diff options
Diffstat (limited to 'source3/rpc_parse/parse_eventlog.c')
-rw-r--r-- | source3/rpc_parse/parse_eventlog.c | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 40930a2500..45bd4b591e 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -25,186 +25,3 @@ /******************************************************************** ********************************************************************/ -bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - if(!(prs_uint32("read flags", ps, depth, &(q_u->flags)))) - return False; - - if(!(prs_uint32("read offset", ps, depth, &(q_u->offset)))) - return False; - - if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size)))) - return False; - - return True; -} - -static bool smb_io_eventlog_entry(const char *name, prs_struct *ps, int depth, Eventlog_entry *entry) -{ - if(entry == NULL) - return False; - - prs_debug(ps, depth, name, "smb_io_eventlog_entry"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!(prs_uint32("length", ps, depth, &(entry->record.length)))) - return False; - if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1)))) - return False; - if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number)))) - return False; - if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated)))) - return False; - if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written)))) - return False; - if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id)))) - return False; - if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type)))) - return False; - if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings)))) - return False; - if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category)))) - return False; - if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2)))) - return False; - if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number)))) - return False; - if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset)))) - return False; - if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length)))) - return False; - if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset)))) - return False; - if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length)))) - return False; - if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset)))) - return False; - if(!(prs_align(ps))) - return False; - - /* Now encoding data */ - - if(!(prs_uint8s(False, "buffer", ps, depth, entry->data, - entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)))) - { - return False; - } - - if(!(prs_align(ps))) - return False; - - if(!(prs_uint32("length 2", ps, depth, &(entry->record.length)))) - return False; - - return True; -} - -/** Structure of response seems to be: - DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size - for i=0..n - EVENTLOGRECORD record - DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise - DWORD real_size -- 0 if records returned, otherwise length of next record to be returned - WERROR status */ -bool eventlog_io_r_read_eventlog(const char *desc, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u, - prs_struct *ps, - int depth) -{ - Eventlog_entry *entry; - uint32 record_written = 0; - uint32 record_total = 0; - - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog"); - depth++; - - /* First, see if we've read more logs than we can output */ - - if(r_u->num_bytes_in_resp > q_u->max_read_size) { - entry = r_u->entry; - - /* remove the size of the last entry from the list */ - - while(entry->next != NULL) - entry = entry->next; - - r_u->num_bytes_in_resp -= entry->record.length; - - /* do not output the last log entry */ - - r_u->num_records--; - } - - entry = r_u->entry; - record_total = r_u->num_records; - - if(r_u->num_bytes_in_resp != 0) - r_u->sent_size = r_u->num_bytes_in_resp; - else - r_u->real_size = r_u->bytes_in_next_record; - - if(!(prs_align(ps))) - return False; - if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size)))) - return False; - - while(entry != NULL && record_written < record_total) - { - DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total)); - - /* Encode the actual eventlog record record */ - - if (!(smb_io_eventlog_entry("entry", ps, depth, entry))) - return false; - - entry = entry->next; - record_written++; - - } /* end of encoding EVENTLOGRECORD */ - - /* Now pad with whitespace until the end of the response buffer */ - - if (q_u->max_read_size - r_u->num_bytes_in_resp) { - r_u->end_of_entries_padding = PRS_ALLOC_MEM(ps, uint8_t, q_u->max_read_size - r_u->num_bytes_in_resp); - if (!r_u->end_of_entries_padding) { - return False; - } - - if(!(prs_uint8s(False, "end of entries padding", ps, - depth, r_u->end_of_entries_padding, - (q_u->max_read_size - r_u->num_bytes_in_resp)))) { - return False; - } - } - - /* We had better be DWORD aligned here */ - - if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size)))) - return False; - if(!(prs_uint32("real size", ps, depth, &(r_u->real_size)))) - return False; - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} |