//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 2000 // // File: A D T G E N P . H // // Contents: private definitions of types/functions required for // generating generic audits. // // These definitions are not exposed to the client side code. // Any change to these definitions must not affect client // side code. // // // History: // 07-January-2000 kumarp created // //------------------------------------------------------------------------ #ifndef _ADTGENP_H #define _ADTGENP_H #define ACF_LegacyAudit 0x00000001L #define ACF_ValidFlags (ACF_LegacyAudit) // // audit context for legacy audits // typedef struct _AUDIT_CONTEXT { // // List management // LIST_ENTRY Link; // // Flags TBD // DWORD Flags; // // PID of the process owning this context // DWORD ProcessId; // // Client supplied unique ID // This allows us to link this context with the client side // audit event type handle // LUID LinkId; // // for further enhancement // PVOID Reserved; // // Audit category ID // USHORT CategoryId; // // Audit event ID // USHORT AuditId; // // Expected parameter count // USHORT ParameterCount; } AUDIT_CONTEXT, *PAUDIT_CONTEXT; EXTERN_C NTSTATUS LsapAdtInitGenericAudits( VOID ); EXTERN_C NTSTATUS LsapRegisterAuditEvent( IN PAUTHZ_AUDIT_EVENT_TYPE_OLD pAuditEventType, OUT PHANDLE phAuditContext ); EXTERN_C NTSTATUS LsapUnregisterAuditEvent( IN OUT PHANDLE phAuditContext ); EXTERN_C NTSTATUS LsapGenAuditEvent( IN HANDLE hAuditContext, IN DWORD Flags, IN PAUDIT_PARAMS pAuditParams, IN PVOID Reserved ); NTSTATUS LsapAdtMapAuditParams( IN PAUDIT_PARAMS pAuditParams, OUT PSE_ADT_PARAMETER_ARRAY pSeAuditParameters, OUT PUNICODE_STRING pString, OUT PSE_ADT_OBJECT_TYPE* pObjectTypeList ); NTSTATUS LsapAdtCheckAuditPrivilege( VOID ); NTSTATUS LsapAdtRundownSecurityEventSource( IN DWORD dwFlags, IN DWORD dwCallerProcessId, IN OUT SECURITY_SOURCE_HANDLE * phEventSource ); typedef struct _LSAP_SECURITY_EVENT_SOURCE { LIST_ENTRY List; DWORD dwFlags; PWSTR szEventSourceName; DWORD dwProcessId; LUID Identifier; DWORD dwRefCount; } LSAP_SECURITY_EVENT_SOURCE, *PLSAP_SECURITY_EVENT_SOURCE; EXTERN_C NTSTATUS LsapAdtRegisterSecurityEventSource( IN DWORD dwFlags, IN PCWSTR szEventSourceName, OUT AUDIT_HANDLE *phEventSource ); EXTERN_C NTSTATUS LsapAdtUnregisterSecurityEventSource( IN DWORD dwFlags, IN AUDIT_HANDLE hEventSource ); EXTERN_C NTSTATUS LsapAdtReportSecurityEvent( DWORD dwFlags, PLSAP_SECURITY_EVENT_SOURCE pSource, DWORD dwAuditId, PSID pSid, PAUDIT_PARAMS pParams ); #endif //_ADTGENP_H