-/*
+/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Marcin Krzysztof Porwit 2005,
* Copyright (C) Brian Moran 2005,
* Copyright (C) Gerald (Jerry) Carter 2005.
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
static void free_eventlog_info( void *ptr )
{
EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr;
-
+
if ( elog->etdb )
elog_close_tdb( elog->etdb, False );
-
+
TALLOC_FREE( elog );
}
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
SEC_DESC *sec_desc;
NTSTATUS status;
-
- if ( !tdbname )
+
+ if ( !tdbname )
return False;
-
+
/* get the security descriptor for the file */
-
+
sec_desc = get_nt_acl_no_snum( info, tdbname );
TALLOC_FREE( tdbname );
-
+
if ( !sec_desc ) {
- DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
+ DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
tdbname));
return False;
}
-
+
/* root free pass */
if ( geteuid() == sec_initial_uid() ) {
}
/* run the check, try for the max allowed */
-
+
status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
&info->access_granted);
-
+
if ( sec_desc )
TALLOC_FREE( sec_desc );
-
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(8,("elog_check_access: se_access_check() return %s\n",
nt_errstr(status)));
return False;
}
-
+
/* we have to have READ permission for a successful open */
-
+
return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
}
{
int i;
const char **elogs = lp_eventlog_list();
-
+
if (!elogs) {
return False;
}
if ( strequal( name, elogs[i] ) )
return True;
}
-
+
return False;
}
static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd )
{
EVENTLOG_INFO *elog;
-
+
/* first thing is to validate the eventlog name */
if ( !elog_validate_logname( logname ) )
return NT_STATUS_OBJECT_PATH_INVALID;
-
+
if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
return NT_STATUS_NO_MEMORY;
-
+
elog->logname = talloc_strdup( elog, logname );
-
+
/* Open the tdb first (so that we can create any new tdbs if necessary).
- We have to do this as root and then use an internal access check
+ We have to do this as root and then use an internal access check
on the file permissions since you can only have a tdb open once
in a single process */
if ( !elog->etdb ) {
/* according to MSDN, if the logfile cannot be found, we should
default to the "Application" log */
-
+
if ( !strequal( logname, ELOG_APPL ) ) {
-
+
TALLOC_FREE( elog->logname );
-
- elog->logname = talloc_strdup( elog, ELOG_APPL );
+
+ elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
-
+
become_root();
elog->etdb = elog_open_tdb( elog->logname, False );
unbecome_root();
- }
-
+ }
+
if ( !elog->etdb ) {
TALLOC_FREE( elog );
- return NT_STATUS_ACCESS_DENIED; /* ??? */
+ return NT_STATUS_ACCESS_DENIED; /* ??? */
}
}
-
+
/* now do the access check. Close the tdb if we fail here */
if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
-
+
/* create the policy handle */
-
+
if ( !create_policy_hnd
( p, hnd, free_eventlog_info, ( void * ) elog ) ) {
free_eventlog_info( elog );
if ( !get_oldest_entry_hook( elog ) ) {
DEBUG(3,("elog_open: Successfully opened eventlog but can't "
"get any information on internal records!\n"));
- }
+ }
elog->current_record = elog->oldest_entry;
}
/********************************************************************
- note that this can only be called AFTER the table is constructed,
+ note that this can only be called AFTER the table is constructed,
since it uses the table to find the tdb handle
********************************************************************/
uiMaxSize = 0x80000;
uiRetention = 604800;
- /* the general idea is to internally open the registry
- key and retrieve the values. That way we can continue
- to use the same fetch/store api that we use in
+ /* the general idea is to internally open the registry
+ key and retrieve the values. That way we can continue
+ to use the same fetch/store api that we use in
srv_reg_nt.c */
path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
if (r->in.logname->string) {
logname = r->in.logname->string;
}
-
+
DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n",
servername, logname ));
-
+
/* according to MSDN, if the logfile cannot be found, we should
default to the "Application" log */
-
+
if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) )
return result;
git.samba.org / tprouty / samba.git / blobdiff