--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ Interface header: Scheduler service
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+ Copyright (C) Andrew Tridgell 1992-1999
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_EVENTLOG_H
+#define _RPC_EVENTLOG_H
+
+#define EVENTLOG_OPEN 0x07
+#define EVENTLOG_CLOSE 0x02
+#define EVENTLOG_NUMOFEVENTLOGRECORDS 0x04
+#define EVENTLOG_READEVENTLOG 0x0a
+
+#define EVENTLOG_READ_SEQUENTIAL 0x01
+#define EVENTLOG_READ_SEEK 0x02
+#define EVENTLOG_READ_FORWARD 0x04
+#define EVENTLOG_READ_BACKWARD 0x08
+
+#define EVENTLOG_OK 0X00
+#define EVENTLOG_ERROR 0x01
+#define EVENTLOG_WARNING 0x02
+#define EVENTLOG_INFORMATION 0x04
+#define EVENTLOG_AUDIT_OK 0x08
+#define EVENTLOG_AUDIT_ERROR 0x10
+
+typedef struct eventlogrecord
+{
+ uint32 size;
+ uint32 reserved;
+ uint32 recordnumber;
+ uint32 creationtime;
+ uint32 writetime;
+ uint32 eventnumber;
+ uint16 eventtype;
+ uint16 num_of_strings;
+ uint16 category;
+ uint16 reserved_flag;
+ uint32 closingrecord;
+ uint32 stringoffset;
+ uint32 sid_length;
+ uint32 sid_offset;
+ uint32 data_length;
+ uint32 data_offset;
+ UNISTR sourcename;
+ UNISTR computername;
+ UNISTR sid;
+ UNISTR strings;
+ UNISTR data;
+ uint32 size2;
+} EVENTLOGRECORD;
+
+typedef struct eventlog_q_open
+{
+ uint32 ptr0;
+
+ uint16 unk0;
+ uint16 unk1;
+ uint16 unk2;
+ uint16 unk3;
+
+ uint32 ptr_source;
+
+ UNISTR2 source;
+
+ uint32 unk4;
+ uint32 unk5;
+ uint32 unk6;
+ uint32 unk7;
+} EVENTLOG_Q_OPEN;
+
+typedef struct eventlog_r_open
+{
+ POLICY_HND pol;
+ uint32 status;
+} EVENTLOG_R_OPEN;
+
+typedef struct eventlog_q_close
+{
+ POLICY_HND pol;
+} EVENTLOG_Q_CLOSE;
+
+typedef struct eventlog_r_close
+{
+ POLICY_HND pol;
+ uint32 status;
+} EVENTLOG_R_CLOSE;
+
+typedef struct eventlog_q_numofeventlogrec
+{
+ POLICY_HND pol;
+} EVENTLOG_Q_NUMOFEVENTLOGREC;
+
+typedef struct eventlog_r_numofeventlogrec
+{
+ uint32 number;
+ uint32 status;
+} EVENTLOG_R_NUMOFEVENTLOGREC;
+
+typedef struct eventlog_q_readeventlog
+{
+ POLICY_HND pol;
+ uint32 flags;
+ uint32 offset;
+ uint32 number_of_bytes;
+} EVENTLOG_Q_READEVENTLOG;
+
+typedef struct eventlog_r_readeventlog
+{
+ uint32 number_of_bytes;
+ EVENTLOGRECORD *event;
+ uint32 sent_size;
+ uint32 real_size;
+ uint32 status;
+} EVENTLOG_R_READEVENTLOG;
+
+#endif /* _RPC_EVENTLOG_H */
--- /dev/null
+/*
+ * Unix SMB/Netbios implementation.
+ * Version 2.1.
+ * RPC client routines: scheduler service
+ * Copyright (C) Jean Francois Micouleau 1998-1999,
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1999,
+ * Copyright (C) Andrew Tridgell 1992-1999.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/****************************************************************************
+****************************************************************************/
+BOOL do_event_open(struct cli_state *cli, uint16 fnum, char *log, POLICY_HND *hnd)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ EVENTLOG_Q_OPEN q;
+ BOOL p = False;
+ BOOL valid_pol = False;
+
+ prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+
+ /* store the parameters */
+ make_eventlog_q_open(&q, log);
+
+ /* turn parameters into data stream */
+ eventlog_io_q_open("", &q, &buf, 0);
+
+ /* send the data on \PIPE\ */
+ if (rpc_api_pipe_req(cli, fnum, EVENTLOG_OPEN, &buf, &rbuf))
+ {
+ EVENTLOG_R_OPEN r;
+
+ eventlog_io_r_open("", &r, &rbuf, 0);
+ p = rbuf.offset != 0;
+
+ if (p && r.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("do_event_open: %s\n", get_nt_error_msg(r.status)));
+ p = False;
+ }
+
+ if (p)
+ {
+ /*copy handle */
+ memcpy(hnd->data, r.pol.data, sizeof(hnd->data));
+ valid_pol = True;
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf );
+
+ return p;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL do_event_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ EVENTLOG_Q_CLOSE q;
+ BOOL p = False;
+
+ prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+
+ /* store the parameters */
+ make_eventlog_q_close(&q, hnd);
+
+ /* turn parameters into data stream */
+ eventlog_io_q_close("", &q, &buf, 0);
+
+ /* send the data on \PIPE\ */
+ if (rpc_api_pipe_req(cli, fnum, EVENTLOG_CLOSE, &buf, &rbuf))
+ {
+ EVENTLOG_R_CLOSE r;
+
+ eventlog_io_r_close("", &r, &rbuf, 0);
+ p = rbuf.offset != 0;
+
+ if (p && r.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("do_event_close: %s\n", get_nt_error_msg(r.status)));
+ p = False;
+ }
+
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf );
+
+ return p;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL do_event_numofeventlogrec(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, uint32 *number)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ EVENTLOG_Q_NUMOFEVENTLOGREC q;
+ BOOL p = False;
+
+ prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+
+ /* store the parameters */
+ make_eventlog_q_numofeventlogrec(&q, hnd);
+
+ /* turn parameters into data stream */
+ eventlog_io_q_numofeventlogrec("", &q, &buf, 0);
+
+ /* send the data on \PIPE\ */
+ if (rpc_api_pipe_req(cli, fnum, EVENTLOG_NUMOFEVENTLOGRECORDS, &buf, &rbuf))
+ {
+ EVENTLOG_R_NUMOFEVENTLOGREC r;
+
+ eventlog_io_r_numofeventlogrec("", &r, &rbuf, 0);
+ p = rbuf.offset != 0;
+
+ if (p && r.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("do_event_close: %s\n", get_nt_error_msg(r.status)));
+ p = False;
+ }
+
+ if (p)
+ {
+ *number=r.number;
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf );
+
+ return p;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL do_event_readeventlog(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
+ uint32 number, uint32 flags, uint32 offset,
+ uint32 *number_of_bytes, EVENTLOGRECORD *ev)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ EVENTLOG_Q_READEVENTLOG q;
+ EVENTLOG_R_READEVENTLOG r;
+ BOOL p = False;
+
+ prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+
+ /* store the parameters */
+ make_eventlog_q_readeventlog(&q, hnd, flags, offset, *number_of_bytes);
+
+ /* turn parameters into data stream */
+ eventlog_io_q_readeventlog("", &q, &buf, 0);
+
+ /* send the data on \PIPE\ */
+ if (rpc_api_pipe_req(cli, fnum, EVENTLOG_READEVENTLOG, &buf, &rbuf))
+ {
+ r.event=ev;
+ eventlog_io_r_readeventlog("", &r, &rbuf, 0);
+ p = rbuf.offset != 0;
+
+ if (p)
+ {
+ *number_of_bytes=r.real_size;
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf );
+
+ return p;
+}
+
--- /dev/null
+/*
+ * Unix SMB/Netbios implementation.
+ * Version 1.9.
+ * RPC Pipe client / server routines
+ * Copyright (C) Andrew Tridgell 1992-1998,
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ * Copyright (C) Jean François Micouleau 1998-1999.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, char *journal)
+{
+ q_u->ptr0=0x1;
+
+ q_u->unk0=0x5c;
+ q_u->unk1=0x01;
+
+ q_u->unk2=2*(strlen(journal)+1);
+ q_u->unk3=2*(strlen(journal)+1);
+
+ q_u->ptr_source=0x01;
+ make_buf_unistr2(&(q_u->source), &(q_u->ptr_source), journal);
+
+ q_u->unk4=0x00;
+ q_u->unk5=0x00;
+ q_u->unk6=0x01;
+ q_u->unk7=0x01;
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_open(char *desc, EVENTLOG_Q_OPEN *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_open");
+ depth++;
+
+ prs_align(ps);
+
+ prs_uint32("ptr0", ps, depth, &(q_u->ptr0));
+
+ prs_uint16("unk0", ps, depth, &(q_u->unk0));
+ prs_uint16("unk1", ps, depth, &(q_u->unk1));
+ prs_uint16("unk2", ps, depth, &(q_u->unk2));
+ prs_uint16("unk3", ps, depth, &(q_u->unk3));
+
+ prs_uint32("ptr_source", ps, depth, &(q_u->ptr_source));
+
+ smb_io_unistr2("", &(q_u->source), q_u->ptr_source, ps, depth);
+ prs_align(ps);
+
+ prs_uint32("unk4", ps, depth, &(q_u->unk4));
+ prs_uint32("unk5", ps, depth, &(q_u->unk5));
+ prs_uint32("unk6", ps, depth, &(q_u->unk6));
+ prs_uint32("unk7", ps, depth, &(q_u->unk7));
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_open(char *desc, EVENTLOG_R_OPEN *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_open");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(r_u->pol), ps, depth);
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_close(EVENTLOG_Q_CLOSE *q_u, POLICY_HND *pol)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_close(char *desc, EVENTLOG_Q_CLOSE *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_close");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_close(char *desc, EVENTLOG_R_CLOSE *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_close");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(r_u->pol), ps, depth);
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_numofeventlogrec(EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, POLICY_HND *pol)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_numofeventlogrec(char *desc,EVENTLOG_Q_NUMOFEVENTLOGREC *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_numofeventlogrec");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_numofeventlogrec(char *desc, EVENTLOG_R_NUMOFEVENTLOGREC *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_numofeventlogrec");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("number", ps, depth, &(r_u->number));
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
+/*******************************************************************
+********************************************************************/
+void make_eventlog_q_readeventlog(EVENTLOG_Q_READEVENTLOG *q_u, POLICY_HND *pol,
+ uint32 flags, uint32 offset, uint32 number_of_bytes)
+{
+ memcpy(&(q_u->pol.data), pol->data, sizeof(q_u->pol.data));
+ q_u->flags=flags;
+ q_u->offset=offset;
+ q_u->number_of_bytes=number_of_bytes;
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_q_readeventlog(char *desc, EVENTLOG_Q_READEVENTLOG *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_q_readeventlog");
+ depth++;
+
+ prs_align(ps);
+ smb_io_pol_hnd("", &(q_u->pol), ps, depth);
+ prs_uint32("flags", ps, depth, &(q_u->flags));
+ prs_uint32("offset", ps, depth, &(q_u->offset));
+ prs_uint32("number_of_bytes", ps, depth, &(q_u->number_of_bytes));
+}
+
+/*******************************************************************
+********************************************************************/
+static void eventlog_io_eventlog(char *desc, EVENTLOGRECORD *ev, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_eventlog");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("size", ps, depth, &(ev->size));
+ prs_uint32("reserved", ps, depth, &(ev->reserved));
+ prs_uint32("recordnumber", ps, depth, &(ev->recordnumber));
+ prs_uint32("creationtime", ps, depth, &(ev->creationtime));
+ prs_uint32("writetime", ps, depth, &(ev->writetime));
+ prs_uint32("eventnumber", ps, depth, &(ev->eventnumber));
+
+ prs_uint16("eventtype", ps, depth, &(ev->eventtype));
+ prs_uint16("num_of_strings", ps, depth, &(ev->num_of_strings));
+ prs_uint16("category", ps, depth, &(ev->category));
+ prs_uint16("reserved_flag", ps, depth, &(ev->reserved_flag));
+
+ prs_uint32("closingrecord", ps, depth, &(ev->closingrecord));
+ prs_uint32("stringoffset", ps, depth, &(ev->stringoffset));
+ prs_uint32("sid_length", ps, depth, &(ev->sid_length));
+ prs_uint32("sid_offset", ps, depth, &(ev->sid_offset));
+ prs_uint32("data_length", ps, depth, &(ev->data_length));
+ prs_uint32("data_offset", ps, depth, &(ev->data_offset));
+
+ smb_io_unistr("", &(ev->sourcename), ps, depth);
+ smb_io_unistr("", &(ev->computername), ps, depth);
+
+ if (ev->sid_length!=0)
+ smb_io_unistr("", &(ev->sid), ps, depth);
+
+ if (ev->num_of_strings!=0)
+ smb_io_unistr("", &(ev->strings),ps, depth);
+
+ if (ev->data_length)
+ smb_io_unistr("", &(ev->data), ps, depth);
+
+ prs_uint32("size2", ps, depth, &(ev->size2));
+}
+
+/*******************************************************************
+********************************************************************/
+void eventlog_io_r_readeventlog(char *desc, EVENTLOG_R_READEVENTLOG *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "eventlog_io_r_readeventlog");
+ depth++;
+
+ prs_align(ps);
+ prs_uint32("number_of_bytes", ps, depth, &(r_u->number_of_bytes));
+
+ if (r_u->number_of_bytes!= 0)
+ eventlog_io_eventlog("", r_u->event, ps, depth);
+
+ prs_uint32("sent_size", ps, depth, &(r_u->sent_size));
+ prs_uint32("real_size", ps, depth, &(r_u->real_size));
+ prs_uint32("status", ps, depth, &(r_u->status));
+}
+
--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.1.
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1999,
+ Copyright (C) Andrew Tridgell 1994-1999,
+ Copyright (C) Jean Francois Micouleau 1998-1999.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#ifdef SYSLOG
+#undef SYSLOG
+#endif
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+
+#define DEBUG_TESTING
+
+extern struct cli_state *smb_cli;
+extern FILE* out_hnd;
+
+
+/****************************************************************************
+****************************************************************************/
+void cmd_eventlog(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+ BOOL res = True;
+ POLICY_HND hnd;
+ uint32 number;
+ uint32 flags;
+ uint32 offset;
+ uint32 num_of_bytes;
+ EVENTLOGRECORD ev;
+
+ fstring journal;
+ fstring temp;
+
+ flags=EVENTLOG_READ_SEQUENTIAL|EVENTLOG_READ_BACKWARD;
+
+ while (next_token(NULL, temp, NULL, sizeof(temp)))
+ {
+ fstrcpy(journal, temp);
+ }
+
+ /* open scheduler session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_EVENTLOG, &nt_pipe_fnum) : False;
+
+ res = res ? do_event_open(smb_cli, nt_pipe_fnum, journal, &hnd) : False;
+
+ res = res ? do_event_numofeventlogrec(smb_cli, nt_pipe_fnum, &hnd, &number) : False;
+
+ fprintf(out_hnd, "Number of events: %d\n", number);
+
+ display_eventlog_eventrecord(out_hnd, ACTION_HEADER, &ev);
+
+ for (offset=0; offset<number; offset++)
+ {
+ num_of_bytes=0;
+
+ /* try once with a empty buffer */
+ res = res ? do_event_readeventlog(smb_cli, nt_pipe_fnum, &hnd, number,
+ flags, offset, &num_of_bytes, &ev) : False;
+
+ /* and try again with the correct size */
+ res = res ? do_event_readeventlog(smb_cli, nt_pipe_fnum, &hnd, number,
+ flags, offset, &num_of_bytes, &ev) : False;
+
+ display_eventlog_eventrecord(out_hnd, ACTION_ENUMERATE, &ev);
+ }
+
+ display_eventlog_eventrecord(out_hnd, ACTION_FOOTER, &ev);
+
+ res = res ? do_event_close(smb_cli, nt_pipe_fnum, &hnd): False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+}
git.samba.org / kai / samba-autobuild / .git / commitdiff