From e611b132f9b8abe35b362e5870b74bce94a1e58e Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 16 May 2020 20:51:50 -0700 Subject: initial commit --- public/sdk/inc/lmaudit.h | 398 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 398 insertions(+) create mode 100644 public/sdk/inc/lmaudit.h (limited to 'public/sdk/inc/lmaudit.h') diff --git a/public/sdk/inc/lmaudit.h b/public/sdk/inc/lmaudit.h new file mode 100644 index 000000000..2641c4f42 --- /dev/null +++ b/public/sdk/inc/lmaudit.h @@ -0,0 +1,398 @@ +/*++ BUILD Version: 0003 // Increment this if a change has global effects + +Copyright (c) 1991-1996 Microsoft Corporation + +Module Name: + + lmaudit.h + +Abstract: + + This module defines the API function prototypes and data structures + for the following groups of NT API functions: + NetAudit + +Environment: + + User Mode - Win32 + +Notes: + + You must include NETCONS.H before this file, since this file depends + on values defined in NETCONS.H. + +--*/ + +#ifndef _LMAUDIT_ +#define _LMAUDIT_ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef _LMHLOGDEFINED_ +#define _LMHLOGDEFINED_ + +typedef struct _HLOG { + DWORD time; + DWORD last_flags; + DWORD offset; + DWORD rec_offset; +} HLOG, *PHLOG, *LPHLOG; + +#define LOGFLAGS_FORWARD 0 +#define LOGFLAGS_BACKWARD 0x1 +#define LOGFLAGS_SEEK 0x2 + +#endif + +// +// Function Prototypes - Audit +// + +NET_API_STATUS NET_API_FUNCTION +NetAuditClear ( + IN LPCWSTR server OPTIONAL, + IN LPCWSTR backupfile OPTIONAL, + IN LPCWSTR service OPTIONAL // WARNING: buggy support before LM 2.0C!! + ); + +NET_API_STATUS NET_API_FUNCTION +NetAuditRead ( + IN LPCWSTR server OPTIONAL, + IN LPCWSTR service OPTIONAL, // WARNING: buggy support before LM 2.0C!! + IN LPHLOG auditloghandle, + IN DWORD offset, + IN LPDWORD reserved1 OPTIONAL, + IN DWORD reserved2, + IN DWORD offsetflag, + OUT LPBYTE *bufptr, + IN DWORD prefmaxlen, + OUT LPDWORD bytesread, + OUT LPDWORD totalavailable + ); + +NET_API_STATUS NET_API_FUNCTION +NetAuditWrite ( + IN DWORD type, + IN LPBYTE buf, + IN DWORD numbytes, + IN LPCWSTR service OPTIONAL, + IN LPBYTE reserved OPTIONAL + ); + + +// +// Data Structures - Audit +// + +typedef struct _AUDIT_ENTRY { + DWORD ae_len; + DWORD ae_reserved; + DWORD ae_time; + DWORD ae_type; + DWORD ae_data_offset; /* Offset from beginning + address of audit_entry */ + DWORD ae_data_size; // byte count of ae_data area (not incl pad). +} AUDIT_ENTRY, *PAUDIT_ENTRY, *LPAUDIT_ENTRY; + +// BUGBUG: Temporary to let users ifdef on this struct layout. +#define REVISED_AUDIT_ENTRY_STRUCT + + +typedef struct _AE_SRVSTATUS { + DWORD ae_sv_status; +} AE_SRVSTATUS, *PAE_SRVSTATUS, *LPAE_SRVSTATUS; + +typedef struct _AE_SESSLOGON { + DWORD ae_so_compname; + DWORD ae_so_username; + DWORD ae_so_privilege; +} AE_SESSLOGON, *PAE_SESSLOGON, *LPAE_SESSLOGON; + +typedef struct _AE_SESSLOGOFF { + DWORD ae_sf_compname; + DWORD ae_sf_username; + DWORD ae_sf_reason; +} AE_SESSLOGOFF, *PAE_SESSLOGOFF, *LPAE_SESSLOGOFF; + +typedef struct _AE_SESSPWERR { + DWORD ae_sp_compname; + DWORD ae_sp_username; +} AE_SESSPWERR, *PAE_SESSPWERR, *LPAE_SESSPWERR; + +typedef struct _AE_CONNSTART { + DWORD ae_ct_compname; + DWORD ae_ct_username; + DWORD ae_ct_netname; + DWORD ae_ct_connid; +} AE_CONNSTART, *PAE_CONNSTART, *LPAE_CONNSTART; + +typedef struct _AE_CONNSTOP { + DWORD ae_cp_compname; + DWORD ae_cp_username; + DWORD ae_cp_netname; + DWORD ae_cp_connid; + DWORD ae_cp_reason; +} AE_CONNSTOP, *PAE_CONNSTOP, *LPAE_CONNSTOP; + +typedef struct _AE_CONNREJ { + DWORD ae_cr_compname; + DWORD ae_cr_username; + DWORD ae_cr_netname; + DWORD ae_cr_reason; +} AE_CONNREJ, *PAE_CONNREJ, *LPAE_CONNREJ; + +typedef struct _AE_RESACCESS { + DWORD ae_ra_compname; + DWORD ae_ra_username; + DWORD ae_ra_resname; + DWORD ae_ra_operation; + DWORD ae_ra_returncode; + DWORD ae_ra_restype; + DWORD ae_ra_fileid; +} AE_RESACCESS, *PAE_RESACCESS, *LPAE_RESACCESS; + +typedef struct _AE_RESACCESSREJ { + DWORD ae_rr_compname; + DWORD ae_rr_username; + DWORD ae_rr_resname; + DWORD ae_rr_operation; +} AE_RESACCESSREJ, *PAE_RESACCESSREJ, *LPAE_RESACCESSREJ; + +typedef struct _AE_CLOSEFILE { + DWORD ae_cf_compname; + DWORD ae_cf_username; + DWORD ae_cf_resname; + DWORD ae_cf_fileid; + DWORD ae_cf_duration; + DWORD ae_cf_reason; +} AE_CLOSEFILE, *PAE_CLOSEFILE, *LPAE_CLOSEFILE; + +typedef struct _AE_SERVICESTAT { + DWORD ae_ss_compname; + DWORD ae_ss_username; + DWORD ae_ss_svcname; + DWORD ae_ss_status; + DWORD ae_ss_code; + DWORD ae_ss_text; + DWORD ae_ss_returnval; +} AE_SERVICESTAT, *PAE_SERVICESTAT, *LPAE_SERVICESTAT; + +typedef struct _AE_ACLMOD { + DWORD ae_am_compname; + DWORD ae_am_username; + DWORD ae_am_resname; + DWORD ae_am_action; + DWORD ae_am_datalen; +} AE_ACLMOD, *PAE_ACLMOD, *LPAE_ACLMOD; + +typedef struct _AE_UASMOD { + DWORD ae_um_compname; + DWORD ae_um_username; + DWORD ae_um_resname; + DWORD ae_um_rectype; + DWORD ae_um_action; + DWORD ae_um_datalen; +} AE_UASMOD, *PAE_UASMOD, *LPAE_UASMOD; + +typedef struct _AE_NETLOGON { + DWORD ae_no_compname; + DWORD ae_no_username; + DWORD ae_no_privilege; + DWORD ae_no_authflags; +} AE_NETLOGON, *PAE_NETLOGON, *LPAE_NETLOGON; + +typedef struct _AE_NETLOGOFF { + DWORD ae_nf_compname; + DWORD ae_nf_username; + DWORD ae_nf_reserved1; + DWORD ae_nf_reserved2; +} AE_NETLOGOFF, *PAE_NETLOGOFF, *LPAE_NETLOGOFF; + +typedef struct _AE_ACCLIM { + DWORD ae_al_compname; + DWORD ae_al_username; + DWORD ae_al_resname; + DWORD ae_al_limit; +} AE_ACCLIM, *PAE_ACCLIM, *LPAE_ACCLIM; + +#define ACTION_LOCKOUT 00 +#define ACTION_ADMINUNLOCK 01 + +typedef struct _AE_LOCKOUT { + DWORD ae_lk_compname; // Ptr to computername of client. + DWORD ae_lk_username; // Ptr to username of client (NULL + // if same as computername). + DWORD ae_lk_action; // Action taken on account: + // 0 means locked out, 1 means not. + DWORD ae_lk_bad_pw_count; // Bad password count at the time + // of lockout. +} AE_LOCKOUT, *PAE_LOCKOUT, *LPAE_LOCKOUT; + +typedef struct _AE_GENERIC { + DWORD ae_ge_msgfile; + DWORD ae_ge_msgnum; + DWORD ae_ge_params; + DWORD ae_ge_param1; + DWORD ae_ge_param2; + DWORD ae_ge_param3; + DWORD ae_ge_param4; + DWORD ae_ge_param5; + DWORD ae_ge_param6; + DWORD ae_ge_param7; + DWORD ae_ge_param8; + DWORD ae_ge_param9; +} AE_GENERIC, *PAE_GENERIC, *LPAE_GENERIC; + +// +// Special Values and Constants - Audit +// + +// +// Audit entry types (field ae_type in audit_entry). +// + +#define AE_SRVSTATUS 0 +#define AE_SESSLOGON 1 +#define AE_SESSLOGOFF 2 +#define AE_SESSPWERR 3 +#define AE_CONNSTART 4 +#define AE_CONNSTOP 5 +#define AE_CONNREJ 6 +#define AE_RESACCESS 7 +#define AE_RESACCESSREJ 8 +#define AE_CLOSEFILE 9 +#define AE_SERVICESTAT 11 +#define AE_ACLMOD 12 +#define AE_UASMOD 13 +#define AE_NETLOGON 14 +#define AE_NETLOGOFF 15 +#define AE_NETLOGDENIED 16 +#define AE_ACCLIMITEXCD 17 +#define AE_RESACCESS2 18 +#define AE_ACLMODFAIL 19 +#define AE_LOCKOUT 20 +#define AE_GENERIC_TYPE 21 +// +// Values for ae_ss_status field of ae_srvstatus. +// + +#define AE_SRVSTART 0 +#define AE_SRVPAUSED 1 +#define AE_SRVCONT 2 +#define AE_SRVSTOP 3 + +// +// Values for ae_so_privilege field of ae_sesslogon. +// + +#define AE_GUEST 0 +#define AE_USER 1 +#define AE_ADMIN 2 + +// +// Values for various ae_XX_reason fields. +// + +#define AE_NORMAL 0 +#define AE_USERLIMIT 0 +#define AE_GENERAL 0 +#define AE_ERROR 1 +#define AE_SESSDIS 1 +#define AE_BADPW 1 +#define AE_AUTODIS 2 +#define AE_UNSHARE 2 +#define AE_ADMINPRIVREQD 2 +#define AE_ADMINDIS 3 +#define AE_NOACCESSPERM 3 +#define AE_ACCRESTRICT 4 + +#define AE_NORMAL_CLOSE 0 +#define AE_SES_CLOSE 1 +#define AE_ADMIN_CLOSE 2 + +// +// Values for xx_subreason fields. +// + +#define AE_LIM_UNKNOWN 0 +#define AE_LIM_LOGONHOURS 1 +#define AE_LIM_EXPIRED 2 +#define AE_LIM_INVAL_WKSTA 3 +#define AE_LIM_DISABLED 4 +#define AE_LIM_DELETED 5 + +// +// Values for xx_action fields +// + +#define AE_MOD 0 +#define AE_DELETE 1 +#define AE_ADD 2 + +// +// Types of UAS record for um_rectype field +// + +#define AE_UAS_USER 0 +#define AE_UAS_GROUP 1 +#define AE_UAS_MODALS 2 + +// +// Bitmasks for auditing events +// +// The parentheses around the hex constants broke h_to_inc +// and have been purged from the face of the earth. +// + +#define SVAUD_SERVICE 0x1 +#define SVAUD_GOODSESSLOGON 0x6 +#define SVAUD_BADSESSLOGON 0x18 +#define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON) +#define SVAUD_GOODNETLOGON 0x60 +#define SVAUD_BADNETLOGON 0x180 +#define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON) +#define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON) +#define SVAUD_GOODUSE 0x600 +#define SVAUD_BADUSE 0x1800 +#define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE) +#define SVAUD_USERLIST 0x2000 +#define SVAUD_PERMISSIONS 0x4000 +#define SVAUD_RESOURCE 0x8000 +#define SVAUD_LOGONLIM 0x00010000 + +// +// Resource access audit bitmasks. +// + +#define AA_AUDIT_ALL 0x0001 +#define AA_A_OWNER 0x0004 +#define AA_CLOSE 0x0008 +#define AA_S_OPEN 0x0010 +#define AA_S_WRITE 0x0020 +#define AA_S_CREATE 0x0020 +#define AA_S_DELETE 0x0040 +#define AA_S_ACL 0x0080 +#define AA_S_ALL ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL) +#define AA_F_OPEN 0x0100 +#define AA_F_WRITE 0x0200 +#define AA_F_CREATE 0x0200 +#define AA_F_DELETE 0x0400 +#define AA_F_ACL 0x0800 +#define AA_F_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL) + +// Pinball-specific +#define AA_A_OPEN 0x1000 +#define AA_A_WRITE 0x2000 +#define AA_A_CREATE 0x2000 +#define AA_A_DELETE 0x4000 +#define AA_A_ACL 0x8000 +#define AA_A_ALL ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL) + + +#ifdef __cplusplus +} +#endif + +#endif // _LMAUDIT_ -- cgit v1.2.3