summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_eventlog.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_parse/parse_eventlog.c')
-rw-r--r--source3/rpc_parse/parse_eventlog.c236
1 files changed, 236 insertions, 0 deletions
diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c
new file mode 100644
index 0000000000..5173bd2cad
--- /dev/null
+++ b/source3/rpc_parse/parse_eventlog.c
@@ -0,0 +1,236 @@
+/*
+ * Unix SMB/Netbios implementation.
+ * Version 1.9.
+ * RPC Pipe client / server routines
+ * Copyright (C) Andrew Tridgell 1992-1998,
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ * Copyright (C) Jean François Micouleau 1998-1999.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal)
+{
+ q_u->ptr0=0x1;
+
+ q_u->unk0=0x5c;
+ q_u->unk1=0x01;
+
+ q_u->unk2=2*(strlen(journal)+1);
+ q_u->unk3=2*(strlen(journal)+1);
+
+ q_u->ptr_source=0x01;
+ make_buf_unistr2(&(q_u->source), &(q_u->ptr_source), journal);
+
+ q_u->unk4=0x00;
+ q_u->unk5=0x00;
+ q_u->unk6=0x01;
+ q_u->unk7=0x01;
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_open");
+ depth++;
+
+ prs_align(ps);
+
+ prs_uint32("ptr0", ps, depth, &(q_u->ptr0));
+
+ prs_uint16("unk0", ps, depth, &(q_u->unk0));
+ prs_uint16("unk1", ps, depth, &(q_u->unk1));
+ prs_uint16("unk2", ps, depth, &(q_u->unk2));
+ prs_uint16("unk3", ps, depth, &(q_u->unk3));
+
+ prs_uint32("ptr_source", ps, depth, &(q_u->ptr_source));
+
+ smb_io_unistr2("", &(q_u->source), q_u->ptr_source, ps, depth);
+ prs_align(ps);
+
+ prs_uint32("unk4", ps, depth, &(q_u->unk4));
+ prs_uint32("unk5", ps, depth, &(q_u->unk5));
+ prs_uint32("unk6", ps, depth, &(q_u->unk6));
+ prs_uint32("unk7", ps, depth, &(q_u->unk7));
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_open");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(r_u->pol), ps, depth);
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_close");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_close");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(r_u->pol), ps, depth);
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("number", ps, depth, &(r_u->number));
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol,
+ uint32 flags, uint32 offset, uint32 number_of_bytes)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+ q_u->flags=flags;
+ q_u->offset=offset;
+ q_u->number_of_bytes=number_of_bytes;
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+ prs_uint32("flags", ps, depth, &(q_u->flags));
+ prs_uint32("offset", ps, depth, &(q_u->offset));
+ prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes));
+}
+
+/*******************************************************************
+********************************************************************/
+static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_eventlog");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("size", ps, depth, &(ev->size));
+ prs_uint32("reserved", ps, depth, &(ev->reserved));
+ prs_uint32("recordnumber", ps, depth, &(ev->recordnumber));
+ prs_uint32("creationtime", ps, depth, &(ev->creationtime));
+ prs_uint32("writetime", ps, depth, &(ev->writetime));
+ prs_uint32("eventnumber", ps, depth, &(ev->eventnumber));
+
+ prs_uint16("eventtype", ps, depth, &(ev->eventtype));
+ prs_uint16("num_of_strings", ps, depth, &(ev->num_of_strings));
+ prs_uint16("category", ps, depth, &(ev->category));
+ prs_uint16("reserved_flag", ps, depth, &(ev->reserved_flag));
+
+ prs_uint32("closingrecord", ps, depth, &(ev->closingrecord));
+ prs_uint32("stringoffset", ps, depth, &(ev->stringoffset));
+ prs_uint32("sid_length", ps, depth, &(ev->sid_length));
+ prs_uint32("sid_offset", ps, depth, &(ev->sid_offset));
+ prs_uint32("data_length", ps, depth, &(ev->data_length));
+ prs_uint32("data_offset", ps, depth, &(ev->data_offset));
+
+ smb_io_unistr("", &(ev->sourcename), ps, depth);
+ smb_io_unistr("", &(ev->computername), ps, depth);
+
+ if (ev->sid_length!=0)
+ smb_io_unistr("", &(ev->sid), ps, depth);
+
+ if (ev->num_of_strings!=0)
+ smb_io_unistr("", &(ev->strings),ps, depth);
+
+ if (ev->data_length)
+ smb_io_unistr("", &(ev->data), ps, depth);
+
+ prs_uint32("size2", ps, depth, &(ev->size2));
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("number_of_bytes", ps, depth, &(r_u->number_of_bytes));
+
+ if (r_u->number_of_bytes!= 0)
+ eventlog_io_eventlog("", r_u->event, ps, depth);
+
+ prs_uint32("sent_size", ps, depth, &(r_u->sent_size));
+ prs_uint32("real_size", ps, depth, &(r_u->real_size));
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+