diff options
Diffstat (limited to 'source3/rpc_server/srv_eventlog_nt.c')
-rw-r--r-- | source3/rpc_server/srv_eventlog_nt.c | 132 |
1 files changed, 65 insertions, 67 deletions
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 3c7469f3ef..d12b490d21 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -1,20 +1,20 @@ -/* +/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Marcin Krzysztof Porwit 2005, * Copyright (C) Brian Moran 2005, * Copyright (C) Gerald (Jerry) Carter 2005. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ @@ -40,10 +40,10 @@ typedef struct { static void free_eventlog_info( void *ptr ) { EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr; - + if ( elog->etdb ) elog_close_tdb( elog->etdb, False ); - + TALLOC_FREE( elog ); } @@ -72,21 +72,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; NTSTATUS status; - - if ( !tdbname ) + + if ( !tdbname ) return False; - + /* get the security descriptor for the file */ - + sec_desc = get_nt_acl_no_snum( info, tdbname ); - SAFE_FREE( tdbname ); - + TALLOC_FREE( tdbname ); + if ( !sec_desc ) { - DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", + DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", tdbname)); return False; } - + /* root free pass */ if ( geteuid() == sec_initial_uid() ) { @@ -95,21 +95,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) } /* run the check, try for the max allowed */ - + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, &info->access_granted); - + if ( sec_desc ) TALLOC_FREE( sec_desc ); - + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", nt_errstr(status))); return False; } - + /* we have to have READ permission for a successful open */ - + return ( info->access_granted & SA_RIGHT_FILE_READ_DATA ); } @@ -120,7 +120,7 @@ static bool elog_validate_logname( const char *name ) { int i; const char **elogs = lp_eventlog_list(); - + if (!elogs) { return False; } @@ -129,7 +129,7 @@ static bool elog_validate_logname( const char *name ) if ( strequal( name, elogs[i] ) ) return True; } - + return False; } @@ -178,19 +178,19 @@ static bool get_oldest_entry_hook( EVENTLOG_INFO * info ) static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) { EVENTLOG_INFO *elog; - + /* first thing is to validate the eventlog name */ if ( !elog_validate_logname( logname ) ) return NT_STATUS_OBJECT_PATH_INVALID; - + if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) ) return NT_STATUS_NO_MEMORY; - + elog->logname = talloc_strdup( elog, logname ); - + /* Open the tdb first (so that we can create any new tdbs if necessary). - We have to do this as root and then use an internal access check + We have to do this as root and then use an internal access check on the file permissions since you can only have a tdb open once in a single process */ @@ -201,40 +201,40 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !elog->etdb ) { /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !strequal( logname, ELOG_APPL ) ) { - + TALLOC_FREE( elog->logname ); - - elog->logname = talloc_strdup( elog, ELOG_APPL ); + + elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + become_root(); elog->etdb = elog_open_tdb( elog->logname, False ); unbecome_root(); - } - + } + if ( !elog->etdb ) { TALLOC_FREE( elog ); - return NT_STATUS_ACCESS_DENIED; /* ??? */ + return NT_STATUS_ACCESS_DENIED; /* ??? */ } } - + /* now do the access check. Close the tdb if we fail here */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { elog_close_tdb( elog->etdb, False ); TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + /* create the policy handle */ - + if ( !create_policy_hnd ( p, hnd, free_eventlog_info, ( void * ) elog ) ) { free_eventlog_info( elog ); @@ -246,7 +246,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !get_oldest_entry_hook( elog ) ) { DEBUG(3,("elog_open: Successfully opened eventlog but can't " "get any information on internal records!\n")); - } + } elog->current_record = elog->oldest_entry; @@ -283,15 +283,15 @@ static int elog_size( EVENTLOG_INFO *info ) Eventlog_entry. returns NULL if it can't get the record for some reason. ********************************************************************/ -static Eventlog_entry *get_eventlog_record(prs_struct *ps, +static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx, TDB_CONTEXT *tdb, int recno) { Eventlog_entry *ee = NULL; TDB_DATA ret, key; - int srecno; - int reclen; + int32_t srecno; + int32_t reclen; int len; char *wpsource = NULL; @@ -300,10 +300,10 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, char *wpstrs = NULL; char *puserdata = NULL; - key.dsize = sizeof(int32); + key.dsize = sizeof(int32_t); srecno = recno; - key.dptr = ( uint8 * ) &srecno; + key.dptr = (unsigned char *)&srecno; ret = tdb_fetch( tdb, key ); @@ -321,7 +321,7 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, if ( !len ) return NULL; - ee = TALLOC_ARRAY(ps->mem_ctx, Eventlog_entry, 1); + ee = TALLOC_ARRAY(mem_ctx, Eventlog_entry, 1); if (!ee) { return NULL; } @@ -413,7 +413,7 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, } /******************************************************************** - note that this can only be called AFTER the table is constructed, + note that this can only be called AFTER the table is constructed, since it uses the table to find the tdb handle ********************************************************************/ @@ -426,28 +426,28 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) struct registry_value *value; WERROR wresult; char *elogname = info->logname; - TALLOC_CTX *ctx = talloc_tos(); + TALLOC_CTX *ctx = talloc_stackframe(); bool ret = false; DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); if ( !info->etdb ) { DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) ); - return False; + goto done; } /* set resonable defaults. 512Kb on size and 1 week on time */ uiMaxSize = 0x80000; uiRetention = 604800; - /* the general idea is to internally open the registry - key and retrieve the values. That way we can continue - to use the same fetch/store api that we use in + /* the general idea is to internally open the registry + key and retrieve the values. That way we can continue + to use the same fetch/store api that we use in srv_reg_nt.c */ path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); if (!path) { - return false; + goto done; } wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(), @@ -457,14 +457,13 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) DEBUG( 4, ( "sync_eventlog_params: Failed to open key [%s] (%s)\n", path, win_errstr( wresult ) ) ); - return false; + goto done; } wresult = reg_queryvalue(key, key, "Retention", &value); if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"Retention\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiRetention = value->v.dword; @@ -473,7 +472,6 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"MaxSize\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiMaxSize = value->v.dword; @@ -491,13 +489,13 @@ done: /******************************************************************** ********************************************************************/ -static Eventlog_entry *read_package_entry( prs_struct * ps, +static Eventlog_entry *read_package_entry( TALLOC_CTX *mem_ctx, Eventlog_entry * entry ) { uint8 *offset; Eventlog_entry *ee_new = NULL; - ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 ); + ee_new = TALLOC_ZERO_ARRAY(mem_ctx, Eventlog_entry, 1 ); if ( ee_new == NULL ) { return NULL; } @@ -536,10 +534,10 @@ static Eventlog_entry *read_package_entry( prs_struct * ps, DEBUG( 10, ( "entry->record.length is [%d].\n", entry->record.length ) ); entry->data = - PRS_ALLOC_MEM( ps, uint8, - entry->record.length - - sizeof( Eventlog_record ) - - sizeof( entry->record.length ) ); + TALLOC_ZERO_ARRAY(mem_ctx, uint8_t, + entry->record.length - + sizeof( Eventlog_record ) - + sizeof( entry->record.length )); if ( entry->data == NULL ) { return NULL; } @@ -625,13 +623,13 @@ NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, if (r->in.logname->string) { logname = r->in.logname->string; } - + DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n", servername, logname )); - + /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) ) return result; @@ -761,7 +759,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* assume that when the record fetch fails, that we are done */ - entry = get_eventlog_record (ps, ELOG_TDB_CTX(info->etdb), record_number); + entry = get_eventlog_record (ps->mem_ctx, ELOG_TDB_CTX(info->etdb), record_number); if (!entry) { break; } @@ -770,7 +768,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* Now see if there is enough room to add */ - if ( !(ee_new = read_package_entry( ps, entry )) ) + if ( !(ee_new = read_package_entry( ps->mem_ctx, entry )) ) return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { |