1 files changed, 70 insertions, 11 deletions

diff --git a/source3/utils/eventlogadm.c b/source3/utils/eventlogadm.c
index 5fed4d1a39..d134ea8fea 100644
--- a/source3/utils/eventlogadm.c
+++ b/source3/utils/eventlogadm.c
@@ -5,6 +5,7 @@
  *
  *
  * Copyright (C) Brian Moran                2005.
+ * Copyright (C) Guenther Deschner          2009.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -37,6 +38,7 @@ static void usage( char *s )
 	printf( "\nUsage: %s [OPTION]\n\n", s );
 	printf( " -o write <Eventlog Name> \t\t\t\t\tWrites records to eventlog from STDIN\n" );
 	printf( " -o addsource <EventlogName> <sourcename> <msgfileDLLname> \tAdds the specified source & DLL eventlog registry entry\n" );
+	printf( " -o dump <Eventlog Name> <starting_record>\t\t\t\t\tDump stored eventlog entries on STDOUT\n" );
 	printf( "\nMiscellaneous options:\n" );
 	printf( " -d\t\t\t\t\t\t\t\tturn debug on\n" );
 	printf( " -h\t\t\t\t\t\t\t\tdisplay help\n\n" );
@@ -83,12 +85,14 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename
 	FILE *f1;
 	char *argfname;
 	ELOG_TDB *etdb;
+	NTSTATUS status;
 
 	/* fixed constants are bad bad bad  */
 	char linein[1024];
 	bool is_eor;
-	Eventlog_entry ee;
-	int rcnum;
+	struct eventlog_Record_tdb ee;
+	uint32_t record_number;
+	TALLOC_CTX *mem_ctx = talloc_tos();
 
 	f1 = stdin;
 	if ( !f1 ) {
@@ -103,7 +107,7 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename
 
 	argfname = argv[0];
 
-	if ( !( etdb = elog_open_tdb( argfname, False ) ) ) {
+	if ( !( etdb = elog_open_tdb( argfname, False, False ) ) ) {
 		printf( "can't open the eventlog TDB (%s)\n", argfname );
 		return -1;
 	}
@@ -122,26 +126,29 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename
 		is_eor = False;
 
 
-		parse_logentry( ( char * ) &linein, &ee, &is_eor );
+		parse_logentry( mem_ctx, ( char * ) &linein, &ee, &is_eor );
 		/* should we do something with the return code? */
 
 		if ( is_eor ) {
-			fixup_eventlog_entry( &ee );
+			fixup_eventlog_record_tdb( &ee );
 
 			if ( opt_debug )
-				printf( "record number [%d], tg [%d] , tw [%d]\n", ee.record.record_number, ee.record.time_generated, ee.record.time_written );
+				printf( "record number [%d], tg [%d] , tw [%d]\n",
+					ee.record_number, (int)ee.time_generated, (int)ee.time_written );
 
-			if ( ee.record.time_generated != 0 ) {
+			if ( ee.time_generated != 0 ) {
 
 				/* printf("Writing to the event log\n"); */
 
-				rcnum = write_eventlog_tdb( ELOG_TDB_CTX(etdb), &ee );
-				if ( !rcnum ) {
-					printf( "Can't write to the event log\n" );
+				status = evlog_push_record_tdb( mem_ctx, ELOG_TDB_CTX(etdb),
+								&ee, &record_number );
+				if ( !NT_STATUS_IS_OK(status) ) {
+					printf( "Can't write to the event log: %s\n",
+						nt_errstr(status) );
 				} else {
 					if ( opt_debug )
 						printf( "Wrote record %d\n",
-							rcnum );
+							record_number );
 				}
 			} else {
 				if ( opt_debug )
@@ -156,6 +163,54 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename
 	return 0;
 }
 
+static int DoDumpCommand(int argc, char **argv, bool debugflag, char *exename)
+{
+	ELOG_TDB *etdb;
+	TALLOC_CTX *mem_ctx = talloc_tos();
+	const char *tdb_filename;
+	uint32_t count = 1;
+
+	if (argc > 2) {
+		return -1;
+	}
+
+	tdb_filename = argv[0];
+
+	if (argc > 1) {
+		count = atoi(argv[1]);
+	}
+
+	etdb = elog_open_tdb(argv[0], false, true);
+	if (!etdb) {
+		printf("can't open the eventlog TDB (%s)\n", argv[0]);
+		return -1;
+	}
+
+	while (1) {
+
+		struct eventlog_Record_tdb *r;
+		char *s;
+
+		r = evlog_pull_record_tdb(mem_ctx, etdb->tdb, count);
+		if (!r) {
+			break;
+		}
+
+		printf("displaying record: %d\n", count);
+
+		s = NDR_PRINT_STRUCT_STRING(mem_ctx, eventlog_Record_tdb, r);
+		if (s) {
+			printf("%s\n", s);
+			talloc_free(s);
+		}
+		count++;
+	}
+
+	elog_close_tdb(etdb, false);
+
+	return 0;
+}
+
 /* would be nice to use the popT stuff here, however doing so forces us to drag in a lot of other infrastructure */
 
 int main( int argc, char *argv[] )
@@ -221,6 +276,10 @@ int main( int argc, char *argv[] )
 			rc = DoWriteCommand( argc, argv, opt_debug, exename );
 			break;
 		}
+		if ( !StrCaseCmp( opname, "dump" ) ) {
+			rc = DoDumpCommand( argc, argv, opt_debug, exename );
+			break;
+		}
 		printf( "unknown command [%s]\n", opname );
 		usage( exename );
 		exit( 1 );