samba-mirror/source3/include/rpc_eventlog.h

/* 
 *  Unix SMB/CIFS implementation.
 *  RPC Pipe client / server routines
 *  Copyright (C) Marcin Krzysztof Porwit    2005.
 *  
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, see <http://www.gnu.org/licenses/>.
 */
 
#ifndef _RPC_EVENTLOG_H		/* _RPC_EVENTLOG_H */
#define _RPC_EVENTLOG_H

/* opcodes */

#define EVENTLOG_CLEAREVENTLOG		0x00
#define EVENTLOG_CLOSEEVENTLOG		0x02
#define EVENTLOG_GETNUMRECORDS		0x04
#define EVENTLOG_GETOLDESTENTRY		0x05
#define EVENTLOG_OPENEVENTLOG		0x07
#define EVENTLOG_READEVENTLOG		0x0a

/* Eventlog read flags */
/* defined in librpc/gen_ndr/eventlog.h */

/* Event types */
/* defined in librpc/gen_ndr/eventlog.h */

/* Defines for TDB keys */
#define  EVT_OLDEST_ENTRY  "INFO/oldest_entry"
#define  EVT_NEXT_RECORD   "INFO/next_record"
#define  EVT_VERSION       "INFO/version"
#define  EVT_MAXSIZE       "INFO/maxsize"
#define  EVT_RETENTION     "INFO/retention"

#define ELOG_APPL	"Application"
#define ELOG_SYS	"System"
#define ELOG_SEC	"Security"

typedef struct elog_tdb {
	struct elog_tdb *prev, *next;
	char *name;
	TDB_CONTEXT *tdb;
	int ref_count;
} ELOG_TDB;

#define ELOG_TDB_CTX(x) ((x)->tdb)


#define  EVENTLOG_DATABASE_VERSION_V1    1

/***********************************/

typedef struct 
{
	POLICY_HND handle;
	uint32 flags;
	uint32 offset;
	uint32 max_read_size;
} EVENTLOG_Q_READ_EVENTLOG;

typedef struct {
	uint32 length;
	uint32 reserved1;
	uint32 record_number;
	uint32 time_generated;
	uint32 time_written;
	uint32 event_id;
	uint16 event_type;
	uint16 num_strings;
	uint16 event_category;
	uint16 reserved2;
	uint32 closing_record_number;
	uint32 string_offset;
	uint32 user_sid_length;
	uint32 user_sid_offset;
	uint32 data_length;
	uint32 data_offset;
} Eventlog_record;

typedef struct {
	uint32 source_name_len;
	smb_ucs2_t *source_name;
	uint32 computer_name_len;
	smb_ucs2_t *computer_name;
	uint32 sid_padding;
	smb_ucs2_t *sid;
	uint32 strings_len;
	smb_ucs2_t *strings;
	uint32 user_data_len;
	char *user_data;
	uint32 data_padding;
} Eventlog_data_record;

typedef struct eventlog_entry {
	Eventlog_record record;
	Eventlog_data_record data_record;
	uint8 *data;
	uint8 *end_of_data_padding;
	struct eventlog_entry *next;
} Eventlog_entry;
 
typedef struct {
	uint32 num_bytes_in_resp;
	uint32 bytes_in_next_record;
	uint32 num_records;
	Eventlog_entry *entry;
	uint8 *end_of_entries_padding;
	uint32 sent_size;
	uint32 real_size;
	NTSTATUS status;
} EVENTLOG_R_READ_EVENTLOG;

#endif /* _RPC_EVENTLOG_H */