summaryrefslogblamecommitdiffstats
path: root/public/sdk/inc/lmaudit.h
blob: 2641c4f42c365b5e4c9bce333b06af1f63712dd8 (plain) (tree)













































































































































































































































































































































































































                                                                                
/*++ BUILD Version: 0003    // Increment this if a change has global effects

Copyright (c) 1991-1996  Microsoft Corporation

Module Name:

    lmaudit.h

Abstract:

    This module defines the API function prototypes and data structures
    for the following groups of NT API functions:
        NetAudit

Environment:

    User Mode - Win32

Notes:

    You must include NETCONS.H before this file, since this file depends
    on values defined in NETCONS.H.

--*/

#ifndef _LMAUDIT_
#define _LMAUDIT_

#ifdef __cplusplus
extern "C" {
#endif

#ifndef _LMHLOGDEFINED_
#define _LMHLOGDEFINED_

typedef struct _HLOG {
     DWORD          time;
     DWORD          last_flags;
     DWORD          offset;
     DWORD          rec_offset;
} HLOG, *PHLOG, *LPHLOG;

#define LOGFLAGS_FORWARD	0
#define LOGFLAGS_BACKWARD	0x1
#define LOGFLAGS_SEEK		0x2

#endif

//
// Function Prototypes - Audit
//

NET_API_STATUS NET_API_FUNCTION
NetAuditClear (
    IN  LPCWSTR  server OPTIONAL,
    IN  LPCWSTR  backupfile OPTIONAL,
    IN  LPCWSTR  service OPTIONAL  // WARNING: buggy support before LM 2.0C!!
    );

NET_API_STATUS NET_API_FUNCTION
NetAuditRead (
    IN  LPCWSTR  server OPTIONAL,
    IN  LPCWSTR  service OPTIONAL,  // WARNING: buggy support before LM 2.0C!!
    IN  LPHLOG   auditloghandle,
    IN  DWORD    offset,
    IN  LPDWORD  reserved1 OPTIONAL,
    IN  DWORD   reserved2,
    IN  DWORD   offsetflag,
    OUT LPBYTE  *bufptr,
    IN  DWORD   prefmaxlen,
    OUT LPDWORD bytesread,
    OUT LPDWORD totalavailable
    );

NET_API_STATUS NET_API_FUNCTION
NetAuditWrite (
    IN  DWORD    type,
    IN  LPBYTE   buf,
    IN  DWORD    numbytes,
    IN  LPCWSTR  service OPTIONAL,
    IN  LPBYTE   reserved OPTIONAL
    );


//
// Data Structures - Audit
//

typedef struct _AUDIT_ENTRY {
     DWORD          ae_len;
     DWORD          ae_reserved;
     DWORD          ae_time;
     DWORD          ae_type;
     DWORD          ae_data_offset;  /* Offset from beginning
                              address of audit_entry */
     DWORD          ae_data_size;  // byte count of ae_data area (not incl pad).
} AUDIT_ENTRY, *PAUDIT_ENTRY, *LPAUDIT_ENTRY;

// BUGBUG: Temporary to let users ifdef on this struct layout.
#define REVISED_AUDIT_ENTRY_STRUCT


typedef struct _AE_SRVSTATUS {
     DWORD	    ae_sv_status;
} AE_SRVSTATUS, *PAE_SRVSTATUS, *LPAE_SRVSTATUS;

typedef struct _AE_SESSLOGON {
     DWORD          ae_so_compname;
     DWORD          ae_so_username;
     DWORD          ae_so_privilege;
} AE_SESSLOGON, *PAE_SESSLOGON, *LPAE_SESSLOGON;

typedef struct _AE_SESSLOGOFF {
     DWORD          ae_sf_compname;
     DWORD          ae_sf_username;
     DWORD          ae_sf_reason;
} AE_SESSLOGOFF, *PAE_SESSLOGOFF, *LPAE_SESSLOGOFF;

typedef struct _AE_SESSPWERR {
     DWORD          ae_sp_compname;
     DWORD          ae_sp_username;
} AE_SESSPWERR, *PAE_SESSPWERR, *LPAE_SESSPWERR;

typedef struct _AE_CONNSTART {
     DWORD          ae_ct_compname;
     DWORD          ae_ct_username;
     DWORD          ae_ct_netname;
     DWORD          ae_ct_connid;
} AE_CONNSTART, *PAE_CONNSTART, *LPAE_CONNSTART;

typedef struct _AE_CONNSTOP {
     DWORD          ae_cp_compname;
     DWORD          ae_cp_username;
     DWORD          ae_cp_netname;
     DWORD          ae_cp_connid;
     DWORD          ae_cp_reason;
} AE_CONNSTOP, *PAE_CONNSTOP, *LPAE_CONNSTOP;

typedef struct _AE_CONNREJ {
     DWORD          ae_cr_compname;
     DWORD          ae_cr_username;
     DWORD          ae_cr_netname;
     DWORD          ae_cr_reason;
} AE_CONNREJ, *PAE_CONNREJ, *LPAE_CONNREJ;

typedef struct _AE_RESACCESS {
     DWORD          ae_ra_compname;
     DWORD          ae_ra_username;
     DWORD          ae_ra_resname;
     DWORD          ae_ra_operation;
     DWORD          ae_ra_returncode;
     DWORD          ae_ra_restype;
     DWORD          ae_ra_fileid;
} AE_RESACCESS, *PAE_RESACCESS, *LPAE_RESACCESS;

typedef struct _AE_RESACCESSREJ {
     DWORD          ae_rr_compname;
     DWORD          ae_rr_username;
     DWORD          ae_rr_resname;
     DWORD          ae_rr_operation;
} AE_RESACCESSREJ, *PAE_RESACCESSREJ, *LPAE_RESACCESSREJ;

typedef struct _AE_CLOSEFILE {
     DWORD          ae_cf_compname;
     DWORD          ae_cf_username;
     DWORD          ae_cf_resname;
     DWORD          ae_cf_fileid;
     DWORD          ae_cf_duration;
     DWORD          ae_cf_reason;
} AE_CLOSEFILE, *PAE_CLOSEFILE, *LPAE_CLOSEFILE;

typedef struct _AE_SERVICESTAT {
     DWORD          ae_ss_compname;
     DWORD          ae_ss_username;
     DWORD          ae_ss_svcname;
     DWORD          ae_ss_status;
     DWORD          ae_ss_code;
     DWORD          ae_ss_text;
     DWORD          ae_ss_returnval;
} AE_SERVICESTAT, *PAE_SERVICESTAT, *LPAE_SERVICESTAT;

typedef struct _AE_ACLMOD {
     DWORD          ae_am_compname;
     DWORD          ae_am_username;
     DWORD          ae_am_resname;
     DWORD          ae_am_action;
     DWORD          ae_am_datalen;
} AE_ACLMOD, *PAE_ACLMOD, *LPAE_ACLMOD;

typedef struct _AE_UASMOD {
     DWORD          ae_um_compname;
     DWORD          ae_um_username;
     DWORD          ae_um_resname;
     DWORD          ae_um_rectype;
     DWORD          ae_um_action;
     DWORD          ae_um_datalen;
} AE_UASMOD, *PAE_UASMOD, *LPAE_UASMOD;

typedef struct _AE_NETLOGON {
     DWORD          ae_no_compname;
     DWORD          ae_no_username;
     DWORD          ae_no_privilege;
     DWORD          ae_no_authflags;
} AE_NETLOGON, *PAE_NETLOGON, *LPAE_NETLOGON;

typedef struct _AE_NETLOGOFF {
     DWORD          ae_nf_compname;
     DWORD          ae_nf_username;
     DWORD          ae_nf_reserved1;
     DWORD          ae_nf_reserved2;
} AE_NETLOGOFF, *PAE_NETLOGOFF, *LPAE_NETLOGOFF;

typedef struct _AE_ACCLIM {
     DWORD          ae_al_compname;
     DWORD          ae_al_username;
     DWORD          ae_al_resname;
     DWORD          ae_al_limit;
} AE_ACCLIM, *PAE_ACCLIM, *LPAE_ACCLIM;

#define ACTION_LOCKOUT          00
#define ACTION_ADMINUNLOCK      01

typedef struct _AE_LOCKOUT {
    DWORD           ae_lk_compname;     // Ptr to computername of client.
    DWORD           ae_lk_username;     // Ptr to username of client (NULL
                                        //  if same as computername).
    DWORD           ae_lk_action;       // Action taken on account:
                                        // 0 means locked out, 1 means not.
    DWORD           ae_lk_bad_pw_count; // Bad password count at the time
                                        // of lockout.
} AE_LOCKOUT, *PAE_LOCKOUT, *LPAE_LOCKOUT;

typedef struct _AE_GENERIC {
     DWORD          ae_ge_msgfile;
     DWORD          ae_ge_msgnum;
     DWORD          ae_ge_params;
     DWORD          ae_ge_param1;
     DWORD          ae_ge_param2;
     DWORD          ae_ge_param3;
     DWORD          ae_ge_param4;
     DWORD          ae_ge_param5;
     DWORD          ae_ge_param6;
     DWORD          ae_ge_param7;
     DWORD          ae_ge_param8;
     DWORD          ae_ge_param9;
} AE_GENERIC, *PAE_GENERIC, *LPAE_GENERIC;

//
// Special Values and Constants - Audit
//

//
// 	Audit entry types (field ae_type in audit_entry).
//

#define AE_SRVSTATUS	0
#define AE_SESSLOGON	1
#define AE_SESSLOGOFF	2
#define AE_SESSPWERR	3
#define AE_CONNSTART	4
#define AE_CONNSTOP	5
#define AE_CONNREJ	6
#define AE_RESACCESS	7
#define AE_RESACCESSREJ	8
#define AE_CLOSEFILE	9
#define AE_SERVICESTAT	11
#define AE_ACLMOD	12
#define AE_UASMOD	13
#define AE_NETLOGON	14
#define AE_NETLOGOFF	15
#define AE_NETLOGDENIED 16
#define AE_ACCLIMITEXCD 17
#define AE_RESACCESS2	18
#define AE_ACLMODFAIL	19
#define AE_LOCKOUT      20
#define AE_GENERIC_TYPE 21
//
//	Values for ae_ss_status field of ae_srvstatus.
//

#define AE_SRVSTART	0
#define AE_SRVPAUSED	1
#define AE_SRVCONT	2
#define AE_SRVSTOP	3

//
// 	Values for ae_so_privilege field of ae_sesslogon.
//

#define AE_GUEST	0		
#define AE_USER		1
#define AE_ADMIN	2

//
//	Values for various ae_XX_reason fields.
//

#define AE_NORMAL	0		
#define AE_USERLIMIT	0
#define AE_GENERAL	0
#define AE_ERROR	1
#define AE_SESSDIS	1
#define AE_BADPW	1
#define AE_AUTODIS	2
#define AE_UNSHARE	2
#define AE_ADMINPRIVREQD 2
#define AE_ADMINDIS	3
#define AE_NOACCESSPERM 3
#define AE_ACCRESTRICT	4

#define	AE_NORMAL_CLOSE	0
#define	AE_SES_CLOSE	1
#define	AE_ADMIN_CLOSE	2

//
// Values for xx_subreason fields.
//

#define AE_LIM_UNKNOWN	    0
#define AE_LIM_LOGONHOURS   1
#define AE_LIM_EXPIRED	    2
#define AE_LIM_INVAL_WKSTA  3
#define AE_LIM_DISABLED     4
#define AE_LIM_DELETED	    5

//
// Values for xx_action fields
//

#define AE_MOD		0
#define AE_DELETE	1
#define AE_ADD		2

//
// Types of UAS record for um_rectype field
//

#define AE_UAS_USER	    0
#define AE_UAS_GROUP	    1
#define AE_UAS_MODALS	    2

//
// Bitmasks for auditing events
//
// The parentheses around the hex constants broke h_to_inc
// and have been purged from the face of the earth.
//

#define SVAUD_SERVICE           0x1
#define SVAUD_GOODSESSLOGON     0x6
#define SVAUD_BADSESSLOGON      0x18
#define SVAUD_SESSLOGON         (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)
#define SVAUD_GOODNETLOGON      0x60
#define SVAUD_BADNETLOGON       0x180
#define SVAUD_NETLOGON          (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)
#define SVAUD_LOGON             (SVAUD_NETLOGON | SVAUD_SESSLOGON)
#define SVAUD_GOODUSE           0x600
#define SVAUD_BADUSE            0x1800
#define SVAUD_USE               (SVAUD_GOODUSE | SVAUD_BADUSE)
#define SVAUD_USERLIST          0x2000
#define SVAUD_PERMISSIONS       0x4000
#define SVAUD_RESOURCE          0x8000
#define SVAUD_LOGONLIM		0x00010000

//
// Resource access audit bitmasks.
//

#define AA_AUDIT_ALL	    0x0001
#define AA_A_OWNER	    0x0004
#define AA_CLOSE	    0x0008
#define AA_S_OPEN	    0x0010
#define AA_S_WRITE	    0x0020
#define AA_S_CREATE	    0x0020
#define AA_S_DELETE	    0x0040
#define AA_S_ACL	    0x0080
#define AA_S_ALL	    ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)
#define AA_F_OPEN	    0x0100
#define AA_F_WRITE	    0x0200
#define AA_F_CREATE	    0x0200
#define AA_F_DELETE	    0x0400
#define AA_F_ACL	    0x0800
#define AA_F_ALL	    ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)

// Pinball-specific
#define AA_A_OPEN	    0x1000
#define AA_A_WRITE	    0x2000
#define AA_A_CREATE	    0x2000
#define AA_A_DELETE	    0x4000
#define AA_A_ACL	    0x8000
#define AA_A_ALL	    ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)


#ifdef __cplusplus
}
#endif

#endif  // _LMAUDIT_