPI
+SeReportSecurityEvent(
+    _In_ ULONG Flags,
+    _In_ PUNICODE_STRING SourceName,
+    _In_opt_ PSID UserSid,
+    _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
+{
+    SECURITY_SUBJECT_CONTEXT SubjectContext;
+    PTOKEN EffectiveToken;
+    PISID Sid;
+    NTSTATUS Status;
+
+    /* Validate parameters */
+    if ((Flags != 0) ||
+        (SourceName == NULL) ||
+        (SourceName->Buffer == NULL) ||
+        (SourceName->Length == 0) ||
+        (AuditParameters == NULL) ||
+        (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
+    {
+        return STATUS_INVALID_PARAMETER;
+    }
+
+    /* Validate the source name */
+    Status = RtlValidateUnicodeString(0, SourceName);
+    if (!NT_SUCCESS(Status))
+    {
+        return Status;
+    }
+
+    /* Check if we have a user SID */
+    if (UserSid != NULL)
+    {
+        /* Validate it */
+        if (!RtlValidSid(UserSid))
+        {
+            return STATUS_INVALID_PARAMETER;
+        }
+
+        /* Use the user SID */
+        Sid = UserSid;
+    }
+    else
+    {
+        /* No user SID, capture the security subject context */
+        SeCaptureSubjectContext(&SubjectContext);
+
+        /* Extract the effective token */
+        EffectiveToken = SubjectContext.ClientToken ?
+            SubjectContext.ClientToken : SubjectContext.PrimaryToken;
+
+        /* Use the user-and-groups SID */
+        Sid = EffectiveToken->UserAndGroups->Sid;
+    }
+
+    UNIMPLEMENTED;
+
+    /* Check if we captured the subject context */
+    if (Sid != UserSid)
+    {
+        /* Release it */
+        SeReleaseSubjectContext(&SubjectContext);
+    }
+
+    /* Return success */
+    return STATUS_SUCCESS;
+}
+
+_Const_
+NTSTATUS
+NTAPI
+SeSetAuditParameter(
+    _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
+    _In_ SE_ADT_PARAMETER_TYPE Type,
+    _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index,
+    _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
+{
+    UNIMPLEMENTED;
+    return STATUS_SUCCESS;
+}
+
 /* EOF */