mirror of https://github.com/lianthony/NT4.0
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
464 lines
16 KiB
464 lines
16 KiB
/********************************************************************/
|
|
/** Microsoft LAN Manager **/
|
|
/** Copyright(c) Microsoft Corp., 1987-1990 **/
|
|
/********************************************************************/
|
|
|
|
|
|
|
|
/********************************************************************
|
|
* *
|
|
* About this file ... AUDIT.H *
|
|
* *
|
|
* This file contains information about the NetAudit APIs. *
|
|
* *
|
|
* Function prototypes. *
|
|
* *
|
|
* Data structure templates. *
|
|
* *
|
|
* Definition of special values. *
|
|
* *
|
|
* *
|
|
* NOTE: You must include NETCONS.H before this file, since this *
|
|
* file depends on values defined in NETCONS.H. *
|
|
* *
|
|
********************************************************************/
|
|
|
|
|
|
#ifndef NETAUDIT_INCLUDED
|
|
|
|
#define NETAUDIT_INCLUDED
|
|
|
|
|
|
/****************************************************************
|
|
* *
|
|
* Data Structures for LogRead *
|
|
* *
|
|
****************************************************************/
|
|
|
|
#ifndef LOGFLAGS_FORWARD
|
|
|
|
typedef struct loghandle
|
|
{
|
|
unsigned long time; /* Timestamp of first record */
|
|
unsigned long last_flags; /* Last call's flags */
|
|
unsigned long offset; /* Current offset in log */
|
|
unsigned long rec_offset; /* Current record offset in log */
|
|
} HLOG;
|
|
|
|
|
|
#define LOGFLAGS_FORWARD 0
|
|
#define LOGFLAGS_BACKWARD 0x1
|
|
#define LOGFLAGS_SEEK 0x2
|
|
|
|
#endif
|
|
|
|
|
|
/****************************************************************
|
|
* *
|
|
* Function prototypes *
|
|
* *
|
|
****************************************************************/
|
|
|
|
|
|
|
|
extern API_FUNCTION
|
|
NetAuditClear ( const char far * pszServer,
|
|
const char far * pszBackupFile,
|
|
char far * pszReserved );
|
|
|
|
extern API_FUNCTION
|
|
NetAuditOpen ( const char far * pszServer,
|
|
unsigned far * phAuditLog,
|
|
char far * pszReserved );
|
|
|
|
extern API_FUNCTION
|
|
NetAuditRead ( const char far * pszServer,
|
|
const char far * pszReserved1,
|
|
HLOG far * phAuditLog,
|
|
unsigned long ulOffset,
|
|
unsigned short far * pusReserved2,
|
|
unsigned long ulReserved3,
|
|
unsigned long flOffset,
|
|
char far * pbBuffer,
|
|
unsigned short cbBuffer,
|
|
unsigned short far * pcbReturned,
|
|
unsigned short far * pcbTotalAvail );
|
|
|
|
|
|
extern API_FUNCTION
|
|
NetAuditWrite ( unsigned short usType,
|
|
const char far * pbBuffer,
|
|
unsigned short cbBuffer,
|
|
char far * pszReserved1,
|
|
char far * pszReserved2 );
|
|
|
|
|
|
/****************************************************************
|
|
* *
|
|
* Data structure templates *
|
|
* *
|
|
****************************************************************/
|
|
|
|
/*
|
|
* General audit_entry information. For each type of entry,
|
|
* there may be additional information. This is found at an
|
|
* offset of "ae_data_offset" from the start of the audit_entry
|
|
* structure.
|
|
*
|
|
* Note that at the very end of each record is a word (unsigned
|
|
* short) that is the length of the record, the same value as
|
|
* found in ae_len. This length includes the whole record, including
|
|
* the trailing length word. This allows scanning backward.
|
|
*/
|
|
|
|
struct audit_entry {
|
|
unsigned short ae_len; /* length of record */
|
|
unsigned short ae_reserved;
|
|
unsigned long ae_time; /* time of entry */
|
|
unsigned short ae_type; /* type of entry */
|
|
unsigned short ae_data_offset; /* offset to ae_data */
|
|
}; /* audit_entry */
|
|
|
|
/*
|
|
* The following structures represent the layout of the data area
|
|
* of specific audit entry types. This is the information found
|
|
* at an offset of "ae_data_offset" from the start of the record.
|
|
* This will usually immediately follow the audit_entry structure,
|
|
* but DO NOT ASSUME THIS. Use the ae_data_offset value.
|
|
*
|
|
* Some of these fields are offsets of the start of a text string.
|
|
* The offset is from the start of the data area (i.e. the position
|
|
* identified by ae_data_offset), NOT from the start of the whole
|
|
* entry. This data will appear as ASCIIZ strings, usually in the
|
|
* area following the defined structure.
|
|
*/
|
|
|
|
/* Server status record */
|
|
struct ae_srvstatus {
|
|
|
|
unsigned short ae_sv_status;
|
|
/* AE_SRVSTART, AE_SRVPAUSED, */
|
|
/* AE_SRVCONT, AE_SRVSTOP */
|
|
}; /* ae_srvstatus */
|
|
|
|
struct ae_sesslogon {
|
|
unsigned short ae_so_compname; /* ptr to computername of client */
|
|
unsigned short ae_so_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_so_privilege; /* AE_GUEST, AE_USER, AE_ADMIN */
|
|
}; /* ae_sesslogon */
|
|
|
|
struct ae_sesslogoff {
|
|
unsigned short ae_sf_compname; /* ptr to computername of client */
|
|
unsigned short ae_sf_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_sf_reason; /* AE_NORMAL, AE_ERROR, AE_AUTODIS, */
|
|
/* AE_ADMINDIS */
|
|
}; /* ae_sesslogoff */
|
|
|
|
struct ae_sesspwerr {
|
|
unsigned short ae_sp_compname; /* ptr to computername of client */
|
|
unsigned short ae_sp_username; /* ptr to username submitted by */
|
|
/* client (NULL if same as */
|
|
/* computername) */
|
|
}; /* ae_sesspwerr */
|
|
|
|
struct ae_connstart {
|
|
unsigned short ae_ct_compname; /* ptr to computername of client */
|
|
unsigned short ae_ct_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_ct_netname; /* ptr to netname of share */
|
|
unsigned short ae_ct_connid; /* Unique connection ID */
|
|
}; /* ae_connstart */
|
|
|
|
struct ae_connstop {
|
|
unsigned short ae_cp_compname; /* ptr to computername of client */
|
|
unsigned short ae_cp_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_cp_netname; /* ptr to netname of share */
|
|
unsigned short ae_cp_connid; /* Unique connection ID */
|
|
unsigned short ae_cp_reason; /* AE_NORMAL/AE_SESSDIS/AE_UNSHARE */
|
|
}; /* ae_connstop */
|
|
|
|
struct ae_connrej {
|
|
unsigned short ae_cr_compname; /* ptr to computername of client */
|
|
unsigned short ae_cr_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_cr_netname; /* ptr to netname of share */
|
|
unsigned short ae_cr_reason; /* AE_USERLIMIT, AE_BADPW */
|
|
}; /* ae_connrej */
|
|
|
|
struct ae_resaccess {
|
|
unsigned short ae_ra_compname; /* ptr to computername of client */
|
|
unsigned short ae_ra_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_ra_resname; /* ptr to resource name */
|
|
unsigned short ae_ra_operation; /* Bitmask uses bits defined in */
|
|
/* access.h */
|
|
unsigned short ae_ra_returncode; /* return code from operation */
|
|
unsigned short ae_ra_restype; /* type of resource record */
|
|
unsigned short ae_ra_fileid; /* unique server ID of file */
|
|
}; /* ae_resaccess */
|
|
|
|
struct ae_resaccessrej {
|
|
unsigned short ae_rr_compname; /* ptr to computername of client */
|
|
unsigned short ae_rr_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_rr_resname; /* ptr to resource name */
|
|
unsigned short ae_rr_operation; /* Bitmask uses bits defined in */
|
|
/* access.h */
|
|
}; /* ae_resaccessrej */
|
|
|
|
struct ae_closefile {
|
|
unsigned short ae_cf_compname; /* ptr to computername of client */
|
|
unsigned short ae_cf_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_cf_resname; /* ptr to resource name */
|
|
unsigned short ae_cf_fileid; /* unique ID of file */
|
|
unsigned long ae_cf_duration; /* length of use of file */
|
|
unsigned short ae_cf_reason; /* How the file was closed */
|
|
/* 0 = Normal Client Close */
|
|
/* 1 = Session Disconnected */
|
|
/* 2 = Administrative Close */
|
|
}; /* ae_closefile */
|
|
|
|
struct ae_servicestat {
|
|
unsigned short ae_ss_compname; /* ptr to computername of client */
|
|
unsigned short ae_ss_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_ss_svcname; /* ptr to service name */
|
|
unsigned short ae_ss_status; /* status of service */
|
|
unsigned long ae_ss_code; /* code of service */
|
|
unsigned short ae_ss_text; /* text of service */
|
|
unsigned short ae_ss_returnval;
|
|
}; /* ae_servicestat */
|
|
|
|
|
|
struct ae_aclmod {
|
|
unsigned short ae_am_compname; /* ptr to computername of client */
|
|
unsigned short ae_am_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_am_resname; /* ptr to resource name */
|
|
unsigned short ae_am_action; /* action performed on ACL record */
|
|
/* 0 = mod, 1 = del, 2 = add */
|
|
unsigned short ae_am_datalen; /* length of data following struct */
|
|
}; /* ae_aclmod */
|
|
|
|
|
|
struct ae_uasmod {
|
|
unsigned short ae_um_compname; /* ptr to computername of client */
|
|
unsigned short ae_um_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_um_resname; /* ptr to resource name */
|
|
unsigned short ae_um_rectype; /* type of UAS record */
|
|
/* 0 = user, 1 = group, 2 = modals */
|
|
unsigned short ae_um_action; /* action performed on record */
|
|
/* 0 = mod, 1 = del, 2 = add */
|
|
unsigned short ae_um_datalen; /* length of appended structure */
|
|
}; /* ae_uasmod */
|
|
|
|
struct ae_netlogon {
|
|
unsigned short ae_no_compname; /* ptr to computername of client */
|
|
unsigned short ae_no_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_no_privilege; /* AE_GUEST, AE_USER, AE_ADMIN */
|
|
unsigned long ae_no_authflags; /* operator privileges */
|
|
}; /* ae_netlogon */
|
|
|
|
struct ae_netlogoff {
|
|
unsigned short ae_nf_compname; /* ptr to computername of client */
|
|
unsigned short ae_nf_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_reserved1; /* AE_NORMAL (reason for logoff) */
|
|
unsigned short ae_reserved2; /* AE_NORMAL (details of reason) */
|
|
}; /* ae_netlogoff */
|
|
|
|
struct ae_netlogdenied {
|
|
unsigned short ae_nd_compname; /* ptr to computername of client */
|
|
unsigned short ae_nd_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_nd_reason; /* reason for denial of netlogon */
|
|
unsigned short ae_nd_subreason; /* details of reason for denial */
|
|
}; /* ae_netlogdenied */
|
|
|
|
struct ae_acclim {
|
|
unsigned short ae_al_compname; /* ptr to computername of client */
|
|
unsigned short ae_al_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_al_resname; /* ptr to resource name */
|
|
unsigned short ae_al_limit; /* limit that was exceeded */
|
|
}; /* ae_acclim */
|
|
|
|
|
|
struct ae_resaccess2 {
|
|
unsigned short ae_ra2_compname; /* ptr to computername of client */
|
|
unsigned short ae_ra2_username; /* ptr to username of client (NULL */
|
|
/* if same as computername) */
|
|
unsigned short ae_ra2_resname; /* ptr to resource name */
|
|
unsigned short ae_ra2_operation; /* Bitmask uses bits defined in */
|
|
/* access.h */
|
|
unsigned short ae_ra2_returncode; /* return code from operation */
|
|
unsigned short ae_ra2_restype; /* type of resource record */
|
|
unsigned long ae_ra2_fileid; /* unique server ID of file */
|
|
}; /* ae_resaccess2 */
|
|
|
|
|
|
/****************************************************************
|
|
* *
|
|
* Special values and constants *
|
|
* *
|
|
****************************************************************/
|
|
|
|
|
|
/*
|
|
* Audit entry types (field ae_type in audit_entry).
|
|
*/
|
|
|
|
#define AE_SRVSTATUS 0
|
|
#define AE_SESSLOGON 1
|
|
#define AE_SESSLOGOFF 2
|
|
#define AE_SESSPWERR 3
|
|
#define AE_CONNSTART 4
|
|
#define AE_CONNSTOP 5
|
|
#define AE_CONNREJ 6
|
|
#define AE_RESACCESS 7
|
|
#define AE_RESACCESSREJ 8
|
|
#define AE_CLOSEFILE 9
|
|
#define AE_SERVICESTAT 11
|
|
#define AE_ACLMOD 12
|
|
#define AE_UASMOD 13
|
|
#define AE_NETLOGON 14
|
|
#define AE_NETLOGOFF 15
|
|
#define AE_NETLOGDENIED 16
|
|
#define AE_ACCLIMITEXCD 17
|
|
#define AE_RESACCESS2 18
|
|
#define AE_ACLMODFAIL 19
|
|
|
|
|
|
/*
|
|
* Values for ae_ss_status field of ae_srvstatus.
|
|
*/
|
|
|
|
#define AE_SRVSTART 0
|
|
#define AE_SRVPAUSED 1
|
|
#define AE_SRVCONT 2
|
|
#define AE_SRVSTOP 3
|
|
|
|
/*
|
|
* Values for ae_so_privilege field of ae_sesslogon.
|
|
*/
|
|
|
|
#define AE_GUEST 0
|
|
#define AE_USER 1
|
|
#define AE_ADMIN 2
|
|
|
|
/*
|
|
* Values for various ae_XX_reason fields.
|
|
*/
|
|
|
|
#define AE_NORMAL 0
|
|
#define AE_USERLIMIT 0
|
|
#define AE_GENERAL 0
|
|
#define AE_ERROR 1
|
|
#define AE_SESSDIS 1
|
|
#define AE_BADPW 1
|
|
#define AE_AUTODIS 2
|
|
#define AE_UNSHARE 2
|
|
#define AE_ADMINPRIVREQD 2
|
|
#define AE_ADMINDIS 3
|
|
#define AE_NOACCESSPERM 3
|
|
#define AE_ACCRESTRICT 4
|
|
|
|
#define AE_NORMAL_CLOSE 0
|
|
#define AE_SES_CLOSE 1
|
|
#define AE_ADMIN_CLOSE 2
|
|
|
|
|
|
/*
|
|
* Values for xx_subreason fields.
|
|
*/
|
|
|
|
#define AE_LIM_UNKNOWN 0
|
|
#define AE_LIM_LOGONHOURS 1
|
|
#define AE_LIM_EXPIRED 2
|
|
#define AE_LIM_INVAL_WKSTA 3
|
|
#define AE_LIM_DISABLED 4
|
|
#define AE_LIM_DELETED 5
|
|
|
|
|
|
|
|
/*
|
|
* Values for xx_action fields
|
|
*/
|
|
|
|
#define AE_MOD 0
|
|
#define AE_DELETE 1
|
|
#define AE_ADD 2
|
|
|
|
|
|
/*
|
|
* Types of UAS record for um_rectype field
|
|
*/
|
|
|
|
#define AE_UAS_USER 0
|
|
#define AE_UAS_GROUP 1
|
|
#define AE_UAS_MODALS 2
|
|
|
|
|
|
/*
|
|
* Bitmasks for auditing events
|
|
*
|
|
* The parentheses around the hex constants broke h_to_inc
|
|
* and have been purged from the face of the earth.
|
|
*/
|
|
|
|
#define SVAUD_SERVICE 0x1
|
|
#define SVAUD_GOODSESSLOGON 0x6
|
|
#define SVAUD_BADSESSLOGON 0x18
|
|
#define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)
|
|
#define SVAUD_GOODNETLOGON 0x60
|
|
#define SVAUD_BADNETLOGON 0x180
|
|
#define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)
|
|
#define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON)
|
|
#define SVAUD_GOODUSE 0x600
|
|
#define SVAUD_BADUSE 0x1800
|
|
#define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE)
|
|
#define SVAUD_USERLIST 0x2000
|
|
#define SVAUD_PERMISSIONS 0x4000
|
|
#define SVAUD_RESOURCE 0x8000
|
|
#define SVAUD_LOGONLIM 0x00010000
|
|
|
|
|
|
/*
|
|
* Resource access audit bitmasks.
|
|
*/
|
|
|
|
#define AA_AUDIT_ALL 0x0001
|
|
#define AA_A_OWNER 0x0004
|
|
#define AA_CLOSE 0x0008
|
|
#define AA_S_OPEN 0x0010
|
|
#define AA_S_WRITE 0x0020
|
|
#define AA_S_CREATE 0x0020
|
|
#define AA_S_DELETE 0x0040
|
|
#define AA_S_ACL 0x0080
|
|
#define AA_S_ALL ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)
|
|
#define AA_F_OPEN 0x0100
|
|
#define AA_F_WRITE 0x0200
|
|
#define AA_F_CREATE 0x0200
|
|
#define AA_F_DELETE 0x0400
|
|
#define AA_F_ACL 0x0800
|
|
#define AA_F_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
|
|
|
|
/* Pinball-specific */
|
|
#define AA_A_OPEN 0x1000
|
|
#define AA_A_WRITE 0x2000
|
|
#define AA_A_CREATE 0x2000
|
|
#define AA_A_DELETE 0x4000
|
|
#define AA_A_ACL 0x8000
|
|
#define AA_A_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* NETAUDIT_INCLUDED */
|