C++程序  |  107行  |  2.68 KB

/**
 * This file has no copyright assigned and is placed in the Public Domain.
 * This file is part of the mingw-w64 runtime package.
 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
 */
#ifndef _ADTGEN_H
#define _ADTGEN_H

#define AUDIT_TYPE_LEGACY 1
#define AUDIT_TYPE_WMI 2

typedef enum _AUDIT_PARAM_TYPE {
  APT_None = 1,
  APT_String,APT_Ulong,
  APT_Pointer,
  APT_Sid,
  APT_LogonId,
  APT_ObjectTypeList,
  APT_Luid,
  APT_Guid,
  APT_Time,
  APT_Int64
} AUDIT_PARAM_TYPE;

#define AP_ParamTypeBits 8
#define AP_ParamTypeMask __MSABI_LONG(0x000000ff)

#define AP_FormatHex (__MSABI_LONG(0x0001) << AP_ParamTypeBits)
#define AP_AccessMask (__MSABI_LONG(0x0002) << AP_ParamTypeBits)
#define AP_Filespec (__MSABI_LONG(0x0001) << AP_ParamTypeBits)
#define AP_PrimaryLogonId (__MSABI_LONG(0x0001) << AP_ParamTypeBits)
#define AP_ClientLogonId (__MSABI_LONG(0x0002) << AP_ParamTypeBits)

#define ApExtractType(TypeFlags) ((AUDIT_PARAM_TYPE)(TypeFlags & AP_ParamTypeMask))
#define ApExtractFlags(TypeFlags) ((TypeFlags & ~AP_ParamTypeMask))

typedef struct _AUDIT_OBJECT_TYPE {
  GUID ObjectType;
  USHORT Flags;
  USHORT Level;
  ACCESS_MASK AccessMask;
} AUDIT_OBJECT_TYPE,*PAUDIT_OBJECT_TYPE;

typedef struct _AUDIT_OBJECT_TYPES {
  USHORT Count;
  USHORT Flags;
  AUDIT_OBJECT_TYPE *pObjectTypes;
} AUDIT_OBJECT_TYPES,*PAUDIT_OBJECT_TYPES;

typedef struct _AUDIT_PARAM {
  AUDIT_PARAM_TYPE Type;
  ULONG Length;
  DWORD Flags;
  __C89_NAMELESS union {
    ULONG_PTR Data0;
    PWSTR String;
    ULONG_PTR u;
    SID *psid;
    GUID *pguid;
    ULONG LogonId_LowPart;
    AUDIT_OBJECT_TYPES *pObjectTypes;
  };
  __C89_NAMELESS union {
    ULONG_PTR Data1;
    LONG LogonId_HighPart;
  };
} AUDIT_PARAM,*PAUDIT_PARAM;

#define APF_AuditFailure 0x00000000
#define APF_AuditSuccess 0x00000001

#define APF_ValidFlags (APF_AuditSuccess)

typedef struct _AUDIT_PARAMS {
  ULONG Length;
  DWORD Flags;
  USHORT Count;
  AUDIT_PARAM *Parameters;
} AUDIT_PARAMS,*PAUDIT_PARAMS;

typedef struct _AUTHZ_AUDIT_EVENT_TYPE_LEGACY {
  USHORT CategoryId;
  USHORT AuditId;
  USHORT ParameterCount;
} AUTHZ_AUDIT_EVENT_TYPE_LEGACY,*PAUTHZ_AUDIT_EVENT_TYPE_LEGACY;

typedef union _AUTHZ_AUDIT_EVENT_TYPE_UNION {
  AUTHZ_AUDIT_EVENT_TYPE_LEGACY Legacy;
} AUTHZ_AUDIT_EVENT_TYPE_UNION,*PAUTHZ_AUDIT_EVENT_TYPE_UNION;

typedef struct _AUTHZ_AUDIT_EVENT_TYPE_OLD {
  ULONG Version;
  DWORD dwFlags;
  LONG RefCount;
  ULONG_PTR hAudit;
  LUID LinkId;
  AUTHZ_AUDIT_EVENT_TYPE_UNION u;
} AUTHZ_AUDIT_EVENT_TYPE_OLD;

typedef AUTHZ_AUDIT_EVENT_TYPE_OLD *PAUTHZ_AUDIT_EVENT_TYPE_OLD;
typedef PVOID AUDIT_HANDLE,*PAUDIT_HANDLE;

#define AUTHZ_ALLOW_MULTIPLE_SOURCE_INSTANCES 0x1
#define AUTHZ_AUDIT_INSTANCE_INFORMATION 0x2

#endif