Leaked source code of windows server 2003
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 2000
//
// File: A D T G E N P . H
//
// Contents: private definitions of types/functions required for
// generating generic audits.
//
// These definitions are not exposed to the client side code.
// Any change to these definitions must not affect client
// side code.
//
//
// History:
// 07-January-2000 kumarp created
//
//------------------------------------------------------------------------
#ifndef _ADTGENP_H
#define _ADTGENP_H
#define ACF_LegacyAudit 0x00000001L
#define ACF_ValidFlags (ACF_LegacyAudit)
//
// audit context for legacy audits
//
typedef struct _AUDIT_CONTEXT { //
// List management
//
LIST_ENTRY Link;
//
// Flags TBD
//
DWORD Flags;
//
// PID of the process owning this context
//
DWORD ProcessId;
//
// Client supplied unique ID
// This allows us to link this context with the client side
// audit event type handle
//
LUID LinkId;
//
// for further enhancement
//
PVOID Reserved;
//
// Audit category ID
//
USHORT CategoryId;
//
// Audit event ID
//
USHORT AuditId;
//
// Expected parameter count
//
USHORT ParameterCount;
} AUDIT_CONTEXT, *PAUDIT_CONTEXT;
EXTERN_C NTSTATUS LsapAdtInitGenericAudits( VOID );
EXTERN_C NTSTATUS LsapRegisterAuditEvent( IN PAUTHZ_AUDIT_EVENT_TYPE_OLD pAuditEventType, OUT PHANDLE phAuditContext );
EXTERN_C NTSTATUS LsapUnregisterAuditEvent( IN OUT PHANDLE phAuditContext );
EXTERN_C NTSTATUS LsapGenAuditEvent( IN HANDLE hAuditContext, IN DWORD Flags, IN PAUDIT_PARAMS pAuditParams, IN PVOID Reserved );
NTSTATUS LsapAdtMapAuditParams( IN PAUDIT_PARAMS pAuditParams, OUT PSE_ADT_PARAMETER_ARRAY pSeAuditParameters, OUT PUNICODE_STRING pString, OUT PSE_ADT_OBJECT_TYPE* pObjectTypeList );
NTSTATUS LsapAdtCheckAuditPrivilege( VOID );
NTSTATUS LsapAdtRundownSecurityEventSource( IN DWORD dwFlags, IN DWORD dwCallerProcessId, IN OUT SECURITY_SOURCE_HANDLE * phEventSource );
typedef struct _LSAP_SECURITY_EVENT_SOURCE { LIST_ENTRY List; DWORD dwFlags; PWSTR szEventSourceName; DWORD dwProcessId; LUID Identifier; DWORD dwRefCount; } LSAP_SECURITY_EVENT_SOURCE, *PLSAP_SECURITY_EVENT_SOURCE;
EXTERN_C NTSTATUS LsapAdtRegisterSecurityEventSource( IN DWORD dwFlags, IN PCWSTR szEventSourceName, OUT AUDIT_HANDLE *phEventSource );
EXTERN_C NTSTATUS LsapAdtUnregisterSecurityEventSource( IN DWORD dwFlags, IN AUDIT_HANDLE hEventSource );
EXTERN_C NTSTATUS LsapAdtReportSecurityEvent( DWORD dwFlags, PLSAP_SECURITY_EVENT_SOURCE pSource, DWORD dwAuditId, PSID pSid, PAUDIT_PARAMS pParams );
#endif //_ADTGENP_H
|