X-Git-Url: https://vcs.maemo.org/git/?a=blobdiff_plain;ds=sidebyside;f=source%2Finclude%2Frpc_eventlog.h;fp=source%2Finclude%2Frpc_eventlog.h;h=5bede97d1c9ca5886e8b736ac96cb3f19a729913;hb=6bca4ca307d55b6dc888e56cee47aebcddbce786;hp=0000000000000000000000000000000000000000;hpb=7fd70fa738b636089bcc6c961aa3eaa02f20dda2;p=samba diff --git a/source/include/rpc_eventlog.h b/source/include/rpc_eventlog.h new file mode 100644 index 0000000..5bede97 --- /dev/null +++ b/source/include/rpc_eventlog.h @@ -0,0 +1,203 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Marcin Krzysztof Porwit 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _RPC_EVENTLOG_H /* _RPC_EVENTLOG_H */ +#define _RPC_EVENTLOG_H + +/* opcodes */ + +#define EVENTLOG_CLEAREVENTLOG 0x00 +#define EVENTLOG_CLOSEEVENTLOG 0x02 +#define EVENTLOG_GETNUMRECORDS 0x04 +#define EVENTLOG_GETOLDESTENTRY 0x05 +#define EVENTLOG_OPENEVENTLOG 0x07 +#define EVENTLOG_READEVENTLOG 0x0a + +/* Eventlog read flags */ + +#define EVENTLOG_SEQUENTIAL_READ 0x0001 +#define EVENTLOG_SEEK_READ 0x0002 +#define EVENTLOG_FORWARDS_READ 0x0004 +#define EVENTLOG_BACKWARDS_READ 0x0008 + +/* Event types */ + +#define EVENTLOG_SUCCESS 0x0000 +#define EVENTLOG_ERROR_TYPE 0x0001 +#define EVENTLOG_WARNING_TYPE 0x0002 +#define EVENTLOG_INFORMATION_TYPE 0x0004 +#define EVENTLOG_AUDIT_SUCCESS 0x0008 +#define EVENTLOG_AUDIT_FAILURE 0x0010 + +/* Defines for TDB keys */ +#define EVT_OLDEST_ENTRY "INFO/oldest_entry" +#define EVT_NEXT_RECORD "INFO/next_record" +#define EVT_VERSION "INFO/version" +#define EVT_MAXSIZE "INFO/maxsize" +#define EVT_RETENTION "INFO/retention" + +#define ELOG_APPL "Application" +#define ELOG_SYS "System" +#define ELOG_SEC "Security" + +typedef struct elog_tdb { + struct elog_tdb *prev, *next; + char *name; + TDB_CONTEXT *tdb; + int ref_count; +} ELOG_TDB; + +#define ELOG_TDB_CTX(x) ((x)->tdb) + + +#define EVENTLOG_DATABASE_VERSION_V1 1 + +/***********************************/ + +typedef struct { + uint16 unknown1; + uint16 unknown2; +} EVENTLOG_OPEN_UNKNOWN0; + +typedef struct { + EVENTLOG_OPEN_UNKNOWN0 *unknown0; + UNISTR4 logname; + UNISTR4 servername; + uint32 unknown1; + uint32 unknown2; +} EVENTLOG_Q_OPEN_EVENTLOG; + +typedef struct { + POLICY_HND handle; + NTSTATUS status; +} EVENTLOG_R_OPEN_EVENTLOG; + + +/***********************************/ + +typedef struct { + POLICY_HND handle; +} EVENTLOG_Q_CLOSE_EVENTLOG; + +typedef struct { + POLICY_HND handle; + NTSTATUS status; +} EVENTLOG_R_CLOSE_EVENTLOG; + + +/***********************************/ + +typedef struct { + POLICY_HND handle; +} EVENTLOG_Q_GET_NUM_RECORDS; + +typedef struct { + uint32 num_records; + NTSTATUS status; +} EVENTLOG_R_GET_NUM_RECORDS; + + +/***********************************/ + +typedef struct { + POLICY_HND handle; +} EVENTLOG_Q_GET_OLDEST_ENTRY; + +typedef struct { + uint32 oldest_entry; + NTSTATUS status; +} EVENTLOG_R_GET_OLDEST_ENTRY; + + +/***********************************/ + +typedef struct +{ + POLICY_HND handle; + uint32 flags; + uint32 offset; + uint32 max_read_size; +} EVENTLOG_Q_READ_EVENTLOG; + +typedef struct { + uint32 length; + uint32 reserved1; + uint32 record_number; + uint32 time_generated; + uint32 time_written; + uint32 event_id; + uint16 event_type; + uint16 num_strings; + uint16 event_category; + uint16 reserved2; + uint32 closing_record_number; + uint32 string_offset; + uint32 user_sid_length; + uint32 user_sid_offset; + uint32 data_length; + uint32 data_offset; +} Eventlog_record; + +typedef struct { + uint32 source_name_len; + wpstring source_name; + uint32 computer_name_len; + wpstring computer_name; + uint32 sid_padding; + wpstring sid; + uint32 strings_len; + wpstring strings; + uint32 user_data_len; + pstring user_data; + uint32 data_padding; +} Eventlog_data_record; + +typedef struct eventlog_entry { + Eventlog_record record; + Eventlog_data_record data_record; + uint8 *data; + uint8 *end_of_data_padding; + struct eventlog_entry *next; +} Eventlog_entry; + +typedef struct { + uint32 num_bytes_in_resp; + uint32 bytes_in_next_record; + uint32 num_records; + Eventlog_entry *entry; + uint8 *end_of_entries_padding; + uint32 sent_size; + uint32 real_size; + NTSTATUS status; +} EVENTLOG_R_READ_EVENTLOG; + + +/***********************************/ + +typedef struct { + POLICY_HND handle; + UNISTR4 backupfile; +} EVENTLOG_Q_CLEAR_EVENTLOG; + +typedef struct { + NTSTATUS status; +} EVENTLOG_R_CLEAR_EVENTLOG; + +#endif /* _RPC_EVENTLOG_H */