summaryrefslogtreecommitdiffstats
path: root/librpc/idl/eventlog.idl
diff options
context:
space:
mode:
Diffstat (limited to 'librpc/idl/eventlog.idl')
-rw-r--r--librpc/idl/eventlog.idl324
1 files changed, 324 insertions, 0 deletions
diff --git a/librpc/idl/eventlog.idl b/librpc/idl/eventlog.idl
new file mode 100644
index 0000000..e269467
--- /dev/null
+++ b/librpc/idl/eventlog.idl
@@ -0,0 +1,324 @@
+#include "idl_types.h"
+
+/*
+ eventlog interface definition
+*/
+
+import "lsa.idl", "security.idl";
+
+[ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
+ version(0.0),
+ helpstring("Event Logger")
+] interface eventlog
+{
+ typedef [bitmap32bit] bitmap {
+ EVENTLOG_SEQUENTIAL_READ = 0x0001,
+ EVENTLOG_SEEK_READ = 0x0002,
+ EVENTLOG_FORWARDS_READ = 0x0004,
+ EVENTLOG_BACKWARDS_READ = 0x0008
+ } eventlogReadFlags;
+
+ typedef [public] enum {
+ EVENTLOG_SUCCESS = 0x0000,
+ EVENTLOG_ERROR_TYPE = 0x0001,
+ EVENTLOG_WARNING_TYPE = 0x0002,
+ EVENTLOG_INFORMATION_TYPE = 0x0004,
+ EVENTLOG_AUDIT_SUCCESS = 0x0008,
+ EVENTLOG_AUDIT_FAILURE = 0x0010
+ } eventlogEventTypes;
+
+ typedef struct {
+ uint16 unknown0;
+ uint16 unknown1;
+ } eventlog_OpenUnknown0;
+
+ /* compat structure for samba3 on-disc eventlog format,
+ this is *NOT* used on the wire. - gd */
+
+ typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
+ uint32 size;
+ [charset(DOS),value("eLfL")] uint8 reserved[4];
+ uint32 record_number;
+ time_t time_generated;
+ time_t time_written;
+ uint32 event_id;
+ eventlogEventTypes event_type;
+ [range(0,256)] uint16 num_of_strings;
+ uint16 event_category;
+ uint16 reserved_flags;
+ uint32 closing_record_number;
+ uint32 stringoffset;
+ [value(sid.length)] uint32 sid_length;
+ uint32 sid_offset;
+ [value(data.length)] uint32 data_length;
+ uint32 data_offset;
+ [value(2*strlen_m_term(source_name))] uint32 source_name_len;
+ nstring source_name;
+ [value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
+ nstring computer_name;
+ uint32 sid_padding;
+ DATA_BLOB sid;
+ [value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
+ nstring strings[num_of_strings];
+ DATA_BLOB data;
+ uint32 padding;
+ } eventlog_Record_tdb;
+
+ typedef [v1_enum] enum {
+ ELF_LOGFILE_HEADER_DIRTY = 0x0001,
+ ELF_LOGFILE_HEADER_WRAP = 0x0002,
+ ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
+ ELF_LOGFILE_ARCHIVE_SET = 0x0008
+ } EVENTLOG_HEADER_FLAGS;
+
+ typedef [public] struct {
+ [value(0x30)] uint32 HeaderSize;
+ [charset(DOS),value("LfLe")] uint8 Signature[4];
+ [value(1)] uint32 MajorVersion;
+ [value(1)] uint32 MinorVersion;
+ uint32 StartOffset;
+ uint32 EndOffset;
+ uint32 CurrentRecordNumber;
+ uint32 OldestRecordNumber;
+ uint32 MaxSize;
+ EVENTLOG_HEADER_FLAGS Flags;
+ uint32 Retention;
+ [value(0x30)] uint32 EndHeaderSize;
+ } EVENTLOGHEADER;
+
+ typedef [public,gensize] struct {
+ uint32 Length;
+ [charset(DOS),value("LfLe")] uint8 Reserved[4];
+ uint32 RecordNumber;
+ time_t TimeGenerated;
+ time_t TimeWritten;
+ uint32 EventID;
+ eventlogEventTypes EventType;
+ uint16 NumStrings;
+ uint16 EventCategory;
+ uint16 ReservedFlags;
+ uint32 ClosingRecordNumber;
+ [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
+ [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
+ [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
+ uint32 DataLength;
+ [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
+ nstring SourceName;
+ nstring Computername;
+ [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
+ nstring Strings[NumStrings];
+ [flag(NDR_PAHEX)] uint8 Data[DataLength];
+ astring Pad;
+ [value(Length)] uint32 Length2;
+ } EVENTLOGRECORD;
+
+ typedef [public] struct {
+ [value(0x28)] uint32 RecordSizeBeginning;
+ [value(0x11111111)] uint32 One;
+ [value(0x22222222)] uint32 Two;
+ [value(0x33333333)] uint32 Three;
+ [value(0x44444444)] uint32 Four;
+ uint32 BeginRecord;
+ uint32 EndRecord;
+ uint32 CurrentRecordNumber;
+ uint32 OldestRecordNumber;
+ [value(0x28)] uint32 RecordSizeEnd;
+ } EVENTLOGEOF;
+
+ /* the following is true for a non-wrapped evt file (e.g. backups
+ * generated and viewed with eventvwr) */
+
+ typedef [public] struct {
+ EVENTLOGHEADER hdr;
+ EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
+ EVENTLOGEOF eof;
+ } EVENTLOG_EVT_FILE;
+
+ /******************/
+ /* Function: 0x00 */
+ NTSTATUS eventlog_ClearEventLogW(
+ [in] policy_handle *handle,
+ [in,unique] lsa_String *backupfile
+ );
+
+ /******************/
+ /* Function: 0x01 */
+ NTSTATUS eventlog_BackupEventLogW(
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *backup_filename
+ );
+
+ /******************/
+ /* Function: 0x02 */
+ NTSTATUS eventlog_CloseEventLog(
+ [in,out] policy_handle *handle
+ );
+
+ /******************/
+ /* Function: 0x03 */
+ NTSTATUS eventlog_DeregisterEventSource(
+ [in,out] policy_handle *handle
+ );
+
+ /******************/
+ /* Function: 0x04 */
+ NTSTATUS eventlog_GetNumRecords(
+ [in] policy_handle *handle,
+ [out,ref] uint32 *number
+ );
+
+ /******************/
+ /* Function: 0x05 */
+ NTSTATUS eventlog_GetOldestRecord(
+ [in] policy_handle *handle,
+ [out,ref] uint32 *oldest_entry
+ );
+
+ /******************/
+ /* Function: 0x06 */
+ [todo] NTSTATUS eventlog_ChangeNotify();
+
+ /******************/
+ /* Function: 0x07 */
+ NTSTATUS eventlog_OpenEventLogW(
+ [in,unique] eventlog_OpenUnknown0 *unknown0,
+ [in,ref] lsa_String *logname,
+ [in,ref] lsa_String *servername,
+ [in] uint32 major_version,
+ [in] uint32 minor_version,
+ [out] policy_handle *handle
+ );
+
+ /******************/
+ /* Function: 0x08 */
+ NTSTATUS eventlog_RegisterEventSourceW(
+ [in,unique] eventlog_OpenUnknown0 *unknown0,
+ [in,ref] lsa_String *module_name,
+ [in,ref] lsa_String *reg_module_name,
+ [in] uint32 major_version,
+ [in] uint32 minor_version,
+ [out] policy_handle *log_handle
+ );
+
+ /******************/
+ /* Function: 0x09 */
+ NTSTATUS eventlog_OpenBackupEventLogW(
+ [in,unique] eventlog_OpenUnknown0 *unknown0,
+ [in,ref] lsa_String *backup_logname,
+ [in] uint32 major_version,
+ [in] uint32 minor_version,
+ [out] policy_handle *handle
+ );
+
+ /******************/
+ /* Function: 0x0a */
+ NTSTATUS eventlog_ReadEventLogW(
+ [in] policy_handle *handle,
+ [in] eventlogReadFlags flags,
+ [in] uint32 offset,
+ [in] [range(0,0x7FFFF)] uint32 number_of_bytes,
+ [out,ref,size_is(number_of_bytes)] uint8 *data,
+ [out,ref] uint32 *sent_size,
+ [out,ref] uint32 *real_size
+ );
+
+ /*****************/
+ /* Function 0x0b */
+ NTSTATUS eventlog_ReportEventW(
+ [in] policy_handle *handle,
+ [in] time_t timestamp,
+ [in] eventlogEventTypes event_type,
+ [in] uint16 event_category,
+ [in] uint32 event_id,
+ [in] [range(0,256)] uint16 num_of_strings,
+ [in] [range(0,0x3FFFF)] uint32 data_size,
+ [in,ref] lsa_String *servername,
+ [in,unique] dom_sid *user_sid,
+ [in,unique] [size_is(num_of_strings)] lsa_String **strings,
+ [in,unique] [size_is(data_size)] uint8 *data,
+ [in] uint16 flags,
+ [in,out,unique] uint32 *record_number,
+ [in,out,unique] time_t *time_written
+ );
+
+ /*****************/
+ /* Function 0x0c */
+ [todo] NTSTATUS eventlog_ClearEventLogA();
+
+ /******************/
+ /* Function: 0x0d */
+ [todo] NTSTATUS eventlog_BackupEventLogA();
+
+ /*****************/
+ /* Function 0x0e */
+ [todo] NTSTATUS eventlog_OpenEventLogA();
+
+ /*****************/
+ /* Function 0x0f */
+ [todo] NTSTATUS eventlog_RegisterEventSourceA();
+
+ /*****************/
+ /* Function 0x10 */
+ [todo] NTSTATUS eventlog_OpenBackupEventLogA();
+
+ /*****************/
+ /* Function 0x11 */
+ [todo] NTSTATUS eventlog_ReadEventLogA();
+
+ /*****************/
+ /* Function 0x12 */
+ [todo] NTSTATUS eventlog_ReportEventA();
+
+ /*****************/
+ /* Function 0x13 */
+ [todo] NTSTATUS eventlog_RegisterClusterSvc();
+
+ /*****************/
+ /* Function 0x14 */
+ [todo] NTSTATUS eventlog_DeregisterClusterSvc();
+
+ /*****************/
+ /* Function 0x15 */
+ [todo] NTSTATUS eventlog_WriteClusterEvents();
+
+ /*****************/
+ /* Function 0x16 */
+
+ typedef [public] struct {
+ boolean32 full;
+ } EVENTLOG_FULL_INFORMATION;
+
+ NTSTATUS eventlog_GetLogInformation(
+ [in] policy_handle *handle,
+ [in] uint32 level,
+ [out,ref] [size_is(buf_size)] uint8 *buffer,
+ [in] [range(0,1024)] uint32 buf_size,
+ [out,ref] uint32 *bytes_needed
+ );
+
+ /*****************/
+ /* Function 0x17 */
+ NTSTATUS eventlog_FlushEventLog(
+ [in] policy_handle *handle
+ );
+
+ /*****************/
+ /* Function 0x18 */
+ NTSTATUS eventlog_ReportEventAndSourceW(
+ [in] policy_handle *handle,
+ [in] time_t timestamp,
+ [in] eventlogEventTypes event_type,
+ [in] uint16 event_category,
+ [in] uint32 event_id,
+ [in,ref] lsa_String *sourcename,
+ [in] [range(0,256)] uint16 num_of_strings,
+ [in] [range(0,0x3FFFF)] uint32 data_size,
+ [in,ref] lsa_String *servername,
+ [in,unique] dom_sid *user_sid,
+ [in,unique] [size_is(num_of_strings)] lsa_String **strings,
+ [in,unique] [size_is(data_size)] uint8 *data,
+ [in] uint16 flags,
+ [in,out,unique] uint32 *record_number,
+ [in,out,unique] time_t *time_written
+ );
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 08:56:02 +0000