search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-passdb: Fix typo in comment.
[Samba.git] / source3 / rpc_server / srv_eventlog_nt.c
blob2d4c597358132e192de26b062079637272f5dbcf
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "../librpc/gen_ndr/srv_eventlog.h"
25 #include "lib/eventlog/eventlog.h"
26 #include "registry.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_RPC_SRV
30
31 typedef struct {
32 char *logname;
33 ELOG_TDB *etdb;
34 uint32 current_record;
35 uint32 num_records;
36 uint32 oldest_entry;
37 uint32 flags;
38 uint32 access_granted;
39 } EVENTLOG_INFO;
40
41 /********************************************************************
42 ********************************************************************/
43
44 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
45 {
46 if (elog->etdb) {
47 elog_close_tdb(elog->etdb, false);
48 }
49 return 0;
50 }
51
52 /********************************************************************
53 ********************************************************************/
54
55 static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p,
56 struct policy_handle * handle )
57 {
58 EVENTLOG_INFO *info;
59
60 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
61 DEBUG( 2,
62 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
63 return NULL;
64 }
65
66 return info;
67 }
68
69 /********************************************************************
70 ********************************************************************/
71
72 static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
73 {
74 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
75 struct security_descriptor *sec_desc;
76 struct security_ace *ace;
77 NTSTATUS status;
78
79 if ( !tdbname )
80 return False;
81
82 /* get the security descriptor for the file */
83
84 sec_desc = get_nt_acl_no_snum( info, tdbname );
85 TALLOC_FREE( tdbname );
86
87 if ( !sec_desc ) {
88 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
89 tdbname));
90 return False;
91 }
92
93 ace = talloc_zero(sec_desc, struct security_ace);
94 if (ace == NULL) {
95 TALLOC_FREE(sec_desc);
96 return false;
97 }
98
99 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
100 ace->flags = 0;
101 ace->access_mask = REG_KEY_ALL;
102 ace->trustee = global_sid_System;
103
104 status = security_descriptor_dacl_add(sec_desc, ace);
105 if (!NT_STATUS_IS_OK(status)) {
106 TALLOC_FREE(sec_desc);
107 return false;
108 }
109
110 /* root free pass */
111
112 if ( geteuid() == sec_initial_uid() ) {
113 DEBUG(5,("elog_check_access: running as root, using system token\n"));
114 token = get_system_token();
115 }
116
117 /* run the check, try for the max allowed */
118
119 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
120 &info->access_granted);
121
122 TALLOC_FREE(sec_desc);
123
124 if (!NT_STATUS_IS_OK(status)) {
125 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
126 nt_errstr(status)));
127 return False;
128 }
129
130 /* we have to have READ permission for a successful open */
131
132 return ( info->access_granted & SEC_FILE_READ_DATA );
133 }
134
135 /********************************************************************
136 ********************************************************************/
137
138 static bool elog_validate_logname( const char *name )
139 {
140 int i;
141 const char **elogs = lp_eventlog_list();
142
143 if (!elogs) {
144 return False;
145 }
146
147 for ( i=0; elogs[i]; i++ ) {
148 if ( strequal( name, elogs[i] ) )
149 return True;
150 }
151
152 return False;
153 }
154
155 /********************************************************************
156 ********************************************************************/
157
158 static bool get_num_records_hook( EVENTLOG_INFO * info )
159 {
160 int next_record;
161 int oldest_record;
162
163 if ( !info->etdb ) {
164 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
165 return False;
166 }
167
168 /* lock the tdb since we have to get 2 records */
169
170 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
171 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
172 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
173 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
174
175 DEBUG( 8,
176 ( "Oldest Record %d; Next Record %d\n", oldest_record,
177 next_record ) );
178
179 info->num_records = ( next_record - oldest_record );
180 info->oldest_entry = oldest_record;
181
182 return True;
183 }
184
185 /********************************************************************
186 ********************************************************************/
187
188 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
189 {
190 /* it's the same thing */
191 return get_num_records_hook( info );
192 }
193
194 /********************************************************************
195 ********************************************************************/
196
197 static NTSTATUS elog_open( pipes_struct * p, const char *logname, struct policy_handle *hnd )
198 {
199 EVENTLOG_INFO *elog;
200
201 /* first thing is to validate the eventlog name */
202
203 if ( !elog_validate_logname( logname ) )
204 return NT_STATUS_OBJECT_PATH_INVALID;
205
206 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
207 return NT_STATUS_NO_MEMORY;
208 talloc_set_destructor(elog, eventlog_info_destructor);
209
210 elog->logname = talloc_strdup( elog, logname );
211
212 /* Open the tdb first (so that we can create any new tdbs if necessary).
213 We have to do this as root and then use an internal access check
214 on the file permissions since you can only have a tdb open once
215 in a single process */
216
217 become_root();
218 elog->etdb = elog_open_tdb( elog->logname, False, False );
219 unbecome_root();
220
221 if ( !elog->etdb ) {
222 /* according to MSDN, if the logfile cannot be found, we should
223 default to the "Application" log */
224
225 if ( !strequal( logname, ELOG_APPL ) ) {
226
227 TALLOC_FREE( elog->logname );
228
229 elog->logname = talloc_strdup( elog, ELOG_APPL );
230
231 /* do the access check */
232 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
233 TALLOC_FREE( elog );
234 return NT_STATUS_ACCESS_DENIED;
235 }
236
237 become_root();
238 elog->etdb = elog_open_tdb( elog->logname, False, False );
239 unbecome_root();
240 }
241
242 if ( !elog->etdb ) {
243 TALLOC_FREE( elog );
244 return NT_STATUS_ACCESS_DENIED; /* ??? */
245 }
246 }
247
248 /* now do the access check. Close the tdb if we fail here */
249
250 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
251 TALLOC_FREE( elog );
252 return NT_STATUS_ACCESS_DENIED;
253 }
254
255 /* create the policy handle */
256
257 if ( !create_policy_hnd( p, hnd, elog ) ) {
258 TALLOC_FREE(elog);
259 return NT_STATUS_NO_MEMORY;
260 }
261
262 /* set the initial current_record pointer */
263
264 if ( !get_oldest_entry_hook( elog ) ) {
265 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
266 "get any information on internal records!\n"));
267 }
268
269 elog->current_record = elog->oldest_entry;
270
271 return NT_STATUS_OK;
272 }
273
274 /********************************************************************
275 ********************************************************************/
276
277 static NTSTATUS elog_close( pipes_struct *p, struct policy_handle *hnd )
278 {
279 if ( !( close_policy_hnd( p, hnd ) ) ) {
280 return NT_STATUS_INVALID_HANDLE;
281 }
282
283 return NT_STATUS_OK;
284 }
285
286 /*******************************************************************
287 *******************************************************************/
288
289 static int elog_size( EVENTLOG_INFO *info )
290 {
291 if ( !info || !info->etdb ) {
292 DEBUG(0,("elog_size: Invalid info* structure!\n"));
293 return 0;
294 }
295
296 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
297 }
298
299 /********************************************************************
300 note that this can only be called AFTER the table is constructed,
301 since it uses the table to find the tdb handle
302 ********************************************************************/
303
304 static bool sync_eventlog_params( EVENTLOG_INFO *info )
305 {
306 char *path = NULL;
307 uint32 uiMaxSize;
308 uint32 uiRetention;
309 struct registry_key *key;
310 struct registry_value *value;
311 WERROR wresult;
312 char *elogname = info->logname;
313 TALLOC_CTX *ctx = talloc_stackframe();
314 bool ret = false;
315
316 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
317
318 if ( !info->etdb ) {
319 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
320 goto done;
321 }
322 /* set resonable defaults. 512Kb on size and 1 week on time */
323
324 uiMaxSize = 0x80000;
325 uiRetention = 604800;
326
327 /* the general idea is to internally open the registry
328 key and retrieve the values. That way we can continue
329 to use the same fetch/store api that we use in
330 srv_reg_nt.c */
331
332 path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
333 if (!path) {
334 goto done;
335 }
336
337 wresult = reg_open_path(ctx, path, REG_KEY_READ, get_system_token(),
338 &key);
339
340 if ( !W_ERROR_IS_OK( wresult ) ) {
341 DEBUG( 4,
342 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
343 path, win_errstr( wresult ) ) );
344 goto done;
345 }
346
347 wresult = reg_queryvalue(key, key, "Retention", &value);
348 if (!W_ERROR_IS_OK(wresult)) {
349 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
350 win_errstr(wresult)));
351 goto done;
352 }
353 uiRetention = value->v.dword;
354
355 wresult = reg_queryvalue(key, key, "MaxSize", &value);
356 if (!W_ERROR_IS_OK(wresult)) {
357 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
358 win_errstr(wresult)));
359 goto done;
360 }
361 uiMaxSize = value->v.dword;
362
363 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
364 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
365
366 ret = true;
367
368 done:
369 TALLOC_FREE(ctx);
370 return ret;
371 }
372
373 /********************************************************************
374 _eventlog_OpenEventLogW
375 ********************************************************************/
376
377 NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p,
378 struct eventlog_OpenEventLogW *r)
379 {
380 EVENTLOG_INFO *info;
381 NTSTATUS result;
382
383 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
384 r->in.servername->string, r->in.logname->string ));
385
386 /* according to MSDN, if the logfile cannot be found, we should
387 default to the "Application" log */
388
389 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
390 return result;
391
392 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
393 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
394 r->in.logname->string ));
395 elog_close( p, r->out.handle );
396 return NT_STATUS_INVALID_HANDLE;
397 }
398
399 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
400
401 sync_eventlog_params( info );
402 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
403
404 return NT_STATUS_OK;
405 }
406
407 /********************************************************************
408 _eventlog_ClearEventLogW
409 This call still needs some work
410 ********************************************************************/
411 /** The windows client seems to be doing something funny with the file name
412 A call like
413 ClearEventLog(handle, "backup_file")
414 on the client side will result in the backup file name looking like this on the
415 server side:
416 \??\${CWD of client}\backup_file
417 If an absolute path gets specified, such as
418 ClearEventLog(handle, "C:\\temp\\backup_file")
419 then it is still mangled by the client into this:
420 \??\C:\temp\backup_file
421 when it is on the wire.
422 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
423 would be added in given that the backup file gets written on the server side. */
424
425 NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
426 struct eventlog_ClearEventLogW *r)
427 {
428 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
429
430 if ( !info )
431 return NT_STATUS_INVALID_HANDLE;
432
433 if (r->in.backupfile && r->in.backupfile->string) {
434
435 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
436 "file name for log [%s].",
437 r->in.backupfile->string, info->logname ) );
438 }
439
440 /* check for WRITE access to the file */
441
442 if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
443 return NT_STATUS_ACCESS_DENIED;
444
445 /* Force a close and reopen */
446
447 elog_close_tdb( info->etdb, True );
448 become_root();
449 info->etdb = elog_open_tdb( info->logname, True, False );
450 unbecome_root();
451
452 if ( !info->etdb )
453 return NT_STATUS_ACCESS_DENIED;
454
455 return NT_STATUS_OK;
456 }
457
458 /********************************************************************
459 _eventlog_CloseEventLog
460 ********************************************************************/
461
462 NTSTATUS _eventlog_CloseEventLog(pipes_struct * p,
463 struct eventlog_CloseEventLog *r)
464 {
465 NTSTATUS status;
466
467 status = elog_close( p, r->in.handle );
468 if (!NT_STATUS_IS_OK(status)) {
469 return status;
470 }
471
472 ZERO_STRUCTP(r->out.handle);
473
474 return NT_STATUS_OK;
475 }
476
477 /********************************************************************
478 _eventlog_ReadEventLogW
479 ********************************************************************/
480
481 NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p,
482 struct eventlog_ReadEventLogW *r)
483 {
484 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
485 uint32_t num_records_read = 0;
486 int bytes_left, record_number;
487 uint32_t elog_read_type, elog_read_dir;
488
489 if (!info) {
490 return NT_STATUS_INVALID_HANDLE;
491 }
492
493 info->flags = r->in.flags;
494 bytes_left = r->in.number_of_bytes;
495
496 if (!info->etdb) {
497 return NT_STATUS_ACCESS_DENIED;
498 }
499
500 /* check for valid flags. Can't use the sequential and seek flags together */
501
502 elog_read_type = r->in.flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
503 elog_read_dir = r->in.flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
504
505 if (r->in.flags == 0 ||
506 elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) ||
507 elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ))
508 {
509 DEBUG(3,("_eventlog_ReadEventLogW: "
510 "Invalid flags [0x%08x] for ReadEventLog\n",
511 r->in.flags));
512 return NT_STATUS_INVALID_PARAMETER;
513 }
514
515 /* a sequential read should ignore the offset */
516
517 if (elog_read_type & EVENTLOG_SEQUENTIAL_READ) {
518 record_number = info->current_record;
519 } else {
520 record_number = r->in.offset;
521 }
522
523 if (r->in.number_of_bytes == 0) {
524 struct EVENTLOGRECORD *e;
525 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
526 record_number);
527 if (!e) {
528 return NT_STATUS_END_OF_FILE;
529 }
530 *r->out.real_size = e->Length;
531 return NT_STATUS_BUFFER_TOO_SMALL;
532 }
533
534 while (bytes_left > 0) {
535
536 DATA_BLOB blob;
537 enum ndr_err_code ndr_err;
538 struct EVENTLOGRECORD *e;
539
540 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
541 record_number);
542 if (!e) {
543 break;
544 }
545
546 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, e,
547 (ndr_push_flags_fn_t)ndr_push_EVENTLOGRECORD);
548 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
549 return ndr_map_error2ntstatus(ndr_err);
550 }
551
552 if (DEBUGLEVEL >= 10) {
553 NDR_PRINT_DEBUG(EVENTLOGRECORD, e);
554 }
555
556 if (blob.length > r->in.number_of_bytes) {
557 *r->out.real_size = blob.length;
558 return NT_STATUS_BUFFER_TOO_SMALL;
559 }
560
561 if (*r->out.sent_size + blob.length > r->in.number_of_bytes) {
562 break;
563 }
564
565 bytes_left -= blob.length;
566
567 if (info->flags & EVENTLOG_FORWARDS_READ) {
568 record_number++;
569 } else {
570 record_number--;
571 }
572
573 /* update the eventlog record pointer */
574
575 info->current_record = record_number;
576
577 memcpy(&r->out.data[*(r->out.sent_size)],
578 blob.data, blob.length);
579 *(r->out.sent_size) += blob.length;
580
581 num_records_read++;
582 }
583
584 if (r->in.offset == 0 && record_number == 0 && *r->out.sent_size == 0) {
585 return NT_STATUS_END_OF_FILE;
586 }
587
588 return NT_STATUS_OK;
589 }
590
591 /********************************************************************
592 _eventlog_GetOldestRecord
593 ********************************************************************/
594
595 NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p,
596 struct eventlog_GetOldestRecord *r)
597 {
598 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
599
600 if (info == NULL) {
601 return NT_STATUS_INVALID_HANDLE;
602 }
603
604 if ( !( get_oldest_entry_hook( info ) ) )
605 return NT_STATUS_ACCESS_DENIED;
606
607 *r->out.oldest_entry = info->oldest_entry;
608
609 return NT_STATUS_OK;
610 }
611
612 /********************************************************************
613 _eventlog_GetNumRecords
614 ********************************************************************/
615
616 NTSTATUS _eventlog_GetNumRecords(pipes_struct *p,
617 struct eventlog_GetNumRecords *r)
618 {
619 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
620
621 if (info == NULL) {
622 return NT_STATUS_INVALID_HANDLE;
623 }
624
625 if ( !( get_num_records_hook( info ) ) )
626 return NT_STATUS_ACCESS_DENIED;
627
628 *r->out.number = info->num_records;
629
630 return NT_STATUS_OK;
631 }
632
633 NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r)
634 {
635 p->rng_fault_state = True;
636 return NT_STATUS_NOT_IMPLEMENTED;
637 }
638
639 /********************************************************************
640 _eventlog_GetLogInformation
641 ********************************************************************/
642
643 NTSTATUS _eventlog_GetLogInformation(pipes_struct *p,
644 struct eventlog_GetLogInformation *r)
645 {
646 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
647 struct EVENTLOG_FULL_INFORMATION f;
648 enum ndr_err_code ndr_err;
649 DATA_BLOB blob;
650
651 if (!info) {
652 return NT_STATUS_INVALID_HANDLE;
653 }
654
655 if (r->in.level != 0) {
656 return NT_STATUS_INVALID_LEVEL;
657 }
658
659 *r->out.bytes_needed = 4;
660
661 if (r->in.buf_size < 4) {
662 return NT_STATUS_BUFFER_TOO_SMALL;
663 }
664
665 /* FIXME: this should be retrieved from the handle */
666 f.full = false;
667
668 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &f,
669 (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
670 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
671 return ndr_map_error2ntstatus(ndr_err);
672 }
673
674 if (DEBUGLEVEL >= 10) {
675 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
676 }
677
678 memcpy(r->out.buffer, blob.data, 4);
679
680 return NT_STATUS_OK;
681 }
682
683 /********************************************************************
684 _eventlog_FlushEventLog
685 ********************************************************************/
686
687 NTSTATUS _eventlog_FlushEventLog(pipes_struct *p,
688 struct eventlog_FlushEventLog *r)
689 {
690 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
691 if (!info) {
692 return NT_STATUS_INVALID_HANDLE;
693 }
694
695 return NT_STATUS_ACCESS_DENIED;
696 }
697
698 /********************************************************************
699 ********************************************************************/
700
701 static NTSTATUS evlog_report_to_record(TALLOC_CTX *mem_ctx,
702 const struct eventlog_ReportEventW *r,
703 const char *logname,
704 struct EVENTLOGRECORD *e)
705 {
706 uint32_t i;
707 ZERO_STRUCTP(e);
708
709 e->TimeGenerated = r->in.timestamp;
710 e->TimeWritten = time(NULL);
711 e->EventID = r->in.event_id;
712 e->EventType = r->in.event_type;
713 e->NumStrings = r->in.num_of_strings;
714 e->EventCategory = r->in.event_category;
715 e->ReservedFlags = r->in.flags;
716 e->DataLength = r->in.data_size;
717 e->SourceName = talloc_strdup(mem_ctx, logname);
718 NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
719 if (r->in.servername->string) {
720 e->Computername = r->in.servername->string;
721 } else {
722 e->Computername = talloc_strdup(mem_ctx, "");
723 NT_STATUS_HAVE_NO_MEMORY(e->Computername);
724 }
725 if (r->in.user_sid) {
726 e->UserSid = *r->in.user_sid;
727 }
728 e->Strings = talloc_array(mem_ctx, const char *, e->NumStrings);
729 NT_STATUS_HAVE_NO_MEMORY(e->Strings);
730
731 for (i=0; i < e->NumStrings; i++) {
732 e->Strings[i] = talloc_strdup(e->Strings,
733 r->in.strings[i]->string);
734 NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
735 }
736 e->Data = r->in.data;
737
738 return NT_STATUS_OK;
739 }
740
741 /********************************************************************
742 _eventlog_ReportEventW
743 ********************************************************************/
744
745 NTSTATUS _eventlog_ReportEventW(pipes_struct *p,
746 struct eventlog_ReportEventW *r)
747 {
748 NTSTATUS status;
749 struct EVENTLOGRECORD record;
750
751 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
752 if (!info) {
753 return NT_STATUS_INVALID_HANDLE;
754 }
755
756 status = evlog_report_to_record(p->mem_ctx, r, info->logname, &record);
757 if (!NT_STATUS_IS_OK(status)) {
758 return status;
759 }
760
761 status = evlog_push_record(p->mem_ctx,
762 ELOG_TDB_CTX(info->etdb),
763 &record,
764 r->out.record_number);
765 if (!NT_STATUS_IS_OK(status)) {
766 return status;
767 }
768
769 return NT_STATUS_OK;
770 }
771
772 /********************************************************************
773 ********************************************************************/
774
775 NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r)
776 {
777 p->rng_fault_state = True;
778 return NT_STATUS_NOT_IMPLEMENTED;
779 }
780
781 NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r)
782 {
783 p->rng_fault_state = True;
784 return NT_STATUS_NOT_IMPLEMENTED;
785 }
786
787 NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r)
788 {
789 p->rng_fault_state = True;
790 return NT_STATUS_NOT_IMPLEMENTED;
791 }
792
793 NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r)
794 {
795 p->rng_fault_state = True;
796 return NT_STATUS_NOT_IMPLEMENTED;
797 }
798
799 NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r)
800 {
801 p->rng_fault_state = True;
802 return NT_STATUS_NOT_IMPLEMENTED;
803 }
804
805 NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r)
806 {
807 p->rng_fault_state = True;
808 return NT_STATUS_NOT_IMPLEMENTED;
809 }
810
811 NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r)
812 {
813 p->rng_fault_state = True;
814 return NT_STATUS_NOT_IMPLEMENTED;
815 }
816
817 NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r)
818 {
819 p->rng_fault_state = True;
820 return NT_STATUS_NOT_IMPLEMENTED;
821 }
822
823 NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r)
824 {
825 p->rng_fault_state = True;
826 return NT_STATUS_NOT_IMPLEMENTED;
827 }
828
829 NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r)
830 {
831 p->rng_fault_state = True;
832 return NT_STATUS_NOT_IMPLEMENTED;
833 }
834
835 NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r)
836 {
837 p->rng_fault_state = True;
838 return NT_STATUS_NOT_IMPLEMENTED;
839 }
840
841 NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r)
842 {
843 p->rng_fault_state = True;
844 return NT_STATUS_NOT_IMPLEMENTED;
845 }
846
847 NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r)
848 {
849 p->rng_fault_state = True;
850 return NT_STATUS_NOT_IMPLEMENTED;
851 }
852
853 NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r)
854 {
855 p->rng_fault_state = True;
856 return NT_STATUS_NOT_IMPLEMENTED;
857 }
858
859 NTSTATUS _eventlog_ReportEventAndSourceW(pipes_struct *p, struct eventlog_ReportEventAndSourceW *r)
860 {
861 p->rng_fault_state = True;
862 return NT_STATUS_NOT_IMPLEMENTED;
863 }
Samba GIT mirror