sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-19 21:57:57 +03:00
Code
samba-mirror/source3/rpc_parse/parse_eventlog.c

194 lines
5.8 KiB
C
Raw Normal View History

r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Marcin Krzysztof Porwit 2005.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 19:25:36 +00:00
* the Free Software Foundation; either version 3 of the License, or
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-07-10 05:23:25 +00:00
* along with this program; if not, see <http://www.gnu.org/licenses/>.
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_PARSE
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
/********************************************************************
********************************************************************/
RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-18 17:40:25 -07:00
bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u,
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
prs_struct *ps, int depth)
{
if(q_u == NULL)
return False;
prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog");
depth++;
if(!(prs_align(ps)))
return False;
if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
return False;
if(!(prs_uint32("read flags", ps, depth, &(q_u->flags))))
return False;
if(!(prs_uint32("read offset", ps, depth, &(q_u->offset))))
return False;
if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size))))
return False;
return True;
}
r7880: fix a typo and memleak on failures cases (patch from marcin) (This used to be commit 6ff0fa0b4385481f2212047d80ca17b55d996def)
2005-06-24 15:49:02 +00:00
/** Structure of response seems to be:
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
for i=0..n
EVENTLOGRECORD record
DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise
DWORD real_size -- 0 if records returned, otherwise length of next record to be returned
WERROR status */
RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-18 17:40:25 -07:00
bool eventlog_io_r_read_eventlog(const char *desc,
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
EVENTLOG_Q_READ_EVENTLOG *q_u,
EVENTLOG_R_READ_EVENTLOG *r_u,
prs_struct *ps,
int depth)
{
Eventlog_entry *entry;
uint32 record_written = 0;
uint32 record_total = 0;
if(r_u == NULL)
return False;
prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog");
depth++;
/* First, see if we've read more logs than we can output */
if(r_u->num_bytes_in_resp > q_u->max_read_size) {
entry = r_u->entry;
/* remove the size of the last entry from the list */
while(entry->next != NULL)
entry = entry->next;
r_u->num_bytes_in_resp -= entry->record.length;
/* do not output the last log entry */
r_u->num_records--;
}
entry = r_u->entry;
record_total = r_u->num_records;
if(r_u->num_bytes_in_resp != 0)
r_u->sent_size = r_u->num_bytes_in_resp;
else
r6680: event log patches from Marcin (This used to be commit a71e104af84810f488f42cb0843976961e6f6ebe)
2005-05-09 13:51:44 +00:00
r_u->real_size = r_u->bytes_in_next_record;
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
if(!(prs_align(ps)))
return False;
if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size))))
return False;
while(entry != NULL && record_written < record_total)
{
r11760: fix sequential reads in the eventlog; event viewer is behaving better now as well but needs more testing (This used to be commit ba2f94aeae1f8e69d53fc360785adf222a8c9c6e)
2005-11-17 17:41:02 +00:00
DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total));
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
/* Encode the actual eventlog record record */
if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
return False;
if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
return False;
if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
return False;
if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
return False;
if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
return False;
if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
return False;
if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
return False;
if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
return False;
if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
return False;
if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
return False;
if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
return False;
if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
return False;
if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
return False;
if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
return False;
if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
return False;
if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
return False;
if(!(prs_align(ps)))
return False;
/* Now encoding data */
if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
{
return False;
}
if(!(prs_align(ps)))
return False;
if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
return False;
entry = entry->next;
record_written++;
} /* end of encoding EVENTLOGRECORD */
/* Now pad with whitespace until the end of the response buffer */
r16601: Klocwork #2038. Fix memleak on error path. Jeremy. (This used to be commit 934dddb2fa9fb60a87c0b0be81db97f2b59c7cb0)
2006-06-28 02:12:53 +00:00
if (q_u->max_read_size - r_u->num_bytes_in_resp) {
r22542: Move over to using the _strict varients of the talloc calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-04-27 23:18:41 +00:00
if (!r_u->end_of_entries_padding) {
return False;
}
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
r16601: Klocwork #2038. Fix memleak on error path. Jeremy. (This used to be commit 934dddb2fa9fb60a87c0b0be81db97f2b59c7cb0)
2006-06-28 02:12:53 +00:00
if(!(prs_uint8s(False, "end of entries padding", ps,
depth, r_u->end_of_entries_padding,
(q_u->max_read_size - r_u->num_bytes_in_resp)))) {
free(r_u->end_of_entries_padding);
return False;
}
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
r16601: Klocwork #2038. Fix memleak on error path. Jeremy. (This used to be commit 934dddb2fa9fb60a87c0b0be81db97f2b59c7cb0)
2006-06-28 02:12:53 +00:00
free(r_u->end_of_entries_padding);
}
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
/* We had better be DWORD aligned here */
if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size))))
return False;
if(!(prs_uint32("real size", ps, depth, &(r_u->real_size))))
return False;
r11332: eventlog API uses NTSTATUS, not WERROR for return codes (This used to be commit f5f40633bc3f641a0fef4934375d0d829899b0d7)
2005-10-27 13:30:23 +00:00
if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2005-03-23 23:26:33 +00:00
return False;
return True;
}
Copy Permalink