2008-11-20 13:33:24 +01:00
/*
2005-03-23 23:26:33 +00:00
* Unix SMB / CIFS implementation .
* RPC Pipe client / server routines
2005-09-30 17:13:37 +00:00
* Copyright ( C ) Marcin Krzysztof Porwit 2005 ,
2005-10-06 17:48:03 +00:00
* Copyright ( C ) Brian Moran 2005 ,
2005-09-30 17:13:37 +00:00
* Copyright ( C ) Gerald ( Jerry ) Carter 2005.
2009-01-16 12:48:11 +01:00
* Copyright ( C ) Guenther Deschner 2009.
2008-11-20 13:33:24 +01:00
*
2005-03-23 23:26:33 +00:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2005-03-23 23:26:33 +00:00
* ( at your option ) any later version .
2008-11-20 13:33:24 +01:00
*
2005-03-23 23:26:33 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2008-11-20 13:33:24 +01:00
*
2005-03-23 23:26:33 +00:00
* You should have received a copy of the GNU General Public License
2007-07-10 05:23:25 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2005-03-23 23:26:33 +00:00
*/
2005-10-06 17:48:03 +00:00
2005-03-23 23:26:33 +00:00
# include "includes.h"
2011-10-07 19:00:29 +02:00
# include "system/passwd.h" /* uid_wrapper */
2011-05-02 13:21:53 +02:00
# include "ntdomain.h"
2009-11-26 18:21:28 +01:00
# include "../librpc/gen_ndr/srv_eventlog.h"
2010-05-06 11:42:52 +02:00
# include "lib/eventlog/eventlog.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2011-01-27 15:32:48 +01:00
# include "../librpc/gen_ndr/ndr_winreg_c.h"
# include "rpc_client/cli_winreg_int.h"
# include "rpc_client/cli_winreg.h"
2011-03-22 23:49:33 +01:00
# include "smbd/smbd.h"
2011-03-24 12:08:15 +01:00
# include "auth.h"
2011-05-05 11:25:29 +02:00
# include "util_tdb.h"
2005-03-23 23:26:33 +00:00
2005-10-06 17:48:03 +00:00
# undef DBGC_CLASS
2005-03-23 23:26:33 +00:00
# define DBGC_CLASS DBGC_RPC_SRV
2011-01-27 15:32:48 +01:00
# define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
2005-09-30 17:13:37 +00:00
typedef struct {
char * logname ;
2005-11-17 20:08:59 +00:00
ELOG_TDB * etdb ;
2005-11-17 17:41:02 +00:00
uint32 current_record ;
2005-09-30 17:13:37 +00:00
uint32 num_records ;
uint32 oldest_entry ;
uint32 flags ;
2005-10-14 16:07:00 +00:00
uint32 access_granted ;
} EVENTLOG_INFO ;
2005-09-30 17:13:37 +00:00
2005-10-14 16:07:00 +00:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-10-06 17:48:03 +00:00
2009-01-07 17:56:08 +01:00
static int eventlog_info_destructor ( EVENTLOG_INFO * elog )
2005-10-14 16:07:00 +00:00
{
2009-01-07 17:56:08 +01:00
if ( elog - > etdb ) {
elog_close_tdb ( elog - > etdb , false ) ;
}
return 0 ;
}
2008-11-20 13:33:24 +01:00
2005-09-30 17:13:37 +00:00
/********************************************************************
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-10-14 16:07:00 +00:00
2010-07-28 09:48:08 +02:00
static EVENTLOG_INFO * find_eventlog_info_by_hnd ( struct pipes_struct * p ,
2009-03-18 22:49:41 +01:00
struct policy_handle * handle )
2005-10-06 17:48:03 +00:00
{
2005-10-14 16:07:00 +00:00
EVENTLOG_INFO * info ;
2005-12-03 06:46:46 +00:00
if ( ! find_policy_by_hnd ( p , handle , ( void * * ) ( void * ) & info ) ) {
2005-10-14 16:07:00 +00:00
DEBUG ( 2 ,
( " find_eventlog_info_by_hnd: eventlog not found. \n " ) ) ;
return NULL ;
2005-10-06 17:48:03 +00:00
}
2005-10-14 16:07:00 +00:00
return info ;
2005-10-06 17:48:03 +00:00
}
/********************************************************************
2005-10-14 16:07:00 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2010-09-04 08:37:21 +10:00
static bool elog_check_access ( EVENTLOG_INFO * info , const struct security_token * token )
2005-03-23 23:26:33 +00:00
{
2007-11-27 11:22:58 -08:00
char * tdbname = elog_tdbname ( talloc_tos ( ) , info - > logname ) ;
2010-05-18 10:29:34 +02:00
struct security_descriptor * sec_desc ;
2010-06-01 23:02:13 +02:00
struct security_ace * ace ;
2008-10-31 10:51:45 -07:00
NTSTATUS status ;
2008-11-20 13:33:24 +01:00
if ( ! tdbname )
2005-10-14 16:07:00 +00:00
return False ;
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* get the security descriptor for the file */
2008-11-20 13:33:24 +01:00
2012-11-13 12:48:53 -08:00
status = get_nt_acl_no_snum ( info ,
tdbname ,
SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL ,
& sec_desc ) ;
2008-11-11 14:38:59 -08:00
TALLOC_FREE ( tdbname ) ;
2008-11-20 13:33:24 +01:00
2012-11-13 12:48:53 -08:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 5 , ( " elog_check_access: Unable to get NT ACL for %s: %s \n " ,
tdbname , nt_errstr ( status ) ) ) ;
2005-10-14 16:07:00 +00:00
return False ;
}
2008-11-20 13:33:24 +01:00
2010-06-01 23:02:13 +02:00
ace = talloc_zero ( sec_desc , struct security_ace ) ;
if ( ace = = NULL ) {
TALLOC_FREE ( sec_desc ) ;
return false ;
}
ace - > type = SEC_ACE_TYPE_ACCESS_ALLOWED ;
ace - > flags = 0 ;
ace - > access_mask = REG_KEY_ALL ;
ace - > trustee = global_sid_System ;
status = security_descriptor_dacl_add ( sec_desc , ace ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( sec_desc ) ;
return false ;
}
2005-10-19 02:50:45 +00:00
/* root free pass */
if ( geteuid ( ) = = sec_initial_uid ( ) ) {
2010-06-01 23:02:13 +02:00
DEBUG ( 5 , ( " elog_check_access: running as root, using system token \n " ) ) ;
token = get_system_token ( ) ;
2005-10-19 02:50:45 +00:00
}
2005-10-14 16:07:00 +00:00
/* run the check, try for the max allowed */
2008-11-20 13:33:24 +01:00
2008-10-31 10:51:45 -07:00
status = se_access_check ( sec_desc , token , MAXIMUM_ALLOWED_ACCESS ,
& info - > access_granted ) ;
2008-11-20 13:33:24 +01:00
2010-06-01 23:02:13 +02:00
TALLOC_FREE ( sec_desc ) ;
2008-11-20 13:33:24 +01:00
2008-10-31 10:51:45 -07:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-14 16:07:00 +00:00
DEBUG ( 8 , ( " elog_check_access: se_access_check() return %s \n " ,
2008-10-31 10:51:45 -07:00
nt_errstr ( status ) ) ) ;
2005-10-14 16:07:00 +00:00
return False ;
}
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* we have to have READ permission for a successful open */
2008-11-20 13:33:24 +01:00
2010-06-02 23:57:09 +02:00
return ( info - > access_granted & SEC_FILE_READ_DATA ) ;
2005-10-14 16:07:00 +00:00
}
2005-09-30 17:13:37 +00:00
2005-10-14 16:07:00 +00:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2007-10-18 17:40:25 -07:00
static bool elog_validate_logname ( const char * name )
2005-10-14 16:07:00 +00:00
{
int i ;
const char * * elogs = lp_eventlog_list ( ) ;
2008-11-20 13:33:24 +01:00
2007-06-22 19:33:46 +00:00
if ( ! elogs ) {
return False ;
}
2005-10-14 16:07:00 +00:00
for ( i = 0 ; elogs [ i ] ; i + + ) {
if ( strequal ( name , elogs [ i ] ) )
return True ;
2005-10-06 17:48:03 +00:00
}
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
return False ;
}
2005-10-06 17:48:03 +00:00
2005-11-17 17:41:02 +00:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static bool get_num_records_hook ( EVENTLOG_INFO * info )
2005-11-17 17:41:02 +00:00
{
int next_record ;
int oldest_record ;
2005-11-17 20:08:59 +00:00
if ( ! info - > etdb ) {
2005-11-17 17:41:02 +00:00
DEBUG ( 10 , ( " No open tdb for %s \n " , info - > logname ) ) ;
return False ;
}
/* lock the tdb since we have to get 2 records */
2006-04-17 11:49:06 +00:00
tdb_lock_bystring_with_timeout ( ELOG_TDB_CTX ( info - > etdb ) , EVT_NEXT_RECORD , 1 ) ;
2005-11-17 20:08:59 +00:00
next_record = tdb_fetch_int32 ( ELOG_TDB_CTX ( info - > etdb ) , EVT_NEXT_RECORD ) ;
oldest_record = tdb_fetch_int32 ( ELOG_TDB_CTX ( info - > etdb ) , EVT_OLDEST_ENTRY ) ;
tdb_unlock_bystring ( ELOG_TDB_CTX ( info - > etdb ) , EVT_NEXT_RECORD ) ;
2005-11-17 17:41:02 +00:00
DEBUG ( 8 ,
( " Oldest Record %d; Next Record %d \n " , oldest_record ,
next_record ) ) ;
info - > num_records = ( next_record - oldest_record ) ;
info - > oldest_entry = oldest_record ;
return True ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static bool get_oldest_entry_hook ( EVENTLOG_INFO * info )
2005-11-17 17:41:02 +00:00
{
/* it's the same thing */
return get_num_records_hook ( info ) ;
}
2005-10-14 16:07:00 +00:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-10-06 17:48:03 +00:00
2010-07-28 09:48:08 +02:00
static NTSTATUS elog_open ( struct pipes_struct * p , const char * logname , struct policy_handle * hnd )
2005-10-14 16:07:00 +00:00
{
EVENTLOG_INFO * elog ;
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* first thing is to validate the eventlog name */
2009-01-14 18:09:25 +01:00
2005-10-14 16:07:00 +00:00
if ( ! elog_validate_logname ( logname ) )
2005-10-27 13:30:23 +00:00
return NT_STATUS_OBJECT_PATH_INVALID ;
2008-11-20 13:33:24 +01:00
2011-06-07 11:44:43 +10:00
if ( ! ( elog = talloc_zero ( NULL , EVENTLOG_INFO ) ) )
2005-10-27 13:30:23 +00:00
return NT_STATUS_NO_MEMORY ;
2009-01-07 17:56:08 +01:00
talloc_set_destructor ( elog , eventlog_info_destructor ) ;
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
elog - > logname = talloc_strdup ( elog , logname ) ;
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* Open the tdb first (so that we can create any new tdbs if necessary).
2008-11-20 13:33:24 +01:00
We have to do this as root and then use an internal access check
2005-10-14 16:07:00 +00:00
on the file permissions since you can only have a tdb open once
in a single process */
become_root ( ) ;
2009-01-22 19:46:14 +01:00
elog - > etdb = elog_open_tdb ( elog - > logname , False , False ) ;
2005-10-14 16:07:00 +00:00
unbecome_root ( ) ;
2005-11-17 20:08:59 +00:00
if ( ! elog - > etdb ) {
2005-10-14 16:07:00 +00:00
/* according to MSDN, if the logfile cannot be found, we should
default to the " Application " log */
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
if ( ! strequal ( logname , ELOG_APPL ) ) {
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
TALLOC_FREE ( elog - > logname ) ;
2008-11-20 13:33:24 +01:00
elog - > logname = talloc_strdup ( elog , ELOG_APPL ) ;
2005-10-14 16:07:00 +00:00
/* do the access check */
2011-02-21 10:25:52 +01:00
if ( ! elog_check_access ( elog , p - > session_info - > security_token ) ) {
2005-10-14 16:07:00 +00:00
TALLOC_FREE ( elog ) ;
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-10-06 17:48:03 +00:00
}
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
become_root ( ) ;
2009-01-22 19:46:14 +01:00
elog - > etdb = elog_open_tdb ( elog - > logname , False , False ) ;
2005-10-14 16:07:00 +00:00
unbecome_root ( ) ;
2008-11-20 13:33:24 +01:00
}
2005-11-17 20:08:59 +00:00
if ( ! elog - > etdb ) {
2005-10-14 16:07:00 +00:00
TALLOC_FREE ( elog ) ;
2008-11-20 13:33:24 +01:00
return NT_STATUS_ACCESS_DENIED ; /* ??? */
2005-10-06 17:48:03 +00:00
}
}
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* now do the access check. Close the tdb if we fail here */
2005-09-30 17:13:37 +00:00
2011-02-21 10:25:52 +01:00
if ( ! elog_check_access ( elog , p - > session_info - > security_token ) ) {
2005-10-14 16:07:00 +00:00
TALLOC_FREE ( elog ) ;
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-10-14 16:07:00 +00:00
}
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* create the policy handle */
2008-11-20 13:33:24 +01:00
2009-01-07 18:44:52 +01:00
if ( ! create_policy_hnd ( p , hnd , elog ) ) {
TALLOC_FREE ( elog ) ;
2005-10-27 13:30:23 +00:00
return NT_STATUS_NO_MEMORY ;
2005-10-06 17:48:03 +00:00
}
2005-10-14 16:07:00 +00:00
2005-11-17 17:41:02 +00:00
/* set the initial current_record pointer */
if ( ! get_oldest_entry_hook ( elog ) ) {
DEBUG ( 3 , ( " elog_open: Successfully opened eventlog but can't "
" get any information on internal records! \n " ) ) ;
2008-11-20 13:33:24 +01:00
}
2005-11-17 17:41:02 +00:00
elog - > current_record = elog - > oldest_entry ;
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-09-30 17:13:37 +00:00
}
/********************************************************************
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-03-23 23:26:33 +00:00
2010-07-28 09:48:08 +02:00
static NTSTATUS elog_close ( struct pipes_struct * p , struct policy_handle * hnd )
2005-10-06 17:48:03 +00:00
{
2005-10-14 16:07:00 +00:00
if ( ! ( close_policy_hnd ( p , hnd ) ) ) {
2005-10-27 13:30:23 +00:00
return NT_STATUS_INVALID_HANDLE ;
2005-10-14 16:07:00 +00:00
}
2005-10-06 17:48:03 +00:00
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-10-14 16:07:00 +00:00
}
2005-10-06 17:48:03 +00:00
2005-10-14 16:07:00 +00:00
/*******************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-10-06 17:48:03 +00:00
2005-10-14 16:07:00 +00:00
static int elog_size ( EVENTLOG_INFO * info )
{
2005-11-17 20:08:59 +00:00
if ( ! info | | ! info - > etdb ) {
2005-10-14 16:07:00 +00:00
DEBUG ( 0 , ( " elog_size: Invalid info* structure! \n " ) ) ;
return 0 ;
2005-10-06 17:48:03 +00:00
}
2005-11-17 20:08:59 +00:00
return elog_tdb_size ( ELOG_TDB_CTX ( info - > etdb ) , NULL , NULL ) ;
2005-10-06 17:48:03 +00:00
}
2005-09-30 17:13:37 +00:00
/********************************************************************
2008-11-20 13:33:24 +01:00
note that this can only be called AFTER the table is constructed ,
2005-10-06 17:48:03 +00:00
since it uses the table to find the tdb handle
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2011-01-27 15:32:48 +01:00
static bool sync_eventlog_params ( TALLOC_CTX * mem_ctx ,
struct messaging_context * msg_ctx ,
EVENTLOG_INFO * info )
2005-03-23 23:26:33 +00:00
{
2011-01-27 15:32:48 +01:00
struct dcerpc_binding_handle * h = NULL ;
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
struct policy_handle hive_hnd , key_hnd ;
2010-06-29 16:13:15 +02:00
uint32_t uiMaxSize = 0 ;
uint32_t uiRetention = 0 ;
2011-01-27 15:32:48 +01:00
char * path = NULL ;
NTSTATUS status ;
WERROR wresult = WERR_OK ;
2005-10-14 16:07:00 +00:00
char * elogname = info - > logname ;
2011-01-27 15:32:48 +01:00
TALLOC_CTX * ctx ;
2008-01-17 01:47:00 +01:00
bool ret = false ;
2005-10-06 17:48:03 +00:00
2011-01-27 15:32:48 +01:00
ctx = talloc_stackframe ( ) ;
if ( ctx = = NULL ) {
return false ;
}
2005-10-06 17:48:03 +00:00
DEBUG ( 4 , ( " sync_eventlog_params with %s \n " , elogname ) ) ;
2005-09-30 17:13:37 +00:00
2005-11-17 20:08:59 +00:00
if ( ! info - > etdb ) {
2005-10-14 16:07:00 +00:00
DEBUG ( 4 , ( " No open tdb! (%s) \n " , info - > logname ) ) ;
2008-11-20 10:56:14 -08:00
goto done ;
2005-09-30 17:13:37 +00:00
}
/* set resonable defaults. 512Kb on size and 1 week on time */
2005-10-06 17:48:03 +00:00
2005-09-30 17:13:37 +00:00
uiMaxSize = 0x80000 ;
uiRetention = 604800 ;
2005-10-06 17:48:03 +00:00
2008-11-20 13:33:24 +01:00
/* the general idea is to internally open the registry
key and retrieve the values . That way we can continue
to use the same fetch / store api that we use in
2005-09-30 17:13:37 +00:00
srv_reg_nt . c */
2011-01-27 15:32:48 +01:00
path = talloc_asprintf ( ctx , " %s \\ %s " , TOP_LEVEL_EVENTLOG_KEY , elogname ) ;
2007-11-27 11:22:58 -08:00
if ( ! path ) {
2008-11-20 10:56:14 -08:00
goto done ;
2007-11-27 11:22:58 -08:00
}
2005-10-06 17:48:03 +00:00
2011-01-27 15:32:48 +01:00
status = dcerpc_winreg_int_hklm_openkey ( ctx ,
2011-02-21 10:25:52 +01:00
get_session_info_system ( ) ,
2011-01-27 15:32:48 +01:00
msg_ctx ,
& h ,
path ,
false ,
access_mask ,
& hive_hnd ,
& key_hnd ,
& wresult ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 4 , ( " sync_eventlog_params: Failed to open key [%s] (%s) \n " ,
path , nt_errstr ( status ) ) ) ;
goto done ;
}
2005-09-30 17:13:37 +00:00
if ( ! W_ERROR_IS_OK ( wresult ) ) {
2005-10-06 17:48:03 +00:00
DEBUG ( 4 ,
( " sync_eventlog_params: Failed to open key [%s] (%s) \n " ,
2008-11-01 17:19:26 +01:00
path , win_errstr ( wresult ) ) ) ;
2008-11-20 10:56:14 -08:00
goto done ;
2005-09-30 17:13:37 +00:00
}
2005-10-06 17:48:03 +00:00
2011-01-27 15:32:48 +01:00
status = dcerpc_winreg_query_dword ( ctx ,
h ,
& key_hnd ,
" Retention " ,
& uiRetention ,
& wresult ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 4 , ( " Failed to query value \" Retention \" : %s \n " ,
nt_errstr ( status ) ) ) ;
goto done ;
}
2008-01-17 01:47:00 +01:00
if ( ! W_ERROR_IS_OK ( wresult ) ) {
DEBUG ( 4 , ( " Failed to query value \" Retention \" : %s \n " ,
2008-11-01 17:19:26 +01:00
win_errstr ( wresult ) ) ) ;
2008-01-17 01:47:00 +01:00
goto done ;
2005-09-30 17:13:37 +00:00
}
2010-06-29 16:13:15 +02:00
2011-01-27 15:32:48 +01:00
status = dcerpc_winreg_query_dword ( ctx ,
h ,
& key_hnd ,
" MaxSize " ,
& uiMaxSize ,
& wresult ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 4 , ( " Failed to query value \" Retention \" : %s \n " ,
nt_errstr ( status ) ) ) ;
goto done ;
2010-06-29 16:13:15 +02:00
}
2008-01-17 01:47:00 +01:00
if ( ! W_ERROR_IS_OK ( wresult ) ) {
DEBUG ( 4 , ( " Failed to query value \" MaxSize \" : %s \n " ,
2008-11-01 17:19:26 +01:00
win_errstr ( wresult ) ) ) ;
2008-01-17 01:47:00 +01:00
goto done ;
}
2005-09-30 17:13:37 +00:00
2005-11-17 20:08:59 +00:00
tdb_store_int32 ( ELOG_TDB_CTX ( info - > etdb ) , EVT_MAXSIZE , uiMaxSize ) ;
tdb_store_int32 ( ELOG_TDB_CTX ( info - > etdb ) , EVT_RETENTION , uiRetention ) ;
2005-09-30 17:13:37 +00:00
2008-01-17 01:47:00 +01:00
ret = true ;
done :
2011-01-27 15:32:48 +01:00
if ( h ! = NULL ) {
WERROR ignore ;
if ( is_valid_policy_hnd ( & key_hnd ) ) {
dcerpc_winreg_CloseKey ( h , ctx , & key_hnd , & ignore ) ;
}
if ( is_valid_policy_hnd ( & hive_hnd ) ) {
dcerpc_winreg_CloseKey ( h , ctx , & hive_hnd , & ignore ) ;
}
}
2008-01-17 01:47:00 +01:00
TALLOC_FREE ( ctx ) ;
2008-01-29 15:06:59 -06:00
return ret ;
2005-03-23 23:26:33 +00:00
}
2005-09-30 17:13:37 +00:00
2005-10-06 17:48:03 +00:00
/********************************************************************
2008-02-04 11:10:18 +01:00
_eventlog_OpenEventLogW
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_OpenEventLogW ( struct pipes_struct * p ,
2008-02-04 11:10:18 +01:00
struct eventlog_OpenEventLogW * r )
2005-09-30 17:13:37 +00:00
{
2005-10-14 16:07:00 +00:00
EVENTLOG_INFO * info ;
2005-10-27 13:30:23 +00:00
NTSTATUS result ;
2005-09-30 17:13:37 +00:00
2009-01-14 18:09:25 +01:00
DEBUG ( 10 , ( " _eventlog_OpenEventLogW: Server [%s], Log [%s] \n " ,
r - > in . servername - > string , r - > in . logname - > string ) ) ;
2008-11-20 13:33:24 +01:00
2005-10-14 16:07:00 +00:00
/* according to MSDN, if the logfile cannot be found, we should
default to the " Application " log */
2008-11-20 13:33:24 +01:00
2009-01-14 18:09:25 +01:00
if ( ! NT_STATUS_IS_OK ( result = elog_open ( p , r - > in . logname - > string , r - > out . handle ) ) )
2005-10-27 13:30:23 +00:00
return result ;
2005-10-14 16:07:00 +00:00
2008-02-04 11:10:18 +01:00
if ( ! ( info = find_eventlog_info_by_hnd ( p , r - > out . handle ) ) ) {
2009-01-14 18:09:25 +01:00
DEBUG ( 0 , ( " _eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle! \n " ,
r - > in . logname - > string ) ) ;
2008-02-04 11:10:18 +01:00
elog_close ( p , r - > out . handle ) ;
2005-10-27 13:30:23 +00:00
return NT_STATUS_INVALID_HANDLE ;
2005-09-30 17:13:37 +00:00
}
2005-10-06 17:48:03 +00:00
2009-01-14 18:09:25 +01:00
DEBUG ( 10 , ( " _eventlog_OpenEventLogW: Size [%d] \n " , elog_size ( info ) ) ) ;
2005-10-06 17:48:03 +00:00
2011-01-27 15:32:48 +01:00
if ( ! sync_eventlog_params ( p - > mem_ctx ,
p - > msg_ctx ,
info ) ) {
2010-06-28 12:51:28 +02:00
elog_close ( p , r - > out . handle ) ;
return NT_STATUS_EVENTLOG_FILE_CORRUPT ;
}
2005-11-17 20:08:59 +00:00
prune_eventlog ( ELOG_TDB_CTX ( info - > etdb ) ) ;
2005-10-06 17:48:03 +00:00
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-03-23 23:26:33 +00:00
}
2005-09-30 17:13:37 +00:00
/********************************************************************
2008-02-04 10:53:59 +01:00
_eventlog_ClearEventLogW
2005-10-14 16:07:00 +00:00
This call still needs some work
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-04 10:55:14 +01:00
/** The windows client seems to be doing something funny with the file name
A call like
ClearEventLog ( handle , " backup_file " )
on the client side will result in the backup file name looking like this on the
server side :
\ ? ? \ $ { CWD of client } \ backup_file
If an absolute path gets specified , such as
ClearEventLog ( handle , " C: \\ temp \\ backup_file " )
then it is still mangled by the client into this :
\ ? ? \ C : \ temp \ backup_file
when it is on the wire .
I ' m not sure where the \ ? ? is coming from , or why the $ { CWD } of the client process
would be added in given that the backup file gets written on the server side . */
2005-09-30 17:13:37 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ClearEventLogW ( struct pipes_struct * p ,
2008-02-04 10:53:59 +01:00
struct eventlog_ClearEventLogW * r )
2005-03-23 23:26:33 +00:00
{
2008-02-04 10:53:59 +01:00
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
2005-03-23 23:26:33 +00:00
2005-10-14 16:07:00 +00:00
if ( ! info )
2005-10-27 13:30:23 +00:00
return NT_STATUS_INVALID_HANDLE ;
2005-03-23 23:26:33 +00:00
2008-02-04 10:53:59 +01:00
if ( r - > in . backupfile & & r - > in . backupfile - > string ) {
2009-01-14 18:09:25 +01:00
DEBUG ( 8 , ( " _eventlog_ClearEventLogW: Using [%s] as the backup "
2005-11-17 20:08:59 +00:00
" file name for log [%s]. " ,
2009-01-14 18:09:25 +01:00
r - > in . backupfile - > string , info - > logname ) ) ;
2005-10-14 16:07:00 +00:00
}
2005-03-23 23:26:33 +00:00
2005-11-17 20:08:59 +00:00
/* check for WRITE access to the file */
2010-06-02 23:57:09 +02:00
if ( ! ( info - > access_granted & SEC_FILE_WRITE_DATA ) )
2005-11-17 20:08:59 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-09-30 17:13:37 +00:00
2005-11-17 20:08:59 +00:00
/* Force a close and reopen */
2005-10-14 16:07:00 +00:00
2007-11-27 11:22:58 -08:00
elog_close_tdb ( info - > etdb , True ) ;
2005-11-17 20:08:59 +00:00
become_root ( ) ;
2009-01-22 19:46:14 +01:00
info - > etdb = elog_open_tdb ( info - > logname , True , False ) ;
2005-11-17 20:08:59 +00:00
unbecome_root ( ) ;
2005-10-14 16:07:00 +00:00
2005-11-17 20:08:59 +00:00
if ( ! info - > etdb )
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-09-30 17:13:37 +00:00
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-09-30 17:13:37 +00:00
}
/********************************************************************
2009-01-08 19:12:59 +01:00
_eventlog_CloseEventLog
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_CloseEventLog ( struct pipes_struct * p ,
2009-01-08 19:12:59 +01:00
struct eventlog_CloseEventLog * r )
2005-09-30 17:13:37 +00:00
{
2009-01-16 02:59:05 +01:00
NTSTATUS status ;
status = elog_close ( p , r - > in . handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
ZERO_STRUCTP ( r - > out . handle ) ;
return NT_STATUS_OK ;
2005-03-23 23:26:33 +00:00
}
2005-09-30 17:13:37 +00:00
/********************************************************************
2009-01-15 20:10:09 +01:00
_eventlog_ReadEventLogW
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ReadEventLogW ( struct pipes_struct * p ,
2009-01-15 20:10:09 +01:00
struct eventlog_ReadEventLogW * r )
2005-09-30 17:13:37 +00:00
{
2009-01-15 20:10:09 +01:00
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
uint32_t num_records_read = 0 ;
2005-10-06 17:48:03 +00:00
int bytes_left , record_number ;
2009-01-15 20:10:09 +01:00
uint32_t elog_read_type , elog_read_dir ;
2005-11-17 21:03:22 +00:00
2009-01-15 20:10:09 +01:00
if ( ! info ) {
2006-06-20 09:16:53 +00:00
return NT_STATUS_INVALID_HANDLE ;
}
2009-01-15 20:10:09 +01:00
info - > flags = r - > in . flags ;
bytes_left = r - > in . number_of_bytes ;
2005-09-30 17:13:37 +00:00
2009-01-15 20:10:09 +01:00
if ( ! info - > etdb ) {
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2009-01-15 20:10:09 +01:00
}
2007-11-27 11:22:58 -08:00
2005-11-17 17:41:02 +00:00
/* check for valid flags. Can't use the sequential and seek flags together */
2009-01-15 20:10:09 +01:00
elog_read_type = r - > in . flags & ( EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ ) ;
elog_read_dir = r - > in . flags & ( EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ ) ;
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
if ( r - > in . flags = = 0 | |
elog_read_type = = ( EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ ) | |
elog_read_dir = = ( EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ ) )
2005-11-17 17:41:02 +00:00
{
2009-01-15 20:10:09 +01:00
DEBUG ( 3 , ( " _eventlog_ReadEventLogW: "
" Invalid flags [0x%08x] for ReadEventLog \n " ,
r - > in . flags ) ) ;
2005-11-17 17:41:02 +00:00
return NT_STATUS_INVALID_PARAMETER ;
2005-09-30 17:13:37 +00:00
}
2005-10-06 17:48:03 +00:00
2005-11-17 17:41:02 +00:00
/* a sequential read should ignore the offset */
2005-10-06 17:48:03 +00:00
2009-01-15 20:10:09 +01:00
if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ ) {
2005-11-17 17:41:02 +00:00
record_number = info - > current_record ;
2009-01-15 20:10:09 +01:00
} else {
record_number = r - > in . offset ;
}
2005-10-06 17:48:03 +00:00
2009-01-15 20:10:09 +01:00
if ( r - > in . number_of_bytes = = 0 ) {
struct EVENTLOGRECORD * e ;
e = evlog_pull_record ( p - > mem_ctx , ELOG_TDB_CTX ( info - > etdb ) ,
record_number ) ;
if ( ! e ) {
return NT_STATUS_END_OF_FILE ;
}
* r - > out . real_size = e - > Length ;
return NT_STATUS_BUFFER_TOO_SMALL ;
}
while ( bytes_left > 0 ) {
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
DATA_BLOB blob ;
enum ndr_err_code ndr_err ;
struct EVENTLOGRECORD * e ;
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
e = evlog_pull_record ( p - > mem_ctx , ELOG_TDB_CTX ( info - > etdb ) ,
record_number ) ;
if ( ! e ) {
2005-11-17 17:41:02 +00:00
break ;
2007-11-27 11:22:58 -08:00
}
2005-11-17 17:41:02 +00:00
2010-05-10 00:42:06 +02:00
ndr_err = ndr_push_struct_blob ( & blob , p - > mem_ctx , e ,
2009-01-15 20:10:09 +01:00
( ndr_push_flags_fn_t ) ndr_push_EVENTLOGRECORD ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return ndr_map_error2ntstatus ( ndr_err ) ;
}
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
if ( DEBUGLEVEL > = 10 ) {
NDR_PRINT_DEBUG ( EVENTLOGRECORD , e ) ;
}
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
if ( blob . length > r - > in . number_of_bytes ) {
* r - > out . real_size = blob . length ;
return NT_STATUS_BUFFER_TOO_SMALL ;
}
2007-11-27 11:22:58 -08:00
2009-01-15 20:10:09 +01:00
if ( * r - > out . sent_size + blob . length > r - > in . number_of_bytes ) {
2005-11-17 17:41:02 +00:00
break ;
}
2007-11-27 11:22:58 -08:00
2009-01-15 20:10:09 +01:00
bytes_left - = blob . length ;
2007-11-27 11:22:58 -08:00
2009-01-15 20:10:09 +01:00
if ( info - > flags & EVENTLOG_FORWARDS_READ ) {
2005-10-06 17:48:03 +00:00
record_number + + ;
2009-01-15 20:10:09 +01:00
} else {
2005-10-06 17:48:03 +00:00
record_number - - ;
2009-01-15 20:10:09 +01:00
}
2007-11-27 11:22:58 -08:00
2005-11-17 17:41:02 +00:00
/* update the eventlog record pointer */
2007-11-27 11:22:58 -08:00
2005-11-17 17:41:02 +00:00
info - > current_record = record_number ;
2009-01-15 20:10:09 +01:00
memcpy ( & r - > out . data [ * ( r - > out . sent_size ) ] ,
blob . data , blob . length ) ;
* ( r - > out . sent_size ) + = blob . length ;
num_records_read + + ;
2005-10-06 17:48:03 +00:00
}
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
if ( r - > in . offset = = 0 & & record_number = = 0 & & * r - > out . sent_size = = 0 ) {
return NT_STATUS_END_OF_FILE ;
}
2005-11-17 17:41:02 +00:00
2009-01-15 20:10:09 +01:00
return NT_STATUS_OK ;
2005-09-30 17:13:37 +00:00
}
/********************************************************************
2008-02-04 10:44:51 +01:00
_eventlog_GetOldestRecord
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_GetOldestRecord ( struct pipes_struct * p ,
2008-02-04 10:44:51 +01:00
struct eventlog_GetOldestRecord * r )
2005-09-30 17:13:37 +00:00
{
2008-02-04 10:44:51 +01:00
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
2005-09-30 17:13:37 +00:00
2006-06-20 09:16:53 +00:00
if ( info = = NULL ) {
return NT_STATUS_INVALID_HANDLE ;
}
2005-10-06 17:48:03 +00:00
if ( ! ( get_oldest_entry_hook ( info ) ) )
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-09-30 17:13:37 +00:00
2008-02-04 10:44:51 +01:00
* r - > out . oldest_entry = info - > oldest_entry ;
2005-09-30 17:13:37 +00:00
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-09-30 17:13:37 +00:00
}
/********************************************************************
2008-02-04 10:10:12 +01:00
_eventlog_GetNumRecords
2005-10-06 17:48:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_GetNumRecords ( struct pipes_struct * p ,
2008-02-04 10:10:12 +01:00
struct eventlog_GetNumRecords * r )
2005-09-30 17:13:37 +00:00
{
2008-02-04 10:10:12 +01:00
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
2005-09-30 17:13:37 +00:00
2006-06-20 09:16:53 +00:00
if ( info = = NULL ) {
return NT_STATUS_INVALID_HANDLE ;
}
2005-10-06 17:48:03 +00:00
if ( ! ( get_num_records_hook ( info ) ) )
2005-10-27 13:30:23 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-09-30 17:13:37 +00:00
2008-02-04 10:10:12 +01:00
* r - > out . number = info - > num_records ;
2005-09-30 17:13:37 +00:00
2005-10-27 13:30:23 +00:00
return NT_STATUS_OK ;
2005-09-30 17:13:37 +00:00
}
2007-05-31 17:59:04 +00:00
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_BackupEventLogW ( struct pipes_struct * p , struct eventlog_BackupEventLogW * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2009-04-08 18:31:32 +02:00
/********************************************************************
_eventlog_GetLogInformation
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_GetLogInformation ( struct pipes_struct * p ,
2009-04-08 18:31:32 +02:00
struct eventlog_GetLogInformation * r )
{
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
struct EVENTLOG_FULL_INFORMATION f ;
enum ndr_err_code ndr_err ;
DATA_BLOB blob ;
if ( ! info ) {
return NT_STATUS_INVALID_HANDLE ;
}
if ( r - > in . level ! = 0 ) {
return NT_STATUS_INVALID_LEVEL ;
}
* r - > out . bytes_needed = 4 ;
if ( r - > in . buf_size < 4 ) {
return NT_STATUS_BUFFER_TOO_SMALL ;
}
/* FIXME: this should be retrieved from the handle */
f . full = false ;
2010-05-10 00:42:06 +02:00
ndr_err = ndr_push_struct_blob ( & blob , p - > mem_ctx , & f ,
2009-04-08 18:31:32 +02:00
( ndr_push_flags_fn_t ) ndr_push_EVENTLOG_FULL_INFORMATION ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return ndr_map_error2ntstatus ( ndr_err ) ;
}
if ( DEBUGLEVEL > = 10 ) {
NDR_PRINT_DEBUG ( EVENTLOG_FULL_INFORMATION , & f ) ;
}
memcpy ( r - > out . buffer , blob . data , 4 ) ;
return NT_STATUS_OK ;
}
2009-04-08 18:32:06 +02:00
/********************************************************************
_eventlog_FlushEventLog
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_FlushEventLog ( struct pipes_struct * p ,
2009-04-08 18:32:06 +02:00
struct eventlog_FlushEventLog * r )
{
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
if ( ! info ) {
return NT_STATUS_INVALID_HANDLE ;
}
return NT_STATUS_ACCESS_DENIED ;
}
2009-04-08 19:18:13 +02:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS evlog_report_to_record ( TALLOC_CTX * mem_ctx ,
const struct eventlog_ReportEventW * r ,
const char * logname ,
struct EVENTLOGRECORD * e )
{
uint32_t i ;
ZERO_STRUCTP ( e ) ;
e - > TimeGenerated = r - > in . timestamp ;
e - > TimeWritten = time ( NULL ) ;
e - > EventID = r - > in . event_id ;
e - > EventType = r - > in . event_type ;
e - > NumStrings = r - > in . num_of_strings ;
e - > EventCategory = r - > in . event_category ;
e - > ReservedFlags = r - > in . flags ;
e - > DataLength = r - > in . data_size ;
e - > SourceName = talloc_strdup ( mem_ctx , logname ) ;
NT_STATUS_HAVE_NO_MEMORY ( e - > SourceName ) ;
if ( r - > in . servername - > string ) {
e - > Computername = r - > in . servername - > string ;
} else {
e - > Computername = talloc_strdup ( mem_ctx , " " ) ;
NT_STATUS_HAVE_NO_MEMORY ( e - > Computername ) ;
}
if ( r - > in . user_sid ) {
e - > UserSid = * r - > in . user_sid ;
}
e - > Strings = talloc_array ( mem_ctx , const char * , e - > NumStrings ) ;
NT_STATUS_HAVE_NO_MEMORY ( e - > Strings ) ;
for ( i = 0 ; i < e - > NumStrings ; i + + ) {
e - > Strings [ i ] = talloc_strdup ( e - > Strings ,
r - > in . strings [ i ] - > string ) ;
NT_STATUS_HAVE_NO_MEMORY ( e - > Strings [ i ] ) ;
}
e - > Data = r - > in . data ;
return NT_STATUS_OK ;
}
/********************************************************************
_eventlog_ReportEventW
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ReportEventW ( struct pipes_struct * p ,
2009-04-08 19:18:13 +02:00
struct eventlog_ReportEventW * r )
{
NTSTATUS status ;
struct EVENTLOGRECORD record ;
EVENTLOG_INFO * info = find_eventlog_info_by_hnd ( p , r - > in . handle ) ;
if ( ! info ) {
return NT_STATUS_INVALID_HANDLE ;
}
status = evlog_report_to_record ( p - > mem_ctx , r , info - > logname , & record ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
status = evlog_push_record ( p - > mem_ctx ,
ELOG_TDB_CTX ( info - > etdb ) ,
& record ,
r - > out . record_number ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_DeregisterEventSource ( struct pipes_struct * p ,
struct eventlog_DeregisterEventSource * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ChangeNotify ( struct pipes_struct * p ,
struct eventlog_ChangeNotify * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_RegisterEventSourceW ( struct pipes_struct * p ,
struct eventlog_RegisterEventSourceW * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_OpenBackupEventLogW ( struct pipes_struct * p ,
struct eventlog_OpenBackupEventLogW * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ClearEventLogA ( struct pipes_struct * p ,
struct eventlog_ClearEventLogA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_BackupEventLogA ( struct pipes_struct * p ,
struct eventlog_BackupEventLogA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_OpenEventLogA ( struct pipes_struct * p ,
struct eventlog_OpenEventLogA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_RegisterEventSourceA ( struct pipes_struct * p ,
struct eventlog_RegisterEventSourceA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_OpenBackupEventLogA ( struct pipes_struct * p ,
struct eventlog_OpenBackupEventLogA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ReadEventLogA ( struct pipes_struct * p ,
struct eventlog_ReadEventLogA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ReportEventA ( struct pipes_struct * p ,
struct eventlog_ReportEventA * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_RegisterClusterSvc ( struct pipes_struct * p ,
struct eventlog_RegisterClusterSvc * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_DeregisterClusterSvc ( struct pipes_struct * p ,
struct eventlog_DeregisterClusterSvc * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_WriteClusterEvents ( struct pipes_struct * p ,
struct eventlog_WriteClusterEvents * r )
2007-05-31 17:59:04 +00:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2007-05-31 17:59:04 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-07-28 09:48:08 +02:00
NTSTATUS _eventlog_ReportEventAndSourceW ( struct pipes_struct * p ,
struct eventlog_ReportEventAndSourceW * r )
2009-01-22 19:35:33 +01:00
{
2012-06-27 15:21:11 +02:00
p - > fault_state = DCERPC_FAULT_OP_RNG_ERROR ;
2009-01-22 19:35:33 +01:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
