using System;
using System.Collections;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
public static partial class Authz
{
/// The AUDIT_PARAM_TYPE enumeration defines the type of audit parameters that are available.
// https://docs.microsoft.com/en-us/windows/desktop/api/adtgen/ne-adtgen-_audit_param_type typedef enum _AUDIT_PARAM_TYPE {
// APT_None, APT_String, APT_Ulong, APT_Pointer, APT_Sid, APT_LogonId, APT_ObjectTypeList, APT_Luid, APT_Guid, APT_Time, APT_Int64,
// APT_IpAddress, APT_LogonIdWithSid } AUDIT_PARAM_TYPE;
[PInvokeData("adtgen.h", MSDNShortId = "1ECC866A-2DD3-4EE4-B2CC-7F5ADF7FFC99")]
public enum AUDIT_PARAM_TYPE
{
/// No audit options.
APT_None = 1,
/// A string that terminates with NULL.
[CorrespondingType(typeof(string), EncodingType = typeof(System.Text.UnicodeEncoding))]
APT_String,
/// An unsigned long.
[CorrespondingType(typeof(uint))]
APT_Ulong,
///
/// A pointer that is used to specify handles and pointers. These are 32-bit on 32-bit systems and 64-bit on 64-bit systems. Use
/// this option when you are interested in the absolute value of the pointer. The memory to which the pointer points is not
/// marshaled when using this type.
///
[CorrespondingType(typeof(IntPtr))]
APT_Pointer,
/// The security identifier (SID).
[CorrespondingType(typeof(PSID))]
APT_Sid,
///
/// The logon identifier (LUID) that results in three output parameters:
/// 1. Account Name 2. Authority Name 3. LogonID
///
[CorrespondingType(typeof(uint))]
APT_LogonId,
/// Object type list.
[CorrespondingType(typeof(AUDIT_OBJECT_TYPES))]
APT_ObjectTypeList,
/// LUID that is not translated to LogonId.
[CorrespondingType(typeof(uint))]
APT_Luid,
/// GUID.
[CorrespondingType(typeof(GuidPtr))]
APT_Guid,
/// Time as FILETIME.
[CorrespondingType(typeof(System.Runtime.InteropServices.ComTypes.FILETIME))]
APT_Time,
/// LONGLONG.
[CorrespondingType(typeof(long))]
APT_Int64,
///
/// IP Address (IPv4 and IPv6). This logs the address as the first parameter and the port as the second parameter. You must
/// ensure that two entries are added in the event message file. You should ensure that the buffer size is 128 bytes.
///
[CorrespondingType(typeof(byte[]))]
APT_IpAddress,
///
/// Logon ID with SID that results in four output parameters:
/// 1. SID 2. Account Name 3. Authority Name 4. LogonID
///
APT_LogonIdWithSid,
}
///
/// IP Addess (IPv4 and IPv6). This logs the address as the first parameter and the port as the second. So ensure that 2 entries are
/// added in the event message file, one for the address and the immediate next entry as the port
///
[PInvokeData("adtgen.h")]
[StructLayout(LayoutKind.Sequential)]
public struct AUDIT_IP_ADDRESS
{
private const int _AUTHZ_SS_MAXSIZE = 128;
/// The IP address bytes.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = _AUTHZ_SS_MAXSIZE)]
public byte[] pIpAddress;
}
/// Element of an object-type-list
[PInvokeData("adtgen.h")]
[StructLayout(LayoutKind.Sequential)]
public struct AUDIT_OBJECT_TYPE
{
/// guid of the (sub)object
public Guid ObjectType;
/// currently not defined
public ushort Flags;
/// level within the hierarchy. 0 is the root level
public ushort Level;
/// access-mask for this (sub)object
public ACCESS_MASK AccessMask;
}
///
/// The AUDIT_OBJECT_TYPES structure identifies an object type element in a hierarchy of object types. The AccessCheckByType
/// functions use an array of such structures to define a hierarchy of an object and its subobjects, such as property sets and properties.
///
[PInvokeData("adtgen.h")]
[StructLayout(LayoutKind.Sequential)]
public struct AUDIT_OBJECT_TYPES
{
/// number of object-types in pObjectTypes
public ushort Count;
/// currently not defined
public ushort Flags;
/// array of object-types (i.e. AUDIT_OBJECT_TYPE[])
public IntPtr pObjectTypes;
}
///
/// Structure that defines a single audit parameter. LsaGenAuditEvent accepts an array of such elements to represent the parameters
/// of the audit to be generated. It is best to initialize this structure using AdtInitParams function. This will ensure
/// compatibility with any future changes to this structure.
///
[PInvokeData("adtgen.h")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct AUDIT_PARAM
{
/// Type
public AUDIT_PARAM_TYPE Type;
/// currently unused
public uint Length;
/// currently unused
public uint Flags;
///
public IntPtr Data0;
///
public IntPtr Data1;
/// Initializes a new instance of the struct.
/// The type.
/// The data0.
/// The data1.
public AUDIT_PARAM(AUDIT_PARAM_TYPE type, IntPtr data0, IntPtr data1 = default)
{
Type = type;
Length = Flags = 0;
Data0 = data0;
Data1 = data1;
}
}
/// Audit parameters passed to LsaGenAuditEvent.
[PInvokeData("adtgen.h")]
[StructLayout(LayoutKind.Sequential)]
public struct AUDIT_PARAMS
{
/// size in bytes
public uint Length;
/// currently unused
public uint Flags;
/// number of parameters
public ushort Count;
/// array of parameters (i.e. AUDIT_PARAM[])
public IntPtr Parameters;
}
}
}