2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
23 #include "../librpc/gen_ndr/ndr_eventlog.h"
24 #include "../librpc/gen_ndr/ndr_eventlog_c.h"
25 #include "rpc_client/init_lsa.h"
27 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
30 struct policy_handle *handle)
32 NTSTATUS status, result;
33 struct eventlog_OpenUnknown0 unknown0;
34 struct lsa_String logname, servername;
35 struct dcerpc_binding_handle *b = cli->binding_handle;
37 unknown0.unknown0 = 0x005c;
38 unknown0.unknown1 = 0x0001;
40 init_lsa_String(&logname, log);
41 init_lsa_String(&servername, NULL);
43 status = dcerpc_eventlog_OpenEventLogW(b, mem_ctx,
47 0x00000001, /* major */
48 0x00000001, /* minor */
51 if (!NT_STATUS_IS_OK(status)) {
58 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
63 NTSTATUS status = NT_STATUS_OK;
64 NTSTATUS result = NT_STATUS_OK;
65 struct policy_handle handle;
66 struct dcerpc_binding_handle *b = cli->binding_handle;
68 uint32_t flags = EVENTLOG_BACKWARDS_READ |
69 EVENTLOG_SEQUENTIAL_READ;
71 uint32_t number_of_bytes = 0;
73 uint32_t sent_size = 0;
74 uint32_t real_size = 0;
76 if (argc < 2 || argc > 4) {
77 printf("Usage: %s logname [offset] [number_of_bytes]\n", argv[0]);
82 offset = atoi(argv[2]);
86 number_of_bytes = atoi(argv[3]);
89 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
90 if (!NT_STATUS_IS_OK(status)) {
94 data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
101 enum ndr_err_code ndr_err;
103 struct EVENTLOGRECORD r;
107 status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
116 if (!NT_STATUS_IS_OK(status)) {
119 if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) &&
121 number_of_bytes = real_size;
122 data = talloc_realloc(mem_ctx, data, uint8_t, real_size);
126 status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
135 if (!NT_STATUS_IS_OK(status)) {
140 if (!NT_STATUS_EQUAL(result, NT_STATUS_END_OF_FILE) &&
141 !NT_STATUS_IS_OK(result)) {
147 size = IVAL(data, pos);
151 blob = data_blob_const(data + pos, size);
152 /* dump_data(0, blob.data, blob.length); */
153 ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, &r,
154 (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
155 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
156 status = ndr_map_error2ntstatus(ndr_err);
160 NDR_PRINT_DEBUG(EVENTLOGRECORD, &r);
164 if (pos + 4 > sent_size) {
168 size = IVAL(data, pos);
173 } while (NT_STATUS_IS_OK(result));
176 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
181 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
186 NTSTATUS status, result;
187 struct policy_handle handle;
189 struct dcerpc_binding_handle *b = cli->binding_handle;
192 printf("Usage: %s logname\n", argv[0]);
196 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
197 if (!NT_STATUS_IS_OK(status)) {
201 status = dcerpc_eventlog_GetNumRecords(b, mem_ctx,
205 if (!NT_STATUS_IS_OK(status)) {
208 if (!NT_STATUS_IS_OK(result)) {
213 printf("number of records: %d\n", number);
216 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
221 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
226 NTSTATUS status, result;
227 struct policy_handle handle;
228 uint32_t oldest_entry = 0;
229 struct dcerpc_binding_handle *b = cli->binding_handle;
232 printf("Usage: %s logname\n", argv[0]);
236 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
237 if (!NT_STATUS_IS_OK(status)) {
241 status = dcerpc_eventlog_GetOldestRecord(b, mem_ctx,
245 if (!NT_STATUS_IS_OK(status)) {
248 if (!NT_STATUS_IS_OK(result)) {
253 printf("oldest entry: %d\n", oldest_entry);
256 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
261 static NTSTATUS cmd_eventlog_reportevent(struct rpc_pipe_client *cli,
266 NTSTATUS status, result;
267 struct policy_handle handle;
268 struct dcerpc_binding_handle *b = cli->binding_handle;
270 uint16_t num_of_strings = 1;
271 uint32_t data_size = 0;
272 struct lsa_String servername;
273 struct lsa_String *strings;
274 uint8_t *data = NULL;
275 uint32_t record_number = 0;
276 time_t time_written = 0;
279 printf("Usage: %s logname\n", argv[0]);
283 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
284 if (!NT_STATUS_IS_OK(status)) {
288 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
290 return NT_STATUS_NO_MEMORY;
293 init_lsa_String(&strings[0], "test event written by rpcclient\n");
294 init_lsa_String(&servername, NULL);
296 status = dcerpc_eventlog_ReportEventW(b, mem_ctx,
299 EVENTLOG_INFORMATION_TYPE,
300 0, /* event_category */
313 if (!NT_STATUS_IS_OK(status)) {
316 if (!NT_STATUS_IS_OK(result)) {
321 printf("entry: %d written at %s\n", record_number,
322 http_timestring(talloc_tos(), time_written));
325 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
330 static NTSTATUS cmd_eventlog_reporteventsource(struct rpc_pipe_client *cli,
335 NTSTATUS status, result;
336 struct policy_handle handle;
337 struct dcerpc_binding_handle *b = cli->binding_handle;
339 uint16_t num_of_strings = 1;
340 uint32_t data_size = 0;
341 struct lsa_String servername, sourcename;
342 struct lsa_String *strings;
343 uint8_t *data = NULL;
344 uint32_t record_number = 0;
345 time_t time_written = 0;
348 printf("Usage: %s logname\n", argv[0]);
352 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
353 if (!NT_STATUS_IS_OK(status)) {
357 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
359 return NT_STATUS_NO_MEMORY;
362 init_lsa_String(&strings[0], "test event written by rpcclient\n");
363 init_lsa_String(&servername, NULL);
364 init_lsa_String(&sourcename, "rpcclient");
366 status = dcerpc_eventlog_ReportEventAndSourceW(b, mem_ctx,
369 EVENTLOG_INFORMATION_TYPE,
370 0, /* event_category */
383 if (!NT_STATUS_IS_OK(status)) {
386 if (!NT_STATUS_IS_OK(result)) {
391 printf("entry: %d written at %s\n", record_number,
392 http_timestring(talloc_tos(), time_written));
395 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
400 static NTSTATUS cmd_eventlog_registerevsource(struct rpc_pipe_client *cli,
405 NTSTATUS status, result;
406 struct policy_handle log_handle;
407 struct lsa_String module_name, reg_module_name;
408 struct eventlog_OpenUnknown0 unknown0;
409 struct dcerpc_binding_handle *b = cli->binding_handle;
411 unknown0.unknown0 = 0x005c;
412 unknown0.unknown1 = 0x0001;
415 printf("Usage: %s logname\n", argv[0]);
419 init_lsa_String(&module_name, "rpcclient");
420 init_lsa_String(®_module_name, NULL);
422 status = dcerpc_eventlog_RegisterEventSourceW(b, mem_ctx,
426 1, /* major_version */
427 1, /* minor_version */
430 if (!NT_STATUS_IS_OK(status)) {
433 if (!NT_STATUS_IS_OK(result)) {
439 dcerpc_eventlog_DeregisterEventSource(b, mem_ctx, &log_handle, &result);
444 static NTSTATUS cmd_eventlog_backuplog(struct rpc_pipe_client *cli,
449 NTSTATUS status, result;
450 struct policy_handle handle;
451 struct lsa_String backup_filename;
453 struct dcerpc_binding_handle *b = cli->binding_handle;
456 printf("Usage: %s logname backupname\n", argv[0]);
460 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
461 if (!NT_STATUS_IS_OK(status)) {
465 tmp = talloc_asprintf(mem_ctx, "\\??\\%s", argv[2]);
467 status = NT_STATUS_NO_MEMORY;
471 init_lsa_String(&backup_filename, tmp);
473 status = dcerpc_eventlog_BackupEventLogW(b, mem_ctx,
477 if (!NT_STATUS_IS_OK(status)) {
480 if (!NT_STATUS_IS_OK(result)) {
486 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
491 static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,
496 NTSTATUS status, result;
497 struct policy_handle handle;
498 uint8_t *buffer = NULL;
499 uint32_t buf_size = 0;
500 uint32_t bytes_needed = 0;
501 struct dcerpc_binding_handle *b = cli->binding_handle;
504 printf("Usage: %s logname\n", argv[0]);
508 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
509 if (!NT_STATUS_IS_OK(status)) {
513 buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
514 if (buffer == NULL) {
515 status = NT_STATUS_NO_MEMORY;
519 status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
526 if (!NT_STATUS_IS_OK(status)) {
529 if (!NT_STATUS_IS_OK(result) &&
530 !NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) {
534 buf_size = bytes_needed;
535 buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed);
536 if (buffer == NULL) {
537 status = NT_STATUS_NO_MEMORY;
541 status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
548 if (!NT_STATUS_IS_OK(status)) {
551 if (!NT_STATUS_IS_OK(result)) {
557 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
563 struct cmd_set eventlog_commands[] = {
565 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog, NULL, "Read Eventlog", "" },
566 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog, NULL, "Get number of records", "" },
567 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog, NULL, "Get oldest record", "" },
568 { "eventlog_reportevent", RPC_RTYPE_NTSTATUS, cmd_eventlog_reportevent, NULL, &ndr_table_eventlog, NULL, "Report event", "" },
569 { "eventlog_reporteventsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_reporteventsource, NULL, &ndr_table_eventlog, NULL, "Report event and source", "" },
570 { "eventlog_registerevsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_registerevsource, NULL, &ndr_table_eventlog, NULL, "Register event source", "" },
571 { "eventlog_backuplog", RPC_RTYPE_NTSTATUS, cmd_eventlog_backuplog, NULL, &ndr_table_eventlog, NULL, "Backup Eventlog File", "" },
572 { "eventlog_loginfo", RPC_RTYPE_NTSTATUS, cmd_eventlog_loginfo, NULL, &ndr_table_eventlog, NULL, "Get Eventlog Information", "" },
git.samba.org / samba.git / blob