search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Wrap the DEBUG checks in a "unlikely"
[Samba/gbeck.git] / source3 / rpc_parse / parse_eventlog.c
blob70226bca151d82551ba332e5d6a539eb73041ac6
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 #undef DBGC_CLASS
23 #define DBGC_CLASS DBGC_RPC_PARSE
24
25 /********************************************************************
26 ********************************************************************/
27
28 bool prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u )
29 {
30 if ( !u )
31 return False;
32
33 if ( !prs_uint16("", ps, depth, &u->unknown1) )
34 return False;
35 if ( !prs_uint16("", ps, depth, &u->unknown2) )
36 return False;
37
38 return True;
39 }
40
41 /********************************************************************
42 ********************************************************************/
43
44 bool eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u,
45 prs_struct *ps, int depth)
46 {
47 if(q_u == NULL)
48 return False;
49
50 prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog");
51 depth++;
52
53 if(!prs_align(ps))
54 return False;
55
56 if ( !prs_pointer("", ps, depth, (void*)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0))
57 return False;
58
59 if ( !prs_unistr4("logname", ps, depth, &q_u->logname) )
60 return False;
61 if ( !prs_align(ps) )
62 return False;
63
64 if ( !prs_unistr4("servername", ps, depth, &q_u->servername) )
65 return False;
66 if ( !prs_align(ps) )
67 return False;
68
69 if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
70 return False;
71 if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) )
72 return False;
73
74 return True;
75 }
76
77 bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u,
78 prs_struct *ps, int depth)
79 {
80 if(r_u == NULL)
81 return False;
82
83 prs_debug(ps, depth, desc, "eventlog_io_r_open_eventlog");
84 depth++;
85
86 if(!prs_align(ps))
87 return False;
88
89 if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth)))
90 return False;
91
92 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
93 return False;
94
95 return True;
96 }
97
98 bool eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u,
99 prs_struct *ps, int depth)
100 {
101 if(q_u == NULL)
102 return False;
103
104 prs_debug(ps, depth, desc, "eventlog_io_q_get_num_records");
105 depth++;
106
107 if(!(prs_align(ps)))
108 return False;
109
110 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
111 return False;
112
113 return True;
114 }
115
116 bool eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u,
117 prs_struct *ps, int depth)
118 {
119 if(r_u == NULL)
120 return False;
121
122 prs_debug(ps, depth, desc, "eventlog_io_r_get_num_records");
123 depth++;
124
125 if(!(prs_align(ps)))
126 return False;
127
128 if(!(prs_uint32("num records", ps, depth, &(r_u->num_records))))
129 return False;
130
131 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
132 return False;
133
134 return True;
135 }
136
137 bool eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u,
138 prs_struct *ps, int depth)
139 {
140 if(q_u == NULL)
141 return False;
142
143 prs_debug(ps, depth, desc, "eventlog_io_q_get_oldest_entry");
144 depth++;
145
146 if(!(prs_align(ps)))
147 return False;
148
149 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
150 return False;
151
152 return True;
153 }
154
155 bool eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u,
156 prs_struct *ps, int depth)
157 {
158 if(r_u == NULL)
159 return False;
160
161 prs_debug(ps, depth, desc, "eventlog_io_r_get_oldest_entry");
162 depth++;
163
164 if(!(prs_align(ps)))
165 return False;
166
167 if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry))))
168 return False;
169
170 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
171 return False;
172
173 return True;
174 }
175
176 bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u,
177 prs_struct *ps, int depth)
178 {
179 if(q_u == NULL)
180 return False;
181
182 prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog");
183 depth++;
184
185 if(!(prs_align(ps)))
186 return False;
187
188 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
189 return False;
190
191 if(!(prs_uint32("read flags", ps, depth, &(q_u->flags))))
192 return False;
193
194 if(!(prs_uint32("read offset", ps, depth, &(q_u->offset))))
195 return False;
196
197 if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size))))
198 return False;
199
200 return True;
201 }
202 /** Structure of response seems to be:
203 DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
204 for i=0..n
205 EVENTLOGRECORD record
206 DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise
207 DWORD real_size -- 0 if records returned, otherwise length of next record to be returned
208 WERROR status */
209 bool eventlog_io_r_read_eventlog(const char *desc,
210 EVENTLOG_Q_READ_EVENTLOG *q_u,
211 EVENTLOG_R_READ_EVENTLOG *r_u,
212 prs_struct *ps,
213 int depth)
214 {
215 Eventlog_entry *entry;
216 uint32 record_written = 0;
217 uint32 record_total = 0;
218
219 if(r_u == NULL)
220 return False;
221
222 prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog");
223 depth++;
224
225 /* First, see if we've read more logs than we can output */
226
227 if(r_u->num_bytes_in_resp > q_u->max_read_size) {
228 entry = r_u->entry;
229
230 /* remove the size of the last entry from the list */
231
232 while(entry->next != NULL)
233 entry = entry->next;
234
235 r_u->num_bytes_in_resp -= entry->record.length;
236
237 /* do not output the last log entry */
238
239 r_u->num_records--;
240 }
241
242 entry = r_u->entry;
243 record_total = r_u->num_records;
244
245 if(r_u->num_bytes_in_resp != 0)
246 r_u->sent_size = r_u->num_bytes_in_resp;
247 else
248 r_u->real_size = r_u->bytes_in_next_record;
249
250 if(!(prs_align(ps)))
251 return False;
252 if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size))))
253 return False;
254
255 while(entry != NULL && record_written < record_total)
256 {
257 DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total));
258
259 /* Encode the actual eventlog record record */
260
261 if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
262 return False;
263 if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
264 return False;
265 if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
266 return False;
267 if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
268 return False;
269 if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
270 return False;
271 if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
272 return False;
273 if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
274 return False;
275 if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
276 return False;
277 if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
278 return False;
279 if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
280 return False;
281 if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
282 return False;
283 if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
284 return False;
285 if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
286 return False;
287 if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
288 return False;
289 if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
290 return False;
291 if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
292 return False;
293 if(!(prs_align(ps)))
294 return False;
295
296 /* Now encoding data */
297
298 if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
299 entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
300 {
301 return False;
302 }
303
304 if(!(prs_align(ps)))
305 return False;
306 if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
307 return False;
308
309 entry = entry->next;
310 record_written++;
311
312 } /* end of encoding EVENTLOGRECORD */
313
314 /* Now pad with whitespace until the end of the response buffer */
315
316 if (q_u->max_read_size - r_u->num_bytes_in_resp) {
317 if (!r_u->end_of_entries_padding) {
318 return False;
319 }
320
321 if(!(prs_uint8s(False, "end of entries padding", ps,
322 depth, r_u->end_of_entries_padding,
323 (q_u->max_read_size - r_u->num_bytes_in_resp)))) {
324 free(r_u->end_of_entries_padding);
325 return False;
326 }
327
328 free(r_u->end_of_entries_padding);
329 }
330
331 /* We had better be DWORD aligned here */
332
333 if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size))))
334 return False;
335 if(!(prs_uint32("real size", ps, depth, &(r_u->real_size))))
336 return False;
337 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
338 return False;
339
340 return True;
341 }
342
343 /** The windows client seems to be doing something funny with the file name
344 A call like
345 ClearEventLog(handle, "backup_file")
346 on the client side will result in the backup file name looking like this on the
347 server side:
348 \??\${CWD of client}\backup_file
349 If an absolute path gets specified, such as
350 ClearEventLog(handle, "C:\\temp\\backup_file")
351 then it is still mangled by the client into this:
352 \??\C:\temp\backup_file
353 when it is on the wire.
354 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
355 would be added in given that the backup file gets written on the server side. */
356
357 bool eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u,
358 prs_struct *ps, int depth)
359 {
360 if(q_u == NULL)
361 return False;
362
363 prs_debug(ps, depth, desc, "eventlog_io_q_clear_eventlog");
364 depth++;
365
366 if(!prs_align(ps))
367 return False;
368 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
369 return False;
370
371 if ( !prs_unistr4("backupfile", ps, depth, &q_u->backupfile) )
372 return False;
373
374 return True;
375
376 }
377
378 bool eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u,
379 prs_struct *ps, int depth)
380 {
381 if(r_u == NULL)
382 return False;
383
384 prs_debug(ps, depth, desc, "eventlog_io_r_clear_eventlog");
385 depth++;
386
387 if(!prs_align(ps))
388 return False;
389 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
390 return False;
391
392 return True;
393 }
WIP