summaryrefslogtreecommitdiff
path: root/librpc
diff options
context:
space:
mode:
authorGary Lockyer <gary@catalyst.net.nz>2018-12-19 09:08:22 +1300
committerAndrew Bartlett <abartlet@samba.org>2018-12-21 22:16:09 +0100
commit87a8325a0d511ec2177ef501828b50deb0ce50b9 (patch)
treed81a9ff74551cd6415e04af6f30a471473b6f365 /librpc
parentb99b51400c3e3e40b848d57d01f67b8d72d772b5 (diff)
downloadsamba-87a8325a0d511ec2177ef501828b50deb0ce50b9.tar.gz
s4 group_audit: Add Windows Event Id's to Group membership changes
Generate a GroupChange event when a user is created with a PrimaryGroup membership. Log the windows event id in the JSON GroupChange message. Event Id's supported are: 4728 A member was added to a security enabled global group 4729 A member was removed from a security enabled global group 4732 A member was added to a security enabled local group 4733 A member was removed from a security enabled local group 4746 A member was added to a security disabled local group 4747 A member was removed from a security disabled local group 4751 A member was added to a security disabled global group 4752 A member was removed from a security disabled global group 4756 A member was added to a security enabled universal group 4757 A member was removed from a security enabled universal group 4761 A member was added to a security disabled universal group 4762 A member was removed from a security disabled universal group Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc')
-rw-r--r--librpc/idl/windows_event_ids.idl21
1 files changed, 17 insertions, 4 deletions
diff --git a/librpc/idl/windows_event_ids.idl b/librpc/idl/windows_event_ids.idl
index c711db1b30f..240ad9e56ff 100644
--- a/librpc/idl/windows_event_ids.idl
+++ b/librpc/idl/windows_event_ids.idl
@@ -9,10 +9,23 @@ interface windows_events
{
typedef [v1_enum,public] enum {
- EVT_ID_SUCCESSFUL_LOGON = 4624,
- EVT_ID_UNSUCCESSFUL_LOGON = 4625,
- EVT_ID_PASSWORD_CHANGE = 4723,
- EVT_ID_PASSWORD_RESET = 4724
+ EVT_ID_NONE = 0,
+ EVT_ID_SUCCESSFUL_LOGON = 4624,
+ EVT_ID_UNSUCCESSFUL_LOGON = 4625,
+ EVT_ID_PASSWORD_CHANGE = 4723,
+ EVT_ID_PASSWORD_RESET = 4724,
+ EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP = 4728,
+ EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP = 4729,
+ EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP = 4732,
+ EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP = 4733,
+ EVT_ID_USER_ADDED_TO_LOCAL_GROUP = 4746,
+ EVT_ID_USER_REMOVED_FROM_LOCAL_GROUP = 4747,
+ EVT_ID_USER_ADDED_TO_GLOBAL_GROUP = 4751,
+ EVT_ID_USER_REMOVED_FROM_GLOBAL_GROUP = 4752,
+ EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP = 4756,
+ EVT_ID_USER_REMOVED_FROM_UNIVERSAL_SEC_GROUP = 4757,
+ EVT_ID_USER_ADDED_TO_UNIVERSAL_GROUP = 4761,
+ EVT_ID_USER_REMOVED_FROM_UNIVERSAL_GROUP = 4762
} event_id_type;
typedef [v1_enum,public] enum {
View Lorry Controller Status