archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/adt.h

283 lines
7.4 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. adt.h
  9. Abstract:
  11. Local Security Authority - Audit Log Management - Public Defines,
  12. data and function prototypes.
  14. Functions, data and defines in this module are exported to the
  15. whole of the Lsa subsystem from the Auditing Sub-component.
  17. Author:
  19. Scott Birrell (ScottBi) November 20, 1991
  21. Environment:
  23. Revision History:
  25. --*/
  27. #ifndef _ADT_H
  28. #define _ADT_H
  31. //
  32. // Audit Log Information. This must be kept in sync with the information
  33. // in the Lsa Database.
  34. //
  36. extern POLICY_AUDIT_LOG_INFO LsapAdtLogInformation;
  38. extern LSARM_POLICY_AUDIT_EVENTS_INFO LsapAdtEventsInformation;
  40. POLICY_AUDIT_EVENT_TYPE
  41. LsapAdtEventTypeFromCategoryId(
  42. IN ULONG CategoryId
  43. );
  45. BOOLEAN
  46. LsapAdtAuditingEnabledByCategory(
  47. IN POLICY_AUDIT_EVENT_TYPE Category,
  48. IN UINT AuditEventType
  49. );
  51. NTSTATUS
  52. LsapAdtAuditingEnabledBySid(
  53. IN POLICY_AUDIT_EVENT_TYPE Category,
  54. IN PSID UserSid,
  55. IN UINT AuditEventType,
  56. OUT PBOOLEAN bAudit
  57. );
  59. NTSTATUS
  60. LsapAdtAuditingEnabledByLogonId(
  61. IN POLICY_AUDIT_EVENT_TYPE Category,
  62. IN PLUID LogonId,
  63. IN UINT AuditEventType,
  64. OUT PBOOLEAN bAudit
  65. );
  67. NTSTATUS
  68. LsapAdtAuditingEnabledByPolicy(
  69. IN POLICY_AUDIT_EVENT_TYPE Category,
  70. IN PTOKEN_AUDIT_POLICY pPolicy,
  71. IN UINT AuditEventType,
  72. OUT PBOOLEAN bAudit
  73. );
  75. BOOLEAN
  76. LsapAdtAuditingEnabledHint(
  77. IN POLICY_AUDIT_EVENT_TYPE AuditCategory,
  78. IN UINT AuditEventType
  79. );
  81. NTSTATUS
  82. LsapAdtWriteLogWrkr(
  83. IN PLSA_COMMAND_MESSAGE CommandMessage,
  84. OUT PLSA_REPLY_MESSAGE ReplyMessage
  85. );
  87. NTSTATUS
  88. LsapAdtInitialize(
  89. );
  91. NTSTATUS
  92. LsapAdtInitializeDefaultAuditing(
  93. IN ULONG Options,
  94. OUT PLSARM_POLICY_AUDIT_EVENTS_INFO AuditEventsInformation
  95. );
  97. VOID
  98. LsapAdtAuditPackageLoad(
  99. PUNICODE_STRING PackageFileName
  100. );
  102. VOID
  103. LsapAdtGenerateLsaAuditSystemAccessChange(
  104. IN USHORT EventCategory,
  105. IN ULONG EventID,
  106. IN USHORT EventType,
  107. IN PSID ClientSid,
  108. IN LUID CallerAuthenticationId,
  109. IN PSID TargetSid,
  110. IN PCWSTR szSystemAccess
  111. );
  113. NTSTATUS
  114. LsapAdtGenerateLsaAuditEvent(
  115. IN LSAPR_HANDLE ObjectHandle,
  116. IN ULONG AuditEventCategory,
  117. IN ULONG AuditEventId,
  118. IN PPRIVILEGE_SET Privileges,
  119. IN ULONG SidCount,
  120. IN PSID *Sids OPTIONAL,
  121. IN ULONG UnicodeStringCount,
  122. IN PUNICODE_STRING UnicodeStrings OPTIONAL,
  123. IN PLSARM_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo OPTIONAL
  124. );
  126. NTSTATUS
  127. LsapAdtTrustedDomainAdd(
  128. IN USHORT EventType,
  129. IN PUNICODE_STRING pName,
  130. IN PSID pSid,
  131. IN ULONG Type,
  132. IN ULONG Direction,
  133. IN ULONG Attributes
  134. );
  136. NTSTATUS
  137. LsapAdtTrustedDomainRem(
  138. IN USHORT EventType,
  139. IN PUNICODE_STRING pName,
  140. IN PSID pSid,
  141. IN PSID pClientSid,
  142. IN PLUID pClientAuthId
  143. );
  145. NTSTATUS
  146. LsapAdtTrustedDomainMod(
  147. IN USHORT EventType,
  148. IN PSID pDomainSid,
  150. IN PUNICODE_STRING pOldName,
  151. IN ULONG OldType,
  152. IN ULONG OldDirection,
  153. IN ULONG OldAttributes,
  155. IN PUNICODE_STRING pNewName,
  156. IN ULONG NewType,
  157. IN ULONG NewDirection,
  158. IN ULONG NewAttributes
  159. );
  162. NTSTATUS
  163. LsapAdtGenerateLsaAuditEventWithClientSid(
  164. IN ULONG AuditEventCategory,
  165. IN ULONG AuditEventId,
  166. IN PSID ClientSid,
  167. IN LUID ClientAuthenticationId,
  168. IN PPRIVILEGE_SET Privileges,
  169. IN ULONG SidCount,
  170. IN PSID *Sids OPTIONAL,
  171. IN ULONG UnicodeStringCount,
  172. IN PUNICODE_STRING UnicodeStrings OPTIONAL,
  173. IN PLSARM_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo OPTIONAL
  174. );
  176. typedef enum _OBJECT_OPERATION_TYPE {
  177. ObjectOperationNone=0,
  178. ObjectOperationQuery,
  179. ObjectOperationDummyLast
  180. } OBJECT_OPERATION_TYPE;
  182. NTSTATUS
  183. LsapAdtGenerateObjectOperationAuditEvent(
  184. IN LSAPR_HANDLE ObjectHandle,
  185. IN USHORT AuditEventType,
  186. IN OBJECT_OPERATION_TYPE OperationType
  187. );
  189. NTSTATUS
  190. LsapAdtGenerateDomainPolicyChangeAuditEvent(
  191. IN POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
  192. IN USHORT AuditEventType,
  193. IN LSAP_DB_ATTRIBUTE* OldAttributes,
  194. IN LSAP_DB_ATTRIBUTE* NewAttributes,
  195. IN ULONG AttributeCount
  196. );
  198. NTSTATUS
  199. LsapAdtTrustedForestNamespaceCollision(
  200. IN LSA_FOREST_TRUST_COLLISION_RECORD_TYPE CollisionTargetType,
  201. IN PUNICODE_STRING pCollisionTargetName,
  202. IN PUNICODE_STRING pForestRootDomainName,
  203. IN PUNICODE_STRING pTopLevelName,
  204. IN PUNICODE_STRING pDnsName,
  205. IN PUNICODE_STRING pNetbiosName,
  206. IN PSID pSid,
  207. IN ULONG NewFlags
  208. );
  210. NTSTATUS
  211. LsapAdtTrustedForestInfoEntryAdd(
  212. IN PUNICODE_STRING pForestRootDomainName,
  213. IN PSID pForestRootDomainSid,
  214. IN PLUID pOperationId,
  215. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  216. IN ULONG Flags,
  217. IN PUNICODE_STRING TopLevelName,
  218. IN PUNICODE_STRING DnsName,
  219. IN PUNICODE_STRING NetbiosName,
  220. IN PSID pSid
  221. );
  223. NTSTATUS
  224. LsapAdtTrustedForestInfoEntryRem(
  225. IN PUNICODE_STRING pForestRootDomainName,
  226. IN PSID pForestRootDomainSid,
  227. IN PLUID pOperationId,
  228. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  229. IN ULONG Flags,
  230. IN PUNICODE_STRING TopLevelName,
  231. IN PUNICODE_STRING DnsName,
  232. IN PUNICODE_STRING NetbiosName,
  233. IN PSID pSid
  234. );
  236. NTSTATUS
  237. LsapAdtTrustedForestInfoEntryMod(
  238. IN PUNICODE_STRING pForestRootDomainName,
  239. IN PSID pForestRootDomainSid,
  240. IN PLUID pOperationId,
  241. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  243. IN ULONG OldFlags,
  244. IN PUNICODE_STRING pOldTopLevelName,
  245. IN PUNICODE_STRING pOldDnsName,
  246. IN PUNICODE_STRING pOldNetbiosName,
  247. IN PSID pOldSid,
  249. IN ULONG NewFlags,
  250. IN PUNICODE_STRING pNewTopLevelName,
  251. IN PUNICODE_STRING pNewDnsName,
  252. IN PUNICODE_STRING pNewNetbiosName,
  253. IN PSID pNewSid
  254. );
  256. //
  257. // Macro to determine the size of a PRIVILEGE_SET
  258. //
  260. #define LsapPrivilegeSetSize( PrivilegeSet ) \
  261. ( ( PrivilegeSet ) == NULL ? 0 : \
  262. ((( PrivilegeSet )->PrivilegeCount > 0) \
  263. ? \
  264. ((ULONG)sizeof(PRIVILEGE_SET) + \
  265. ( \
  266. (( PrivilegeSet )->PrivilegeCount - ANYSIZE_ARRAY) * \
  267. (ULONG)sizeof(LUID_AND_ATTRIBUTES) \
  268. ) \
  269. ) \
  270. : ((ULONG)sizeof(PRIVILEGE_SET) - (ULONG)sizeof(LUID_AND_ATTRIBUTES)) \
  271. ))
  273. ULONG
  274. LsapStringListSize(
  275. IN PLSA_ADT_STRING_LIST pStringList
  276. );
  278. ULONG
  279. LsapSidListSize(
  280. IN PLSA_ADT_SID_LIST pSidList
  281. );
  283. #endif // _ADT_H