search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-rpcclient: add eventlog test client.
[Samba/gebeck_regimport.git] / source3 / rpcclient / cmd_eventlog.c
bloba6254dab52d0e0d15627bb7d2c58666e3f9dba5b
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Günther Deschner 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "rpcclient.h"
23
24 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
25 TALLOC_CTX *mem_ctx,
26 const char *log,
27 struct policy_handle *handle)
28 {
29 NTSTATUS status;
30 struct eventlog_OpenUnknown0 unknown0;
31 struct lsa_String logname, servername;
32
33 unknown0.unknown0 = 0x005c;
34 unknown0.unknown1 = 0x0001;
35
36 init_lsa_String(&logname, log);
37 init_lsa_String(&servername, NULL);
38
39 status = rpccli_eventlog_OpenEventLogW(cli, mem_ctx,
40 &unknown0,
41 &logname,
42 &servername,
43 0x00000001, /* major */
44 0x00000001, /* minor */
45 handle);
46 if (!NT_STATUS_IS_OK(status)) {
47 return status;
48 }
49
50 return NT_STATUS_OK;
51 }
52
53 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
54 TALLOC_CTX *mem_ctx,
55 int argc,
56 const char **argv)
57 {
58 NTSTATUS status;
59 struct policy_handle handle;
60
61 uint32_t flags = EVENTLOG_BACKWARDS_READ |
62 EVENTLOG_SEQUENTIAL_READ;
63 uint32_t offset = 0;
64 uint32_t number_of_bytes = 0;
65 uint8_t *data = NULL;
66 uint32_t sent_size = 0;
67 uint32_t real_size = 0;
68
69 if (argc != 2) {
70 printf("Usage: %s logname\n", argv[0]);
71 return NT_STATUS_OK;
72 }
73
74 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
75 if (!NT_STATUS_IS_OK(status)) {
76 return status;
77 }
78
79 while (1) {
80 status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
81 &handle,
82 flags,
83 offset,
84 number_of_bytes,
85 data,
86 &sent_size,
87 &real_size);
88 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
89 number_of_bytes = real_size;
90 data = talloc_array(mem_ctx, uint8_t, real_size);
91 continue;
92 }
93
94 if (!NT_STATUS_IS_OK(status)) {
95 return status;
96 }
97
98 {
99 enum ndr_err_code ndr_err;
100 DATA_BLOB blob;
101 struct eventlog_Record rec;
102
103 blob = data_blob_const(data, sent_size);
104
105 ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL,
106 &rec,
107 (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record);
108 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
109 return ndr_map_error2ntstatus(ndr_err);
110 }
111
112 NDR_PRINT_DEBUG(eventlog_Record, &rec);
113 }
114
115 offset++;
116 }
117
118 return status;
119 }
120
121 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
122 TALLOC_CTX *mem_ctx,
123 int argc,
124 const char **argv)
125 {
126 NTSTATUS status;
127 struct policy_handle handle;
128 uint32_t number = 0;
129
130 if (argc != 2) {
131 printf("Usage: %s logname\n", argv[0]);
132 return NT_STATUS_OK;
133 }
134
135 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
136 if (!NT_STATUS_IS_OK(status)) {
137 return status;
138 }
139
140 status = rpccli_eventlog_GetNumRecords(cli, mem_ctx,
141 &handle,
142 &number);
143 if (!NT_STATUS_IS_OK(status)) {
144 return status;
145 }
146
147 printf("number of records: %d\n", number);
148
149 return NT_STATUS_OK;
150 }
151
152 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
153 TALLOC_CTX *mem_ctx,
154 int argc,
155 const char **argv)
156 {
157 NTSTATUS status;
158 struct policy_handle handle;
159 uint32_t oldest_entry = 0;
160
161 if (argc != 2) {
162 printf("Usage: %s logname\n", argv[0]);
163 return NT_STATUS_OK;
164 }
165
166 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
167 if (!NT_STATUS_IS_OK(status)) {
168 return status;
169 }
170
171 status = rpccli_eventlog_GetOldestRecord(cli, mem_ctx,
172 &handle,
173 &oldest_entry);
174 if (!NT_STATUS_IS_OK(status)) {
175 return status;
176 }
177
178 printf("oldest entry: %d\n", oldest_entry);
179
180 return NT_STATUS_OK;
181 }
182
183 struct cmd_set eventlog_commands[] = {
184 { "EVENTLOG" },
185 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Read Eventlog", "" },
186 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get number of records", "" },
187 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get oldest record", "" },
188 { NULL }
189 };
reg import