search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ads_connect: Return immediately on a failed GC connection.
[Samba/gebeck_regimport.git] / source3 / rpcclient / cmd_eventlog.c
bloba8373f466d8abe544ac4ee0c49bb1d35cd819dc9
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Günther Deschner 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "rpcclient.h"
23
24 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
25 TALLOC_CTX *mem_ctx,
26 const char *log,
27 struct policy_handle *handle)
28 {
29 NTSTATUS status;
30 struct eventlog_OpenUnknown0 unknown0;
31 struct lsa_String logname, servername;
32
33 unknown0.unknown0 = 0x005c;
34 unknown0.unknown1 = 0x0001;
35
36 init_lsa_String(&logname, log);
37 init_lsa_String(&servername, NULL);
38
39 status = rpccli_eventlog_OpenEventLogW(cli, mem_ctx,
40 &unknown0,
41 &logname,
42 &servername,
43 0x00000001, /* major */
44 0x00000001, /* minor */
45 handle);
46 if (!NT_STATUS_IS_OK(status)) {
47 return status;
48 }
49
50 return NT_STATUS_OK;
51 }
52
53 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
54 TALLOC_CTX *mem_ctx,
55 int argc,
56 const char **argv)
57 {
58 NTSTATUS status;
59 struct policy_handle handle;
60
61 uint32_t flags = EVENTLOG_BACKWARDS_READ |
62 EVENTLOG_SEQUENTIAL_READ;
63 uint32_t offset = 0;
64 uint32_t number_of_bytes = 0;
65 uint8_t *data = NULL;
66 uint32_t sent_size = 0;
67 uint32_t real_size = 0;
68
69 if (argc < 2 || argc > 4) {
70 printf("Usage: %s logname [offset]\n", argv[0]);
71 return NT_STATUS_OK;
72 }
73
74 if (argc >= 3) {
75 offset = atoi(argv[2]);
76 }
77
78 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
79 if (!NT_STATUS_IS_OK(status)) {
80 return status;
81 }
82
83 while (1) {
84 status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
85 &handle,
86 flags,
87 offset,
88 number_of_bytes,
89 data,
90 &sent_size,
91 &real_size);
92 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL) &&
93 real_size > 0 ) {
94 number_of_bytes = real_size;
95 data = talloc_array(mem_ctx, uint8_t, real_size);
96 continue;
97 }
98
99 number_of_bytes = 0;
100
101 if (!NT_STATUS_IS_OK(status)) {
102 goto done;
103 }
104
105 {
106 enum ndr_err_code ndr_err;
107 DATA_BLOB blob;
108 struct eventlog_Record rec;
109
110 blob = data_blob_const(data, sent_size);
111
112 ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, NULL,
113 &rec,
114 (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record);
115 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
116 status = ndr_map_error2ntstatus(ndr_err);
117 goto done;
118 }
119
120 NDR_PRINT_DEBUG(eventlog_Record, &rec);
121 }
122
123 offset++;
124 }
125
126 done:
127 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
128
129 return status;
130 }
131
132 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
133 TALLOC_CTX *mem_ctx,
134 int argc,
135 const char **argv)
136 {
137 NTSTATUS status;
138 struct policy_handle handle;
139 uint32_t number = 0;
140
141 if (argc != 2) {
142 printf("Usage: %s logname\n", argv[0]);
143 return NT_STATUS_OK;
144 }
145
146 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
147 if (!NT_STATUS_IS_OK(status)) {
148 return status;
149 }
150
151 status = rpccli_eventlog_GetNumRecords(cli, mem_ctx,
152 &handle,
153 &number);
154 if (!NT_STATUS_IS_OK(status)) {
155 goto done;
156 }
157
158 printf("number of records: %d\n", number);
159
160 done:
161 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
162
163 return status;
164 }
165
166 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
167 TALLOC_CTX *mem_ctx,
168 int argc,
169 const char **argv)
170 {
171 NTSTATUS status;
172 struct policy_handle handle;
173 uint32_t oldest_entry = 0;
174
175 if (argc != 2) {
176 printf("Usage: %s logname\n", argv[0]);
177 return NT_STATUS_OK;
178 }
179
180 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
181 if (!NT_STATUS_IS_OK(status)) {
182 return status;
183 }
184
185 status = rpccli_eventlog_GetOldestRecord(cli, mem_ctx,
186 &handle,
187 &oldest_entry);
188 if (!NT_STATUS_IS_OK(status)) {
189 goto done;
190 }
191
192 printf("oldest entry: %d\n", oldest_entry);
193
194 done:
195 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
196
197 return status;
198 }
199
200 struct cmd_set eventlog_commands[] = {
201 { "EVENTLOG" },
202 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Read Eventlog", "" },
203 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get number of records", "" },
204 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get oldest record", "" },
205 { NULL }
206 };
reg import