diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2018-12-13 10:17:44 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-12-14 18:57:52 +0100 |
| commit | cb23a0345f1ef4297f6643c25ebe955b9aaee54c (patch) | |
| tree | 7e61d68ce9912ab833844ef935336021a3d0625c /librpc | |
| parent | edfb6cb8223be430360c8372457880471a198630 (diff) | |
| download | samba-cb23a0345f1ef4297f6643c25ebe955b9aaee54c.tar.gz | |
idl: Add Windows event code ids
Add idl definitions for Windows Event Code Ids, and Logon Types. This
intial commit adds:
Event Ids
4264 Successful logon
4625 Unsuccessful logon
Logon Types
2 Interactive
3 Network
4 Batch
5 Service
7 Unlock
8 NetworkCleartext
9 NewCredentials
10 RemoteInteractive
11 CachedInteractive
The intention is to add Windows Event Codes to the JSON log messages, to
provide a common event identifier in mixed Windows and Samba networks.
And to assist security personnel with a windows background.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc')
| -rw-r--r-- | librpc/idl/windows_event_ids.idl | 27 | ||||
| -rw-r--r-- | librpc/idl/wscript_build | 5 |
2 files changed, 32 insertions, 0 deletions
diff --git a/librpc/idl/windows_event_ids.idl b/librpc/idl/windows_event_ids.idl new file mode 100644 index 00000000000..289415724af --- /dev/null +++ b/librpc/idl/windows_event_ids.idl @@ -0,0 +1,27 @@ +/* + IDL constants for windows event codes. +*/ + +[ + pointer_default(unique) +] +interface windows_events +{ + + typedef [v1_enum,public] enum { + EVT_ID_SUCCESSFUL_LOGON = 4624, + EVT_ID_UNSUCCESSFUL_LOGON = 4625 + } event_id_type; + + typedef [v1_enum,public] enum { + EVT_LOGON_INTERACTIVE = 2, + EVT_LOGON_NETWORK = 3, + EVT_LOGON_BATCH = 4, + EVT_LOGON_SERVICE = 5, + EVT_LOGON_UNLOCK = 7, + EVT_LOGON_NETWORK_CLEAR_TEXT = 8, + EVT_LOGON_NEW_CREDENTIALS = 9, + EVT_LOGON_REMOTE_INTERACTIVE = 10, + EVT_LOGON_CACHED_INTERACTIVE = 11 + } event_logon_type; +} diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build index 2e012d6a868..aa058e87133 100644 --- a/librpc/idl/wscript_build +++ b/librpc/idl/wscript_build @@ -56,3 +56,8 @@ bld.SAMBA_PIDL_LIST('PIDL', 'winbind.idl', options='--header --ndr-parser --samba3-ndr-server --client --python', output_dir='../gen_ndr') + +bld.SAMBA_PIDL_LIST('PIDL', + source='windows_event_ids.idl', + options='--header --python --ndr-parser --client', + output_dir='../gen_ndr') |