|
1 #ifndef _LMAUDIT_H |
|
2 #define _LMAUDIT_H |
|
3 #if __GNUC__ >=3 |
|
4 #pragma GCC system_header |
|
5 #endif |
|
6 |
|
7 #ifdef __cplusplus |
|
8 extern "C" { |
|
9 #endif |
|
10 #define REVISED_AUDIT_ENTRY_STRUCT |
|
11 #define LOGFLAGS_FORWARD 0 |
|
12 #define LOGFLAGS_BACKWARD 1 |
|
13 #define LOGFLAGS_SEEK 2 |
|
14 #define ACTION_LOCKOUT 0 |
|
15 #define ACTION_ADMINUNLOCK 1 |
|
16 #define AE_GUEST 0 |
|
17 #define AE_USER 1 |
|
18 #define AE_ADMIN 2 |
|
19 #define AE_NORMAL 0 |
|
20 #define AE_USERLIMIT 0 |
|
21 #define AE_GENERAL 0 |
|
22 #define AE_ERROR 1 |
|
23 #define AE_SESSDIS 1 |
|
24 #define AE_BADPW 1 |
|
25 #define AE_AUTODIS 2 |
|
26 #define AE_UNSHARE 2 |
|
27 #define AE_ADMINPRIVREQD 2 |
|
28 #define AE_ADMINDIS 3 |
|
29 #define AE_NOACCESSPERM 3 |
|
30 #define AE_ACCRESTRICT 4 |
|
31 #define AE_NORMAL_CLOSE 0 |
|
32 #define AE_SES_CLOSE 1 |
|
33 #define AE_ADMIN_CLOSE 2 |
|
34 #define AE_LIM_UNKNOWN 0 |
|
35 #define AE_LIM_LOGONHOURS 1 |
|
36 #define AE_LIM_EXPIRED 2 |
|
37 #define AE_LIM_INVAL_WKSTA 3 |
|
38 #define AE_LIM_DISABLED 4 |
|
39 #define AE_LIM_DELETED 5 |
|
40 #define AE_MOD 0 |
|
41 #define AE_DELETE 1 |
|
42 #define AE_ADD 2 |
|
43 #define AE_UAS_USER 0 |
|
44 #define AE_UAS_GROUP 1 |
|
45 #define AE_UAS_MODALS 2 |
|
46 #define SVAUD_SERVICE 1 |
|
47 #define SVAUD_GOODSESSLOGON 6 |
|
48 #define SVAUD_BADSESSLOGON 24 |
|
49 #define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON|SVAUD_BADSESSLOGON) |
|
50 #define SVAUD_GOODNETLOGON 96 |
|
51 #define SVAUD_BADNETLOGON 384 |
|
52 #define SVAUD_NETLOGON (SVAUD_GOODNETLOGON|SVAUD_BADNETLOGON) |
|
53 #define SVAUD_LOGON (SVAUD_NETLOGON|SVAUD_SESSLOGON) |
|
54 #define SVAUD_GOODUSE 0x600 |
|
55 #define SVAUD_BADUSE 0x1800 |
|
56 #define SVAUD_USE (SVAUD_GOODUSE|SVAUD_BADUSE) |
|
57 #define SVAUD_USERLIST 8192 |
|
58 #define SVAUD_PERMISSIONS 16384 |
|
59 #define SVAUD_RESOURCE 32768 |
|
60 #define SVAUD_LOGONLIM 65536 |
|
61 #define AA_AUDIT_ALL 1 |
|
62 #define AA_A_OWNER 4 |
|
63 #define AA_CLOSE 8 |
|
64 #define AA_S_OPEN 16 |
|
65 #define AA_S_WRITE 32 |
|
66 #define AA_S_CREATE 32 |
|
67 #define AA_S_DELETE 64 |
|
68 #define AA_S_ACL 128 |
|
69 #define AA_S_ALL 253 |
|
70 #define AA_F_OPEN 256 |
|
71 #define AA_F_WRITE 512 |
|
72 #define AA_F_CREATE 512 |
|
73 #define AA_F_DELETE 1024 |
|
74 #define AA_F_ACL 2048 |
|
75 #define AA_F_ALL (AA_F_OPEN|AA_F_WRITE|AA_F_DELETE|AA_F_ACL) |
|
76 #define AA_A_OPEN 2048 |
|
77 #define AA_A_WRITE 4096 |
|
78 #define AA_A_CREATE 8192 |
|
79 #define AA_A_DELETE 16384 |
|
80 #define AA_A_ACL 32768 |
|
81 #define AA_A_ALL (AA_F_OPEN|AA_F_WRITE|AA_F_DELETE|AA_F_ACL) |
|
82 typedef struct _AUDIT_ENTRY { |
|
83 DWORD ae_len; |
|
84 DWORD ae_reserved; |
|
85 DWORD ae_time; |
|
86 DWORD ae_type; |
|
87 DWORD ae_data_offset; |
|
88 DWORD ae_data_size; |
|
89 } AUDIT_ENTRY,*PAUDIT_ENTRY,*LPAUDIT_ENTRY; |
|
90 typedef struct _HLOG { |
|
91 DWORD time; |
|
92 DWORD last_flags; |
|
93 DWORD offset; |
|
94 DWORD rec_offset; |
|
95 } HLOG,*PHLOG,*LPHLOG; |
|
96 typedef struct _AE_SRVSTATUS { |
|
97 DWORD ae_sv_status; |
|
98 } AE_SRVSTATUS,*PAE_SRVSTATUS,*LPAE_SRVSTATUS; |
|
99 typedef struct _AE_SESSLOGON { |
|
100 DWORD ae_so_compname; |
|
101 DWORD ae_so_username; |
|
102 DWORD ae_so_privilege; |
|
103 } AE_SESSLOGON,*PAE_SESSLOGON,*LPAE_SESSLOGON; |
|
104 typedef struct _AE_SESSLOGOFF { |
|
105 DWORD ae_sf_compname; |
|
106 DWORD ae_sf_username; |
|
107 DWORD ae_sf_reason; |
|
108 } AE_SESSLOGOFF,*PAE_SESSLOGOFF,*LPAE_SESSLOGOFF; |
|
109 typedef struct _AE_SESSPWERR { |
|
110 DWORD ae_sp_compname; |
|
111 DWORD ae_sp_username; |
|
112 } AE_SESSPWERR,*PAE_SESSPWERR,*LPAE_SESSPWERR; |
|
113 typedef struct _AE_CONNSTART { |
|
114 DWORD ae_ct_compname; |
|
115 DWORD ae_ct_username; |
|
116 DWORD ae_ct_netname; |
|
117 DWORD ae_ct_connid; |
|
118 } AE_CONNSTART,*PAE_CONNSTART,*LPAE_CONNSTART; |
|
119 typedef struct _AE_CONNSTOP { |
|
120 DWORD ae_cp_compname; |
|
121 DWORD ae_cp_username; |
|
122 DWORD ae_cp_netname; |
|
123 DWORD ae_cp_connid; |
|
124 DWORD ae_cp_reason; |
|
125 } AE_CONNSTOP,*PAE_CONNSTOP,*LPAE_CONNSTOP; |
|
126 typedef struct _AE_CONNREJ { |
|
127 DWORD ae_cr_compname; |
|
128 DWORD ae_cr_username; |
|
129 DWORD ae_cr_netname; |
|
130 DWORD ae_cr_reason; |
|
131 } AE_CONNREJ,*PAE_CONNREJ,*LPAE_CONNREJ; |
|
132 typedef struct _AE_RESACCESS { |
|
133 DWORD ae_ra_compname; |
|
134 DWORD ae_ra_username; |
|
135 DWORD ae_ra_resname; |
|
136 DWORD ae_ra_operation; |
|
137 DWORD ae_ra_returncode; |
|
138 DWORD ae_ra_restype; |
|
139 DWORD ae_ra_fileid; |
|
140 } AE_RESACCESS,*PAE_RESACCESS,*LPAE_RESACCESS; |
|
141 typedef struct _AE_RESACCESSREJ { |
|
142 DWORD ae_rr_compname; |
|
143 DWORD ae_rr_username; |
|
144 DWORD ae_rr_resname; |
|
145 DWORD ae_rr_operation; |
|
146 } AE_RESACCESSREJ,*PAE_RESACCESSREJ,*LPAE_RESACCESSREJ; |
|
147 typedef struct _AE_CLOSEFILE { |
|
148 DWORD ae_cf_compname; |
|
149 DWORD ae_cf_username; |
|
150 DWORD ae_cf_resname; |
|
151 DWORD ae_cf_fileid; |
|
152 DWORD ae_cf_duration; |
|
153 DWORD ae_cf_reason; |
|
154 } AE_CLOSEFILE,*PAE_CLOSEFILE,*LPAE_CLOSEFILE; |
|
155 typedef struct _AE_SERVICESTAT { |
|
156 DWORD ae_ss_compname; |
|
157 DWORD ae_ss_username; |
|
158 DWORD ae_ss_svcname; |
|
159 DWORD ae_ss_status; |
|
160 DWORD ae_ss_code; |
|
161 DWORD ae_ss_text; |
|
162 DWORD ae_ss_returnval; |
|
163 } AE_SERVICESTAT,*PAE_SERVICESTAT,*LPAE_SERVICESTAT; |
|
164 typedef struct _AE_ACLMOD { |
|
165 DWORD ae_am_compname; |
|
166 DWORD ae_am_username; |
|
167 DWORD ae_am_resname; |
|
168 DWORD ae_am_action; |
|
169 DWORD ae_am_datalen; |
|
170 } AE_ACLMOD,*PAE_ACLMOD,*LPAE_ACLMOD; |
|
171 typedef struct _AE_UASMOD { |
|
172 DWORD ae_um_compname; |
|
173 DWORD ae_um_username; |
|
174 DWORD ae_um_resname; |
|
175 DWORD ae_um_rectype; |
|
176 DWORD ae_um_action; |
|
177 DWORD ae_um_datalen; |
|
178 } AE_UASMOD,*PAE_UASMOD,*LPAE_UASMOD; |
|
179 typedef struct _AE_NETLOGON { |
|
180 DWORD ae_no_compname; |
|
181 DWORD ae_no_username; |
|
182 DWORD ae_no_privilege; |
|
183 DWORD ae_no_authflags; |
|
184 } AE_NETLOGON,*PAE_NETLOGON,*LPAE_NETLOGON; |
|
185 typedef struct _AE_NETLOGOFF { |
|
186 DWORD ae_nf_compname; |
|
187 DWORD ae_nf_username; |
|
188 DWORD ae_nf_reserved1; |
|
189 DWORD ae_nf_reserved2; |
|
190 } AE_NETLOGOFF,*PAE_NETLOGOFF,*LPAE_NETLOGOFF; |
|
191 typedef struct _AE_ACCLIM { |
|
192 DWORD ae_al_compname; |
|
193 DWORD ae_al_username; |
|
194 DWORD ae_al_resname; |
|
195 DWORD ae_al_limit; |
|
196 } AE_ACCLIM,*PAE_ACCLIM,*LPAE_ACCLIM; |
|
197 typedef struct _AE_LOCKOUT { |
|
198 DWORD ae_lk_compname; |
|
199 DWORD ae_lk_username; |
|
200 DWORD ae_lk_action; |
|
201 DWORD ae_lk_bad_pw_count; |
|
202 } AE_LOCKOUT,*PAE_LOCKOUT,*LPAE_LOCKOUT; |
|
203 typedef struct _AE_GENERIC { |
|
204 DWORD ae_ge_msgfile; |
|
205 DWORD ae_ge_msgnum; |
|
206 DWORD ae_ge_params; |
|
207 DWORD ae_ge_param1; |
|
208 DWORD ae_ge_param2; |
|
209 DWORD ae_ge_param3; |
|
210 DWORD ae_ge_param4; |
|
211 DWORD ae_ge_param5; |
|
212 DWORD ae_ge_param6; |
|
213 DWORD ae_ge_param7; |
|
214 DWORD ae_ge_param8; |
|
215 DWORD ae_ge_param9; |
|
216 } AE_GENERIC,*PAE_GENERIC,*LPAE_GENERIC; |
|
217 NET_API_STATUS WINAPI NetAuditClear(LPCWSTR,LPCWSTR,LPCWSTR); |
|
218 NET_API_STATUS WINAPI NetAuditRead(LPTSTR,LPTSTR,LPHLOG,DWORD,PDWORD,DWORD,DWORD,PBYTE*,DWORD,PDWORD,PDWORD); |
|
219 NET_API_STATUS WINAPI NetAuditWrite(DWORD,PBYTE,DWORD,LPTSTR,PBYTE); |
|
220 |
|
221 /* These conflict with struct typedefs, why? */ |
|
222 #define AE_SRVSTATUS 0 |
|
223 #define AE_SESSLOGON 1 |
|
224 #define AE_SESSLOGOFF 2 |
|
225 #define AE_SESSPWERR 3 |
|
226 #define AE_CONNSTART 4 |
|
227 #define AE_CONNSTOP 5 |
|
228 #define AE_CONNREJ 6 |
|
229 #define AE_RESACCESS 7 |
|
230 #define AE_RESACCESSREJ 8 |
|
231 #define AE_CLOSEFILE 9 |
|
232 #define AE_SERVICESTAT 11 |
|
233 #define AE_ACLMOD 12 |
|
234 #define AE_UASMOD 13 |
|
235 #define AE_NETLOGON 14 |
|
236 #define AE_NETLOGOFF 15 |
|
237 #define AE_NETLOGDENIED 16 |
|
238 #define AE_ACCLIMITEXCD 17 |
|
239 #define AE_RESACCESS2 18 |
|
240 #define AE_ACLMODFAIL 19 |
|
241 #define AE_LOCKOUT 20 |
|
242 #define AE_GENERIC_TYPE 21 |
|
243 #define AE_SRVSTART 0 |
|
244 #define AE_SRVPAUSED 1 |
|
245 #define AE_SRVCONT 2 |
|
246 #define AE_SRVSTOP 3 |
|
247 #ifdef __cplusplus |
|
248 } |
|
249 #endif |
|
250 #endif |