Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
adt.h
Abstract:
Auditing - Defines, Fuction Prototypes and Macro Functions. These are public to the Security Component only.
Author:
Scott Birrell (ScottBi) January 17, 1991
Environment:
Revision History:
--*/
#include <ntlsa.h>
//////////////////////////////////////////////////////////////////////////////
// //
// Auditing Routines visible to rest of Security Component outside Auditing //
// subcomponent. //
// //
//////////////////////////////////////////////////////////////////////////////
/*++
BOOLEANSepAdtEventOnSuccess( IN POLICY_AUDIT_EVENT_TYPE AuditEventType )
Routine Description:
This macro function checks if a given Audit Event Type is enabled for Auditing of successful occurrences of the Event.
Arguments:
AuditEventType - Specifies the type of the Audit Event to be checked.
Return Value:
BOOLEAN - TRUE if the event type is enabled for auditing of successful occurrences of the event, else FALSE--*/
#define SepAdtEventOnSuccess(AuditEventType) \
(SepAdtState.EventAuditingOptions[AuditEventType] & \ POLICY_AUDIT_EVENT_SUCCESS)
/*++
BOOLEANSepAdtEventOnFailure( IN POLICY_AUDIT_EVENT_TYPE AuditEventType )
Routine Description:
This macro function checks if a given Audit Event Type is enabled for Auditing of unsuccessful attempts to cause an event of the given type to occur.
Arguments:
AuditEventType - Specifies the type of the Audit Event to be checked.
Return Value:
BOOLEAN - TRUE if the event type is enabled for auditing of unsuccessful attempts to make the event type occur, else FALSE--*/
#define SepAdtEventOnFailure(AuditEventType) \
(SepAdtState.EventAuditingOptions[AuditEventType] & \ POLICY_AUDIT_EVENT_FAILURE)
/*++
BOOLEANSepAdtAuditingEvent( IN POLICY_AUDIT_EVENT_TYPE AuditEventType )
Routine Description:
This macro function checks if a given Audit Event Type is enabled for Auditing.
Arguments:
AuditEventType - Specifies the type of the Audit Event to be checked.
Return Value:
BOOLEAN - TRUE if the event type is enabled for auditing, else FALSE.
--*/
#define SepAdtAuditingEvent(AuditEventType) \
(SepAdtEventOnSuccess(AuditEventType) || \ (SepAdtEventOnFailure(AuditEventType))
/*++
BOOLEANSepAdtAuditingEnabled()
Routine Description:
This macro function tests if auditing is enabled.
Arguments:
None.
Return Value:
BOOLEAN - TRUE if auditing is enabled, else FALSE
--*/
#define SepAdtAuditingEnabled() (SepAdtState.AuditingMode == TRUE)
/*++
BOOLEANSepAdtAuditingDisabled()
Routine Description:
This macro function tests if auditing is disabled.
Arguments:
None.
Return Value:
BOOLEAN - TRUE if auditing is disabled, else FALSE
--*/
#define SepAdtAuditingDisabled() (!SepAdtAuditingEnabled)
//
// Audit Event Information array. Although internal to the Auditing
// Subcomponent, this structure is exported to all of Security so that the
// above macro functions can be used to access it efficiently from there.
//
//extern POLICY_AUDIT_EVENTS_INFO SepAdtState;
BOOLEANSepAdtInitializePhase0();
BOOLEANSepAdtInitializePhase1();
//VOID
//SepAdtLogAuditRecord(
// IN POLICY_AUDIT_EVENT_TYPE AuditEventType,
// IN PVOID AuditInformation
// );
VOIDSepAdtLogAuditRecord( IN PSE_ADT_PARAMETER_ARRAY AuditParameters );
NTSTATUSSepAdtCopyToLsaSharedMemory( IN HANDLE LsaProcessHandle, IN PVOID Buffer, IN ULONG BufferLength, OUT PVOID *LsaBufferAddress );
|
