/*++ BUILD Version: 0003 // Increment this if a change has global effects
Copyright (c) 1991-1996 Microsoft Corporation
Module Name:
lmaudit.h
Abstract:
This module defines the API function prototypes and data structures
for the following groups of NT API functions:
NetAudit
Environment:
User Mode - Win32
Notes:
You must include NETCONS.H before this file, since this file depends
on values defined in NETCONS.H.
--*/
#ifndef _LMAUDIT_
#define _LMAUDIT_
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _LMHLOGDEFINED_
#define _LMHLOGDEFINED_
typedef struct _HLOG {
DWORD time;
DWORD last_flags;
DWORD offset;
DWORD rec_offset;
} HLOG, *PHLOG, *LPHLOG;
#define LOGFLAGS_FORWARD 0
#define LOGFLAGS_BACKWARD 0x1
#define LOGFLAGS_SEEK 0x2
#endif
//
// Function Prototypes - Audit
//
NET_API_STATUS NET_API_FUNCTION
NetAuditClear (
IN LPCWSTR server OPTIONAL,
IN LPCWSTR backupfile OPTIONAL,
IN LPCWSTR service OPTIONAL // WARNING: buggy support before LM 2.0C!!
);
NET_API_STATUS NET_API_FUNCTION
NetAuditRead (
IN LPCWSTR server OPTIONAL,
IN LPCWSTR service OPTIONAL, // WARNING: buggy support before LM 2.0C!!
IN LPHLOG auditloghandle,
IN DWORD offset,
IN LPDWORD reserved1 OPTIONAL,
IN DWORD reserved2,
IN DWORD offsetflag,
OUT LPBYTE *bufptr,
IN DWORD prefmaxlen,
OUT LPDWORD bytesread,
OUT LPDWORD totalavailable
);
NET_API_STATUS NET_API_FUNCTION
NetAuditWrite (
IN DWORD type,
IN LPBYTE buf,
IN DWORD numbytes,
IN LPCWSTR service OPTIONAL,
IN LPBYTE reserved OPTIONAL
);
//
// Data Structures - Audit
//
typedef struct _AUDIT_ENTRY {
DWORD ae_len;
DWORD ae_reserved;
DWORD ae_time;
DWORD ae_type;
DWORD ae_data_offset; /* Offset from beginning
address of audit_entry */
DWORD ae_data_size; // byte count of ae_data area (not incl pad).
} AUDIT_ENTRY, *PAUDIT_ENTRY, *LPAUDIT_ENTRY;
// BUGBUG: Temporary to let users ifdef on this struct layout.
#define REVISED_AUDIT_ENTRY_STRUCT
typedef struct _AE_SRVSTATUS {
DWORD ae_sv_status;
} AE_SRVSTATUS, *PAE_SRVSTATUS, *LPAE_SRVSTATUS;
typedef struct _AE_SESSLOGON {
DWORD ae_so_compname;
DWORD ae_so_username;
DWORD ae_so_privilege;
} AE_SESSLOGON, *PAE_SESSLOGON, *LPAE_SESSLOGON;
typedef struct _AE_SESSLOGOFF {
DWORD ae_sf_compname;
DWORD ae_sf_username;
DWORD ae_sf_reason;
} AE_SESSLOGOFF, *PAE_SESSLOGOFF, *LPAE_SESSLOGOFF;
typedef struct _AE_SESSPWERR {
DWORD ae_sp_compname;
DWORD ae_sp_username;
} AE_SESSPWERR, *PAE_SESSPWERR, *LPAE_SESSPWERR;
typedef struct _AE_CONNSTART {
DWORD ae_ct_compname;
DWORD ae_ct_username;
DWORD ae_ct_netname;
DWORD ae_ct_connid;
} AE_CONNSTART, *PAE_CONNSTART, *LPAE_CONNSTART;
typedef struct _AE_CONNSTOP {
DWORD ae_cp_compname;
DWORD ae_cp_username;
DWORD ae_cp_netname;
DWORD ae_cp_connid;
DWORD ae_cp_reason;
} AE_CONNSTOP, *PAE_CONNSTOP, *LPAE_CONNSTOP;
typedef struct _AE_CONNREJ {
DWORD ae_cr_compname;
DWORD ae_cr_username;
DWORD ae_cr_netname;
DWORD ae_cr_reason;
} AE_CONNREJ, *PAE_CONNREJ, *LPAE_CONNREJ;
typedef struct _AE_RESACCESS {
DWORD ae_ra_compname;
DWORD ae_ra_username;
DWORD ae_ra_resname;
DWORD ae_ra_operation;
DWORD ae_ra_returncode;
DWORD ae_ra_restype;
DWORD ae_ra_fileid;
} AE_RESACCESS, *PAE_RESACCESS, *LPAE_RESACCESS;
typedef struct _AE_RESACCESSREJ {
DWORD ae_rr_compname;
DWORD ae_rr_username;
DWORD ae_rr_resname;
DWORD ae_rr_operation;
} AE_RESACCESSREJ, *PAE_RESACCESSREJ, *LPAE_RESACCESSREJ;
typedef struct _AE_CLOSEFILE {
DWORD ae_cf_compname;
DWORD ae_cf_username;
DWORD ae_cf_resname;
DWORD ae_cf_fileid;
DWORD ae_cf_duration;
DWORD ae_cf_reason;
} AE_CLOSEFILE, *PAE_CLOSEFILE, *LPAE_CLOSEFILE;
typedef struct _AE_SERVICESTAT {
DWORD ae_ss_compname;
DWORD ae_ss_username;
DWORD ae_ss_svcname;
DWORD ae_ss_status;
DWORD ae_ss_code;
DWORD ae_ss_text;
DWORD ae_ss_returnval;
} AE_SERVICESTAT, *PAE_SERVICESTAT, *LPAE_SERVICESTAT;
typedef struct _AE_ACLMOD {
DWORD ae_am_compname;
DWORD ae_am_username;
DWORD ae_am_resname;
DWORD ae_am_action;
DWORD ae_am_datalen;
} AE_ACLMOD, *PAE_ACLMOD, *LPAE_ACLMOD;
typedef struct _AE_UASMOD {
DWORD ae_um_compname;
DWORD ae_um_username;
DWORD ae_um_resname;
DWORD ae_um_rectype;
DWORD ae_um_action;
DWORD ae_um_datalen;
} AE_UASMOD, *PAE_UASMOD, *LPAE_UASMOD;
typedef struct _AE_NETLOGON {
DWORD ae_no_compname;
DWORD ae_no_username;
DWORD ae_no_privilege;
DWORD ae_no_authflags;
} AE_NETLOGON, *PAE_NETLOGON, *LPAE_NETLOGON;
typedef struct _AE_NETLOGOFF {
DWORD ae_nf_compname;
DWORD ae_nf_username;
DWORD ae_nf_reserved1;
DWORD ae_nf_reserved2;
} AE_NETLOGOFF, *PAE_NETLOGOFF, *LPAE_NETLOGOFF;
typedef struct _AE_ACCLIM {
DWORD ae_al_compname;
DWORD ae_al_username;
DWORD ae_al_resname;
DWORD ae_al_limit;
} AE_ACCLIM, *PAE_ACCLIM, *LPAE_ACCLIM;
#define ACTION_LOCKOUT 00
#define ACTION_ADMINUNLOCK 01
typedef struct _AE_LOCKOUT {
DWORD ae_lk_compname; // Ptr to computername of client.
DWORD ae_lk_username; // Ptr to username of client (NULL
// if same as computername).
DWORD ae_lk_action; // Action taken on account:
// 0 means locked out, 1 means not.
DWORD ae_lk_bad_pw_count; // Bad password count at the time
// of lockout.
} AE_LOCKOUT, *PAE_LOCKOUT, *LPAE_LOCKOUT;
typedef struct _AE_GENERIC {
DWORD ae_ge_msgfile;
DWORD ae_ge_msgnum;
DWORD ae_ge_params;
DWORD ae_ge_param1;
DWORD ae_ge_param2;
DWORD ae_ge_param3;
DWORD ae_ge_param4;
DWORD ae_ge_param5;
DWORD ae_ge_param6;
DWORD ae_ge_param7;
DWORD ae_ge_param8;
DWORD ae_ge_param9;
} AE_GENERIC, *PAE_GENERIC, *LPAE_GENERIC;
//
// Special Values and Constants - Audit
//
//
// Audit entry types (field ae_type in audit_entry).
//
#define AE_SRVSTATUS 0
#define AE_SESSLOGON 1
#define AE_SESSLOGOFF 2
#define AE_SESSPWERR 3
#define AE_CONNSTART 4
#define AE_CONNSTOP 5
#define AE_CONNREJ 6
#define AE_RESACCESS 7
#define AE_RESACCESSREJ 8
#define AE_CLOSEFILE 9
#define AE_SERVICESTAT 11
#define AE_ACLMOD 12
#define AE_UASMOD 13
#define AE_NETLOGON 14
#define AE_NETLOGOFF 15
#define AE_NETLOGDENIED 16
#define AE_ACCLIMITEXCD 17
#define AE_RESACCESS2 18
#define AE_ACLMODFAIL 19
#define AE_LOCKOUT 20
#define AE_GENERIC_TYPE 21
//
// Values for ae_ss_status field of ae_srvstatus.
//
#define AE_SRVSTART 0
#define AE_SRVPAUSED 1
#define AE_SRVCONT 2
#define AE_SRVSTOP 3
//
// Values for ae_so_privilege field of ae_sesslogon.
//
#define AE_GUEST 0
#define AE_USER 1
#define AE_ADMIN 2
//
// Values for various ae_XX_reason fields.
//
#define AE_NORMAL 0
#define AE_USERLIMIT 0
#define AE_GENERAL 0
#define AE_ERROR 1
#define AE_SESSDIS 1
#define AE_BADPW 1
#define AE_AUTODIS 2
#define AE_UNSHARE 2
#define AE_ADMINPRIVREQD 2
#define AE_ADMINDIS 3
#define AE_NOACCESSPERM 3
#define AE_ACCRESTRICT 4
#define AE_NORMAL_CLOSE 0
#define AE_SES_CLOSE 1
#define AE_ADMIN_CLOSE 2
//
// Values for xx_subreason fields.
//
#define AE_LIM_UNKNOWN 0
#define AE_LIM_LOGONHOURS 1
#define AE_LIM_EXPIRED 2
#define AE_LIM_INVAL_WKSTA 3
#define AE_LIM_DISABLED 4
#define AE_LIM_DELETED 5
//
// Values for xx_action fields
//
#define AE_MOD 0
#define AE_DELETE 1
#define AE_ADD 2
//
// Types of UAS record for um_rectype field
//
#define AE_UAS_USER 0
#define AE_UAS_GROUP 1
#define AE_UAS_MODALS 2
//
// Bitmasks for auditing events
//
// The parentheses around the hex constants broke h_to_inc
// and have been purged from the face of the earth.
//
#define SVAUD_SERVICE 0x1
#define SVAUD_GOODSESSLOGON 0x6
#define SVAUD_BADSESSLOGON 0x18
#define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)
#define SVAUD_GOODNETLOGON 0x60
#define SVAUD_BADNETLOGON 0x180
#define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)
#define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON)
#define SVAUD_GOODUSE 0x600
#define SVAUD_BADUSE 0x1800
#define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE)
#define SVAUD_USERLIST 0x2000
#define SVAUD_PERMISSIONS 0x4000
#define SVAUD_RESOURCE 0x8000
#define SVAUD_LOGONLIM 0x00010000
//
// Resource access audit bitmasks.
//
#define AA_AUDIT_ALL 0x0001
#define AA_A_OWNER 0x0004
#define AA_CLOSE 0x0008
#define AA_S_OPEN 0x0010
#define AA_S_WRITE 0x0020
#define AA_S_CREATE 0x0020
#define AA_S_DELETE 0x0040
#define AA_S_ACL 0x0080
#define AA_S_ALL ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)
#define AA_F_OPEN 0x0100
#define AA_F_WRITE 0x0200
#define AA_F_CREATE 0x0200
#define AA_F_DELETE 0x0400
#define AA_F_ACL 0x0800
#define AA_F_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
// Pinball-specific
#define AA_A_OPEN 0x1000
#define AA_A_WRITE 0x2000
#define AA_A_CREATE 0x2000
#define AA_A_DELETE 0x4000
#define AA_A_ACL 0x8000
#define AA_A_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
#ifdef __cplusplus
}
#endif
#endif // _LMAUDIT_