archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntos/se/rmaudit.c

129 lines
2.9 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. rmaudit.c
  9. Abstract:
  11. This module contains the Reference Monitor Auditing Command Workers.
  12. These workers call functions in the Auditing sub-component to do the real
  13. work.
  15. Author:
  17. Scott Birrell (ScottBi) November 14,1991
  19. Environment:
  21. Kernel mode only.
  23. Revision History:
  25. --*/
  27. #include "pch.h"
  29. #pragma hdrstop
  31. VOID
  32. SepRmSetAuditLogWrkr(
  33. IN PRM_COMMAND_MESSAGE CommandMessage,
  34. OUT PRM_REPLY_MESSAGE ReplyMessage
  35. );
  38. #ifdef ALLOC_PRAGMA
  39. #pragma alloc_text(PAGE,SepRmSetAuditEventWrkr)
  40. #endif
  44. VOID
  45. SepRmSetAuditEventWrkr(
  46. IN PRM_COMMAND_MESSAGE CommandMessage,
  47. OUT PRM_REPLY_MESSAGE ReplyMessage
  48. )
  50. /*++
  52. Routine Description:
  54. This function carries out the Reference Monitor Set Audit Event
  55. Command. This command enables or disables auditing and optionally
  56. sets the auditing events.
  59. Arguments:
  61. CommandMessage - Pointer to structure containing RM command message
  62. information consisting of an LPC PORT_MESSAGE structure followed
  63. by the command number (RmSetAuditStateCommand) and a single command
  64. parameter in structure form.
  66. ReplyMessage - Pointer to structure containing RM reply message
  67. information consisting of an LPC PORT_MESSAGE structure followed
  68. by the command ReturnedStatus field in which a status code from the
  69. command will be returned.
  71. Return Value:
  73. VOID
  75. --*/
  77. {
  79. PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
  80. POLICY_AUDIT_EVENT_TYPE EventType;
  82. PAGED_CODE();
  84. SepAdtInitializeBounds();
  86. ReplyMessage->ReturnedStatus = STATUS_SUCCESS;
  88. //
  89. // Strict check that command is correct one for this worker.
  90. //
  92. ASSERT( CommandMessage->CommandNumber == RmAuditSetCommand );
  94. //
  95. // Extract the AuditingMode flag and put it in the right place.
  96. //
  98. SepAdtAuditingEnabled = (((PLSARM_POLICY_AUDIT_EVENTS_INFO) CommandMessage->CommandParams)->
  99. AuditingMode);
  101. //
  102. // For each element in the passed array, process changes to audit
  103. // nothing, and then success or failure flags.
  104. //
  106. EventAuditingOptions = ((PLSARM_POLICY_AUDIT_EVENTS_INFO) CommandMessage->CommandParams)->
  107. EventAuditingOptions;
  110. for ( EventType=AuditEventMinType;
  111. EventType <= AuditEventMaxType;
  112. EventType++ ) {
  114. SeAuditingState[EventType].AuditOnSuccess = FALSE;
  115. SeAuditingState[EventType].AuditOnFailure = FALSE;
  117. if ( EventAuditingOptions[EventType] & POLICY_AUDIT_EVENT_SUCCESS ) {
  119. SeAuditingState[EventType].AuditOnSuccess = TRUE;
  120. }
  122. if ( EventAuditingOptions[EventType] & POLICY_AUDIT_EVENT_FAILURE ) {
  124. SeAuditingState[EventType].AuditOnFailure = TRUE;
  125. }
  126. }
  128. return;
  129. }