/*++ BUILD Version: 0003 // Increment this if a change has global effects Copyright (c) 1991-1993 Microsoft Corporation Module Name: lmaudit.h Abstract: This module defines the API function prototypes and data structures for the following groups of NT API functions: NetAudit Author: Dan Lafferty (danl) 29-Mar-1991 Environment: User Mode - Win32 Notes: You must include NETCONS.H before this file, since this file depends on values defined in NETCONS.H. Revision History: 28-Mar-1991 Danl Ported from LM2.0 and the LMNETAPI spec. 25-Apr-1991 DanHi Added define for HLOG used by both audit and error logs, surrounded by a protective ifdef. Changed ae_ss_status to ae_sv_status to match LanMan 12-Nov-1991 JohnRo AUDIT_ENTRY structure needs changes to prevent alignment/padding bugs. Added OPTIONAL keyword as applicable. Work toward UNICODE. 26-Oct-1992 JohnRo Correct typedef name for pointer to AE_SRVSTATUS. Added AE_LOCKOUT structure and typedef. --*/ #ifndef _LMAUDIT_ #define _LMAUDIT_ #ifdef __cplusplus extern "C" { #endif #ifndef _LMHLOGDEFINED_ #define _LMHLOGDEFINED_ typedef struct _HLOG { DWORD time; DWORD last_flags; DWORD offset; DWORD rec_offset; } HLOG, *PHLOG, *LPHLOG; #define LOGFLAGS_FORWARD 0 #define LOGFLAGS_BACKWARD 0x1 #define LOGFLAGS_SEEK 0x2 #endif // // Function Prototypes - Audit // NET_API_STATUS NET_API_FUNCTION NetAuditClear ( IN LPTSTR server OPTIONAL, IN LPTSTR backupfile OPTIONAL, IN LPTSTR service OPTIONAL // WARNING: buggy support before LM 2.0C!! ); NET_API_STATUS NET_API_FUNCTION NetAuditRead ( IN LPTSTR server OPTIONAL, IN LPTSTR service OPTIONAL, // WARNING: buggy support before LM 2.0C!! IN LPHLOG auditloghandle, IN DWORD offset, IN LPDWORD reserved1 OPTIONAL, IN DWORD reserved2, IN DWORD offsetflag, OUT LPBYTE *bufptr, IN DWORD prefmaxlen, OUT LPDWORD bytesread, OUT LPDWORD totalavailable ); NET_API_STATUS NET_API_FUNCTION NetAuditWrite ( IN DWORD type, IN LPBYTE buf, IN DWORD numbytes, IN LPTSTR service OPTIONAL, IN LPBYTE reserved OPTIONAL ); // // Data Structures - Audit // typedef struct _AUDIT_ENTRY { DWORD ae_len; DWORD ae_reserved; DWORD ae_time; DWORD ae_type; DWORD ae_data_offset; /* Offset from beginning address of audit_entry */ DWORD ae_data_size; // byte count of ae_data area (not incl pad). } AUDIT_ENTRY, *PAUDIT_ENTRY, *LPAUDIT_ENTRY; // BUGBUG: Temporary to let users ifdef on this struct layout. #define REVISED_AUDIT_ENTRY_STRUCT typedef struct _AE_SRVSTATUS { DWORD ae_sv_status; } AE_SRVSTATUS, *PAE_SRVSTATUS, *LPAE_SRVSTATUS; typedef struct _AE_SESSLOGON { DWORD ae_so_compname; DWORD ae_so_username; DWORD ae_so_privilege; } AE_SESSLOGON, *PAE_SESSLOGON, *LPAE_SESSLOGON; typedef struct _AE_SESSLOGOFF { DWORD ae_sf_compname; DWORD ae_sf_username; DWORD ae_sf_reason; } AE_SESSLOGOFF, *PAE_SESSLOGOFF, *LPAE_SESSLOGOFF; typedef struct _AE_SESSPWERR { DWORD ae_sp_compname; DWORD ae_sp_username; } AE_SESSPWERR, *PAE_SESSPWERR, *LPAE_SESSPWERR; typedef struct _AE_CONNSTART { DWORD ae_ct_compname; DWORD ae_ct_username; DWORD ae_ct_netname; DWORD ae_ct_connid; } AE_CONNSTART, *PAE_CONNSTART, *LPAE_CONNSTART; typedef struct _AE_CONNSTOP { DWORD ae_cp_compname; DWORD ae_cp_username; DWORD ae_cp_netname; DWORD ae_cp_connid; DWORD ae_cp_reason; } AE_CONNSTOP, *PAE_CONNSTOP, *LPAE_CONNSTOP; typedef struct _AE_CONNREJ { DWORD ae_cr_compname; DWORD ae_cr_username; DWORD ae_cr_netname; DWORD ae_cr_reason; } AE_CONNREJ, *PAE_CONNREJ, *LPAE_CONNREJ; typedef struct _AE_RESACCESS { DWORD ae_ra_compname; DWORD ae_ra_username; DWORD ae_ra_resname; DWORD ae_ra_operation; DWORD ae_ra_returncode; DWORD ae_ra_restype; DWORD ae_ra_fileid; } AE_RESACCESS, *PAE_RESACCESS, *LPAE_RESACCESS; typedef struct _AE_RESACCESSREJ { DWORD ae_rr_compname; DWORD ae_rr_username; DWORD ae_rr_resname; DWORD ae_rr_operation; } AE_RESACCESSREJ, *PAE_RESACCESSREJ, *LPAE_RESACCESSREJ; typedef struct _AE_CLOSEFILE { DWORD ae_cf_compname; DWORD ae_cf_username; DWORD ae_cf_resname; DWORD ae_cf_fileid; DWORD ae_cf_duration; DWORD ae_cf_reason; } AE_CLOSEFILE, *PAE_CLOSEFILE, *LPAE_CLOSEFILE; typedef struct _AE_SERVICESTAT { DWORD ae_ss_compname; DWORD ae_ss_username; DWORD ae_ss_svcname; DWORD ae_ss_status; DWORD ae_ss_code; DWORD ae_ss_text; DWORD ae_ss_returnval; } AE_SERVICESTAT, *PAE_SERVICESTAT, *LPAE_SERVICESTAT; typedef struct _AE_ACLMOD { DWORD ae_am_compname; DWORD ae_am_username; DWORD ae_am_resname; DWORD ae_am_action; DWORD ae_am_datalen; } AE_ACLMOD, *PAE_ACLMOD, *LPAE_ACLMOD; typedef struct _AE_UASMOD { DWORD ae_um_compname; DWORD ae_um_username; DWORD ae_um_resname; DWORD ae_um_rectype; DWORD ae_um_action; DWORD ae_um_datalen; } AE_UASMOD, *PAE_UASMOD, *LPAE_UASMOD; typedef struct _AE_NETLOGON { DWORD ae_no_compname; DWORD ae_no_username; DWORD ae_no_privilege; DWORD ae_no_authflags; } AE_NETLOGON, *PAE_NETLOGON, *LPAE_NETLOGON; typedef struct _AE_NETLOGOFF { DWORD ae_nf_compname; DWORD ae_nf_username; DWORD ae_nf_reserved1; DWORD ae_nf_reserved2; } AE_NETLOGOFF, *PAE_NETLOGOFF, *LPAE_NETLOGOFF; typedef struct _AE_ACCLIM { DWORD ae_al_compname; DWORD ae_al_username; DWORD ae_al_resname; DWORD ae_al_limit; } AE_ACCLIM, *PAE_ACCLIM, *LPAE_ACCLIM; #define ACTION_LOCKOUT 00 #define ACTION_ADMINUNLOCK 01 typedef struct _AE_LOCKOUT { DWORD ae_lk_compname; // Ptr to computername of client. DWORD ae_lk_username; // Ptr to username of client (NULL // if same as computername). DWORD ae_lk_action; // Action taken on account: // 0 means locked out, 1 means not. DWORD ae_lk_bad_pw_count; // Bad password count at the time // of lockout. } AE_LOCKOUT, *PAE_LOCKOUT, *LPAE_LOCKOUT; typedef struct _AE_GENERIC { DWORD ae_ge_msgfile; DWORD ae_ge_msgnum; DWORD ae_ge_params; DWORD ae_ge_param1; DWORD ae_ge_param2; DWORD ae_ge_param3; DWORD ae_ge_param4; DWORD ae_ge_param5; DWORD ae_ge_param6; DWORD ae_ge_param7; DWORD ae_ge_param8; DWORD ae_ge_param9; } AE_GENERIC, *PAE_GENERIC, *LPAE_GENERIC; // // Special Values and Constants - Audit // // // Audit entry types (field ae_type in audit_entry). // #define AE_SRVSTATUS 0 #define AE_SESSLOGON 1 #define AE_SESSLOGOFF 2 #define AE_SESSPWERR 3 #define AE_CONNSTART 4 #define AE_CONNSTOP 5 #define AE_CONNREJ 6 #define AE_RESACCESS 7 #define AE_RESACCESSREJ 8 #define AE_CLOSEFILE 9 #define AE_SERVICESTAT 11 #define AE_ACLMOD 12 #define AE_UASMOD 13 #define AE_NETLOGON 14 #define AE_NETLOGOFF 15 #define AE_NETLOGDENIED 16 #define AE_ACCLIMITEXCD 17 #define AE_RESACCESS2 18 #define AE_ACLMODFAIL 19 #define AE_LOCKOUT 20 #define AE_GENERIC_TYPE 21 // // Values for ae_ss_status field of ae_srvstatus. // #define AE_SRVSTART 0 #define AE_SRVPAUSED 1 #define AE_SRVCONT 2 #define AE_SRVSTOP 3 // // Values for ae_so_privilege field of ae_sesslogon. // #define AE_GUEST 0 #define AE_USER 1 #define AE_ADMIN 2 // // Values for various ae_XX_reason fields. // #define AE_NORMAL 0 #define AE_USERLIMIT 0 #define AE_GENERAL 0 #define AE_ERROR 1 #define AE_SESSDIS 1 #define AE_BADPW 1 #define AE_AUTODIS 2 #define AE_UNSHARE 2 #define AE_ADMINPRIVREQD 2 #define AE_ADMINDIS 3 #define AE_NOACCESSPERM 3 #define AE_ACCRESTRICT 4 #define AE_NORMAL_CLOSE 0 #define AE_SES_CLOSE 1 #define AE_ADMIN_CLOSE 2 // // Values for xx_subreason fields. // #define AE_LIM_UNKNOWN 0 #define AE_LIM_LOGONHOURS 1 #define AE_LIM_EXPIRED 2 #define AE_LIM_INVAL_WKSTA 3 #define AE_LIM_DISABLED 4 #define AE_LIM_DELETED 5 // // Values for xx_action fields // #define AE_MOD 0 #define AE_DELETE 1 #define AE_ADD 2 // // Types of UAS record for um_rectype field // #define AE_UAS_USER 0 #define AE_UAS_GROUP 1 #define AE_UAS_MODALS 2 // // Bitmasks for auditing events // // The parentheses around the hex constants broke h_to_inc // and have been purged from the face of the earth. // #define SVAUD_SERVICE 0x1 #define SVAUD_GOODSESSLOGON 0x6 #define SVAUD_BADSESSLOGON 0x18 #define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON) #define SVAUD_GOODNETLOGON 0x60 #define SVAUD_BADNETLOGON 0x180 #define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON) #define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON) #define SVAUD_GOODUSE 0x600 #define SVAUD_BADUSE 0x1800 #define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE) #define SVAUD_USERLIST 0x2000 #define SVAUD_PERMISSIONS 0x4000 #define SVAUD_RESOURCE 0x8000 #define SVAUD_LOGONLIM 0x00010000 // // Resource access audit bitmasks. // #define AA_AUDIT_ALL 0x0001 #define AA_A_OWNER 0x0004 #define AA_CLOSE 0x0008 #define AA_S_OPEN 0x0010 #define AA_S_WRITE 0x0020 #define AA_S_CREATE 0x0020 #define AA_S_DELETE 0x0040 #define AA_S_ACL 0x0080 #define AA_S_ALL ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL) #define AA_F_OPEN 0x0100 #define AA_F_WRITE 0x0200 #define AA_F_CREATE 0x0200 #define AA_F_DELETE 0x0400 #define AA_F_ACL 0x0800 #define AA_F_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL) // Pinball-specific #define AA_A_OPEN 0x1000 #define AA_A_WRITE 0x2000 #define AA_A_CREATE 0x2000 #define AA_A_DELETE 0x4000 #define AA_A_ACL 0x8000 #define AA_A_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL) #ifdef __cplusplus } #endif #endif // _LMAUDIT_