From 60c211a3abd5eadb359db5f02941f32e2d881e52 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 3 May 1999 21:52:29 +0000 Subject: Added a new command to rpcclient: eventlog where is System, Security or Application. That's a crude equivalent to the eventviewer. Jean Francois (This used to be commit 66b4b896fbcabb964a427d0c0aa2f57997e0f6bb) --- source3/rpc_parse/parse_eventlog.c | 236 +++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) create mode 100644 source3/rpc_parse/parse_eventlog.c (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c new file mode 100644 index 0000000000..5173bd2cad --- /dev/null +++ b/source3/rpc_parse/parse_eventlog.c @@ -0,0 +1,236 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Jean François Micouleau 1998-1999. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern int DEBUGLEVEL; + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal) +{ + q_u->ptr0=0x1; + + q_u->unk0=0x5c; + q_u->unk1=0x01; + + q_u->unk2=2*(strlen(journal)+1); + q_u->unk3=2*(strlen(journal)+1); + + q_u->ptr_source=0x01; + make_buf_unistr2(&(q_u->source), &(q_u->ptr_source), journal); + + q_u->unk4=0x00; + q_u->unk5=0x00; + q_u->unk6=0x01; + q_u->unk7=0x01; +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_open"); + depth++; + + prs_align(ps); + + prs_uint32("ptr0", ps, depth, &(q_u->ptr0)); + + prs_uint16("unk0", ps, depth, &(q_u->unk0)); + prs_uint16("unk1", ps, depth, &(q_u->unk1)); + prs_uint16("unk2", ps, depth, &(q_u->unk2)); + prs_uint16("unk3", ps, depth, &(q_u->unk3)); + + prs_uint32("ptr_source", ps, depth, &(q_u->ptr_source)); + + smb_io_unistr2("", &(q_u->source), q_u->ptr_source, ps, depth); + prs_align(ps); + + prs_uint32("unk4", ps, depth, &(q_u->unk4)); + prs_uint32("unk5", ps, depth, &(q_u->unk5)); + prs_uint32("unk6", ps, depth, &(q_u->unk6)); + prs_uint32("unk7", ps, depth, &(q_u->unk7)); +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_open"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(r_u->pol), ps, depth); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_close"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_close"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(r_u->pol), ps, depth); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec"); + depth++; + + prs_align(ps); + prs_uint32("number", ps, depth, &(r_u->number)); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol, + uint32 flags, uint32 offset, uint32 number_of_bytes) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + q_u->flags=flags; + q_u->offset=offset; + q_u->number_of_bytes=number_of_bytes; +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + prs_uint32("flags", ps, depth, &(q_u->flags)); + prs_uint32("offset", ps, depth, &(q_u->offset)); + prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes)); +} + +/******************************************************************* +********************************************************************/ +static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_eventlog"); + depth++; + + prs_align(ps); + prs_uint32("size", ps, depth, &(ev->size)); + prs_uint32("reserved", ps, depth, &(ev->reserved)); + prs_uint32("recordnumber", ps, depth, &(ev->recordnumber)); + prs_uint32("creationtime", ps, depth, &(ev->creationtime)); + prs_uint32("writetime", ps, depth, &(ev->writetime)); + prs_uint32("eventnumber", ps, depth, &(ev->eventnumber)); + + prs_uint16("eventtype", ps, depth, &(ev->eventtype)); + prs_uint16("num_of_strings", ps, depth, &(ev->num_of_strings)); + prs_uint16("category", ps, depth, &(ev->category)); + prs_uint16("reserved_flag", ps, depth, &(ev->reserved_flag)); + + prs_uint32("closingrecord", ps, depth, &(ev->closingrecord)); + prs_uint32("stringoffset", ps, depth, &(ev->stringoffset)); + prs_uint32("sid_length", ps, depth, &(ev->sid_length)); + prs_uint32("sid_offset", ps, depth, &(ev->sid_offset)); + prs_uint32("data_length", ps, depth, &(ev->data_length)); + prs_uint32("data_offset", ps, depth, &(ev->data_offset)); + + smb_io_unistr("", &(ev->sourcename), ps, depth); + smb_io_unistr("", &(ev->computername), ps, depth); + + if (ev->sid_length!=0) + smb_io_unistr("", &(ev->sid), ps, depth); + + if (ev->num_of_strings!=0) + smb_io_unistr("", &(ev->strings),ps, depth); + + if (ev->data_length) + smb_io_unistr("", &(ev->data), ps, depth); + + prs_uint32("size2", ps, depth, &(ev->size2)); +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog"); + depth++; + + prs_align(ps); + prs_uint32("number_of_bytes", ps, depth, &(r_u->number_of_bytes)); + + if (r_u->number_of_bytes!= 0) + eventlog_io_eventlog("", r_u->event, ps, depth); + + prs_uint32("sent_size", ps, depth, &(r_u->sent_size)); + prs_uint32("real_size", ps, depth, &(r_u->real_size)); + prs_uint32("status", ps, depth, &(r_u->status)); +} + -- cgit