source3/rpc_server/eventlog/srv_eventlog_reg.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *
   4  *  Eventlog RPC server keys initialization
   5  *
   6  *  Copyright (c) 2005      Marcin Krzysztof Porwit
   7  *  Copyright (c) 2005      Brian Moran
   8  *  Copyright (c) 2005      Gerald (Jerry) Carter
   9  *  Copyright (c) 2011      Andreas Schneider <asn@samba.org>
  10  *
  11  *  This program is free software; you can redistribute it and/or modify
  12  *  it under the terms of the GNU General Public License as published by
  13  *  the Free Software Foundation; either version 3 of the License, or
  14  *  (at your option) any later version.
  15  *
  16  *  This program is distributed in the hope that it will be useful,
  17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  *  GNU General Public License for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License
  22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  23  */
  24
  25 #include "includes.h"
  26 #include "../librpc/gen_ndr/ndr_winreg_c.h"
  27 #include "rpc_client/cli_winreg_int.h"
  28 #include "rpc_client/cli_winreg.h"
  29 #include "rpc_server/eventlog/srv_eventlog_reg.h"
  30 #include "auth.h"
  31
  32 #undef DBGC_CLASS
  33 #define DBGC_CLASS DBGC_REGISTRY
  34
  35 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
  36
  37 bool eventlog_init_winreg(struct messaging_context *msg_ctx)
  38 {
  39         struct dcerpc_binding_handle *h = NULL;
  40         uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
  41         struct policy_handle hive_hnd, key_hnd;
  42         uint32_t uiMaxSize = 0x00080000;
  43         uint32_t uiRetention = 0x93A80;
  44         const char **elogs = lp_eventlog_list();
  45         const char **subkeys = NULL;
  46         uint32_t num_subkeys = 0;
  47         uint32_t i;
  48         char *key = NULL;
  49         NTSTATUS status;
  50         WERROR result = WERR_OK;
  51         bool ok = false;
  52         TALLOC_CTX *tmp_ctx;
  53
  54         tmp_ctx = talloc_stackframe();
  55         if (tmp_ctx == NULL) {
  56                 return false;
  57         }
  58
  59         DEBUG(3, ("Initialise the eventlog registry keys if needed.\n"));
  60
  61         key = talloc_strdup(tmp_ctx, TOP_LEVEL_EVENTLOG_KEY);
  62
  63         status = dcerpc_winreg_int_hklm_openkey(tmp_ctx,
  64                                                 get_session_info_system(),
  65                                                 msg_ctx,
  66                                                 &h,
  67                                                 key,
  68                                                 false,
  69                                                 access_mask,
  70                                                 &hive_hnd,
  71                                                 &key_hnd,
  72                                                 &result);
  73         if (!NT_STATUS_IS_OK(status)) {
  74                 DEBUG(0, ("eventlog_init_winreg: Could not open %s - %s\n",
  75                           key, nt_errstr(status)));
  76                 goto done;
  77         }
  78         if (!W_ERROR_IS_OK(result)) {
  79                 DEBUG(0, ("eventlog_init_winreg: Could not open %s - %s\n",
  80                           key, win_errstr(result)));
  81                 goto done;
  82         }
  83
  84         status = dcerpc_winreg_enum_keys(tmp_ctx,
  85                                          h,
  86                                          &key_hnd,
  87                                          &num_subkeys,
  88                                          &subkeys,
  89                                          &result);
  90         if (!NT_STATUS_IS_OK(status)) {
  91                 DEBUG(0, ("eventlog_init_winreg: Could enum keys at %s - %s\n",
  92                           key, nt_errstr(status)));
  93                 goto done;
  94         }
  95         if (!W_ERROR_IS_OK(result)) {
  96                 DEBUG(0, ("eventlog_init_winreg: Could enum keys at %s - %s\n",
  97                           key, win_errstr(result)));
  98                 goto done;
  99         }
 100
 101         if (is_valid_policy_hnd(&key_hnd)) {
 102                 dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 103         }
 104
 105         /* create subkeys if they don't exist */
 106         while (elogs && *elogs) {
 107                 enum winreg_CreateAction action = REG_ACTION_NONE;
 108                 char *evt_tdb = NULL;
 109                 struct winreg_String wkey;
 110                 struct winreg_String wkeyclass;
 111                 bool skip = false;
 112
 113                 for (i = 0; i < num_subkeys; i++) {
 114                         if (strequal(subkeys[i], *elogs)) {
 115                                 skip = true;
 116                         }
 117                 }
 118
 119                 if (skip) {
 120                         elogs++;
 121                         continue;
 122                 }
 123
 124                 ZERO_STRUCT(key_hnd);
 125                 ZERO_STRUCT(wkey);
 126
 127                 wkey.name = talloc_asprintf(tmp_ctx, "%s\\%s", key, *elogs);
 128                 if (wkey.name == NULL) {
 129                         result = WERR_NOMEM;
 130                         goto done;
 131                 }
 132
 133                 ZERO_STRUCT(wkeyclass);
 134                 wkeyclass.name = "";
 135
 136
 137                 status = dcerpc_winreg_CreateKey(h,
 138                                                  tmp_ctx,
 139                                                  &hive_hnd,
 140                                                  wkey,
 141                                                  wkeyclass,
 142                                                  0,
 143                                                  access_mask,
 144                                                  NULL,
 145                                                  &key_hnd,
 146                                                  &action,
 147                                                  &result);
 148                 if (!NT_STATUS_IS_OK(status)) {
 149                         DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 150                                 wkey.name, nt_errstr(status)));
 151                         goto done;
 152                 }
 153                 if (!W_ERROR_IS_OK(result)) {
 154                         DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 155                                 wkey.name, win_errstr(result)));
 156                         goto done;
 157                 }
 158
 159                 status = dcerpc_winreg_set_dword(tmp_ctx,
 160                                                  h,
 161                                                  &key_hnd,
 162                                                  "MaxSize",
 163                                                  uiMaxSize,
 164                                                  &result);
 165
 166                 status = dcerpc_winreg_set_dword(tmp_ctx,
 167                                                  h,
 168                                                  &key_hnd,
 169                                                  "Retention",
 170                                                  uiRetention,
 171                                                  &result);
 172
 173                 status = dcerpc_winreg_set_sz(tmp_ctx,
 174                                               h,
 175                                               &key_hnd,
 176                                               "PrimaryModule",
 177                                               *elogs,
 178                                               &result);
 179
 180                 evt_tdb = talloc_asprintf(tmp_ctx,
 181                                           "%%SystemRoot%%\\system32\\config\\%s.tdb",
 182                                           *elogs);
 183                 if (evt_tdb == NULL) {
 184                         goto done;
 185                 }
 186                 status = dcerpc_winreg_set_expand_sz(tmp_ctx,
 187                                                      h,
 188                                                      &key_hnd,
 189                                                      "File",
 190                                                      evt_tdb,
 191                                                      &result);
 192                 TALLOC_FREE(evt_tdb);
 193
 194                 status = dcerpc_winreg_add_multi_sz(tmp_ctx,
 195                                                     h,
 196                                                     &key_hnd,
 197                                                     "Sources",
 198                                                     *elogs,
 199                                                     &result);
 200
 201                 if (is_valid_policy_hnd(&key_hnd)) {
 202                         dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 203                 }
 204
 205                 /* sub-subkeys */
 206                 {
 207                         uint32_t uiCategoryCount = 0x00000007;
 208
 209                         wkey.name = talloc_asprintf(tmp_ctx,
 210                                                     "%s\\%s",
 211                                                     wkey.name, *elogs);
 212                         if (wkey.name == NULL) {
 213                                 result = WERR_NOMEM;
 214                                 goto done;
 215                         }
 216
 217                         status = dcerpc_winreg_CreateKey(h,
 218                                                          tmp_ctx,
 219                                                          &hive_hnd,
 220                                                          wkey,
 221                                                          wkeyclass,
 222                                                          0,
 223                                                          access_mask,
 224                                                          NULL,
 225                                                          &key_hnd,
 226                                                          &action,
 227                                                          &result);
 228                         if (!NT_STATUS_IS_OK(status)) {
 229                                 DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 230                                         wkey.name, nt_errstr(status)));
 231                                 goto done;
 232                         }
 233                         if (!W_ERROR_IS_OK(result)) {
 234                                 DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 235                                         wkey.name, win_errstr(result)));
 236                                 goto done;
 237                         }
 238
 239                         status = dcerpc_winreg_set_dword(tmp_ctx,
 240                                                          h,
 241                                                          &key_hnd,
 242                                                          "CategoryCount",
 243                                                          uiCategoryCount,
 244                                                          &result);
 245
 246                         status = dcerpc_winreg_set_expand_sz(tmp_ctx,
 247                                                              h,
 248                                                              &key_hnd,
 249                                                              "CategoryMessageFile",
 250                                                              "%SystemRoot%\\system32\\eventlog.dll",
 251                                                              &result);
 252
 253                         if (is_valid_policy_hnd(&key_hnd)) {
 254                                 dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 255                         }
 256                 }
 257
 258                 elogs++;
 259         } /* loop */
 260
 261         ok = true;
 262 done:
 263         TALLOC_FREE(tmp_ctx);
 264         return ok;
 265 }
 266
 267 /* vim: set ts=8 sw=8 noet cindent syntax=c.doxygen: */