summaryrefslogtreecommitdiff
path: root/source3/include/rpc_eventlog.h
blob: cc4d9fc62ded9a08fd3368cfd1a54d7fbaefd707 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
/* 
   Unix SMB/Netbios implementation.
   Version 1.9.
   Interface header: Scheduler service
   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
   Copyright (C) Andrew Tridgell 1992-1999
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#ifndef _RPC_EVENTLOG_H
#define _RPC_EVENTLOG_H

#define EVENTLOG_OPEN 0x07
#define EVENTLOG_CLOSE 0x02
#define EVENTLOG_NUMOFEVENTLOGRECORDS 0x04
#define EVENTLOG_READEVENTLOG	0x0a

#define EVENTLOG_READ_SEQUENTIAL	0x01
#define EVENTLOG_READ_SEEK		0x02
#define EVENTLOG_READ_FORWARD		0x04
#define EVENTLOG_READ_BACKWARD		0x08

#define EVENTLOG_OK			0X00
#define EVENTLOG_ERROR			0x01
#define EVENTLOG_WARNING		0x02
#define EVENTLOG_INFORMATION		0x04
#define EVENTLOG_AUDIT_OK		0x08
#define EVENTLOG_AUDIT_ERROR		0x10

typedef struct eventlogrecord
{
	uint32 size;
	uint32 reserved;
	uint32 recordnumber;
	uint32 creationtime;
	uint32 writetime;
	uint32 eventnumber;
	uint16 eventtype;
	uint16 num_of_strings;
	uint16 category;
	uint16 reserved_flag;
	uint32 closingrecord;
	uint32 stringoffset;
	uint32 sid_length;
	uint32 sid_offset;
	uint32 data_length;
	uint32 data_offset;
	UNISTR sourcename;
	UNISTR computername;
	UNISTR sid;
	UNISTR strings;
	UNISTR data;
	uint32 size2;	
} EVENTLOGRECORD;

typedef struct eventlog_q_open
{
	uint32 ptr0;

	uint16 unk0;
	uint16 unk1;
	uint16 unk2;
	uint16 unk3;

	uint32 ptr_source;	

	UNISTR2 source;
	
	uint32 unk4;
	uint32 unk5;
	uint32 unk6;
	uint32 unk7;
} EVENTLOG_Q_OPEN;

typedef struct eventlog_r_open
{
        POLICY_HND pol;
        uint32 status;
} EVENTLOG_R_OPEN;

typedef struct eventlog_q_close
{
        POLICY_HND pol;
} EVENTLOG_Q_CLOSE;

typedef struct eventlog_r_close
{
        POLICY_HND pol;
        uint32 status;
} EVENTLOG_R_CLOSE;

typedef struct eventlog_q_numofeventlogrec
{
        POLICY_HND pol;
} EVENTLOG_Q_NUMOFEVENTLOGREC;

typedef struct eventlog_r_numofeventlogrec
{
        uint32 number;
        uint32 status;
} EVENTLOG_R_NUMOFEVENTLOGREC;

typedef struct eventlog_q_readeventlog
{
        POLICY_HND pol;
	uint32 flags;
	uint32 offset;
	uint32 number_of_bytes;
} EVENTLOG_Q_READEVENTLOG;

typedef struct eventlog_r_readeventlog
{
	uint32 number_of_bytes;
	EVENTLOGRECORD *event;
	uint32 sent_size;
	uint32 real_size;
	uint32 status;
} EVENTLOG_R_READEVENTLOG;

#endif /* _RPC_EVENTLOG_H */