2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
23 #include "../librpc/gen_ndr/ndr_eventlog.h"
24 #include "../librpc/gen_ndr/ndr_eventlog_c.h"
25 #include "rpc_client/init_lsa.h"
27 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
30 struct policy_handle *handle)
32 NTSTATUS status, result;
33 struct eventlog_OpenUnknown0 unknown0;
34 struct lsa_String logname, servername;
35 struct dcerpc_binding_handle *b = cli->binding_handle;
37 unknown0.unknown0 = 0x005c;
38 unknown0.unknown1 = 0x0001;
40 init_lsa_String(&logname, log);
41 init_lsa_String(&servername, NULL);
43 status = dcerpc_eventlog_OpenEventLogW(b, mem_ctx,
47 0x00000001, /* major */
48 0x00000001, /* minor */
51 if (!NT_STATUS_IS_OK(status)) {
58 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
63 NTSTATUS status = NT_STATUS_OK;
64 NTSTATUS result = NT_STATUS_OK;
65 struct policy_handle handle;
66 struct dcerpc_binding_handle *b = cli->binding_handle;
68 uint32_t flags = EVENTLOG_BACKWARDS_READ |
69 EVENTLOG_SEQUENTIAL_READ;
71 uint32_t number_of_bytes = 0;
73 uint32_t sent_size = 0;
74 uint32_t real_size = 0;
76 if (argc < 2 || argc > 4) {
77 printf("Usage: %s logname [offset] [number_of_bytes]\n", argv[0]);
82 offset = atoi(argv[2]);
86 number_of_bytes = atoi(argv[3]);
87 data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
93 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
94 if (!NT_STATUS_IS_OK(status)) {
100 enum ndr_err_code ndr_err;
102 struct EVENTLOGRECORD r;
106 status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
115 if (!NT_STATUS_IS_OK(status)) {
118 if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) &&
120 number_of_bytes = real_size;
121 data = talloc_array(mem_ctx, uint8_t, real_size);
125 status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
134 if (!NT_STATUS_IS_OK(status)) {
139 if (!NT_STATUS_EQUAL(result, NT_STATUS_END_OF_FILE) &&
140 !NT_STATUS_IS_OK(result)) {
146 size = IVAL(data, pos);
150 blob = data_blob_const(data + pos, size);
151 /* dump_data(0, blob.data, blob.length); */
152 ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, &r,
153 (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
154 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
155 status = ndr_map_error2ntstatus(ndr_err);
159 NDR_PRINT_DEBUG(EVENTLOGRECORD, &r);
163 if (pos + 4 > sent_size) {
167 size = IVAL(data, pos);
172 } while (NT_STATUS_IS_OK(result));
175 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
180 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
185 NTSTATUS status, result;
186 struct policy_handle handle;
188 struct dcerpc_binding_handle *b = cli->binding_handle;
191 printf("Usage: %s logname\n", argv[0]);
195 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
196 if (!NT_STATUS_IS_OK(status)) {
200 status = dcerpc_eventlog_GetNumRecords(b, mem_ctx,
204 if (!NT_STATUS_IS_OK(status)) {
207 if (!NT_STATUS_IS_OK(result)) {
212 printf("number of records: %d\n", number);
215 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
220 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
225 NTSTATUS status, result;
226 struct policy_handle handle;
227 uint32_t oldest_entry = 0;
228 struct dcerpc_binding_handle *b = cli->binding_handle;
231 printf("Usage: %s logname\n", argv[0]);
235 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
236 if (!NT_STATUS_IS_OK(status)) {
240 status = dcerpc_eventlog_GetOldestRecord(b, mem_ctx,
244 if (!NT_STATUS_IS_OK(status)) {
247 if (!NT_STATUS_IS_OK(result)) {
252 printf("oldest entry: %d\n", oldest_entry);
255 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
260 static NTSTATUS cmd_eventlog_reportevent(struct rpc_pipe_client *cli,
265 NTSTATUS status, result;
266 struct policy_handle handle;
267 struct dcerpc_binding_handle *b = cli->binding_handle;
269 uint16_t num_of_strings = 1;
270 uint32_t data_size = 0;
271 struct lsa_String servername;
272 struct lsa_String *strings;
273 uint8_t *data = NULL;
274 uint32_t record_number = 0;
275 time_t time_written = 0;
278 printf("Usage: %s logname\n", argv[0]);
282 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
283 if (!NT_STATUS_IS_OK(status)) {
287 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
289 return NT_STATUS_NO_MEMORY;
292 init_lsa_String(&strings[0], "test event written by rpcclient\n");
293 init_lsa_String(&servername, NULL);
295 status = dcerpc_eventlog_ReportEventW(b, mem_ctx,
298 EVENTLOG_INFORMATION_TYPE,
299 0, /* event_category */
312 if (!NT_STATUS_IS_OK(status)) {
315 if (!NT_STATUS_IS_OK(result)) {
320 printf("entry: %d written at %s\n", record_number,
321 http_timestring(talloc_tos(), time_written));
324 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
329 static NTSTATUS cmd_eventlog_reporteventsource(struct rpc_pipe_client *cli,
334 NTSTATUS status, result;
335 struct policy_handle handle;
336 struct dcerpc_binding_handle *b = cli->binding_handle;
338 uint16_t num_of_strings = 1;
339 uint32_t data_size = 0;
340 struct lsa_String servername, sourcename;
341 struct lsa_String *strings;
342 uint8_t *data = NULL;
343 uint32_t record_number = 0;
344 time_t time_written = 0;
347 printf("Usage: %s logname\n", argv[0]);
351 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
352 if (!NT_STATUS_IS_OK(status)) {
356 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
358 return NT_STATUS_NO_MEMORY;
361 init_lsa_String(&strings[0], "test event written by rpcclient\n");
362 init_lsa_String(&servername, NULL);
363 init_lsa_String(&sourcename, "rpcclient");
365 status = dcerpc_eventlog_ReportEventAndSourceW(b, mem_ctx,
368 EVENTLOG_INFORMATION_TYPE,
369 0, /* event_category */
382 if (!NT_STATUS_IS_OK(status)) {
385 if (!NT_STATUS_IS_OK(result)) {
390 printf("entry: %d written at %s\n", record_number,
391 http_timestring(talloc_tos(), time_written));
394 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
399 static NTSTATUS cmd_eventlog_registerevsource(struct rpc_pipe_client *cli,
404 NTSTATUS status, result;
405 struct policy_handle log_handle;
406 struct lsa_String module_name, reg_module_name;
407 struct eventlog_OpenUnknown0 unknown0;
408 struct dcerpc_binding_handle *b = cli->binding_handle;
410 unknown0.unknown0 = 0x005c;
411 unknown0.unknown1 = 0x0001;
414 printf("Usage: %s logname\n", argv[0]);
418 init_lsa_String(&module_name, "rpcclient");
419 init_lsa_String(®_module_name, NULL);
421 status = dcerpc_eventlog_RegisterEventSourceW(b, mem_ctx,
425 1, /* major_version */
426 1, /* minor_version */
429 if (!NT_STATUS_IS_OK(status)) {
432 if (!NT_STATUS_IS_OK(result)) {
438 dcerpc_eventlog_DeregisterEventSource(b, mem_ctx, &log_handle, &result);
443 static NTSTATUS cmd_eventlog_backuplog(struct rpc_pipe_client *cli,
448 NTSTATUS status, result;
449 struct policy_handle handle;
450 struct lsa_String backup_filename;
452 struct dcerpc_binding_handle *b = cli->binding_handle;
455 printf("Usage: %s logname backupname\n", argv[0]);
459 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
460 if (!NT_STATUS_IS_OK(status)) {
464 tmp = talloc_asprintf(mem_ctx, "\\??\\%s", argv[2]);
466 status = NT_STATUS_NO_MEMORY;
470 init_lsa_String(&backup_filename, tmp);
472 status = dcerpc_eventlog_BackupEventLogW(b, mem_ctx,
476 if (!NT_STATUS_IS_OK(status)) {
479 if (!NT_STATUS_IS_OK(result)) {
485 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
490 static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,
495 NTSTATUS status, result;
496 struct policy_handle handle;
497 uint8_t *buffer = NULL;
498 uint32_t buf_size = 0;
499 uint32_t bytes_needed = 0;
500 struct dcerpc_binding_handle *b = cli->binding_handle;
503 printf("Usage: %s logname\n", argv[0]);
507 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
508 if (!NT_STATUS_IS_OK(status)) {
512 status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
519 if (!NT_STATUS_IS_OK(status)) {
522 if (!NT_STATUS_IS_OK(result) &&
523 !NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) {
527 buf_size = bytes_needed;
528 buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
530 status = NT_STATUS_NO_MEMORY;
534 status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
541 if (!NT_STATUS_IS_OK(status)) {
544 if (!NT_STATUS_IS_OK(result)) {
550 dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);
556 struct cmd_set eventlog_commands[] = {
558 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog, NULL, "Read Eventlog", "" },
559 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog, NULL, "Get number of records", "" },
560 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog, NULL, "Get oldest record", "" },
561 { "eventlog_reportevent", RPC_RTYPE_NTSTATUS, cmd_eventlog_reportevent, NULL, &ndr_table_eventlog, NULL, "Report event", "" },
562 { "eventlog_reporteventsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_reporteventsource, NULL, &ndr_table_eventlog, NULL, "Report event and source", "" },
563 { "eventlog_registerevsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_registerevsource, NULL, &ndr_table_eventlog, NULL, "Register event source", "" },
564 { "eventlog_backuplog", RPC_RTYPE_NTSTATUS, cmd_eventlog_backuplog, NULL, &ndr_table_eventlog, NULL, "Backup Eventlog File", "" },
565 { "eventlog_loginfo", RPC_RTYPE_NTSTATUS, cmd_eventlog_loginfo, NULL, &ndr_table_eventlog, NULL, "Get Eventlog Information", "" },
git.samba.org / ira / wip.git / blob