librpc/idl/eventlog.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   eventlog interface definition
   5 */
   6
   7 import "lsa.idl", "security.idl";
   8
   9 [ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
  10   version(0.0),
  11   helpstring("Event Logger")
  12 ] interface eventlog
  13 {
  14         typedef [bitmap32bit] bitmap {
  15                 EVENTLOG_SEQUENTIAL_READ = 0x0001,
  16                 EVENTLOG_SEEK_READ       = 0x0002,
  17                 EVENTLOG_FORWARDS_READ   = 0x0004,
  18                 EVENTLOG_BACKWARDS_READ  = 0x0008
  19         } eventlogReadFlags;
  20
  21         typedef [public] enum {
  22                 EVENTLOG_SUCCESS          = 0x0000,
  23                 EVENTLOG_ERROR_TYPE       = 0x0001,
  24                 EVENTLOG_WARNING_TYPE     = 0x0002,
  25                 EVENTLOG_INFORMATION_TYPE = 0x0004,
  26                 EVENTLOG_AUDIT_SUCCESS    = 0x0008,
  27                 EVENTLOG_AUDIT_FAILURE    = 0x0010
  28         } eventlogEventTypes;
  29
  30         typedef struct {
  31                 uint16 unknown0;
  32                 uint16 unknown1;
  33         } eventlog_OpenUnknown0;
  34
  35         /* compat structure for samba3 on-disc eventlog format,
  36            this is *NOT* used on the wire. - gd */
  37
  38         typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
  39                 uint32 size;
  40                 [charset(DOS),value("eLfL")] uint8 reserved[4];
  41                 uint32 record_number;
  42                 time_t time_generated;
  43                 time_t time_written;
  44                 uint32 event_id;
  45                 eventlogEventTypes event_type;
  46                 [range(0,256)] uint16 num_of_strings;
  47                 uint16 event_category;
  48                 uint16 reserved_flags;
  49                 uint32 closing_record_number;
  50                 uint32 stringoffset;
  51                 [value(sid.length)] uint32 sid_length;
  52                 uint32 sid_offset;
  53                 [value(data.length)] uint32 data_length;
  54                 uint32 data_offset;
  55                 [value(2*strlen_m_term(source_name))] uint32 source_name_len;
  56                 nstring source_name;
  57                 [value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
  58                 nstring computer_name;
  59                 uint32 sid_padding;
  60                 DATA_BLOB sid;
  61                 [value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
  62                 nstring strings[num_of_strings];
  63                 DATA_BLOB data;
  64                 uint32 padding;
  65         } eventlog_Record_tdb;
  66
  67         typedef [v1_enum] enum {
  68                 ELF_LOGFILE_HEADER_DIRTY        = 0x0001,
  69                 ELF_LOGFILE_HEADER_WRAP         = 0x0002,
  70                 ELF_LOGFILE_LOGFULL_WRITTEN     = 0x0004,
  71                 ELF_LOGFILE_ARCHIVE_SET         = 0x0008
  72         } EVENTLOG_HEADER_FLAGS;
  73
  74         typedef [public] struct {
  75                 [value(0x30)] uint32 HeaderSize;
  76                 [charset(DOS),value("LfLe")] uint8 Signature[4];
  77                 [value(1)] uint32 MajorVersion;
  78                 [value(1)] uint32 MinorVersion;
  79                 uint32 StartOffset;
  80                 uint32 EndOffset;
  81                 uint32 CurrentRecordNumber;
  82                 uint32 OldestRecordNumber;
  83                 uint32 MaxSize;
  84                 EVENTLOG_HEADER_FLAGS Flags;
  85                 uint32 Retention;
  86                 [value(0x30)] uint32 EndHeaderSize;
  87         } EVENTLOGHEADER;
  88
  89         typedef [public,gensize] struct {
  90                 uint32 Length;
  91                 [charset(DOS),value("LfLe")] uint8 Reserved[4];
  92                 uint32 RecordNumber;
  93                 time_t TimeGenerated;
  94                 time_t TimeWritten;
  95                 uint32 EventID;
  96                 eventlogEventTypes EventType;
  97                 uint16 NumStrings;
  98                 uint16 EventCategory;
  99                 uint16 ReservedFlags;
 100                 uint32 ClosingRecordNumber;
 101                 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
 102                 [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
 103                 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
 104                 uint32 DataLength;
 105                 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
 106                 nstring SourceName;
 107                 nstring Computername;
 108                 [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
 109                 nstring Strings[NumStrings];
 110                 [flag(NDR_PAHEX)] uint8 Data[DataLength];
 111                 astring Pad;
 112                 [value(Length)] uint32 Length2;
 113         } EVENTLOGRECORD;
 114
 115         typedef [public] struct {
 116                 [value(0x28)] uint32 RecordSizeBeginning;
 117                 [value(0x11111111)] uint32 One;
 118                 [value(0x22222222)] uint32 Two;
 119                 [value(0x33333333)] uint32 Three;
 120                 [value(0x44444444)] uint32 Four;
 121                 uint32 BeginRecord;
 122                 uint32 EndRecord;
 123                 uint32 CurrentRecordNumber;
 124                 uint32 OldestRecordNumber;
 125                 [value(0x28)] uint32 RecordSizeEnd;
 126         } EVENTLOGEOF;
 127
 128         /* the following is true for a non-wrapped evt file (e.g. backups
 129          * generated and viewed with eventvwr) */
 130
 131         typedef [public] struct {
 132                 EVENTLOGHEADER hdr;
 133                 EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
 134                 EVENTLOGEOF eof;
 135         } EVENTLOG_EVT_FILE;
 136
 137         /******************/
 138         /* Function: 0x00 */
 139         NTSTATUS eventlog_ClearEventLogW(
 140                 [in] policy_handle *handle,
 141                 [in,unique] lsa_String *backupfile
 142         );
 143
 144         /******************/
 145         /* Function: 0x01 */
 146         NTSTATUS eventlog_BackupEventLogW(
 147                 [in] policy_handle *handle,
 148                 [in,ref] lsa_String *backup_filename
 149                 );
 150
 151         /******************/
 152         /* Function: 0x02 */
 153         NTSTATUS eventlog_CloseEventLog(
 154                 [in,out] policy_handle *handle
 155         );
 156
 157         /******************/
 158         /* Function: 0x03 */
 159         NTSTATUS eventlog_DeregisterEventSource(
 160                 [in,out] policy_handle *handle
 161                 );
 162
 163         /******************/
 164         /* Function: 0x04 */
 165         NTSTATUS eventlog_GetNumRecords(
 166                 [in] policy_handle *handle,
 167                 [out,ref] uint32 *number
 168         );
 169
 170         /******************/
 171         /* Function: 0x05 */
 172         NTSTATUS eventlog_GetOldestRecord(
 173                 [in] policy_handle *handle,
 174                 [out,ref] uint32 *oldest_entry
 175         );
 176
 177         /******************/
 178         /* Function: 0x06 */
 179         [todo] NTSTATUS eventlog_ChangeNotify();
 180
 181         /******************/
 182         /* Function: 0x07 */
 183         NTSTATUS eventlog_OpenEventLogW(
 184                 [in,unique]         eventlog_OpenUnknown0 *unknown0,
 185                 [in,ref]    lsa_String *logname,
 186                 [in,ref]    lsa_String *servername,
 187                 [in]        uint32 major_version,
 188                 [in]        uint32 minor_version,
 189                 [out]   policy_handle *handle
 190         );
 191
 192         /******************/
 193         /* Function: 0x08 */
 194         NTSTATUS eventlog_RegisterEventSourceW(
 195                 [in,unique] eventlog_OpenUnknown0 *unknown0,
 196                 [in,ref] lsa_String *module_name,
 197                 [in,ref] lsa_String *reg_module_name,
 198                 [in] uint32 major_version,
 199                 [in] uint32 minor_version,
 200                 [out] policy_handle *log_handle
 201                 );
 202
 203         /******************/
 204         /* Function: 0x09 */
 205         NTSTATUS eventlog_OpenBackupEventLogW(
 206                 [in,unique] eventlog_OpenUnknown0 *unknown0,
 207                 [in,ref] lsa_String *backup_logname,
 208                 [in] uint32 major_version,
 209                 [in] uint32 minor_version,
 210                 [out] policy_handle *handle
 211                 );
 212
 213         /******************/
 214         /* Function: 0x0a */
 215         NTSTATUS eventlog_ReadEventLogW(
 216                 [in] policy_handle *handle,
 217                 [in] eventlogReadFlags flags,
 218                 [in] uint32 offset,
 219                 [in] [range(0,0x7FFFF)] uint32 number_of_bytes,
 220                 [out,ref,size_is(number_of_bytes)] uint8 *data,
 221                 [out,ref] uint32 *sent_size,
 222                 [out,ref] uint32 *real_size
 223         );
 224
 225         /*****************/
 226         /* Function 0x0b */
 227         NTSTATUS eventlog_ReportEventW(
 228                 [in] policy_handle *handle,
 229                 [in] time_t timestamp,
 230                 [in] eventlogEventTypes event_type,
 231                 [in] uint16 event_category,
 232                 [in] uint32 event_id,
 233                 [in] [range(0,256)] uint16 num_of_strings,
 234                 [in] [range(0,0x3FFFF)] uint32 data_size,
 235                 [in,ref] lsa_String *servername,
 236                 [in,unique] dom_sid *user_sid,
 237                 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
 238                 [in,unique] [size_is(data_size)] uint8 *data,
 239                 [in] uint16 flags,
 240                 [in,out,unique] uint32 *record_number,
 241                 [in,out,unique] time_t *time_written
 242                 );
 243
 244         /*****************/
 245         /* Function 0x0c */
 246         [todo] NTSTATUS eventlog_ClearEventLogA();
 247
 248         /******************/
 249         /* Function: 0x0d */
 250         [todo] NTSTATUS eventlog_BackupEventLogA();
 251
 252         /*****************/
 253         /* Function 0x0e */
 254         [todo] NTSTATUS eventlog_OpenEventLogA();
 255
 256         /*****************/
 257         /* Function 0x0f */
 258         [todo] NTSTATUS eventlog_RegisterEventSourceA();
 259
 260         /*****************/
 261         /* Function 0x10 */
 262         [todo] NTSTATUS eventlog_OpenBackupEventLogA();
 263
 264         /*****************/
 265         /* Function 0x11 */
 266         [todo] NTSTATUS eventlog_ReadEventLogA();
 267
 268         /*****************/
 269         /* Function 0x12 */
 270         [todo] NTSTATUS eventlog_ReportEventA();
 271
 272         /*****************/
 273         /* Function 0x13 */
 274         [todo] NTSTATUS eventlog_RegisterClusterSvc();
 275
 276         /*****************/
 277         /* Function 0x14 */
 278         [todo] NTSTATUS eventlog_DeregisterClusterSvc();
 279
 280         /*****************/
 281         /* Function 0x15 */
 282         [todo] NTSTATUS eventlog_WriteClusterEvents();
 283
 284         /*****************/
 285         /* Function 0x16 */
 286
 287         typedef [public] struct {
 288                 boolean32 full;
 289         } EVENTLOG_FULL_INFORMATION;
 290
 291         NTSTATUS eventlog_GetLogInformation(
 292                 [in] policy_handle *handle,
 293                 [in] uint32 level,
 294                 [out,ref] [size_is(buf_size)] uint8 *buffer,
 295                 [in] [range(0,1024)] uint32 buf_size,
 296                 [out,ref] uint32 *bytes_needed
 297                 );
 298
 299         /*****************/
 300         /* Function 0x17 */
 301         NTSTATUS eventlog_FlushEventLog(
 302                 [in] policy_handle *handle
 303         );
 304
 305         /*****************/
 306         /* Function 0x18 */
 307         NTSTATUS eventlog_ReportEventAndSourceW(
 308                 [in] policy_handle *handle,
 309                 [in] time_t timestamp,
 310                 [in] eventlogEventTypes event_type,
 311                 [in] uint16 event_category,
 312                 [in] uint32 event_id,
 313                 [in,ref] lsa_String *sourcename,
 314                 [in] [range(0,256)] uint16 num_of_strings,
 315                 [in] [range(0,0x3FFFF)] uint32 data_size,
 316                 [in,ref] lsa_String *servername,
 317                 [in,unique] dom_sid *user_sid,
 318                 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
 319                 [in,unique] [size_is(data_size)] uint8 *data,
 320                 [in] uint16 flags,
 321                 [in,out,unique] uint32 *record_number,
 322                 [in,out,unique] time_t *time_written
 323                 );
 324 }