00001 /* 00002 * Unix SMB/CIFS implementation. 00003 * RPC Pipe client / server routines 00004 * Copyright (C) Marcin Krzysztof Porwit 2005. 00005 * 00006 * This program is free software; you can redistribute it and/or modify 00007 * it under the terms of the GNU General Public License as published by 00008 * the Free Software Foundation; either version 2 of the License, or 00009 * (at your option) any later version. 00010 * 00011 * This program is distributed in the hope that it will be useful, 00012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00014 * GNU General Public License for more details. 00015 * 00016 * You should have received a copy of the GNU General Public License 00017 * along with this program; if not, write to the Free Software 00018 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 00019 */ 00020 00021 #ifndef _RPC_EVENTLOG_H /* _RPC_EVENTLOG_H */ 00022 #define _RPC_EVENTLOG_H 00023 00024 /* opcodes */ 00025 00026 #define EVENTLOG_CLEAREVENTLOG 0x00 00027 #define EVENTLOG_CLOSEEVENTLOG 0x02 00028 #define EVENTLOG_GETNUMRECORDS 0x04 00029 #define EVENTLOG_GETOLDESTENTRY 0x05 00030 #define EVENTLOG_OPENEVENTLOG 0x07 00031 #define EVENTLOG_READEVENTLOG 0x0a 00032 00033 /* Eventlog read flags */ 00034 00035 #define EVENTLOG_SEQUENTIAL_READ 0x0001 00036 #define EVENTLOG_SEEK_READ 0x0002 00037 #define EVENTLOG_FORWARDS_READ 0x0004 00038 #define EVENTLOG_BACKWARDS_READ 0x0008 00039 00040 /* Event types */ 00041 00042 #define EVENTLOG_SUCCESS 0x0000 00043 #define EVENTLOG_ERROR_TYPE 0x0001 00044 #define EVENTLOG_WARNING_TYPE 0x0002 00045 #define EVENTLOG_INFORMATION_TYPE 0x0004 00046 #define EVENTLOG_AUDIT_SUCCESS 0x0008 00047 #define EVENTLOG_AUDIT_FAILURE 0x0010 00048 00049 /* Defines for TDB keys */ 00050 #define EVT_OLDEST_ENTRY "INFO/oldest_entry" 00051 #define EVT_NEXT_RECORD "INFO/next_record" 00052 #define EVT_VERSION "INFO/version" 00053 #define EVT_MAXSIZE "INFO/maxsize" 00054 #define EVT_RETENTION "INFO/retention" 00055 00056 #define ELOG_APPL "Application" 00057 #define ELOG_SYS "System" 00058 #define ELOG_SEC "Security" 00059 00060 typedef struct elog_tdb { 00061 struct elog_tdb *prev, *next; 00062 char *name; 00063 TDB_CONTEXT *tdb; 00064 int ref_count; 00065 } ELOG_TDB; 00066 00067 #define ELOG_TDB_CTX(x) ((x)->tdb) 00068 00069 00070 #define EVENTLOG_DATABASE_VERSION_V1 1 00071 00072 /***********************************/ 00073 00074 typedef struct { 00075 uint16 unknown1; 00076 uint16 unknown2; 00077 } EVENTLOG_OPEN_UNKNOWN0; 00078 00079 typedef struct { 00080 EVENTLOG_OPEN_UNKNOWN0 *unknown0; 00081 UNISTR4 logname; 00082 UNISTR4 servername; 00083 uint32 unknown1; 00084 uint32 unknown2; 00085 } EVENTLOG_Q_OPEN_EVENTLOG; 00086 00087 typedef struct { 00088 POLICY_HND handle; 00089 NTSTATUS status; 00090 } EVENTLOG_R_OPEN_EVENTLOG; 00091 00092 00093 /***********************************/ 00094 00095 typedef struct { 00096 POLICY_HND handle; 00097 } EVENTLOG_Q_CLOSE_EVENTLOG; 00098 00099 typedef struct { 00100 POLICY_HND handle; 00101 NTSTATUS status; 00102 } EVENTLOG_R_CLOSE_EVENTLOG; 00103 00104 00105 /***********************************/ 00106 00107 typedef struct { 00108 POLICY_HND handle; 00109 } EVENTLOG_Q_GET_NUM_RECORDS; 00110 00111 typedef struct { 00112 uint32 num_records; 00113 NTSTATUS status; 00114 } EVENTLOG_R_GET_NUM_RECORDS; 00115 00116 00117 /***********************************/ 00118 00119 typedef struct { 00120 POLICY_HND handle; 00121 } EVENTLOG_Q_GET_OLDEST_ENTRY; 00122 00123 typedef struct { 00124 uint32 oldest_entry; 00125 NTSTATUS status; 00126 } EVENTLOG_R_GET_OLDEST_ENTRY; 00127 00128 00129 /***********************************/ 00130 00131 typedef struct 00132 { 00133 POLICY_HND handle; 00134 uint32 flags; 00135 uint32 offset; 00136 uint32 max_read_size; 00137 } EVENTLOG_Q_READ_EVENTLOG; 00138 00139 typedef struct { 00140 uint32 length; 00141 uint32 reserved1; 00142 uint32 record_number; 00143 uint32 time_generated; 00144 uint32 time_written; 00145 uint32 event_id; 00146 uint16 event_type; 00147 uint16 num_strings; 00148 uint16 event_category; 00149 uint16 reserved2; 00150 uint32 closing_record_number; 00151 uint32 string_offset; 00152 uint32 user_sid_length; 00153 uint32 user_sid_offset; 00154 uint32 data_length; 00155 uint32 data_offset; 00156 } Eventlog_record; 00157 00158 typedef struct { 00159 uint32 source_name_len; 00160 wpstring source_name; 00161 uint32 computer_name_len; 00162 wpstring computer_name; 00163 uint32 sid_padding; 00164 wpstring sid; 00165 uint32 strings_len; 00166 wpstring strings; 00167 uint32 user_data_len; 00168 pstring user_data; 00169 uint32 data_padding; 00170 } Eventlog_data_record; 00171 00172 typedef struct eventlog_entry { 00173 Eventlog_record record; 00174 Eventlog_data_record data_record; 00175 uint8 *data; 00176 uint8 *end_of_data_padding; 00177 struct eventlog_entry *next; 00178 } Eventlog_entry; 00179 00180 typedef struct { 00181 uint32 num_bytes_in_resp; 00182 uint32 bytes_in_next_record; 00183 uint32 num_records; 00184 Eventlog_entry *entry; 00185 uint8 *end_of_entries_padding; 00186 uint32 sent_size; 00187 uint32 real_size; 00188 NTSTATUS status; 00189 } EVENTLOG_R_READ_EVENTLOG; 00190 00191 00192 /***********************************/ 00193 00194 typedef struct { 00195 POLICY_HND handle; 00196 UNISTR4 backupfile; 00197 } EVENTLOG_Q_CLEAR_EVENTLOG; 00198 00199 typedef struct { 00200 NTSTATUS status; 00201 } EVENTLOG_R_CLEAR_EVENTLOG; 00202 00203 #endif /* _RPC_EVENTLOG_H */