2009-01-08 21:13:22 +03:00
/*
Unix SMB / CIFS implementation .
RPC pipe client
Copyright ( C ) Günther Deschner 2009
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "rpcclient.h"
static NTSTATUS get_eventlog_handle ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
const char * log ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct eventlog_OpenUnknown0 unknown0 ;
struct lsa_String logname , servername ;
unknown0 . unknown0 = 0x005c ;
unknown0 . unknown1 = 0x0001 ;
init_lsa_String ( & logname , log ) ;
init_lsa_String ( & servername , NULL ) ;
status = rpccli_eventlog_OpenEventLogW ( cli , mem_ctx ,
& unknown0 ,
& logname ,
& servername ,
0x00000001 , /* major */
0x00000001 , /* minor */
handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
}
static NTSTATUS cmd_eventlog_readlog ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2009-01-16 14:18:21 +03:00
NTSTATUS status = NT_STATUS_OK ;
2009-01-08 21:13:22 +03:00
struct policy_handle handle ;
uint32_t flags = EVENTLOG_BACKWARDS_READ |
EVENTLOG_SEQUENTIAL_READ ;
uint32_t offset = 0 ;
uint32_t number_of_bytes = 0 ;
uint8_t * data = NULL ;
uint32_t sent_size = 0 ;
uint32_t real_size = 0 ;
2009-01-12 18:16:24 +03:00
if ( argc < 2 | | argc > 4 ) {
2009-01-16 14:18:21 +03:00
printf ( " Usage: %s logname [offset] [number_of_bytes] \n " , argv [ 0 ] ) ;
2009-01-08 21:13:22 +03:00
return NT_STATUS_OK ;
}
2009-01-12 18:16:24 +03:00
if ( argc > = 3 ) {
offset = atoi ( argv [ 2 ] ) ;
}
2009-01-16 14:18:21 +03:00
if ( argc > = 4 ) {
number_of_bytes = atoi ( argv [ 3 ] ) ;
data = talloc_array ( mem_ctx , uint8_t , number_of_bytes ) ;
if ( ! data ) {
goto done ;
}
}
2009-01-08 21:13:22 +03:00
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2009-01-16 14:18:21 +03:00
do {
enum ndr_err_code ndr_err ;
DATA_BLOB blob ;
struct EVENTLOGRECORD r ;
uint32_t size = 0 ;
uint32_t pos = 0 ;
2009-01-08 21:13:22 +03:00
status = rpccli_eventlog_ReadEventLogW ( cli , mem_ctx ,
& handle ,
flags ,
offset ,
number_of_bytes ,
data ,
& sent_size ,
& real_size ) ;
2009-01-12 18:16:24 +03:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_BUFFER_TOO_SMALL ) & &
real_size > 0 ) {
2009-01-08 21:13:22 +03:00
number_of_bytes = real_size ;
data = talloc_array ( mem_ctx , uint8_t , real_size ) ;
2009-01-16 14:18:21 +03:00
if ( ! data ) {
goto done ;
}
status = rpccli_eventlog_ReadEventLogW ( cli , mem_ctx ,
& handle ,
flags ,
offset ,
number_of_bytes ,
data ,
& sent_size ,
& real_size ) ;
2009-01-08 21:13:22 +03:00
}
2009-01-16 14:18:21 +03:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_END_OF_FILE ) & &
! NT_STATUS_IS_OK ( status ) ) {
2009-01-12 18:16:24 +03:00
goto done ;
2009-01-08 21:13:22 +03:00
}
2009-01-16 14:18:21 +03:00
number_of_bytes = 0 ;
size = IVAL ( data , pos ) ;
2009-01-08 21:13:22 +03:00
2009-01-16 14:18:21 +03:00
while ( size > 0 ) {
2009-01-08 21:13:22 +03:00
2009-01-16 14:18:21 +03:00
blob = data_blob_const ( data + pos , size ) ;
/* dump_data(0, blob.data, blob.length); */
ndr_err = ndr_pull_struct_blob_all ( & blob , mem_ctx , NULL , & r ,
( ndr_pull_flags_fn_t ) ndr_pull_EVENTLOGRECORD ) ;
2009-01-08 21:13:22 +03:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2009-01-12 18:16:24 +03:00
status = ndr_map_error2ntstatus ( ndr_err ) ;
goto done ;
2009-01-08 21:13:22 +03:00
}
2009-01-16 14:18:21 +03:00
NDR_PRINT_DEBUG ( EVENTLOGRECORD , & r ) ;
pos + = size ;
if ( pos + 4 > sent_size ) {
break ;
}
size = IVAL ( data , pos ) ;
2009-01-08 21:13:22 +03:00
}
offset + + ;
2009-01-16 14:18:21 +03:00
} while ( NT_STATUS_IS_OK ( status ) ) ;
2009-01-08 21:13:22 +03:00
2009-01-12 18:16:24 +03:00
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
2009-01-08 21:13:22 +03:00
return status ;
}
static NTSTATUS cmd_eventlog_numrecords ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
uint32_t number = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
status = rpccli_eventlog_GetNumRecords ( cli , mem_ctx ,
& handle ,
& number ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-01-12 18:16:24 +03:00
goto done ;
2009-01-08 21:13:22 +03:00
}
printf ( " number of records: %d \n " , number ) ;
2009-01-12 18:16:24 +03:00
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
2009-01-08 21:13:22 +03:00
}
static NTSTATUS cmd_eventlog_oldestrecord ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
uint32_t oldest_entry = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
status = rpccli_eventlog_GetOldestRecord ( cli , mem_ctx ,
& handle ,
& oldest_entry ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-01-12 18:16:24 +03:00
goto done ;
2009-01-08 21:13:22 +03:00
}
printf ( " oldest entry: %d \n " , oldest_entry ) ;
2009-01-12 18:16:24 +03:00
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
2009-01-08 21:13:22 +03:00
}
2009-01-20 21:09:53 +03:00
static NTSTATUS cmd_eventlog_reportevent ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
uint16_t num_of_strings = 1 ;
uint32_t data_size = 0 ;
struct lsa_String servername ;
struct lsa_String * strings ;
uint8_t * data = NULL ;
uint32_t record_number = 0 ;
time_t time_written = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
strings = talloc_array ( mem_ctx , struct lsa_String , num_of_strings ) ;
if ( ! strings ) {
return NT_STATUS_NO_MEMORY ;
}
init_lsa_String ( & strings [ 0 ] , " test event written by rpcclient \n " ) ;
init_lsa_String ( & servername , NULL ) ;
status = rpccli_eventlog_ReportEventW ( cli , mem_ctx ,
& handle ,
time ( NULL ) ,
EVENTLOG_INFORMATION_TYPE ,
0 , /* event_category */
0 , /* event_id */
num_of_strings ,
data_size ,
& servername ,
NULL , /* user_sid */
& strings ,
data ,
0 , /* flags */
& record_number ,
& time_written ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
printf ( " entry: %d written at %s \n " , record_number ,
http_timestring ( talloc_tos ( ) , time_written ) ) ;
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
}
2009-01-20 21:26:41 +03:00
static NTSTATUS cmd_eventlog_reporteventsource ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
uint16_t num_of_strings = 1 ;
uint32_t data_size = 0 ;
struct lsa_String servername , sourcename ;
struct lsa_String * strings ;
uint8_t * data = NULL ;
uint32_t record_number = 0 ;
time_t time_written = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
strings = talloc_array ( mem_ctx , struct lsa_String , num_of_strings ) ;
if ( ! strings ) {
return NT_STATUS_NO_MEMORY ;
}
init_lsa_String ( & strings [ 0 ] , " test event written by rpcclient \n " ) ;
init_lsa_String ( & servername , NULL ) ;
init_lsa_String ( & sourcename , " rpcclient " ) ;
status = rpccli_eventlog_ReportEventAndSourceW ( cli , mem_ctx ,
& handle ,
time ( NULL ) ,
EVENTLOG_INFORMATION_TYPE ,
0 , /* event_category */
0 , /* event_id */
& sourcename ,
num_of_strings ,
data_size ,
& servername ,
NULL , /* user_sid */
& strings ,
data ,
0 , /* flags */
& record_number ,
& time_written ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
printf ( " entry: %d written at %s \n " , record_number ,
http_timestring ( talloc_tos ( ) , time_written ) ) ;
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
}
2009-01-20 22:10:16 +03:00
static NTSTATUS cmd_eventlog_registerevsource ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle log_handle ;
struct lsa_String module_name , reg_module_name ;
struct eventlog_OpenUnknown0 unknown0 ;
unknown0 . unknown0 = 0x005c ;
unknown0 . unknown1 = 0x0001 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
init_lsa_String ( & module_name , " rpcclient " ) ;
init_lsa_String ( & reg_module_name , NULL ) ;
status = rpccli_eventlog_RegisterEventSourceW ( cli , mem_ctx ,
& unknown0 ,
& module_name ,
& reg_module_name ,
1 , /* major_version */
1 , /* minor_version */
& log_handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
done :
rpccli_eventlog_DeregisterEventSource ( cli , mem_ctx , & log_handle ) ;
return status ;
}
2009-01-21 00:18:29 +03:00
static NTSTATUS cmd_eventlog_backuplog ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
struct lsa_String backup_filename ;
const char * tmp ;
if ( argc ! = 3 ) {
printf ( " Usage: %s logname backupname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
tmp = talloc_asprintf ( mem_ctx , " \\ ?? \\ %s " , argv [ 2 ] ) ;
if ( ! tmp ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
init_lsa_String ( & backup_filename , tmp ) ;
status = rpccli_eventlog_BackupEventLogW ( cli , mem_ctx ,
& handle ,
& backup_filename ) ;
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
}
2009-01-21 01:01:58 +03:00
static NTSTATUS cmd_eventlog_loginfo ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct policy_handle handle ;
uint8_t * buffer = NULL ;
uint32_t buf_size = 0 ;
uint32_t bytes_needed = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2009-02-20 16:24:59 +03:00
status = rpccli_eventlog_GetLogInformation ( cli , mem_ctx ,
2009-01-21 01:01:58 +03:00
& handle ,
0 , /* level */
buffer ,
buf_size ,
& bytes_needed ) ;
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , NT_STATUS_BUFFER_TOO_SMALL ) ) {
goto done ;
}
buf_size = bytes_needed ;
buffer = talloc_array ( mem_ctx , uint8_t , bytes_needed ) ;
if ( ! buffer ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2009-02-20 16:24:59 +03:00
status = rpccli_eventlog_GetLogInformation ( cli , mem_ctx ,
2009-01-21 01:01:58 +03:00
& handle ,
0 , /* level */
buffer ,
buf_size ,
& bytes_needed ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
done :
rpccli_eventlog_CloseEventLog ( cli , mem_ctx , & handle ) ;
return status ;
}
2009-01-20 21:09:53 +03:00
2009-01-08 21:13:22 +03:00
struct cmd_set eventlog_commands [ ] = {
{ " EVENTLOG " } ,
2009-11-01 22:21:52 +03:00
{ " eventlog_readlog " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_readlog , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Read Eventlog " , " " } ,
{ " eventlog_numrecord " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_numrecords , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Get number of records " , " " } ,
{ " eventlog_oldestrecord " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_oldestrecord , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Get oldest record " , " " } ,
{ " eventlog_reportevent " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_reportevent , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Report event " , " " } ,
{ " eventlog_reporteventsource " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_reporteventsource , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Report event and source " , " " } ,
{ " eventlog_registerevsource " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_registerevsource , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Register event source " , " " } ,
{ " eventlog_backuplog " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_backuplog , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Backup Eventlog File " , " " } ,
{ " eventlog_loginfo " , RPC_RTYPE_NTSTATUS ,
cmd_eventlog_loginfo , NULL ,
NDR_EVENTLOG_UUID , NDR_EVENTLOG_VERSION , NULL ,
" Get Eventlog Information " , " " } ,
2009-01-08 21:13:22 +03:00
{ NULL }
} ;