mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
e17302200c
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
(This used to be commit b9c6e3f556
)
795 lines
23 KiB
C
795 lines
23 KiB
C
/*
|
|
* Unix SMB/CIFS implementation.
|
|
* RPC Pipe client / server routines
|
|
* Copyright (C) Marcin Krzysztof Porwit 2005,
|
|
* Copyright (C) Brian Moran 2005,
|
|
* Copyright (C) Gerald (Jerry) Carter 2005.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#undef DBGC_CLASS
|
|
#define DBGC_CLASS DBGC_RPC_SRV
|
|
|
|
typedef struct {
|
|
char *logname;
|
|
ELOG_TDB *etdb;
|
|
uint32 current_record;
|
|
uint32 num_records;
|
|
uint32 oldest_entry;
|
|
uint32 flags;
|
|
uint32 access_granted;
|
|
} EVENTLOG_INFO;
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static void free_eventlog_info( void *ptr )
|
|
{
|
|
EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr;
|
|
|
|
if ( elog->etdb )
|
|
elog_close_tdb( elog->etdb, False );
|
|
|
|
TALLOC_FREE( elog );
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p,
|
|
POLICY_HND * handle )
|
|
{
|
|
EVENTLOG_INFO *info;
|
|
|
|
if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
|
|
DEBUG( 2,
|
|
( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
|
|
return NULL;
|
|
}
|
|
|
|
return info;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
|
|
{
|
|
char *tdbname = elog_tdbname( info->logname );
|
|
SEC_DESC *sec_desc;
|
|
BOOL ret;
|
|
NTSTATUS ntstatus;
|
|
|
|
if ( !tdbname )
|
|
return False;
|
|
|
|
/* get the security descriptor for the file */
|
|
|
|
sec_desc = get_nt_acl_no_snum( info, tdbname );
|
|
SAFE_FREE( tdbname );
|
|
|
|
if ( !sec_desc ) {
|
|
DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
|
|
tdbname));
|
|
return False;
|
|
}
|
|
|
|
/* root free pass */
|
|
|
|
if ( geteuid() == sec_initial_uid() ) {
|
|
DEBUG(5,("elog_check_access: using root's token\n"));
|
|
token = get_root_nt_token();
|
|
}
|
|
|
|
/* run the check, try for the max allowed */
|
|
|
|
ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
|
|
&info->access_granted, &ntstatus );
|
|
|
|
if ( sec_desc )
|
|
TALLOC_FREE( sec_desc );
|
|
|
|
if ( !ret ) {
|
|
DEBUG(8,("elog_check_access: se_access_check() return %s\n",
|
|
nt_errstr( ntstatus)));
|
|
return False;
|
|
}
|
|
|
|
/* we have to have READ permission for a successful open */
|
|
|
|
return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static BOOL elog_validate_logname( const char *name )
|
|
{
|
|
int i;
|
|
const char **elogs = lp_eventlog_list();
|
|
|
|
for ( i=0; elogs[i]; i++ ) {
|
|
if ( strequal( name, elogs[i] ) )
|
|
return True;
|
|
}
|
|
|
|
return False;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static BOOL get_num_records_hook( EVENTLOG_INFO * info )
|
|
{
|
|
int next_record;
|
|
int oldest_record;
|
|
|
|
if ( !info->etdb ) {
|
|
DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
|
|
return False;
|
|
}
|
|
|
|
/* lock the tdb since we have to get 2 records */
|
|
|
|
tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
|
|
next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
|
|
oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
|
|
tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
|
|
|
|
DEBUG( 8,
|
|
( "Oldest Record %d; Next Record %d\n", oldest_record,
|
|
next_record ) );
|
|
|
|
info->num_records = ( next_record - oldest_record );
|
|
info->oldest_entry = oldest_record;
|
|
|
|
return True;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static BOOL get_oldest_entry_hook( EVENTLOG_INFO * info )
|
|
{
|
|
/* it's the same thing */
|
|
return get_num_records_hook( info );
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd )
|
|
{
|
|
EVENTLOG_INFO *elog;
|
|
|
|
/* first thing is to validate the eventlog name */
|
|
|
|
if ( !elog_validate_logname( logname ) )
|
|
return NT_STATUS_OBJECT_PATH_INVALID;
|
|
|
|
if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
|
|
return NT_STATUS_NO_MEMORY;
|
|
|
|
elog->logname = talloc_strdup( elog, logname );
|
|
|
|
/* Open the tdb first (so that we can create any new tdbs if necessary).
|
|
We have to do this as root and then use an internal access check
|
|
on the file permissions since you can only have a tdb open once
|
|
in a single process */
|
|
|
|
become_root();
|
|
elog->etdb = elog_open_tdb( elog->logname, False );
|
|
unbecome_root();
|
|
|
|
if ( !elog->etdb ) {
|
|
/* according to MSDN, if the logfile cannot be found, we should
|
|
default to the "Application" log */
|
|
|
|
if ( !strequal( logname, ELOG_APPL ) ) {
|
|
|
|
TALLOC_FREE( elog->logname );
|
|
|
|
elog->logname = talloc_strdup( elog, ELOG_APPL );
|
|
|
|
/* do the access check */
|
|
if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
|
|
TALLOC_FREE( elog );
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
}
|
|
|
|
become_root();
|
|
elog->etdb = elog_open_tdb( elog->logname, False );
|
|
unbecome_root();
|
|
}
|
|
|
|
if ( !elog->etdb ) {
|
|
TALLOC_FREE( elog );
|
|
return NT_STATUS_ACCESS_DENIED; /* ??? */
|
|
}
|
|
}
|
|
|
|
/* now do the access check. Close the tdb if we fail here */
|
|
|
|
if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
|
|
elog_close_tdb( elog->etdb, False );
|
|
TALLOC_FREE( elog );
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
}
|
|
|
|
/* create the policy handle */
|
|
|
|
if ( !create_policy_hnd
|
|
( p, hnd, free_eventlog_info, ( void * ) elog ) ) {
|
|
free_eventlog_info( elog );
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
/* set the initial current_record pointer */
|
|
|
|
if ( !get_oldest_entry_hook( elog ) ) {
|
|
DEBUG(3,("elog_open: Successfully opened eventlog but can't "
|
|
"get any information on internal records!\n"));
|
|
}
|
|
|
|
elog->current_record = elog->oldest_entry;
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static NTSTATUS elog_close( pipes_struct *p, POLICY_HND *hnd )
|
|
{
|
|
if ( !( close_policy_hnd( p, hnd ) ) ) {
|
|
return NT_STATUS_INVALID_HANDLE;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*******************************************************************
|
|
*******************************************************************/
|
|
|
|
static int elog_size( EVENTLOG_INFO *info )
|
|
{
|
|
if ( !info || !info->etdb ) {
|
|
DEBUG(0,("elog_size: Invalid info* structure!\n"));
|
|
return 0;
|
|
}
|
|
|
|
return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
|
|
}
|
|
|
|
/********************************************************************
|
|
For the given tdb, get the next eventlog record into the passed
|
|
Eventlog_entry. returns NULL if it can't get the record for some reason.
|
|
********************************************************************/
|
|
|
|
Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb,
|
|
int recno, Eventlog_entry * ee )
|
|
{
|
|
TDB_DATA ret, key;
|
|
|
|
int srecno;
|
|
int reclen;
|
|
int len;
|
|
uint8 *rbuff;
|
|
|
|
pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata;
|
|
|
|
key.dsize = sizeof( int32 );
|
|
rbuff = NULL;
|
|
|
|
srecno = recno;
|
|
key.dptr = ( char * ) &srecno;
|
|
|
|
ret = tdb_fetch( tdb, key );
|
|
|
|
if ( ret.dsize == 0 ) {
|
|
DEBUG( 8,
|
|
( "Can't find a record for the key, record %d\n",
|
|
recno ) );
|
|
return NULL;
|
|
}
|
|
|
|
len = tdb_unpack( ret.dptr, ret.dsize, "d", &reclen );
|
|
|
|
DEBUG( 10, ( "Unpacking record %d, size is %d\n", srecno, len ) );
|
|
|
|
if ( !len )
|
|
return NULL;
|
|
|
|
/* ee = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); */
|
|
|
|
if ( !ee )
|
|
return NULL;
|
|
|
|
len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd",
|
|
&ee->record.length, &ee->record.reserved1,
|
|
&ee->record.record_number,
|
|
&ee->record.time_generated,
|
|
&ee->record.time_written, &ee->record.event_id,
|
|
&ee->record.event_type, &ee->record.num_strings,
|
|
&ee->record.event_category, &ee->record.reserved2,
|
|
&ee->record.closing_record_number,
|
|
&ee->record.string_offset,
|
|
&ee->record.user_sid_length,
|
|
&ee->record.user_sid_offset,
|
|
&ee->record.data_length, &ee->record.data_offset,
|
|
&ee->data_record.source_name_len, &wpsource,
|
|
&ee->data_record.computer_name_len, &wpcomputer,
|
|
&ee->data_record.sid_padding,
|
|
&ee->record.user_sid_length, &wpsid,
|
|
&ee->data_record.strings_len, &wpstrs,
|
|
&ee->data_record.user_data_len, &puserdata,
|
|
&ee->data_record.data_padding );
|
|
DEBUG( 10,
|
|
( "Read record %d, len in tdb was %d\n",
|
|
ee->record.record_number, len ) );
|
|
|
|
/* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff
|
|
into it's 2nd argment for 'B' */
|
|
|
|
if ( wpcomputer )
|
|
memcpy( ee->data_record.computer_name, wpcomputer,
|
|
ee->data_record.computer_name_len );
|
|
if ( wpsource )
|
|
memcpy( ee->data_record.source_name, wpsource,
|
|
ee->data_record.source_name_len );
|
|
|
|
if ( wpsid )
|
|
memcpy( ee->data_record.sid, wpsid,
|
|
ee->record.user_sid_length );
|
|
if ( wpstrs )
|
|
memcpy( ee->data_record.strings, wpstrs,
|
|
ee->data_record.strings_len );
|
|
|
|
/* note that userdata is a pstring */
|
|
if ( puserdata )
|
|
memcpy( ee->data_record.user_data, puserdata,
|
|
ee->data_record.user_data_len );
|
|
|
|
SAFE_FREE( wpcomputer );
|
|
SAFE_FREE( wpsource );
|
|
SAFE_FREE( wpsid );
|
|
SAFE_FREE( wpstrs );
|
|
SAFE_FREE( puserdata );
|
|
|
|
DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) );
|
|
DEBUG( 10,
|
|
( "get_eventlog_record: computer_name %d is ",
|
|
ee->data_record.computer_name_len ) );
|
|
SAFE_FREE( ret.dptr );
|
|
return ee;
|
|
}
|
|
|
|
/********************************************************************
|
|
note that this can only be called AFTER the table is constructed,
|
|
since it uses the table to find the tdb handle
|
|
********************************************************************/
|
|
|
|
static BOOL sync_eventlog_params( EVENTLOG_INFO *info )
|
|
{
|
|
pstring path;
|
|
uint32 uiMaxSize;
|
|
uint32 uiRetention;
|
|
REGISTRY_KEY *keyinfo;
|
|
REGISTRY_VALUE *val;
|
|
REGVAL_CTR *values;
|
|
WERROR wresult;
|
|
char *elogname = info->logname;
|
|
|
|
DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
|
|
|
|
if ( !info->etdb ) {
|
|
DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
|
|
return False;
|
|
}
|
|
/* set resonable defaults. 512Kb on size and 1 week on time */
|
|
|
|
uiMaxSize = 0x80000;
|
|
uiRetention = 604800;
|
|
|
|
/* the general idea is to internally open the registry
|
|
key and retreive the values. That way we can continue
|
|
to use the same fetch/store api that we use in
|
|
srv_reg_nt.c */
|
|
|
|
pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname );
|
|
|
|
wresult =
|
|
regkey_open_internal( &keyinfo, path, get_root_nt_token( ),
|
|
REG_KEY_READ );
|
|
|
|
if ( !W_ERROR_IS_OK( wresult ) ) {
|
|
DEBUG( 4,
|
|
( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
|
|
path, dos_errstr( wresult ) ) );
|
|
return False;
|
|
}
|
|
|
|
if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) {
|
|
TALLOC_FREE( keyinfo );
|
|
DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) );
|
|
|
|
return False;
|
|
}
|
|
fetch_reg_values( keyinfo, values );
|
|
|
|
if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL )
|
|
uiRetention = IVAL( regval_data_p( val ), 0 );
|
|
|
|
if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL )
|
|
uiMaxSize = IVAL( regval_data_p( val ), 0 );
|
|
|
|
regkey_close_internal( keyinfo );
|
|
|
|
tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
|
|
tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
|
|
|
|
return True;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static Eventlog_entry *read_package_entry( prs_struct * ps,
|
|
EVENTLOG_Q_READ_EVENTLOG * q_u,
|
|
EVENTLOG_R_READ_EVENTLOG * r_u,
|
|
Eventlog_entry * entry )
|
|
{
|
|
uint8 *offset;
|
|
Eventlog_entry *ee_new = NULL;
|
|
|
|
ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 );
|
|
if ( ee_new == NULL ) {
|
|
return NULL;
|
|
}
|
|
|
|
entry->data_record.sid_padding =
|
|
( ( 4 -
|
|
( ( entry->data_record.source_name_len +
|
|
entry->data_record.computer_name_len ) % 4 ) ) % 4 );
|
|
entry->data_record.data_padding =
|
|
( 4 -
|
|
( ( entry->data_record.strings_len +
|
|
entry->data_record.user_data_len ) % 4 ) ) % 4;
|
|
entry->record.length = sizeof( Eventlog_record );
|
|
entry->record.length += entry->data_record.source_name_len;
|
|
entry->record.length += entry->data_record.computer_name_len;
|
|
if ( entry->record.user_sid_length == 0 ) {
|
|
/* Should not pad to a DWORD boundary for writing out the sid if there is
|
|
no SID, so just propagate the padding to pad the data */
|
|
entry->data_record.data_padding +=
|
|
entry->data_record.sid_padding;
|
|
entry->data_record.sid_padding = 0;
|
|
}
|
|
DEBUG( 10,
|
|
( "sid_padding is [%d].\n", entry->data_record.sid_padding ) );
|
|
DEBUG( 10,
|
|
( "data_padding is [%d].\n",
|
|
entry->data_record.data_padding ) );
|
|
|
|
entry->record.length += entry->data_record.sid_padding;
|
|
entry->record.length += entry->record.user_sid_length;
|
|
entry->record.length += entry->data_record.strings_len;
|
|
entry->record.length += entry->data_record.user_data_len;
|
|
entry->record.length += entry->data_record.data_padding;
|
|
/* need another copy of length at the end of the data */
|
|
entry->record.length += sizeof( entry->record.length );
|
|
DEBUG( 10,
|
|
( "entry->record.length is [%d].\n", entry->record.length ) );
|
|
entry->data =
|
|
PRS_ALLOC_MEM( ps, uint8,
|
|
entry->record.length -
|
|
sizeof( Eventlog_record ) -
|
|
sizeof( entry->record.length ) );
|
|
if ( entry->data == NULL ) {
|
|
return NULL;
|
|
}
|
|
offset = entry->data;
|
|
memcpy( offset, &( entry->data_record.source_name ),
|
|
entry->data_record.source_name_len );
|
|
offset += entry->data_record.source_name_len;
|
|
memcpy( offset, &( entry->data_record.computer_name ),
|
|
entry->data_record.computer_name_len );
|
|
offset += entry->data_record.computer_name_len;
|
|
/* SID needs to be DWORD-aligned */
|
|
offset += entry->data_record.sid_padding;
|
|
entry->record.user_sid_offset =
|
|
sizeof( Eventlog_record ) + ( offset - entry->data );
|
|
memcpy( offset, &( entry->data_record.sid ),
|
|
entry->record.user_sid_length );
|
|
offset += entry->record.user_sid_length;
|
|
/* Now do the strings */
|
|
entry->record.string_offset =
|
|
sizeof( Eventlog_record ) + ( offset - entry->data );
|
|
memcpy( offset, &( entry->data_record.strings ),
|
|
entry->data_record.strings_len );
|
|
offset += entry->data_record.strings_len;
|
|
/* Now do the data */
|
|
entry->record.data_length = entry->data_record.user_data_len;
|
|
entry->record.data_offset =
|
|
sizeof( Eventlog_record ) + ( offset - entry->data );
|
|
memcpy( offset, &( entry->data_record.user_data ),
|
|
entry->data_record.user_data_len );
|
|
offset += entry->data_record.user_data_len;
|
|
|
|
memcpy( &( ee_new->record ), &entry->record,
|
|
sizeof( Eventlog_record ) );
|
|
memcpy( &( ee_new->data_record ), &entry->data_record,
|
|
sizeof( Eventlog_data_record ) );
|
|
ee_new->data = entry->data;
|
|
|
|
return ee_new;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static BOOL add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u,
|
|
Eventlog_entry * ee_new )
|
|
{
|
|
Eventlog_entry *insert_point;
|
|
|
|
insert_point = r_u->entry;
|
|
|
|
if ( NULL == insert_point ) {
|
|
r_u->entry = ee_new;
|
|
ee_new->next = NULL;
|
|
} else {
|
|
while ( ( NULL != insert_point->next ) ) {
|
|
insert_point = insert_point->next;
|
|
}
|
|
ee_new->next = NULL;
|
|
insert_point->next = ee_new;
|
|
}
|
|
r_u->num_records++;
|
|
r_u->num_bytes_in_resp += ee_new->record.length;
|
|
|
|
return True;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
|
|
EVENTLOG_Q_OPEN_EVENTLOG * q_u,
|
|
EVENTLOG_R_OPEN_EVENTLOG * r_u )
|
|
{
|
|
fstring servername, logname;
|
|
EVENTLOG_INFO *info;
|
|
NTSTATUS result;
|
|
|
|
fstrcpy( servername, "" );
|
|
if ( q_u->servername.string ) {
|
|
rpcstr_pull( servername, q_u->servername.string->buffer,
|
|
sizeof( servername ),
|
|
q_u->servername.string->uni_str_len * 2, 0 );
|
|
}
|
|
|
|
fstrcpy( logname, "" );
|
|
if ( q_u->logname.string ) {
|
|
rpcstr_pull( logname, q_u->logname.string->buffer,
|
|
sizeof( logname ),
|
|
q_u->logname.string->uni_str_len * 2, 0 );
|
|
}
|
|
|
|
DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n",
|
|
servername, logname ));
|
|
|
|
/* according to MSDN, if the logfile cannot be found, we should
|
|
default to the "Application" log */
|
|
|
|
if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) )
|
|
return result;
|
|
|
|
if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) {
|
|
DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n",
|
|
logname ));
|
|
elog_close( p, &r_u->handle );
|
|
return NT_STATUS_INVALID_HANDLE;
|
|
}
|
|
|
|
DEBUG(10,("_eventlog_open_eventlog: Size [%d]\n", elog_size( info )));
|
|
|
|
sync_eventlog_params( info );
|
|
prune_eventlog( ELOG_TDB_CTX(info->etdb) );
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/********************************************************************
|
|
This call still needs some work
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_clear_eventlog( pipes_struct * p,
|
|
EVENTLOG_Q_CLEAR_EVENTLOG * q_u,
|
|
EVENTLOG_R_CLEAR_EVENTLOG * r_u )
|
|
{
|
|
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
|
|
pstring backup_file_name;
|
|
|
|
if ( !info )
|
|
return NT_STATUS_INVALID_HANDLE;
|
|
|
|
pstrcpy( backup_file_name, "" );
|
|
if ( q_u->backupfile.string ) {
|
|
rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer,
|
|
sizeof( backup_file_name ),
|
|
q_u->backupfile.string->uni_str_len * 2, 0 );
|
|
|
|
DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup "
|
|
"file name for log [%s].",
|
|
backup_file_name, info->logname ) );
|
|
}
|
|
|
|
/* check for WRITE access to the file */
|
|
|
|
if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
|
|
/* Force a close and reopen */
|
|
|
|
elog_close_tdb( info->etdb, True );
|
|
become_root();
|
|
info->etdb = elog_open_tdb( info->logname, True );
|
|
unbecome_root();
|
|
|
|
if ( !info->etdb )
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_close_eventlog( pipes_struct * p,
|
|
EVENTLOG_Q_CLOSE_EVENTLOG * q_u,
|
|
EVENTLOG_R_CLOSE_EVENTLOG * r_u )
|
|
{
|
|
return elog_close( p, &q_u->handle );
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
|
|
EVENTLOG_Q_READ_EVENTLOG * q_u,
|
|
EVENTLOG_R_READ_EVENTLOG * r_u )
|
|
{
|
|
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
|
|
Eventlog_entry entry, *ee_new;
|
|
uint32 num_records_read = 0;
|
|
prs_struct *ps;
|
|
int bytes_left, record_number;
|
|
uint32 elog_read_type, elog_read_dir;
|
|
|
|
info->flags = q_u->flags;
|
|
ps = &p->out_data.rdata;
|
|
|
|
bytes_left = q_u->max_read_size;
|
|
|
|
if ( !info->etdb )
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
|
|
/* check for valid flags. Can't use the sequential and seek flags together */
|
|
|
|
elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
|
|
elog_read_dir = q_u->flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
|
|
|
|
if ( elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ)
|
|
|| elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ) )
|
|
{
|
|
DEBUG(3,("_eventlog_read_eventlog: Invalid flags [0x%x] for ReadEventLog\n", q_u->flags));
|
|
return NT_STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
/* a sequential read should ignore the offset */
|
|
|
|
if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ )
|
|
record_number = info->current_record;
|
|
else
|
|
record_number = q_u->offset;
|
|
|
|
while ( bytes_left > 0 ) {
|
|
|
|
/* assume that when the record fetch fails, that we are done */
|
|
|
|
if ( !get_eventlog_record ( ps, ELOG_TDB_CTX(info->etdb), record_number, &entry ) )
|
|
break;
|
|
|
|
DEBUG( 8, ( "Retrieved record %d\n", record_number ) );
|
|
|
|
/* Now see if there is enough room to add */
|
|
|
|
if ( !(ee_new = read_package_entry( ps, q_u, r_u,&entry )) )
|
|
return NT_STATUS_NO_MEMORY;
|
|
|
|
if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
|
|
r_u->bytes_in_next_record = ee_new->record.length;
|
|
|
|
/* response would be too big to fit in client-size buffer */
|
|
|
|
bytes_left = 0;
|
|
break;
|
|
}
|
|
|
|
add_record_to_resp( r_u, ee_new );
|
|
bytes_left -= ee_new->record.length;
|
|
ZERO_STRUCT( entry );
|
|
num_records_read = r_u->num_records - num_records_read;
|
|
|
|
DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total "
|
|
"of [%d] records using [%d] bytes out of a max of [%d].\n",
|
|
num_records_read, r_u->num_records,
|
|
r_u->num_bytes_in_resp,
|
|
q_u->max_read_size ) );
|
|
|
|
if ( info->flags & EVENTLOG_FORWARDS_READ )
|
|
record_number++;
|
|
else
|
|
record_number--;
|
|
|
|
/* update the eventlog record pointer */
|
|
|
|
info->current_record = record_number;
|
|
}
|
|
|
|
/* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to
|
|
say when there are no more records */
|
|
|
|
return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL);
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p,
|
|
EVENTLOG_Q_GET_OLDEST_ENTRY * q_u,
|
|
EVENTLOG_R_GET_OLDEST_ENTRY * r_u )
|
|
{
|
|
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
|
|
|
|
if ( !( get_oldest_entry_hook( info ) ) )
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
|
|
r_u->oldest_entry = info->oldest_entry;
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
NTSTATUS _eventlog_get_num_records( pipes_struct * p,
|
|
EVENTLOG_Q_GET_NUM_RECORDS * q_u,
|
|
EVENTLOG_R_GET_NUM_RECORDS * r_u )
|
|
{
|
|
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
|
|
|
|
if ( !( get_num_records_hook( info ) ) )
|
|
return NT_STATUS_ACCESS_DENIED;
|
|
|
|
r_u->num_records = info->num_records;
|
|
|
|
return NT_STATUS_OK;
|
|
}
|