From 60c211a3abd5eadb359db5f02941f32e2d881e52 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 3 May 1999 21:52:29 +0000 Subject: Added a new command to rpcclient: eventlog where is System, Security or Application. That's a crude equivalent to the eventviewer. Jean Francois (This used to be commit 66b4b896fbcabb964a427d0c0aa2f57997e0f6bb) --- source3/rpc_parse/parse_eventlog.c | 236 +++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) create mode 100644 source3/rpc_parse/parse_eventlog.c (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c new file mode 100644 index 0000000000..5173bd2cad --- /dev/null +++ b/source3/rpc_parse/parse_eventlog.c @@ -0,0 +1,236 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Jean François Micouleau 1998-1999. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern int DEBUGLEVEL; + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal) +{ + q_u->ptr0=0x1; + + q_u->unk0=0x5c; + q_u->unk1=0x01; + + q_u->unk2=2*(strlen(journal)+1); + q_u->unk3=2*(strlen(journal)+1); + + q_u->ptr_source=0x01; + make_buf_unistr2(&(q_u->source), &(q_u->ptr_source), journal); + + q_u->unk4=0x00; + q_u->unk5=0x00; + q_u->unk6=0x01; + q_u->unk7=0x01; +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_open"); + depth++; + + prs_align(ps); + + prs_uint32("ptr0", ps, depth, &(q_u->ptr0)); + + prs_uint16("unk0", ps, depth, &(q_u->unk0)); + prs_uint16("unk1", ps, depth, &(q_u->unk1)); + prs_uint16("unk2", ps, depth, &(q_u->unk2)); + prs_uint16("unk3", ps, depth, &(q_u->unk3)); + + prs_uint32("ptr_source", ps, depth, &(q_u->ptr_source)); + + smb_io_unistr2("", &(q_u->source), q_u->ptr_source, ps, depth); + prs_align(ps); + + prs_uint32("unk4", ps, depth, &(q_u->unk4)); + prs_uint32("unk5", ps, depth, &(q_u->unk5)); + prs_uint32("unk6", ps, depth, &(q_u->unk6)); + prs_uint32("unk7", ps, depth, &(q_u->unk7)); +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_open"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(r_u->pol), ps, depth); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_close"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_close"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(r_u->pol), ps, depth); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec"); + depth++; + + prs_align(ps); + prs_uint32("number", ps, depth, &(r_u->number)); + prs_uint32("status", ps, depth, &(r_u->status)); +} + +/******************************************************************* +********************************************************************/ +void make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol, + uint32 flags, uint32 offset, uint32 number_of_bytes) +{ + memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + q_u->flags=flags; + q_u->offset=offset; + q_u->number_of_bytes=number_of_bytes; +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog"); + depth++; + + prs_align(ps); + smb_io_pol_hnd("", &(q_u->pol), ps, depth); + prs_uint32("flags", ps, depth, &(q_u->flags)); + prs_uint32("offset", ps, depth, &(q_u->offset)); + prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes)); +} + +/******************************************************************* +********************************************************************/ +static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_eventlog"); + depth++; + + prs_align(ps); + prs_uint32("size", ps, depth, &(ev->size)); + prs_uint32("reserved", ps, depth, &(ev->reserved)); + prs_uint32("recordnumber", ps, depth, &(ev->recordnumber)); + prs_uint32("creationtime", ps, depth, &(ev->creationtime)); + prs_uint32("writetime", ps, depth, &(ev->writetime)); + prs_uint32("eventnumber", ps, depth, &(ev->eventnumber)); + + prs_uint16("eventtype", ps, depth, &(ev->eventtype)); + prs_uint16("num_of_strings", ps, depth, &(ev->num_of_strings)); + prs_uint16("category", ps, depth, &(ev->category)); + prs_uint16("reserved_flag", ps, depth, &(ev->reserved_flag)); + + prs_uint32("closingrecord", ps, depth, &(ev->closingrecord)); + prs_uint32("stringoffset", ps, depth, &(ev->stringoffset)); + prs_uint32("sid_length", ps, depth, &(ev->sid_length)); + prs_uint32("sid_offset", ps, depth, &(ev->sid_offset)); + prs_uint32("data_length", ps, depth, &(ev->data_length)); + prs_uint32("data_offset", ps, depth, &(ev->data_offset)); + + smb_io_unistr("", &(ev->sourcename), ps, depth); + smb_io_unistr("", &(ev->computername), ps, depth); + + if (ev->sid_length!=0) + smb_io_unistr("", &(ev->sid), ps, depth); + + if (ev->num_of_strings!=0) + smb_io_unistr("", &(ev->strings),ps, depth); + + if (ev->data_length) + smb_io_unistr("", &(ev->data), ps, depth); + + prs_uint32("size2", ps, depth, &(ev->size2)); +} + +/******************************************************************* +********************************************************************/ +void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog"); + depth++; + + prs_align(ps); + prs_uint32("number_of_bytes", ps, depth, &(r_u->number_of_bytes)); + + if (r_u->number_of_bytes!= 0) + eventlog_io_eventlog("", r_u->event, ps, depth); + + prs_uint32("sent_size", ps, depth, &(r_u->sent_size)); + prs_uint32("real_size", ps, depth, &(r_u->real_size)); + prs_uint32("status", ps, depth, &(r_u->status)); +} + -- cgit From 3d4b2c8b5e258ffba5a5c9bf49796e9750013020 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 18 Aug 1999 20:11:29 +0000 Subject: event log update (This used to be commit bcc1212b07c71256fad93d82a996fa86b27db250) --- source3/rpc_parse/parse_eventlog.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 5173bd2cad..9ebc6287d4 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -27,21 +27,21 @@ extern int DEBUGLEVEL; /******************************************************************* ********************************************************************/ -void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal) +void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal, char *unk) { - q_u->ptr0=0x1; + int len_journal = journal != NULL ? strlen(journal) : 0; + int len_unk = unk != NULL ? strlen(unk) : 0; + q_u->ptr0=0x1; q_u->unk0=0x5c; q_u->unk1=0x01; - q_u->unk2=2*(strlen(journal)+1); - q_u->unk3=2*(strlen(journal)+1); - - q_u->ptr_source=0x01; - make_buf_unistr2(&(q_u->source), &(q_u->ptr_source), journal); + make_uni_hdr(&(q_u->hdr_source), len_journal); + make_unistr2(&(q_u->uni_source), journal, len_journal); + + make_uni_hdr(&(q_u->hdr_unk), len_unk); + make_unistr2(&(q_u->uni_unk), unk, len_unk); - q_u->unk4=0x00; - q_u->unk5=0x00; q_u->unk6=0x01; q_u->unk7=0x01; } @@ -59,16 +59,17 @@ void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int de prs_uint16("unk0", ps, depth, &(q_u->unk0)); prs_uint16("unk1", ps, depth, &(q_u->unk1)); - prs_uint16("unk2", ps, depth, &(q_u->unk2)); - prs_uint16("unk3", ps, depth, &(q_u->unk3)); - prs_uint32("ptr_source", ps, depth, &(q_u->ptr_source)); + smb_io_unihdr("hdr_source", &(q_u->hdr_source), ps, depth); + smb_io_unistr2("uni_source", &(q_u->uni_source), + q_u->hdr_source.buffer, ps, depth); + prs_align(ps); - smb_io_unistr2("", &(q_u->source), q_u->ptr_source, ps, depth); + smb_io_unihdr("hdr_unk", &(q_u->hdr_unk), ps, depth); + smb_io_unistr2("uni_unk", &(q_u->uni_unk), + q_u->hdr_unk.buffer, ps, depth); prs_align(ps); - prs_uint32("unk4", ps, depth, &(q_u->unk4)); - prs_uint32("unk5", ps, depth, &(q_u->unk5)); prs_uint32("unk6", ps, depth, &(q_u->unk6)); prs_uint32("unk7", ps, depth, &(q_u->unk7)); } @@ -90,7 +91,6 @@ void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int de void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) { memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); - } /******************************************************************* @@ -102,7 +102,6 @@ void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int prs_align(ps); smb_io_pol_hnd("", &(q_u->pol), ps, depth); - } /******************************************************************* -- cgit From 896ecb48cab1d928224387f06ec63584bc6c6e99 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 15 Oct 1999 18:46:22 +0000 Subject: return results on prs_xxxxx() and all xxx_io_xxx() routines. the whole task is not complete, yet. xxx_io_xxx() routines that _call_ xxx_io_xxx() routines not done. prs_xxxx() covered by macros. considering doing xxx_io_xxxx in the same way. (This used to be commit 3b583f7be51434af98bc52b48dfa42c4602a3094) --- source3/rpc_parse/parse_eventlog.c | 56 ++++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 15 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 9ebc6287d4..6cf476711d 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -2,8 +2,8 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Andrew Tridgell 1992-1999, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, * Copyright (C) Jean François Micouleau 1998-1999. * * This program is free software; you can redistribute it and/or modify @@ -27,7 +27,7 @@ extern int DEBUGLEVEL; /******************************************************************* ********************************************************************/ -void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal, char *unk) +BOOL make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal, char *unk) { int len_journal = journal != NULL ? strlen(journal) : 0; int len_unk = unk != NULL ? strlen(unk) : 0; @@ -44,11 +44,13 @@ void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal, char *unk) q_u->unk6=0x01; q_u->unk7=0x01; + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth) +BOOL eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_q_open"); depth++; @@ -72,11 +74,13 @@ void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int de prs_uint32("unk6", ps, depth, &(q_u->unk6)); prs_uint32("unk7", ps, depth, &(q_u->unk7)); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth) +BOOL eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_r_open"); depth++; @@ -84,29 +88,35 @@ void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int de prs_align(ps); smb_io_pol_hnd("", &(r_u->pol), ps, depth); prs_uint32("status", ps, depth, &(r_u->status)); + + return True; } /******************************************************************* ********************************************************************/ -void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) +BOOL make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) { memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth) +BOOL eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_q_close"); depth++; prs_align(ps); smb_io_pol_hnd("", &(q_u->pol), ps, depth); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth) +BOOL eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_r_close"); depth++; @@ -114,19 +124,23 @@ void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int prs_align(ps); smb_io_pol_hnd("", &(r_u->pol), ps, depth); prs_uint32("status", ps, depth, &(r_u->status)); + + return True; } /******************************************************************* ********************************************************************/ -void make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol) +BOOL make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol) { memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth) +BOOL eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec"); depth++; @@ -134,11 +148,13 @@ void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u prs_align(ps); smb_io_pol_hnd("", &(q_u->pol), ps, depth); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth) +BOOL eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec"); depth++; @@ -146,22 +162,26 @@ void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u prs_align(ps); prs_uint32("number", ps, depth, &(r_u->number)); prs_uint32("status", ps, depth, &(r_u->status)); + + return True; } /******************************************************************* ********************************************************************/ -void make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol, +BOOL make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol, uint32 flags, uint32 offset, uint32 number_of_bytes) { memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); q_u->flags=flags; q_u->offset=offset; q_u->number_of_bytes=number_of_bytes; + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth) +BOOL eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog"); depth++; @@ -171,11 +191,13 @@ void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_st prs_uint32("flags", ps, depth, &(q_u->flags)); prs_uint32("offset", ps, depth, &(q_u->offset)); prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes)); + + return True; } /******************************************************************* ********************************************************************/ -static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth) +static BOOL eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_eventlog"); depth++; @@ -213,11 +235,13 @@ static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, smb_io_unistr("", &(ev->data), ps, depth); prs_uint32("size2", ps, depth, &(ev->size2)); + + return True; } /******************************************************************* ********************************************************************/ -void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth) +BOOL eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog"); depth++; @@ -231,5 +255,7 @@ void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_st prs_uint32("sent_size", ps, depth, &(r_u->sent_size)); prs_uint32("real_size", ps, depth, &(r_u->real_size)); prs_uint32("status", ps, depth, &(r_u->status)); + + return True; } -- cgit From c80b85803b9fbc11cbf77486b847da9f38ba3684 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 27 Nov 1999 22:47:17 +0000 Subject: this one's a handle-based one (missed in the first round). (This used to be commit 4c3556fae73c60693355f95f48ac63834ba4dd10) --- source3/rpc_parse/parse_eventlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 6cf476711d..0b49ed5da7 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -27,7 +27,7 @@ extern int DEBUGLEVEL; /******************************************************************* ********************************************************************/ -BOOL make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal, char *unk) +BOOL make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, const char *journal, char *unk) { int len_journal = journal != NULL ? strlen(journal) : 0; int len_unk = unk != NULL ? strlen(unk) : 0; -- cgit From 32a965e09ce4befe971855e11e1fb5ceb51a9ed1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:35:20 +0000 Subject: 2nd phase of head branch sync with SAMBA_2_0 - this delets all the files that were in the head branch but weren't in SAMBA_2_0 (This used to be commit d7b208786590b5a28618590172b8d523627dda09) --- source3/rpc_parse/parse_eventlog.c | 261 ------------------------------------- 1 file changed, 261 deletions(-) delete mode 100644 source3/rpc_parse/parse_eventlog.c (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c deleted file mode 100644 index 0b49ed5da7..0000000000 --- a/source3/rpc_parse/parse_eventlog.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Jean François Micouleau 1998-1999. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -extern int DEBUGLEVEL; - -/******************************************************************* -********************************************************************/ -BOOL make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, const char *journal, char *unk) -{ - int len_journal = journal != NULL ? strlen(journal) : 0; - int len_unk = unk != NULL ? strlen(unk) : 0; - - q_u->ptr0=0x1; - q_u->unk0=0x5c; - q_u->unk1=0x01; - - make_uni_hdr(&(q_u->hdr_source), len_journal); - make_unistr2(&(q_u->uni_source), journal, len_journal); - - make_uni_hdr(&(q_u->hdr_unk), len_unk); - make_unistr2(&(q_u->uni_unk), unk, len_unk); - - q_u->unk6=0x01; - q_u->unk7=0x01; - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_q_open"); - depth++; - - prs_align(ps); - - prs_uint32("ptr0", ps, depth, &(q_u->ptr0)); - - prs_uint16("unk0", ps, depth, &(q_u->unk0)); - prs_uint16("unk1", ps, depth, &(q_u->unk1)); - - smb_io_unihdr("hdr_source", &(q_u->hdr_source), ps, depth); - smb_io_unistr2("uni_source", &(q_u->uni_source), - q_u->hdr_source.buffer, ps, depth); - prs_align(ps); - - smb_io_unihdr("hdr_unk", &(q_u->hdr_unk), ps, depth); - smb_io_unistr2("uni_unk", &(q_u->uni_unk), - q_u->hdr_unk.buffer, ps, depth); - prs_align(ps); - - prs_uint32("unk6", ps, depth, &(q_u->unk6)); - prs_uint32("unk7", ps, depth, &(q_u->unk7)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_r_open"); - depth++; - - prs_align(ps); - smb_io_pol_hnd("", &(r_u->pol), ps, depth); - prs_uint32("status", ps, depth, &(r_u->status)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol) -{ - memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_q_close"); - depth++; - - prs_align(ps); - smb_io_pol_hnd("", &(q_u->pol), ps, depth); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_r_close"); - depth++; - - prs_align(ps); - smb_io_pol_hnd("", &(r_u->pol), ps, depth); - prs_uint32("status", ps, depth, &(r_u->status)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol) -{ - memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); - - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec"); - depth++; - - prs_align(ps); - smb_io_pol_hnd("", &(q_u->pol), ps, depth); - - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec"); - depth++; - - prs_align(ps); - prs_uint32("number", ps, depth, &(r_u->number)); - prs_uint32("status", ps, depth, &(r_u->status)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol, - uint32 flags, uint32 offset, uint32 number_of_bytes) -{ - memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data)); - q_u->flags=flags; - q_u->offset=offset; - q_u->number_of_bytes=number_of_bytes; - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog"); - depth++; - - prs_align(ps); - smb_io_pol_hnd("", &(q_u->pol), ps, depth); - prs_uint32("flags", ps, depth, &(q_u->flags)); - prs_uint32("offset", ps, depth, &(q_u->offset)); - prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes)); - - return True; -} - -/******************************************************************* -********************************************************************/ -static BOOL eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_eventlog"); - depth++; - - prs_align(ps); - prs_uint32("size", ps, depth, &(ev->size)); - prs_uint32("reserved", ps, depth, &(ev->reserved)); - prs_uint32("recordnumber", ps, depth, &(ev->recordnumber)); - prs_uint32("creationtime", ps, depth, &(ev->creationtime)); - prs_uint32("writetime", ps, depth, &(ev->writetime)); - prs_uint32("eventnumber", ps, depth, &(ev->eventnumber)); - - prs_uint16("eventtype", ps, depth, &(ev->eventtype)); - prs_uint16("num_of_strings", ps, depth, &(ev->num_of_strings)); - prs_uint16("category", ps, depth, &(ev->category)); - prs_uint16("reserved_flag", ps, depth, &(ev->reserved_flag)); - - prs_uint32("closingrecord", ps, depth, &(ev->closingrecord)); - prs_uint32("stringoffset", ps, depth, &(ev->stringoffset)); - prs_uint32("sid_length", ps, depth, &(ev->sid_length)); - prs_uint32("sid_offset", ps, depth, &(ev->sid_offset)); - prs_uint32("data_length", ps, depth, &(ev->data_length)); - prs_uint32("data_offset", ps, depth, &(ev->data_offset)); - - smb_io_unistr("", &(ev->sourcename), ps, depth); - smb_io_unistr("", &(ev->computername), ps, depth); - - if (ev->sid_length!=0) - smb_io_unistr("", &(ev->sid), ps, depth); - - if (ev->num_of_strings!=0) - smb_io_unistr("", &(ev->strings),ps, depth); - - if (ev->data_length) - smb_io_unistr("", &(ev->data), ps, depth); - - prs_uint32("size2", ps, depth, &(ev->size2)); - - return True; -} - -/******************************************************************* -********************************************************************/ -BOOL eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog"); - depth++; - - prs_align(ps); - prs_uint32("number_of_bytes", ps, depth, &(r_u->number_of_bytes)); - - if (r_u->number_of_bytes!= 0) - eventlog_io_eventlog("", r_u->event, ps, depth); - - prs_uint32("sent_size", ps, depth, &(r_u->sent_size)); - prs_uint32("real_size", ps, depth, &(r_u->real_size)); - prs_uint32("status", ps, depth, &(r_u->status)); - - return True; -} - -- cgit From 5d1cb8e79edea9e8581d3c2c9dd297310cd9a98c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 23 Mar 2005 23:26:33 +0000 Subject: r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221) --- source3/rpc_parse/parse_eventlog.c | 457 +++++++++++++++++++++++++++++++++++++ 1 file changed, 457 insertions(+) create mode 100644 source3/rpc_parse/parse_eventlog.c (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c new file mode 100644 index 0000000000..9bb0a13169 --- /dev/null +++ b/source3/rpc_parse/parse_eventlog.c @@ -0,0 +1,457 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Marcin Krzysztof Porwit 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + +/* + * called from eventlog_q_open_eventlog (srv_eventlog.c) + */ + +BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + /* Data format seems to be: + UNKNOWN structure + uint32 unknown + uint16 unknown + uint16 unknown + Eventlog name + uint16 eventlog name length + uint16 eventlog name size + Character Array + uint32 unknown + uint32 max count + uint32 offset + uint32 actual count + UNISTR2 log file name + Server Name + uint16 server name length + uint16 server name size + Character Array + UNISTR2 server name + */ + + prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog"); + depth++; + + if(!prs_align(ps)) + return False; + + /* Munch unknown bits */ + + if(!prs_uint32("", ps, depth, &q_u->unknown1)) + return False; + if(!prs_uint16("", ps, depth, &q_u->unknown2)) + return False; + if(!prs_uint16("", ps, depth, &q_u->unknown3)) + return False; + if(!prs_align(ps)) + return False; + + /* Get name of log source */ + + if(!prs_uint16("sourcename_length", ps, depth, &q_u->sourcename_length)) + return False; + if(!prs_uint16("sourcename_size", ps, depth, &q_u->sourcename_size)) + return False; + if(!prs_uint32("sourcename_ptr", ps, depth, &q_u->sourcename_ptr)) + return False; + if(!smb_io_unistr2("", &q_u->sourcename, q_u->sourcename_ptr, ps, depth)) + return False; + if(!prs_align(ps)) + return False; + + /* Get server name */ + + if(!prs_uint32("servername_ptr", ps, depth, &q_u->servername_ptr)) + return False; + if(!smb_io_unistr2("", &q_u->servername, q_u->servername_ptr, ps, depth)) + return False; + + return True; +} + +BOOL eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u, + prs_struct *ps, int depth) +{ + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_open_eventlog"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) + return False; + + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} + +BOOL eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_q_get_num_records"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) + return False; + + return True; +} + +BOOL eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u, + prs_struct *ps, int depth) +{ + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_get_num_records"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(prs_uint32("num records", ps, depth, &(r_u->num_records)))) + return False; + + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} + +BOOL eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_q_get_oldest_entry"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) + return False; + + return True; +} + +BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u, + prs_struct *ps, int depth) +{ + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_get_oldest_entry"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry)))) + return False; + + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} + +BOOL eventlog_io_q_close_eventlog(const char *desc, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_q_close_eventlog"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) + return False; + + return True; +} + +BOOL eventlog_io_r_close_eventlog(const char *desc, EVENTLOG_R_CLOSE_EVENTLOG *r_u, + prs_struct *ps, int depth) +{ + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_close_eventlog"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) + return False; + + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} + +BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog"); + depth++; + + if(!(prs_align(ps))) + return False; + + if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) + return False; + + if(!(prs_uint32("read flags", ps, depth, &(q_u->flags)))) + return False; + + if(!(prs_uint32("read offset", ps, depth, &(q_u->offset)))) + return False; + + if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size)))) + return False; + + return True; +} +/* Structure of response seems to be: + DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size + for i=0..n + EVENTLOGRECORD record + DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise + DWORD real_size -- 0 if records returned, otherwise length of next record to be returned + WERROR status */ +BOOL eventlog_io_r_read_eventlog(const char *desc, + EVENTLOG_Q_READ_EVENTLOG *q_u, + EVENTLOG_R_READ_EVENTLOG *r_u, + prs_struct *ps, + int depth) +{ + Eventlog_entry *entry; + uint32 record_written = 0; + uint32 record_total = 0; + + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog"); + depth++; + + /* First, see if we've read more logs than we can output */ + + if(r_u->num_bytes_in_resp > q_u->max_read_size) { + entry = r_u->entry; + + /* remove the size of the last entry from the list */ + + while(entry->next != NULL) + entry = entry->next; + + r_u->num_bytes_in_resp -= entry->record.length; + + /* do not output the last log entry */ + + r_u->num_records--; + } + + entry = r_u->entry; + record_total = r_u->num_records; + + if(r_u->num_bytes_in_resp != 0) + r_u->sent_size = r_u->num_bytes_in_resp; + else + r_u->real_size = entry->record.length; + + if(!(prs_align(ps))) + return False; + if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size)))) + return False; + + while(entry != NULL && record_written < record_total) + { + DEBUG(10, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total)); + + /* Encode the actual eventlog record record */ + + if(!(prs_uint32("length", ps, depth, &(entry->record.length)))) + return False; + if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1)))) + return False; + if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number)))) + return False; + if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated)))) + return False; + if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written)))) + return False; + if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id)))) + return False; + if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type)))) + return False; + if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings)))) + return False; + if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category)))) + return False; + if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2)))) + return False; + if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number)))) + return False; + if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset)))) + return False; + if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length)))) + return False; + if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset)))) + return False; + if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length)))) + return False; + if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset)))) + return False; + if(!(prs_align(ps))) + return False; + + /* Now encoding data */ + + if(!(prs_uint8s(False, "buffer", ps, depth, entry->data, + entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)))) + { + return False; + } + + if(!(prs_align(ps))) + return False; + if(!(prs_uint32("length 2", ps, depth, &(entry->record.length)))) + return False; + + entry = entry->next; + record_written++; + + } /* end of encoding EVENTLOGRECORD */ + + /* Now pad with whitespace until the end of the response buffer */ + + r_u->end_of_entries_padding = (uint8 *)calloc(q_u->max_read_size - r_u->num_bytes_in_resp, sizeof(uint8)); + + if(!(prs_uint8s(False, "end of entries padding", ps, + depth, r_u->end_of_entries_padding, + (q_u->max_read_size - r_u->num_bytes_in_resp)))) + { + return False; + } + + free(r_u->end_of_entries_padding); + + /* We had better be DWORD aligned here */ + + if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size)))) + return False; + if(!(prs_uint32("real size", ps, depth, &(r_u->real_size)))) + return False; + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} + +/* The windows client seems to be doing something funny with the file name + A call like + ClearEventLog(handle, "backup_file") + on the client side will result in the backup file name looking like this on the + server side: + \??\${CWD of client}\backup_file + If an absolute path gets specified, such as + ClearEventLog(handle, "C:\\temp\\backup_file") + then it is still mangled by the client into this: + \??\C:\temp\backup_file + when it is on the wire. + I'm not sure where the \?? is coming from, or why the ${CWD} of the client process + would be added in given that the backup file gets written on the server side. */ + +BOOL eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, + prs_struct *ps, int depth) +{ + if(q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_q_clear_eventlog"); + depth++; + + if(!prs_align(ps)) + return False; + if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) + return False; + if(!prs_align(ps)) + return False; + if(!(prs_uint32("unknown1", ps, depth, &q_u->unknown1))) + return False; + if(!(prs_uint16("backup_file_length", ps, depth, &q_u->backup_file_length))) + return False; + if(!(prs_uint16("backup_file_size", ps, depth, &q_u->backup_file_size))) + return False; + if(!prs_uint32("backup_file_ptr", ps, depth, &q_u->backup_file_ptr)) + return False; + if(!smb_io_unistr2("backup file", &q_u->backup_file, q_u->backup_file_ptr, ps, depth)) + return False; + + return True; + +} + +BOOL eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u, + prs_struct *ps, int depth) +{ + if(r_u == NULL) + return False; + + prs_debug(ps, depth, desc, "eventlog_io_r_clear_eventlog"); + depth++; + + if(!prs_align(ps)) + return False; + if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + return False; + + return True; +} -- cgit From 2e0cac8e3eb021aa8f5cad4ce8b72f98036af639 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 23 Apr 2005 18:07:01 +0000 Subject: r6445: Make us survive the PARANOID_MALLOC_CHECKER. Should we enable that for --enable-developer=yes? Volker (This used to be commit 61d40ac60dd9c8c9bbcf92e4fc57fe1d706bc721) --- source3/rpc_parse/parse_eventlog.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 9bb0a13169..be21f0f74e 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -372,7 +372,9 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, /* Now pad with whitespace until the end of the response buffer */ - r_u->end_of_entries_padding = (uint8 *)calloc(q_u->max_read_size - r_u->num_bytes_in_resp, sizeof(uint8)); + r_u->end_of_entries_padding = + SMB_CALLOC_ARRAY(uint8, + q_u->max_read_size - r_u->num_bytes_in_resp); if(!(prs_uint8s(False, "end of entries padding", ps, depth, r_u->end_of_entries_padding, -- cgit From cf4005a78d5b2ce922abb0f15e0d0207d7c74077 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 9 May 2005 13:51:44 +0000 Subject: r6680: event log patches from Marcin (This used to be commit a71e104af84810f488f42cb0843976961e6f6ebe) --- source3/rpc_parse/parse_eventlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index be21f0f74e..d27761ad0f 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -304,7 +304,7 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, if(r_u->num_bytes_in_resp != 0) r_u->sent_size = r_u->num_bytes_in_resp; else - r_u->real_size = entry->record.length; + r_u->real_size = r_u->bytes_in_next_record; if(!(prs_align(ps))) return False; -- cgit From 8387af752f81e26f1c141f6053bf6d106f0af5eb Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 24 Jun 2005 15:49:02 +0000 Subject: r7880: fix a typo and memleak on failures cases (patch from marcin) (This used to be commit 6ff0fa0b4385481f2212047d80ca17b55d996def) --- source3/rpc_parse/parse_eventlog.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index d27761ad0f..734f52fffb 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -33,7 +33,7 @@ BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u if(q_u == NULL) return False; - /* Data format seems to be: + /** Data format seems to be: UNKNOWN structure uint32 unknown uint16 unknown @@ -258,7 +258,7 @@ BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u return True; } -/* Structure of response seems to be: +/** Structure of response seems to be: DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size for i=0..n EVENTLOGRECORD record @@ -397,7 +397,7 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, return True; } -/* The windows client seems to be doing something funny with the file name +/** The windows client seems to be doing something funny with the file name A call like ClearEventLog(handle, "backup_file") on the client side will result in the backup file name looking like this on the -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/rpc_parse/parse_eventlog.c | 84 +++++++++++++------------------------- 1 file changed, 28 insertions(+), 56 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 734f52fffb..1b57272ca4 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -23,9 +23,24 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_PARSE -/* - * called from eventlog_q_open_eventlog (srv_eventlog.c) - */ +/******************************************************************** +********************************************************************/ + +BOOL prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u ) +{ + if ( !u ) + return False; + + if ( !prs_uint16("", ps, depth, &u->unknown1) ) + return False; + if ( !prs_uint16("", ps, depth, &u->unknown2) ) + return False; + + return True; +} + +/******************************************************************** +********************************************************************/ BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u, prs_struct *ps, int depth) @@ -33,62 +48,28 @@ BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u if(q_u == NULL) return False; - /** Data format seems to be: - UNKNOWN structure - uint32 unknown - uint16 unknown - uint16 unknown - Eventlog name - uint16 eventlog name length - uint16 eventlog name size - Character Array - uint32 unknown - uint32 max count - uint32 offset - uint32 actual count - UNISTR2 log file name - Server Name - uint16 server name length - uint16 server name size - Character Array - UNISTR2 server name - */ - prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog"); depth++; if(!prs_align(ps)) return False; - /* Munch unknown bits */ - - if(!prs_uint32("", ps, depth, &q_u->unknown1)) - return False; - if(!prs_uint16("", ps, depth, &q_u->unknown2)) - return False; - if(!prs_uint16("", ps, depth, &q_u->unknown3)) - return False; - if(!prs_align(ps)) + if ( !prs_pointer("", ps, depth, (void**)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0)) return False; - /* Get name of log source */ - - if(!prs_uint16("sourcename_length", ps, depth, &q_u->sourcename_length)) - return False; - if(!prs_uint16("sourcename_size", ps, depth, &q_u->sourcename_size)) + if ( !prs_unistr4("logname", ps, depth, &q_u->logname) ) return False; - if(!prs_uint32("sourcename_ptr", ps, depth, &q_u->sourcename_ptr)) + if ( !prs_align(ps) ) return False; - if(!smb_io_unistr2("", &q_u->sourcename, q_u->sourcename_ptr, ps, depth)) + + if ( !prs_unistr4("servername", ps, depth, &q_u->servername) ) return False; - if(!prs_align(ps)) + if ( !prs_align(ps) ) return False; - /* Get server name */ - - if(!prs_uint32("servername_ptr", ps, depth, &q_u->servername_ptr)) + if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) ) return False; - if(!smb_io_unistr2("", &q_u->servername, q_u->servername_ptr, ps, depth)) + if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) ) return False; return True; @@ -424,17 +405,8 @@ BOOL eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q return False; if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) return False; - if(!prs_align(ps)) - return False; - if(!(prs_uint32("unknown1", ps, depth, &q_u->unknown1))) - return False; - if(!(prs_uint16("backup_file_length", ps, depth, &q_u->backup_file_length))) - return False; - if(!(prs_uint16("backup_file_size", ps, depth, &q_u->backup_file_size))) - return False; - if(!prs_uint32("backup_file_ptr", ps, depth, &q_u->backup_file_ptr)) - return False; - if(!smb_io_unistr2("backup file", &q_u->backup_file, q_u->backup_file_ptr, ps, depth)) + + if ( !prs_unistr4("backupfile", ps, depth, &q_u->backupfile) ) return False; return True; -- cgit From e1ffd2d612184fb1343cbe7e1d5d1aacebe0e8fa Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 27 Oct 2005 13:30:23 +0000 Subject: r11332: eventlog API uses NTSTATUS, not WERROR for return codes (This used to be commit f5f40633bc3f641a0fef4934375d0d829899b0d7) --- source3/rpc_parse/parse_eventlog.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 1b57272ca4..0f0b02748b 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -90,7 +90,7 @@ BOOL eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; @@ -129,7 +129,7 @@ BOOL eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS if(!(prs_uint32("num records", ps, depth, &(r_u->num_records)))) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; @@ -168,7 +168,7 @@ BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTR if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry)))) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; @@ -207,7 +207,7 @@ BOOL eventlog_io_r_close_eventlog(const char *desc, EVENTLOG_R_CLOSE_EVENTLOG *r if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; @@ -372,7 +372,7 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, return False; if(!(prs_uint32("real size", ps, depth, &(r_u->real_size)))) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; @@ -424,7 +424,7 @@ BOOL eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r if(!prs_align(ps)) return False; - if(!(prs_werror("status code", ps, depth, &(r_u->status)))) + if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) return False; return True; -- cgit From 70cac98b6e1871cf93b379a4834de1778853de86 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 17 Nov 2005 17:41:02 +0000 Subject: r11760: fix sequential reads in the eventlog; event viewer is behaving better now as well but needs more testing (This used to be commit ba2f94aeae1f8e69d53fc360785adf222a8c9c6e) --- source3/rpc_parse/parse_eventlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 0f0b02748b..5e28a4aba5 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -294,7 +294,7 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, while(entry != NULL && record_written < record_total) { - DEBUG(10, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total)); + DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total)); /* Encode the actual eventlog record record */ -- cgit From 107698dd0e9b53e41003b677fef20f726a8a4ed6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Jun 2006 02:12:53 +0000 Subject: r16601: Klocwork #2038. Fix memleak on error path. Jeremy. (This used to be commit 934dddb2fa9fb60a87c0b0be81db97f2b59c7cb0) --- source3/rpc_parse/parse_eventlog.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 5e28a4aba5..4aff9734ee 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -353,18 +353,18 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, /* Now pad with whitespace until the end of the response buffer */ - r_u->end_of_entries_padding = - SMB_CALLOC_ARRAY(uint8, - q_u->max_read_size - r_u->num_bytes_in_resp); + if (q_u->max_read_size - r_u->num_bytes_in_resp) { + r_u->end_of_entries_padding = SMB_CALLOC_ARRAY(uint8, q_u->max_read_size - r_u->num_bytes_in_resp); - if(!(prs_uint8s(False, "end of entries padding", ps, - depth, r_u->end_of_entries_padding, - (q_u->max_read_size - r_u->num_bytes_in_resp)))) - { - return False; - } + if(!(prs_uint8s(False, "end of entries padding", ps, + depth, r_u->end_of_entries_padding, + (q_u->max_read_size - r_u->num_bytes_in_resp)))) { + free(r_u->end_of_entries_padding); + return False; + } - free(r_u->end_of_entries_padding); + free(r_u->end_of_entries_padding); + } /* We had better be DWORD aligned here */ -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/rpc_parse/parse_eventlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 4aff9734ee..addf433feb 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -54,7 +54,7 @@ BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u if(!prs_align(ps)) return False; - if ( !prs_pointer("", ps, depth, (void**)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0)) + if ( !prs_pointer("", ps, depth, (void*)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0)) return False; if ( !prs_unistr4("logname", ps, depth, &q_u->logname) ) -- cgit From 12ba88574bf91bdcc4447bfc3d429b799064bfd9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 27 Apr 2007 23:18:41 +0000 Subject: r22542: Move over to using the _strict varients of the talloc calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592) --- source3/rpc_parse/parse_eventlog.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index addf433feb..436f35aff6 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -354,7 +354,9 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, /* Now pad with whitespace until the end of the response buffer */ if (q_u->max_read_size - r_u->num_bytes_in_resp) { - r_u->end_of_entries_padding = SMB_CALLOC_ARRAY(uint8, q_u->max_read_size - r_u->num_bytes_in_resp); + if (!r_u->end_of_entries_padding) { + return False; + } if(!(prs_uint8s(False, "end of entries padding", ps, depth, r_u->end_of_entries_padding, -- cgit From 97a164ba96d48a81d5e24dda6b866a4d78ea1a78 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 31 May 2007 17:59:04 +0000 Subject: r23274: merge CloseEventlog() pidl conversion from 3.0.26 && fix a few init call renames for svcctl in the previous commit (This used to be commit ebcae48ec10fefa74efcc3563cff50e3b9c2388c) --- source3/rpc_parse/parse_eventlog.c | 39 -------------------------------------- 1 file changed, 39 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 436f35aff6..2c2ce12acb 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -174,45 +174,6 @@ BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTR return True; } -BOOL eventlog_io_q_close_eventlog(const char *desc, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_close_eventlog"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - return True; -} - -BOOL eventlog_io_r_close_eventlog(const char *desc, EVENTLOG_R_CLOSE_EVENTLOG *r_u, - prs_struct *ps, int depth) -{ - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_close_eventlog"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) - return False; - - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} - BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, prs_struct *ps, int depth) { -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/rpc_parse/parse_eventlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 2c2ce12acb..bb5eb829eb 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/rpc_parse/parse_eventlog.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index bb5eb829eb..e92e5e24c6 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -14,8 +14,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/rpc_parse/parse_eventlog.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index e92e5e24c6..70226bca15 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -25,7 +25,7 @@ /******************************************************************** ********************************************************************/ -BOOL prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u ) +bool prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u ) { if ( !u ) return False; @@ -41,7 +41,7 @@ BOOL prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG /******************************************************************** ********************************************************************/ -BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u, +bool eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u, prs_struct *ps, int depth) { if(q_u == NULL) @@ -74,7 +74,7 @@ BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u return True; } -BOOL eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u, +bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u, prs_struct *ps, int depth) { if(r_u == NULL) @@ -95,7 +95,7 @@ BOOL eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u return True; } -BOOL eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u, +bool eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u, prs_struct *ps, int depth) { if(q_u == NULL) @@ -113,7 +113,7 @@ BOOL eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS return True; } -BOOL eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u, +bool eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u, prs_struct *ps, int depth) { if(r_u == NULL) @@ -134,7 +134,7 @@ BOOL eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS return True; } -BOOL eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, +bool eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, prs_struct *ps, int depth) { if(q_u == NULL) @@ -152,7 +152,7 @@ BOOL eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTR return True; } -BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u, +bool eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u, prs_struct *ps, int depth) { if(r_u == NULL) @@ -173,7 +173,7 @@ BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTR return True; } -BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, +bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, prs_struct *ps, int depth) { if(q_u == NULL) @@ -206,7 +206,7 @@ BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise DWORD real_size -- 0 if records returned, otherwise length of next record to be returned WERROR status */ -BOOL eventlog_io_r_read_eventlog(const char *desc, +bool eventlog_io_r_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u, prs_struct *ps, @@ -354,7 +354,7 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, I'm not sure where the \?? is coming from, or why the ${CWD} of the client process would be added in given that the backup file gets written on the server side. */ -BOOL eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, +bool eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, prs_struct *ps, int depth) { if(q_u == NULL) @@ -375,7 +375,7 @@ BOOL eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q } -BOOL eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u, +bool eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u, prs_struct *ps, int depth) { if(r_u == NULL) -- cgit From bea5ea5cad90e8a10ea5aadebf62f917faa60cf1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:12:08 +0100 Subject: Remove unused marshalling for EVENTLOG_GET_NUM_RECORDS. Guenther (This used to be commit 0c8e0916d7a7a403255c814536f1ebde3c5c9905) --- source3/rpc_parse/parse_eventlog.c | 39 -------------------------------------- 1 file changed, 39 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 70226bca15..37fd5b17e0 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -95,45 +95,6 @@ bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u return True; } -bool eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_get_num_records"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - return True; -} - -bool eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u, - prs_struct *ps, int depth) -{ - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_get_num_records"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(prs_uint32("num records", ps, depth, &(r_u->num_records)))) - return False; - - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} - bool eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, prs_struct *ps, int depth) { -- cgit From 2432628b141607c6edc66974cfec178a4d842989 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:45:50 +0100 Subject: Remove unused marshalling for EVENTLOG_GET_OLDEST_ENTRY. Guenther (This used to be commit f837fff80ef369133761f7a33a616fd4721c5a68) --- source3/rpc_parse/parse_eventlog.c | 39 -------------------------------------- 1 file changed, 39 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 37fd5b17e0..4586abe23e 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -95,45 +95,6 @@ bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u return True; } -bool eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_get_oldest_entry"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - return True; -} - -bool eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u, - prs_struct *ps, int depth) -{ - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_get_oldest_entry"); - depth++; - - if(!(prs_align(ps))) - return False; - - if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry)))) - return False; - - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} - bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, prs_struct *ps, int depth) { -- cgit From 221a2a9a5f974fd428e83753af1b70f37332e184 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:55:14 +0100 Subject: Copy inline comment for _eventlog_ClearEventLogW() from rpc_parse to rpc_server. Guenther (This used to be commit 26eadadbf628f4d3aa4cd0ab4b55d47dc79c80ba) --- source3/rpc_parse/parse_eventlog.c | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 4586abe23e..3e7af74cbb 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -262,20 +262,6 @@ bool eventlog_io_r_read_eventlog(const char *desc, return True; } -/** The windows client seems to be doing something funny with the file name - A call like - ClearEventLog(handle, "backup_file") - on the client side will result in the backup file name looking like this on the - server side: - \??\${CWD of client}\backup_file - If an absolute path gets specified, such as - ClearEventLog(handle, "C:\\temp\\backup_file") - then it is still mangled by the client into this: - \??\C:\temp\backup_file - when it is on the wire. - I'm not sure where the \?? is coming from, or why the ${CWD} of the client process - would be added in given that the backup file gets written on the server side. */ - bool eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, prs_struct *ps, int depth) { -- cgit From 2fd872fea7576497a24c1d981f3253dc3f042a04 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:56:16 +0100 Subject: Remove unused marshalling for EVENTLOG_CLEAR_EVENTLOG. Guenther (This used to be commit badbdf1b88b270d298d44ed6fddb0c31fbcb3717) --- source3/rpc_parse/parse_eventlog.c | 38 -------------------------------------- 1 file changed, 38 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 3e7af74cbb..0a4bf93048 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -261,41 +261,3 @@ bool eventlog_io_r_read_eventlog(const char *desc, return True; } - -bool eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_clear_eventlog"); - depth++; - - if(!prs_align(ps)) - return False; - if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth))) - return False; - - if ( !prs_unistr4("backupfile", ps, depth, &q_u->backupfile) ) - return False; - - return True; - -} - -bool eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u, - prs_struct *ps, int depth) -{ - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_clear_eventlog"); - depth++; - - if(!prs_align(ps)) - return False; - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} -- cgit From 639c7fc8becfedba1198d1f4325ab2482ea2ee9d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 11:10:53 +0100 Subject: Remove unused marshalling for EVENTLOG_OPEN_EVENTLOG. Guenther (This used to be commit 15d22925def45f1f8cd2d356a7f580fb4bfd05ef) --- source3/rpc_parse/parse_eventlog.c | 70 -------------------------------------- 1 file changed, 70 deletions(-) (limited to 'source3/rpc_parse/parse_eventlog.c') diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c index 0a4bf93048..2ff217eb9e 100644 --- a/source3/rpc_parse/parse_eventlog.c +++ b/source3/rpc_parse/parse_eventlog.c @@ -25,76 +25,6 @@ /******************************************************************** ********************************************************************/ -bool prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u ) -{ - if ( !u ) - return False; - - if ( !prs_uint16("", ps, depth, &u->unknown1) ) - return False; - if ( !prs_uint16("", ps, depth, &u->unknown2) ) - return False; - - return True; -} - -/******************************************************************** -********************************************************************/ - -bool eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u, - prs_struct *ps, int depth) -{ - if(q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog"); - depth++; - - if(!prs_align(ps)) - return False; - - if ( !prs_pointer("", ps, depth, (void*)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0)) - return False; - - if ( !prs_unistr4("logname", ps, depth, &q_u->logname) ) - return False; - if ( !prs_align(ps) ) - return False; - - if ( !prs_unistr4("servername", ps, depth, &q_u->servername) ) - return False; - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) ) - return False; - if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) ) - return False; - - return True; -} - -bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u, - prs_struct *ps, int depth) -{ - if(r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "eventlog_io_r_open_eventlog"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth))) - return False; - - if(!(prs_ntstatus("status code", ps, depth, &r_u->status))) - return False; - - return True; -} - bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u, prs_struct *ps, int depth) { -- cgit