source/torture/rpc/eventlog.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for eventlog rpc operations
   4
   5    Copyright (C) Tim Potter 2003,2005
   6    Copyright (C) Jelmer Vernooij 2004
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "torture/torture.h"
  25 #include "librpc/gen_ndr/ndr_eventlog.h"
  26 #include "librpc/gen_ndr/ndr_eventlog_c.h"
  27 #include "librpc/gen_ndr/ndr_lsa.h"
  28 #include "torture/rpc/rpc.h"
  29
  30 static void init_lsa_String(struct lsa_String *name, const char *s)
  31 {
  32         name->string = s;
  33         name->length = 2*strlen_m(s);
  34         name->size = name->length;
  35 }
  36
  37 static bool get_policy_handle(struct torture_context *tctx,
  38                                                           struct dcerpc_pipe *p,
  39                                                           struct policy_handle *handle)
  40 {
  41         struct eventlog_OpenEventLogW r;
  42         struct eventlog_OpenUnknown0 unknown0;
  43
  44         unknown0.unknown0 = 0x005c;
  45         unknown0.unknown1 = 0x0001;
  46
  47         r.in.unknown0 = &unknown0;
  48         init_lsa_String(&r.in.logname, "dns server");
  49         init_lsa_String(&r.in.servername, NULL);
  50         r.in.unknown2 = 0x00000001;
  51         r.in.unknown3 = 0x00000001;
  52         r.out.handle = handle;
  53
  54         torture_assert_ntstatus_ok(tctx,
  55                         dcerpc_eventlog_OpenEventLogW(p, tctx, &r),
  56                         "OpenEventLog failed");
  57
  58         torture_assert_ntstatus_ok(tctx, r.out.result, "OpenEventLog failed");
  59
  60         return true;
  61 }
  62
  63
  64
  65 static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p)
  66 {
  67         struct eventlog_GetNumRecords r;
  68         struct eventlog_CloseEventLog cr;
  69         struct policy_handle handle;
  70
  71         if (!get_policy_handle(tctx, p, &handle))
  72                 return false;
  73
  74         r.in.handle = &handle;
  75
  76         torture_assert_ntstatus_ok(tctx,
  77                         dcerpc_eventlog_GetNumRecords(p, tctx, &r),
  78                         "GetNumRecords failed");
  79
  80         torture_comment(tctx, "%d records\n", *r.out.number);
  81
  82         cr.in.handle = cr.out.handle = &handle;
  83
  84         torture_assert_ntstatus_ok(tctx,
  85                                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
  86                                         "CloseEventLog failed");
  87         return true;
  88 }
  89
  90 static bool test_ReadEventLog(struct torture_context *tctx,
  91                                                           struct dcerpc_pipe *p)
  92 {
  93         NTSTATUS status;
  94         struct eventlog_ReadEventLogW r;
  95         struct eventlog_CloseEventLog cr;
  96         struct policy_handle handle;
  97
  98         if (!get_policy_handle(tctx, p, &handle))
  99                 return false;
 100
 101         r.in.offset = 0;
 102         r.in.handle = &handle;
 103         r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
 104
 105         while (1) {
 106                 DATA_BLOB blob;
 107                 struct eventlog_Record rec;
 108                 struct ndr_pull *ndr;
 109
 110                 /* Read first for number of bytes in record */
 111
 112                 r.in.number_of_bytes = 0;
 113                 r.out.data = NULL;
 114
 115                 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
 116
 117                 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
 118                         break;
 119                 }
 120
 121                 torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
 122
 123                 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
 124                         "ReadEventLog failed");
 125
 126                 /* Now read the actual record */
 127
 128                 r.in.number_of_bytes = *r.out.real_size;
 129                 r.out.data = talloc_size(tctx, r.in.number_of_bytes);
 130
 131                 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
 132
 133                 torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
 134
 135                 /* Decode a user-marshalled record */
 136
 137                 blob.length = *r.out.sent_size;
 138                 blob.data = talloc_steal(tctx, r.out.data);
 139
 140                 ndr = ndr_pull_init_blob(&blob, tctx);
 141
 142                 status = ndr_pull_eventlog_Record(
 143                         ndr, NDR_SCALARS|NDR_BUFFERS, &rec);
 144
 145                 NDR_PRINT_DEBUG(eventlog_Record, &rec);
 146
 147                 torture_assert_ntstatus_ok(tctx, status,
 148                                 "ReadEventLog failed parsing event log record");
 149
 150                 r.in.offset++;
 151         }
 152
 153         cr.in.handle = cr.out.handle = &handle;
 154
 155         torture_assert_ntstatus_ok(tctx,
 156                                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 157                                         "CloseEventLog failed");
 158
 159         return true;
 160 }
 161
 162 static bool test_FlushEventLog(struct torture_context *tctx,
 163                                                            struct dcerpc_pipe *p)
 164 {
 165         struct eventlog_FlushEventLog r;
 166         struct eventlog_CloseEventLog cr;
 167         struct policy_handle handle;
 168
 169         if (!get_policy_handle(tctx, p, &handle))
 170                 return false;
 171
 172         r.in.handle = &handle;
 173
 174         /* Huh?  Does this RPC always return access denied? */
 175         torture_assert_ntstatus_equal(tctx,
 176                         dcerpc_eventlog_FlushEventLog(p, tctx, &r),
 177                         NT_STATUS_ACCESS_DENIED,
 178                         "FlushEventLog failed");
 179
 180         cr.in.handle = cr.out.handle = &handle;
 181
 182         torture_assert_ntstatus_ok(tctx,
 183                                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 184                                         "CloseEventLog failed");
 185
 186         return true;
 187 }
 188
 189 static bool test_ClearEventLog(struct torture_context *tctx,
 190                                struct dcerpc_pipe *p)
 191 {
 192         struct eventlog_ClearEventLogW r;
 193         struct eventlog_CloseEventLog cr;
 194         struct policy_handle handle;
 195
 196         if (!torture_setting_bool(tctx, "dangerous", false)) {
 197                 torture_skip(tctx, "ClearEventLog test disabled - enable dangerous tests to use");
 198         }
 199
 200         if (!get_policy_handle(tctx, p, &handle))
 201                 return false;
 202
 203         r.in.handle = &handle;
 204         r.in.unknown = NULL;
 205
 206         torture_assert_ntstatus_ok(tctx,
 207                         dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
 208                         "ClearEventLog failed");
 209
 210         cr.in.handle = cr.out.handle = &handle;
 211
 212         torture_assert_ntstatus_ok(tctx,
 213                                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 214                                         "CloseEventLog failed");
 215
 216         return true;
 217 }
 218
 219 static bool test_OpenEventLog(struct torture_context *tctx,
 220                                                           struct dcerpc_pipe *p)
 221 {
 222         struct policy_handle handle;
 223         struct eventlog_CloseEventLog cr;
 224
 225         if (!get_policy_handle(tctx, p, &handle))
 226                 return false;
 227
 228         cr.in.handle = cr.out.handle = &handle;
 229
 230         torture_assert_ntstatus_ok(tctx,
 231                                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 232                                         "CloseEventLog failed");
 233
 234         return true;
 235 }
 236
 237 struct torture_suite *torture_rpc_eventlog(void)
 238 {
 239         struct torture_suite *suite;
 240         struct torture_tcase *tcase;
 241
 242         suite = torture_suite_create(talloc_autofree_context(), "EVENTLOG");
 243         tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
 244                                                   &dcerpc_table_eventlog);
 245
 246         torture_rpc_tcase_add_test(tcase, "OpenEventLog", test_OpenEventLog);
 247         torture_rpc_tcase_add_test(tcase, "ClearEventLog", test_ClearEventLog);
 248         torture_rpc_tcase_add_test(tcase, "GetNumRecords", test_GetNumRecords);
 249         torture_rpc_tcase_add_test(tcase, "ReadEventLog", test_ReadEventLog);
 250         torture_rpc_tcase_add_test(tcase, "FlushEventLog", test_FlushEventLog);
 251
 252         return suite;
 253 }