#include "idl_types.h"

/*
  eventlog interface definition
*/

import "lsa.idl", "security.idl";

[ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
  version(0.0),
  helpstring("Event Logger")
] interface eventlog
{
	typedef [bitmap32bit] bitmap {
		EVENTLOG_SEQUENTIAL_READ = 0x0001,
		EVENTLOG_SEEK_READ       = 0x0002,
		EVENTLOG_FORWARDS_READ   = 0x0004,
		EVENTLOG_BACKWARDS_READ  = 0x0008
	} eventlogReadFlags;

	typedef [public] enum {
		EVENTLOG_SUCCESS          = 0x0000,
		EVENTLOG_ERROR_TYPE       = 0x0001,
		EVENTLOG_WARNING_TYPE     = 0x0002,
		EVENTLOG_INFORMATION_TYPE = 0x0004,
		EVENTLOG_AUDIT_SUCCESS    = 0x0008,
		EVENTLOG_AUDIT_FAILURE    = 0x0010
	} eventlogEventTypes;

	typedef struct {
		uint16 unknown0;
		uint16 unknown1;
	} eventlog_OpenUnknown0;

	/* compat structure for samba3 on-disc eventlog format,
	   this is *NOT* used on the wire. - gd */

	typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
		uint32 size;
		[charset(DOS),value("eLfL")] uint8 reserved[4];
		uint32 record_number;
		time_t time_generated;
		time_t time_written;
		uint32 event_id;
		eventlogEventTypes event_type;
		[range(0,256)] uint16 num_of_strings;
		uint16 event_category;
		uint16 reserved_flags;
		uint32 closing_record_number;
		uint32 stringoffset;
		[value(sid.length)] uint32 sid_length;
		uint32 sid_offset;
		[value(data.length)] uint32 data_length;
		uint32 data_offset;
		[value(2*strlen_m_term(source_name))] uint32 source_name_len;
		nstring source_name;
		[value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
		nstring computer_name;
		uint32 sid_padding;
		DATA_BLOB sid;
		[value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
		nstring strings[num_of_strings];
		DATA_BLOB data;
		uint32 padding;
	} eventlog_Record_tdb;

	typedef [v1_enum] enum {
		ELF_LOGFILE_HEADER_DIRTY	= 0x0001,
		ELF_LOGFILE_HEADER_WRAP		= 0x0002,
		ELF_LOGFILE_LOGFULL_WRITTEN	= 0x0004,
		ELF_LOGFILE_ARCHIVE_SET		= 0x0008
	} EVENTLOG_HEADER_FLAGS;

	typedef [public] struct {
		[value(0x30)] uint32 HeaderSize;
		[charset(DOS),value("LfLe")] uint8 Signature[4];
		[value(1)] uint32 MajorVersion;
		[value(1)] uint32 MinorVersion;
		uint32 StartOffset;
		uint32 EndOffset;
		uint32 CurrentRecordNumber;
		uint32 OldestRecordNumber;
		uint32 MaxSize;
		EVENTLOG_HEADER_FLAGS Flags;
		uint32 Retention;
		[value(0x30)] uint32 EndHeaderSize;
	} EVENTLOGHEADER;

	typedef [public,gensize] struct {
		uint32 Length;
		[charset(DOS),value("LfLe")] uint8 Reserved[4];
		uint32 RecordNumber;
		time_t TimeGenerated;
		time_t TimeWritten;
		uint32 EventID;
		eventlogEventTypes EventType;
		uint16 NumStrings;
		uint16 EventCategory;
		uint16 ReservedFlags;
		uint32 ClosingRecordNumber;
		[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
		[value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
		[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
		uint32 DataLength;
		[value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
		nstring SourceName;
		nstring Computername;
		[flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
		nstring Strings[NumStrings];
		[flag(NDR_PAHEX)] uint8 Data[DataLength];
		astring Pad;
		[value(Length)] uint32 Length2;
	} EVENTLOGRECORD;

	typedef [public] struct {
		[value(0x28)] uint32 RecordSizeBeginning;
		[value(0x11111111)] uint32 One;
		[value(0x22222222)] uint32 Two;
		[value(0x33333333)] uint32 Three;
		[value(0x44444444)] uint32 Four;
		uint32 BeginRecord;
		uint32 EndRecord;
		uint32 CurrentRecordNumber;
		uint32 OldestRecordNumber;
		[value(0x28)] uint32 RecordSizeEnd;
	} EVENTLOGEOF;

	/* the following is true for a non-wrapped evt file (e.g. backups
	 * generated and viewed with eventvwr) */

	typedef [public] struct {
		EVENTLOGHEADER hdr;
		EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
		EVENTLOGEOF eof;
	} EVENTLOG_EVT_FILE;

	/******************/
	/* Function: 0x00 */
	NTSTATUS eventlog_ClearEventLogW(
		[in] policy_handle *handle,
		[in,unique] lsa_String *backupfile
	);

	/******************/
	/* Function: 0x01 */
	NTSTATUS eventlog_BackupEventLogW(
		[in] policy_handle *handle,
		[in,ref] lsa_String *backup_filename
		);

	/******************/
	/* Function: 0x02 */
	NTSTATUS eventlog_CloseEventLog(
		[in,out] policy_handle *handle
	);

	/******************/
	/* Function: 0x03 */
	NTSTATUS eventlog_DeregisterEventSource(
		[in,out] policy_handle *handle
		);

	/******************/
	/* Function: 0x04 */
	NTSTATUS eventlog_GetNumRecords(
		[in] policy_handle *handle,
		[out,ref] uint32 *number
	);

	/******************/
	/* Function: 0x05 */
	NTSTATUS eventlog_GetOldestRecord(
		[in] policy_handle *handle,
		[out,ref] uint32 *oldest_entry
	);

	/******************/
	/* Function: 0x06 */
	[todo] NTSTATUS eventlog_ChangeNotify();

	/******************/
	/* Function: 0x07 */
	NTSTATUS eventlog_OpenEventLogW(
		[in,unique]	    eventlog_OpenUnknown0 *unknown0,
		[in,ref]    lsa_String *logname,
		[in,ref]    lsa_String *servername,
		[in]	    uint32 major_version,
		[in]	    uint32 minor_version,
		[out]   policy_handle *handle
	);

	/******************/
	/* Function: 0x08 */
	NTSTATUS eventlog_RegisterEventSourceW(
		[in,unique] eventlog_OpenUnknown0 *unknown0,
		[in,ref] lsa_String *module_name,
		[in,ref] lsa_String *reg_module_name,
		[in] uint32 major_version,
		[in] uint32 minor_version,
		[out] policy_handle *log_handle
		);

	/******************/
	/* Function: 0x09 */
	NTSTATUS eventlog_OpenBackupEventLogW(
		[in,unique] eventlog_OpenUnknown0 *unknown0,
		[in,ref] lsa_String *backup_logname,
		[in] uint32 major_version,
		[in] uint32 minor_version,
		[out] policy_handle *handle
		);

	/******************/
	/* Function: 0x0a */
	NTSTATUS eventlog_ReadEventLogW(
		[in] policy_handle *handle,
		[in] eventlogReadFlags flags,
		[in] uint32 offset,
		[in] [range(0,0x7FFFF)] uint32 number_of_bytes,
		[out,ref,size_is(number_of_bytes)] uint8 *data,
		[out,ref] uint32 *sent_size,
		[out,ref] uint32 *real_size
	);

	/*****************/
	/* Function 0x0b */
	NTSTATUS eventlog_ReportEventW(
		[in] policy_handle *handle,
		[in] time_t timestamp,
		[in] eventlogEventTypes event_type,
		[in] uint16 event_category,
		[in] uint32 event_id,
		[in] [range(0,256)] uint16 num_of_strings,
		[in] [range(0,0x3FFFF)] uint32 data_size,
		[in,ref] lsa_String *servername,
		[in,unique] dom_sid *user_sid,
		[in,unique] [size_is(num_of_strings)] lsa_String **strings,
		[in,unique] [size_is(data_size)] uint8 *data,
		[in] uint16 flags,
		[in,out,unique] uint32 *record_number,
		[in,out,unique] time_t *time_written
		);

	/*****************/
	/* Function 0x0c */
	[todo] NTSTATUS eventlog_ClearEventLogA();
	
	/******************/
	/* Function: 0x0d */
	[todo] NTSTATUS eventlog_BackupEventLogA();

	/*****************/
	/* Function 0x0e */
	[todo] NTSTATUS eventlog_OpenEventLogA();

	/*****************/
	/* Function 0x0f */
	[todo] NTSTATUS eventlog_RegisterEventSourceA();

	/*****************/
	/* Function 0x10 */
	[todo] NTSTATUS eventlog_OpenBackupEventLogA();

	/*****************/
	/* Function 0x11 */
	[todo] NTSTATUS eventlog_ReadEventLogA();

	/*****************/
	/* Function 0x12 */
	[todo] NTSTATUS eventlog_ReportEventA();

	/*****************/
	/* Function 0x13 */
	[todo] NTSTATUS eventlog_RegisterClusterSvc();

	/*****************/
	/* Function 0x14 */
	[todo] NTSTATUS eventlog_DeregisterClusterSvc();

	/*****************/
	/* Function 0x15 */
	[todo] NTSTATUS eventlog_WriteClusterEvents();

	/*****************/
	/* Function 0x16 */

	typedef [public] struct {
		boolean32 full;
	} EVENTLOG_FULL_INFORMATION;

	NTSTATUS eventlog_GetLogInformation(
		[in] policy_handle *handle,
		[in] uint32 level,
		[out,ref] [size_is(buf_size)] uint8 *buffer,
		[in] [range(0,1024)] uint32 buf_size,
		[out,ref] uint32 *bytes_needed
		);

	/*****************/
	/* Function 0x17 */
	NTSTATUS eventlog_FlushEventLog(
		[in] policy_handle *handle
	);

	/*****************/
	/* Function 0x18 */
	NTSTATUS eventlog_ReportEventAndSourceW(
		[in] policy_handle *handle,
		[in] time_t timestamp,
		[in] eventlogEventTypes event_type,
		[in] uint16 event_category,
		[in] uint32 event_id,
		[in,ref] lsa_String *sourcename,
		[in] [range(0,256)] uint16 num_of_strings,
		[in] [range(0,0x3FFFF)] uint32 data_size,
		[in,ref] lsa_String *servername,
		[in,unique] dom_sid *user_sid,
		[in,unique] [size_is(num_of_strings)] lsa_String **strings,
		[in,unique] [size_is(data_size)] uint8 *data,
		[in] uint16 flags,
		[in,out,unique] uint32 *record_number,
		[in,out,unique] time_t *time_written
		);
}