mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
312 lines
6.7 KiB
312 lines
6.7 KiB
//*********************************************
|
|
// *** Active Directory Service Provider: KDC
|
|
//*********************************************
|
|
#pragma classflags("forceupdate")
|
|
#pragma namespace ("\\\\.\\Root\\WMI")
|
|
|
|
[Dynamic,
|
|
Description("Active Directory: Kerberos") : amended,
|
|
Guid("{bba3add2-c229-4cdb-ae2b-57eb6966b0c4}"),
|
|
locale("MS\\0x409")]
|
|
class MSKerbTrace :EventTrace
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Logon User Handler") : amended,
|
|
Guid("{8a3b8d86-db1e-47a9-9264-146e097b3c64}"),
|
|
DisplayName("KerbLogonUser"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbLogonUser:MSKerbTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Logon User Handler") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbLogonUser_Start:KerbLogonUser
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Logon User Handler") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbLogonUser_End:KerbLogonUser
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
[WmiDataId(2),
|
|
Description("Logon Type") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string LogonType;
|
|
[WmiDataId(3),
|
|
Description("User Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string UserName;
|
|
[WmiDataId(4),
|
|
Description("Logon Domain") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string LogonDomain;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Initialize Security Context Handler") : amended,
|
|
Guid("{52e82f1a-7cd4-47ed-b5e5-fde7bf64cea6}"),
|
|
DisplayName("KerbInitSecurityContext"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbInitSecurityContext:MSKerbTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Initialize Security Context Handler") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbInitSecurityContext_Start:KerbInitSecurityContext
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Initialize Security Context Handler") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbInitSecurityContext_End:KerbInitSecurityContext
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
[WmiDataId(2),
|
|
Description("Credentials Source") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string CredSource;
|
|
[WmiDataId(3),
|
|
Description("Domain Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string DomainName;
|
|
[WmiDataId(4),
|
|
Description("User Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string UserName;
|
|
[WmiDataId(5),
|
|
Description("Target") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string Target;
|
|
[WmiDataId(6),
|
|
Description("Extended Error Code") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 ExtError;
|
|
[WmiDataId(7),
|
|
Description("Extended Error klininfo") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 klininfo;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Accept Security Context Handler") : amended,
|
|
Guid("{94acefe3-9e56-49e3-9895-7240a231c371}"),
|
|
DisplayName("KerbAcceptSecurityContext"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbAcceptSecurityContext:MSKerbTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Accept Security Context Handler") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbAcceptSecurityContext_Start:KerbAcceptSecurityContext
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Accept Security Context Handler") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbAcceptSecurityContext_End:KerbAcceptSecurityContext
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
[WmiDataId(2),
|
|
Description("Credentials Source") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string CredSource;
|
|
[WmiDataId(3),
|
|
Description("Domain Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string DomainName;
|
|
[WmiDataId(4),
|
|
Description("User Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string UserName;
|
|
[WmiDataId(5),
|
|
Description("Target") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string Target;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Set Password") : amended,
|
|
Guid("{94c79108-b23b-4418-9b7f-e6d75a3a0ab2}"),
|
|
DisplayName("KerbSetPassword"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbSetPassword:MSKerbTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Set Password") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbSetPassword_Start:KerbSetPassword
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Set Password") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbSetPassword_End:KerbSetPassword
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
[WmiDataId(2),
|
|
Description("Account Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string AccountName;
|
|
[WmiDataId(3),
|
|
Description("Account Realm") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string AccountRealm;
|
|
[WmiDataId(4),
|
|
Description("Client Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string ClientName;
|
|
[WmiDataId(5),
|
|
Description("Client Realm") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string ClientRealm;
|
|
[WmiDataId(6),
|
|
Description("KDC Address") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string KdcAddress;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Change Password") : amended,
|
|
Guid("{c55e606b-334a-488b-b907-384abaa97b04}"),
|
|
DisplayName("KerbChangePassword"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbChangePassword:MSKerbTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Change Password") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbChangePassword_Start:KerbChangePassword
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("Kerberos Change Password") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class KerbChangePassword_End:KerbChangePassword
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
[WmiDataId(2),
|
|
Description("Account Name") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string AccountName;
|
|
[WmiDataId(3),
|
|
Description("Account Realm") : amended,
|
|
StringTermination("Counted"),
|
|
format("w"),
|
|
read]
|
|
string DomainName;
|
|
};
|
|
|