2 Unix SMB/CIFS implementation.
3 test suite for eventlog rpc operations
5 Copyright (C) Tim Potter 2003,2005
6 Copyright (C) Jelmer Vernooij 2004
7 Copyright (C) Guenther Deschner 2009
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "torture/torture.h"
25 #include "librpc/gen_ndr/ndr_eventlog.h"
26 #include "librpc/gen_ndr/ndr_eventlog_c.h"
27 #include "librpc/gen_ndr/ndr_lsa.h"
28 #include "torture/rpc/rpc.h"
29 #include "param/param.h"
31 #define TEST_BACKUP_NAME "samrtorturetest"
33 static void init_lsa_String(struct lsa_String *name, const char *s)
36 name->length = 2*strlen_m(s);
37 name->size = name->length;
40 static bool get_policy_handle(struct torture_context *tctx,
41 struct dcerpc_pipe *p,
42 struct policy_handle *handle)
44 struct eventlog_OpenEventLogW r;
45 struct eventlog_OpenUnknown0 unknown0;
46 struct lsa_String logname, servername;
48 unknown0.unknown0 = 0x005c;
49 unknown0.unknown1 = 0x0001;
51 r.in.unknown0 = &unknown0;
52 init_lsa_String(&logname, "dns server");
53 init_lsa_String(&servername, NULL);
54 r.in.logname = &logname;
55 r.in.servername = &servername;
56 r.in.major_version = 0x00000001;
57 r.in.minor_version = 0x00000001;
58 r.out.handle = handle;
60 torture_assert_ntstatus_ok(tctx,
61 dcerpc_eventlog_OpenEventLogW(p, tctx, &r),
62 "OpenEventLog failed");
64 torture_assert_ntstatus_ok(tctx, r.out.result, "OpenEventLog failed");
71 static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p)
73 struct eventlog_GetNumRecords r;
74 struct eventlog_CloseEventLog cr;
75 struct policy_handle handle;
78 if (!get_policy_handle(tctx, p, &handle))
82 r.in.handle = &handle;
83 r.out.number = &number;
85 torture_assert_ntstatus_ok(tctx,
86 dcerpc_eventlog_GetNumRecords(p, tctx, &r),
87 "GetNumRecords failed");
89 torture_comment(tctx, "%d records\n", *r.out.number);
91 cr.in.handle = cr.out.handle = &handle;
93 torture_assert_ntstatus_ok(tctx,
94 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
95 "CloseEventLog failed");
99 static bool test_ReadEventLog(struct torture_context *tctx,
100 struct dcerpc_pipe *p)
103 struct eventlog_ReadEventLogW r;
104 struct eventlog_CloseEventLog cr;
105 struct policy_handle handle;
107 uint32_t sent_size = 0;
108 uint32_t real_size = 0;
110 if (!get_policy_handle(tctx, p, &handle))
115 r.in.handle = &handle;
118 r.out.sent_size = &sent_size;
119 r.out.real_size = &real_size;
121 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
123 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
124 "ReadEventLog failed");
128 struct eventlog_Record rec;
129 struct ndr_pull *ndr;
130 enum ndr_err_code ndr_err;
132 /* Read first for number of bytes in record */
134 r.in.number_of_bytes = 0;
135 r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
137 r.out.sent_size = &sent_size;
138 r.out.real_size = &real_size;
140 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
142 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
146 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
147 "ReadEventLog failed");
149 /* Now read the actual record */
151 r.in.number_of_bytes = *r.out.real_size;
152 r.out.data = talloc_array(tctx, uint8_t, r.in.number_of_bytes);
154 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
156 torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
158 /* Decode a user-marshalled record */
160 blob.length = *r.out.sent_size;
161 blob.data = talloc_steal(tctx, r.out.data);
163 ndr = ndr_pull_init_blob(&blob, tctx, lp_iconv_convenience(tctx->lp_ctx));
165 ndr_err = ndr_pull_eventlog_Record(
166 ndr, NDR_SCALARS|NDR_BUFFERS, &rec);
167 status = ndr_map_error2ntstatus(ndr_err);
169 NDR_PRINT_DEBUG(eventlog_Record, &rec);
171 torture_assert_ntstatus_ok(tctx, status,
172 "ReadEventLog failed parsing event log record");
177 cr.in.handle = cr.out.handle = &handle;
179 torture_assert_ntstatus_ok(tctx,
180 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
181 "CloseEventLog failed");
186 static bool test_ReportEventLog(struct torture_context *tctx,
187 struct dcerpc_pipe *p)
190 struct eventlog_ReportEventW r;
191 struct eventlog_CloseEventLog cr;
192 struct policy_handle handle;
194 uint32_t record_number = 0;
195 time_t time_written = 0;
196 struct lsa_String servername, *strings;
198 if (!get_policy_handle(tctx, p, &handle))
201 init_lsa_String(&servername, NULL);
203 strings = talloc_array(tctx, struct lsa_String, 1);
204 init_lsa_String(&strings[0], "Currently tortured by samba 4");
208 r.in.handle = &handle;
209 r.in.timestamp = time(NULL);
210 r.in.event_type = EVENTLOG_INFORMATION_TYPE;
211 r.in.event_category = 0;
213 r.in.num_of_strings = 1;
215 r.in.servername = &servername;
216 r.in.user_sid = NULL;
217 r.in.strings = &strings;
220 r.out.record_number = &record_number;
221 r.out.time_written = &time_written;
223 status = dcerpc_eventlog_ReportEventW(p, tctx, &r);
225 torture_assert_ntstatus_ok(tctx, r.out.result, "ReportEventW failed");
227 cr.in.handle = cr.out.handle = &handle;
229 torture_assert_ntstatus_ok(tctx,
230 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
231 "CloseEventLog failed");
235 static bool test_FlushEventLog(struct torture_context *tctx,
236 struct dcerpc_pipe *p)
238 struct eventlog_FlushEventLog r;
239 struct eventlog_CloseEventLog cr;
240 struct policy_handle handle;
242 if (!get_policy_handle(tctx, p, &handle))
245 r.in.handle = &handle;
247 /* Huh? Does this RPC always return access denied? */
248 torture_assert_ntstatus_equal(tctx,
249 dcerpc_eventlog_FlushEventLog(p, tctx, &r),
250 NT_STATUS_ACCESS_DENIED,
251 "FlushEventLog failed");
253 cr.in.handle = cr.out.handle = &handle;
255 torture_assert_ntstatus_ok(tctx,
256 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
257 "CloseEventLog failed");
262 static bool test_ClearEventLog(struct torture_context *tctx,
263 struct dcerpc_pipe *p)
265 struct eventlog_ClearEventLogW r;
266 struct eventlog_CloseEventLog cr;
267 struct policy_handle handle;
269 if (!get_policy_handle(tctx, p, &handle))
272 r.in.handle = &handle;
273 r.in.backupfile = NULL;
275 torture_assert_ntstatus_ok(tctx,
276 dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
277 "ClearEventLog failed");
279 cr.in.handle = cr.out.handle = &handle;
281 torture_assert_ntstatus_ok(tctx,
282 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
283 "CloseEventLog failed");
288 static bool test_GetLogInformation(struct torture_context *tctx,
289 struct dcerpc_pipe *p)
292 struct eventlog_GetLogIntormation r;
293 struct eventlog_CloseEventLog cr;
294 struct policy_handle handle;
295 uint32_t bytes_needed = 0;
297 if (!get_policy_handle(tctx, p, &handle))
300 r.in.handle = &handle;
304 r.out.bytes_needed = &bytes_needed;
306 status = dcerpc_eventlog_GetLogIntormation(p, tctx, &r);
308 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_LEVEL,
309 "GetLogInformation failed");
313 status = dcerpc_eventlog_GetLogIntormation(p, tctx, &r);
315 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_BUFFER_TOO_SMALL,
316 "GetLogInformation failed");
318 r.in.buf_size = bytes_needed;
319 r.out.buffer = talloc_array(tctx, uint8_t, bytes_needed);
321 status = dcerpc_eventlog_GetLogIntormation(p, tctx, &r);
323 torture_assert_ntstatus_ok(tctx, status, "GetLogInformation failed");
325 cr.in.handle = cr.out.handle = &handle;
327 torture_assert_ntstatus_ok(tctx,
328 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
329 "CloseEventLog failed");
335 static bool test_OpenEventLog(struct torture_context *tctx,
336 struct dcerpc_pipe *p)
338 struct policy_handle handle;
339 struct eventlog_CloseEventLog cr;
341 if (!get_policy_handle(tctx, p, &handle))
344 cr.in.handle = cr.out.handle = &handle;
346 torture_assert_ntstatus_ok(tctx,
347 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
348 "CloseEventLog failed");
353 static bool test_BackupLog(struct torture_context *tctx,
354 struct dcerpc_pipe *p)
357 struct policy_handle handle, backup_handle;
358 struct eventlog_BackupEventLogW r;
359 struct eventlog_OpenBackupEventLogW b;
360 struct eventlog_CloseEventLog cr;
362 struct lsa_String backup_filename;
363 struct eventlog_OpenUnknown0 unknown0;
365 if (!get_policy_handle(tctx, p, &handle))
368 tmp = talloc_asprintf(tctx, "C:\\%s", TEST_BACKUP_NAME);
369 init_lsa_String(&backup_filename, tmp);
371 r.in.handle = &handle;
372 r.in.backup_filename = &backup_filename;
374 status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
375 torture_assert_ntstatus_equal(tctx, status,
376 NT_STATUS_OBJECT_PATH_SYNTAX_BAD, "BackupEventLogW failed");
378 tmp = talloc_asprintf(tctx, "\\??\\C:\\%s", TEST_BACKUP_NAME);
379 init_lsa_String(&backup_filename, tmp);
381 r.in.handle = &handle;
382 r.in.backup_filename = &backup_filename;
384 status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
385 torture_assert_ntstatus_ok(tctx, status, "BackupEventLogW failed");
387 status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
388 torture_assert_ntstatus_equal(tctx, status,
389 NT_STATUS_OBJECT_NAME_COLLISION, "BackupEventLogW failed");
391 cr.in.handle = cr.out.handle = &handle;
393 torture_assert_ntstatus_ok(tctx,
394 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
397 unknown0.unknown0 = 0x005c;
398 unknown0.unknown1 = 0x0001;
400 b.in.unknown0 = &unknown0;
401 b.in.backup_logname = &backup_filename;
402 b.in.major_version = 1;
403 b.in.minor_version = 1;
404 b.out.handle = &backup_handle;
406 status = dcerpc_eventlog_OpenBackupEventLogW(p, tctx, &b);
408 torture_assert_ntstatus_ok(tctx, status, "OpenBackupEventLogW failed");
410 cr.in.handle = cr.out.handle = &backup_handle;
412 torture_assert_ntstatus_ok(tctx,
413 dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
414 "CloseEventLog failed");
419 struct torture_suite *torture_rpc_eventlog(TALLOC_CTX *mem_ctx)
421 struct torture_suite *suite;
422 struct torture_rpc_tcase *tcase;
423 struct torture_test *test;
425 suite = torture_suite_create(mem_ctx, "EVENTLOG");
426 tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
427 &ndr_table_eventlog);
429 torture_rpc_tcase_add_test(tcase, "OpenEventLog", test_OpenEventLog);
430 test = torture_rpc_tcase_add_test(tcase, "ClearEventLog",
432 test->dangerous = true;
433 torture_rpc_tcase_add_test(tcase, "GetNumRecords", test_GetNumRecords);
434 torture_rpc_tcase_add_test(tcase, "ReadEventLog", test_ReadEventLog);
435 torture_rpc_tcase_add_test(tcase, "ReportEventLog", test_ReportEventLog);
436 torture_rpc_tcase_add_test(tcase, "FlushEventLog", test_FlushEventLog);
437 torture_rpc_tcase_add_test(tcase, "GetLogIntormation", test_GetLogInformation);
438 torture_rpc_tcase_add_test(tcase, "BackupLog", test_BackupLog);