diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 12 | ||||
-rw-r--r-- | source3/include/rpc_eventlog.h | 19 | ||||
-rw-r--r-- | source3/rpc_parse/parse_eventlog.c | 183 |
3 files changed, 0 insertions, 214 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 5cef54f82c..9067dcd4dc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5677,14 +5677,6 @@ uint32 size_of_relative_string(UNISTR *string); /* The following definitions come from rpc_parse/parse_eventlog.c */ -bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, - prs_struct *ps, int depth); -bool eventlog_io_r_read_eventlog(const char *desc, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u, - prs_struct *ps, - int depth); - /* The following definitions come from rpc_parse/parse_misc.c */ bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth); @@ -6286,10 +6278,6 @@ NTSTATUS evlog_tdb_entry_to_evt_entry(TALLOC_CTX *mem_ctx, /* The following definitions come from rpc_server/srv_eventlog_nt.c */ -NTSTATUS _eventlog_read_eventlog( pipes_struct * p, - EVENTLOG_Q_READ_EVENTLOG * q_u, - EVENTLOG_R_READ_EVENTLOG * r_u ); - /* The following definitions come from rpc_server/srv_lsa_hnd.c */ bool init_pipe_handle_list(pipes_struct *p, diff --git a/source3/include/rpc_eventlog.h b/source3/include/rpc_eventlog.h index f17e448d9e..43bbc18285 100644 --- a/source3/include/rpc_eventlog.h +++ b/source3/include/rpc_eventlog.h @@ -37,14 +37,6 @@ /***********************************/ -typedef struct -{ - POLICY_HND handle; - uint32 flags; - uint32 offset; - uint32 max_read_size; -} EVENTLOG_Q_READ_EVENTLOG; - typedef struct { uint32 length; uint32 reserved1; @@ -85,16 +77,5 @@ typedef struct eventlog_entry { uint8 *end_of_data_padding; struct eventlog_entry *next; } Eventlog_entry; - -typedef struct { - uint32 num_bytes_in_resp; - uint32 bytes_in_next_record; - uint32 num_records; - Eventlog_entry *entry; - uint8 *end_of_entries_padding; - uint32 sent_size; - uint32 real_size; - NTSTATUS status; -} EVENTLOG_R_READ_EVENTLOG; #endif /* _RPC_EVENTLOG_H */ diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 40930a2500..45bd4b591e 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -25,186 +25,3 @@ /******************************************************************** ********************************************************************/ -bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - if(!(prs_uint32("read flags", ps, depth, &(q_u->flags)))) - return False; - - if(!(prs_uint32("read offset", ps, depth, &(q_u->offset)))) - return False; - - if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size)))) - return False; - - return True; -} - -static bool smb_io_eventlog_entry(const char *name, prs_struct *ps, int depth, Eventlog_entry *entry) -{ - if(entry == NULL) - return False; - - prs_debug(ps, depth, name, "smb_io_eventlog_entry"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!(prs_uint32("length", ps, depth, &(entry->record.length)))) - return False; - if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1)))) - return False; - if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number)))) - return False; - if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated)))) - return False; - if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written)))) - return False; - if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id)))) - return False; - if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type)))) - return False; - if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings)))) - return False; - if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category)))) - return False; - if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2)))) - return False; - if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number)))) - return False; - if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset)))) - return False; - if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length)))) - return False; - if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset)))) - return False; - if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length)))) - return False; - if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset)))) - return False; - if(!(prs_align(ps))) - return False; - - /* Now encoding data */ - - if(!(prs_uint8s(False, "buffer", ps, depth, entry->data, - entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)))) - { - return False; - } - - if(!(prs_align(ps))) - return False; - - if(!(prs_uint32("length 2", ps, depth, &(entry->record.length)))) - return False; - - return True; -} - -/** Structure of response seems to be: - DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size - for i=0..n - EVENTLOGRECORD record - DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise - DWORD real_size -- 0 if records returned, otherwise length of next record to be returned - WERROR status */ -bool eventlog_io_r_read_eventlog(const char *desc, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u, - prs_struct *ps, - int depth) -{ - Eventlog_entry *entry; - uint32 record_written = 0; - uint32 record_total = 0; - - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog"); - depth++; - - /* First, see if we've read more logs than we can output */ - - if(r_u->num_bytes_in_resp > q_u->max_read_size) { - entry = r_u->entry; - - /* remove the size of the last entry from the list */ - - while(entry->next != NULL) - entry = entry->next; - - r_u->num_bytes_in_resp -= entry->record.length; - - /* do not output the last log entry */ - - r_u->num_records--; - } - - entry = r_u->entry; - record_total = r_u->num_records; - - if(r_u->num_bytes_in_resp != 0) - r_u->sent_size = r_u->num_bytes_in_resp; - else - r_u->real_size = r_u->bytes_in_next_record; - - if(!(prs_align(ps))) - return False; - if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size)))) - return False; - - while(entry != NULL && record_written < record_total) - { - DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total)); - - /* Encode the actual eventlog record record */ - - if (!(smb_io_eventlog_entry("entry", ps, depth, entry))) - return false; - - entry = entry->next; - record_written++; - - } /* end of encoding EVENTLOGRECORD */ - - /* Now pad with whitespace until the end of the response buffer */ - - if (q_u->max_read_size - r_u->num_bytes_in_resp) { - r_u->end_of_entries_padding = PRS_ALLOC_MEM(ps, uint8_t, q_u->max_read_size - r_u->num_bytes_in_resp); - if (!r_u->end_of_entries_padding) { - return False; - } - - if(!(prs_uint8s(False, "end of entries padding", ps, - depth, r_u->end_of_entries_padding, - (q_u->max_read_size - r_u->num_bytes_in_resp)))) { - return False; - } - } - - /* We had better be DWORD aligned here */ - - if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size)))) - return False; - if(!(prs_uint32("real size", ps, depth, &(r_u->real_size)))) - return False; - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} |