From 5d1cb8e79edea9e8581d3c2c9dd297310cd9a98c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 23 Mar 2005 23:26:33 +0000 Subject: r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221) --- source3/rpc_server/srv_eventlog_nt.c | 923 +++++++++++++++++++++++++++++++++++ 1 file changed, 923 insertions(+) create mode 100644 source3/rpc_server/srv_eventlog_nt.c (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c new file mode 100644 index 0000000000..7501434a13 --- /dev/null +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -0,0 +1,923 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Marcin Krzysztof Porwit 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +typedef struct eventlog_info +{ + /* for use by the \PIPE\eventlog policy */ + fstring source_log_file_name; + fstring source_server_name; + fstring handle_string; + uint32 num_records; + uint32 oldest_entry; +} Eventlog_info; + +static void free_eventlog_info(void *ptr) +{ + struct eventlog_info *info = (struct eventlog_info *)ptr; + memset(info->source_log_file_name, '0', sizeof(*(info->source_log_file_name))); + memset(info->source_server_name, '0', sizeof(*(info->source_server_name))); + memset(info->handle_string, '0', sizeof(*(info->handle_string))); + memset(info, 0, sizeof(*(info))); + SAFE_FREE(info); +} + +static Eventlog_info *find_eventlog_info_by_hnd(pipes_struct *p, + POLICY_HND *handle) +{ + Eventlog_info *info = NULL; + + if(!(find_policy_by_hnd(p,handle,(void **)&info))) + { + DEBUG(2,("find_eventlog_info_by_hnd: eventlog not found.\n")); + } + + return info; +} + +void policy_handle_to_string(POLICY_HND *handle, fstring *dest) +{ + memset(dest, 0, sizeof(*dest)); + snprintf((char *)dest, sizeof(*dest), "%08X-%08X-%04X-%04X-%02X%02X%02X%02X%02X", + handle->data1, + handle->data2, + handle->data3, + handle->data4, + handle->data5[0], + handle->data5[1], + handle->data5[2], + handle->data5[3], + handle->data5[4]); +} + +/** + * Callout to open the specified event log + * + * smbrun calling convention -- + * INPUT: + * OUTPUT: the string "SUCCESS" if the command succeeded + * no such string if there was a failure. + */ +static BOOL _eventlog_open_eventlog_hook(Eventlog_info *info) +{ + char *cmd = lp_eventlog_open_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog open command\" entry in the config.\n")); + return False; + } + + memset(command, 0, sizeof(command)); + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) + { + DEBUGADD(10, ("Able to open [%s].\n", info->source_log_file_name)); + file_lines_free(qlines); + return True; + } + } + + file_lines_free(qlines); + return False; +} + +WERROR _eventlog_open_eventlog(pipes_struct *p, + EVENTLOG_Q_OPEN_EVENTLOG *q_u, + EVENTLOG_R_OPEN_EVENTLOG *r_u) +{ + Eventlog_info *info = NULL; + + if(!q_u || !r_u) + return WERR_NOMEM; + + if((info = SMB_MALLOC_P(Eventlog_info)) == NULL) + return WERR_NOMEM; + + ZERO_STRUCTP(info); + + if(q_u->servername_ptr != 0) + { + unistr2_to_ascii(info->source_server_name, &(q_u->servername), sizeof(info->source_server_name)); + } + else + { + /* if servername == NULL, use the local computer */ + fstrcpy(info->source_server_name, global_myname()); + } + DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the server name.\n", info->source_server_name)); + + if(q_u->sourcename_ptr != 0) + { + unistr2_to_ascii(info->source_log_file_name, &(q_u->sourcename), sizeof(info->source_log_file_name)); + } + else + { + /* if sourcename == NULL, default to "Application" log */ + fstrcpy(info->source_log_file_name, "Application"); + } + DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the source log file.\n", info->source_log_file_name)); + + if(!create_policy_hnd(p, &(r_u->handle), free_eventlog_info, (void *)info)) + return WERR_NOMEM; + + policy_handle_to_string(&r_u->handle, &info->handle_string); + + if(!(_eventlog_open_eventlog_hook(info))) + return WERR_BADFILE; + + return WERR_OK; +} +/** + * Callout to get the number of records in the specified event log + * + * smbrun calling convention -- + * INPUT: + * OUTPUT: A single line with a single integer containing the number of + * entries in the log. If there are no entries in the log, return 0. + */ +static BOOL _eventlog_get_num_records_hook(Eventlog_info *info) +{ + char *cmd = lp_eventlog_num_records_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog num records command\" entry in the config.\n")); + return False; + } + + memset(command, 0, sizeof(command)); + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + sscanf(qlines[0], "%d", &(info->num_records)); + file_lines_free(qlines); + return True; + } + + file_lines_free(qlines); + return False; +} + +WERROR _eventlog_get_num_records(pipes_struct *p, + EVENTLOG_Q_GET_NUM_RECORDS *q_u, + EVENTLOG_R_GET_NUM_RECORDS *r_u) +{ + Eventlog_info *info = NULL; + POLICY_HND *handle = NULL; + + if(!q_u || !r_u) + return WERR_NOMEM; + + handle = &(q_u->handle); + info = find_eventlog_info_by_hnd(p, handle); + + if(!(_eventlog_get_num_records_hook(info))) + return WERR_BADFILE; + + r_u->num_records = info->num_records; + + return WERR_OK; +} +/** + * Callout to find the oldest record in the log + * + * smbrun calling convention -- + * INPUT: + * OUTPUT: If there are entries in the event log, the index of the + * oldest entry. Must be 1 or greater. + * If there are no entries in the log, returns a 0 + */ +static BOOL _eventlog_get_oldest_entry_hook(Eventlog_info *info) +{ + char *cmd = lp_eventlog_oldest_record_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog oldest record command\" entry in the config.\n")); + return False; + } + + memset(command, 0, sizeof(command)); + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + sscanf(qlines[0], "%d", &(info->oldest_entry)); + file_lines_free(qlines); + return True; + } + + file_lines_free(qlines); + return False; +} + +WERROR _eventlog_get_oldest_entry(pipes_struct *p, + EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, + EVENTLOG_R_GET_OLDEST_ENTRY *r_u) +{ + Eventlog_info *info = NULL; + POLICY_HND *handle = NULL; + + if(!q_u || !r_u) + return WERR_NOMEM; + + handle = &(q_u->handle); + info = find_eventlog_info_by_hnd(p, handle); + + if(!(_eventlog_get_oldest_entry_hook(info))) + return WERR_BADFILE; + + r_u->oldest_entry = info->oldest_entry; + + return WERR_OK; +} + +/** + * Callout to close the specified event log + * + * smbrun calling convention -- + * INPUT: + * OUTPUT: the string "SUCCESS" if the command succeeded + * no such string if there was a failure. + */ +static BOOL _eventlog_close_eventlog_hook(Eventlog_info *info) +{ + char *cmd = lp_eventlog_close_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog close command\" entry in the config.\n")); + return False; + } + + memset(command, 0, sizeof(command)); + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) + { + DEBUGADD(10, ("Able to close [%s].\n", info->source_log_file_name)); + file_lines_free(qlines); + return True; + } + } + + file_lines_free(qlines); + return False; +} + +WERROR _eventlog_close_eventlog(pipes_struct *p, + EVENTLOG_Q_CLOSE_EVENTLOG *q_u, + EVENTLOG_R_CLOSE_EVENTLOG *r_u) +{ + Eventlog_info *info = NULL; + POLICY_HND *handle; + + if(!q_u || !r_u) + return WERR_NOMEM; + + handle = &(q_u->handle); + + info = find_eventlog_info_by_hnd(p, handle); + if(!(_eventlog_close_eventlog_hook(info))) + return WERR_BADFILE; + + if(!(close_policy_hnd(p, handle))) + { + /* WERR_NOMEM is probably not the correct error, but until I figure out a better + one it will have to do */ + return WERR_NOMEM; + } + + return WERR_OK; +} + +static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) +{ + char *start = NULL, *stop = NULL; + pstring temp; + int temp_len = 0, i; + + start = line; + + if(start == NULL || strlen(start) == 0) + return False; + if(!(stop = strchr(line, ':'))) + return False; + + DEBUG(6, ("_eventlog_read_parse_line: trying to parse [%s].\n", line)); + + if(0 == strncmp(start, "LEN", stop - start)) + { + /* This will get recomputed later anyway -- probably not necessary */ + entry->record.length = atoi(stop + 1); + } + else if(0 == strncmp(start, "RS1", stop - start)) + { + /* For now all these reserved entries seem to have the same value, + which can be hardcoded to int(1699505740) for now */ + entry->record.reserved1 = atoi(stop + 1); + } + else if(0 == strncmp(start, "RCN", stop - start)) + { + entry->record.record_number = atoi(stop + 1); + } + else if(0 == strncmp(start, "TMG", stop - start)) + { + entry->record.time_generated = atoi(stop + 1); + } + else if(0 == strncmp(start, "TMW", stop - start)) + { + entry->record.time_written = atoi(stop + 1); + } + else if(0 == strncmp(start, "EID", stop - start)) + { + entry->record.event_id = atoi(stop + 1); + } + else if(0 == strncmp(start, "ETP", stop - start)) + { + if(strstr(start, "ERROR")) + { + entry->record.event_type = EVENTLOG_ERROR_TYPE; + } + else if(strstr(start, "WARNING")) + { + entry->record.event_type = EVENTLOG_WARNING_TYPE; + } + else if(strstr(start, "INFO")) + { + entry->record.event_type = EVENTLOG_INFORMATION_TYPE; + } + else if(strstr(start, "AUDIT_SUCCESS")) + { + entry->record.event_type = EVENTLOG_AUDIT_SUCCESS; + } + else if(strstr(start, "AUDIT_FAILURE")) + { + entry->record.event_type = EVENTLOG_AUDIT_FAILURE; + } + else if(strstr(start, "SUCCESS")) + { + entry->record.event_type = EVENTLOG_SUCCESS; + } + else + { + /* some other eventlog type -- currently not defined in MSDN docs, so error out */ + return False; + } + } +/* + else if(0 == strncmp(start, "NST", stop - start)) + { + entry->record.num_strings = atoi(stop + 1); + } +*/ + else if(0 == strncmp(start, "ECT", stop - start)) + { + entry->record.event_category = atoi(stop + 1); + } + else if(0 == strncmp(start, "RS2", stop - start)) + { + entry->record.reserved2 = atoi(stop + 1); + } + else if(0 == strncmp(start, "CRN", stop - start)) + { + entry->record.closing_record_number = atoi(stop + 1); + } + else if(0 == strncmp(start, "USL", stop - start)) + { + entry->record.user_sid_length = atoi(stop + 1); + } + else if(0 == strncmp(start, "SRC", stop - start)) + { + memset(temp, 0, sizeof(temp)); + sscanf(stop+1, "%s", temp); + temp_len = strlen(temp); + rpcstr_push((void *)(entry->data_record.source_name), temp, + sizeof(entry->data_record.source_name), STR_TERMINATE); + entry->data_record.source_name_len = (strlen_w(entry->data_record.source_name)* 2) + 2; + } + else if(0 == strncmp(start, "SRN", stop - start)) + { + memset(temp, 0, sizeof(temp)); + sscanf(stop+1, "%s", temp); + temp_len = strlen(temp); + rpcstr_push((void *)(entry->data_record.computer_name), temp, + sizeof(entry->data_record.computer_name), STR_TERMINATE); + entry->data_record.computer_name_len = (strlen_w(entry->data_record.computer_name)* 2) + 2; + } + else if(0 == strncmp(start, "SID", stop - start)) + { + memset(temp, 0, sizeof(temp)); + sscanf(stop+1, "%s", temp); + temp_len = strlen(temp); + rpcstr_push((void *)(entry->data_record.sid), temp, + sizeof(entry->data_record.sid), STR_TERMINATE); + entry->record.user_sid_length = (strlen_w(entry->data_record.sid) * 2) + 2; + } + else if(0 == strncmp(start, "STR", stop - start)) + { + /* skip past initial ":" */ + stop++; + /* now skip any other leading whitespace */ + while(isspace(stop[0])) + stop++; + temp_len = strlen(stop); + memset(temp, 0, sizeof(temp)); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.strings + entry->data_record.strings_len), + temp, + sizeof(entry->data_record.strings) - entry->data_record.strings_len, + STR_TERMINATE); + entry->data_record.strings_len += temp_len + 1; + fprintf(stderr, "Dumping strings:\n"); + for(i = 0; i < entry->data_record.strings_len; i++) + { + fputc((char)entry->data_record.strings[i], stderr); + } + fprintf(stderr, "\nDone\n"); + entry->record.num_strings++; + } + else if(0 == strncmp(start, "DAT", stop - start)) + { + /* Now that we're done processing the STR data, adjust the length to account for + unicode, then proceed with the DAT data. */ + entry->data_record.strings_len *= 2; + /* skip past initial ":" */ + stop++; + /* now skip any other leading whitespace */ + while(isspace(stop[0])) + stop++; + memset(temp, 0, sizeof(temp)); + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.user_data), temp, + sizeof(entry->data_record.user_data), STR_TERMINATE); + entry->data_record.user_data_len = (strlen_w((const smb_ucs2_t *)entry->data_record.user_data) * 2) + 2; + } + else + { + /* some other eventlog entry -- not implemented, so dropping on the floor */ + DEBUG(10, ("Unknown entry [%s]. Ignoring.\n", line)); + /* For now return true so that we can keep on parsing this mess. Eventually + we will return False here. */ + return True; + } + return True; +} +/** + * Callout to read entries from the specified event log + * + * smbrun calling convention -- + * INPUT: + * where direction is either "forward" or "backward", the starting record is somewhere + * between the oldest_record and oldest_record+num_records, and the buffer size is the + * maximum size of the buffer that the client can accomodate. + * OUTPUT: A buffer containing a set of entries, one to a line, of the format: + * line type:line data + * These are the allowed line types: + * RS1:(uint32) - reserved. All M$ entries seem to have int(1699505740) for now + * RCN:(uint32) - record number of the record, however it may be calculated by the script + * TMG:(uint32) - time generated, seconds since January 1, 1970, 0000 UTC + * TMW:(uint32) - time written, seconds since January 1, 1970, 0000 UTC + * EID:(uint32) - eventlog source defined event identifier. If there's a stringfile for the event, it is an index into that + * ETP:(uint16) - eventlog type - one of ERROR, WARNING, INFO, AUDIT_SUCCESS, AUDIT_FAILURE + * ECT:(uint16) - event category - depends on the eventlog generator... + * RS2:(uint16) - reserved, make it 0000 + * CRN:(uint32) - reserved, make it 00000000 for now + * USL:(uint32) - user SID length. No sid? Make this 0. Must match SID below + * SRC:[(uint8)] - Name of the source, for example ccPwdSvc, in hex bytes. Can not be multiline. + * SRN:[(uint8)] - Name of the computer on which this is generated, the short hostname usually. + * SID:[(uint8)] - User sid if one exists. Must be present even if there is no SID. + * STR:[(uint8)] - String data. One string per line. Multiple strings can be specified using consecutive "STR" lines, + * up to a total aggregate string length of 1024 characters. + * DAT:[(uint8)] - The user-defined data portion of the event log. Can not be multiple lines. + */ +static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, Eventlog_entry *entry, const char *direction, int starting_record, int buffer_size, BOOL *eof) +{ + char *cmd = lp_eventlog_read_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + int i; + + if(info == NULL) + return False; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog read command\" entry in the config.\n")); + return False; + } + + slprintf(command, sizeof(command)-1, "%s \"%s\" %s %d %d \"%s\"", + cmd, + info->source_log_file_name, + direction, + starting_record, + buffer_size, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + for(i = 0; i < numlines; i++) + { + DEBUGADD(10, ("Line[%d] = %s\n", i, qlines[i])); + _eventlog_read_parse_line(qlines[i], entry); + } + file_lines_free(qlines); + return True; + } + else + *eof = True; + + file_lines_free(qlines); + return False; +} + +static BOOL _eventlog_read_prepare_data_buffer(prs_struct *ps, + EVENTLOG_Q_READ_EVENTLOG *q_u, + EVENTLOG_R_READ_EVENTLOG *r_u, + Eventlog_entry *entry) +{ + uint8 *offset; + Eventlog_entry *new = NULL, *insert_point = NULL; + + new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); + if(new == NULL) + return False; + + entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len + + entry->data_record.computer_name_len) % 4)) %4); + entry->data_record.data_padding = (4 - ((entry->data_record.strings_len + + entry->data_record.user_data_len) % 4)) % 4; + entry->record.length = sizeof(Eventlog_record); + entry->record.length += entry->data_record.source_name_len; + entry->record.length += entry->data_record.computer_name_len; + if(entry->record.user_sid_length == 0) + { + /* Should not pad to a DWORD boundary for writing out the sid if there is + no SID, so just propagate the padding to pad the data */ + entry->data_record.data_padding += entry->data_record.sid_padding; + entry->data_record.sid_padding = 0; + } + DEBUG(10, ("sid_padding is [%d].\n", entry->data_record.sid_padding)); + DEBUG(10, ("data_padding is [%d].\n", entry->data_record.data_padding)); + + entry->record.length += entry->data_record.sid_padding; + entry->record.length += entry->record.user_sid_length; + entry->record.length += entry->data_record.strings_len; + entry->record.length += entry->data_record.user_data_len; + entry->record.length += entry->data_record.data_padding; + /* need another copy of length at the end of the data */ + entry->record.length += sizeof(entry->record.length); + DEBUG(10, ("entry->record.length is [%d].\n", entry->record.length)); + entry->data = PRS_ALLOC_MEM(ps, uint8, entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)); + if(entry->data == NULL) + return False; + offset = entry->data; + memcpy(offset, &(entry->data_record.source_name), entry->data_record.source_name_len); + offset += entry->data_record.source_name_len; + memcpy(offset, &(entry->data_record.computer_name), entry->data_record.computer_name_len); + offset += entry->data_record.computer_name_len; + /* SID needs to be DWORD-aligned */ + offset += entry->data_record.sid_padding; + entry->record.user_sid_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.sid), entry->record.user_sid_length); + offset += entry->record.user_sid_length; + /* Now do the strings */ + entry->record.string_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.strings), entry->data_record.strings_len); + offset += entry->data_record.strings_len; + /* Now do the data */ + entry->record.data_length = entry->data_record.user_data_len; + entry->record.data_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); + offset += entry->data_record.user_data_len; + /* Now that we've massaged the current entry, copy it into the new entry and add it + to end of the list */ + insert_point=r_u->entry; + + if (NULL == insert_point) + { + r_u->entry = new; + new->next = NULL; + } + else + { + while ((NULL != insert_point->next)) + { + insert_point=insert_point->next; + } + new->next = NULL; + insert_point->next = new; + } + + memcpy(&(new->record), &entry->record, sizeof(Eventlog_record)); + memcpy(&(new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); + new->data = entry->data; + + r_u->num_records++; + r_u->num_bytes_in_resp += entry->record.length; + + return True; +} + +WERROR _eventlog_read_eventlog(pipes_struct *p, + EVENTLOG_Q_READ_EVENTLOG *q_u, + EVENTLOG_R_READ_EVENTLOG *r_u) +{ + Eventlog_info *info = NULL; + POLICY_HND *handle; + Eventlog_entry entry; + BOOL eof = False; + const char *direction = ""; + int starting_record; + prs_struct *ps; + + if(!q_u || !r_u) + return WERR_NOMEM; + + handle = &(q_u->handle); + info = find_eventlog_info_by_hnd(p, handle); + ps = &p->out_data.rdata; + /* Rather than checking the EVENTLOG_SEQUENTIAL_READ/EVENTLOG_SEEK_READ flags, + we'll just go to the offset specified in the request, or the oldest entry + if no offset is specified */ + if(q_u->offset > 0) + starting_record = q_u->offset; + else + starting_record = info->oldest_entry; + if(q_u->flags & EVENTLOG_FORWARDS_READ) + direction = "forward"; + else if(q_u->flags & EVENTLOG_BACKWARDS_READ) + direction = "backward"; + + do + { + ZERO_STRUCT(entry); + if(!(_eventlog_read_eventlog_hook(info, &entry, direction, starting_record, q_u->max_read_size, &eof))) + { + if(eof == False) + return WERR_NOMEM; + } + if(eof == False) + { + /* only if the read hook returned data */ + if(!(_eventlog_read_prepare_data_buffer(ps, q_u, r_u, &entry))) + return WERR_NOMEM; + DEBUG(10, ("_eventlog_read_eventlog: read [%d] bytes out of a max of [%d].\n", + r_u->num_bytes_in_resp, + q_u->max_read_size)); + } + } while((r_u->num_bytes_in_resp <= q_u->max_read_size) && (eof != True)); + + return WERR_OK; +} +/** + * Callout to clear (and optionally backup) a specified event log + * + * smbrun calling convention -- + * INPUT: + * OUTPUT: A single line with the string "SUCCESS" if the command succeeded. + * Otherwise it is assumed to have failed + * + * INPUT: + * OUTPUT: A single line with the string "SUCCESS" if the command succeeded. + * Otherwise it is assumed to have failed + * The given log is copied to that location on the server. See comments for + * eventlog_io_q_clear_eventlog for info about odd file name behavior + */ +static BOOL _eventlog_clear_eventlog_hook(Eventlog_info *info, + pstring backup_file_name) +{ + char *cmd = lp_eventlog_clear_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if(cmd == NULL || strlen(cmd) == 0) + { + DEBUG(0, ("Must define an \"eventlog clear command\" entry in the config.\n")); + return False; + } + + memset(command, 0, sizeof(command)); + if(strlen(backup_file_name) > 0) + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + backup_file_name, + info->handle_string); + else + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + cmd, + info->source_log_file_name, + info->handle_string); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) + { + if(fd != -1) + close(fd); + return False; + } + + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) + { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) + { + DEBUGADD(10, ("Able to clear [%s].\n", info->source_log_file_name)); + file_lines_free(qlines); + return True; + } + } + + file_lines_free(qlines); + return False; +} + +WERROR _eventlog_clear_eventlog(pipes_struct *p, + EVENTLOG_Q_CLEAR_EVENTLOG *q_u, + EVENTLOG_R_CLEAR_EVENTLOG *r_u) +{ + Eventlog_info *info = NULL; + pstring backup_file_name; + POLICY_HND *handle = NULL; + + if(!q_u || !r_u) + return WERR_NOMEM; + + handle = &(q_u->handle); + info = find_eventlog_info_by_hnd(p, handle); + memset(backup_file_name, 0, sizeof(backup_file_name)); + + if(q_u->backup_file_ptr != 0) + { + unistr2_to_ascii(backup_file_name, &(q_u->backup_file), sizeof(backup_file_name)); + DEBUG(10, ("_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", + backup_file_name, + info->source_log_file_name)); + } + else + { + /* if backup_file == NULL, do not back up the log before clearing it */ + DEBUG(10, ("_eventlog_clear_eventlog: clearing [%s] log without making a backup.", + info->source_log_file_name)); + } + + if(!(_eventlog_clear_eventlog_hook(info, backup_file_name))) + return WERR_BADFILE; + + return WERR_OK; +} -- cgit From cf4005a78d5b2ce922abb0f15e0d0207d7c74077 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 9 May 2005 13:51:44 +0000 Subject: r6680: event log patches from Marcin (This used to be commit a71e104af84810f488f42cb0843976961e6f6ebe) --- source3/rpc_server/srv_eventlog_nt.c | 184 ++++++++++++++++++++++++----------- 1 file changed, 126 insertions(+), 58 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 7501434a13..ea7512b58d 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -31,6 +31,8 @@ typedef struct eventlog_info fstring handle_string; uint32 num_records; uint32 oldest_entry; + uint32 active_entry; + uint32 flags; } Eventlog_info; static void free_eventlog_info(void *ptr) @@ -415,7 +417,7 @@ WERROR _eventlog_close_eventlog(pipes_struct *p, return WERR_OK; } -static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) +static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry, BOOL *eor) { char *start = NULL, *stop = NULL; pstring temp; @@ -423,8 +425,13 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) start = line; + /* empty line signyfiying record delimeter, or we're at the end of the buffer */ if(start == NULL || strlen(start) == 0) - return False; + { + DEBUG(6, ("_eventlog_read_parse_line: found end-of-record indicator.\n")); + *eor = True; + return True; + } if(!(stop = strchr(line, ':'))) return False; @@ -514,8 +521,11 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) else if(0 == strncmp(start, "SRC", stop - start)) { memset(temp, 0, sizeof(temp)); - sscanf(stop+1, "%s", temp); - temp_len = strlen(temp); + stop++; + while(isspace(stop[0])) + stop++; + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); rpcstr_push((void *)(entry->data_record.source_name), temp, sizeof(entry->data_record.source_name), STR_TERMINATE); entry->data_record.source_name_len = (strlen_w(entry->data_record.source_name)* 2) + 2; @@ -523,8 +533,11 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) else if(0 == strncmp(start, "SRN", stop - start)) { memset(temp, 0, sizeof(temp)); - sscanf(stop+1, "%s", temp); - temp_len = strlen(temp); + stop++; + while(isspace(stop[0])) + stop++; + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); rpcstr_push((void *)(entry->data_record.computer_name), temp, sizeof(entry->data_record.computer_name), STR_TERMINATE); entry->data_record.computer_name_len = (strlen_w(entry->data_record.computer_name)* 2) + 2; @@ -532,8 +545,11 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) else if(0 == strncmp(start, "SID", stop - start)) { memset(temp, 0, sizeof(temp)); - sscanf(stop+1, "%s", temp); - temp_len = strlen(temp); + stop++; + while(isspace(stop[0])) + stop++; + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); rpcstr_push((void *)(entry->data_record.sid), temp, sizeof(entry->data_record.sid), STR_TERMINATE); entry->record.user_sid_length = (strlen_w(entry->data_record.sid) * 2) + 2; @@ -597,6 +613,7 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) * between the oldest_record and oldest_record+num_records, and the buffer size is the * maximum size of the buffer that the client can accomodate. * OUTPUT: A buffer containing a set of entries, one to a line, of the format: + * Multiple log entries can be contained in the buffer, delimited by an empty line * line type:line data * These are the allowed line types: * RS1:(uint32) - reserved. All M$ entries seem to have int(1699505740) for now @@ -615,16 +632,21 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry) * STR:[(uint8)] - String data. One string per line. Multiple strings can be specified using consecutive "STR" lines, * up to a total aggregate string length of 1024 characters. * DAT:[(uint8)] - The user-defined data portion of the event log. Can not be multiple lines. + * - end-of-record indicator */ -static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, Eventlog_entry *entry, const char *direction, int starting_record, int buffer_size, BOOL *eof) +static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, + Eventlog_entry *entry, + const char *direction, + int starting_record, + int buffer_size, + BOOL *eof, + char ***buffer, + int *numlines) { char *cmd = lp_eventlog_read_cmd(); - char **qlines; pstring command; - int numlines = 0; int ret; int fd = -1; - int i; if(info == NULL) return False; @@ -643,6 +665,8 @@ static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, Eventlog_entry *en buffer_size, info->handle_string); + *numlines = 0; + DEBUG(10, ("Running [%s]\n", command)); ret = smbrun(command, &fd); DEBUGADD(10, ("returned [%d]\n", ret)); @@ -654,38 +678,40 @@ static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, Eventlog_entry *en return False; } - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + *buffer = fd_lines_load(fd, numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", *numlines)); close(fd); - if(numlines) + if(*numlines) { + /* for(i = 0; i < numlines; i++) { DEBUGADD(10, ("Line[%d] = %s\n", i, qlines[i])); _eventlog_read_parse_line(qlines[i], entry); } file_lines_free(qlines); + */ + *eof = False; return True; } - else - *eof = True; + *eof = True; - file_lines_free(qlines); +/* file_lines_free(qlines);*/ return False; } -static BOOL _eventlog_read_prepare_data_buffer(prs_struct *ps, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u, - Eventlog_entry *entry) +static Eventlog_entry *_eventlog_read_package_entry(prs_struct *ps, + EVENTLOG_Q_READ_EVENTLOG *q_u, + EVENTLOG_R_READ_EVENTLOG *r_u, + Eventlog_entry *entry) { uint8 *offset; - Eventlog_entry *new = NULL, *insert_point = NULL; + Eventlog_entry *new = NULL; new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); if(new == NULL) - return False; + return NULL; entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len + entry->data_record.computer_name_len) % 4)) %4); @@ -714,7 +740,7 @@ static BOOL _eventlog_read_prepare_data_buffer(prs_struct *ps, DEBUG(10, ("entry->record.length is [%d].\n", entry->record.length)); entry->data = PRS_ALLOC_MEM(ps, uint8, entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)); if(entry->data == NULL) - return False; + return NULL; offset = entry->data; memcpy(offset, &(entry->data_record.source_name), entry->data_record.source_name_len); offset += entry->data_record.source_name_len; @@ -734,8 +760,18 @@ static BOOL _eventlog_read_prepare_data_buffer(prs_struct *ps, entry->record.data_offset = sizeof(Eventlog_record) + (offset - entry->data); memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); offset += entry->data_record.user_data_len; - /* Now that we've massaged the current entry, copy it into the new entry and add it - to end of the list */ + + memcpy(&(new->record), &entry->record, sizeof(Eventlog_record)); + memcpy(&(new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); + new->data = entry->data; + + return new; +} + +static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *new) +{ + Eventlog_entry *insert_point; + insert_point=r_u->entry; if (NULL == insert_point) @@ -752,65 +788,97 @@ static BOOL _eventlog_read_prepare_data_buffer(prs_struct *ps, new->next = NULL; insert_point->next = new; } - - memcpy(&(new->record), &entry->record, sizeof(Eventlog_record)); - memcpy(&(new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); - new->data = entry->data; - r_u->num_records++; - r_u->num_bytes_in_resp += entry->record.length; + r_u->num_bytes_in_resp += new->record.length; return True; } - + WERROR _eventlog_read_eventlog(pipes_struct *p, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u) { Eventlog_info *info = NULL; POLICY_HND *handle; - Eventlog_entry entry; - BOOL eof = False; + Eventlog_entry entry, *new; + BOOL eof = False, eor = False; const char *direction = ""; - int starting_record; + uint32 num_records_read = 0; prs_struct *ps; + int numlines, i; + char **buffer; if(!q_u || !r_u) return WERR_NOMEM; handle = &(q_u->handle); info = find_eventlog_info_by_hnd(p, handle); + info->flags = q_u->flags; ps = &p->out_data.rdata; - /* Rather than checking the EVENTLOG_SEQUENTIAL_READ/EVENTLOG_SEEK_READ flags, - we'll just go to the offset specified in the request, or the oldest entry - if no offset is specified */ - if(q_u->offset > 0) - starting_record = q_u->offset; - else - starting_record = info->oldest_entry; + /* if this is the first time we're reading on this handle */ + if(info->active_entry == 0) + { + /* Rather than checking the EVENTLOG_SEQUENTIAL_READ/EVENTLOG_SEEK_READ flags, + we'll just go to the offset specified in the request, or the oldest entry + if no offset is specified */ + if(q_u->offset > 0) + info->active_entry = q_u->offset; + else + info->active_entry = info->oldest_entry; + + } + if(q_u->flags & EVENTLOG_FORWARDS_READ) direction = "forward"; else if(q_u->flags & EVENTLOG_BACKWARDS_READ) direction = "backward"; - do + if(!(_eventlog_read_eventlog_hook(info, &entry, direction, info->active_entry, q_u->max_read_size, &eof, &buffer, &numlines))) { - ZERO_STRUCT(entry); - if(!(_eventlog_read_eventlog_hook(info, &entry, direction, starting_record, q_u->max_read_size, &eof))) - { - if(eof == False) - return WERR_NOMEM; - } if(eof == False) + return WERR_NOMEM; + } + if(numlines > 0) + { + ZERO_STRUCT(entry); + for(i = 0; i < numlines; i++) { - /* only if the read hook returned data */ - if(!(_eventlog_read_prepare_data_buffer(ps, q_u, r_u, &entry))) - return WERR_NOMEM; - DEBUG(10, ("_eventlog_read_eventlog: read [%d] bytes out of a max of [%d].\n", - r_u->num_bytes_in_resp, - q_u->max_read_size)); + num_records_read = r_u->num_records; + DEBUGADD(10, ("Line[%d] = [%s]\n", i, buffer[i])); + _eventlog_read_parse_line(buffer[i], &entry, &eor); + if(eor == True) + { + /* package new entry */ + if((new = _eventlog_read_package_entry(ps, q_u, r_u, &entry)) == NULL) + { + free(buffer); + return WERR_NOMEM; + } + /* Now see if there is enough room to add */ + if(r_u->num_bytes_in_resp + new->record.length > q_u->max_read_size) + { + r_u->bytes_in_next_record = new->record.length; + /* response would be too big to fit in client-size buffer */ + break; + } + _eventlog_add_record_to_resp(r_u, new); + ZERO_STRUCT(entry); + eor=False; + num_records_read = r_u->num_records - num_records_read; + DEBUG(10, ("_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", + num_records_read, + r_u->num_records, + r_u->num_bytes_in_resp, + q_u->max_read_size)); + /* update the active record */ + if(info->flags & EVENTLOG_FORWARDS_READ) + info->active_entry += num_records_read; + else if(info->flags & EVENTLOG_BACKWARDS_READ) + info->active_entry -= num_records_read; + } } - } while((r_u->num_bytes_in_resp <= q_u->max_read_size) && (eof != True)); + free(buffer); + } return WERR_OK; } -- cgit From 8387af752f81e26f1c141f6053bf6d106f0af5eb Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 24 Jun 2005 15:49:02 +0000 Subject: r7880: fix a typo and memleak on failures cases (patch from marcin) (This used to be commit 6ff0fa0b4385481f2212047d80ca17b55d996def) --- source3/rpc_server/srv_eventlog_nt.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index ea7512b58d..3c6e9a100f 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -169,12 +169,18 @@ WERROR _eventlog_open_eventlog(pipes_struct *p, DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the source log file.\n", info->source_log_file_name)); if(!create_policy_hnd(p, &(r_u->handle), free_eventlog_info, (void *)info)) + { + free_eventlog_info(info); return WERR_NOMEM; + } policy_handle_to_string(&r_u->handle, &info->handle_string); if(!(_eventlog_open_eventlog_hook(info))) + { + close_policy_hnd(p, &r_u->handle); return WERR_BADFILE; + } return WERR_OK; } -- cgit From 19ca97a70f6b7b41d251eaa76e4d3c980c6eedff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Jun 2005 20:25:18 +0000 Subject: r7882: Looks like a large patch - but what it actually does is make Samba safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a) --- source3/rpc_server/srv_eventlog_nt.c | 38 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 3c6e9a100f..a9b0c9bed8 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -713,10 +713,10 @@ static Eventlog_entry *_eventlog_read_package_entry(prs_struct *ps, Eventlog_entry *entry) { uint8 *offset; - Eventlog_entry *new = NULL; + Eventlog_entry *ee_new = NULL; - new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); - if(new == NULL) + ee_new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); + if(ee_new == NULL) return NULL; entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len @@ -767,14 +767,14 @@ static Eventlog_entry *_eventlog_read_package_entry(prs_struct *ps, memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); offset += entry->data_record.user_data_len; - memcpy(&(new->record), &entry->record, sizeof(Eventlog_record)); - memcpy(&(new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); - new->data = entry->data; + memcpy(&(ee_new->record), &entry->record, sizeof(Eventlog_record)); + memcpy(&(ee_new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); + ee_new->data = entry->data; - return new; + return ee_new; } -static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *new) +static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee_new) { Eventlog_entry *insert_point; @@ -782,8 +782,8 @@ static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog if (NULL == insert_point) { - r_u->entry = new; - new->next = NULL; + r_u->entry = ee_new; + ee_new->next = NULL; } else { @@ -791,11 +791,11 @@ static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog { insert_point=insert_point->next; } - new->next = NULL; - insert_point->next = new; + ee_new->next = NULL; + insert_point->next = ee_new; } r_u->num_records++; - r_u->num_bytes_in_resp += new->record.length; + r_u->num_bytes_in_resp += ee_new->record.length; return True; } @@ -806,7 +806,7 @@ WERROR _eventlog_read_eventlog(pipes_struct *p, { Eventlog_info *info = NULL; POLICY_HND *handle; - Eventlog_entry entry, *new; + Eventlog_entry entry, *ee_new; BOOL eof = False, eor = False; const char *direction = ""; uint32 num_records_read = 0; @@ -854,20 +854,20 @@ WERROR _eventlog_read_eventlog(pipes_struct *p, _eventlog_read_parse_line(buffer[i], &entry, &eor); if(eor == True) { - /* package new entry */ - if((new = _eventlog_read_package_entry(ps, q_u, r_u, &entry)) == NULL) + /* package ee_new entry */ + if((ee_new = _eventlog_read_package_entry(ps, q_u, r_u, &entry)) == NULL) { free(buffer); return WERR_NOMEM; } /* Now see if there is enough room to add */ - if(r_u->num_bytes_in_resp + new->record.length > q_u->max_read_size) + if(r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size) { - r_u->bytes_in_next_record = new->record.length; + r_u->bytes_in_next_record = ee_new->record.length; /* response would be too big to fit in client-size buffer */ break; } - _eventlog_add_record_to_resp(r_u, new); + _eventlog_add_record_to_resp(r_u, ee_new); ZERO_STRUCT(entry); eor=False; num_records_read = r_u->num_records - num_records_read; -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/rpc_server/srv_eventlog_nt.c | 1585 +++++++++++++++++----------------- 1 file changed, 776 insertions(+), 809 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index a9b0c9bed8..414c99d28e 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -1,7 +1,8 @@ /* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines - * Copyright (C) Marcin Krzysztof Porwit 2005. + * Copyright (C) Marcin Krzysztof Porwit 2005, + * Copyright (C) Gerald (Jerry) Carter 2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,56 +24,152 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -typedef struct eventlog_info +typedef struct { + char *logname; + char *servername; + uint32 num_records; + uint32 oldest_entry; + uint32 flags; +} EventlogInfo; + + +/******************************************************************** + Inform the external eventlog machinery of default values (on startup + probably) +********************************************************************/ + +void eventlog_refresh_external_parameters( NT_USER_TOKEN *token ) { - /* for use by the \PIPE\eventlog policy */ - fstring source_log_file_name; - fstring source_server_name; - fstring handle_string; - uint32 num_records; - uint32 oldest_entry; - uint32 active_entry; - uint32 flags; -} Eventlog_info; + const char **elogs = lp_eventlog_list(); + int i; + + if ( !elogs ) + return ; + + if ( !*lp_eventlog_control_cmd() ) + return; + + for ( i=0; elogs[i]; i++ ) { + + DEBUG(10,("eventlog_refresh_external_parameters: Refreshing =>[%s]\n", + elogs[i])); + + if ( !control_eventlog_hook( token, elogs[i] ) ) { + DEBUG(0,("eventlog_refresh_external_parameters: failed to refresh [%s]\n", + elogs[i])); + } + } + + return; +} + +/******************************************************************** +********************************************************************/ static void free_eventlog_info(void *ptr) { - struct eventlog_info *info = (struct eventlog_info *)ptr; - memset(info->source_log_file_name, '0', sizeof(*(info->source_log_file_name))); - memset(info->source_server_name, '0', sizeof(*(info->source_server_name))); - memset(info->handle_string, '0', sizeof(*(info->handle_string))); - memset(info, 0, sizeof(*(info))); - SAFE_FREE(info); + TALLOC_FREE( ptr ); } -static Eventlog_info *find_eventlog_info_by_hnd(pipes_struct *p, - POLICY_HND *handle) +/******************************************************************** +********************************************************************/ + +static EventlogInfo *find_eventlog_info_by_hnd(pipes_struct *p, POLICY_HND *handle) { - Eventlog_info *info = NULL; + EventlogInfo *info; - if(!(find_policy_by_hnd(p,handle,(void **)&info))) - { - DEBUG(2,("find_eventlog_info_by_hnd: eventlog not found.\n")); - } + if ( !find_policy_by_hnd(p,handle,(void **)&info) ) { + DEBUG(2,("find_eventlog_info_by_hnd: eventlog not found.\n")); + return NULL; + } - return info; + return info; } -void policy_handle_to_string(POLICY_HND *handle, fstring *dest) +/******************************************************************** + Callout to control the specified event log - passing out only + the MaxSize and Retention values, along with eventlog name + uses smbrun... + INPUT: + OUTPUT: nothing +********************************************************************/ + +BOOL control_eventlog_hook(NT_USER_TOKEN *token, const char *elogname ) { - memset(dest, 0, sizeof(*dest)); - snprintf((char *)dest, sizeof(*dest), "%08X-%08X-%04X-%04X-%02X%02X%02X%02X%02X", - handle->data1, - handle->data2, - handle->data3, - handle->data4, - handle->data5[0], - handle->data5[1], - handle->data5[2], - handle->data5[3], - handle->data5[4]); + char *cmd = lp_eventlog_control_cmd(); + pstring command; + int ret; + int fd = -1; + uint32 uiMaxSize, uiRetention; + pstring path; + REGISTRY_KEY *keyinfo; + REGISTRY_VALUE *val; + REGVAL_CTR *values; + WERROR wresult; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("control_eventlog_hook: No \"eventlog control command\" defined in smb.conf!\n")); + return False; + } + + /* set resonable defaults. 512Kb on size and 1 week on time */ + + uiMaxSize = 0x80000; + uiRetention = 604800; + + /* the general idea is to internally open the registry + key and retreive the values. That way we can continue + to use the same fetch/store api that we use in + srv_reg_nt.c */ + + pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); + wresult = regkey_open_internal( &keyinfo, path, token, REG_KEY_READ ); + + if ( !W_ERROR_IS_OK( wresult ) ) { + DEBUG(4,("control_eventlog_hook: Failed to open key [%s] (%s)\n", + path, dos_errstr(wresult) )); + return False; + } + + if ( !(values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR )) ) { + TALLOC_FREE( keyinfo ); + DEBUG(0,("control_eventlog_hook: talloc() failed!\n")); + + return False; + } + fetch_reg_values( keyinfo, values ); + + if ( (val = regval_ctr_getvalue( values, "Retention" )) != NULL ) + uiRetention = IVAL( regval_data_p(val), 0 ); + + if ( (val = regval_ctr_getvalue( values, "MaxSize" )) != NULL ) + uiMaxSize = IVAL( regval_data_p(val), 0 ); + + TALLOC_FREE( keyinfo ); + + /* now run the command */ + + pstr_sprintf(command, "%s \"%s\" %u %u", cmd, elogname, uiRetention, uiMaxSize ); + + DEBUG(10, ("control_eventlog_hook: Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if ( ret != 0 ) { + DEBUG(10,("control_eventlog_hook: Command returned [%d]\n", ret)); + if (fd != -1 ) + close(fd); + return False; + } + + close(fd); + return True; } + +/******************************************************************** +********************************************************************/ + /** * Callout to open the specified event log * @@ -81,109 +178,53 @@ void policy_handle_to_string(POLICY_HND *handle, fstring *dest) * OUTPUT: the string "SUCCESS" if the command succeeded * no such string if there was a failure. */ -static BOOL _eventlog_open_eventlog_hook(Eventlog_info *info) +static BOOL open_eventlog_hook( EventlogInfo *info ) { - char *cmd = lp_eventlog_open_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog open command\" entry in the config.\n")); - return False; - } - - memset(command, 0, sizeof(command)); - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - info->handle_string); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } + char *cmd = lp_eventlog_open_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog open command\" entry in the config.\n")); + return False; + } + + pstr_sprintf(command, "%s \"%s\"", cmd, info->logname ); - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); - if(numlines) - { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) - { - DEBUGADD(10, ("Able to open [%s].\n", info->source_log_file_name)); - file_lines_free(qlines); - return True; + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; } - } - file_lines_free(qlines); - return False; -} + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); -WERROR _eventlog_open_eventlog(pipes_struct *p, - EVENTLOG_Q_OPEN_EVENTLOG *q_u, - EVENTLOG_R_OPEN_EVENTLOG *r_u) -{ - Eventlog_info *info = NULL; - - if(!q_u || !r_u) - return WERR_NOMEM; - - if((info = SMB_MALLOC_P(Eventlog_info)) == NULL) - return WERR_NOMEM; - - ZERO_STRUCTP(info); - - if(q_u->servername_ptr != 0) - { - unistr2_to_ascii(info->source_server_name, &(q_u->servername), sizeof(info->source_server_name)); - } - else - { - /* if servername == NULL, use the local computer */ - fstrcpy(info->source_server_name, global_myname()); - } - DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the server name.\n", info->source_server_name)); - - if(q_u->sourcename_ptr != 0) - { - unistr2_to_ascii(info->source_log_file_name, &(q_u->sourcename), sizeof(info->source_log_file_name)); - } - else - { - /* if sourcename == NULL, default to "Application" log */ - fstrcpy(info->source_log_file_name, "Application"); - } - DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the source log file.\n", info->source_log_file_name)); - - if(!create_policy_hnd(p, &(r_u->handle), free_eventlog_info, (void *)info)) - { - free_eventlog_info(info); - return WERR_NOMEM; - } - - policy_handle_to_string(&r_u->handle, &info->handle_string); - - if(!(_eventlog_open_eventlog_hook(info))) - { - close_policy_hnd(p, &r_u->handle); - return WERR_BADFILE; - } - - return WERR_OK; + if(numlines) { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) { + DEBUGADD(10, ("Able to open [%s].\n", info->logname)); + file_lines_free(qlines); + return True; + } + } + + file_lines_free(qlines); + + return False; } + +/******************************************************************** +********************************************************************/ /** * Callout to get the number of records in the specified event log * @@ -192,74 +233,52 @@ WERROR _eventlog_open_eventlog(pipes_struct *p, * OUTPUT: A single line with a single integer containing the number of * entries in the log. If there are no entries in the log, return 0. */ -static BOOL _eventlog_get_num_records_hook(Eventlog_info *info) -{ - char *cmd = lp_eventlog_num_records_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog num records command\" entry in the config.\n")); - return False; - } - - memset(command, 0, sizeof(command)); - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - info->handle_string); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); +static BOOL get_num_records_hook(EventlogInfo *info) +{ + char *cmd = lp_eventlog_num_records_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog num records command\" entry in the config.\n")); + return False; + } - if(numlines) - { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - sscanf(qlines[0], "%d", &(info->num_records)); - file_lines_free(qlines); - return True; - } + pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); - file_lines_free(qlines); - return False; -} + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); -WERROR _eventlog_get_num_records(pipes_struct *p, - EVENTLOG_Q_GET_NUM_RECORDS *q_u, - EVENTLOG_R_GET_NUM_RECORDS *r_u) -{ - Eventlog_info *info = NULL; - POLICY_HND *handle = NULL; + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; + } - if(!q_u || !r_u) - return WERR_NOMEM; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); - handle = &(q_u->handle); - info = find_eventlog_info_by_hnd(p, handle); + if(numlines) { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + sscanf(qlines[0], "%d", &(info->num_records)); + file_lines_free(qlines); + return True; + } - if(!(_eventlog_get_num_records_hook(info))) - return WERR_BADFILE; + file_lines_free(qlines); + return False; +} - r_u->num_records = info->num_records; +/******************************************************************** +********************************************************************/ - return WERR_OK; -} /** * Callout to find the oldest record in the log * @@ -269,75 +288,51 @@ WERROR _eventlog_get_num_records(pipes_struct *p, * oldest entry. Must be 1 or greater. * If there are no entries in the log, returns a 0 */ -static BOOL _eventlog_get_oldest_entry_hook(Eventlog_info *info) -{ - char *cmd = lp_eventlog_oldest_record_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog oldest record command\" entry in the config.\n")); - return False; - } - - memset(command, 0, sizeof(command)); - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - info->handle_string); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); - - if(numlines) - { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - sscanf(qlines[0], "%d", &(info->oldest_entry)); - file_lines_free(qlines); - return True; - } - - file_lines_free(qlines); - return False; -} - -WERROR _eventlog_get_oldest_entry(pipes_struct *p, - EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, - EVENTLOG_R_GET_OLDEST_ENTRY *r_u) +static BOOL get_oldest_entry_hook(EventlogInfo *info) { - Eventlog_info *info = NULL; - POLICY_HND *handle = NULL; + char *cmd = lp_eventlog_oldest_record_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog oldest record command\" entry in the config.\n")); + return False; + } + + pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); - if(!q_u || !r_u) - return WERR_NOMEM; + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); - handle = &(q_u->handle); - info = find_eventlog_info_by_hnd(p, handle); + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; + } - if(!(_eventlog_get_oldest_entry_hook(info))) - return WERR_BADFILE; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); - r_u->oldest_entry = info->oldest_entry; + if(numlines) { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + sscanf(qlines[0], "%d", &(info->oldest_entry)); + file_lines_free(qlines); + return True; + } - return WERR_OK; + file_lines_free(qlines); + return False; } +/******************************************************************** +********************************************************************/ /** * Callout to close the specified event log * @@ -346,270 +341,206 @@ WERROR _eventlog_get_oldest_entry(pipes_struct *p, * OUTPUT: the string "SUCCESS" if the command succeeded * no such string if there was a failure. */ -static BOOL _eventlog_close_eventlog_hook(Eventlog_info *info) + +static BOOL close_eventlog_hook(EventlogInfo *info) { - char *cmd = lp_eventlog_close_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog close command\" entry in the config.\n")); - return False; - } - - memset(command, 0, sizeof(command)); - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - info->handle_string); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } + char *cmd = lp_eventlog_close_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog close command\" entry in the config.\n")); + return False; + } - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); + pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); - if(numlines) - { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) - { - DEBUGADD(10, ("Able to close [%s].\n", info->source_log_file_name)); - file_lines_free(qlines); - return True; - } - } + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); - file_lines_free(qlines); - return False; -} + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; + } -WERROR _eventlog_close_eventlog(pipes_struct *p, - EVENTLOG_Q_CLOSE_EVENTLOG *q_u, - EVENTLOG_R_CLOSE_EVENTLOG *r_u) -{ - Eventlog_info *info = NULL; - POLICY_HND *handle; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); - if(!q_u || !r_u) - return WERR_NOMEM; + if(numlines) { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", 7)) { + DEBUGADD(10, ("Able to close [%s].\n", info->logname)); + file_lines_free(qlines); + return True; + } + } - handle = &(q_u->handle); - - info = find_eventlog_info_by_hnd(p, handle); - if(!(_eventlog_close_eventlog_hook(info))) - return WERR_BADFILE; - - if(!(close_policy_hnd(p, handle))) - { - /* WERR_NOMEM is probably not the correct error, but until I figure out a better - one it will have to do */ - return WERR_NOMEM; - } - - return WERR_OK; + file_lines_free(qlines); + return False; } -static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry, BOOL *eor) +/******************************************************************** +********************************************************************/ + +static BOOL parse_logentry(char *line, Eventlog_entry *entry, BOOL *eor) { - char *start = NULL, *stop = NULL; - pstring temp; - int temp_len = 0, i; + char *start = NULL, *stop = NULL; + pstring temp; + int temp_len = 0, i; - start = line; + start = line; - /* empty line signyfiying record delimeter, or we're at the end of the buffer */ - if(start == NULL || strlen(start) == 0) - { - DEBUG(6, ("_eventlog_read_parse_line: found end-of-record indicator.\n")); - *eor = True; - return True; - } - if(!(stop = strchr(line, ':'))) - return False; + /* empty line signyfiying record delimeter, or we're at the end of the buffer */ + if(start == NULL || strlen(start) == 0) { + DEBUG(6, ("parse_logentry: found end-of-record indicator.\n")); + *eor = True; + return True; + } + if(!(stop = strchr(line, ':'))) { + return False; + } - DEBUG(6, ("_eventlog_read_parse_line: trying to parse [%s].\n", line)); - - if(0 == strncmp(start, "LEN", stop - start)) - { - /* This will get recomputed later anyway -- probably not necessary */ - entry->record.length = atoi(stop + 1); - } - else if(0 == strncmp(start, "RS1", stop - start)) - { - /* For now all these reserved entries seem to have the same value, - which can be hardcoded to int(1699505740) for now */ - entry->record.reserved1 = atoi(stop + 1); - } - else if(0 == strncmp(start, "RCN", stop - start)) - { - entry->record.record_number = atoi(stop + 1); - } - else if(0 == strncmp(start, "TMG", stop - start)) - { - entry->record.time_generated = atoi(stop + 1); - } - else if(0 == strncmp(start, "TMW", stop - start)) - { - entry->record.time_written = atoi(stop + 1); - } - else if(0 == strncmp(start, "EID", stop - start)) - { - entry->record.event_id = atoi(stop + 1); - } - else if(0 == strncmp(start, "ETP", stop - start)) - { - if(strstr(start, "ERROR")) - { - entry->record.event_type = EVENTLOG_ERROR_TYPE; - } - else if(strstr(start, "WARNING")) - { - entry->record.event_type = EVENTLOG_WARNING_TYPE; - } - else if(strstr(start, "INFO")) - { - entry->record.event_type = EVENTLOG_INFORMATION_TYPE; - } - else if(strstr(start, "AUDIT_SUCCESS")) - { - entry->record.event_type = EVENTLOG_AUDIT_SUCCESS; - } - else if(strstr(start, "AUDIT_FAILURE")) - { - entry->record.event_type = EVENTLOG_AUDIT_FAILURE; - } - else if(strstr(start, "SUCCESS")) - { - entry->record.event_type = EVENTLOG_SUCCESS; - } - else - { - /* some other eventlog type -- currently not defined in MSDN docs, so error out */ - return False; - } - } + DEBUG(6, ("parse_logentry: trying to parse [%s].\n", line)); + + if(0 == strncmp(start, "LEN", stop - start)) { + /* This will get recomputed later anyway -- probably not necessary */ + entry->record.length = atoi(stop + 1); + } else if(0 == strncmp(start, "RS1", stop - start)) { + /* For now all these reserved entries seem to have the same value, + which can be hardcoded to int(1699505740) for now */ + entry->record.reserved1 = atoi(stop + 1); + } else if(0 == strncmp(start, "RCN", stop - start)) { + entry->record.record_number = atoi(stop + 1); + } else if(0 == strncmp(start, "TMG", stop - start)) { + entry->record.time_generated = atoi(stop + 1); + } else if(0 == strncmp(start, "TMW", stop - start)) { + entry->record.time_written = atoi(stop + 1); + } else if(0 == strncmp(start, "EID", stop - start)) { + entry->record.event_id = atoi(stop + 1); + } else if(0 == strncmp(start, "ETP", stop - start)) { + if(strstr(start, "ERROR")) { + entry->record.event_type = EVENTLOG_ERROR_TYPE; + } else if(strstr(start, "WARNING")) { + entry->record.event_type = EVENTLOG_WARNING_TYPE; + } else if(strstr(start, "INFO")) { + entry->record.event_type = EVENTLOG_INFORMATION_TYPE; + } else if(strstr(start, "AUDIT_SUCCESS")) { + entry->record.event_type = EVENTLOG_AUDIT_SUCCESS; + } else if(strstr(start, "AUDIT_FAILURE")) { + entry->record.event_type = EVENTLOG_AUDIT_FAILURE; + } else if(strstr(start, "SUCCESS")) { + entry->record.event_type = EVENTLOG_SUCCESS; + } else { + /* some other eventlog type -- currently not defined in MSDN docs, so error out */ + return False; + } + } /* - else if(0 == strncmp(start, "NST", stop - start)) - { - entry->record.num_strings = atoi(stop + 1); - } + else if(0 == strncmp(start, "NST", stop - start)) + { + entry->record.num_strings = atoi(stop + 1); + } */ - else if(0 == strncmp(start, "ECT", stop - start)) - { - entry->record.event_category = atoi(stop + 1); - } - else if(0 == strncmp(start, "RS2", stop - start)) - { - entry->record.reserved2 = atoi(stop + 1); - } - else if(0 == strncmp(start, "CRN", stop - start)) - { - entry->record.closing_record_number = atoi(stop + 1); - } - else if(0 == strncmp(start, "USL", stop - start)) - { - entry->record.user_sid_length = atoi(stop + 1); - } - else if(0 == strncmp(start, "SRC", stop - start)) - { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) - stop++; - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.source_name), temp, - sizeof(entry->data_record.source_name), STR_TERMINATE); - entry->data_record.source_name_len = (strlen_w(entry->data_record.source_name)* 2) + 2; - } - else if(0 == strncmp(start, "SRN", stop - start)) - { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) - stop++; - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.computer_name), temp, - sizeof(entry->data_record.computer_name), STR_TERMINATE); - entry->data_record.computer_name_len = (strlen_w(entry->data_record.computer_name)* 2) + 2; - } - else if(0 == strncmp(start, "SID", stop - start)) - { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) - stop++; - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.sid), temp, - sizeof(entry->data_record.sid), STR_TERMINATE); - entry->record.user_sid_length = (strlen_w(entry->data_record.sid) * 2) + 2; - } - else if(0 == strncmp(start, "STR", stop - start)) - { - /* skip past initial ":" */ - stop++; - /* now skip any other leading whitespace */ - while(isspace(stop[0])) - stop++; - temp_len = strlen(stop); - memset(temp, 0, sizeof(temp)); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.strings + entry->data_record.strings_len), - temp, - sizeof(entry->data_record.strings) - entry->data_record.strings_len, - STR_TERMINATE); - entry->data_record.strings_len += temp_len + 1; - fprintf(stderr, "Dumping strings:\n"); - for(i = 0; i < entry->data_record.strings_len; i++) - { - fputc((char)entry->data_record.strings[i], stderr); - } - fprintf(stderr, "\nDone\n"); - entry->record.num_strings++; - } - else if(0 == strncmp(start, "DAT", stop - start)) - { - /* Now that we're done processing the STR data, adjust the length to account for - unicode, then proceed with the DAT data. */ - entry->data_record.strings_len *= 2; - /* skip past initial ":" */ - stop++; - /* now skip any other leading whitespace */ - while(isspace(stop[0])) - stop++; - memset(temp, 0, sizeof(temp)); - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.user_data), temp, - sizeof(entry->data_record.user_data), STR_TERMINATE); - entry->data_record.user_data_len = (strlen_w((const smb_ucs2_t *)entry->data_record.user_data) * 2) + 2; - } - else - { - /* some other eventlog entry -- not implemented, so dropping on the floor */ - DEBUG(10, ("Unknown entry [%s]. Ignoring.\n", line)); - /* For now return true so that we can keep on parsing this mess. Eventually - we will return False here. */ + else if(0 == strncmp(start, "ECT", stop - start)) { + entry->record.event_category = atoi(stop + 1); + } else if(0 == strncmp(start, "RS2", stop - start)) { + entry->record.reserved2 = atoi(stop + 1); + } else if(0 == strncmp(start, "CRN", stop - start)) { + entry->record.closing_record_number = atoi(stop + 1); + } else if(0 == strncmp(start, "USL", stop - start)) { + entry->record.user_sid_length = atoi(stop + 1); + } else if(0 == strncmp(start, "SRC", stop - start)) { + memset(temp, 0, sizeof(temp)); + stop++; + while(isspace(stop[0])) { + stop++; + } + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.source_name), temp, + sizeof(entry->data_record.source_name), STR_TERMINATE); + entry->data_record.source_name_len = (strlen_w(entry->data_record.source_name)* 2) + 2; + } else if(0 == strncmp(start, "SRN", stop - start)) { + memset(temp, 0, sizeof(temp)); + stop++; + while(isspace(stop[0])) { + stop++; + } + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.computer_name), temp, + sizeof(entry->data_record.computer_name), STR_TERMINATE); + entry->data_record.computer_name_len = (strlen_w(entry->data_record.computer_name)* 2) + 2; + } else if(0 == strncmp(start, "SID", stop - start)) { + memset(temp, 0, sizeof(temp)); + stop++; + while(isspace(stop[0])) { + stop++; + } + temp_len = strlen(stop); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.sid), temp, + sizeof(entry->data_record.sid), STR_TERMINATE); + entry->record.user_sid_length = (strlen_w(entry->data_record.sid) * 2) + 2; + } else if(0 == strncmp(start, "STR", stop - start)) { + /* skip past initial ":" */ + stop++; + /* now skip any other leading whitespace */ + while(isspace(stop[0])) { + stop++; + } + temp_len = strlen(stop); + memset(temp, 0, sizeof(temp)); + strncpy(temp, stop, temp_len); + rpcstr_push((void *)(entry->data_record.strings + entry->data_record.strings_len), + temp, + sizeof(entry->data_record.strings) - entry->data_record.strings_len, + STR_TERMINATE); + entry->data_record.strings_len += temp_len + 1; + fprintf(stderr, "Dumping strings:\n"); + for(i = 0; i < entry->data_record.strings_len; i++) { + fputc((char)entry->data_record.strings[i], stderr); + } + fprintf(stderr, "\nDone\n"); + entry->record.num_strings++; + } else if(0 == strncmp(start, "DAT", stop - start)) { + /* Now that we're done processing the STR data, adjust the length to account for + unicode, then proceed with the DAT data. */ + entry->data_record.strings_len *= 2; + /* skip past initial ":" */ + stop++; + /* now skip any other leading whitespace */ + while(isspace(stop[0])) { + stop++; + } + entry->data_record.user_data_len = strlen(stop); + memset(entry->data_record.user_data, 0, sizeof(entry->data_record.user_data)); + if(entry->data_record.user_data_len > 0) { + /* copy no more than the first 1024 bytes */ + if(entry->data_record.user_data_len > sizeof(entry->data_record.user_data)) + entry->data_record.user_data_len = sizeof(entry->data_record.user_data); + memcpy(entry->data_record.user_data, stop, entry->data_record.user_data_len); + } + } else { + /* some other eventlog entry -- not implemented, so dropping on the floor */ + DEBUG(10, ("Unknown entry [%s]. Ignoring.\n", line)); + /* For now return true so that we can keep on parsing this mess. Eventually + we will return False here. */ + return True; + } return True; - } - return True; } + +/******************************************************************** +********************************************************************/ + /** * Callout to read entries from the specified event log * @@ -640,254 +571,162 @@ static BOOL _eventlog_read_parse_line(char *line, Eventlog_entry *entry, BOOL *e * DAT:[(uint8)] - The user-defined data portion of the event log. Can not be multiple lines. * - end-of-record indicator */ -static BOOL _eventlog_read_eventlog_hook(Eventlog_info *info, - Eventlog_entry *entry, - const char *direction, - int starting_record, - int buffer_size, - BOOL *eof, - char ***buffer, - int *numlines) + +static BOOL read_eventlog_hook(EventlogInfo *info, Eventlog_entry *entry, + const char *direction, int starting_record, + int buffer_size, BOOL *eof, + char ***buffer, int *numlines) { - char *cmd = lp_eventlog_read_cmd(); - pstring command; - int ret; - int fd = -1; + char *cmd = lp_eventlog_read_cmd(); + pstring command; + int ret; + int fd = -1; - if(info == NULL) - return False; + if ( !info ) + return False; - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog read command\" entry in the config.\n")); - return False; - } - - slprintf(command, sizeof(command)-1, "%s \"%s\" %s %d %d \"%s\"", - cmd, - info->source_log_file_name, - direction, - starting_record, - buffer_size, - info->handle_string); - - *numlines = 0; - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog read command\" entry in the config.\n")); + return False; + } - *buffer = fd_lines_load(fd, numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", *numlines)); - close(fd); + pstr_sprintf( command, "%s \"%s\" %s %d %d", + cmd, info->logname, direction, starting_record, buffer_size ); + + *numlines = 0; + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); + + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; + } + + *buffer = fd_lines_load(fd, numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", *numlines)); + close(fd); - if(*numlines) - { - /* - for(i = 0; i < numlines; i++) - { - DEBUGADD(10, ("Line[%d] = %s\n", i, qlines[i])); - _eventlog_read_parse_line(qlines[i], entry); + if(*numlines) { + /* + for(i = 0; i < numlines; i++) + { + DEBUGADD(10, ("Line[%d] = %s\n", i, qlines[i])); + parse_logentry(qlines[i], entry); + } + file_lines_free(qlines); + */ + *eof = False; + return True; } - file_lines_free(qlines); - */ - *eof = False; - return True; - } - *eof = True; + *eof = True; /* file_lines_free(qlines);*/ - return False; + return False; } - -static Eventlog_entry *_eventlog_read_package_entry(prs_struct *ps, + +/******************************************************************** +********************************************************************/ + +static Eventlog_entry *read_package_entry(prs_struct *ps, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *entry) { - uint8 *offset; - Eventlog_entry *ee_new = NULL; - - ee_new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); - if(ee_new == NULL) - return NULL; - - entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len - + entry->data_record.computer_name_len) % 4)) %4); - entry->data_record.data_padding = (4 - ((entry->data_record.strings_len - + entry->data_record.user_data_len) % 4)) % 4; - entry->record.length = sizeof(Eventlog_record); - entry->record.length += entry->data_record.source_name_len; - entry->record.length += entry->data_record.computer_name_len; - if(entry->record.user_sid_length == 0) - { - /* Should not pad to a DWORD boundary for writing out the sid if there is - no SID, so just propagate the padding to pad the data */ - entry->data_record.data_padding += entry->data_record.sid_padding; - entry->data_record.sid_padding = 0; - } - DEBUG(10, ("sid_padding is [%d].\n", entry->data_record.sid_padding)); - DEBUG(10, ("data_padding is [%d].\n", entry->data_record.data_padding)); - - entry->record.length += entry->data_record.sid_padding; - entry->record.length += entry->record.user_sid_length; - entry->record.length += entry->data_record.strings_len; - entry->record.length += entry->data_record.user_data_len; - entry->record.length += entry->data_record.data_padding; - /* need another copy of length at the end of the data */ - entry->record.length += sizeof(entry->record.length); - DEBUG(10, ("entry->record.length is [%d].\n", entry->record.length)); - entry->data = PRS_ALLOC_MEM(ps, uint8, entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)); - if(entry->data == NULL) - return NULL; - offset = entry->data; - memcpy(offset, &(entry->data_record.source_name), entry->data_record.source_name_len); - offset += entry->data_record.source_name_len; - memcpy(offset, &(entry->data_record.computer_name), entry->data_record.computer_name_len); - offset += entry->data_record.computer_name_len; - /* SID needs to be DWORD-aligned */ - offset += entry->data_record.sid_padding; - entry->record.user_sid_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.sid), entry->record.user_sid_length); - offset += entry->record.user_sid_length; - /* Now do the strings */ - entry->record.string_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.strings), entry->data_record.strings_len); - offset += entry->data_record.strings_len; - /* Now do the data */ - entry->record.data_length = entry->data_record.user_data_len; - entry->record.data_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); - offset += entry->data_record.user_data_len; - - memcpy(&(ee_new->record), &entry->record, sizeof(Eventlog_record)); - memcpy(&(ee_new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); - ee_new->data = entry->data; - - return ee_new; -} + uint8 *offset; + Eventlog_entry *ee_new = NULL; -static BOOL _eventlog_add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee_new) -{ - Eventlog_entry *insert_point; - - insert_point=r_u->entry; - - if (NULL == insert_point) - { - r_u->entry = ee_new; - ee_new->next = NULL; - } - else - { - while ((NULL != insert_point->next)) - { - insert_point=insert_point->next; - } - ee_new->next = NULL; - insert_point->next = ee_new; - } - r_u->num_records++; - r_u->num_bytes_in_resp += ee_new->record.length; - - return True; + ee_new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); + if(ee_new == NULL) { + return NULL; + } + + entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len + + entry->data_record.computer_name_len) % 4)) %4); + entry->data_record.data_padding = (4 - ((entry->data_record.strings_len + + entry->data_record.user_data_len) % 4)) % 4; + entry->record.length = sizeof(Eventlog_record); + entry->record.length += entry->data_record.source_name_len; + entry->record.length += entry->data_record.computer_name_len; + if(entry->record.user_sid_length == 0) { + /* Should not pad to a DWORD boundary for writing out the sid if there is + no SID, so just propagate the padding to pad the data */ + entry->data_record.data_padding += entry->data_record.sid_padding; + entry->data_record.sid_padding = 0; + } + DEBUG(10, ("sid_padding is [%d].\n", entry->data_record.sid_padding)); + DEBUG(10, ("data_padding is [%d].\n", entry->data_record.data_padding)); + + entry->record.length += entry->data_record.sid_padding; + entry->record.length += entry->record.user_sid_length; + entry->record.length += entry->data_record.strings_len; + entry->record.length += entry->data_record.user_data_len; + entry->record.length += entry->data_record.data_padding; + /* need another copy of length at the end of the data */ + entry->record.length += sizeof(entry->record.length); + DEBUG(10, ("entry->record.length is [%d].\n", entry->record.length)); + entry->data = PRS_ALLOC_MEM(ps, uint8, entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)); + if(entry->data == NULL) { + return NULL; + } + offset = entry->data; + memcpy(offset, &(entry->data_record.source_name), entry->data_record.source_name_len); + offset += entry->data_record.source_name_len; + memcpy(offset, &(entry->data_record.computer_name), entry->data_record.computer_name_len); + offset += entry->data_record.computer_name_len; + /* SID needs to be DWORD-aligned */ + offset += entry->data_record.sid_padding; + entry->record.user_sid_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.sid), entry->record.user_sid_length); + offset += entry->record.user_sid_length; + /* Now do the strings */ + entry->record.string_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.strings), entry->data_record.strings_len); + offset += entry->data_record.strings_len; + /* Now do the data */ + entry->record.data_length = entry->data_record.user_data_len; + entry->record.data_offset = sizeof(Eventlog_record) + (offset - entry->data); + memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); + offset += entry->data_record.user_data_len; + + memcpy(&(ee_new->record), &entry->record, sizeof(Eventlog_record)); + memcpy(&(ee_new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); + ee_new->data = entry->data; + + return ee_new; } - -WERROR _eventlog_read_eventlog(pipes_struct *p, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u) + +/******************************************************************** +********************************************************************/ + +static BOOL add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee_new) { - Eventlog_info *info = NULL; - POLICY_HND *handle; - Eventlog_entry entry, *ee_new; - BOOL eof = False, eor = False; - const char *direction = ""; - uint32 num_records_read = 0; - prs_struct *ps; - int numlines, i; - char **buffer; - - if(!q_u || !r_u) - return WERR_NOMEM; - - handle = &(q_u->handle); - info = find_eventlog_info_by_hnd(p, handle); - info->flags = q_u->flags; - ps = &p->out_data.rdata; - /* if this is the first time we're reading on this handle */ - if(info->active_entry == 0) - { - /* Rather than checking the EVENTLOG_SEQUENTIAL_READ/EVENTLOG_SEEK_READ flags, - we'll just go to the offset specified in the request, or the oldest entry - if no offset is specified */ - if(q_u->offset > 0) - info->active_entry = q_u->offset; - else - info->active_entry = info->oldest_entry; - - } - - if(q_u->flags & EVENTLOG_FORWARDS_READ) - direction = "forward"; - else if(q_u->flags & EVENTLOG_BACKWARDS_READ) - direction = "backward"; - - if(!(_eventlog_read_eventlog_hook(info, &entry, direction, info->active_entry, q_u->max_read_size, &eof, &buffer, &numlines))) - { - if(eof == False) - return WERR_NOMEM; - } - if(numlines > 0) - { - ZERO_STRUCT(entry); - for(i = 0; i < numlines; i++) - { - num_records_read = r_u->num_records; - DEBUGADD(10, ("Line[%d] = [%s]\n", i, buffer[i])); - _eventlog_read_parse_line(buffer[i], &entry, &eor); - if(eor == True) - { - /* package ee_new entry */ - if((ee_new = _eventlog_read_package_entry(ps, q_u, r_u, &entry)) == NULL) - { - free(buffer); - return WERR_NOMEM; - } - /* Now see if there is enough room to add */ - if(r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size) - { - r_u->bytes_in_next_record = ee_new->record.length; - /* response would be too big to fit in client-size buffer */ - break; + Eventlog_entry *insert_point; + + insert_point=r_u->entry; + + if (NULL == insert_point) { + r_u->entry = ee_new; + ee_new->next = NULL; + } else { + while ((NULL != insert_point->next)) { + insert_point=insert_point->next; } - _eventlog_add_record_to_resp(r_u, ee_new); - ZERO_STRUCT(entry); - eor=False; - num_records_read = r_u->num_records - num_records_read; - DEBUG(10, ("_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", - num_records_read, - r_u->num_records, - r_u->num_bytes_in_resp, - q_u->max_read_size)); - /* update the active record */ - if(info->flags & EVENTLOG_FORWARDS_READ) - info->active_entry += num_records_read; - else if(info->flags & EVENTLOG_BACKWARDS_READ) - info->active_entry -= num_records_read; - } - } - free(buffer); - } - - return WERR_OK; + ee_new->next = NULL; + insert_point->next = ee_new; + } + r_u->num_records++; + r_u->num_bytes_in_resp += ee_new->record.length; + + return True; } + +/******************************************************************** +********************************************************************/ + /** * Callout to clear (and optionally backup) a specified event log * @@ -902,96 +741,224 @@ WERROR _eventlog_read_eventlog(pipes_struct *p, * The given log is copied to that location on the server. See comments for * eventlog_io_q_clear_eventlog for info about odd file name behavior */ -static BOOL _eventlog_clear_eventlog_hook(Eventlog_info *info, - pstring backup_file_name) + +static BOOL clear_eventlog_hook(EventlogInfo *info, pstring backup_file_name) { - char *cmd = lp_eventlog_clear_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if(cmd == NULL || strlen(cmd) == 0) - { - DEBUG(0, ("Must define an \"eventlog clear command\" entry in the config.\n")); - return False; - } - - memset(command, 0, sizeof(command)); - if(strlen(backup_file_name) > 0) - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - backup_file_name, - info->handle_string); - else - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - cmd, - info->source_log_file_name, - info->handle_string); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) - { - if(fd != -1) - close(fd); - return False; - } + char *cmd = lp_eventlog_clear_cmd(); + char **qlines; + pstring command; + int numlines = 0; + int ret; + int fd = -1; + + if ( !cmd || !*cmd ) { + DEBUG(0, ("Must define an \"eventlog clear command\" entry in the config.\n")); + return False; + } + + if ( strlen(backup_file_name) ) + pstr_sprintf( command, "%s \"%s\" \"%s\"", cmd, info->logname, backup_file_name ); + else + pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); + + DEBUG(10, ("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10, ("returned [%d]\n", ret)); - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); + if(ret != 0) { + if(fd != -1) { + close(fd); + } + return False; + } - if(numlines) - { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) - { - DEBUGADD(10, ("Able to clear [%s].\n", info->source_log_file_name)); - file_lines_free(qlines); - return True; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) { + DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); + if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) { + DEBUGADD(10, ("Able to clear [%s].\n", info->logname)); + file_lines_free(qlines); + return True; + } } - } - file_lines_free(qlines); - return False; + file_lines_free(qlines); + return False; +} + +/******************************************************************* +*******************************************************************/ + +WERROR _eventlog_open_eventlog(pipes_struct *p, EVENTLOG_Q_OPEN_EVENTLOG *q_u, EVENTLOG_R_OPEN_EVENTLOG *r_u) +{ + EventlogInfo *info = NULL; + fstring str; + + if ( !(info = TALLOC_ZERO_P(NULL, EventlogInfo)) ) + return WERR_NOMEM; + + fstrcpy( str, global_myname() ); + if ( q_u->servername.string ) { + rpcstr_pull( str, q_u->servername.string->buffer, + sizeof(str), q_u->servername.string->uni_str_len*2, 0 ); + } + info->servername = talloc_strdup( info, str ); + + fstrcpy( str, "Application" ); + if ( q_u->logname.string ) { + rpcstr_pull( str, q_u->logname.string->buffer, + sizeof(str), q_u->logname.string->uni_str_len*2, 0 ); + } + info->logname = talloc_strdup( info, str ); + + DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the server name.\n", info->servername)); + DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the source log file.\n", info->logname)); + + if ( !create_policy_hnd(p, &r_u->handle, free_eventlog_info, (void *)info) ) { + free_eventlog_info(info); + return WERR_NOMEM; + } + + if ( !(open_eventlog_hook(info)) ) { + close_policy_hnd(p, &r_u->handle); + return WERR_BADFILE; + } + + return WERR_OK; } -WERROR _eventlog_clear_eventlog(pipes_struct *p, - EVENTLOG_Q_CLEAR_EVENTLOG *q_u, - EVENTLOG_R_CLEAR_EVENTLOG *r_u) +/******************************************************************** +********************************************************************/ + +WERROR _eventlog_clear_eventlog(pipes_struct *p, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, EVENTLOG_R_CLEAR_EVENTLOG *r_u) { - Eventlog_info *info = NULL; - pstring backup_file_name; - POLICY_HND *handle = NULL; + EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + pstring backup_file_name; - if(!q_u || !r_u) - return WERR_NOMEM; + pstrcpy( backup_file_name, "" ); - handle = &(q_u->handle); - info = find_eventlog_info_by_hnd(p, handle); - memset(backup_file_name, 0, sizeof(backup_file_name)); + if ( q_u->backupfile.string ) + unistr2_to_ascii(backup_file_name, q_u->backupfile.string, sizeof(backup_file_name)); - if(q_u->backup_file_ptr != 0) - { - unistr2_to_ascii(backup_file_name, &(q_u->backup_file), sizeof(backup_file_name)); DEBUG(10, ("_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", - backup_file_name, - info->source_log_file_name)); - } - else - { - /* if backup_file == NULL, do not back up the log before clearing it */ - DEBUG(10, ("_eventlog_clear_eventlog: clearing [%s] log without making a backup.", - info->source_log_file_name)); - } - - if(!(_eventlog_clear_eventlog_hook(info, backup_file_name))) - return WERR_BADFILE; - - return WERR_OK; + backup_file_name, info->logname)); + + if ( !(clear_eventlog_hook(info, backup_file_name)) ) + return WERR_BADFILE; + + return WERR_OK; +} + +/******************************************************************** +********************************************************************/ + +WERROR _eventlog_close_eventlog(pipes_struct *p, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, EVENTLOG_R_CLOSE_EVENTLOG *r_u) +{ + EventlogInfo *info = find_eventlog_info_by_hnd(p,&q_u->handle); + + if ( !(close_eventlog_hook(info)) ) + return WERR_BADFILE; + + if ( !(close_policy_hnd(p, &q_u->handle)) ) { + return WERR_BADFID; + } + + return WERR_OK; } + +/******************************************************************** +********************************************************************/ + +WERROR _eventlog_read_eventlog(pipes_struct *p, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u) +{ + EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + Eventlog_entry entry, *ee_new; + BOOL eof = False, eor = False; + const char *direction = ""; + uint32 num_records_read = 0; + prs_struct *ps; + int numlines, i; + char **buffer; + + info->flags = q_u->flags; + ps = &p->out_data.rdata; + + if ( info->flags & EVENTLOG_FORWARDS_READ ) + direction = "forward"; + else if ( info->flags & EVENTLOG_BACKWARDS_READ ) + direction = "backward"; + + if ( !(read_eventlog_hook(info, &entry, direction, q_u->offset, q_u->max_read_size, &eof, &buffer, &numlines)) ) { + if(eof == False) { + return WERR_NOMEM; + } + } + + if(numlines > 0) { + ZERO_STRUCT(entry); + for(i = 0; i < numlines; i++) { + num_records_read = r_u->num_records; + DEBUGADD(10, ("Line[%d] = [%s]\n", i, buffer[i])); + parse_logentry(buffer[i], &entry, &eor); + if(eor == True) { + /* package ee_new entry */ + if((ee_new = read_package_entry(ps, q_u, r_u, &entry)) == NULL) { + SAFE_FREE(buffer); + return WERR_NOMEM; + } + /* Now see if there is enough room to add */ + if(r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size) { + r_u->bytes_in_next_record = ee_new->record.length; + /* response would be too big to fit in client-size buffer */ + break; + } + add_record_to_resp(r_u, ee_new); + ZERO_STRUCT(entry); + eor=False; + num_records_read = r_u->num_records - num_records_read; + DEBUG(10, ("_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", + num_records_read, + r_u->num_records, + r_u->num_bytes_in_resp, + q_u->max_read_size)); + } + } + SAFE_FREE(buffer); + } + + return WERR_OK; +} + +/******************************************************************** +********************************************************************/ + +WERROR _eventlog_get_oldest_entry(pipes_struct *p, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, EVENTLOG_R_GET_OLDEST_ENTRY *r_u) +{ + EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + + if ( !(get_oldest_entry_hook(info)) ) + return WERR_BADFILE; + + r_u->oldest_entry = info->oldest_entry; + + return WERR_OK; +} + +/******************************************************************** +********************************************************************/ + +WERROR _eventlog_get_num_records(pipes_struct *p, EVENTLOG_Q_GET_NUM_RECORDS *q_u, EVENTLOG_R_GET_NUM_RECORDS *r_u) +{ + EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + + if ( !(get_num_records_hook(info)) ) + return WERR_BADFILE; + + r_u->num_records = info->num_records; + + return WERR_OK; +} + -- cgit From 0bf72b6e330a76bee502cb36c1cb80c46d47d33c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 6 Oct 2005 17:48:03 +0000 Subject: r10781: merging eventlog and svcctl code from trunk (This used to be commit f10aa9fb84bfac4f1a22b74d63999668700ffaac) --- source3/rpc_server/srv_eventlog_nt.c | 1225 ++++++++++++++++------------------ 1 file changed, 586 insertions(+), 639 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 414c99d28e..6067c94fe8 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -2,6 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Marcin Krzysztof Porwit 2005, + * Copyright (C) Brian Moran 2005, * Copyright (C) Gerald (Jerry) Carter 2005. * * This program is free software; you can redistribute it and/or modify @@ -18,12 +19,23 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - + #include "includes.h" -#undef DBGC_CLASS +#undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV + +typedef struct { + pstring logname; /* rather than alloc on the fly what we need... (memory is cheap now) */ + pstring tdbfname; + TDB_CONTEXT *log_tdb; /* the pointer to the TDB_CONTEXT */ +} EventlogTDBInfo; + +static int nlogs; +static EventlogTDBInfo *ttdb = NULL; +static TALLOC_CTX *mem_ctx = NULL; + typedef struct { char *logname; char *servername; @@ -32,54 +44,295 @@ typedef struct { uint32 flags; } EventlogInfo; - + + +#if 0 /* UNUSED */ /******************************************************************** - Inform the external eventlog machinery of default values (on startup - probably) -********************************************************************/ + ********************************************************************/ + +void test_eventlog_tdb( TDB_CONTEXT * the_tdb ) +{ + Eventlog_entry ee; + + int i = 0; + + memset( &ee, 0, sizeof( Eventlog_entry ) ); + + if ( !the_tdb ) + return; + + for ( i = 0; i < 100; i++ ) { + ee.record.length = sizeof( ee.record ); + memset( &ee.data_record, 0, sizeof( ee.data_record ) ); + ee.record.reserved1 = 0xBEEFDEAD; + ee.record.record_number = 1000 - i; /* should get substituted */ + ee.record.time_generated = 0; + ee.record.time_written = 0; + ee.record.event_id = 500; + ee.record.event_type = 300; + ee.record.num_strings = 0; + ee.record.event_category = 0; + ee.record.reserved2 = ( i << 8 ) | i; + ee.record.closing_record_number = -1; + ee.record.string_offset = 0; + ee.record.user_sid_length = 0; + ee.record.user_sid_offset = 0; + ee.record.data_length = 0; + ee.record.data_offset = 0; + + rpcstr_push( ( void * ) ( ee.data_record.source_name ), + "SystemLog", + sizeof( ee.data_record.source_name ), + STR_TERMINATE ); + ee.data_record.source_name_len = + ( strlen_w( ee.data_record.source_name ) * 2 ) + 2; + + rpcstr_push( ( void * ) ( ee.data_record.computer_name ), + "DMLINUX", + sizeof( ee.data_record.computer_name ), + STR_TERMINATE ); + + ee.data_record.computer_name_len = + ( strlen_w( ee.data_record.computer_name ) * 2 ) + 2; + + write_eventlog_tdb( the_tdb, &ee ); + } +} +#endif /* UNUSED */ + +/******************************************************************** + ********************************************************************/ -void eventlog_refresh_external_parameters( NT_USER_TOKEN *token ) +static void refresh_eventlog_tdb_table( void ) { - const char **elogs = lp_eventlog_list(); - int i; + const char **elogs = lp_eventlog_list( ); + int i, j; if ( !elogs ) - return ; + return; - if ( !*lp_eventlog_control_cmd() ) + if ( !mem_ctx ) { + mem_ctx = talloc_init( "refresh_eventlog_tdb_table" ); + } + + if ( !mem_ctx ) { + DEBUG( 1, ( "Can't allocate memory\n" ) ); return; + } + + /* count them */ + for ( i = 0; elogs[i]; i++ ) { + } + /* number of logs in i */ + DEBUG( 10, ( "Number of eventlogs %d\n", i ) ); + /* check to see if we need to adjust our tables */ + + if ( ( ttdb != NULL ) ) { + if ( i != nlogs ) { + /* refresh the table, by closing and reconstructing */ + DEBUG( 10, ( "Closing existing table \n" ) ); + for ( j = 0; j < nlogs; j++ ) { + tdb_close( ttdb[j].log_tdb ); + } + TALLOC_FREE( ttdb ); + ttdb = NULL; + } else { /* i == nlogs */ + + for ( j = 0; j < nlogs; j++ ) { + if ( StrCaseCmp( ttdb[j].logname, elogs[i] ) ) { + /* something changed, have to discard */ + DEBUG( 10, + ( "Closing existing table \n" ) ); + for ( j = 0; j < nlogs; j++ ) { + tdb_close( ttdb[j].log_tdb ); + } + TALLOC_FREE( ttdb ); + ttdb = NULL; + break; + } + } + } + } - for ( i=0; elogs[i]; i++ ) { - - DEBUG(10,("eventlog_refresh_external_parameters: Refreshing =>[%s]\n", - elogs[i])); - - if ( !control_eventlog_hook( token, elogs[i] ) ) { - DEBUG(0,("eventlog_refresh_external_parameters: failed to refresh [%s]\n", - elogs[i])); + /* note that this might happen because of above */ + if ( ( i > 0 ) && ( ttdb == NULL ) ) { + /* alloc the room */ + DEBUG( 10, ( "Creating the table\n" ) ); + ttdb = TALLOC( mem_ctx, sizeof( EventlogTDBInfo ) * i ); + if ( !ttdb ) { + DEBUG( 10, + ( "Can't allocate table for tdb handles \n" ) ); + return; } - } - - return; + for ( j = 0; j < i; j++ ) { + pstrcpy( ttdb[j].tdbfname, + lock_path( mk_tdbfilename + ( ttdb[j].tdbfname, + ( char * ) elogs[j], + sizeof( pstring ) ) ) ); + pstrcpy( ttdb[j].logname, elogs[j] ); + DEBUG( 10, ( "Opening tdb for %s\n", elogs[j] ) ); + ttdb[j].log_tdb = + open_eventlog_tdb( ttdb[j].tdbfname ); + } + } + nlogs = i; } /******************************************************************** -********************************************************************/ + ********************************************************************/ -static void free_eventlog_info(void *ptr) +TDB_CONTEXT *tdb_of( char *eventlog_name ) +{ + int i; + + if ( !eventlog_name ) + return NULL; + + if ( !ttdb ) { + DEBUG( 10, ( "Refreshing list of eventlogs\n" ) ); + refresh_eventlog_tdb_table( ); + + if ( !ttdb ) { + DEBUG( 10, + ( "eventlog tdb table is NULL after a refresh!\n" ) ); + return NULL; + } + } + + DEBUG( 10, ( "Number of eventlogs %d\n", nlogs ) ); + + for ( i = 0; i < nlogs; i++ ) { + if ( strequal( eventlog_name, ttdb[i].logname ) ) + return ttdb[i].log_tdb; + } + + return NULL; +} + + +/******************************************************************** + For the given tdb, get the next eventlog record into the passed + Eventlog_entry. returns NULL if it can't get the record for some reason. + ********************************************************************/ + +Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, + int recno, Eventlog_entry * ee ) +{ + TDB_DATA ret, key; + + int srecno; + int reclen; + int len; + uint8 *rbuff; + + pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata; + + key.dsize = sizeof( int32 ); + rbuff = NULL; + + srecno = recno; + key.dptr = ( char * ) &srecno; + + ret = tdb_fetch( tdb, key ); + + if ( ret.dsize == 0 ) { + DEBUG( 8, + ( "Can't find a record for the key, record %d\n", + recno ) ); + return NULL; + } + + len = tdb_unpack( ret.dptr, ret.dsize, "d", &reclen ); + + DEBUG( 10, ( "Unpacking record %d, size is %d\n", srecno, len ) ); + + if ( !len ) + return NULL; + + /* ee = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); */ + + if ( !ee ) + return NULL; + + len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd", + &ee->record.length, &ee->record.reserved1, + &ee->record.record_number, + &ee->record.time_generated, + &ee->record.time_written, &ee->record.event_id, + &ee->record.event_type, &ee->record.num_strings, + &ee->record.event_category, &ee->record.reserved2, + &ee->record.closing_record_number, + &ee->record.string_offset, + &ee->record.user_sid_length, + &ee->record.user_sid_offset, + &ee->record.data_length, &ee->record.data_offset, + &ee->data_record.source_name_len, &wpsource, + &ee->data_record.computer_name_len, &wpcomputer, + &ee->data_record.sid_padding, + &ee->record.user_sid_length, &wpsid, + &ee->data_record.strings_len, &wpstrs, + &ee->data_record.user_data_len, &puserdata, + &ee->data_record.data_padding ); + DEBUG( 10, + ( "Read record %d, len in tdb was %d\n", + ee->record.record_number, len ) ); + + /* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff + into it's 2nd argment for 'B' */ + + if ( wpcomputer ) + memcpy( ee->data_record.computer_name, wpcomputer, + ee->data_record.computer_name_len ); + if ( wpsource ) + memcpy( ee->data_record.source_name, wpsource, + ee->data_record.source_name_len ); + + if ( wpsid ) + memcpy( ee->data_record.sid, wpsid, + ee->record.user_sid_length ); + if ( wpstrs ) + memcpy( ee->data_record.strings, wpstrs, + ee->data_record.strings_len ); + + /* note that userdata is a pstring */ + if ( puserdata ) + memcpy( ee->data_record.user_data, puserdata, + ee->data_record.user_data_len ); + + SAFE_FREE( wpcomputer ); + SAFE_FREE( wpsource ); + SAFE_FREE( wpsid ); + SAFE_FREE( wpstrs ); + SAFE_FREE( puserdata ); + + DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) ); + DEBUG( 10, + ( "get_eventlog_record: computer_name %d is ", + ee->data_record.computer_name_len ) ); + SAFE_FREE( ret.dptr ); + return ee; +} + +/******************************************************************** + ********************************************************************/ + +static void free_eventlog_info( void *ptr ) { TALLOC_FREE( ptr ); } /******************************************************************** -********************************************************************/ + ********************************************************************/ -static EventlogInfo *find_eventlog_info_by_hnd(pipes_struct *p, POLICY_HND *handle) +static EventlogInfo *find_eventlog_info_by_hnd( pipes_struct * p, + POLICY_HND * handle ) { EventlogInfo *info; - - if ( !find_policy_by_hnd(p,handle,(void **)&info) ) { - DEBUG(2,("find_eventlog_info_by_hnd: eventlog not found.\n")); + + if ( !find_policy_by_hnd( p, handle, ( void ** ) &info ) ) { + DEBUG( 2, + ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) ); return NULL; } @@ -87,144 +340,85 @@ static EventlogInfo *find_eventlog_info_by_hnd(pipes_struct *p, POLICY_HND *hand } /******************************************************************** - Callout to control the specified event log - passing out only - the MaxSize and Retention values, along with eventlog name - uses smbrun... - INPUT: - OUTPUT: nothing -********************************************************************/ + note that this can only be called AFTER the table is constructed, + since it uses the table to find the tdb handle + ********************************************************************/ -BOOL control_eventlog_hook(NT_USER_TOKEN *token, const char *elogname ) +static BOOL sync_eventlog_params( const char *elogname ) { - char *cmd = lp_eventlog_control_cmd(); - pstring command; - int ret; - int fd = -1; - uint32 uiMaxSize, uiRetention; pstring path; + uint32 uiMaxSize; + uint32 uiRetention; REGISTRY_KEY *keyinfo; REGISTRY_VALUE *val; REGVAL_CTR *values; WERROR wresult; + TDB_CONTEXT *the_tdb; + + the_tdb = tdb_of( ( char * ) elogname ); + + DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); - if ( !cmd || !*cmd ) { - DEBUG(0, ("control_eventlog_hook: No \"eventlog control command\" defined in smb.conf!\n")); + if ( !the_tdb ) { + DEBUG( 4, ( "Can't open tdb for %s\n", elogname ) ); return False; } - /* set resonable defaults. 512Kb on size and 1 week on time */ - + uiMaxSize = 0x80000; uiRetention = 604800; - + /* the general idea is to internally open the registry key and retreive the values. That way we can continue to use the same fetch/store api that we use in srv_reg_nt.c */ pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); - wresult = regkey_open_internal( &keyinfo, path, token, REG_KEY_READ ); - + + wresult = + regkey_open_internal( &keyinfo, path, get_root_nt_token( ), + REG_KEY_READ ); + if ( !W_ERROR_IS_OK( wresult ) ) { - DEBUG(4,("control_eventlog_hook: Failed to open key [%s] (%s)\n", - path, dos_errstr(wresult) )); + DEBUG( 4, + ( "sync_eventlog_params: Failed to open key [%s] (%s)\n", + path, dos_errstr( wresult ) ) ); return False; } - - if ( !(values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR )) ) { + + if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) { TALLOC_FREE( keyinfo ); - DEBUG(0,("control_eventlog_hook: talloc() failed!\n")); - + DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) ); + return False; } fetch_reg_values( keyinfo, values ); - - if ( (val = regval_ctr_getvalue( values, "Retention" )) != NULL ) - uiRetention = IVAL( regval_data_p(val), 0 ); - if ( (val = regval_ctr_getvalue( values, "MaxSize" )) != NULL ) - uiMaxSize = IVAL( regval_data_p(val), 0 ); - - TALLOC_FREE( keyinfo ); - - /* now run the command */ + if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL ) + uiRetention = IVAL( regval_data_p( val ), 0 ); - pstr_sprintf(command, "%s \"%s\" %u %u", cmd, elogname, uiRetention, uiMaxSize ); + if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL ) + uiMaxSize = IVAL( regval_data_p( val ), 0 ); - DEBUG(10, ("control_eventlog_hook: Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); + TALLOC_FREE( keyinfo ); - if ( ret != 0 ) { - DEBUG(10,("control_eventlog_hook: Command returned [%d]\n", ret)); - if (fd != -1 ) - close(fd); - return False; - } + tdb_store_int32( the_tdb, VN_maxsize, uiMaxSize ); + tdb_store_int32( the_tdb, VN_retention, uiRetention ); - close(fd); return True; } - /******************************************************************** -********************************************************************/ + ********************************************************************/ -/** - * Callout to open the specified event log - * - * smbrun calling convention -- - * INPUT: - * OUTPUT: the string "SUCCESS" if the command succeeded - * no such string if there was a failure. - */ -static BOOL open_eventlog_hook( EventlogInfo *info ) +static BOOL open_eventlog_hook( EventlogInfo * info ) { - char *cmd = lp_eventlog_open_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog open command\" entry in the config.\n")); - return False; - } - - pstr_sprintf(command, "%s \"%s\"", cmd, info->logname ); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) { - if(fd != -1) { - close(fd); - } - return False; - } - - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); - - if(numlines) { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) { - DEBUGADD(10, ("Able to open [%s].\n", info->logname)); - file_lines_free(qlines); - return True; - } - } - - file_lines_free(qlines); - - return False; + return True; } /******************************************************************** ********************************************************************/ + /** * Callout to get the number of records in the specified event log * @@ -234,50 +428,49 @@ static BOOL open_eventlog_hook( EventlogInfo *info ) * entries in the log. If there are no entries in the log, return 0. */ -static BOOL get_num_records_hook(EventlogInfo *info) + +static BOOL get_num_records_hook( EventlogInfo * info ) { - char *cmd = lp_eventlog_num_records_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog num records command\" entry in the config.\n")); - return False; - } - pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); + TDB_CONTEXT *the_tdb = NULL; + int next_record; + int oldest_record; - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - if(ret != 0) { - if(fd != -1) { - close(fd); - } + the_tdb = tdb_of( info->logname ); + + if ( !the_tdb ) { + DEBUG( 10, ( "Can't find tdb for %s\n", info->logname ) ); + info->num_records = 0; return False; } - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); + /* lock */ + tdb_lock_bystring( the_tdb, VN_next_record, 1 ); + + + /* read */ + next_record = tdb_fetch_int32( the_tdb, VN_next_record ); + oldest_record = tdb_fetch_int32( the_tdb, VN_oldest_entry ); + + + + DEBUG( 8, + ( "Oldest Record %d Next Record %d\n", oldest_record, + next_record ) ); + + info->num_records = ( next_record - oldest_record ); + info->oldest_entry = oldest_record; + tdb_unlock_bystring( the_tdb, VN_next_record ); + + + return True; - if(numlines) { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - sscanf(qlines[0], "%d", &(info->num_records)); - file_lines_free(qlines); - return True; - } - file_lines_free(qlines); - return False; } /******************************************************************** -********************************************************************/ + ********************************************************************/ /** * Callout to find the oldest record in the log @@ -289,50 +482,17 @@ static BOOL get_num_records_hook(EventlogInfo *info) * If there are no entries in the log, returns a 0 */ -static BOOL get_oldest_entry_hook(EventlogInfo *info) +static BOOL get_oldest_entry_hook( EventlogInfo * info ) { - char *cmd = lp_eventlog_oldest_record_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog oldest record command\" entry in the config.\n")); - return False; - } - - pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - if(ret != 0) { - if(fd != -1) { - close(fd); - } - return False; - } - - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); - - if(numlines) { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - sscanf(qlines[0], "%d", &(info->oldest_entry)); - file_lines_free(qlines); - return True; - } - - file_lines_free(qlines); - return False; + /* it's the same thing */ + return get_num_records_hook( info ); } + /******************************************************************** -********************************************************************/ + ********************************************************************/ + /** * Callout to close the specified event log * @@ -342,323 +502,51 @@ static BOOL get_oldest_entry_hook(EventlogInfo *info) * no such string if there was a failure. */ -static BOOL close_eventlog_hook(EventlogInfo *info) -{ - char *cmd = lp_eventlog_close_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog close command\" entry in the config.\n")); - return False; - } - - pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) { - if(fd != -1) { - close(fd); - } - return False; - } - - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); - - if(numlines) { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", 7)) { - DEBUGADD(10, ("Able to close [%s].\n", info->logname)); - file_lines_free(qlines); - return True; - } - } - - file_lines_free(qlines); - return False; -} - -/******************************************************************** -********************************************************************/ - -static BOOL parse_logentry(char *line, Eventlog_entry *entry, BOOL *eor) +static BOOL close_eventlog_hook( EventlogInfo * info ) { - char *start = NULL, *stop = NULL; - pstring temp; - int temp_len = 0, i; - - start = line; - /* empty line signyfiying record delimeter, or we're at the end of the buffer */ - if(start == NULL || strlen(start) == 0) { - DEBUG(6, ("parse_logentry: found end-of-record indicator.\n")); - *eor = True; - return True; - } - if(!(stop = strchr(line, ':'))) { - return False; - } - - DEBUG(6, ("parse_logentry: trying to parse [%s].\n", line)); - - if(0 == strncmp(start, "LEN", stop - start)) { - /* This will get recomputed later anyway -- probably not necessary */ - entry->record.length = atoi(stop + 1); - } else if(0 == strncmp(start, "RS1", stop - start)) { - /* For now all these reserved entries seem to have the same value, - which can be hardcoded to int(1699505740) for now */ - entry->record.reserved1 = atoi(stop + 1); - } else if(0 == strncmp(start, "RCN", stop - start)) { - entry->record.record_number = atoi(stop + 1); - } else if(0 == strncmp(start, "TMG", stop - start)) { - entry->record.time_generated = atoi(stop + 1); - } else if(0 == strncmp(start, "TMW", stop - start)) { - entry->record.time_written = atoi(stop + 1); - } else if(0 == strncmp(start, "EID", stop - start)) { - entry->record.event_id = atoi(stop + 1); - } else if(0 == strncmp(start, "ETP", stop - start)) { - if(strstr(start, "ERROR")) { - entry->record.event_type = EVENTLOG_ERROR_TYPE; - } else if(strstr(start, "WARNING")) { - entry->record.event_type = EVENTLOG_WARNING_TYPE; - } else if(strstr(start, "INFO")) { - entry->record.event_type = EVENTLOG_INFORMATION_TYPE; - } else if(strstr(start, "AUDIT_SUCCESS")) { - entry->record.event_type = EVENTLOG_AUDIT_SUCCESS; - } else if(strstr(start, "AUDIT_FAILURE")) { - entry->record.event_type = EVENTLOG_AUDIT_FAILURE; - } else if(strstr(start, "SUCCESS")) { - entry->record.event_type = EVENTLOG_SUCCESS; - } else { - /* some other eventlog type -- currently not defined in MSDN docs, so error out */ - return False; - } - } -/* - else if(0 == strncmp(start, "NST", stop - start)) - { - entry->record.num_strings = atoi(stop + 1); - } -*/ - else if(0 == strncmp(start, "ECT", stop - start)) { - entry->record.event_category = atoi(stop + 1); - } else if(0 == strncmp(start, "RS2", stop - start)) { - entry->record.reserved2 = atoi(stop + 1); - } else if(0 == strncmp(start, "CRN", stop - start)) { - entry->record.closing_record_number = atoi(stop + 1); - } else if(0 == strncmp(start, "USL", stop - start)) { - entry->record.user_sid_length = atoi(stop + 1); - } else if(0 == strncmp(start, "SRC", stop - start)) { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) { - stop++; - } - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.source_name), temp, - sizeof(entry->data_record.source_name), STR_TERMINATE); - entry->data_record.source_name_len = (strlen_w(entry->data_record.source_name)* 2) + 2; - } else if(0 == strncmp(start, "SRN", stop - start)) { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) { - stop++; - } - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.computer_name), temp, - sizeof(entry->data_record.computer_name), STR_TERMINATE); - entry->data_record.computer_name_len = (strlen_w(entry->data_record.computer_name)* 2) + 2; - } else if(0 == strncmp(start, "SID", stop - start)) { - memset(temp, 0, sizeof(temp)); - stop++; - while(isspace(stop[0])) { - stop++; - } - temp_len = strlen(stop); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.sid), temp, - sizeof(entry->data_record.sid), STR_TERMINATE); - entry->record.user_sid_length = (strlen_w(entry->data_record.sid) * 2) + 2; - } else if(0 == strncmp(start, "STR", stop - start)) { - /* skip past initial ":" */ - stop++; - /* now skip any other leading whitespace */ - while(isspace(stop[0])) { - stop++; - } - temp_len = strlen(stop); - memset(temp, 0, sizeof(temp)); - strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry->data_record.strings + entry->data_record.strings_len), - temp, - sizeof(entry->data_record.strings) - entry->data_record.strings_len, - STR_TERMINATE); - entry->data_record.strings_len += temp_len + 1; - fprintf(stderr, "Dumping strings:\n"); - for(i = 0; i < entry->data_record.strings_len; i++) { - fputc((char)entry->data_record.strings[i], stderr); - } - fprintf(stderr, "\nDone\n"); - entry->record.num_strings++; - } else if(0 == strncmp(start, "DAT", stop - start)) { - /* Now that we're done processing the STR data, adjust the length to account for - unicode, then proceed with the DAT data. */ - entry->data_record.strings_len *= 2; - /* skip past initial ":" */ - stop++; - /* now skip any other leading whitespace */ - while(isspace(stop[0])) { - stop++; - } - entry->data_record.user_data_len = strlen(stop); - memset(entry->data_record.user_data, 0, sizeof(entry->data_record.user_data)); - if(entry->data_record.user_data_len > 0) { - /* copy no more than the first 1024 bytes */ - if(entry->data_record.user_data_len > sizeof(entry->data_record.user_data)) - entry->data_record.user_data_len = sizeof(entry->data_record.user_data); - memcpy(entry->data_record.user_data, stop, entry->data_record.user_data_len); - } - } else { - /* some other eventlog entry -- not implemented, so dropping on the floor */ - DEBUG(10, ("Unknown entry [%s]. Ignoring.\n", line)); - /* For now return true so that we can keep on parsing this mess. Eventually - we will return False here. */ - return True; - } return True; } /******************************************************************** -********************************************************************/ - -/** - * Callout to read entries from the specified event log - * - * smbrun calling convention -- - * INPUT: - * where direction is either "forward" or "backward", the starting record is somewhere - * between the oldest_record and oldest_record+num_records, and the buffer size is the - * maximum size of the buffer that the client can accomodate. - * OUTPUT: A buffer containing a set of entries, one to a line, of the format: - * Multiple log entries can be contained in the buffer, delimited by an empty line - * line type:line data - * These are the allowed line types: - * RS1:(uint32) - reserved. All M$ entries seem to have int(1699505740) for now - * RCN:(uint32) - record number of the record, however it may be calculated by the script - * TMG:(uint32) - time generated, seconds since January 1, 1970, 0000 UTC - * TMW:(uint32) - time written, seconds since January 1, 1970, 0000 UTC - * EID:(uint32) - eventlog source defined event identifier. If there's a stringfile for the event, it is an index into that - * ETP:(uint16) - eventlog type - one of ERROR, WARNING, INFO, AUDIT_SUCCESS, AUDIT_FAILURE - * ECT:(uint16) - event category - depends on the eventlog generator... - * RS2:(uint16) - reserved, make it 0000 - * CRN:(uint32) - reserved, make it 00000000 for now - * USL:(uint32) - user SID length. No sid? Make this 0. Must match SID below - * SRC:[(uint8)] - Name of the source, for example ccPwdSvc, in hex bytes. Can not be multiline. - * SRN:[(uint8)] - Name of the computer on which this is generated, the short hostname usually. - * SID:[(uint8)] - User sid if one exists. Must be present even if there is no SID. - * STR:[(uint8)] - String data. One string per line. Multiple strings can be specified using consecutive "STR" lines, - * up to a total aggregate string length of 1024 characters. - * DAT:[(uint8)] - The user-defined data portion of the event log. Can not be multiple lines. - * - end-of-record indicator - */ - -static BOOL read_eventlog_hook(EventlogInfo *info, Eventlog_entry *entry, - const char *direction, int starting_record, - int buffer_size, BOOL *eof, - char ***buffer, int *numlines) -{ - char *cmd = lp_eventlog_read_cmd(); - pstring command; - int ret; - int fd = -1; - - if ( !info ) - return False; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog read command\" entry in the config.\n")); - return False; - } - - pstr_sprintf( command, "%s \"%s\" %s %d %d", - cmd, info->logname, direction, starting_record, buffer_size ); - - *numlines = 0; - - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - - if(ret != 0) { - if(fd != -1) { - close(fd); - } - return False; - } - - *buffer = fd_lines_load(fd, numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", *numlines)); - close(fd); - - if(*numlines) { - /* - for(i = 0; i < numlines; i++) - { - DEBUGADD(10, ("Line[%d] = %s\n", i, qlines[i])); - parse_logentry(qlines[i], entry); - } - file_lines_free(qlines); - */ - *eof = False; - return True; - } - *eof = True; - -/* file_lines_free(qlines);*/ - return False; -} - -/******************************************************************** -********************************************************************/ + ********************************************************************/ -static Eventlog_entry *read_package_entry(prs_struct *ps, - EVENTLOG_Q_READ_EVENTLOG *q_u, - EVENTLOG_R_READ_EVENTLOG *r_u, - Eventlog_entry *entry) +static Eventlog_entry *read_package_entry( prs_struct * ps, + EVENTLOG_Q_READ_EVENTLOG * q_u, + EVENTLOG_R_READ_EVENTLOG * r_u, + Eventlog_entry * entry ) { uint8 *offset; Eventlog_entry *ee_new = NULL; - ee_new = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); - if(ee_new == NULL) { + ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 ); + if ( ee_new == NULL ) { return NULL; } - entry->data_record.sid_padding = ((4 - ((entry->data_record.source_name_len - + entry->data_record.computer_name_len) % 4)) %4); - entry->data_record.data_padding = (4 - ((entry->data_record.strings_len - + entry->data_record.user_data_len) % 4)) % 4; - entry->record.length = sizeof(Eventlog_record); + entry->data_record.sid_padding = + ( ( 4 - + ( ( entry->data_record.source_name_len + + entry->data_record.computer_name_len ) % 4 ) ) % 4 ); + entry->data_record.data_padding = + ( 4 - + ( ( entry->data_record.strings_len + + entry->data_record.user_data_len ) % 4 ) ) % 4; + entry->record.length = sizeof( Eventlog_record ); entry->record.length += entry->data_record.source_name_len; entry->record.length += entry->data_record.computer_name_len; - if(entry->record.user_sid_length == 0) { + if ( entry->record.user_sid_length == 0 ) { /* Should not pad to a DWORD boundary for writing out the sid if there is no SID, so just propagate the padding to pad the data */ - entry->data_record.data_padding += entry->data_record.sid_padding; + entry->data_record.data_padding += + entry->data_record.sid_padding; entry->data_record.sid_padding = 0; } - DEBUG(10, ("sid_padding is [%d].\n", entry->data_record.sid_padding)); - DEBUG(10, ("data_padding is [%d].\n", entry->data_record.data_padding)); + DEBUG( 10, + ( "sid_padding is [%d].\n", entry->data_record.sid_padding ) ); + DEBUG( 10, + ( "data_padding is [%d].\n", + entry->data_record.data_padding ) ); entry->record.length += entry->data_record.sid_padding; entry->record.length += entry->record.user_sid_length; @@ -666,66 +554,82 @@ static Eventlog_entry *read_package_entry(prs_struct *ps, entry->record.length += entry->data_record.user_data_len; entry->record.length += entry->data_record.data_padding; /* need another copy of length at the end of the data */ - entry->record.length += sizeof(entry->record.length); - DEBUG(10, ("entry->record.length is [%d].\n", entry->record.length)); - entry->data = PRS_ALLOC_MEM(ps, uint8, entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length)); - if(entry->data == NULL) { + entry->record.length += sizeof( entry->record.length ); + DEBUG( 10, + ( "entry->record.length is [%d].\n", entry->record.length ) ); + entry->data = + PRS_ALLOC_MEM( ps, uint8, + entry->record.length - + sizeof( Eventlog_record ) - + sizeof( entry->record.length ) ); + if ( entry->data == NULL ) { return NULL; } offset = entry->data; - memcpy(offset, &(entry->data_record.source_name), entry->data_record.source_name_len); + memcpy( offset, &( entry->data_record.source_name ), + entry->data_record.source_name_len ); offset += entry->data_record.source_name_len; - memcpy(offset, &(entry->data_record.computer_name), entry->data_record.computer_name_len); + memcpy( offset, &( entry->data_record.computer_name ), + entry->data_record.computer_name_len ); offset += entry->data_record.computer_name_len; /* SID needs to be DWORD-aligned */ offset += entry->data_record.sid_padding; - entry->record.user_sid_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.sid), entry->record.user_sid_length); + entry->record.user_sid_offset = + sizeof( Eventlog_record ) + ( offset - entry->data ); + memcpy( offset, &( entry->data_record.sid ), + entry->record.user_sid_length ); offset += entry->record.user_sid_length; /* Now do the strings */ - entry->record.string_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.strings), entry->data_record.strings_len); + entry->record.string_offset = + sizeof( Eventlog_record ) + ( offset - entry->data ); + memcpy( offset, &( entry->data_record.strings ), + entry->data_record.strings_len ); offset += entry->data_record.strings_len; /* Now do the data */ entry->record.data_length = entry->data_record.user_data_len; - entry->record.data_offset = sizeof(Eventlog_record) + (offset - entry->data); - memcpy(offset, &(entry->data_record.user_data), entry->data_record.user_data_len); + entry->record.data_offset = + sizeof( Eventlog_record ) + ( offset - entry->data ); + memcpy( offset, &( entry->data_record.user_data ), + entry->data_record.user_data_len ); offset += entry->data_record.user_data_len; - memcpy(&(ee_new->record), &entry->record, sizeof(Eventlog_record)); - memcpy(&(ee_new->data_record), &entry->data_record, sizeof(Eventlog_data_record)); + memcpy( &( ee_new->record ), &entry->record, + sizeof( Eventlog_record ) ); + memcpy( &( ee_new->data_record ), &entry->data_record, + sizeof( Eventlog_data_record ) ); ee_new->data = entry->data; return ee_new; } /******************************************************************** -********************************************************************/ + ********************************************************************/ -static BOOL add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee_new) +static BOOL add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, + Eventlog_entry * ee_new ) { Eventlog_entry *insert_point; - insert_point=r_u->entry; + insert_point = r_u->entry; - if (NULL == insert_point) { + if ( NULL == insert_point ) { r_u->entry = ee_new; ee_new->next = NULL; } else { - while ((NULL != insert_point->next)) { - insert_point=insert_point->next; + while ( ( NULL != insert_point->next ) ) { + insert_point = insert_point->next; } ee_new->next = NULL; insert_point->next = ee_new; } - r_u->num_records++; + r_u->num_records++; r_u->num_bytes_in_resp += ee_new->record.length; return True; } /******************************************************************** -********************************************************************/ + ********************************************************************/ /** * Callout to clear (and optionally backup) a specified event log @@ -741,128 +645,153 @@ static BOOL add_record_to_resp(EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee * The given log is copied to that location on the server. See comments for * eventlog_io_q_clear_eventlog for info about odd file name behavior */ - -static BOOL clear_eventlog_hook(EventlogInfo *info, pstring backup_file_name) +static BOOL clear_eventlog_hook( EventlogInfo * info, + pstring backup_file_name ) { - char *cmd = lp_eventlog_clear_cmd(); - char **qlines; - pstring command; - int numlines = 0; - int ret; - int fd = -1; - - if ( !cmd || !*cmd ) { - DEBUG(0, ("Must define an \"eventlog clear command\" entry in the config.\n")); - return False; - } - if ( strlen(backup_file_name) ) - pstr_sprintf( command, "%s \"%s\" \"%s\"", cmd, info->logname, backup_file_name ); - else - pstr_sprintf( command, "%s \"%s\"", cmd, info->logname ); + int i; - DEBUG(10, ("Running [%s]\n", command)); - ret = smbrun(command, &fd); - DEBUGADD(10, ("returned [%d]\n", ret)); - if(ret != 0) { - if(fd != -1) { - close(fd); - } + if ( !info ) return False; - } - - qlines = fd_lines_load(fd, &numlines); - DEBUGADD(10, ("Lines returned = [%d]\n", numlines)); - close(fd); - - if(numlines) { - DEBUGADD(10, ("Line[0] = [%s]\n", qlines[0])); - if(0 == strncmp(qlines[0], "SUCCESS", strlen("SUCCESS"))) { - DEBUGADD(10, ("Able to clear [%s].\n", info->logname)); - file_lines_free(qlines); + DEBUG( 3, ( "There are %d event logs\n", nlogs ) ); + for ( i = 0; i < nlogs; i++ ) { + DEBUG( 3, + ( "Comparing Eventlog %s, %s\n", info->logname, + ttdb[i].logname ) ); + if ( !StrCaseCmp( info->logname, ttdb[i].logname ) ) { + /* close the current one, reinit */ + tdb_close( ttdb[i].log_tdb ); + DEBUG( 3, + ( "Closing Eventlog %s, file-on-disk %s\n", + info->logname, ttdb[i].tdbfname ) ); + ttdb[i].log_tdb = + init_eventlog_tdb( ttdb[i].tdbfname ); return True; } } - file_lines_free(qlines); - return False; + return False; /* not found */ + /* TODO- do something with the backup file name */ + } /******************************************************************* -*******************************************************************/ + *******************************************************************/ + +static int eventlog_size( char *eventlog_name ) +{ + TDB_CONTEXT *tdb; + + if ( !eventlog_name ) + return 0; + tdb = tdb_of( eventlog_name ); + if ( !tdb ) + return 0; + return eventlog_tdb_size( tdb, NULL, NULL ); +} + +/******************************************************************** + ********************************************************************/ -WERROR _eventlog_open_eventlog(pipes_struct *p, EVENTLOG_Q_OPEN_EVENTLOG *q_u, EVENTLOG_R_OPEN_EVENTLOG *r_u) +WERROR _eventlog_open_eventlog( pipes_struct * p, + EVENTLOG_Q_OPEN_EVENTLOG * q_u, + EVENTLOG_R_OPEN_EVENTLOG * r_u ) { EventlogInfo *info = NULL; fstring str; - - if ( !(info = TALLOC_ZERO_P(NULL, EventlogInfo)) ) + + if ( !( info = TALLOC_ZERO_P( NULL, EventlogInfo ) ) ) return WERR_NOMEM; - fstrcpy( str, global_myname() ); + fstrcpy( str, global_myname( ) ); if ( q_u->servername.string ) { - rpcstr_pull( str, q_u->servername.string->buffer, - sizeof(str), q_u->servername.string->uni_str_len*2, 0 ); - } + rpcstr_pull( str, q_u->servername.string->buffer, + sizeof( str ), + q_u->servername.string->uni_str_len * 2, 0 ); + } + info->servername = talloc_strdup( info, str ); fstrcpy( str, "Application" ); if ( q_u->logname.string ) { - rpcstr_pull( str, q_u->logname.string->buffer, - sizeof(str), q_u->logname.string->uni_str_len*2, 0 ); - } + rpcstr_pull( str, q_u->logname.string->buffer, + sizeof( str ), + q_u->logname.string->uni_str_len * 2, 0 ); + } + info->logname = talloc_strdup( info, str ); - DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the server name.\n", info->servername)); - DEBUG(10, ("_eventlog_open_eventlog: Using [%s] as the source log file.\n", info->logname)); + DEBUG( 1, + ( "Size of %s is %d\n", info->logname, + eventlog_size( info->logname ) ) ); - if ( !create_policy_hnd(p, &r_u->handle, free_eventlog_info, (void *)info) ) { - free_eventlog_info(info); + + + DEBUG( 10, + ( "_eventlog_open_eventlog: Using [%s] as the server name.\n", + info->servername ) ); + DEBUG( 10, + ( "_eventlog_open_eventlog: Using [%s] as the source log file.\n", + info->logname ) ); + + + if ( !create_policy_hnd + ( p, &r_u->handle, free_eventlog_info, ( void * ) info ) ) { + free_eventlog_info( info ); return WERR_NOMEM; } - - if ( !(open_eventlog_hook(info)) ) { - close_policy_hnd(p, &r_u->handle); + + if ( !open_eventlog_hook( info ) ) { + close_policy_hnd( p, &r_u->handle ); return WERR_BADFILE; } - + + sync_eventlog_params( info->logname ); + prune_eventlog( tdb_of( info->logname ) ); + return WERR_OK; } /******************************************************************** -********************************************************************/ + ********************************************************************/ -WERROR _eventlog_clear_eventlog(pipes_struct *p, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, EVENTLOG_R_CLEAR_EVENTLOG *r_u) +WERROR _eventlog_clear_eventlog( pipes_struct * p, + EVENTLOG_Q_CLEAR_EVENTLOG * q_u, + EVENTLOG_R_CLEAR_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); pstring backup_file_name; pstrcpy( backup_file_name, "" ); - if ( q_u->backupfile.string ) - unistr2_to_ascii(backup_file_name, q_u->backupfile.string, sizeof(backup_file_name)); + if ( q_u->backupfile.string ) + unistr2_to_ascii( backup_file_name, q_u->backupfile.string, + sizeof( backup_file_name ) ); - DEBUG(10, ("_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", - backup_file_name, info->logname)); + DEBUG( 10, + ( "_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", + backup_file_name, info->logname ) ); - if ( !(clear_eventlog_hook(info, backup_file_name)) ) + if ( !( clear_eventlog_hook( info, backup_file_name ) ) ) return WERR_BADFILE; return WERR_OK; } /******************************************************************** -********************************************************************/ + ********************************************************************/ -WERROR _eventlog_close_eventlog(pipes_struct *p, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, EVENTLOG_R_CLOSE_EVENTLOG *r_u) +WERROR _eventlog_close_eventlog( pipes_struct * p, + EVENTLOG_Q_CLOSE_EVENTLOG * q_u, + EVENTLOG_R_CLOSE_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd(p,&q_u->handle); + EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - if ( !(close_eventlog_hook(info)) ) + if ( !( close_eventlog_hook( info ) ) ) return WERR_BADFILE; - if ( !(close_policy_hnd(p, &q_u->handle)) ) { + if ( !( close_policy_hnd( p, &q_u->handle ) ) ) { return WERR_BADFID; } @@ -870,76 +799,93 @@ WERROR _eventlog_close_eventlog(pipes_struct *p, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, } /******************************************************************** -********************************************************************/ - -WERROR _eventlog_read_eventlog(pipes_struct *p, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u) + ********************************************************************/ + +WERROR _eventlog_read_eventlog( pipes_struct * p, + EVENTLOG_Q_READ_EVENTLOG * q_u, + EVENTLOG_R_READ_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); Eventlog_entry entry, *ee_new; - BOOL eof = False, eor = False; - const char *direction = ""; + uint32 num_records_read = 0; prs_struct *ps; - int numlines, i; - char **buffer; + int bytes_left, record_number; + TDB_CONTEXT *the_tdb; + info->flags = q_u->flags; ps = &p->out_data.rdata; - if ( info->flags & EVENTLOG_FORWARDS_READ ) - direction = "forward"; - else if ( info->flags & EVENTLOG_BACKWARDS_READ ) - direction = "backward"; - if ( !(read_eventlog_hook(info, &entry, direction, q_u->offset, q_u->max_read_size, &eof, &buffer, &numlines)) ) { - if(eof == False) { - return WERR_NOMEM; - } + bytes_left = q_u->max_read_size; + the_tdb = tdb_of( info->logname ); + if ( !the_tdb ) { + /* todo handle the error */ + } + /* DEBUG(8,("Bytes left is %d\n",bytes_left)); */ + + + record_number = q_u->offset; + + while ( bytes_left > 0 ) { + if ( get_eventlog_record + ( ps, the_tdb, record_number, &entry ) ) { + DEBUG( 8, + ( "Retrieved record %d\n", record_number ) ); + /* Now see if there is enough room to add */ + if ( ( ee_new = + read_package_entry( ps, q_u, r_u, + &entry ) ) == NULL ) { + return WERR_NOMEM; - if(numlines > 0) { - ZERO_STRUCT(entry); - for(i = 0; i < numlines; i++) { - num_records_read = r_u->num_records; - DEBUGADD(10, ("Line[%d] = [%s]\n", i, buffer[i])); - parse_logentry(buffer[i], &entry, &eor); - if(eor == True) { - /* package ee_new entry */ - if((ee_new = read_package_entry(ps, q_u, r_u, &entry)) == NULL) { - SAFE_FREE(buffer); - return WERR_NOMEM; - } - /* Now see if there is enough room to add */ - if(r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size) { - r_u->bytes_in_next_record = ee_new->record.length; - /* response would be too big to fit in client-size buffer */ - break; - } - add_record_to_resp(r_u, ee_new); - ZERO_STRUCT(entry); - eor=False; - num_records_read = r_u->num_records - num_records_read; - DEBUG(10, ("_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", - num_records_read, - r_u->num_records, - r_u->num_bytes_in_resp, - q_u->max_read_size)); } + + if ( r_u->num_bytes_in_resp + ee_new->record.length > + q_u->max_read_size ) { + r_u->bytes_in_next_record = + ee_new->record.length; + /* response would be too big to fit in client-size buffer */ + bytes_left = 0; + break; + } + add_record_to_resp( r_u, ee_new ); + bytes_left -= ee_new->record.length; + ZERO_STRUCT( entry ); + num_records_read = + r_u->num_records - num_records_read; + DEBUG( 10, + ( "_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", + num_records_read, r_u->num_records, + r_u->num_bytes_in_resp, + q_u->max_read_size ) ); + } else { + DEBUG( 8, ( "get_eventlog_record returned NULL\n" ) ); + return WERR_NOMEM; /* wrong error - but return one anyway */ } - SAFE_FREE(buffer); - } + + if ( info->flags & EVENTLOG_FORWARDS_READ ) { + record_number++; + } else { + record_number--; + } + + } return WERR_OK; } /******************************************************************** -********************************************************************/ + ********************************************************************/ -WERROR _eventlog_get_oldest_entry(pipes_struct *p, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, EVENTLOG_R_GET_OLDEST_ENTRY *r_u) +WERROR _eventlog_get_oldest_entry( pipes_struct * p, + EVENTLOG_Q_GET_OLDEST_ENTRY * q_u, + EVENTLOG_R_GET_OLDEST_ENTRY * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - if ( !(get_oldest_entry_hook(info)) ) + if ( !( get_oldest_entry_hook( info ) ) ) return WERR_BADFILE; r_u->oldest_entry = info->oldest_entry; @@ -948,17 +894,18 @@ WERROR _eventlog_get_oldest_entry(pipes_struct *p, EVENTLOG_Q_GET_OLDEST_ENTRY * } /******************************************************************** -********************************************************************/ + ********************************************************************/ -WERROR _eventlog_get_num_records(pipes_struct *p, EVENTLOG_Q_GET_NUM_RECORDS *q_u, EVENTLOG_R_GET_NUM_RECORDS *r_u) +WERROR _eventlog_get_num_records( pipes_struct * p, + EVENTLOG_Q_GET_NUM_RECORDS * q_u, + EVENTLOG_R_GET_NUM_RECORDS * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd(p, &q_u->handle); + EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - if ( !(get_num_records_hook(info)) ) + if ( !( get_num_records_hook( info ) ) ) return WERR_BADFILE; r_u->num_records = info->num_records; return WERR_OK; } - -- cgit From 01a1e5cdb0339a7cb3a85280b118985562bb2d7f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 7 Oct 2005 12:14:25 +0000 Subject: r10819: merging a couple of fixes from trunk * only keep the registry,tdb file open when we have an open key handle * tpot's setup.py fix * removing files that no longer exist in trunk and copying some that were missing in 3.0 (This used to be commit 6c6bf6ca5fd430a7a20bf20ed08050328660e570) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 6067c94fe8..d3b350f233 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -400,7 +400,7 @@ static BOOL sync_eventlog_params( const char *elogname ) if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL ) uiMaxSize = IVAL( regval_data_p( val ), 0 ); - TALLOC_FREE( keyinfo ); + regkey_close_internal( keyinfo ); tdb_store_int32( the_tdb, VN_maxsize, uiMaxSize ); tdb_store_int32( the_tdb, VN_retention, uiRetention ); -- cgit From bb68761a500fc5d426c75e53700fa793e016135f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 14 Oct 2005 16:07:00 +0000 Subject: r11060: merging new eventlog code from trunk (This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693) --- source3/rpc_server/srv_eventlog_nt.c | 628 +++++++++++++---------------------- 1 file changed, 237 insertions(+), 391 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index d3b350f233..577ec48482 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -25,192 +25,201 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV - -typedef struct { - pstring logname; /* rather than alloc on the fly what we need... (memory is cheap now) */ - pstring tdbfname; - TDB_CONTEXT *log_tdb; /* the pointer to the TDB_CONTEXT */ -} EventlogTDBInfo; - -static int nlogs; -static EventlogTDBInfo *ttdb = NULL; -static TALLOC_CTX *mem_ctx = NULL; - typedef struct { char *logname; - char *servername; + TDB_CONTEXT *tdb; uint32 num_records; uint32 oldest_entry; uint32 flags; -} EventlogInfo; + uint32 access_granted; +} EVENTLOG_INFO; +/******************************************************************** + ********************************************************************/ +static void free_eventlog_info( void *ptr ) +{ + EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr; + + if ( elog->tdb ) + elog_close_tdb( elog->tdb ); + + TALLOC_FREE( elog ); +} -#if 0 /* UNUSED */ /******************************************************************** ********************************************************************/ - -void test_eventlog_tdb( TDB_CONTEXT * the_tdb ) + +static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p, + POLICY_HND * handle ) { - Eventlog_entry ee; - - int i = 0; - - memset( &ee, 0, sizeof( Eventlog_entry ) ); - - if ( !the_tdb ) - return; - - for ( i = 0; i < 100; i++ ) { - ee.record.length = sizeof( ee.record ); - memset( &ee.data_record, 0, sizeof( ee.data_record ) ); - ee.record.reserved1 = 0xBEEFDEAD; - ee.record.record_number = 1000 - i; /* should get substituted */ - ee.record.time_generated = 0; - ee.record.time_written = 0; - ee.record.event_id = 500; - ee.record.event_type = 300; - ee.record.num_strings = 0; - ee.record.event_category = 0; - ee.record.reserved2 = ( i << 8 ) | i; - ee.record.closing_record_number = -1; - ee.record.string_offset = 0; - ee.record.user_sid_length = 0; - ee.record.user_sid_offset = 0; - ee.record.data_length = 0; - ee.record.data_offset = 0; - - rpcstr_push( ( void * ) ( ee.data_record.source_name ), - "SystemLog", - sizeof( ee.data_record.source_name ), - STR_TERMINATE ); - ee.data_record.source_name_len = - ( strlen_w( ee.data_record.source_name ) * 2 ) + 2; - - rpcstr_push( ( void * ) ( ee.data_record.computer_name ), - "DMLINUX", - sizeof( ee.data_record.computer_name ), - STR_TERMINATE ); - - ee.data_record.computer_name_len = - ( strlen_w( ee.data_record.computer_name ) * 2 ) + 2; - - write_eventlog_tdb( the_tdb, &ee ); + EVENTLOG_INFO *info; + + if ( !find_policy_by_hnd( p, handle, ( void ** ) &info ) ) { + DEBUG( 2, + ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) ); + return NULL; } + + return info; } -#endif /* UNUSED */ /******************************************************************** - ********************************************************************/ +********************************************************************/ -static void refresh_eventlog_tdb_table( void ) +static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { - const char **elogs = lp_eventlog_list( ); - int i, j; + char *tdbname = elog_tdbname( info->logname ); + SEC_DESC *sec_desc; + BOOL ret; + NTSTATUS ntstatus; + + if ( !tdbname ) + return False; + + /* get the security descriptor for the file */ + + sec_desc = get_nt_acl_no_snum( info, tdbname ); + SAFE_FREE( tdbname ); + + if ( !sec_desc ) { + DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", + tdbname)); + return False; + } + + /* run the check, try for the max allowed */ + + ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, + &info->access_granted, &ntstatus ); + + if ( sec_desc ) + TALLOC_FREE( sec_desc ); + + if ( !ret ) { + DEBUG(8,("elog_check_access: se_access_check() return %s\n", + nt_errstr( ntstatus))); + return False; + } + + /* we have to have READ permission for a successful open */ + + return ( info->access_granted & SA_RIGHT_FILE_READ_DATA ); +} - if ( !elogs ) - return; +/******************************************************************** + ********************************************************************/ - if ( !mem_ctx ) { - mem_ctx = talloc_init( "refresh_eventlog_tdb_table" ); +static BOOL elog_validate_logname( const char *name ) +{ + int i; + const char **elogs = lp_eventlog_list(); + + for ( i=0; elogs[i]; i++ ) { + if ( strequal( name, elogs[i] ) ) + return True; } + + return False; +} - if ( !mem_ctx ) { - DEBUG( 1, ( "Can't allocate memory\n" ) ); - return; - } +/******************************************************************** + ********************************************************************/ - /* count them */ - for ( i = 0; elogs[i]; i++ ) { - } - /* number of logs in i */ - DEBUG( 10, ( "Number of eventlogs %d\n", i ) ); - /* check to see if we need to adjust our tables */ - - if ( ( ttdb != NULL ) ) { - if ( i != nlogs ) { - /* refresh the table, by closing and reconstructing */ - DEBUG( 10, ( "Closing existing table \n" ) ); - for ( j = 0; j < nlogs; j++ ) { - tdb_close( ttdb[j].log_tdb ); - } - TALLOC_FREE( ttdb ); - ttdb = NULL; - } else { /* i == nlogs */ - - for ( j = 0; j < nlogs; j++ ) { - if ( StrCaseCmp( ttdb[j].logname, elogs[i] ) ) { - /* something changed, have to discard */ - DEBUG( 10, - ( "Closing existing table \n" ) ); - for ( j = 0; j < nlogs; j++ ) { - tdb_close( ttdb[j].log_tdb ); - } - TALLOC_FREE( ttdb ); - ttdb = NULL; - break; - } +static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) +{ + EVENTLOG_INFO *elog; + + /* first thing is to validate the eventlog name */ + + if ( !elog_validate_logname( logname ) ) + return WERR_OBJECT_PATH_INVALID; + + if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) ) + return WERR_NOMEM; + + elog->logname = talloc_strdup( elog, logname ); + + /* Open the tdb first (so that we can create any new tdbs if necessary). + We have to do this as root and then use an internal access check + on the file permissions since you can only have a tdb open once + in a single process */ + + become_root(); + elog->tdb = elog_open_tdb( elog->logname ); + unbecome_root(); + + if ( !elog->tdb ) { + /* according to MSDN, if the logfile cannot be found, we should + default to the "Application" log */ + + if ( !strequal( logname, ELOG_APPL ) ) { + + TALLOC_FREE( elog->logname ); + + elog->logname = talloc_strdup( elog, ELOG_APPL ); + + /* do the access check */ + if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + TALLOC_FREE( elog ); + return WERR_ACCESS_DENIED; } + + become_root(); + elog->tdb = elog_open_tdb( elog->logname ); + unbecome_root(); + } + + if ( !elog->tdb ) { + TALLOC_FREE( elog ); + return WERR_ACCESS_DENIED; /* ??? */ } } + + /* now do the access check. Close the tdb if we fail here */ - /* note that this might happen because of above */ - if ( ( i > 0 ) && ( ttdb == NULL ) ) { - /* alloc the room */ - DEBUG( 10, ( "Creating the table\n" ) ); - ttdb = TALLOC( mem_ctx, sizeof( EventlogTDBInfo ) * i ); - if ( !ttdb ) { - DEBUG( 10, - ( "Can't allocate table for tdb handles \n" ) ); - return; - } - for ( j = 0; j < i; j++ ) { - pstrcpy( ttdb[j].tdbfname, - lock_path( mk_tdbfilename - ( ttdb[j].tdbfname, - ( char * ) elogs[j], - sizeof( pstring ) ) ) ); - pstrcpy( ttdb[j].logname, elogs[j] ); - DEBUG( 10, ( "Opening tdb for %s\n", elogs[j] ) ); - ttdb[j].log_tdb = - open_eventlog_tdb( ttdb[j].tdbfname ); - } + if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + elog_close_tdb( elog->tdb ); + TALLOC_FREE( elog ); + return WERR_ACCESS_DENIED; + } + + /* create the policy handle */ + + if ( !create_policy_hnd + ( p, hnd, free_eventlog_info, ( void * ) elog ) ) { + free_eventlog_info( elog ); + return WERR_NOMEM; } - nlogs = i; + + return WERR_OK; } /******************************************************************** ********************************************************************/ -TDB_CONTEXT *tdb_of( char *eventlog_name ) +static WERROR elog_close( pipes_struct *p, POLICY_HND *hnd ) { - int i; - - if ( !eventlog_name ) - return NULL; + if ( !( close_policy_hnd( p, hnd ) ) ) { + return WERR_BADFID; + } - if ( !ttdb ) { - DEBUG( 10, ( "Refreshing list of eventlogs\n" ) ); - refresh_eventlog_tdb_table( ); - - if ( !ttdb ) { - DEBUG( 10, - ( "eventlog tdb table is NULL after a refresh!\n" ) ); - return NULL; - } - } + return WERR_OK; +} - DEBUG( 10, ( "Number of eventlogs %d\n", nlogs ) ); +/******************************************************************* + *******************************************************************/ - for ( i = 0; i < nlogs; i++ ) { - if ( strequal( eventlog_name, ttdb[i].logname ) ) - return ttdb[i].log_tdb; +static int elog_size( EVENTLOG_INFO *info ) +{ + if ( !info || !info->tdb ) { + DEBUG(0,("elog_size: Invalid info* structure!\n")); + return 0; } - return NULL; + return elog_tdb_size( info->tdb, NULL, NULL ); } - /******************************************************************** For the given tdb, get the next eventlog record into the passed Eventlog_entry. returns NULL if it can't get the record for some reason. @@ -314,37 +323,12 @@ Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, return ee; } -/******************************************************************** - ********************************************************************/ - -static void free_eventlog_info( void *ptr ) -{ - TALLOC_FREE( ptr ); -} - -/******************************************************************** - ********************************************************************/ - -static EventlogInfo *find_eventlog_info_by_hnd( pipes_struct * p, - POLICY_HND * handle ) -{ - EventlogInfo *info; - - if ( !find_policy_by_hnd( p, handle, ( void ** ) &info ) ) { - DEBUG( 2, - ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) ); - return NULL; - } - - return info; -} - /******************************************************************** note that this can only be called AFTER the table is constructed, since it uses the table to find the tdb handle ********************************************************************/ -static BOOL sync_eventlog_params( const char *elogname ) +static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) { pstring path; uint32 uiMaxSize; @@ -353,14 +337,12 @@ static BOOL sync_eventlog_params( const char *elogname ) REGISTRY_VALUE *val; REGVAL_CTR *values; WERROR wresult; - TDB_CONTEXT *the_tdb; - - the_tdb = tdb_of( ( char * ) elogname ); + char *elogname = info->logname; DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); - if ( !the_tdb ) { - DEBUG( 4, ( "Can't open tdb for %s\n", elogname ) ); + if ( !info->tdb ) { + DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) ); return False; } /* set resonable defaults. 512Kb on size and 1 week on time */ @@ -402,112 +384,52 @@ static BOOL sync_eventlog_params( const char *elogname ) regkey_close_internal( keyinfo ); - tdb_store_int32( the_tdb, VN_maxsize, uiMaxSize ); - tdb_store_int32( the_tdb, VN_retention, uiRetention ); - - return True; -} - -/******************************************************************** - ********************************************************************/ + tdb_store_int32( info->tdb, EVT_MAXSIZE, uiMaxSize ); + tdb_store_int32( info->tdb, EVT_RETENTION, uiRetention ); -static BOOL open_eventlog_hook( EventlogInfo * info ) -{ return True; } /******************************************************************** ********************************************************************/ -/** - * Callout to get the number of records in the specified event log - * - * smbrun calling convention -- - * INPUT: - * OUTPUT: A single line with a single integer containing the number of - * entries in the log. If there are no entries in the log, return 0. - */ - - -static BOOL get_num_records_hook( EventlogInfo * info ) +static BOOL get_num_records_hook( EVENTLOG_INFO * info ) { - - TDB_CONTEXT *the_tdb = NULL; int next_record; int oldest_record; - - the_tdb = tdb_of( info->logname ); - - if ( !the_tdb ) { - DEBUG( 10, ( "Can't find tdb for %s\n", info->logname ) ); - info->num_records = 0; + if ( !info->tdb ) { + DEBUG( 10, ( "No open tdb for %s\n", info->logname ) ); return False; } - /* lock */ - tdb_lock_bystring( the_tdb, VN_next_record, 1 ); - - - /* read */ - next_record = tdb_fetch_int32( the_tdb, VN_next_record ); - oldest_record = tdb_fetch_int32( the_tdb, VN_oldest_entry ); - + /* lock the tdb since we have to get 2 records */ + tdb_lock_bystring( info->tdb, EVT_NEXT_RECORD, 1 ); + next_record = tdb_fetch_int32( info->tdb, EVT_NEXT_RECORD); + oldest_record = tdb_fetch_int32( info->tdb, EVT_OLDEST_ENTRY); + tdb_unlock_bystring( info->tdb, EVT_NEXT_RECORD); DEBUG( 8, - ( "Oldest Record %d Next Record %d\n", oldest_record, + ( "Oldest Record %d; Next Record %d\n", oldest_record, next_record ) ); info->num_records = ( next_record - oldest_record ); info->oldest_entry = oldest_record; - tdb_unlock_bystring( the_tdb, VN_next_record ); - return True; - - } /******************************************************************** ********************************************************************/ -/** - * Callout to find the oldest record in the log - * - * smbrun calling convention -- - * INPUT: - * OUTPUT: If there are entries in the event log, the index of the - * oldest entry. Must be 1 or greater. - * If there are no entries in the log, returns a 0 - */ - -static BOOL get_oldest_entry_hook( EventlogInfo * info ) +static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info ) { /* it's the same thing */ return get_num_records_hook( info ); } - -/******************************************************************** - ********************************************************************/ - -/** - * Callout to close the specified event log - * - * smbrun calling convention -- - * INPUT: - * OUTPUT: the string "SUCCESS" if the command succeeded - * no such string if there was a failure. - */ - -static BOOL close_eventlog_hook( EventlogInfo * info ) -{ - - return True; -} - /******************************************************************** ********************************************************************/ @@ -628,69 +550,6 @@ static BOOL add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, return True; } -/******************************************************************** - ********************************************************************/ - -/** - * Callout to clear (and optionally backup) a specified event log - * - * smbrun calling convention -- - * INPUT: - * OUTPUT: A single line with the string "SUCCESS" if the command succeeded. - * Otherwise it is assumed to have failed - * - * INPUT: - * OUTPUT: A single line with the string "SUCCESS" if the command succeeded. - * Otherwise it is assumed to have failed - * The given log is copied to that location on the server. See comments for - * eventlog_io_q_clear_eventlog for info about odd file name behavior - */ -static BOOL clear_eventlog_hook( EventlogInfo * info, - pstring backup_file_name ) -{ - - int i; - - - if ( !info ) - return False; - DEBUG( 3, ( "There are %d event logs\n", nlogs ) ); - for ( i = 0; i < nlogs; i++ ) { - DEBUG( 3, - ( "Comparing Eventlog %s, %s\n", info->logname, - ttdb[i].logname ) ); - if ( !StrCaseCmp( info->logname, ttdb[i].logname ) ) { - /* close the current one, reinit */ - tdb_close( ttdb[i].log_tdb ); - DEBUG( 3, - ( "Closing Eventlog %s, file-on-disk %s\n", - info->logname, ttdb[i].tdbfname ) ); - ttdb[i].log_tdb = - init_eventlog_tdb( ttdb[i].tdbfname ); - return True; - } - } - - return False; /* not found */ - /* TODO- do something with the backup file name */ - -} - -/******************************************************************* - *******************************************************************/ - -static int eventlog_size( char *eventlog_name ) -{ - TDB_CONTEXT *tdb; - - if ( !eventlog_name ) - return 0; - tdb = tdb_of( eventlog_name ); - if ( !tdb ) - return 0; - return eventlog_tdb_size( tdb, NULL, NULL ); -} - /******************************************************************** ********************************************************************/ @@ -698,83 +557,81 @@ WERROR _eventlog_open_eventlog( pipes_struct * p, EVENTLOG_Q_OPEN_EVENTLOG * q_u, EVENTLOG_R_OPEN_EVENTLOG * r_u ) { - EventlogInfo *info = NULL; - fstring str; - - if ( !( info = TALLOC_ZERO_P( NULL, EventlogInfo ) ) ) - return WERR_NOMEM; + fstring servername, logname; + EVENTLOG_INFO *info; + WERROR wresult; - fstrcpy( str, global_myname( ) ); + fstrcpy( servername, "" ); if ( q_u->servername.string ) { - rpcstr_pull( str, q_u->servername.string->buffer, - sizeof( str ), + rpcstr_pull( servername, q_u->servername.string->buffer, + sizeof( servername ), q_u->servername.string->uni_str_len * 2, 0 ); } - info->servername = talloc_strdup( info, str ); - - fstrcpy( str, "Application" ); + fstrcpy( logname, "" ); if ( q_u->logname.string ) { - rpcstr_pull( str, q_u->logname.string->buffer, - sizeof( str ), + rpcstr_pull( logname, q_u->logname.string->buffer, + sizeof( logname ), q_u->logname.string->uni_str_len * 2, 0 ); } - - info->logname = talloc_strdup( info, str ); - - DEBUG( 1, - ( "Size of %s is %d\n", info->logname, - eventlog_size( info->logname ) ) ); - - - - DEBUG( 10, - ( "_eventlog_open_eventlog: Using [%s] as the server name.\n", - info->servername ) ); - DEBUG( 10, - ( "_eventlog_open_eventlog: Using [%s] as the source log file.\n", - info->logname ) ); - - - if ( !create_policy_hnd - ( p, &r_u->handle, free_eventlog_info, ( void * ) info ) ) { - free_eventlog_info( info ); - return WERR_NOMEM; + + DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n", + servername, logname )); + + /* according to MSDN, if the logfile cannot be found, we should + default to the "Application" log */ + + if ( !W_ERROR_IS_OK( wresult = elog_open( p, logname, &r_u->handle )) ) + return wresult; + + if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) { + DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n", + logname )); + elog_close( p, &r_u->handle ); + return WERR_BADFID; } - if ( !open_eventlog_hook( info ) ) { - close_policy_hnd( p, &r_u->handle ); - return WERR_BADFILE; - } + DEBUG(10,("_eventlog_open_eventlog: Size [%d]\n", elog_size( info ))); - sync_eventlog_params( info->logname ); - prune_eventlog( tdb_of( info->logname ) ); + sync_eventlog_params( info ); + prune_eventlog( info->tdb ); return WERR_OK; } /******************************************************************** + This call still needs some work ********************************************************************/ WERROR _eventlog_clear_eventlog( pipes_struct * p, EVENTLOG_Q_CLEAR_EVENTLOG * q_u, EVENTLOG_R_CLEAR_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); pstring backup_file_name; - pstrcpy( backup_file_name, "" ); + if ( !info ) + return WERR_BADFID; - if ( q_u->backupfile.string ) - unistr2_to_ascii( backup_file_name, q_u->backupfile.string, - sizeof( backup_file_name ) ); + pstrcpy( backup_file_name, "" ); + if ( q_u->backupfile.string ) { + rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer, + sizeof( backup_file_name ), + q_u->backupfile.string->uni_str_len * 2, 0 ); + } - DEBUG( 10, + DEBUG( 8, ( "_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", backup_file_name, info->logname ) ); - if ( !( clear_eventlog_hook( info, backup_file_name ) ) ) - return WERR_BADFILE; +#if 0 + /* close the current one, reinit */ + + tdb_close( info->tdb ); + + if ( !(info->tdb = elog_init_tdb( ttdb[i].tdbfname )) ) + return WERR_ACCESS_DENIED; +#endif return WERR_OK; } @@ -786,16 +643,7 @@ WERROR _eventlog_close_eventlog( pipes_struct * p, EVENTLOG_Q_CLOSE_EVENTLOG * q_u, EVENTLOG_R_CLOSE_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - - if ( !( close_eventlog_hook( info ) ) ) - return WERR_BADFILE; - - if ( !( close_policy_hnd( p, &q_u->handle ) ) ) { - return WERR_BADFID; - } - - return WERR_OK; + return elog_close( p, &q_u->handle ); } /******************************************************************** @@ -805,56 +653,55 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, EVENTLOG_Q_READ_EVENTLOG * q_u, EVENTLOG_R_READ_EVENTLOG * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); Eventlog_entry entry, *ee_new; uint32 num_records_read = 0; prs_struct *ps; int bytes_left, record_number; - TDB_CONTEXT *the_tdb; - + TDB_CONTEXT *tdb; info->flags = q_u->flags; ps = &p->out_data.rdata; - bytes_left = q_u->max_read_size; - the_tdb = tdb_of( info->logname ); - if ( !the_tdb ) { - /* todo handle the error */ - + tdb = info->tdb; + if ( !tdb ) { + return WERR_EVENTLOG_FILE_CORRUPT; } - /* DEBUG(8,("Bytes left is %d\n",bytes_left)); */ + /* DEBUG(8,("Bytes left is %d\n",bytes_left)); */ record_number = q_u->offset; while ( bytes_left > 0 ) { if ( get_eventlog_record - ( ps, the_tdb, record_number, &entry ) ) { + ( ps, tdb, record_number, &entry ) ) { DEBUG( 8, ( "Retrieved record %d\n", record_number ) ); + /* Now see if there is enough room to add */ - if ( ( ee_new = - read_package_entry( ps, q_u, r_u, - &entry ) ) == NULL ) { + ee_new = read_package_entry( ps, q_u, r_u,&entry ); + if ( !ee_new ) return WERR_NOMEM; - } - if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { r_u->bytes_in_next_record = ee_new->record.length; + /* response would be too big to fit in client-size buffer */ + bytes_left = 0; break; } + add_record_to_resp( r_u, ee_new ); bytes_left -= ee_new->record.length; ZERO_STRUCT( entry ); num_records_read = r_u->num_records - num_records_read; + DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", num_records_read, r_u->num_records, @@ -866,13 +713,12 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, } - if ( info->flags & EVENTLOG_FORWARDS_READ ) { + if ( info->flags & EVENTLOG_FORWARDS_READ ) record_number++; - } else { + else record_number--; - } - } + return WERR_OK; } @@ -883,7 +729,7 @@ WERROR _eventlog_get_oldest_entry( pipes_struct * p, EVENTLOG_Q_GET_OLDEST_ENTRY * q_u, EVENTLOG_R_GET_OLDEST_ENTRY * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); if ( !( get_oldest_entry_hook( info ) ) ) return WERR_BADFILE; @@ -900,7 +746,7 @@ WERROR _eventlog_get_num_records( pipes_struct * p, EVENTLOG_Q_GET_NUM_RECORDS * q_u, EVENTLOG_R_GET_NUM_RECORDS * r_u ) { - EventlogInfo *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); if ( !( get_num_records_hook( info ) ) ) return WERR_BADFILE; -- cgit From 39be2680e008931ff8372a978ac2d8d705c5e03a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 19 Oct 2005 02:50:45 +0000 Subject: r11170: root free pass on eventlog open access check (This used to be commit 4e3ff41e1ee2e3c323814fd8c6aa44ecab412257) --- source3/rpc_server/srv_eventlog_nt.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 577ec48482..5901f68f52 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -88,6 +88,13 @@ static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) return False; } + /* root free pass */ + + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("elog_check_access: using root's token\n")); + token = get_root_nt_token(); + } + /* run the check, try for the max allowed */ ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, -- cgit From e1ffd2d612184fb1343cbe7e1d5d1aacebe0e8fa Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 27 Oct 2005 13:30:23 +0000 Subject: r11332: eventlog API uses NTSTATUS, not WERROR for return codes (This used to be commit f5f40633bc3f641a0fef4934375d0d829899b0d7) --- source3/rpc_server/srv_eventlog_nt.c | 67 ++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 34 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 5901f68f52..6413221031 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -133,17 +133,17 @@ static BOOL elog_validate_logname( const char *name ) /******************************************************************** ********************************************************************/ -static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) +static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) { EVENTLOG_INFO *elog; /* first thing is to validate the eventlog name */ if ( !elog_validate_logname( logname ) ) - return WERR_OBJECT_PATH_INVALID; + return NT_STATUS_OBJECT_PATH_INVALID; if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) ) - return WERR_NOMEM; + return NT_STATUS_NO_MEMORY; elog->logname = talloc_strdup( elog, logname ); @@ -169,7 +169,7 @@ static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd /* do the access check */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { TALLOC_FREE( elog ); - return WERR_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } become_root(); @@ -179,7 +179,7 @@ static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd if ( !elog->tdb ) { TALLOC_FREE( elog ); - return WERR_ACCESS_DENIED; /* ??? */ + return NT_STATUS_ACCESS_DENIED; /* ??? */ } } @@ -188,7 +188,7 @@ static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { elog_close_tdb( elog->tdb ); TALLOC_FREE( elog ); - return WERR_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } /* create the policy handle */ @@ -196,22 +196,22 @@ static WERROR elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd if ( !create_policy_hnd ( p, hnd, free_eventlog_info, ( void * ) elog ) ) { free_eventlog_info( elog ); - return WERR_NOMEM; + return NT_STATUS_NO_MEMORY; } - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************** ********************************************************************/ -static WERROR elog_close( pipes_struct *p, POLICY_HND *hnd ) +static NTSTATUS elog_close( pipes_struct *p, POLICY_HND *hnd ) { if ( !( close_policy_hnd( p, hnd ) ) ) { - return WERR_BADFID; + return NT_STATUS_INVALID_HANDLE; } - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************* @@ -432,7 +432,6 @@ static BOOL get_num_records_hook( EVENTLOG_INFO * info ) static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info ) { - /* it's the same thing */ return get_num_records_hook( info ); } @@ -560,13 +559,13 @@ static BOOL add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, /******************************************************************** ********************************************************************/ -WERROR _eventlog_open_eventlog( pipes_struct * p, +NTSTATUS _eventlog_open_eventlog( pipes_struct * p, EVENTLOG_Q_OPEN_EVENTLOG * q_u, EVENTLOG_R_OPEN_EVENTLOG * r_u ) { fstring servername, logname; EVENTLOG_INFO *info; - WERROR wresult; + NTSTATUS result; fstrcpy( servername, "" ); if ( q_u->servername.string ) { @@ -588,14 +587,14 @@ WERROR _eventlog_open_eventlog( pipes_struct * p, /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - if ( !W_ERROR_IS_OK( wresult = elog_open( p, logname, &r_u->handle )) ) - return wresult; + if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) ) + return result; if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) { DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n", logname )); elog_close( p, &r_u->handle ); - return WERR_BADFID; + return NT_STATUS_INVALID_HANDLE; } DEBUG(10,("_eventlog_open_eventlog: Size [%d]\n", elog_size( info ))); @@ -603,14 +602,14 @@ WERROR _eventlog_open_eventlog( pipes_struct * p, sync_eventlog_params( info ); prune_eventlog( info->tdb ); - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************** This call still needs some work ********************************************************************/ -WERROR _eventlog_clear_eventlog( pipes_struct * p, +NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, EVENTLOG_Q_CLEAR_EVENTLOG * q_u, EVENTLOG_R_CLEAR_EVENTLOG * r_u ) { @@ -618,7 +617,7 @@ WERROR _eventlog_clear_eventlog( pipes_struct * p, pstring backup_file_name; if ( !info ) - return WERR_BADFID; + return NT_STATUS_INVALID_HANDLE; pstrcpy( backup_file_name, "" ); if ( q_u->backupfile.string ) { @@ -637,16 +636,16 @@ WERROR _eventlog_clear_eventlog( pipes_struct * p, tdb_close( info->tdb ); if ( !(info->tdb = elog_init_tdb( ttdb[i].tdbfname )) ) - return WERR_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; #endif - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************** ********************************************************************/ -WERROR _eventlog_close_eventlog( pipes_struct * p, +NTSTATUS _eventlog_close_eventlog( pipes_struct * p, EVENTLOG_Q_CLOSE_EVENTLOG * q_u, EVENTLOG_R_CLOSE_EVENTLOG * r_u ) { @@ -656,7 +655,7 @@ WERROR _eventlog_close_eventlog( pipes_struct * p, /******************************************************************** ********************************************************************/ -WERROR _eventlog_read_eventlog( pipes_struct * p, +NTSTATUS _eventlog_read_eventlog( pipes_struct * p, EVENTLOG_Q_READ_EVENTLOG * q_u, EVENTLOG_R_READ_EVENTLOG * r_u ) { @@ -674,7 +673,7 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, bytes_left = q_u->max_read_size; tdb = info->tdb; if ( !tdb ) { - return WERR_EVENTLOG_FILE_CORRUPT; + return NT_STATUS_ACCESS_DENIED; } /* DEBUG(8,("Bytes left is %d\n",bytes_left)); */ @@ -690,7 +689,7 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, /* Now see if there is enough room to add */ ee_new = read_package_entry( ps, q_u, r_u,&entry ); if ( !ee_new ) - return WERR_NOMEM; + return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { @@ -716,7 +715,7 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, q_u->max_read_size ) ); } else { DEBUG( 8, ( "get_eventlog_record returned NULL\n" ) ); - return WERR_NOMEM; /* wrong error - but return one anyway */ + return NT_STATUS_NO_MEMORY; /* wrong error - but return one anyway */ } @@ -726,39 +725,39 @@ WERROR _eventlog_read_eventlog( pipes_struct * p, record_number--; } - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************** ********************************************************************/ -WERROR _eventlog_get_oldest_entry( pipes_struct * p, +NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, EVENTLOG_Q_GET_OLDEST_ENTRY * q_u, EVENTLOG_R_GET_OLDEST_ENTRY * r_u ) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); if ( !( get_oldest_entry_hook( info ) ) ) - return WERR_BADFILE; + return NT_STATUS_ACCESS_DENIED; r_u->oldest_entry = info->oldest_entry; - return WERR_OK; + return NT_STATUS_OK; } /******************************************************************** ********************************************************************/ -WERROR _eventlog_get_num_records( pipes_struct * p, +NTSTATUS _eventlog_get_num_records( pipes_struct * p, EVENTLOG_Q_GET_NUM_RECORDS * q_u, EVENTLOG_R_GET_NUM_RECORDS * r_u ) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); if ( !( get_num_records_hook( info ) ) ) - return WERR_BADFILE; + return NT_STATUS_ACCESS_DENIED; r_u->num_records = info->num_records; - return WERR_OK; + return NT_STATUS_OK; } -- cgit From 70cac98b6e1871cf93b379a4834de1778853de86 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 17 Nov 2005 17:41:02 +0000 Subject: r11760: fix sequential reads in the eventlog; event viewer is behaving better now as well but needs more testing (This used to be commit ba2f94aeae1f8e69d53fc360785adf222a8c9c6e) --- source3/rpc_server/srv_eventlog_nt.c | 186 ++++++++++++++++++++--------------- 1 file changed, 105 insertions(+), 81 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 6413221031..0f0b73029a 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -28,6 +28,7 @@ typedef struct { char *logname; TDB_CONTEXT *tdb; + uint32 current_record; uint32 num_records; uint32 oldest_entry; uint32 flags; @@ -130,6 +131,45 @@ static BOOL elog_validate_logname( const char *name ) return False; } +/******************************************************************** +********************************************************************/ + +static BOOL get_num_records_hook( EVENTLOG_INFO * info ) +{ + int next_record; + int oldest_record; + + if ( !info->tdb ) { + DEBUG( 10, ( "No open tdb for %s\n", info->logname ) ); + return False; + } + + /* lock the tdb since we have to get 2 records */ + + tdb_lock_bystring( info->tdb, EVT_NEXT_RECORD, 1 ); + next_record = tdb_fetch_int32( info->tdb, EVT_NEXT_RECORD); + oldest_record = tdb_fetch_int32( info->tdb, EVT_OLDEST_ENTRY); + tdb_unlock_bystring( info->tdb, EVT_NEXT_RECORD); + + DEBUG( 8, + ( "Oldest Record %d; Next Record %d\n", oldest_record, + next_record ) ); + + info->num_records = ( next_record - oldest_record ); + info->oldest_entry = oldest_record; + + return True; +} + +/******************************************************************** + ********************************************************************/ + +static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info ) +{ + /* it's the same thing */ + return get_num_records_hook( info ); +} + /******************************************************************** ********************************************************************/ @@ -199,6 +239,15 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn return NT_STATUS_NO_MEMORY; } + /* set the initial current_record pointer */ + + if ( !get_oldest_entry_hook( elog ) ) { + DEBUG(3,("elog_open: Successfully opened eventlog but can't " + "get any information on internal records!\n")); + } + + elog->current_record = elog->oldest_entry; + return NT_STATUS_OK; } @@ -397,45 +446,6 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) return True; } -/******************************************************************** -********************************************************************/ - -static BOOL get_num_records_hook( EVENTLOG_INFO * info ) -{ - int next_record; - int oldest_record; - - if ( !info->tdb ) { - DEBUG( 10, ( "No open tdb for %s\n", info->logname ) ); - return False; - } - - /* lock the tdb since we have to get 2 records */ - - tdb_lock_bystring( info->tdb, EVT_NEXT_RECORD, 1 ); - next_record = tdb_fetch_int32( info->tdb, EVT_NEXT_RECORD); - oldest_record = tdb_fetch_int32( info->tdb, EVT_OLDEST_ENTRY); - tdb_unlock_bystring( info->tdb, EVT_NEXT_RECORD); - - DEBUG( 8, - ( "Oldest Record %d; Next Record %d\n", oldest_record, - next_record ) ); - - info->num_records = ( next_record - oldest_record ); - info->oldest_entry = oldest_record; - - return True; -} - -/******************************************************************** - ********************************************************************/ - -static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info ) -{ - /* it's the same thing */ - return get_num_records_hook( info ); -} - /******************************************************************** ********************************************************************/ @@ -661,71 +671,85 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); Eventlog_entry entry, *ee_new; - uint32 num_records_read = 0; prs_struct *ps; int bytes_left, record_number; - TDB_CONTEXT *tdb; - info->flags = q_u->flags; ps = &p->out_data.rdata; + uint32 elog_read_type, elog_read_dir; bytes_left = q_u->max_read_size; - tdb = info->tdb; - if ( !tdb ) { + + if ( !info->tdb ) return NT_STATUS_ACCESS_DENIED; + + /* check for valid flags. Can't use the sequential and seek flags together */ + + elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ); + elog_read_dir = q_u->flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ); + + if ( elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) + || elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ) ) + { + DEBUG(3,("_eventlog_read_eventlog: Invalid flags [0x%x] for ReadEventLog\n", q_u->flags)); + return NT_STATUS_INVALID_PARAMETER; } - /* DEBUG(8,("Bytes left is %d\n",bytes_left)); */ + /* a sequential read should ignore the offset */ - record_number = q_u->offset; + if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ ) + record_number = info->current_record; + else + record_number = q_u->offset; while ( bytes_left > 0 ) { - if ( get_eventlog_record - ( ps, tdb, record_number, &entry ) ) { - DEBUG( 8, - ( "Retrieved record %d\n", record_number ) ); + + /* assume that when the record fetch fails, that we are done */ + + if ( !get_eventlog_record ( ps, info->tdb, record_number, &entry ) ) + break; + + DEBUG( 8, ( "Retrieved record %d\n", record_number ) ); - /* Now see if there is enough room to add */ - ee_new = read_package_entry( ps, q_u, r_u,&entry ); - if ( !ee_new ) - return NT_STATUS_NO_MEMORY; - - if ( r_u->num_bytes_in_resp + ee_new->record.length > - q_u->max_read_size ) { - r_u->bytes_in_next_record = - ee_new->record.length; - - /* response would be too big to fit in client-size buffer */ + /* Now see if there is enough room to add */ + + if ( !(ee_new = read_package_entry( ps, q_u, r_u,&entry )) ) + return NT_STATUS_NO_MEMORY; + + if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { + r_u->bytes_in_next_record = ee_new->record.length; + + /* response would be too big to fit in client-size buffer */ - bytes_left = 0; - break; - } + bytes_left = 0; + break; + } - add_record_to_resp( r_u, ee_new ); - bytes_left -= ee_new->record.length; - ZERO_STRUCT( entry ); - num_records_read = - r_u->num_records - num_records_read; + add_record_to_resp( r_u, ee_new ); + bytes_left -= ee_new->record.length; + ZERO_STRUCT( entry ); + num_records_read = r_u->num_records - num_records_read; - DEBUG( 10, - ( "_eventlog_read_eventlog: read [%d] records for a total of [%d] records using [%d] bytes out of a max of [%d].\n", - num_records_read, r_u->num_records, - r_u->num_bytes_in_resp, - q_u->max_read_size ) ); - } else { - DEBUG( 8, ( "get_eventlog_record returned NULL\n" ) ); - return NT_STATUS_NO_MEMORY; /* wrong error - but return one anyway */ - } - + DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total " + "of [%d] records using [%d] bytes out of a max of [%d].\n", + num_records_read, r_u->num_records, + r_u->num_bytes_in_resp, + q_u->max_read_size ) ); if ( info->flags & EVENTLOG_FORWARDS_READ ) record_number++; else record_number--; + + /* update the eventlog record pointer */ + + info->current_record = record_number; } - - return NT_STATUS_OK; + + /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to + say when there are no more records */ + + return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL); } /******************************************************************** -- cgit From 5251618c7fff7635a4b64072f88eaf5e4e25761e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 17 Nov 2005 20:08:59 +0000 Subject: r11761: * fix clearing of event logs by truncating the tdb. This feature got broken in some of the other updates. Now each open handle stores an pointer to an open tdb data structure (not the tdb pointer itself). Clearing can be done with a simple elog_close_tdb( elog, True ) to force a close and then calling elog_open_tdb( logname, True ) to force an tdb truncate. Permissions on existing tdbs are maintained which is important. * We don't currently handle backup. Haven't looked at the format of a backuped up eventlog to know what the deal is. (This used to be commit 2df34c9403446d12f1ceeac38cbda5d3ba805b02) --- source3/rpc_server/srv_eventlog_nt.c | 64 ++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 29 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 0f0b73029a..05feb51f95 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -27,7 +27,7 @@ typedef struct { char *logname; - TDB_CONTEXT *tdb; + ELOG_TDB *etdb; uint32 current_record; uint32 num_records; uint32 oldest_entry; @@ -42,8 +42,8 @@ static void free_eventlog_info( void *ptr ) { EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr; - if ( elog->tdb ) - elog_close_tdb( elog->tdb ); + if ( elog->etdb ) + elog_close_tdb( elog->etdb, False ); TALLOC_FREE( elog ); } @@ -139,17 +139,17 @@ static BOOL get_num_records_hook( EVENTLOG_INFO * info ) int next_record; int oldest_record; - if ( !info->tdb ) { + if ( !info->etdb ) { DEBUG( 10, ( "No open tdb for %s\n", info->logname ) ); return False; } /* lock the tdb since we have to get 2 records */ - tdb_lock_bystring( info->tdb, EVT_NEXT_RECORD, 1 ); - next_record = tdb_fetch_int32( info->tdb, EVT_NEXT_RECORD); - oldest_record = tdb_fetch_int32( info->tdb, EVT_OLDEST_ENTRY); - tdb_unlock_bystring( info->tdb, EVT_NEXT_RECORD); + tdb_lock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 ); + next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD); + oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY); + tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD); DEBUG( 8, ( "Oldest Record %d; Next Record %d\n", oldest_record, @@ -193,10 +193,10 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn in a single process */ become_root(); - elog->tdb = elog_open_tdb( elog->logname ); + elog->etdb = elog_open_tdb( elog->logname, False ); unbecome_root(); - if ( !elog->tdb ) { + if ( !elog->etdb ) { /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ @@ -213,11 +213,11 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn } become_root(); - elog->tdb = elog_open_tdb( elog->logname ); + elog->etdb = elog_open_tdb( elog->logname, False ); unbecome_root(); } - if ( !elog->tdb ) { + if ( !elog->etdb ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; /* ??? */ } @@ -226,7 +226,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn /* now do the access check. Close the tdb if we fail here */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { - elog_close_tdb( elog->tdb ); + elog_close_tdb( elog->etdb, False ); TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } @@ -268,12 +268,12 @@ static NTSTATUS elog_close( pipes_struct *p, POLICY_HND *hnd ) static int elog_size( EVENTLOG_INFO *info ) { - if ( !info || !info->tdb ) { + if ( !info || !info->etdb ) { DEBUG(0,("elog_size: Invalid info* structure!\n")); return 0; } - return elog_tdb_size( info->tdb, NULL, NULL ); + return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL ); } /******************************************************************** @@ -397,7 +397,7 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); - if ( !info->tdb ) { + if ( !info->etdb ) { DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) ); return False; } @@ -440,8 +440,8 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) regkey_close_internal( keyinfo ); - tdb_store_int32( info->tdb, EVT_MAXSIZE, uiMaxSize ); - tdb_store_int32( info->tdb, EVT_RETENTION, uiRetention ); + tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize ); + tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention ); return True; } @@ -610,7 +610,7 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p, DEBUG(10,("_eventlog_open_eventlog: Size [%d]\n", elog_size( info ))); sync_eventlog_params( info ); - prune_eventlog( info->tdb ); + prune_eventlog( ELOG_TDB_CTX(info->etdb) ); return NT_STATUS_OK; } @@ -634,20 +634,26 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer, sizeof( backup_file_name ), q_u->backupfile.string->uni_str_len * 2, 0 ); + + DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup " + "file name for log [%s].", + backup_file_name, info->logname ) ); } - DEBUG( 8, - ( "_eventlog_clear_eventlog: Using [%s] as the backup file name for log [%s].", - backup_file_name, info->logname ) ); + /* check for WRITE access to the file */ + + if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) ) + return NT_STATUS_ACCESS_DENIED; -#if 0 - /* close the current one, reinit */ + /* Force a close and reopen */ - tdb_close( info->tdb ); + elog_close_tdb( info->etdb, True ); + become_root(); + info->etdb = elog_open_tdb( info->logname, True ); + unbecome_root(); - if ( !(info->tdb = elog_init_tdb( ttdb[i].tdbfname )) ) + if ( !info->etdb ) return NT_STATUS_ACCESS_DENIED; -#endif return NT_STATUS_OK; } @@ -680,7 +686,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, bytes_left = q_u->max_read_size; - if ( !info->tdb ) + if ( !info->etdb ) return NT_STATUS_ACCESS_DENIED; /* check for valid flags. Can't use the sequential and seek flags together */ @@ -706,7 +712,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* assume that when the record fetch fails, that we are done */ - if ( !get_eventlog_record ( ps, info->tdb, record_number, &entry ) ) + if ( !get_eventlog_record ( ps, ELOG_TDB_CTX(info->etdb), record_number, &entry ) ) break; DEBUG( 8, ( "Retrieved record %d\n", record_number ) ); -- cgit From 1ce288386575fb1c9d464ff463094c2294cb5564 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 17 Nov 2005 21:03:22 +0000 Subject: r11762: fix my build breakage (This used to be commit 9ee851630ec3443f27a61de6eaf222c74d2d064a) --- source3/rpc_server/srv_eventlog_nt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 05feb51f95..658928b927 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -680,9 +680,10 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, uint32 num_records_read = 0; prs_struct *ps; int bytes_left, record_number; + uint32 elog_read_type, elog_read_dir; + info->flags = q_u->flags; ps = &p->out_data.rdata; - uint32 elog_read_type, elog_read_dir; bytes_left = q_u->max_read_size; -- cgit From d1f91f7c723733113b4e9792042101c80dfc064c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Dec 2005 06:46:46 +0000 Subject: r12043: It's amazing the warnings you find when compiling on a 64-bit box with gcc4 and -O6... Fix a bunch of C99 dereferencing type-punned pointer will break strict-aliasing rules errors. Also added prs_int32 (not uint32...) as it's needed in one place. Find places where prs_uint32 was being used to marshall/unmarshall a time_t (a big no no on 64-bits). More warning fixes to come. Thanks to Volker for nudging me to compile like this. Jeremy. (This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 658928b927..a8b9c66717 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -56,7 +56,7 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p, { EVENTLOG_INFO *info; - if ( !find_policy_by_hnd( p, handle, ( void ** ) &info ) ) { + if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) { DEBUG( 2, ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) ); return NULL; -- cgit From e17302200c138eec7df504a7f4b2bde46073a810 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Apr 2006 11:49:06 +0000 Subject: r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index a8b9c66717..284ee37348 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -146,7 +146,7 @@ static BOOL get_num_records_hook( EVENTLOG_INFO * info ) /* lock the tdb since we have to get 2 records */ - tdb_lock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 ); + tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 ); next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD); oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY); tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD); -- cgit From 3c34f6085af1e168a1fe7602ae01ba643a7781bd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 20 Jun 2006 09:16:53 +0000 Subject: r16409: Fix Klocwork ID's. 1177 In reg_perfcount.c: 1200 1202 1203 1204 In regfio.c: 1243 1245 1246 1247 1251 Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This is really your code, and I'm not sure I did the right thing to return an error. smbcacls.c: 1377 srv_eventlog_nt.c: 1415 1416 1417 srv_lsa_nt.c: 1420 1421 srv_netlog_nt.c: 1429 srv_samr_nt: 1458 1459 1460 Volker Volker (This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff) --- source3/rpc_server/srv_eventlog_nt.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 284ee37348..c1c0b6a0e2 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -682,6 +682,10 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, int bytes_left, record_number; uint32 elog_read_type, elog_read_dir; + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + info->flags = q_u->flags; ps = &p->out_data.rdata; @@ -768,6 +772,10 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_oldest_entry_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; @@ -785,6 +793,10 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_num_records_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; -- cgit From 429cd6db0b32ee0e91a12548d83e82a7f7b6571c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Jun 2006 00:42:24 +0000 Subject: r16542: Fix #3863, reported by jason@ncac.gwu.edu Jeremy. (This used to be commit cde8323fdc4d4ddaa30e8c59bec89dc130fe26a6) --- source3/rpc_server/srv_eventlog_nt.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index c1c0b6a0e2..79839a0a52 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -289,12 +289,10 @@ Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, int srecno; int reclen; int len; - uint8 *rbuff; pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata; key.dsize = sizeof( int32 ); - rbuff = NULL; srecno = recno; key.dptr = ( char * ) &srecno; -- cgit From 9bb1f909fdc7e4c4d52382d3a920e156e39c3768 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 18 Nov 2006 17:06:43 +0000 Subject: r19775: Fix typo (This used to be commit 370e29ebb9da92c9072bdd4eec84980b5753089a) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 79839a0a52..ec07981de9 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -405,7 +405,7 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) uiRetention = 604800; /* the general idea is to internally open the registry - key and retreive the values. That way we can continue + key and retrieve the values. That way we can continue to use the same fetch/store api that we use in srv_reg_nt.c */ -- cgit From e82cd437cc3c93e25f56d3326d6ba527a33ebfbf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Nov 2006 10:50:33 +0000 Subject: r19778: Make regkey_open_internal take a talloc ctx (This used to be commit cb7f4211b8441642dce9594522dc9588475a7719) --- source3/rpc_server/srv_eventlog_nt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index ec07981de9..ba366ed983 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -411,9 +411,8 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); - wresult = - regkey_open_internal( &keyinfo, path, get_root_nt_token( ), - REG_KEY_READ ); + wresult = regkey_open_internal( + NULL, &keyinfo, path, get_root_nt_token(), REG_KEY_READ ); if ( !W_ERROR_IS_OK( wresult ) ) { DEBUG( 4, -- cgit From bfad4421449d7f49287b1ebe81bf572c271f8fca Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Nov 2006 11:11:01 +0000 Subject: r19780: Ok, regkey_open_internal needs a regkey_close_internal. Giving a talloc ctx is misleading here. This needs fixing properly :-) Volker (This used to be commit f808182346aa16bb2f3a9383e28d318099a5e14e) --- source3/rpc_server/srv_eventlog_nt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index ba366ed983..ec07981de9 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -411,8 +411,9 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); - wresult = regkey_open_internal( - NULL, &keyinfo, path, get_root_nt_token(), REG_KEY_READ ); + wresult = + regkey_open_internal( &keyinfo, path, get_root_nt_token( ), + REG_KEY_READ ); if ( !W_ERROR_IS_OK( wresult ) ) { DEBUG( 4, -- cgit From 1c91cca86eacc74c2785c54bc75c5ff18d7a773d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 29 Nov 2006 10:51:00 +0000 Subject: r19947: Change regkey_open_internal to take the parent key and a talloc_ctx as arguments. This also replaces regkey_close_internal by TALLOC_FREE. Volker (This used to be commit a177bbb2d5611f03cec25b7577c2e6a542f94a69) --- source3/rpc_server/srv_eventlog_nt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index ec07981de9..73dfd42184 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -411,9 +411,8 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); - wresult = - regkey_open_internal( &keyinfo, path, get_root_nt_token( ), - REG_KEY_READ ); + wresult = regkey_open_internal( NULL, NULL, &keyinfo, path, + get_root_nt_token( ), REG_KEY_READ ); if ( !W_ERROR_IS_OK( wresult ) ) { DEBUG( 4, @@ -436,7 +435,7 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL ) uiMaxSize = IVAL( regval_data_p( val ), 0 ); - regkey_close_internal( keyinfo ); + TALLOC_FREE( keyinfo ); tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize ); tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention ); -- cgit From ecf90c495eb850cd6f376fb4e090640b69f0c029 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 1 Dec 2006 20:01:09 +0000 Subject: r19991: Sorry for this 2000-liner... The main thing here is a rewrite of srv_winreg_nt.c. The core functionality has moved to registry/reg_api.c which is then usable by the rest of Samba as well. On that way it fixes creating keys with more than one element in the path. This did not work before. Two things that sneaked in (sorry :-) is the change of some routines from NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal. Volker (This used to be commit fea52801de8c7b85c578d200c599475680c5339f) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 73dfd42184..6911bdcd3b 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -411,7 +411,7 @@ static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); - wresult = regkey_open_internal( NULL, NULL, &keyinfo, path, + wresult = regkey_open_internal( NULL, &keyinfo, path, get_root_nt_token( ), REG_KEY_READ ); if ( !W_ERROR_IS_OK( wresult ) ) { -- cgit From e59e787b4868acffad49b6264e319d585643d5ab Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 20 Dec 2006 01:10:04 +0000 Subject: r20269: merge -r20264:20267 from SAMBA_3_0_24 more no previous prototype warnings (This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 6911bdcd3b..519be60199 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -281,7 +281,7 @@ static int elog_size( EVENTLOG_INFO *info ) Eventlog_entry. returns NULL if it can't get the record for some reason. ********************************************************************/ -Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, +static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, int recno, Eventlog_entry * ee ) { TDB_DATA ret, key; -- cgit From bc2b6436d0f5f3e9ffdfaeb7f1b32996a83d5478 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 29 Mar 2007 09:35:51 +0000 Subject: r22009: change TDB_DATA from char * to unsigned char * and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 519be60199..753772642a 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -295,7 +295,7 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, key.dsize = sizeof( int32 ); srecno = recno; - key.dptr = ( char * ) &srecno; + key.dptr = ( uint8 * ) &srecno; ret = tdb_fetch( tdb, key ); -- cgit From 97a164ba96d48a81d5e24dda6b866a4d78ea1a78 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 31 May 2007 17:59:04 +0000 Subject: r23274: merge CloseEventlog() pidl conversion from 3.0.26 && fix a few init call renames for svcctl in the previous commit (This used to be commit ebcae48ec10fefa74efcc3563cff50e3b9c2388c) --- source3/rpc_server/srv_eventlog_nt.c | 145 ++++++++++++++++++++++++++++++++++- 1 file changed, 141 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 753772642a..85990055dd 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -658,11 +658,9 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, /******************************************************************** ********************************************************************/ -NTSTATUS _eventlog_close_eventlog( pipes_struct * p, - EVENTLOG_Q_CLOSE_EVENTLOG * q_u, - EVENTLOG_R_CLOSE_EVENTLOG * r_u ) +NTSTATUS _eventlog_CloseEventLog( pipes_struct * p, struct eventlog_CloseEventLog *r ) { - return elog_close( p, &q_u->handle ); + return elog_close( p, r->in.handle ); } /******************************************************************** @@ -801,3 +799,142 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p, return NT_STATUS_OK; } + +NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, struct eventlog_GetNumRecords *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, struct eventlog_GetOldestRecord *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, struct eventlog_OpenEventLogW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p, struct eventlog_ReadEventLogW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ReportEventW(pipes_struct *p, struct eventlog_ReportEventW *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_GetLogIntormation(pipes_struct *p, struct eventlog_GetLogIntormation *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS _eventlog_FlushEventLog(pipes_struct *p, struct eventlog_FlushEventLog *r) +{ + p->rng_fault_state = True; + return NT_STATUS_NOT_IMPLEMENTED; +} + -- cgit From d1d2157153d7a4b3e7918bcc91c50445bf9a6771 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 22 Jun 2007 19:33:46 +0000 Subject: r23591: Fix bug #4725. Don't crash when no eventlogs specified. Needs merging for 3.0.25b. Jeremy. (This used to be commit ae239fec6faa79018c818506b391b829ccd685f8) --- source3/rpc_server/srv_eventlog_nt.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 85990055dd..c8be6a9b34 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -123,6 +123,10 @@ static BOOL elog_validate_logname( const char *name ) int i; const char **elogs = lp_eventlog_list(); + if (!elogs) { + return False; + } + for ( i=0; elogs[i]; i++ ) { if ( strequal( name, elogs[i] ) ) return True; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index c8be6a9b34..76e8760d6d 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -7,7 +7,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/rpc_server/srv_eventlog_nt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 76e8760d6d..32940b3417 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -16,8 +16,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/rpc_server/srv_eventlog_nt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 32940b3417..d86da9054c 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -67,11 +67,11 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p, /******************************************************************** ********************************************************************/ -static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) +static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { char *tdbname = elog_tdbname( info->logname ); SEC_DESC *sec_desc; - BOOL ret; + bool ret; NTSTATUS ntstatus; if ( !tdbname ) @@ -117,7 +117,7 @@ static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /******************************************************************** ********************************************************************/ -static BOOL elog_validate_logname( const char *name ) +static bool elog_validate_logname( const char *name ) { int i; const char **elogs = lp_eventlog_list(); @@ -137,7 +137,7 @@ static BOOL elog_validate_logname( const char *name ) /******************************************************************** ********************************************************************/ -static BOOL get_num_records_hook( EVENTLOG_INFO * info ) +static bool get_num_records_hook( EVENTLOG_INFO * info ) { int next_record; int oldest_record; @@ -167,7 +167,7 @@ static BOOL get_num_records_hook( EVENTLOG_INFO * info ) /******************************************************************** ********************************************************************/ -static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info ) +static bool get_oldest_entry_hook( EVENTLOG_INFO * info ) { /* it's the same thing */ return get_num_records_hook( info ); @@ -385,7 +385,7 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, since it uses the table to find the tdb handle ********************************************************************/ -static BOOL sync_eventlog_params( EVENTLOG_INFO *info ) +static bool sync_eventlog_params( EVENTLOG_INFO *info ) { pstring path; uint32 uiMaxSize; @@ -543,7 +543,7 @@ static Eventlog_entry *read_package_entry( prs_struct * ps, /******************************************************************** ********************************************************************/ -static BOOL add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, +static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, Eventlog_entry * ee_new ) { Eventlog_entry *insert_point; -- cgit From 3a452a15b7185dd4023c7dc8d44004c962f39d98 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Nov 2007 11:22:58 -0800 Subject: Remove pstring from everything in rpc_server except srv_spoolss_nt.c and srv_srvsvc_nt.c. They're next :-). Jeremy. (This used to be commit 55b4f9d003b036af69085f7b64e0df08c5ba440d) --- source3/rpc_server/srv_eventlog_nt.c | 162 +++++++++++++++++++++++------------ 1 file changed, 105 insertions(+), 57 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index d86da9054c..cd06be1984 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -69,7 +69,7 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p, static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { - char *tdbname = elog_tdbname( info->logname ); + char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; bool ret; NTSTATUS ntstatus; @@ -280,22 +280,28 @@ static int elog_size( EVENTLOG_INFO *info ) } /******************************************************************** - For the given tdb, get the next eventlog record into the passed + For the given tdb, get the next eventlog record into the passed Eventlog_entry. returns NULL if it can't get the record for some reason. ********************************************************************/ -static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, - int recno, Eventlog_entry * ee ) +static Eventlog_entry *get_eventlog_record(prs_struct *ps, + TDB_CONTEXT *tdb, + int recno) { + Eventlog_entry *ee = NULL; TDB_DATA ret, key; int srecno; int reclen; int len; - pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata; + char *wpsource = NULL; + char *wpcomputer = NULL; + char *wpsid = NULL; + char *wpstrs = NULL; + char *puserdata = NULL; - key.dsize = sizeof( int32 ); + key.dsize = sizeof(int32); srecno = recno; key.dptr = ( uint8 * ) &srecno; @@ -316,10 +322,11 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, if ( !len ) return NULL; - /* ee = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); */ - - if ( !ee ) + ee = TALLOC_ARRAY(ps->mem_ctx, Eventlog_entry, 1); + if (!ee) { return NULL; + } + ZERO_STRUCTP(ee); len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd", &ee->record.length, &ee->record.reserved1, @@ -347,36 +354,67 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, /* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff into it's 2nd argment for 'B' */ - if ( wpcomputer ) - memcpy( ee->data_record.computer_name, wpcomputer, - ee->data_record.computer_name_len ); - if ( wpsource ) - memcpy( ee->data_record.source_name, wpsource, - ee->data_record.source_name_len ); - - if ( wpsid ) - memcpy( ee->data_record.sid, wpsid, - ee->record.user_sid_length ); - if ( wpstrs ) - memcpy( ee->data_record.strings, wpstrs, - ee->data_record.strings_len ); - - /* note that userdata is a pstring */ - if ( puserdata ) - memcpy( ee->data_record.user_data, puserdata, - ee->data_record.user_data_len ); - - SAFE_FREE( wpcomputer ); - SAFE_FREE( wpsource ); - SAFE_FREE( wpsid ); - SAFE_FREE( wpstrs ); - SAFE_FREE( puserdata ); + if (wpcomputer) { + ee->data_record.computer_name = TALLOC_MEMDUP(ee, + wpcomputer, + ee->data_record.computer_name_len); + if (!ee->data_record.computer_name) { + TALLOC_FREE(ee); + goto out; + } + } + if (wpsource) { + ee->data_record.source_name = TALLOC_MEMDUP(ee, + wpsource, + ee->data_record.source_name_len); + if (!ee->data_record.source_name) { + TALLOC_FREE(ee); + goto out; + } + } + + if (wpsid) { + ee->data_record.sid = TALLOC_MEMDUP(ee, + wpsid, + ee->record.user_sid_length); + if (!ee->data_record.sid) { + TALLOC_FREE(ee); + goto out; + } + } + if (wpstrs) { + ee->data_record.strings = TALLOC_MEMDUP(ee, + wpstrs, + ee->data_record.strings_len); + if (!ee->data_record.strings) { + TALLOC_FREE(ee); + goto out; + } + } + + if (puserdata) { + ee->data_record.user_data = TALLOC_MEMDUP(ee, + puserdata, + ee->data_record.user_data_len); + if (!ee->data_record.user_data) { + TALLOC_FREE(ee); + goto out; + } + } + + out: + + SAFE_FREE(wpcomputer); + SAFE_FREE(wpsource); + SAFE_FREE(wpsid); + SAFE_FREE(wpstrs); + SAFE_FREE(puserdata); DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) ); DEBUG( 10, ( "get_eventlog_record: computer_name %d is ", ee->data_record.computer_name_len ) ); - SAFE_FREE( ret.dptr ); + SAFE_FREE(ret.dptr); return ee; } @@ -387,7 +425,7 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb, static bool sync_eventlog_params( EVENTLOG_INFO *info ) { - pstring path; + char *path = NULL; uint32 uiMaxSize; uint32 uiRetention; REGISTRY_KEY *keyinfo; @@ -395,6 +433,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) REGVAL_CTR *values; WERROR wresult; char *elogname = info->logname; + TALLOC_CTX *ctx = talloc_tos(); DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); @@ -412,7 +451,10 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) to use the same fetch/store api that we use in srv_reg_nt.c */ - pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname ); + path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); + if (!path) { + return false; + } wresult = regkey_open_internal( NULL, &keyinfo, path, get_root_nt_token( ), REG_KEY_READ ); @@ -624,16 +666,20 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, EVENTLOG_R_CLEAR_EVENTLOG * r_u ) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - pstring backup_file_name; + char *backup_file_name = NULL; if ( !info ) return NT_STATUS_INVALID_HANDLE; - pstrcpy( backup_file_name, "" ); - if ( q_u->backupfile.string ) { - rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer, - sizeof( backup_file_name ), - q_u->backupfile.string->uni_str_len * 2, 0 ); + if (q_u->backupfile.string) { + size_t len = rpcstr_pull_talloc(p->mem_ctx, + &backup_file_name, + q_u->backupfile.string->buffer, + q_u->backupfile.string->uni_str_len * 2, + 0 ); + if (len == (size_t)-1 || !backup_file_name) { + return NT_STATUS_INVALID_PARAMETER; + } DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup " "file name for log [%s].", @@ -647,7 +693,7 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, /* Force a close and reopen */ - elog_close_tdb( info->etdb, True ); + elog_close_tdb( info->etdb, True ); become_root(); info->etdb = elog_open_tdb( info->logname, True ); unbecome_root(); @@ -674,7 +720,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, EVENTLOG_R_READ_EVENTLOG * r_u ) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - Eventlog_entry entry, *ee_new; + Eventlog_entry *entry = NULL, *ee_new = NULL; uint32 num_records_read = 0; prs_struct *ps; int bytes_left, record_number; @@ -689,9 +735,9 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, bytes_left = q_u->max_read_size; - if ( !info->etdb ) + if ( !info->etdb ) return NT_STATUS_ACCESS_DENIED; - + /* check for valid flags. Can't use the sequential and seek flags together */ elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ); @@ -708,37 +754,39 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ ) record_number = info->current_record; - else + else record_number = q_u->offset; while ( bytes_left > 0 ) { /* assume that when the record fetch fails, that we are done */ - if ( !get_eventlog_record ( ps, ELOG_TDB_CTX(info->etdb), record_number, &entry ) ) + entry = get_eventlog_record (ps, ELOG_TDB_CTX(info->etdb), record_number); + if (!entry) { break; + } DEBUG( 8, ( "Retrieved record %d\n", record_number ) ); - + /* Now see if there is enough room to add */ - if ( !(ee_new = read_package_entry( ps, q_u, r_u,&entry )) ) + if ( !(ee_new = read_package_entry( ps, q_u, r_u, entry )) ) return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { r_u->bytes_in_next_record = ee_new->record.length; /* response would be too big to fit in client-size buffer */ - + bytes_left = 0; break; } - + add_record_to_resp( r_u, ee_new ); bytes_left -= ee_new->record.length; - ZERO_STRUCT( entry ); + TALLOC_FREE(entry); num_records_read = r_u->num_records - num_records_read; - + DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total " "of [%d] records using [%d] bytes out of a max of [%d].\n", num_records_read, r_u->num_records, @@ -749,13 +797,13 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, record_number++; else record_number--; - + /* update the eventlog record pointer */ - + info->current_record = record_number; } - /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to + /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to say when there are no more records */ return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL); -- cgit From bbf2cb6da994ac73dd7ea26d81f724aa04b5a3cb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 1 Dec 2007 11:43:12 +0100 Subject: Fix some C++ warnings (This used to be commit 156c7f10bb63a610f85b52242cfd1b67bfa73c29) --- source3/rpc_server/srv_eventlog_nt.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index cd06be1984..3c9c835bad 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -355,18 +355,16 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, into it's 2nd argment for 'B' */ if (wpcomputer) { - ee->data_record.computer_name = TALLOC_MEMDUP(ee, - wpcomputer, - ee->data_record.computer_name_len); + ee->data_record.computer_name = (smb_ucs2_t *)TALLOC_MEMDUP( + ee, wpcomputer, ee->data_record.computer_name_len); if (!ee->data_record.computer_name) { TALLOC_FREE(ee); goto out; } } if (wpsource) { - ee->data_record.source_name = TALLOC_MEMDUP(ee, - wpsource, - ee->data_record.source_name_len); + ee->data_record.source_name = (smb_ucs2_t *)TALLOC_MEMDUP( + ee, wpsource, ee->data_record.source_name_len); if (!ee->data_record.source_name) { TALLOC_FREE(ee); goto out; @@ -374,18 +372,16 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, } if (wpsid) { - ee->data_record.sid = TALLOC_MEMDUP(ee, - wpsid, - ee->record.user_sid_length); + ee->data_record.sid = (smb_ucs2_t *)TALLOC_MEMDUP( + ee, wpsid, ee->record.user_sid_length); if (!ee->data_record.sid) { TALLOC_FREE(ee); goto out; } } if (wpstrs) { - ee->data_record.strings = TALLOC_MEMDUP(ee, - wpstrs, - ee->data_record.strings_len); + ee->data_record.strings = (smb_ucs2_t *)TALLOC_MEMDUP( + ee, wpstrs, ee->data_record.strings_len); if (!ee->data_record.strings) { TALLOC_FREE(ee); goto out; @@ -393,9 +389,8 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, } if (puserdata) { - ee->data_record.user_data = TALLOC_MEMDUP(ee, - puserdata, - ee->data_record.user_data_len); + ee->data_record.user_data = (char *)TALLOC_MEMDUP( + ee, puserdata, ee->data_record.user_data_len); if (!ee->data_record.user_data) { TALLOC_FREE(ee); goto out; -- cgit From 00f3df3c131ac6054e1a8d0565cd87ab8a49265b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jan 2008 01:47:00 +0100 Subject: Convert sync_eventlog_params() to use reg_api instead of reg_frontend. This is a step towards untangling the registry. All places should use reg_api.c, reg_frontend should actually more appropriately be named reg_backend_dispatcher and hidden from callers. :-) Michael (This used to be commit 92e95fe58500dc8bf89bb43c1d65559702363767) --- source3/rpc_server/srv_eventlog_nt.c | 46 ++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 20 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 3c9c835bad..0ea34e54ad 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -423,12 +423,12 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) char *path = NULL; uint32 uiMaxSize; uint32 uiRetention; - REGISTRY_KEY *keyinfo; - REGISTRY_VALUE *val; - REGVAL_CTR *values; + struct registry_key *key; + struct registry_value *value; WERROR wresult; char *elogname = info->logname; TALLOC_CTX *ctx = talloc_tos(); + bool ret = false; DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); @@ -451,36 +451,42 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) return false; } - wresult = regkey_open_internal( NULL, &keyinfo, path, - get_root_nt_token( ), REG_KEY_READ ); + wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(), + &key); if ( !W_ERROR_IS_OK( wresult ) ) { DEBUG( 4, ( "sync_eventlog_params: Failed to open key [%s] (%s)\n", path, dos_errstr( wresult ) ) ); - return False; + return false; } - if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) { - TALLOC_FREE( keyinfo ); - DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) ); - - return False; + wresult = reg_queryvalue(key, key, "Retention", &value); + if (!W_ERROR_IS_OK(wresult)) { + DEBUG(4, ("Failed to query value \"Retention\": %s\n", + dos_errstr(wresult))); + ret = false; + goto done; } - fetch_reg_values( keyinfo, values ); - - if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL ) - uiRetention = IVAL( regval_data_p( val ), 0 ); + uiRetention = value->v.dword; - if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL ) - uiMaxSize = IVAL( regval_data_p( val ), 0 ); - - TALLOC_FREE( keyinfo ); + wresult = reg_queryvalue(key, key, "MaxSize", &value); + if (!W_ERROR_IS_OK(wresult)) { + DEBUG(4, ("Failed to query value \"MaxSize\": %s\n", + dos_errstr(wresult))); + ret = false; + goto done; + } + uiMaxSize = value->v.dword; tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize ); tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention ); - return True; + ret = true; + +done: + TALLOC_FREE(ctx); + return true; } /******************************************************************** -- cgit From 5dcc7f7e614fabb75b989baa064c359cef5f902e Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 29 Jan 2008 15:06:59 -0600 Subject: Fix a return value from sync_eventlog_params() (patch from Volker) (This used to be commit 77085f1a58666ac4314924d18c87d4add0553dba) --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 0ea34e54ad..7af8219a3e 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -486,7 +486,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) done: TALLOC_FREE(ctx); - return true; + return ret; } /******************************************************************** -- cgit From 72d0deddc46a12363f930596e1823105caad5f24 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:10:12 +0100 Subject: Use pidl for _eventlog_GetNumRecords(). Guenther (This used to be commit af30a6373e7d85df4bb99e153588498938ddc368) --- source3/rpc_server/srv_eventlog_nt.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 7af8219a3e..2cc7d021ca 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -832,13 +832,13 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, } /******************************************************************** +_eventlog_GetNumRecords ********************************************************************/ -NTSTATUS _eventlog_get_num_records( pipes_struct * p, - EVENTLOG_Q_GET_NUM_RECORDS * q_u, - EVENTLOG_R_GET_NUM_RECORDS * r_u ) +NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, + struct eventlog_GetNumRecords *r) { - EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle ); if (info == NULL) { return NT_STATUS_INVALID_HANDLE; @@ -847,7 +847,7 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p, if ( !( get_num_records_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; - r_u->num_records = info->num_records; + *r->out.number = info->num_records; return NT_STATUS_OK; } @@ -870,12 +870,6 @@ NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_Deregi return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, struct eventlog_GetNumRecords *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, struct eventlog_GetOldestRecord *r) { p->rng_fault_state = True; -- cgit From 8d20f3f9995219ed9459b6c96a2c1285a2b9c204 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:44:51 +0100 Subject: Use pidl for _eventlog_GetOldestRecord(). Guenther (This used to be commit a6a5d99f5206dc4b94f3d0ecceb5198d66afdf41) --- source3/rpc_server/srv_eventlog_nt.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 2cc7d021ca..423f3e55cb 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -811,13 +811,13 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, } /******************************************************************** + _eventlog_GetOldestRecord ********************************************************************/ -NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, - EVENTLOG_Q_GET_OLDEST_ENTRY * q_u, - EVENTLOG_R_GET_OLDEST_ENTRY * r_u ) +NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, + struct eventlog_GetOldestRecord *r) { - EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle ); if (info == NULL) { return NT_STATUS_INVALID_HANDLE; @@ -826,7 +826,7 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, if ( !( get_oldest_entry_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; - r_u->oldest_entry = info->oldest_entry; + *r->out.oldest_entry = info->oldest_entry; return NT_STATUS_OK; } @@ -870,12 +870,6 @@ NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_Deregi return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, struct eventlog_GetOldestRecord *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r) { p->rng_fault_state = True; -- cgit From 48d2990d8c9bfb0037ee2b5386271398ee1492be Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:53:59 +0100 Subject: Use pidl for _eventlog_ClearEventLogW(). Guenther (This used to be commit 70a4ba798cdd3b4daa01c2f6aa693de34288c8b9) --- source3/rpc_server/srv_eventlog_nt.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 423f3e55cb..9250c0fa4f 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -659,28 +659,22 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p, } /******************************************************************** + _eventlog_ClearEventLogW This call still needs some work ********************************************************************/ -NTSTATUS _eventlog_clear_eventlog( pipes_struct * p, - EVENTLOG_Q_CLEAR_EVENTLOG * q_u, - EVENTLOG_R_CLEAR_EVENTLOG * r_u ) +NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, + struct eventlog_ClearEventLogW *r) { - EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); - char *backup_file_name = NULL; + EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle ); + const char *backup_file_name = NULL; if ( !info ) return NT_STATUS_INVALID_HANDLE; - if (q_u->backupfile.string) { - size_t len = rpcstr_pull_talloc(p->mem_ctx, - &backup_file_name, - q_u->backupfile.string->buffer, - q_u->backupfile.string->uni_str_len * 2, - 0 ); - if (len == (size_t)-1 || !backup_file_name) { - return NT_STATUS_INVALID_PARAMETER; - } + if (r->in.backupfile && r->in.backupfile->string) { + + backup_file_name = r->in.backupfile->string; DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup " "file name for log [%s].", @@ -852,12 +846,6 @@ NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, return NT_STATUS_OK; } -NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r) { p->rng_fault_state = True; -- cgit From 221a2a9a5f974fd428e83753af1b70f37332e184 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 10:55:14 +0100 Subject: Copy inline comment for _eventlog_ClearEventLogW() from rpc_parse to rpc_server. Guenther (This used to be commit 26eadadbf628f4d3aa4cd0ab4b55d47dc79c80ba) --- source3/rpc_server/srv_eventlog_nt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 9250c0fa4f..1d9925a555 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -662,6 +662,19 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p, _eventlog_ClearEventLogW This call still needs some work ********************************************************************/ +/** The windows client seems to be doing something funny with the file name + A call like + ClearEventLog(handle, "backup_file") + on the client side will result in the backup file name looking like this on the + server side: + \??\${CWD of client}\backup_file + If an absolute path gets specified, such as + ClearEventLog(handle, "C:\\temp\\backup_file") + then it is still mangled by the client into this: + \??\C:\temp\backup_file + when it is on the wire. + I'm not sure where the \?? is coming from, or why the ${CWD} of the client process + would be added in given that the backup file gets written on the server side. */ NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r) -- cgit From 5ab6d66f13c9c11e4757f8d0a476b94116d74069 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 11:10:18 +0100 Subject: Use pidl for _eventlog_OpenEventLogW(). Guenther (This used to be commit ef293be6cb95225f10e8062b3089dc1bbe5fd013) --- source3/rpc_server/srv_eventlog_nt.c | 35 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 23 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 1d9925a555..06697153b8 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -610,28 +610,23 @@ static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u, } /******************************************************************** + _eventlog_OpenEventLogW ********************************************************************/ -NTSTATUS _eventlog_open_eventlog( pipes_struct * p, - EVENTLOG_Q_OPEN_EVENTLOG * q_u, - EVENTLOG_R_OPEN_EVENTLOG * r_u ) +NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, + struct eventlog_OpenEventLogW *r) { - fstring servername, logname; + const char *servername = ""; + const char *logname = ""; EVENTLOG_INFO *info; NTSTATUS result; - fstrcpy( servername, "" ); - if ( q_u->servername.string ) { - rpcstr_pull( servername, q_u->servername.string->buffer, - sizeof( servername ), - q_u->servername.string->uni_str_len * 2, 0 ); + if (r->in.servername->string) { + servername = r->in.servername->string; } - fstrcpy( logname, "" ); - if ( q_u->logname.string ) { - rpcstr_pull( logname, q_u->logname.string->buffer, - sizeof( logname ), - q_u->logname.string->uni_str_len * 2, 0 ); + if (r->in.logname->string) { + logname = r->in.logname->string; } DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n", @@ -640,13 +635,13 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p, /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) ) + if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) ) return result; - if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) { + if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) { DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n", logname )); - elog_close( p, &r_u->handle ); + elog_close( p, r->out.handle ); return NT_STATUS_INVALID_HANDLE; } @@ -877,12 +872,6 @@ NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, struct eventlog_OpenEventLogW *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r) { p->rng_fault_state = True; -- cgit From a31829ffcd7e768484122094a3bde60fb6d1f44e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 11:33:06 +0100 Subject: Remove unused arguments in read_package_entry() in the eventlog rpc server. Guenther (This used to be commit c2e786d4e2cb53b5a8be45278f221acaa7f5122a) --- source3/rpc_server/srv_eventlog_nt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_eventlog_nt.c') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 06697153b8..0e2bcf4126 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -493,8 +493,6 @@ done: ********************************************************************/ static Eventlog_entry *read_package_entry( prs_struct * ps, - EVENTLOG_Q_READ_EVENTLOG * q_u, - EVENTLOG_R_READ_EVENTLOG * r_u, Eventlog_entry * entry ) { uint8 *offset; @@ -773,7 +771,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* Now see if there is enough room to add */ - if ( !(ee_new = read_package_entry( ps, q_u, r_u, entry )) ) + if ( !(ee_new = read_package_entry( ps, entry )) ) return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { -- cgit