/** * This file is part of the mingw-w64 runtime package. * No warranty is given; refer to the file DISCLAIMER within this package. */ #include #ifndef _ADTGEN_H #define _ADTGEN_H #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) #define AUDIT_TYPE_LEGACY 1 #define AUDIT_TYPE_WMI 2 typedef enum _AUDIT_PARAM_TYPE { APT_None = 1, APT_String, APT_Ulong, APT_Pointer, APT_Sid, APT_LogonId, APT_ObjectTypeList, APT_Luid, APT_Guid, APT_Time, APT_Int64, APT_IpAddress, APT_LogonIdWithSid } AUDIT_PARAM_TYPE; #define AP_ParamTypeBits 8 #define AP_ParamTypeMask __MSABI_LONG(0xff) #define AP_FormatHex (__MSABI_LONG(0x1) << AP_ParamTypeBits) #define AP_AccessMask (__MSABI_LONG(0x2) << AP_ParamTypeBits) #define AP_Filespec (__MSABI_LONG(0x1) << AP_ParamTypeBits) #define AP_SidAsLogonId (__MSABI_LONG(0x1) << AP_ParamTypeBits) #define AP_PrimaryLogonId (__MSABI_LONG(0x1) << AP_ParamTypeBits) #define AP_ClientLogonId (__MSABI_LONG(0x2) << AP_ParamTypeBits) #define ApExtractType(TypeFlags) ((AUDIT_PARAM_TYPE) (TypeFlags & AP_ParamTypeMask)) #define ApExtractFlags(TypeFlags) ((TypeFlags & ~AP_ParamTypeMask)) #define _AUTHZ_SS_MAXSIZE 128 #define APF_AuditFailure 0x0 #define APF_AuditSuccess 0x1 #define APF_ValidFlags (APF_AuditSuccess) #define AUTHZ_ALLOW_MULTIPLE_SOURCE_INSTANCES 0x1 #define AUTHZ_MIGRATED_LEGACY_PUBLISHER 0x2 #define AUTHZ_AUDIT_INSTANCE_INFORMATION 0x2 typedef struct _AUDIT_OBJECT_TYPE { GUID ObjectType; USHORT Flags; USHORT Level; ACCESS_MASK AccessMask; } AUDIT_OBJECT_TYPE,*PAUDIT_OBJECT_TYPE; typedef struct _AUDIT_OBJECT_TYPES { USHORT Count; USHORT Flags; #ifdef __WIDL__ [size_is (Count)] #endif AUDIT_OBJECT_TYPE *pObjectTypes; } AUDIT_OBJECT_TYPES,*PAUDIT_OBJECT_TYPES; typedef struct _AUDIT_IP_ADDRESS { BYTE pIpAddress[_AUTHZ_SS_MAXSIZE]; } AUDIT_IP_ADDRESS,*PAUDIT_IP_ADDRESS; typedef struct _AUDIT_PARAM { AUDIT_PARAM_TYPE Type; ULONG Length; DWORD Flags; #ifdef __WIDL__ [switch_type (AUDIT_PARAM_TYPE), switch_is (Type)] #else __C89_NAMELESS #endif union { #ifdef __WIDL__ [default] #endif ULONG_PTR Data0; #ifdef __WIDL__ [case (APT_String)] [string] #endif PWSTR String; #ifdef __WIDL__ [case (APT_Ulong, APT_Pointer)] #endif ULONG_PTR u; #ifdef __WIDL__ [case (APT_Sid)] #endif SID *psid; #ifdef __WIDL__ [case (APT_Guid)] #endif GUID *pguid; #ifdef __WIDL__ [case (APT_LogonId)] #endif ULONG LogonId_LowPart; #ifdef __WIDL__ [case (APT_ObjectTypeList)] #endif AUDIT_OBJECT_TYPES *pObjectTypes; #ifdef __WIDL__ [case (APT_IpAddress)] #endif AUDIT_IP_ADDRESS *pIpAddress; }; #ifdef __WIDL__ [switch_type (AUDIT_PARAM_TYPE), switch_is (Type)] #else __C89_NAMELESS #endif union { #ifdef __WIDL__ [default] #endif ULONG_PTR Data1; #ifdef __WIDL__ [case (APT_LogonId)] #endif LONG LogonId_HighPart; }; } AUDIT_PARAM,*PAUDIT_PARAM; typedef struct _AUDIT_PARAMS { ULONG Length; DWORD Flags; USHORT Count; #ifdef __WIDL__ [size_is (Count)] #endif AUDIT_PARAM *Parameters; } AUDIT_PARAMS,*PAUDIT_PARAMS; typedef struct _AUTHZ_AUDIT_EVENT_TYPE_LEGACY { USHORT CategoryId; USHORT AuditId; USHORT ParameterCount; } AUTHZ_AUDIT_EVENT_TYPE_LEGACY,*PAUTHZ_AUDIT_EVENT_TYPE_LEGACY; typedef #ifdef __WIDL__ [switch_type (BYTE)] #endif union _AUTHZ_AUDIT_EVENT_TYPE_UNION { #ifdef __WIDL__ [case (AUDIT_TYPE_LEGACY)] #endif AUTHZ_AUDIT_EVENT_TYPE_LEGACY Legacy; } AUTHZ_AUDIT_EVENT_TYPE_UNION,*PAUTHZ_AUDIT_EVENT_TYPE_UNION; typedef struct _AUTHZ_AUDIT_EVENT_TYPE_OLD { ULONG Version; DWORD dwFlags; LONG RefCount; ULONG_PTR hAudit; LUID LinkId; #ifdef __WIDL__ [switch_is (Version)] #endif AUTHZ_AUDIT_EVENT_TYPE_UNION u; } AUTHZ_AUDIT_EVENT_TYPE_OLD; typedef #ifdef __WIDL__ [handle] #endif AUTHZ_AUDIT_EVENT_TYPE_OLD *PAUTHZ_AUDIT_EVENT_TYPE_OLD; #define AUTHZP_WPD_EVENT 0x10 typedef #ifdef __WIDL__ [context_handle] #endif PVOID AUDIT_HANDLE,*PAUDIT_HANDLE; #endif #endif