WHATSNEW: Update release notes.
[Samba.git] / source3 / rpcclient / cmd_eventlog.c
blobd839bf426329271344fe289aa6ce28f280cf7cef
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "rpcclient.h"
24 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
25 TALLOC_CTX *mem_ctx,
26 const char *log,
27 struct policy_handle *handle)
29 NTSTATUS status;
30 struct eventlog_OpenUnknown0 unknown0;
31 struct lsa_String logname, servername;
33 unknown0.unknown0 = 0x005c;
34 unknown0.unknown1 = 0x0001;
36 init_lsa_String(&logname, log);
37 init_lsa_String(&servername, NULL);
39 status = rpccli_eventlog_OpenEventLogW(cli, mem_ctx,
40 &unknown0,
41 &logname,
42 &servername,
43 0x00000001, /* major */
44 0x00000001, /* minor */
45 handle);
46 if (!NT_STATUS_IS_OK(status)) {
47 return status;
50 return NT_STATUS_OK;
53 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
54 TALLOC_CTX *mem_ctx,
55 int argc,
56 const char **argv)
58 NTSTATUS status = NT_STATUS_OK;
59 struct policy_handle handle;
61 uint32_t flags = EVENTLOG_BACKWARDS_READ |
62 EVENTLOG_SEQUENTIAL_READ;
63 uint32_t offset = 0;
64 uint32_t number_of_bytes = 0;
65 uint8_t *data = NULL;
66 uint32_t sent_size = 0;
67 uint32_t real_size = 0;
69 if (argc < 2 || argc > 4) {
70 printf("Usage: %s logname [offset] [number_of_bytes]\n", argv[0]);
71 return NT_STATUS_OK;
74 if (argc >= 3) {
75 offset = atoi(argv[2]);
78 if (argc >= 4) {
79 number_of_bytes = atoi(argv[3]);
80 data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
81 if (!data) {
82 goto done;
86 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
87 if (!NT_STATUS_IS_OK(status)) {
88 return status;
91 do {
93 enum ndr_err_code ndr_err;
94 DATA_BLOB blob;
95 struct EVENTLOGRECORD r;
96 uint32_t size = 0;
97 uint32_t pos = 0;
99 status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
100 &handle,
101 flags,
102 offset,
103 number_of_bytes,
104 data,
105 &sent_size,
106 &real_size);
107 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL) &&
108 real_size > 0 ) {
109 number_of_bytes = real_size;
110 data = talloc_array(mem_ctx, uint8_t, real_size);
111 if (!data) {
112 goto done;
114 status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
115 &handle,
116 flags,
117 offset,
118 number_of_bytes,
119 data,
120 &sent_size,
121 &real_size);
124 if (!NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) &&
125 !NT_STATUS_IS_OK(status)) {
126 goto done;
129 number_of_bytes = 0;
131 size = IVAL(data, pos);
133 while (size > 0) {
135 blob = data_blob_const(data + pos, size);
136 /* dump_data(0, blob.data, blob.length); */
137 ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, NULL, &r,
138 (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
139 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
140 status = ndr_map_error2ntstatus(ndr_err);
141 goto done;
144 NDR_PRINT_DEBUG(EVENTLOGRECORD, &r);
146 pos += size;
148 if (pos + 4 > sent_size) {
149 break;
152 size = IVAL(data, pos);
155 offset++;
157 } while (NT_STATUS_IS_OK(status));
159 done:
160 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
162 return status;
165 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
166 TALLOC_CTX *mem_ctx,
167 int argc,
168 const char **argv)
170 NTSTATUS status;
171 struct policy_handle handle;
172 uint32_t number = 0;
174 if (argc != 2) {
175 printf("Usage: %s logname\n", argv[0]);
176 return NT_STATUS_OK;
179 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
180 if (!NT_STATUS_IS_OK(status)) {
181 return status;
184 status = rpccli_eventlog_GetNumRecords(cli, mem_ctx,
185 &handle,
186 &number);
187 if (!NT_STATUS_IS_OK(status)) {
188 goto done;
191 printf("number of records: %d\n", number);
193 done:
194 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
196 return status;
199 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
200 TALLOC_CTX *mem_ctx,
201 int argc,
202 const char **argv)
204 NTSTATUS status;
205 struct policy_handle handle;
206 uint32_t oldest_entry = 0;
208 if (argc != 2) {
209 printf("Usage: %s logname\n", argv[0]);
210 return NT_STATUS_OK;
213 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
214 if (!NT_STATUS_IS_OK(status)) {
215 return status;
218 status = rpccli_eventlog_GetOldestRecord(cli, mem_ctx,
219 &handle,
220 &oldest_entry);
221 if (!NT_STATUS_IS_OK(status)) {
222 goto done;
225 printf("oldest entry: %d\n", oldest_entry);
227 done:
228 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
230 return status;
233 static NTSTATUS cmd_eventlog_reportevent(struct rpc_pipe_client *cli,
234 TALLOC_CTX *mem_ctx,
235 int argc,
236 const char **argv)
238 NTSTATUS status;
239 struct policy_handle handle;
241 uint16_t num_of_strings = 1;
242 uint32_t data_size = 0;
243 struct lsa_String servername;
244 struct lsa_String *strings;
245 uint8_t *data = NULL;
246 uint32_t record_number = 0;
247 time_t time_written = 0;
249 if (argc != 2) {
250 printf("Usage: %s logname\n", argv[0]);
251 return NT_STATUS_OK;
254 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
255 if (!NT_STATUS_IS_OK(status)) {
256 return status;
259 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
260 if (!strings) {
261 return NT_STATUS_NO_MEMORY;
264 init_lsa_String(&strings[0], "test event written by rpcclient\n");
265 init_lsa_String(&servername, NULL);
267 status = rpccli_eventlog_ReportEventW(cli, mem_ctx,
268 &handle,
269 time(NULL),
270 EVENTLOG_INFORMATION_TYPE,
271 0, /* event_category */
272 0, /* event_id */
273 num_of_strings,
274 data_size,
275 &servername,
276 NULL, /* user_sid */
277 &strings,
278 data,
279 0, /* flags */
280 &record_number,
281 &time_written);
283 if (!NT_STATUS_IS_OK(status)) {
284 goto done;
287 printf("entry: %d written at %s\n", record_number,
288 http_timestring(talloc_tos(), time_written));
290 done:
291 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
293 return status;
296 static NTSTATUS cmd_eventlog_reporteventsource(struct rpc_pipe_client *cli,
297 TALLOC_CTX *mem_ctx,
298 int argc,
299 const char **argv)
301 NTSTATUS status;
302 struct policy_handle handle;
304 uint16_t num_of_strings = 1;
305 uint32_t data_size = 0;
306 struct lsa_String servername, sourcename;
307 struct lsa_String *strings;
308 uint8_t *data = NULL;
309 uint32_t record_number = 0;
310 time_t time_written = 0;
312 if (argc != 2) {
313 printf("Usage: %s logname\n", argv[0]);
314 return NT_STATUS_OK;
317 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
318 if (!NT_STATUS_IS_OK(status)) {
319 return status;
322 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
323 if (!strings) {
324 return NT_STATUS_NO_MEMORY;
327 init_lsa_String(&strings[0], "test event written by rpcclient\n");
328 init_lsa_String(&servername, NULL);
329 init_lsa_String(&sourcename, "rpcclient");
331 status = rpccli_eventlog_ReportEventAndSourceW(cli, mem_ctx,
332 &handle,
333 time(NULL),
334 EVENTLOG_INFORMATION_TYPE,
335 0, /* event_category */
336 0, /* event_id */
337 &sourcename,
338 num_of_strings,
339 data_size,
340 &servername,
341 NULL, /* user_sid */
342 &strings,
343 data,
344 0, /* flags */
345 &record_number,
346 &time_written);
347 if (!NT_STATUS_IS_OK(status)) {
348 goto done;
351 printf("entry: %d written at %s\n", record_number,
352 http_timestring(talloc_tos(), time_written));
354 done:
355 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
357 return status;
360 static NTSTATUS cmd_eventlog_registerevsource(struct rpc_pipe_client *cli,
361 TALLOC_CTX *mem_ctx,
362 int argc,
363 const char **argv)
365 NTSTATUS status;
366 struct policy_handle log_handle;
367 struct lsa_String module_name, reg_module_name;
368 struct eventlog_OpenUnknown0 unknown0;
370 unknown0.unknown0 = 0x005c;
371 unknown0.unknown1 = 0x0001;
373 if (argc != 2) {
374 printf("Usage: %s logname\n", argv[0]);
375 return NT_STATUS_OK;
378 init_lsa_String(&module_name, "rpcclient");
379 init_lsa_String(&reg_module_name, NULL);
381 status = rpccli_eventlog_RegisterEventSourceW(cli, mem_ctx,
382 &unknown0,
383 &module_name,
384 &reg_module_name,
385 1, /* major_version */
386 1, /* minor_version */
387 &log_handle);
388 if (!NT_STATUS_IS_OK(status)) {
389 goto done;
392 done:
393 rpccli_eventlog_DeregisterEventSource(cli, mem_ctx, &log_handle);
395 return status;
398 static NTSTATUS cmd_eventlog_backuplog(struct rpc_pipe_client *cli,
399 TALLOC_CTX *mem_ctx,
400 int argc,
401 const char **argv)
403 NTSTATUS status;
404 struct policy_handle handle;
405 struct lsa_String backup_filename;
406 const char *tmp;
408 if (argc != 3) {
409 printf("Usage: %s logname backupname\n", argv[0]);
410 return NT_STATUS_OK;
413 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
414 if (!NT_STATUS_IS_OK(status)) {
415 return status;
418 tmp = talloc_asprintf(mem_ctx, "\\??\\%s", argv[2]);
419 if (!tmp) {
420 status = NT_STATUS_NO_MEMORY;
421 goto done;
424 init_lsa_String(&backup_filename, tmp);
426 status = rpccli_eventlog_BackupEventLogW(cli, mem_ctx,
427 &handle,
428 &backup_filename);
430 done:
431 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
433 return status;
436 static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,
437 TALLOC_CTX *mem_ctx,
438 int argc,
439 const char **argv)
441 NTSTATUS status;
442 struct policy_handle handle;
443 uint8_t *buffer = NULL;
444 uint32_t buf_size = 0;
445 uint32_t bytes_needed = 0;
447 if (argc != 2) {
448 printf("Usage: %s logname\n", argv[0]);
449 return NT_STATUS_OK;
452 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
453 if (!NT_STATUS_IS_OK(status)) {
454 return status;
457 status = rpccli_eventlog_GetLogInformation(cli, mem_ctx,
458 &handle,
459 0, /* level */
460 buffer,
461 buf_size,
462 &bytes_needed);
463 if (!NT_STATUS_IS_OK(status) &&
464 !NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
465 goto done;
468 buf_size = bytes_needed;
469 buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
470 if (!buffer) {
471 status = NT_STATUS_NO_MEMORY;
472 goto done;
475 status = rpccli_eventlog_GetLogInformation(cli, mem_ctx,
476 &handle,
477 0, /* level */
478 buffer,
479 buf_size,
480 &bytes_needed);
481 if (!NT_STATUS_IS_OK(status)) {
482 goto done;
485 done:
486 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
488 return status;
492 struct cmd_set eventlog_commands[] = {
493 { "EVENTLOG" },
494 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Read Eventlog", "" },
495 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get number of records", "" },
496 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get oldest record", "" },
497 { "eventlog_reportevent", RPC_RTYPE_NTSTATUS, cmd_eventlog_reportevent, NULL, &ndr_table_eventlog.syntax_id, NULL, "Report event", "" },
498 { "eventlog_reporteventsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_reporteventsource, NULL, &ndr_table_eventlog.syntax_id, NULL, "Report event and source", "" },
499 { "eventlog_registerevsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_registerevsource, NULL, &ndr_table_eventlog.syntax_id, NULL, "Register event source", "" },
500 { "eventlog_backuplog", RPC_RTYPE_NTSTATUS, cmd_eventlog_backuplog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Backup Eventlog File", "" },
501 { "eventlog_loginfo", RPC_RTYPE_NTSTATUS, cmd_eventlog_loginfo, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get Eventlog Information", "" },
502 { NULL }