You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
163 lines
3.2 KiB
163 lines
3.2 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 2000
|
|
//
|
|
// File: A D T G E N P . H
|
|
//
|
|
// Contents: private definitions of types/functions required for
|
|
// generating generic audits.
|
|
//
|
|
// These definitions are not exposed to the client side code.
|
|
// Any change to these definitions must not affect client
|
|
// side code.
|
|
//
|
|
//
|
|
// History:
|
|
// 07-January-2000 kumarp created
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
|
|
#ifndef _ADTGENP_H
|
|
#define _ADTGENP_H
|
|
|
|
#define ACF_LegacyAudit 0x00000001L
|
|
|
|
#define ACF_ValidFlags (ACF_LegacyAudit)
|
|
|
|
//
|
|
// audit context for legacy audits
|
|
//
|
|
typedef struct _AUDIT_CONTEXT
|
|
{
|
|
//
|
|
// List management
|
|
//
|
|
LIST_ENTRY Link;
|
|
|
|
//
|
|
// Flags TBD
|
|
//
|
|
DWORD Flags;
|
|
|
|
//
|
|
// PID of the process owning this context
|
|
//
|
|
DWORD ProcessId;
|
|
|
|
//
|
|
// Client supplied unique ID
|
|
// This allows us to link this context with the client side
|
|
// audit event type handle
|
|
//
|
|
LUID LinkId;
|
|
|
|
//
|
|
// for further enhancement
|
|
//
|
|
PVOID Reserved;
|
|
|
|
//
|
|
// Audit category ID
|
|
//
|
|
USHORT CategoryId;
|
|
|
|
//
|
|
// Audit event ID
|
|
//
|
|
USHORT AuditId;
|
|
|
|
//
|
|
// Expected parameter count
|
|
//
|
|
USHORT ParameterCount;
|
|
|
|
} AUDIT_CONTEXT, *PAUDIT_CONTEXT;
|
|
|
|
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapAdtInitGenericAudits( VOID );
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapRegisterAuditEvent(
|
|
IN PAUTHZ_AUDIT_EVENT_TYPE_OLD pAuditEventType,
|
|
OUT PHANDLE phAuditContext
|
|
);
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapUnregisterAuditEvent(
|
|
IN OUT PHANDLE phAuditContext
|
|
);
|
|
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapGenAuditEvent(
|
|
IN HANDLE hAuditContext,
|
|
IN DWORD Flags,
|
|
IN PAUDIT_PARAMS pAuditParams,
|
|
IN PVOID Reserved
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapAdtMapAuditParams(
|
|
IN PAUDIT_PARAMS pAuditParams,
|
|
OUT PSE_ADT_PARAMETER_ARRAY pSeAuditParameters,
|
|
OUT PUNICODE_STRING pString,
|
|
OUT PSE_ADT_OBJECT_TYPE* pObjectTypeList
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapAdtCheckAuditPrivilege(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapAdtRundownSecurityEventSource(
|
|
IN DWORD dwFlags,
|
|
IN DWORD dwCallerProcessId,
|
|
IN OUT SECURITY_SOURCE_HANDLE * phEventSource
|
|
);
|
|
|
|
typedef struct _LSAP_SECURITY_EVENT_SOURCE
|
|
{
|
|
LIST_ENTRY List;
|
|
DWORD dwFlags;
|
|
PWSTR szEventSourceName;
|
|
DWORD dwProcessId;
|
|
LUID Identifier;
|
|
DWORD dwRefCount;
|
|
} LSAP_SECURITY_EVENT_SOURCE, *PLSAP_SECURITY_EVENT_SOURCE;
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapAdtRegisterSecurityEventSource(
|
|
IN DWORD dwFlags,
|
|
IN PCWSTR szEventSourceName,
|
|
OUT AUDIT_HANDLE *phEventSource
|
|
);
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapAdtUnregisterSecurityEventSource(
|
|
IN DWORD dwFlags,
|
|
IN AUDIT_HANDLE hEventSource
|
|
);
|
|
|
|
EXTERN_C
|
|
NTSTATUS
|
|
LsapAdtReportSecurityEvent(
|
|
DWORD dwFlags,
|
|
PLSAP_SECURITY_EVENT_SOURCE pSource,
|
|
DWORD dwAuditId,
|
|
PSID pSid,
|
|
PAUDIT_PARAMS pParams
|
|
);
|
|
|
|
#endif //_ADTGENP_H
|