source3/utils/net_eventlog.c

   1 /*
   2  * Samba Unix/Linux SMB client library
   3  * Distributed SMB/CIFS Server Management Utility
   4  * Local win32 eventlog interface
   5  *
   6  * Copyright (C) Guenther Deschner 2009
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20  */
  21
  22 #include "includes.h"
  23 #include "utils/net.h"
  24
  25 /**
  26  * Dump an *evt win32 eventlog file
  27  *
  28  * @param argc  Standard main() style argc.
  29  * @param argv  Standard main() style argv. Initial components are already
  30  *              stripped.
  31  *
  32  * @return A shell status integer (0 for success).
  33  **/
  34
  35 static int net_eventlog_dump(struct net_context *c, int argc,
  36                              const char **argv)
  37 {
  38         int ret = -1;
  39         TALLOC_CTX *ctx = talloc_stackframe();
  40         enum ndr_err_code ndr_err;
  41         DATA_BLOB blob;
  42         struct EVENTLOG_EVT_FILE evt;
  43         char *s;
  44
  45         if (argc < 1 || c->display_usage) {
  46                 d_fprintf(stderr, _("usage: net eventlog dump <file.evt>\n"));
  47                 goto done;
  48         }
  49
  50         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
  51         if (!blob.data) {
  52                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
  53                 goto done;
  54         }
  55
  56         ndr_err = ndr_pull_struct_blob(&blob, ctx, NULL, &evt,
  57                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
  58         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
  59                 d_fprintf(stderr, _("evt pull failed: %s\n"),
  60                           ndr_errstr(ndr_err));
  61                 goto done;
  62         }
  63
  64         s = NDR_PRINT_STRUCT_STRING(ctx, EVENTLOG_EVT_FILE, &evt);
  65         if (s) {
  66                 printf("%s\n", s);
  67         }
  68
  69         ret = 0;
  70  done:
  71         TALLOC_FREE(ctx);
  72         return ret;
  73 }
  74
  75 /**
  76  * Import an *evt win32 eventlog file to internal tdb representation
  77  *
  78  * @param argc  Standard main() style argc.
  79  * @param argv  Standard main() style argv. Initial components are already
  80  *              stripped.
  81  *
  82  * @return A shell status integer (0 for success).
  83  **/
  84
  85 static int net_eventlog_import(struct net_context *c, int argc,
  86                                const char **argv)
  87 {
  88         int ret = -1;
  89         TALLOC_CTX *ctx = talloc_stackframe();
  90         NTSTATUS status;
  91         enum ndr_err_code ndr_err;
  92         DATA_BLOB blob;
  93         uint32_t num_records = 0;
  94         uint32_t i;
  95         ELOG_TDB *etdb = NULL;
  96
  97         struct EVENTLOGHEADER evt_header;
  98         struct EVENTLOG_EVT_FILE evt;
  99
 100         if (argc < 2 || c->display_usage) {
 101                 d_fprintf(stderr,
 102                           _("usage: net eventlog import <file> <eventlog>\n"));
 103                 goto done;
 104         }
 105
 106         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
 107         if (!blob.data) {
 108                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
 109                 goto done;
 110         }
 111
 112         /* dump_data(0, blob.data, blob.length); */
 113         ndr_err = ndr_pull_struct_blob(&blob, ctx, NULL, &evt_header,
 114                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGHEADER);
 115         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 116                 d_fprintf(stderr, _("evt header pull failed: %s\n"),
 117                           ndr_errstr(ndr_err));
 118                 goto done;
 119         }
 120
 121         if (evt_header.Flags & ELF_LOGFILE_HEADER_WRAP) {
 122                 d_fprintf(stderr, _("input file is wrapped, cannot proceed\n"));
 123                 goto done;
 124         }
 125
 126         ndr_err = ndr_pull_struct_blob(&blob, ctx, NULL, &evt,
 127                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
 128         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 129                 d_fprintf(stderr, _("evt pull failed: %s\n"),
 130                           ndr_errstr(ndr_err));
 131                 goto done;
 132         }
 133
 134         /* NDR_PRINT_DEBUG(EVENTLOG_EVT_FILE, &evt); */
 135
 136         etdb = elog_open_tdb(argv[1], false, false);
 137         if (!etdb) {
 138                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
 139                           argv[1]);
 140                 goto done;
 141         }
 142
 143         num_records = evt.hdr.CurrentRecordNumber - evt.hdr.OldestRecordNumber;
 144
 145         for (i=0; i<num_records; i++) {
 146                 uint32_t record_number;
 147                 struct eventlog_Record_tdb e;
 148
 149                 status = evlog_evt_entry_to_tdb_entry(ctx, &evt.records[i], &e);
 150                 if (!NT_STATUS_IS_OK(status)) {
 151                         goto done;
 152                 }
 153
 154                 status = evlog_push_record_tdb(ctx, ELOG_TDB_CTX(etdb),
 155                                                &e, &record_number);
 156                 if (!NT_STATUS_IS_OK(status)) {
 157                         d_fprintf(stderr,
 158                                   _("can't write to the eventlog: %s\n"),
 159                                   nt_errstr(status));
 160                         goto done;
 161                 }
 162         }
 163
 164         printf(_("wrote %d entries to tdb\n"), i);
 165
 166         ret = 0;
 167  done:
 168
 169         elog_close_tdb(etdb, false);
 170
 171         TALLOC_FREE(ctx);
 172         return ret;
 173 }
 174
 175 /**
 176  * Export internal eventlog tdb representation to an *evt win32 eventlog file
 177  *
 178  * @param argc  Standard main() style argc.
 179  * @param argv  Standard main() style argv. Initial components are already
 180  *              stripped.
 181  *
 182  * @return A shell status integer (0 for success).
 183  **/
 184
 185 static int net_eventlog_export(struct net_context *c, int argc,
 186                                const char **argv)
 187 {
 188         int ret = -1;
 189         NTSTATUS status;
 190         TALLOC_CTX *ctx = talloc_stackframe();
 191         DATA_BLOB blob;
 192         uint32_t num_records = 0;
 193         ELOG_TDB *etdb = NULL;
 194
 195         if (argc < 2 || c->display_usage) {
 196                 d_fprintf(stderr,
 197                           _("usage: net eventlog export <file> <eventlog>\n"));
 198                 goto done;
 199         }
 200
 201         etdb = elog_open_tdb(argv[1], false, true);
 202         if (!etdb) {
 203                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
 204                           argv[1]);
 205                 goto done;
 206         }
 207
 208         status = evlog_convert_tdb_to_evt(ctx, etdb, &blob, &num_records);
 209         if (!NT_STATUS_IS_OK(status)) {
 210                 goto done;
 211         }
 212
 213         if (!file_save(argv[0], blob.data, blob.length)) {
 214                 d_fprintf(stderr, _("failed to save evt file: %s\n"), argv[0]);
 215                 goto done;
 216         }
 217
 218         ret = 0;
 219  done:
 220
 221         elog_close_tdb(etdb, false);
 222
 223         TALLOC_FREE(ctx);
 224         return ret;
 225 }
 226
 227 /**
 228  * 'net rpc eventlog' entrypoint.
 229  * @param argc  Standard main() style argc.
 230  * @param argv  Standard main() style argv. Initial components are already
 231  *              stripped.
 232  **/
 233
 234 int net_eventlog(struct net_context *c, int argc, const char **argv)
 235 {
 236         int ret = -1;
 237
 238         struct functable func[] = {
 239                 {
 240                         "dump",
 241                         net_eventlog_dump,
 242                         NET_TRANSPORT_LOCAL,
 243                         N_("Dump eventlog"),
 244                         N_("net eventlog dump\n"
 245                            "    Dump win32 *.evt eventlog file")
 246                 },
 247                 {
 248                         "import",
 249                         net_eventlog_import,
 250                         NET_TRANSPORT_LOCAL,
 251                         N_("Import eventlog"),
 252                         N_("net eventlog import\n"
 253                            "    Import win32 *.evt eventlog file")
 254                 },
 255                 {
 256                         "export",
 257                         net_eventlog_export,
 258                         NET_TRANSPORT_LOCAL,
 259                         N_("Export eventlog"),
 260                         N_("net eventlog export\n"
 261                            "    Export win32 *.evt eventlog file")
 262                 },
 263
 264
 265         { NULL, NULL, 0, NULL, NULL }
 266         };
 267
 268         ret = net_run_function(c, argc, argv, "net eventlog", func);
 269
 270         return ret;
 271 }