[SCM] Samba Shared Repository - branch master updated -
8cddcefb134ce33b853f45c7512aa78b5d720f23
Günther Deschner
gd at samba.org
Thu Jan 8 18:39:20 GMT 2009
The branch, master has been updated
via 8cddcefb134ce33b853f45c7512aa78b5d720f23 (commit)
via 252d271fe4cec0cbacf97e74a4b4a5885d3aece5 (commit)
via dad5141c780db931fe28df8ae2bc771ded7c3896 (commit)
via c0f1309010b79be67557af5ffbd1c429a3f3d99a (commit)
from c07ea13d3077f73ad6cb28e9689b120bca6eac74 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8cddcefb134ce33b853f45c7512aa78b5d720f23
Author: Günther Deschner <gd at samba.org>
Date: Thu Jan 8 19:13:22 2009 +0100
s3-rpcclient: add eventlog test client.
Guenther
commit 252d271fe4cec0cbacf97e74a4b4a5885d3aece5
Author: Günther Deschner <gd at samba.org>
Date: Thu Jan 8 19:12:59 2009 +0100
s3-eventlog: minor cosmetics.
Guenther
commit dad5141c780db931fe28df8ae2bc771ded7c3896
Author: Günther Deschner <gd at samba.org>
Date: Thu Jan 8 18:39:12 2009 +0100
s3-eventlog: trying to make eventlog_io_q_read_eventlog readable.
Guenther
commit c0f1309010b79be67557af5ffbd1c429a3f3d99a
Author: Günther Deschner <gd at samba.org>
Date: Thu Jan 8 18:02:51 2009 +0100
s3-eventlog: trying to avoid to pass around full ndr structures in rpc_server.
Jerry, please check.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 2 +-
source3/rpc_parse/parse_eventlog.c | 113 ++++++++++++---------
source3/rpc_server/srv_eventlog_nt.c | 21 +++--
source3/rpcclient/cmd_eventlog.c | 189 ++++++++++++++++++++++++++++++++++
source3/rpcclient/rpcclient.c | 2 +
5 files changed, 272 insertions(+), 55 deletions(-)
create mode 100644 source3/rpcclient/cmd_eventlog.c
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index fdddf36..33d0959 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -800,7 +800,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_dssetup.o rpcclient/cmd_echo.o \
rpcclient/cmd_shutdown.o rpcclient/cmd_test.o \
rpcclient/cmd_wkssvc.o rpcclient/cmd_ntsvcs.o \
- rpcclient/cmd_drsuapi.o \
+ rpcclient/cmd_drsuapi.o rpcclient/cmd_eventlog.o \
$(DISPLAY_SEC_OBJ)
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c
index 2ff217e..a55993c 100644
--- a/source3/rpc_parse/parse_eventlog.c
+++ b/source3/rpc_parse/parse_eventlog.c
@@ -51,6 +51,70 @@ bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u
return True;
}
+
+static bool smb_io_eventlog_entry(const char *name, prs_struct *ps, int depth, Eventlog_entry *entry)
+{
+ if(entry == NULL)
+ return False;
+
+ prs_debug(ps, depth, name, "smb_io_eventlog_entry");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
+ return False;
+ if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
+ return False;
+ if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
+ return False;
+ if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
+ return False;
+ if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
+ return False;
+ if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
+ return False;
+ if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
+ return False;
+ if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
+ return False;
+ if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
+ return False;
+ if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
+ return False;
+ if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
+ return False;
+ if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
+ return False;
+ if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
+ return False;
+ if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
+ return False;
+ if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
+ return False;
+ if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
+ return False;
+ if(!(prs_align(ps)))
+ return False;
+
+ /* Now encoding data */
+
+ if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
+ entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
+ {
+ return False;
+ }
+
+ if(!(prs_align(ps)))
+ return False;
+
+ if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
+ return False;
+
+ return True;
+}
+
/** Structure of response seems to be:
DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
for i=0..n
@@ -110,53 +174,8 @@ bool eventlog_io_r_read_eventlog(const char *desc,
/* Encode the actual eventlog record record */
- if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
- return False;
- if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
- return False;
- if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
- return False;
- if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
- return False;
- if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
- return False;
- if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
- return False;
- if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
- return False;
- if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
- return False;
- if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
- return False;
- if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
- return False;
- if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
- return False;
- if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
- return False;
- if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
- return False;
- if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
- return False;
- if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
- return False;
- if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
- return False;
- if(!(prs_align(ps)))
- return False;
-
- /* Now encoding data */
-
- if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
- entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
- {
- return False;
- }
-
- if(!(prs_align(ps)))
- return False;
- if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
- return False;
+ if (!(smb_io_eventlog_entry("entry", ps, depth, entry)))
+ return false;
entry = entry->next;
record_written++;
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index d12b490..e5be325 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -581,15 +581,17 @@ static Eventlog_entry *read_package_entry( TALLOC_CTX *mem_ctx,
/********************************************************************
********************************************************************/
-static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u,
+static bool add_record_to_resp( Eventlog_entry *entry,
+ uint32_t *num_records,
+ uint32_t *num_bytes_in_resp,
Eventlog_entry * ee_new )
{
Eventlog_entry *insert_point;
- insert_point = r_u->entry;
+ insert_point = entry;
if ( NULL == insert_point ) {
- r_u->entry = ee_new;
+ entry = ee_new;
ee_new->next = NULL;
} else {
while ( ( NULL != insert_point->next ) ) {
@@ -598,8 +600,8 @@ static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u,
ee_new->next = NULL;
insert_point->next = ee_new;
}
- r_u->num_records++;
- r_u->num_bytes_in_resp += ee_new->record.length;
+ (*num_records)++;
+ *num_bytes_in_resp += ee_new->record.length;
return True;
}
@@ -703,9 +705,11 @@ NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
}
/********************************************************************
+ _eventlog_CloseEventLog
********************************************************************/
-NTSTATUS _eventlog_CloseEventLog( pipes_struct * p, struct eventlog_CloseEventLog *r )
+NTSTATUS _eventlog_CloseEventLog(pipes_struct * p,
+ struct eventlog_CloseEventLog *r)
{
return elog_close( p, r->in.handle );
}
@@ -780,7 +784,10 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
break;
}
- add_record_to_resp( r_u, ee_new );
+ add_record_to_resp( r_u->entry,
+ &r_u->num_records, &r_u->num_bytes_in_resp,
+ ee_new );
+
bytes_left -= ee_new->record.length;
TALLOC_FREE(entry);
num_records_read = r_u->num_records - num_records_read;
diff --git a/source3/rpcclient/cmd_eventlog.c b/source3/rpcclient/cmd_eventlog.c
new file mode 100644
index 0000000..a6254da
--- /dev/null
+++ b/source3/rpcclient/cmd_eventlog.c
@@ -0,0 +1,189 @@
+/*
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+
+ Copyright (C) Günther Deschner 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const char *log,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct eventlog_OpenUnknown0 unknown0;
+ struct lsa_String logname, servername;
+
+ unknown0.unknown0 = 0x005c;
+ unknown0.unknown1 = 0x0001;
+
+ init_lsa_String(&logname, log);
+ init_lsa_String(&servername, NULL);
+
+ status = rpccli_eventlog_OpenEventLogW(cli, mem_ctx,
+ &unknown0,
+ &logname,
+ &servername,
+ 0x00000001, /* major */
+ 0x00000001, /* minor */
+ handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc,
+ const char **argv)
+{
+ NTSTATUS status;
+ struct policy_handle handle;
+
+ uint32_t flags = EVENTLOG_BACKWARDS_READ |
+ EVENTLOG_SEQUENTIAL_READ;
+ uint32_t offset = 0;
+ uint32_t number_of_bytes = 0;
+ uint8_t *data = NULL;
+ uint32_t sent_size = 0;
+ uint32_t real_size = 0;
+
+ if (argc != 2) {
+ printf("Usage: %s logname\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ while (1) {
+ status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
+ &handle,
+ flags,
+ offset,
+ number_of_bytes,
+ data,
+ &sent_size,
+ &real_size);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
+ number_of_bytes = real_size;
+ data = talloc_array(mem_ctx, uint8_t, real_size);
+ continue;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ {
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ struct eventlog_Record rec;
+
+ blob = data_blob_const(data, sent_size);
+
+ ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL,
+ &rec,
+ (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ NDR_PRINT_DEBUG(eventlog_Record, &rec);
+ }
+
+ offset++;
+ }
+
+ return status;
+}
+
+static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc,
+ const char **argv)
+{
+ NTSTATUS status;
+ struct policy_handle handle;
+ uint32_t number = 0;
+
+ if (argc != 2) {
+ printf("Usage: %s logname\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = rpccli_eventlog_GetNumRecords(cli, mem_ctx,
+ &handle,
+ &number);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ printf("number of records: %d\n", number);
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc,
+ const char **argv)
+{
+ NTSTATUS status;
+ struct policy_handle handle;
+ uint32_t oldest_entry = 0;
+
+ if (argc != 2) {
+ printf("Usage: %s logname\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = rpccli_eventlog_GetOldestRecord(cli, mem_ctx,
+ &handle,
+ &oldest_entry);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ printf("oldest entry: %d\n", oldest_entry);
+
+ return NT_STATUS_OK;
+}
+
+struct cmd_set eventlog_commands[] = {
+ { "EVENTLOG" },
+ { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Read Eventlog", "" },
+ { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get number of records", "" },
+ { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get oldest record", "" },
+ { NULL }
+};
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index dc12500..640d5b3 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -521,6 +521,7 @@ extern struct cmd_set test_commands[];
extern struct cmd_set wkssvc_commands[];
extern struct cmd_set ntsvcs_commands[];
extern struct cmd_set drsuapi_commands[];
+extern struct cmd_set eventlog_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
@@ -537,6 +538,7 @@ static struct cmd_set *rpcclient_command_list[] = {
wkssvc_commands,
ntsvcs_commands,
drsuapi_commands,
+ eventlog_commands,
NULL
};
--
Samba Shared Repository
More information about the samba-cvs
mailing list