home *** CD-ROM | disk | FTP | other *** search

---

/ OS/2 Shareware BBS: 10 Tools / 10-Tools.zip / warphead.zip / H / AUDIT.H

< prev

next >

Wrap

C/C++ Source or Header  |  1997-09-05  |  22KB  |  516 lines

---

1. /**************************************************************************/
2. /*                                                                        */
3. /*              IBM OS/2(tm) File and Print Client Services               */
4. /* (c) Copyright International Business Machines Corporation, 1988, 1996  */
5. /*                                                                        */
6. /**************************************************************************/
7. /********************************************************************/
8.  
9.  
10.  
11. /********************************************************************
12.  *                                                                  *
13.  *  About this file ...  AUDIT.H                                    *
14.  *                                                                  *
15.  *  This file contains information about the NetAudit APIs.         *
16.  *                                                                  *
17.  *      Function prototypes.                                        *
18.  *                                                                  *
19.  *      Data structure templates.                                   *
20.  *                                                                  *
21.  *      Definition of special values.                               *
22.  *                                                                  *
23.  *                                                                  *
24.  *  NOTE:  You must include NETCONS.H before this file, since this  *
25.  *         file depends on values defined in NETCONS.H.             *
26.  *                                                                  *
27.  ********************************************************************/
28.  
29.  
30.  
31. #ifndef NETAUDIT_INCLUDED
32.  
33. #define NETAUDIT_INCLUDED
34.  
35. #ifdef ANY_32_BIT
36. #pragma pack(1)
37. #endif
38.  
39. /****************************************************************
40.  *                                                              *
41.  *              Data Structures for LogRead                     *
42.  *                                                              *
43.  ****************************************************************/
44.  
45. #ifndef LOGFLAGS_FORWARD
46.  
47. typedef struct loghandle
48.     {
49.         unsigned long   time;           /* Timestamp of first record */
50.         unsigned long   last_flags;     /* Last call's flags */
51.         unsigned long   offset;         /* Current offset in log */
52.         unsigned long   rec_offset;     /* Current record offset in log */
53.     }   HLOG;
54.  
55.  
56. #define LOGFLAGS_FORWARD        0
57. #define LOGFLAGS_BACKWARD       0x1
58. #define LOGFLAGS_SEEK           0x2
59.  
60. #endif
61.  
62.  
63. /****************************************************************
64.  *                                                              *
65.  *              Function prototypes                             *
66.  *                                                              *
67.  ****************************************************************/
68.  
69.  
70.  
71. extern API_FUNCTION
72.   NetAuditClear ( const unsigned char LSFAR * pszServer,
73.                   const unsigned char LSFAR * pszBackupFile,
74.                   unsigned char LSFAR *       pszReserved );
75.  
76. extern API_FUNCTION
77.   NetAuditOpen ( const unsigned char LSFAR * pszServer,
78.                  unsigned LSINT      LSFAR * phAuditLog,
79.                  unsigned char       LSFAR * pszReserved );
80.  
81. extern API_FUNCTION
82.   NetAuditRead ( const unsigned char LSFAR * pszServer,
83.                  const unsigned char LSFAR * pszReserved1,
84.                  HLOG LSFAR *                phAuditLog,
85.                  unsigned long               ulOffset,
86.                  unsigned short LSFAR      * pusReserved2,
87.                  unsigned long               ulReserved3,
88.                  unsigned long               flOffset,
89.                  unsigned char LSFAR *       pbBuffer,
90.                  unsigned short              cbBuffer,
91.                  unsigned short LSFAR      * pcbReturned,
92.                  unsigned short LSFAR      * pcbTotalAvail );
93.  
94.  
95. extern API_FUNCTION
96.   NetAuditWrite ( unsigned short              usType,
97.                   const unsigned char LSFAR * pbBuffer,
98.                   unsigned short              cbBuffer,
99.                   unsigned char LSFAR *       pszReserved1,
100.                   unsigned char LSFAR *       pszReserved2 );
101.  
102.  
103. /****************************************************************
104.  *                                                              *
105.  *              Data structure templates                        *
106.  *                                                              *
107.  ****************************************************************/
108.  
109. /*
110.  *   General audit_entry information.  For each type of entry,
111.  *   there may be additional information.  This is found at an
112.  *   offset of "ae_data_offset" from the start of the audit_entry
113.  *   structure.
114.  *
115.  *   Note that at the very end of each record is a word (unsigned
116.  *   short) that is the length of the record, the same value as
117.  *   found in ae_len.  This length includes the whole record, including
118.  *   the trailing length word.  This allows scanning backward.
119.  */
120.  
121. struct audit_entry {
122.         unsigned short      ae_len;         /* length of record */
123.         unsigned short      ae_reserved;
124.         unsigned long       ae_time;        /* time of entry    */
125.         unsigned short      ae_type;        /* type of entry    */
126.         unsigned short      ae_data_offset; /* offset to ae_data */
127. };      /* audit_entry */
128.  
129. /*
130.  *      The following structures represent the layout of the data area
131.  *      of specific audit entry types.  This is the information found
132.  *      at an offset of "ae_data_offset" from the start of the record.
133.  *      This will usually immediately follow the audit_entry structure,
134.  *      but DO NOT ASSUME THIS. Use the ae_data_offset value.
135.  *
136.  *      Some of these fields are offsets of the start of a text string.
137.  *      The offset is from the start of the data area (i.e. the position
138.  *      identified by ae_data_offset), NOT from the start of the whole
139.  *      entry.  This data will appear as ASCIIZ strings, usually in the
140.  *      area following the defined structure.
141.  */
142.  
143.                                         /* Server status record */
144. struct ae_srvstatus {
145.  
146.     unsigned short    ae_sv_status;
147.                                         /* AE_SRVSTART, AE_SRVPAUSED, */
148.                                         /*  AE_SRVCONT, AE_SRVSTOP    */
149. };      /* ae_srvstatus */
150.  
151. struct ae_sesslogon {
152.     unsigned short    ae_so_compname;   /* ptr to computername of client    */
153.     unsigned short    ae_so_username;   /* ptr to username of client (NULL  */
154.                                         /*  if same as computername)        */
155.     unsigned short    ae_so_privilege;  /* AE_GUEST, AE_USER, AE_ADMIN      */
156. };      /* ae_sesslogon */
157.  
158. struct ae_sesslogoff {
159.     unsigned short    ae_sf_compname;   /* ptr to computername of client    */
160.     unsigned short    ae_sf_username;   /* ptr to username of client (NULL  */
161.                                         /*  if same as computername)        */
162.     unsigned short    ae_sf_reason;     /* AE_NORMAL, AE_ERROR, AE_AUTODIS, */
163.                                         /*  AE_ADMINDIS                     */
164. };      /* ae_sesslogoff */
165.  
166. struct ae_sesspwerr {
167.     unsigned short    ae_sp_compname;   /* ptr to computername of client  */
168.     unsigned short    ae_sp_username;   /* ptr to username submitted by   */
169.                                         /*  client (NULL if same as       */
170.                                         /*  computername)                 */
171. };      /* ae_sesspwerr */
172.  
173. struct ae_connstart {
174.     unsigned short    ae_ct_compname;   /* ptr to computername of client    */
175.     unsigned short    ae_ct_username;   /* ptr to username of client (NULL  */
176.                                         /*  if same as computername)        */
177.     unsigned short    ae_ct_netname;    /* ptr to netname of share          */
178.     unsigned short    ae_ct_connid;     /* Unique connection ID             */
179. };      /* ae_connstart */
180.  
181. struct ae_connstop {
182.     unsigned short    ae_cp_compname;   /* ptr to computername of client    */
183.     unsigned short    ae_cp_username;   /* ptr to username of client (NULL  */
184.                                         /*  if same as computername)        */
185.     unsigned short    ae_cp_netname;    /* ptr to netname of share          */
186.     unsigned short    ae_cp_connid;     /* Unique connection ID             */
187.     unsigned short    ae_cp_reason;     /* AE_NORMAL/AE_SESSDIS/AE_UNSHARE  */
188. };      /* ae_connstop */
189.  
190. struct ae_connrej {
191.     unsigned short    ae_cr_compname;   /* ptr to computername of client    */
192.     unsigned short    ae_cr_username;   /* ptr to username of client (NULL  */
193.                                         /*  if same as computername)        */
194.     unsigned short    ae_cr_netname;    /* ptr to netname of share          */
195.     unsigned short    ae_cr_reason;     /* AE_USERLIMIT, AE_BADPW           */
196. };      /* ae_connrej */
197.  
198. struct ae_resaccess {
199.     unsigned short    ae_ra_compname;   /* ptr to computername of client    */
200.     unsigned short    ae_ra_username;   /* ptr to username of client (NULL  */
201.                                         /*  if same as computername)        */
202.     unsigned short    ae_ra_resname;    /* ptr to resource name             */
203.     unsigned short    ae_ra_operation;  /* Bitmask uses bits defined in     */
204.                                         /*  access.h                        */
205.     unsigned short    ae_ra_returncode; /* return code from operation       */
206.     unsigned short    ae_ra_restype;    /* type of resource record          */
207.     unsigned short    ae_ra_fileid;     /* unique server ID of file         */
208. };      /* ae_resaccess */
209.  
210. struct ae_resaccessrej {
211.     unsigned short    ae_rr_compname;   /* ptr to computername of client    */
212.     unsigned short    ae_rr_username;   /* ptr to username of client (NULL  */
213.                                         /*  if same as computername)        */
214.     unsigned short    ae_rr_resname;    /* ptr to resource name             */
215.     unsigned short    ae_rr_operation;  /* Bitmask uses bits defined in     */
216.                                         /*  access.h                        */
217. };      /* ae_resaccessrej */
218.  
219. struct ae_closefile {
220.     unsigned short    ae_cf_compname;   /* ptr to computername of client    */
221.     unsigned short    ae_cf_username;   /* ptr to username of client (NULL  */
222.                                         /*  if same as computername)        */
223.     unsigned short    ae_cf_resname;    /* ptr to resource name             */
224.     unsigned short    ae_cf_fileid;     /* unique ID of file                */
225.     unsigned long     ae_cf_duration;   /* length of use of file            */
226.     unsigned short    ae_cf_reason;     /* How the file was closed          */
227.                                         /* 0 = Normal Client Close          */
228.                                         /* 1 = Session Disconnected         */
229.                                         /* 2 = Administrative Close         */
230. };      /* ae_closefile */
231.  
232. struct ae_servicestat {
233.     unsigned short      ae_ss_compname; /* ptr to computername of client    */
234.     unsigned short      ae_ss_username; /* ptr to username of client (NULL  */
235.                                         /*  if same as computername)        */
236.     unsigned short      ae_ss_svcname;  /* ptr to service name              */
237.     unsigned short      ae_ss_status;   /* status of service                */
238.     unsigned long       ae_ss_code;     /* code of service                  */
239.     unsigned short      ae_ss_text;     /* text of service                  */
240.     unsigned short      ae_ss_returnval;
241. };      /* ae_servicestat */
242.  
243.  
244. struct ae_aclmod {
245.     unsigned short    ae_am_compname;   /* ptr to computername of client    */
246.     unsigned short    ae_am_username;   /* ptr to username of client (NULL  */
247.                                         /*  if same as computername)        */
248.     unsigned short    ae_am_resname;    /* ptr to resource name             */
249.     unsigned short    ae_am_action;     /* action performed on ACL record   */
250.                                         /* 0 = mod, 1 = del, 2 = add        */
251.     unsigned short    ae_am_datalen;    /* length of data following struct  */
252. };      /* ae_aclmod */
253.  
254.  
255. struct ae_uasmod {
256.     unsigned short    ae_um_compname;   /* ptr to computername of client    */
257.     unsigned short    ae_um_username;   /* ptr to username of client (NULL  */
258.                                         /*  if same as computername)        */
259.     unsigned short    ae_um_resname;    /* ptr to resource name             */
260.     unsigned short    ae_um_rectype;    /* type of UAS record               */
261.                                         /* 0 = user, 1 = group, 2 = modals  */
262.     unsigned short    ae_um_action;     /* action performed on record       */
263.                                         /* 0 = mod, 1 = del, 2 = add        */
264.     unsigned short    ae_um_datalen;    /* length of appended structure     */
265. };      /* ae_uasmod */
266.  
267. struct ae_netlogon {
268.     unsigned short    ae_no_compname;   /* ptr to computername of client    */
269.     unsigned short    ae_no_username;   /* ptr to username of client (NULL  */
270.                                         /*  if same as computername)        */
271.     unsigned short    ae_no_privilege;  /* AE_GUEST, AE_USER, AE_ADMIN      */
272.     unsigned long     ae_no_authflags;  /* operator privileges              */
273. };      /* ae_netlogon */
274.  
275. struct ae_netlogoff {
276.     unsigned short    ae_nf_compname;   /* ptr to computername of client    */
277.     unsigned short    ae_nf_username;   /* ptr to username of client (NULL  */
278.                                         /* if same as computername)         */
279.     unsigned short    ae_reserved1;     /* AE_NORMAL (reason for logoff)    */
280.     unsigned short    ae_reserved2;     /* AE_NORMAL (details of reason)    */
281. };      /* ae_netlogoff */
282.  
283. struct ae_netlogdenied {
284.     unsigned short    ae_nd_compname;   /* ptr to computername of client    */
285.     unsigned short    ae_nd_username;   /* ptr to username of client (NULL  */
286.                                         /*  if same as computername)        */
287.     unsigned short    ae_nd_reason;     /* reason for denial of netlogon    */
288.     unsigned short    ae_nd_subreason;  /* details of reason for denial     */
289. };      /* ae_netlogdenied */
290.  
291. struct ae_acclim {
292.     unsigned short    ae_al_compname;   /* ptr to computername of client    */
293.     unsigned short    ae_al_username;   /* ptr to username of client (NULL  */
294.                                         /*  if same as computername)        */
295.     unsigned short    ae_al_resname;    /* ptr to resource name             */
296.     unsigned short    ae_al_limit;      /* limit that was exceeded          */
297. };      /* ae_acclim */
298.  
299.  
300. struct ae_resaccess2 {
301.     unsigned short    ae_ra2_compname;  /* ptr to computername of client    */
302.     unsigned short    ae_ra2_username;  /* ptr to username of client (NULL  */
303.                                         /*  if same as computername)        */
304.     unsigned short    ae_ra2_resname;   /* ptr to resource name             */
305.     unsigned short    ae_ra2_operation; /* Bitmask uses bits defined in     */
306.                                         /*  access.h                        */
307.     unsigned short    ae_ra2_returncode; /* return code from operation      */
308.     unsigned short    ae_ra2_restype;   /* type of resource record          */
309.     unsigned long     ae_ra2_fileid;    /* unique server ID of file         */
310. };      /* ae_resaccess2 */
311.  
312.  
313.  
314. #ifdef PURE_32
315. /****************************************************************
316.  *                                                              *
317.  *       Function prototypes for "pure" 32-bit code             *
318.  *                                                              *
319.  ****************************************************************/
320.  
321. extern API32_FUNCTION
322.   Net32AuditClear ( const unsigned char * pszServer,
323.                     const unsigned char * pszBackupFile,
324.                     unsigned char       * pszReserved );
325.  
326. extern API32_FUNCTION
327.   Net32AuditRead ( const unsigned char * pszServer,
328.                    const unsigned char * pszReserved1,
329.                    HLOG                * phAuditLogHandle,
330.                    unsigned long         ulOffset,
331.                    unsigned short      * pusReserved2,
332.                    unsigned long         ulReserved3,
333.                    unsigned long         ulOpenFlags,
334.                    unsigned char       * pbBuffer,
335.                    unsigned long         ulBuffer,
336.                    unsigned long       * pulReturned,
337.                    unsigned long       * pulTotalAvail );
338.  
339.  
340. extern API32_FUNCTION
341.   Net32AuditWrite ( unsigned short        usType,
342.                     const unsigned char * pbBuffer,
343.                     unsigned long         ulBuffer,
344.                     unsigned char       * pszReserved1,
345.                     unsigned char       * pszReserved2);
346.  
347.  
348. #endif /* PURE_32 */
349.  
350.  
351. /****************************************************************
352.  *                                                              *
353.  *              Special values and constants                    *
354.  *                                                              *
355.  ****************************************************************/
356.  
357.  
358. /*
359.  *      Audit entry types (field ae_type in audit_entry).
360.  */
361.  
362. #define AE_SRVSTATUS     0
363. #define AE_SESSLOGON     1
364. #define AE_SESSLOGOFF    2
365. #define AE_SESSPWERR     3
366. #define AE_CONNSTART     4
367. #define AE_CONNSTOP      5
368. #define AE_CONNREJ       6
369. #define AE_RESACCESS     7
370. #define AE_RESACCESSREJ  8
371. #define AE_CLOSEFILE     9
372. #define AE_SERVICESTAT  11
373. #define AE_ACLMOD       12
374. #define AE_UASMOD       13
375. #define AE_NETLOGON     14
376. #define AE_NETLOGOFF    15
377. #define AE_NETLOGDENIED 16
378. #define AE_ACCLIMITEXCD 17
379. #define AE_RESACCESS2   18
380. #define AE_ACLMODFAIL   19
381.  
382.  
383. /*
384.  *      Values for ae_ss_status field of ae_srvstatus.
385.  */
386.  
387. #define AE_SRVSTART     0
388. #define AE_SRVPAUSED    1
389. #define AE_SRVCONT      2
390. #define AE_SRVSTOP      3
391.  
392. /*
393.  *      Values for ae_so_privilege field of ae_sesslogon.
394.  */
395.  
396. #define AE_GUEST        0
397. #define AE_USER         1
398. #define AE_ADMIN        2
399.  
400. /*
401.  *      Values for various ae_XX_reason fields.
402.  */
403.  
404. #define AE_NORMAL       0
405. #define AE_USERLIMIT    0
406. #define AE_GENERAL      0
407. #define AE_ERROR        1
408. #define AE_SESSDIS      1
409. #define AE_BADPW        1
410. #define AE_AUTODIS      2
411. #define AE_UNSHARE      2
412. #define AE_ADMINPRIVREQD 2
413. #define AE_ADMINDIS     3
414. #define AE_NOACCESSPERM 3
415. #define AE_ACCRESTRICT  4
416. #define AE_UNDEFINEDUSER   9
417.  
418. #define AE_NORMAL_CLOSE 0
419. #define AE_SES_CLOSE    1
420. #define AE_ADMIN_CLOSE  2
421.  
422.  
423. /*
424.  * Values for xx_subreason fields.
425.  */
426.  
427. #define AE_LIM_UNKNOWN      0
428. #define AE_LIM_LOGONHOURS   1
429. #define AE_LIM_EXPIRED      2
430. #define AE_LIM_INVAL_WKSTA  3
431. #define AE_LIM_DISABLED     4
432. #define AE_LIM_DELETED      5
433.  
434.  
435.  
436. /*
437.  * Values for xx_action fields
438.  */
439.  
440. #define AE_MOD          0
441. #define AE_DELETE       1
442. #define AE_ADD          2
443. #define AE_PWSET        9
444.  
445.  
446. /*
447.  * Types of UAS record for um_rectype field
448.  */
449.  
450. #define AE_UAS_USER         0
451. #define AE_UAS_GROUP        1
452. #define AE_UAS_MODALS       2
453.  
454.  
455. /*
456.  * Bitmasks for auditing events
457.  *
458.  *  The parentheses around the hex constants broke h_to_inc
459.  *  and have been purged from the face of the earth.
460.  */
461.  
462. #define SVAUD_SERVICE           0x1
463. #define SVAUD_GOODSESSLOGON     0x6
464. #define SVAUD_BADSESSLOGON      0x18
465. #define SVAUD_SESSLOGON         (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)
466. #define SVAUD_GOODNETLOGON      0x60
467. #define SVAUD_BADNETLOGON       0x180
468. #define SVAUD_NETLOGON          (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)
469. #define SVAUD_LOGON             (SVAUD_NETLOGON | SVAUD_SESSLOGON)
470. #define SVAUD_GOODUSE           0x600
471. #define SVAUD_BADUSE            0x1800
472. #define SVAUD_USE               (SVAUD_GOODUSE | SVAUD_BADUSE)
473. #define SVAUD_USERLIST          0x2000
474. #define SVAUD_PERMISSIONS       0x4000
475. #define SVAUD_RESOURCE          0x8000
476. #define SVAUD_LOGONLIM          0x00010000
477.  
478.  
479. /*
480.  * Resource access audit bitmasks.
481.  */
482.  
483. #define AA_AUDIT_ALL        0x0001
484. #define AA_A_OWNER          0x0004
485. #define AA_CLOSE            0x0008
486. #define AA_S_OPEN           0x0010
487. #define AA_S_WRITE          0x0020
488. #define AA_S_CREATE         0x0020
489. #define AA_S_DELETE         0x0040
490. #define AA_S_ACL            0x0080
491. #define AA_S_ALL            ( AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)
492. #define AA_F_OPEN           0x0100
493. #define AA_F_WRITE          0x0200
494. #define AA_F_CREATE         0x0200
495. #define AA_F_DELETE         0x0400
496. #define AA_F_ACL            0x0800
497. #define AA_F_ALL            ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
498.  
499. /* Pinball-specific */
500. #define AA_A_OPEN           0x1000
501. #define AA_A_WRITE          0x2000
502. #define AA_A_CREATE         0x2000
503. #define AA_A_DELETE         0x4000
504. #define AA_A_ACL            0x8000
505. #define AA_A_ALL            ( AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)
506.  
507.  
508.  
509.  
510.  
511. #ifdef ANY_32_BIT
512. #pragma pack()
513. #endif
514.  
515. #endif /* NETAUDIT_INCLUDED */
516.