-/*
+/*
Unix SMB/CIFS implementation.
test suite for eventlog rpc operations
Copyright (C) Tim Potter 2003,2005
Copyright (C) Jelmer Vernooij 2004
-
+ Copyright (C) Guenther Deschner 2009
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_eventlog_c.h"
#include "librpc/gen_ndr/ndr_lsa.h"
#include "torture/rpc/rpc.h"
+#include "param/param.h"
+
+#define TEST_BACKUP_NAME "samrtorturetest"
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->size = name->length;
}
-static bool get_policy_handle(struct torture_context *tctx,
- struct dcerpc_pipe *p,
- struct policy_handle *handle)
+static bool get_policy_handle(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct policy_handle *handle)
{
struct eventlog_OpenEventLogW r;
struct eventlog_OpenUnknown0 unknown0;
+ struct lsa_String logname, servername;
unknown0.unknown0 = 0x005c;
unknown0.unknown1 = 0x0001;
r.in.unknown0 = &unknown0;
- init_lsa_String(&r.in.logname, "dns server");
- init_lsa_String(&r.in.servername, NULL);
- r.in.unknown2 = 0x00000001;
- r.in.unknown3 = 0x00000001;
+ init_lsa_String(&logname, "dns server");
+ init_lsa_String(&servername, NULL);
+ r.in.logname = &logname;
+ r.in.servername = &servername;
+ r.in.major_version = 0x00000001;
+ r.in.minor_version = 0x00000001;
r.out.handle = handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_OpenEventLogW(p, tctx, &r),
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_OpenEventLogW(p, tctx, &r),
"OpenEventLog failed");
torture_assert_ntstatus_ok(tctx, r.out.result, "OpenEventLog failed");
struct eventlog_GetNumRecords r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
+ uint32_t number = 0;
if (!get_policy_handle(tctx, p, &handle))
return false;
+ ZERO_STRUCT(r);
r.in.handle = &handle;
+ r.out.number = &number;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_GetNumRecords(p, tctx, &r),
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_GetNumRecords(p, tctx, &r),
"GetNumRecords failed");
- torture_comment(tctx, talloc_asprintf(tctx, "%d records\n", *r.out.number));
+ torture_comment(tctx, "%d records\n", *r.out.number);
cr.in.handle = cr.out.handle = &handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
- "CloseEventLog failed");
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
return true;
}
-static bool test_ReadEventLog(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_ReadEventLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
NTSTATUS status;
struct eventlog_ReadEventLogW r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
+ uint32_t sent_size = 0;
+ uint32_t real_size = 0;
+
if (!get_policy_handle(tctx, p, &handle))
return false;
+ ZERO_STRUCT(r);
r.in.offset = 0;
r.in.handle = &handle;
- r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
+ r.in.flags = 0;
+ r.out.data = NULL;
+ r.out.sent_size = &sent_size;
+ r.out.real_size = &real_size;
+
+ status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
+
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+ "ReadEventLog failed");
while (1) {
DATA_BLOB blob;
- struct eventlog_Record rec;
- struct ndr_pull *ndr;
+ struct EVENTLOGRECORD rec;
+ enum ndr_err_code ndr_err;
+ uint32_t size = 0;
+ uint32_t pos = 0;
/* Read first for number of bytes in record */
r.in.number_of_bytes = 0;
+ r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
r.out.data = NULL;
+ r.out.sent_size = &sent_size;
+ r.out.real_size = &real_size;
status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
+ /* FIXME: still need to decode then */
break;
}
- torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
-
torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
"ReadEventLog failed");
-
+
/* Now read the actual record */
r.in.number_of_bytes = *r.out.real_size;
- r.out.data = talloc_size(tctx, r.in.number_of_bytes);
+ r.out.data = talloc_array(tctx, uint8_t, r.in.number_of_bytes);
status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
-
+
/* Decode a user-marshalled record */
+ size = IVAL(r.out.data, pos);
- blob.length = *r.out.sent_size;
- blob.data = talloc_steal(tctx, r.out.data);
+ while (size > 0) {
- ndr = ndr_pull_init_blob(&blob, tctx);
+ blob = data_blob_const(r.out.data + pos, size);
+ dump_data(0, blob.data, blob.length);
- status = ndr_pull_eventlog_Record(
- ndr, NDR_SCALARS|NDR_BUFFERS, &rec);
+ ndr_err = ndr_pull_struct_blob_all(&blob, tctx,
+ lp_iconv_convenience(tctx->lp_ctx), &rec,
+ (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ torture_assert_ntstatus_ok(tctx, status,
+ "ReadEventLog failed parsing event log record");
+ }
- NDR_PRINT_DEBUG(eventlog_Record, &rec);
+ NDR_PRINT_DEBUG(EVENTLOGRECORD, &rec);
- torture_assert_ntstatus_ok(tctx, status,
+ pos += size;
+
+ if (pos + 4 > *r.out.sent_size) {
+ break;
+ }
+
+ size = IVAL(r.out.data, pos);
+ }
+
+ torture_assert_ntstatus_ok(tctx, status,
"ReadEventLog failed parsing event log record");
r.in.offset++;
cr.in.handle = cr.out.handle = &handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
- "CloseEventLog failed");
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
+
+ return true;
+}
+
+static bool test_ReportEventLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ struct eventlog_ReportEventW r;
+ struct eventlog_CloseEventLog cr;
+ struct policy_handle handle;
+
+ uint32_t record_number = 0;
+ time_t time_written = 0;
+ struct lsa_String servername, *strings;
+
+ if (!get_policy_handle(tctx, p, &handle))
+ return false;
+
+ init_lsa_String(&servername, NULL);
+
+ strings = talloc_array(tctx, struct lsa_String, 1);
+ init_lsa_String(&strings[0], "Currently tortured by samba 4");
+ ZERO_STRUCT(r);
+
+ r.in.handle = &handle;
+ r.in.timestamp = time(NULL);
+ r.in.event_type = EVENTLOG_INFORMATION_TYPE;
+ r.in.event_category = 0;
+ r.in.event_id = 0;
+ r.in.num_of_strings = 1;
+ r.in.data_size = 0;
+ r.in.servername = &servername;
+ r.in.user_sid = NULL;
+ r.in.strings = &strings;
+ r.in.data = NULL;
+ r.in.flags = 0;
+ r.in.record_number = r.out.record_number = &record_number;
+ r.in.time_written = r.out.time_written = &time_written;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_ReportEventW(p, tctx, &r),
+ "ReportEventW failed");
+
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ReportEventW failed");
+
+ cr.in.handle = cr.out.handle = &handle;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
return true;
}
-static bool test_FlushEventLog(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_FlushEventLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
struct eventlog_FlushEventLog r;
struct eventlog_CloseEventLog cr;
r.in.handle = &handle;
/* Huh? Does this RPC always return access denied? */
- torture_assert_ntstatus_equal(tctx,
+ torture_assert_ntstatus_equal(tctx,
dcerpc_eventlog_FlushEventLog(p, tctx, &r),
- NT_STATUS_ACCESS_DENIED,
+ NT_STATUS_ACCESS_DENIED,
"FlushEventLog failed");
cr.in.handle = cr.out.handle = &handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
- "CloseEventLog failed");
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
return true;
}
-static bool test_ClearEventLog(struct dcerpc_pipe *p, TALLOC_CTX *tctx)
+static bool test_ClearEventLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
struct eventlog_ClearEventLogW r;
struct eventlog_CloseEventLog cr;
return false;
r.in.handle = &handle;
- r.in.unknown = NULL;
+ r.in.backupfile = NULL;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
"ClearEventLog failed");
cr.in.handle = cr.out.handle = &handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
- "CloseEventLog failed");
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
return true;
}
-static bool test_OpenEventLog(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_GetLogInformation(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct eventlog_GetLogInformation r;
+ struct eventlog_CloseEventLog cr;
+ struct policy_handle handle;
+ uint32_t bytes_needed = 0;
+
+ if (!get_policy_handle(tctx, p, &handle))
+ return false;
+
+ r.in.handle = &handle;
+ r.in.level = 1;
+ r.in.buf_size = 0;
+ r.out.buffer = NULL;
+ r.out.bytes_needed = &bytes_needed;
+
+ status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
+
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_LEVEL,
+ "GetLogInformation failed");
+
+ r.in.level = 0;
+
+ status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
+
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_BUFFER_TOO_SMALL,
+ "GetLogInformation failed");
+
+ r.in.buf_size = bytes_needed;
+ r.out.buffer = talloc_array(tctx, uint8_t, bytes_needed);
+
+ status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
+
+ torture_assert_ntstatus_ok(tctx, status, "GetLogInformation failed");
+
+ cr.in.handle = cr.out.handle = &handle;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
+
+ return true;
+}
+
+
+static bool test_OpenEventLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
struct policy_handle handle;
struct eventlog_CloseEventLog cr;
cr.in.handle = cr.out.handle = &handle;
- torture_assert_ntstatus_ok(tctx,
- dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
- "CloseEventLog failed");
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
return true;
}
-struct torture_suite *torture_rpc_eventlog(void)
+static bool test_BackupLog(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct policy_handle handle, backup_handle;
+ struct eventlog_BackupEventLogW r;
+ struct eventlog_OpenBackupEventLogW b;
+ struct eventlog_CloseEventLog cr;
+ const char *tmp;
+ struct lsa_String backup_filename;
+ struct eventlog_OpenUnknown0 unknown0;
+
+ if (!get_policy_handle(tctx, p, &handle))
+ return false;
+
+ tmp = talloc_asprintf(tctx, "C:\\%s", TEST_BACKUP_NAME);
+ init_lsa_String(&backup_filename, tmp);
+
+ r.in.handle = &handle;
+ r.in.backup_filename = &backup_filename;
+
+ status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
+ torture_assert_ntstatus_equal(tctx, status,
+ NT_STATUS_OBJECT_PATH_SYNTAX_BAD, "BackupEventLogW failed");
+
+ tmp = talloc_asprintf(tctx, "\\??\\C:\\%s", TEST_BACKUP_NAME);
+ init_lsa_String(&backup_filename, tmp);
+
+ r.in.handle = &handle;
+ r.in.backup_filename = &backup_filename;
+
+ status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "BackupEventLogW failed");
+
+ status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
+ torture_assert_ntstatus_equal(tctx, status,
+ NT_STATUS_OBJECT_NAME_COLLISION, "BackupEventLogW failed");
+
+ cr.in.handle = cr.out.handle = &handle;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "BackupLog failed");
+
+ unknown0.unknown0 = 0x005c;
+ unknown0.unknown1 = 0x0001;
+
+ b.in.unknown0 = &unknown0;
+ b.in.backup_logname = &backup_filename;
+ b.in.major_version = 1;
+ b.in.minor_version = 1;
+ b.out.handle = &backup_handle;
+
+ status = dcerpc_eventlog_OpenBackupEventLogW(p, tctx, &b);
+
+ torture_assert_ntstatus_ok(tctx, status, "OpenBackupEventLogW failed");
+
+ cr.in.handle = cr.out.handle = &backup_handle;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
+ "CloseEventLog failed");
+
+ return true;
+}
+
+struct torture_suite *torture_rpc_eventlog(TALLOC_CTX *mem_ctx)
{
struct torture_suite *suite;
- struct torture_tcase *tcase;
+ struct torture_rpc_tcase *tcase;
+ struct torture_test *test;
- suite = torture_suite_create(talloc_autofree_context(), "EVENTLOG");
- tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
- &dcerpc_table_eventlog);
+ suite = torture_suite_create(mem_ctx, "EVENTLOG");
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
+ &ndr_table_eventlog);
torture_rpc_tcase_add_test(tcase, "OpenEventLog", test_OpenEventLog);
-
-#if 0
- /* Destructive test */
- torture_rpc_tcase_add_test(tcase, "ClearEventLog", test_ClearEventLog);
-#endif
-
+ test = torture_rpc_tcase_add_test(tcase, "ClearEventLog",
+ test_ClearEventLog);
+ test->dangerous = true;
torture_rpc_tcase_add_test(tcase, "GetNumRecords", test_GetNumRecords);
torture_rpc_tcase_add_test(tcase, "ReadEventLog", test_ReadEventLog);
+ torture_rpc_tcase_add_test(tcase, "ReportEventLog", test_ReportEventLog);
torture_rpc_tcase_add_test(tcase, "FlushEventLog", test_FlushEventLog);
+ torture_rpc_tcase_add_test(tcase, "GetLogIntormation", test_GetLogInformation);
+ torture_rpc_tcase_add_test(tcase, "BackupLog", test_BackupLog);
return suite;
}