drs-crackname: if there is no sid do not return the domain
[Samba/gbeck.git] / librpc / idl / eventlog.idl
blobe269467d0570dbce0e9c0e763da858cde64c6aa1
1 #include "idl_types.h"
3 /*
4 eventlog interface definition
5 */
7 import "lsa.idl", "security.idl";
9 [ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
10 version(0.0),
11 helpstring("Event Logger")
12 ] interface eventlog
14 typedef [bitmap32bit] bitmap {
15 EVENTLOG_SEQUENTIAL_READ = 0x0001,
16 EVENTLOG_SEEK_READ = 0x0002,
17 EVENTLOG_FORWARDS_READ = 0x0004,
18 EVENTLOG_BACKWARDS_READ = 0x0008
19 } eventlogReadFlags;
21 typedef [public] enum {
22 EVENTLOG_SUCCESS = 0x0000,
23 EVENTLOG_ERROR_TYPE = 0x0001,
24 EVENTLOG_WARNING_TYPE = 0x0002,
25 EVENTLOG_INFORMATION_TYPE = 0x0004,
26 EVENTLOG_AUDIT_SUCCESS = 0x0008,
27 EVENTLOG_AUDIT_FAILURE = 0x0010
28 } eventlogEventTypes;
30 typedef struct {
31 uint16 unknown0;
32 uint16 unknown1;
33 } eventlog_OpenUnknown0;
35 /* compat structure for samba3 on-disc eventlog format,
36 this is *NOT* used on the wire. - gd */
38 typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
39 uint32 size;
40 [charset(DOS),value("eLfL")] uint8 reserved[4];
41 uint32 record_number;
42 time_t time_generated;
43 time_t time_written;
44 uint32 event_id;
45 eventlogEventTypes event_type;
46 [range(0,256)] uint16 num_of_strings;
47 uint16 event_category;
48 uint16 reserved_flags;
49 uint32 closing_record_number;
50 uint32 stringoffset;
51 [value(sid.length)] uint32 sid_length;
52 uint32 sid_offset;
53 [value(data.length)] uint32 data_length;
54 uint32 data_offset;
55 [value(2*strlen_m_term(source_name))] uint32 source_name_len;
56 nstring source_name;
57 [value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
58 nstring computer_name;
59 uint32 sid_padding;
60 DATA_BLOB sid;
61 [value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
62 nstring strings[num_of_strings];
63 DATA_BLOB data;
64 uint32 padding;
65 } eventlog_Record_tdb;
67 typedef [v1_enum] enum {
68 ELF_LOGFILE_HEADER_DIRTY = 0x0001,
69 ELF_LOGFILE_HEADER_WRAP = 0x0002,
70 ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
71 ELF_LOGFILE_ARCHIVE_SET = 0x0008
72 } EVENTLOG_HEADER_FLAGS;
74 typedef [public] struct {
75 [value(0x30)] uint32 HeaderSize;
76 [charset(DOS),value("LfLe")] uint8 Signature[4];
77 [value(1)] uint32 MajorVersion;
78 [value(1)] uint32 MinorVersion;
79 uint32 StartOffset;
80 uint32 EndOffset;
81 uint32 CurrentRecordNumber;
82 uint32 OldestRecordNumber;
83 uint32 MaxSize;
84 EVENTLOG_HEADER_FLAGS Flags;
85 uint32 Retention;
86 [value(0x30)] uint32 EndHeaderSize;
87 } EVENTLOGHEADER;
89 typedef [public,gensize] struct {
90 uint32 Length;
91 [charset(DOS),value("LfLe")] uint8 Reserved[4];
92 uint32 RecordNumber;
93 time_t TimeGenerated;
94 time_t TimeWritten;
95 uint32 EventID;
96 eventlogEventTypes EventType;
97 uint16 NumStrings;
98 uint16 EventCategory;
99 uint16 ReservedFlags;
100 uint32 ClosingRecordNumber;
101 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
102 [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
103 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
104 uint32 DataLength;
105 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
106 nstring SourceName;
107 nstring Computername;
108 [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
109 nstring Strings[NumStrings];
110 [flag(NDR_PAHEX)] uint8 Data[DataLength];
111 astring Pad;
112 [value(Length)] uint32 Length2;
113 } EVENTLOGRECORD;
115 typedef [public] struct {
116 [value(0x28)] uint32 RecordSizeBeginning;
117 [value(0x11111111)] uint32 One;
118 [value(0x22222222)] uint32 Two;
119 [value(0x33333333)] uint32 Three;
120 [value(0x44444444)] uint32 Four;
121 uint32 BeginRecord;
122 uint32 EndRecord;
123 uint32 CurrentRecordNumber;
124 uint32 OldestRecordNumber;
125 [value(0x28)] uint32 RecordSizeEnd;
126 } EVENTLOGEOF;
128 /* the following is true for a non-wrapped evt file (e.g. backups
129 * generated and viewed with eventvwr) */
131 typedef [public] struct {
132 EVENTLOGHEADER hdr;
133 EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
134 EVENTLOGEOF eof;
135 } EVENTLOG_EVT_FILE;
137 /******************/
138 /* Function: 0x00 */
139 NTSTATUS eventlog_ClearEventLogW(
140 [in] policy_handle *handle,
141 [in,unique] lsa_String *backupfile
144 /******************/
145 /* Function: 0x01 */
146 NTSTATUS eventlog_BackupEventLogW(
147 [in] policy_handle *handle,
148 [in,ref] lsa_String *backup_filename
151 /******************/
152 /* Function: 0x02 */
153 NTSTATUS eventlog_CloseEventLog(
154 [in,out] policy_handle *handle
157 /******************/
158 /* Function: 0x03 */
159 NTSTATUS eventlog_DeregisterEventSource(
160 [in,out] policy_handle *handle
163 /******************/
164 /* Function: 0x04 */
165 NTSTATUS eventlog_GetNumRecords(
166 [in] policy_handle *handle,
167 [out,ref] uint32 *number
170 /******************/
171 /* Function: 0x05 */
172 NTSTATUS eventlog_GetOldestRecord(
173 [in] policy_handle *handle,
174 [out,ref] uint32 *oldest_entry
177 /******************/
178 /* Function: 0x06 */
179 [todo] NTSTATUS eventlog_ChangeNotify();
181 /******************/
182 /* Function: 0x07 */
183 NTSTATUS eventlog_OpenEventLogW(
184 [in,unique] eventlog_OpenUnknown0 *unknown0,
185 [in,ref] lsa_String *logname,
186 [in,ref] lsa_String *servername,
187 [in] uint32 major_version,
188 [in] uint32 minor_version,
189 [out] policy_handle *handle
192 /******************/
193 /* Function: 0x08 */
194 NTSTATUS eventlog_RegisterEventSourceW(
195 [in,unique] eventlog_OpenUnknown0 *unknown0,
196 [in,ref] lsa_String *module_name,
197 [in,ref] lsa_String *reg_module_name,
198 [in] uint32 major_version,
199 [in] uint32 minor_version,
200 [out] policy_handle *log_handle
203 /******************/
204 /* Function: 0x09 */
205 NTSTATUS eventlog_OpenBackupEventLogW(
206 [in,unique] eventlog_OpenUnknown0 *unknown0,
207 [in,ref] lsa_String *backup_logname,
208 [in] uint32 major_version,
209 [in] uint32 minor_version,
210 [out] policy_handle *handle
213 /******************/
214 /* Function: 0x0a */
215 NTSTATUS eventlog_ReadEventLogW(
216 [in] policy_handle *handle,
217 [in] eventlogReadFlags flags,
218 [in] uint32 offset,
219 [in] [range(0,0x7FFFF)] uint32 number_of_bytes,
220 [out,ref,size_is(number_of_bytes)] uint8 *data,
221 [out,ref] uint32 *sent_size,
222 [out,ref] uint32 *real_size
225 /*****************/
226 /* Function 0x0b */
227 NTSTATUS eventlog_ReportEventW(
228 [in] policy_handle *handle,
229 [in] time_t timestamp,
230 [in] eventlogEventTypes event_type,
231 [in] uint16 event_category,
232 [in] uint32 event_id,
233 [in] [range(0,256)] uint16 num_of_strings,
234 [in] [range(0,0x3FFFF)] uint32 data_size,
235 [in,ref] lsa_String *servername,
236 [in,unique] dom_sid *user_sid,
237 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
238 [in,unique] [size_is(data_size)] uint8 *data,
239 [in] uint16 flags,
240 [in,out,unique] uint32 *record_number,
241 [in,out,unique] time_t *time_written
244 /*****************/
245 /* Function 0x0c */
246 [todo] NTSTATUS eventlog_ClearEventLogA();
248 /******************/
249 /* Function: 0x0d */
250 [todo] NTSTATUS eventlog_BackupEventLogA();
252 /*****************/
253 /* Function 0x0e */
254 [todo] NTSTATUS eventlog_OpenEventLogA();
256 /*****************/
257 /* Function 0x0f */
258 [todo] NTSTATUS eventlog_RegisterEventSourceA();
260 /*****************/
261 /* Function 0x10 */
262 [todo] NTSTATUS eventlog_OpenBackupEventLogA();
264 /*****************/
265 /* Function 0x11 */
266 [todo] NTSTATUS eventlog_ReadEventLogA();
268 /*****************/
269 /* Function 0x12 */
270 [todo] NTSTATUS eventlog_ReportEventA();
272 /*****************/
273 /* Function 0x13 */
274 [todo] NTSTATUS eventlog_RegisterClusterSvc();
276 /*****************/
277 /* Function 0x14 */
278 [todo] NTSTATUS eventlog_DeregisterClusterSvc();
280 /*****************/
281 /* Function 0x15 */
282 [todo] NTSTATUS eventlog_WriteClusterEvents();
284 /*****************/
285 /* Function 0x16 */
287 typedef [public] struct {
288 boolean32 full;
289 } EVENTLOG_FULL_INFORMATION;
291 NTSTATUS eventlog_GetLogInformation(
292 [in] policy_handle *handle,
293 [in] uint32 level,
294 [out,ref] [size_is(buf_size)] uint8 *buffer,
295 [in] [range(0,1024)] uint32 buf_size,
296 [out,ref] uint32 *bytes_needed
299 /*****************/
300 /* Function 0x17 */
301 NTSTATUS eventlog_FlushEventLog(
302 [in] policy_handle *handle
305 /*****************/
306 /* Function 0x18 */
307 NTSTATUS eventlog_ReportEventAndSourceW(
308 [in] policy_handle *handle,
309 [in] time_t timestamp,
310 [in] eventlogEventTypes event_type,
311 [in] uint16 event_category,
312 [in] uint32 event_id,
313 [in,ref] lsa_String *sourcename,
314 [in] [range(0,256)] uint16 num_of_strings,
315 [in] [range(0,0x3FFFF)] uint32 data_size,
316 [in,ref] lsa_String *servername,
317 [in,unique] dom_sid *user_sid,
318 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
319 [in,unique] [size_is(data_size)] uint8 *data,
320 [in] uint16 flags,
321 [in,out,unique] uint32 *record_number,
322 [in,out,unique] time_t *time_written