mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
7f74f27d6c
Guenther
325 lines
8.6 KiB
Plaintext
325 lines
8.6 KiB
Plaintext
#include "idl_types.h"
|
|
|
|
/*
|
|
eventlog interface definition
|
|
*/
|
|
|
|
import "lsa.idl", "security.idl";
|
|
|
|
[ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
|
|
version(0.0),
|
|
helpstring("Event Logger")
|
|
] interface eventlog
|
|
{
|
|
typedef [bitmap32bit] bitmap {
|
|
EVENTLOG_SEQUENTIAL_READ = 0x0001,
|
|
EVENTLOG_SEEK_READ = 0x0002,
|
|
EVENTLOG_FORWARDS_READ = 0x0004,
|
|
EVENTLOG_BACKWARDS_READ = 0x0008
|
|
} eventlogReadFlags;
|
|
|
|
typedef [public] enum {
|
|
EVENTLOG_SUCCESS = 0x0000,
|
|
EVENTLOG_ERROR_TYPE = 0x0001,
|
|
EVENTLOG_WARNING_TYPE = 0x0002,
|
|
EVENTLOG_INFORMATION_TYPE = 0x0004,
|
|
EVENTLOG_AUDIT_SUCCESS = 0x0008,
|
|
EVENTLOG_AUDIT_FAILURE = 0x0010
|
|
} eventlogEventTypes;
|
|
|
|
typedef struct {
|
|
uint16 unknown0;
|
|
uint16 unknown1;
|
|
} eventlog_OpenUnknown0;
|
|
|
|
/* compat structure for samba3 on-disc eventlog format,
|
|
this is *NOT* used on the wire. - gd */
|
|
|
|
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
|
|
uint32 size;
|
|
[charset(DOS),value("eLfL")] uint8 reserved[4];
|
|
uint32 record_number;
|
|
time_t time_generated;
|
|
time_t time_written;
|
|
uint32 event_id;
|
|
eventlogEventTypes event_type;
|
|
[range(0,256)] uint16 num_of_strings;
|
|
uint16 event_category;
|
|
uint16 reserved_flags;
|
|
uint32 closing_record_number;
|
|
uint32 stringoffset;
|
|
[value(sid.length)] uint32 sid_length;
|
|
uint32 sid_offset;
|
|
[value(data.length)] uint32 data_length;
|
|
uint32 data_offset;
|
|
[value(2*strlen_m_term(source_name))] uint32 source_name_len;
|
|
nstring source_name;
|
|
[value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
|
|
nstring computer_name;
|
|
uint32 sid_padding;
|
|
DATA_BLOB sid;
|
|
[value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
|
|
nstring strings[num_of_strings];
|
|
DATA_BLOB data;
|
|
uint32 padding;
|
|
} eventlog_Record_tdb;
|
|
|
|
typedef [v1_enum] enum {
|
|
ELF_LOGFILE_HEADER_DIRTY = 0x0001,
|
|
ELF_LOGFILE_HEADER_WRAP = 0x0002,
|
|
ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
|
|
ELF_LOGFILE_ARCHIVE_SET = 0x0008
|
|
} EVENTLOG_HEADER_FLAGS;
|
|
|
|
typedef [public] struct {
|
|
[value(0x30)] uint32 HeaderSize;
|
|
[charset(DOS),value("LfLe")] uint8 Signature[4];
|
|
[value(1)] uint32 MajorVersion;
|
|
[value(1)] uint32 MinorVersion;
|
|
uint32 StartOffset;
|
|
uint32 EndOffset;
|
|
uint32 CurrentRecordNumber;
|
|
uint32 OldestRecordNumber;
|
|
uint32 MaxSize;
|
|
EVENTLOG_HEADER_FLAGS Flags;
|
|
uint32 Retention;
|
|
[value(0x30)] uint32 EndHeaderSize;
|
|
} EVENTLOGHEADER;
|
|
|
|
typedef [public,gensize] struct {
|
|
uint32 Length;
|
|
[charset(DOS),value("LfLe")] uint8 Reserved[4];
|
|
uint32 RecordNumber;
|
|
time_t TimeGenerated;
|
|
time_t TimeWritten;
|
|
uint32 EventID;
|
|
eventlogEventTypes EventType;
|
|
uint16 NumStrings;
|
|
uint16 EventCategory;
|
|
uint16 ReservedFlags;
|
|
uint32 ClosingRecordNumber;
|
|
[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
|
|
[value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
|
|
[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
|
|
uint32 DataLength;
|
|
[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
|
|
nstring SourceName;
|
|
nstring Computername;
|
|
[flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
|
|
nstring Strings[NumStrings];
|
|
[flag(NDR_PAHEX)] uint8 Data[DataLength];
|
|
astring Pad;
|
|
[value(Length)] uint32 Length2;
|
|
} EVENTLOGRECORD;
|
|
|
|
typedef [public] struct {
|
|
[value(0x28)] uint32 RecordSizeBeginning;
|
|
[value(0x11111111)] uint32 One;
|
|
[value(0x22222222)] uint32 Two;
|
|
[value(0x33333333)] uint32 Three;
|
|
[value(0x44444444)] uint32 Four;
|
|
uint32 BeginRecord;
|
|
uint32 EndRecord;
|
|
uint32 CurrentRecordNumber;
|
|
uint32 OldestRecordNumber;
|
|
[value(0x28)] uint32 RecordSizeEnd;
|
|
} EVENTLOGEOF;
|
|
|
|
/* the following is true for a non-wrapped evt file (e.g. backups
|
|
* generated and viewed with eventvwr) */
|
|
|
|
typedef [public] struct {
|
|
EVENTLOGHEADER hdr;
|
|
EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
|
|
EVENTLOGEOF eof;
|
|
} EVENTLOG_EVT_FILE;
|
|
|
|
/******************/
|
|
/* Function: 0x00 */
|
|
NTSTATUS eventlog_ClearEventLogW(
|
|
[in] policy_handle *handle,
|
|
[in,unique] lsa_String *backupfile
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x01 */
|
|
NTSTATUS eventlog_BackupEventLogW(
|
|
[in] policy_handle *handle,
|
|
[in,ref] lsa_String *backup_filename
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x02 */
|
|
NTSTATUS eventlog_CloseEventLog(
|
|
[in,out] policy_handle *handle
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x03 */
|
|
NTSTATUS eventlog_DeregisterEventSource(
|
|
[in,out] policy_handle *handle
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x04 */
|
|
NTSTATUS eventlog_GetNumRecords(
|
|
[in] policy_handle *handle,
|
|
[out,ref] uint32 *number
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x05 */
|
|
NTSTATUS eventlog_GetOldestRecord(
|
|
[in] policy_handle *handle,
|
|
[out,ref] uint32 *oldest_entry
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x06 */
|
|
[todo] NTSTATUS eventlog_ChangeNotify();
|
|
|
|
/******************/
|
|
/* Function: 0x07 */
|
|
NTSTATUS eventlog_OpenEventLogW(
|
|
[in,unique] eventlog_OpenUnknown0 *unknown0,
|
|
[in,ref] lsa_String *logname,
|
|
[in,ref] lsa_String *servername,
|
|
[in] uint32 major_version,
|
|
[in] uint32 minor_version,
|
|
[out] policy_handle *handle
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x08 */
|
|
NTSTATUS eventlog_RegisterEventSourceW(
|
|
[in,unique] eventlog_OpenUnknown0 *unknown0,
|
|
[in,ref] lsa_String *module_name,
|
|
[in,ref] lsa_String *reg_module_name,
|
|
[in] uint32 major_version,
|
|
[in] uint32 minor_version,
|
|
[out] policy_handle *log_handle
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x09 */
|
|
NTSTATUS eventlog_OpenBackupEventLogW(
|
|
[in,unique] eventlog_OpenUnknown0 *unknown0,
|
|
[in,ref] lsa_String *backup_logname,
|
|
[in] uint32 major_version,
|
|
[in] uint32 minor_version,
|
|
[out] policy_handle *handle
|
|
);
|
|
|
|
/******************/
|
|
/* Function: 0x0a */
|
|
NTSTATUS eventlog_ReadEventLogW(
|
|
[in] policy_handle *handle,
|
|
[in] eventlogReadFlags flags,
|
|
[in] uint32 offset,
|
|
[in] [range(0,0x7FFFF)] uint32 number_of_bytes,
|
|
[out,ref,size_is(number_of_bytes)] uint8 *data,
|
|
[out,ref] uint32 *sent_size,
|
|
[out,ref] uint32 *real_size
|
|
);
|
|
|
|
/*****************/
|
|
/* Function 0x0b */
|
|
NTSTATUS eventlog_ReportEventW(
|
|
[in] policy_handle *handle,
|
|
[in] time_t timestamp,
|
|
[in] eventlogEventTypes event_type,
|
|
[in] uint16 event_category,
|
|
[in] uint32 event_id,
|
|
[in] [range(0,256)] uint16 num_of_strings,
|
|
[in] [range(0,0x3FFFF)] uint32 data_size,
|
|
[in,ref] lsa_String *servername,
|
|
[in,unique] dom_sid *user_sid,
|
|
[in,unique] [size_is(num_of_strings)] lsa_String **strings,
|
|
[in,unique] [size_is(data_size)] uint8 *data,
|
|
[in] uint16 flags,
|
|
[in,out,unique] uint32 *record_number,
|
|
[in,out,unique] time_t *time_written
|
|
);
|
|
|
|
/*****************/
|
|
/* Function 0x0c */
|
|
[todo] NTSTATUS eventlog_ClearEventLogA();
|
|
|
|
/******************/
|
|
/* Function: 0x0d */
|
|
[todo] NTSTATUS eventlog_BackupEventLogA();
|
|
|
|
/*****************/
|
|
/* Function 0x0e */
|
|
[todo] NTSTATUS eventlog_OpenEventLogA();
|
|
|
|
/*****************/
|
|
/* Function 0x0f */
|
|
[todo] NTSTATUS eventlog_RegisterEventSourceA();
|
|
|
|
/*****************/
|
|
/* Function 0x10 */
|
|
[todo] NTSTATUS eventlog_OpenBackupEventLogA();
|
|
|
|
/*****************/
|
|
/* Function 0x11 */
|
|
[todo] NTSTATUS eventlog_ReadEventLogA();
|
|
|
|
/*****************/
|
|
/* Function 0x12 */
|
|
[todo] NTSTATUS eventlog_ReportEventA();
|
|
|
|
/*****************/
|
|
/* Function 0x13 */
|
|
[todo] NTSTATUS eventlog_RegisterClusterSvc();
|
|
|
|
/*****************/
|
|
/* Function 0x14 */
|
|
[todo] NTSTATUS eventlog_DeregisterClusterSvc();
|
|
|
|
/*****************/
|
|
/* Function 0x15 */
|
|
[todo] NTSTATUS eventlog_WriteClusterEvents();
|
|
|
|
/*****************/
|
|
/* Function 0x16 */
|
|
|
|
typedef [public] struct {
|
|
boolean32 full;
|
|
} EVENTLOG_FULL_INFORMATION;
|
|
|
|
NTSTATUS eventlog_GetLogInformation(
|
|
[in] policy_handle *handle,
|
|
[in] uint32 level,
|
|
[out,ref] [size_is(buf_size)] uint8 *buffer,
|
|
[in] [range(0,1024)] uint32 buf_size,
|
|
[out,ref] uint32 *bytes_needed
|
|
);
|
|
|
|
/*****************/
|
|
/* Function 0x17 */
|
|
NTSTATUS eventlog_FlushEventLog(
|
|
[in] policy_handle *handle
|
|
);
|
|
|
|
/*****************/
|
|
/* Function 0x18 */
|
|
NTSTATUS eventlog_ReportEventAndSourceW(
|
|
[in] policy_handle *handle,
|
|
[in] time_t timestamp,
|
|
[in] eventlogEventTypes event_type,
|
|
[in] uint16 event_category,
|
|
[in] uint32 event_id,
|
|
[in,ref] lsa_String *sourcename,
|
|
[in] [range(0,256)] uint16 num_of_strings,
|
|
[in] [range(0,0x3FFFF)] uint32 data_size,
|
|
[in,ref] lsa_String *servername,
|
|
[in,unique] dom_sid *user_sid,
|
|
[in,unique] [size_is(num_of_strings)] lsa_String **strings,
|
|
[in,unique] [size_is(data_size)] uint8 *data,
|
|
[in] uint16 flags,
|
|
[in,out,unique] uint32 *record_number,
|
|
[in,out,unique] time_t *time_written
|
|
);
|
|
}
|