Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

401 lines
10 KiB

  1. /*++ BUILD Version: 0003 // Increment this if a change has global effects
  2. Copyright (c) 1991-1999 Microsoft Corporation
  3. Module Name:
  4. lmaudit.h
  5. Abstract:
  6. This module defines the API function prototypes and data structures
  7. for the following groups of NT API functions:
  8. NetAudit
  9. Environment:
  10. User Mode - Win32
  11. Notes:
  12. You must include NETCONS.H before this file, since this file depends
  13. on values defined in NETCONS.H.
  14. --*/
  15. #ifndef _LMAUDIT_
  16. #define _LMAUDIT_
  17. #if _MSC_VER > 1000
  18. #pragma once
  19. #endif
  20. #ifdef __cplusplus
  21. extern "C" {
  22. #endif
  23. #ifndef _LMHLOGDEFINED_
  24. #define _LMHLOGDEFINED_
  25. typedef struct _HLOG {
  26. DWORD time;
  27. DWORD last_flags;
  28. DWORD offset;
  29. DWORD rec_offset;
  30. } HLOG, *PHLOG, *LPHLOG;
  31. #define LOGFLAGS_FORWARD 0
  32. #define LOGFLAGS_BACKWARD 0x1
  33. #define LOGFLAGS_SEEK 0x2
  34. #endif
  35. //
  36. // Function Prototypes - Audit
  37. //
  38. NET_API_STATUS NET_API_FUNCTION
  39. NetAuditClear (
  40. IN LPCWSTR server OPTIONAL,
  41. IN LPCWSTR backupfile OPTIONAL,
  42. IN LPCWSTR service OPTIONAL // WARNING: buggy support before LM 2.0C!!
  43. );
  44. NET_API_STATUS NET_API_FUNCTION
  45. NetAuditRead (
  46. IN LPCWSTR server OPTIONAL,
  47. IN LPCWSTR service OPTIONAL, // WARNING: buggy support before LM 2.0C!!
  48. IN LPHLOG auditloghandle,
  49. IN DWORD offset,
  50. IN LPDWORD reserved1 OPTIONAL,
  51. IN DWORD reserved2,
  52. IN DWORD offsetflag,
  53. OUT LPBYTE *bufptr,
  54. IN DWORD prefmaxlen,
  55. OUT LPDWORD bytesread,
  56. OUT LPDWORD totalavailable
  57. );
  58. NET_API_STATUS NET_API_FUNCTION
  59. NetAuditWrite (
  60. IN DWORD type,
  61. IN LPBYTE buf,
  62. IN DWORD numbytes,
  63. IN LPCWSTR service OPTIONAL,
  64. IN LPBYTE reserved OPTIONAL
  65. );
  66. //
  67. // Data Structures - Audit
  68. //
  69. typedef struct _AUDIT_ENTRY {
  70. DWORD ae_len;
  71. DWORD ae_reserved;
  72. DWORD ae_time;
  73. DWORD ae_type;
  74. DWORD ae_data_offset; /* Offset from beginning
  75. address of audit_entry */
  76. DWORD ae_data_size; // byte count of ae_data area (not incl pad).
  77. } AUDIT_ENTRY, *PAUDIT_ENTRY, *LPAUDIT_ENTRY;
  78. #define REVISED_AUDIT_ENTRY_STRUCT
  79. typedef struct _AE_SRVSTATUS {
  80. DWORD ae_sv_status;
  81. } AE_SRVSTATUS, *PAE_SRVSTATUS, *LPAE_SRVSTATUS;
  82. typedef struct _AE_SESSLOGON {
  83. DWORD ae_so_compname;
  84. DWORD ae_so_username;
  85. DWORD ae_so_privilege;
  86. } AE_SESSLOGON, *PAE_SESSLOGON, *LPAE_SESSLOGON;
  87. typedef struct _AE_SESSLOGOFF {
  88. DWORD ae_sf_compname;
  89. DWORD ae_sf_username;
  90. DWORD ae_sf_reason;
  91. } AE_SESSLOGOFF, *PAE_SESSLOGOFF, *LPAE_SESSLOGOFF;
  92. typedef struct _AE_SESSPWERR {
  93. DWORD ae_sp_compname;
  94. DWORD ae_sp_username;
  95. } AE_SESSPWERR, *PAE_SESSPWERR, *LPAE_SESSPWERR;
  96. typedef struct _AE_CONNSTART {
  97. DWORD ae_ct_compname;
  98. DWORD ae_ct_username;
  99. DWORD ae_ct_netname;
  100. DWORD ae_ct_connid;
  101. } AE_CONNSTART, *PAE_CONNSTART, *LPAE_CONNSTART;
  102. typedef struct _AE_CONNSTOP {
  103. DWORD ae_cp_compname;
  104. DWORD ae_cp_username;
  105. DWORD ae_cp_netname;
  106. DWORD ae_cp_connid;
  107. DWORD ae_cp_reason;
  108. } AE_CONNSTOP, *PAE_CONNSTOP, *LPAE_CONNSTOP;
  109. typedef struct _AE_CONNREJ {
  110. DWORD ae_cr_compname;
  111. DWORD ae_cr_username;
  112. DWORD ae_cr_netname;
  113. DWORD ae_cr_reason;
  114. } AE_CONNREJ, *PAE_CONNREJ, *LPAE_CONNREJ;
  115. typedef struct _AE_RESACCESS {
  116. DWORD ae_ra_compname;
  117. DWORD ae_ra_username;
  118. DWORD ae_ra_resname;
  119. DWORD ae_ra_operation;
  120. DWORD ae_ra_returncode;
  121. DWORD ae_ra_restype;
  122. DWORD ae_ra_fileid;
  123. } AE_RESACCESS, *PAE_RESACCESS, *LPAE_RESACCESS;
  124. typedef struct _AE_RESACCESSREJ {
  125. DWORD ae_rr_compname;
  126. DWORD ae_rr_username;
  127. DWORD ae_rr_resname;
  128. DWORD ae_rr_operation;
  129. } AE_RESACCESSREJ, *PAE_RESACCESSREJ, *LPAE_RESACCESSREJ;
  130. typedef struct _AE_CLOSEFILE {
  131. DWORD ae_cf_compname;
  132. DWORD ae_cf_username;
  133. DWORD ae_cf_resname;
  134. DWORD ae_cf_fileid;
  135. DWORD ae_cf_duration;
  136. DWORD ae_cf_reason;
  137. } AE_CLOSEFILE, *PAE_CLOSEFILE, *LPAE_CLOSEFILE;
  138. typedef struct _AE_SERVICESTAT {
  139. DWORD ae_ss_compname;
  140. DWORD ae_ss_username;
  141. DWORD ae_ss_svcname;
  142. DWORD ae_ss_status;
  143. DWORD ae_ss_code;
  144. DWORD ae_ss_text;
  145. DWORD ae_ss_returnval;
  146. } AE_SERVICESTAT, *PAE_SERVICESTAT, *LPAE_SERVICESTAT;
  147. typedef struct _AE_ACLMOD {
  148. DWORD ae_am_compname;
  149. DWORD ae_am_username;
  150. DWORD ae_am_resname;
  151. DWORD ae_am_action;
  152. DWORD ae_am_datalen;
  153. } AE_ACLMOD, *PAE_ACLMOD, *LPAE_ACLMOD;
  154. typedef struct _AE_UASMOD {
  155. DWORD ae_um_compname;
  156. DWORD ae_um_username;
  157. DWORD ae_um_resname;
  158. DWORD ae_um_rectype;
  159. DWORD ae_um_action;
  160. DWORD ae_um_datalen;
  161. } AE_UASMOD, *PAE_UASMOD, *LPAE_UASMOD;
  162. typedef struct _AE_NETLOGON {
  163. DWORD ae_no_compname;
  164. DWORD ae_no_username;
  165. DWORD ae_no_privilege;
  166. DWORD ae_no_authflags;
  167. } AE_NETLOGON, *PAE_NETLOGON, *LPAE_NETLOGON;
  168. typedef struct _AE_NETLOGOFF {
  169. DWORD ae_nf_compname;
  170. DWORD ae_nf_username;
  171. DWORD ae_nf_reserved1;
  172. DWORD ae_nf_reserved2;
  173. } AE_NETLOGOFF, *PAE_NETLOGOFF, *LPAE_NETLOGOFF;
  174. typedef struct _AE_ACCLIM {
  175. DWORD ae_al_compname;
  176. DWORD ae_al_username;
  177. DWORD ae_al_resname;
  178. DWORD ae_al_limit;
  179. } AE_ACCLIM, *PAE_ACCLIM, *LPAE_ACCLIM;
  180. #define ACTION_LOCKOUT 00
  181. #define ACTION_ADMINUNLOCK 01
  182. typedef struct _AE_LOCKOUT {
  183. DWORD ae_lk_compname; // Ptr to computername of client.
  184. DWORD ae_lk_username; // Ptr to username of client (NULL
  185. // if same as computername).
  186. DWORD ae_lk_action; // Action taken on account:
  187. // 0 means locked out, 1 means not.
  188. DWORD ae_lk_bad_pw_count; // Bad password count at the time
  189. // of lockout.
  190. } AE_LOCKOUT, *PAE_LOCKOUT, *LPAE_LOCKOUT;
  191. typedef struct _AE_GENERIC {
  192. DWORD ae_ge_msgfile;
  193. DWORD ae_ge_msgnum;
  194. DWORD ae_ge_params;
  195. DWORD ae_ge_param1;
  196. DWORD ae_ge_param2;
  197. DWORD ae_ge_param3;
  198. DWORD ae_ge_param4;
  199. DWORD ae_ge_param5;
  200. DWORD ae_ge_param6;
  201. DWORD ae_ge_param7;
  202. DWORD ae_ge_param8;
  203. DWORD ae_ge_param9;
  204. } AE_GENERIC, *PAE_GENERIC, *LPAE_GENERIC;
  205. //
  206. // Special Values and Constants - Audit
  207. //
  208. //
  209. // Audit entry types (field ae_type in audit_entry).
  210. //
  211. #define AE_SRVSTATUS 0
  212. #define AE_SESSLOGON 1
  213. #define AE_SESSLOGOFF 2
  214. #define AE_SESSPWERR 3
  215. #define AE_CONNSTART 4
  216. #define AE_CONNSTOP 5
  217. #define AE_CONNREJ 6
  218. #define AE_RESACCESS 7
  219. #define AE_RESACCESSREJ 8
  220. #define AE_CLOSEFILE 9
  221. #define AE_SERVICESTAT 11
  222. #define AE_ACLMOD 12
  223. #define AE_UASMOD 13
  224. #define AE_NETLOGON 14
  225. #define AE_NETLOGOFF 15
  226. #define AE_NETLOGDENIED 16
  227. #define AE_ACCLIMITEXCD 17
  228. #define AE_RESACCESS2 18
  229. #define AE_ACLMODFAIL 19
  230. #define AE_LOCKOUT 20
  231. #define AE_GENERIC_TYPE 21
  232. //
  233. // Values for ae_ss_status field of ae_srvstatus.
  234. //
  235. #define AE_SRVSTART 0
  236. #define AE_SRVPAUSED 1
  237. #define AE_SRVCONT 2
  238. #define AE_SRVSTOP 3
  239. //
  240. // Values for ae_so_privilege field of ae_sesslogon.
  241. //
  242. #define AE_GUEST 0
  243. #define AE_USER 1
  244. #define AE_ADMIN 2
  245. //
  246. // Values for various ae_XX_reason fields.
  247. //
  248. #define AE_NORMAL 0
  249. #define AE_USERLIMIT 0
  250. #define AE_GENERAL 0
  251. #define AE_ERROR 1
  252. #define AE_SESSDIS 1
  253. #define AE_BADPW 1
  254. #define AE_AUTODIS 2
  255. #define AE_UNSHARE 2
  256. #define AE_ADMINPRIVREQD 2
  257. #define AE_ADMINDIS 3
  258. #define AE_NOACCESSPERM 3
  259. #define AE_ACCRESTRICT 4
  260. #define AE_NORMAL_CLOSE 0
  261. #define AE_SES_CLOSE 1
  262. #define AE_ADMIN_CLOSE 2
  263. //
  264. // Values for xx_subreason fields.
  265. //
  266. #define AE_LIM_UNKNOWN 0
  267. #define AE_LIM_LOGONHOURS 1
  268. #define AE_LIM_EXPIRED 2
  269. #define AE_LIM_INVAL_WKSTA 3
  270. #define AE_LIM_DISABLED 4
  271. #define AE_LIM_DELETED 5
  272. //
  273. // Values for xx_action fields
  274. //
  275. #define AE_MOD 0
  276. #define AE_DELETE 1
  277. #define AE_ADD 2
  278. //
  279. // Types of UAS record for um_rectype field
  280. //
  281. #define AE_UAS_USER 0
  282. #define AE_UAS_GROUP 1
  283. #define AE_UAS_MODALS 2
  284. //
  285. // Bitmasks for auditing events
  286. //
  287. // The parentheses around the hex constants broke h_to_inc
  288. // and have been purged from the face of the earth.
  289. //
  290. #define SVAUD_SERVICE 0x1
  291. #define SVAUD_GOODSESSLOGON 0x6
  292. #define SVAUD_BADSESSLOGON 0x18
  293. #define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)
  294. #define SVAUD_GOODNETLOGON 0x60
  295. #define SVAUD_BADNETLOGON 0x180
  296. #define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)
  297. #define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON)
  298. #define SVAUD_GOODUSE 0x600
  299. #define SVAUD_BADUSE 0x1800
  300. #define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE)
  301. #define SVAUD_USERLIST 0x2000
  302. #define SVAUD_PERMISSIONS 0x4000
  303. #define SVAUD_RESOURCE 0x8000
  304. #define SVAUD_LOGONLIM 0x00010000
  305. //
  306. // Resource access audit bitmasks.
  307. //
  308. #define AA_AUDIT_ALL 0x0001
  309. #define AA_A_OWNER 0x0004
  310. #define AA_CLOSE 0x0008
  311. #define AA_S_OPEN 0x0010
  312. #define AA_S_WRITE 0x0020
  313. #define AA_S_CREATE 0x0020
  314. #define AA_S_DELETE 0x0040
  315. #define AA_S_ACL 0x0080
  316. #define AA_S_ALL ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)
  317. #define AA_F_OPEN 0x0100
  318. #define AA_F_WRITE 0x0200
  319. #define AA_F_CREATE 0x0200
  320. #define AA_F_DELETE 0x0400
  321. #define AA_F_ACL 0x0800
  322. #define AA_F_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
  323. // Pinball-specific
  324. #define AA_A_OPEN 0x1000
  325. #define AA_A_WRITE 0x2000
  326. #define AA_A_CREATE 0x2000
  327. #define AA_A_DELETE 0x4000
  328. #define AA_A_ACL 0x8000
  329. #define AA_A_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
  330. #ifdef __cplusplus
  331. }
  332. #endif
  333. #endif // _LMAUDIT_