archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/lsa/server/adt.h

286 lines
7.3 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. adt.h
  9. Abstract:
  11. Local Security Authority - Audit Log Management - Public Defines,
  12. data and function prototypes.
  14. Functions, data and defines in this module are exported to the
  15. whole of the Lsa subsystem from the Auditing Sub-component.
  17. Author:
  19. Scott Birrell (ScottBi) November 20, 1991
  21. Environment:
  23. Revision History:
  25. --*/
  27. #ifndef _ADT_H
  28. #define _ADT_H
  30. //
  31. // Initialization Pass for Auditing.
  32. //
  34. extern ULONG LsapAdtInitializationPass;
  36. //
  37. // Audit Log Information. This must be kept in sync with the information
  38. // in the Lsa Database.
  39. //
  41. extern POLICY_AUDIT_LOG_INFO LsapAdtLogInformation;
  43. extern LSARM_POLICY_AUDIT_EVENTS_INFO LsapAdtEventsInformation;
  45. //
  46. // Audit Log Full Information.
  47. //
  49. extern POLICY_AUDIT_FULL_QUERY_INFO LsapAdtLogFullInformation;
  51. //
  52. // Audit Log Maximum Record Id. Audit Records are numbered serially until
  53. // this limit is reached, then numbering wraps to 0.
  54. //
  56. #define LSAP_ADT_MAXIMUM_RECORD_ID (0x7fffffffL)
  58. //
  59. // Options for LsapAdtQueryAuditLogFullInfo
  60. //
  62. #define LSAP_ADT_LOG_FULL_UPDATE ((ULONG)(0x00000001L))
  65. NTSTATUS
  66. LsapAdtWriteLogWrkr(
  67. IN PLSA_COMMAND_MESSAGE CommandMessage,
  68. OUT PLSA_REPLY_MESSAGE ReplyMessage
  69. );
  71. NTSTATUS
  72. LsapAdtSetInfoLog(
  73. IN LSAPR_HANDLE PolicyHandle,
  74. IN PPOLICY_AUDIT_LOG_INFO PolicyAuditLogInfo
  75. );
  77. NTSTATUS
  78. LsapAdtInitialize(
  79. );
  81. NTSTATUS
  82. LsapAdtInitializeDefaultAuditing(
  83. IN ULONG Options,
  84. OUT PLSARM_POLICY_AUDIT_EVENTS_INFO AuditEventsInformation
  85. );
  87. VOID
  88. LsapAdtAuditingLogon(
  89. PLSARM_POLICY_AUDIT_EVENTS_INFO AuditEventsInfo
  90. );
  93. VOID
  94. LsapAdtAuditPackageLoad(
  95. PUNICODE_STRING PackageFileName
  96. );
  98. VOID
  99. LsapAdtGenerateLsaAuditSystemAccessChange(
  100. IN USHORT EventCategory,
  101. IN ULONG EventID,
  102. IN USHORT EventType,
  103. IN PSID ClientSid,
  104. IN LUID CallerAuthenticationId,
  105. IN PSID TargetSid,
  106. IN PCWSTR szSystemAccess
  107. );
  109. NTSTATUS
  110. LsapAdtGenerateLsaAuditEvent(
  111. IN LSAPR_HANDLE ObjectHandle,
  112. IN ULONG AuditEventCategory,
  113. IN ULONG AuditEventId,
  114. IN PPRIVILEGE_SET Privileges,
  115. IN ULONG SidCount,
  116. IN PSID *Sids OPTIONAL,
  117. IN ULONG UnicodeStringCount,
  118. IN PUNICODE_STRING UnicodeStrings OPTIONAL,
  119. IN PLSARM_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo OPTIONAL
  120. );
  122. NTSTATUS
  123. LsapAdtTrustedDomainAdd(
  124. IN USHORT EventType,
  125. IN PUNICODE_STRING pName,
  126. IN PSID pSid,
  127. IN ULONG Type,
  128. IN ULONG Direction,
  129. IN ULONG Attributes
  130. );
  132. NTSTATUS
  133. LsapAdtTrustedDomainRem(
  134. IN USHORT EventType,
  135. IN PUNICODE_STRING pName,
  136. IN PSID pSid,
  137. IN PSID pClientSid,
  138. IN PLUID pClientAuthId
  139. );
  141. NTSTATUS
  142. LsapAdtTrustedDomainMod(
  143. IN USHORT EventType,
  144. IN PSID pDomainSid,
  146. IN PUNICODE_STRING pOldName,
  147. IN ULONG OldType,
  148. IN ULONG OldDirection,
  149. IN ULONG OldAttributes,
  151. IN PUNICODE_STRING pNewName,
  152. IN ULONG NewType,
  153. IN ULONG NewDirection,
  154. IN ULONG NewAttributes
  155. );
  158. NTSTATUS
  159. LsapAdtGenerateLsaAuditEventWithClientSid(
  160. IN ULONG AuditEventCategory,
  161. IN ULONG AuditEventId,
  162. IN PSID ClientSid,
  163. IN LUID ClientAuthenticationId,
  164. IN PPRIVILEGE_SET Privileges,
  165. IN ULONG SidCount,
  166. IN PSID *Sids OPTIONAL,
  167. IN ULONG UnicodeStringCount,
  168. IN PUNICODE_STRING UnicodeStrings OPTIONAL,
  169. IN PLSARM_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo OPTIONAL
  170. );
  172. typedef enum _OBJECT_OPERATION_TYPE {
  173. ObjectOperationNone=0,
  174. ObjectOperationQuery,
  175. ObjectOperationDummyLast
  176. } OBJECT_OPERATION_TYPE;
  178. NTSTATUS
  179. LsapAdtGenerateObjectOperationAuditEvent(
  180. IN LSAPR_HANDLE ObjectHandle,
  181. IN USHORT AuditEventType,
  182. IN OBJECT_OPERATION_TYPE OperationType
  183. );
  185. NTSTATUS
  186. LsapAdtGenerateDomainPolicyChangeAuditEvent(
  187. IN POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
  188. IN USHORT AuditEventType,
  189. IN LSAP_DB_ATTRIBUTE* OldAttributes,
  190. IN LSAP_DB_ATTRIBUTE* NewAttributes,
  191. IN ULONG AttributeCount
  192. );
  194. BOOLEAN
  195. LsapAdtIsAuditingEnabledForCategory(
  196. IN POLICY_AUDIT_EVENT_TYPE AuditCategory,
  197. IN UINT AuditEventType
  198. );
  200. NTSTATUS
  201. LsapAdtTrustedForestNamespaceCollision(
  202. IN LSA_FOREST_TRUST_COLLISION_RECORD_TYPE CollisionTargetType,
  203. IN PUNICODE_STRING pCollisionTargetName,
  204. IN PUNICODE_STRING pForestRootDomainName,
  205. IN PUNICODE_STRING pTopLevelName,
  206. IN PUNICODE_STRING pDnsName,
  207. IN PUNICODE_STRING pNetbiosName,
  208. IN PSID pSid,
  209. IN ULONG NewFlags
  210. );
  212. NTSTATUS
  213. LsapAdtTrustedForestInfoEntryAdd(
  214. IN PUNICODE_STRING pForestRootDomainName,
  215. IN PSID pForestRootDomainSid,
  216. IN PLUID pOperationId,
  217. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  218. IN ULONG Flags,
  219. IN PUNICODE_STRING TopLevelName,
  220. IN PUNICODE_STRING DnsName,
  221. IN PUNICODE_STRING NetbiosName,
  222. IN PSID pSid
  223. );
  225. NTSTATUS
  226. LsapAdtTrustedForestInfoEntryRem(
  227. IN PUNICODE_STRING pForestRootDomainName,
  228. IN PSID pForestRootDomainSid,
  229. IN PLUID pOperationId,
  230. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  231. IN ULONG Flags,
  232. IN PUNICODE_STRING TopLevelName,
  233. IN PUNICODE_STRING DnsName,
  234. IN PUNICODE_STRING NetbiosName,
  235. IN PSID pSid
  236. );
  238. NTSTATUS
  239. LsapAdtTrustedForestInfoEntryMod(
  240. IN PUNICODE_STRING pForestRootDomainName,
  241. IN PSID pForestRootDomainSid,
  242. IN PLUID pOperationId,
  243. IN LSA_FOREST_TRUST_RECORD_TYPE EntryType,
  245. IN ULONG OldFlags,
  246. IN PUNICODE_STRING pOldTopLevelName,
  247. IN PUNICODE_STRING pOldDnsName,
  248. IN PUNICODE_STRING pOldNetbiosName,
  249. IN PSID pOldSid,
  251. IN ULONG NewFlags,
  252. IN PUNICODE_STRING pNewTopLevelName,
  253. IN PUNICODE_STRING pNewDnsName,
  254. IN PUNICODE_STRING pNewNetbiosName,
  255. IN PSID pNewSid
  256. );
  260. #define LsapAdtAuditingEnabled() \
  261. (LsapAdtEventsInformation.AuditingMode)
  263. #define LsapAdtAuditingPolicyChanges() \
  264. (LsapAdtAuditingEnabled() && \
  265. (LsapAdtEventsInformation.EventAuditingOptions[ AuditCategoryPolicyChange ] & POLICY_AUDIT_EVENT_SUCCESS))
  268. //
  269. // Macro to determine the size of a PRIVILEGE_SET
  270. //
  272. #define LsapPrivilegeSetSize( PrivilegeSet ) \
  273. ( ( PrivilegeSet ) == NULL ? 0 : \
  274. ((( PrivilegeSet )->PrivilegeCount > 0) \
  275. ? \
  276. ((ULONG)sizeof(PRIVILEGE_SET) + \
  277. ( \
  278. (( PrivilegeSet )->PrivilegeCount - ANYSIZE_ARRAY) * \
  279. (ULONG)sizeof(LUID_AND_ATTRIBUTES) \
  280. ) \
  281. ) \
  282. : ((ULONG)sizeof(PRIVILEGE_SET) - (ULONG)sizeof(LUID_AND_ATTRIBUTES)) \
  283. ))
  286. #endif // _ADT_H