diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2018-12-13 10:20:28 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2018-12-14 18:57:52 +0100 |
commit | b7baf96bd7248b1d34416e3ae86f4613c5ed0934 (patch) | |
tree | cb36bd98a15cc007f9759f26ab03d86f6609a6a2 /auth/auth_log.c | |
parent | cb23a0345f1ef4297f6643c25ebe955b9aaee54c (diff) | |
download | samba-b7baf96bd7248b1d34416e3ae86f4613c5ed0934.tar.gz |
auth log: Add windows event codes
Add a new "eventId" element to the Authorisation JSON log messages.
This contains a Windows Event Code Id either:
4624 Successful logon
4625 Unsuccessful logon
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/auth_log.c')
-rw-r--r-- | auth/auth_log.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c index 531709febce..0f32268ffab 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -57,6 +57,7 @@ #include "lib/util/server_id_db.h" #include "lib/param/param.h" #include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/windows_event_ids.h" #include "lib/audit_logging/audit_logging.h" /* @@ -119,6 +120,7 @@ static void log_authentication_event_json( const char *account_name, const char *unix_username, struct dom_sid *sid, + enum event_id_type event_id, int debug_level) { struct json_object wrapper = json_empty_object; @@ -134,6 +136,12 @@ static void log_authentication_event_json( if (rc != 0) { goto failure; } + rc = json_add_int(&authentication, + "eventId", + event_id); + if (rc != 0) { + goto failure; + } rc = json_add_string(&authentication, "status", nt_errstr(status)); if (rc != 0) { goto failure; @@ -454,6 +462,7 @@ static void log_authentication_event_json( const char *account_name, const char *unix_username, struct dom_sid *sid, + enum event_id_type event_id, int debug_level) { log_no_json(msg_ctx, lp_ctx); @@ -631,9 +640,11 @@ void log_authentication_event( { /* set the log level */ int debug_level = AUTH_FAILURE_LEVEL; + enum event_id_type event_id = EVT_ID_UNSUCCESSFUL_LOGON; if (NT_STATUS_IS_OK(status)) { debug_level = AUTH_SUCCESS_LEVEL; + event_id = EVT_ID_SUCCESSFUL_LOGON; if (dom_sid_equal(sid, &global_sid_Anonymous)) { debug_level = AUTH_ANONYMOUS_LEVEL; } @@ -659,6 +670,7 @@ void log_authentication_event( account_name, unix_username, sid, + event_id, debug_level); } } |