2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #define DBGC_CLASS DBGC_RPC_PARSE
27 * called from eventlog_q_open_eventlog (srv_eventlog.c)
30 BOOL
eventlog_io_q_open_eventlog(const char *desc
, EVENTLOG_Q_OPEN_EVENTLOG
*q_u
,
31 prs_struct
*ps
, int depth
)
36 /** Data format seems to be:
42 uint16 eventlog name length
43 uint16 eventlog name size
51 uint16 server name length
52 uint16 server name size
57 prs_debug(ps
, depth
, desc
, "eventlog_io_q_open_eventlog");
63 /* Munch unknown bits */
65 if(!prs_uint32("", ps
, depth
, &q_u
->unknown1
))
67 if(!prs_uint16("", ps
, depth
, &q_u
->unknown2
))
69 if(!prs_uint16("", ps
, depth
, &q_u
->unknown3
))
74 /* Get name of log source */
76 if(!prs_uint16("sourcename_length", ps
, depth
, &q_u
->sourcename_length
))
78 if(!prs_uint16("sourcename_size", ps
, depth
, &q_u
->sourcename_size
))
80 if(!prs_uint32("sourcename_ptr", ps
, depth
, &q_u
->sourcename_ptr
))
82 if(!smb_io_unistr2("", &q_u
->sourcename
, q_u
->sourcename_ptr
, ps
, depth
))
89 if(!prs_uint32("servername_ptr", ps
, depth
, &q_u
->servername_ptr
))
91 if(!smb_io_unistr2("", &q_u
->servername
, q_u
->servername_ptr
, ps
, depth
))
97 BOOL
eventlog_io_r_open_eventlog(const char *desc
, EVENTLOG_R_OPEN_EVENTLOG
*r_u
,
98 prs_struct
*ps
, int depth
)
103 prs_debug(ps
, depth
, desc
, "eventlog_io_r_open_eventlog");
109 if(!(smb_io_pol_hnd("log handle", &(r_u
->handle
), ps
, depth
)))
112 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))
118 BOOL
eventlog_io_q_get_num_records(const char *desc
, EVENTLOG_Q_GET_NUM_RECORDS
*q_u
,
119 prs_struct
*ps
, int depth
)
124 prs_debug(ps
, depth
, desc
, "eventlog_io_q_get_num_records");
130 if(!(smb_io_pol_hnd("log handle", &(q_u
->handle
), ps
, depth
)))
136 BOOL
eventlog_io_r_get_num_records(const char *desc
, EVENTLOG_R_GET_NUM_RECORDS
*r_u
,
137 prs_struct
*ps
, int depth
)
142 prs_debug(ps
, depth
, desc
, "eventlog_io_r_get_num_records");
148 if(!(prs_uint32("num records", ps
, depth
, &(r_u
->num_records
))))
151 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))
157 BOOL
eventlog_io_q_get_oldest_entry(const char *desc
, EVENTLOG_Q_GET_OLDEST_ENTRY
*q_u
,
158 prs_struct
*ps
, int depth
)
163 prs_debug(ps
, depth
, desc
, "eventlog_io_q_get_oldest_entry");
169 if(!(smb_io_pol_hnd("log handle", &(q_u
->handle
), ps
, depth
)))
175 BOOL
eventlog_io_r_get_oldest_entry(const char *desc
, EVENTLOG_R_GET_OLDEST_ENTRY
*r_u
,
176 prs_struct
*ps
, int depth
)
181 prs_debug(ps
, depth
, desc
, "eventlog_io_r_get_oldest_entry");
187 if(!(prs_uint32("oldest entry", ps
, depth
, &(r_u
->oldest_entry
))))
190 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))
196 BOOL
eventlog_io_q_close_eventlog(const char *desc
, EVENTLOG_Q_CLOSE_EVENTLOG
*q_u
,
197 prs_struct
*ps
, int depth
)
202 prs_debug(ps
, depth
, desc
, "eventlog_io_q_close_eventlog");
208 if(!(smb_io_pol_hnd("log handle", &(q_u
->handle
), ps
, depth
)))
214 BOOL
eventlog_io_r_close_eventlog(const char *desc
, EVENTLOG_R_CLOSE_EVENTLOG
*r_u
,
215 prs_struct
*ps
, int depth
)
220 prs_debug(ps
, depth
, desc
, "eventlog_io_r_close_eventlog");
226 if(!(smb_io_pol_hnd("log handle", &(r_u
->handle
), ps
, depth
)))
229 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))
235 BOOL
eventlog_io_q_read_eventlog(const char *desc
, EVENTLOG_Q_READ_EVENTLOG
*q_u
,
236 prs_struct
*ps
, int depth
)
241 prs_debug(ps
, depth
, desc
, "eventlog_io_q_read_eventlog");
247 if(!(smb_io_pol_hnd("log handle", &(q_u
->handle
), ps
, depth
)))
250 if(!(prs_uint32("read flags", ps
, depth
, &(q_u
->flags
))))
253 if(!(prs_uint32("read offset", ps
, depth
, &(q_u
->offset
))))
256 if(!(prs_uint32("read buf size", ps
, depth
, &(q_u
->max_read_size
))))
261 /** Structure of response seems to be:
262 DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
264 EVENTLOGRECORD record
265 DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise
266 DWORD real_size -- 0 if records returned, otherwise length of next record to be returned
268 BOOL
eventlog_io_r_read_eventlog(const char *desc
,
269 EVENTLOG_Q_READ_EVENTLOG
*q_u
,
270 EVENTLOG_R_READ_EVENTLOG
*r_u
,
274 Eventlog_entry
*entry
;
275 uint32 record_written
= 0;
276 uint32 record_total
= 0;
281 prs_debug(ps
, depth
, desc
, "eventlog_io_r_read_eventlog");
284 /* First, see if we've read more logs than we can output */
286 if(r_u
->num_bytes_in_resp
> q_u
->max_read_size
) {
289 /* remove the size of the last entry from the list */
291 while(entry
->next
!= NULL
)
294 r_u
->num_bytes_in_resp
-= entry
->record
.length
;
296 /* do not output the last log entry */
302 record_total
= r_u
->num_records
;
304 if(r_u
->num_bytes_in_resp
!= 0)
305 r_u
->sent_size
= r_u
->num_bytes_in_resp
;
307 r_u
->real_size
= r_u
->bytes_in_next_record
;
311 if(!(prs_uint32("bytes in resp", ps
, depth
, &(q_u
->max_read_size
))))
314 while(entry
!= NULL
&& record_written
< record_total
)
316 DEBUG(10, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written
, record_total
));
318 /* Encode the actual eventlog record record */
320 if(!(prs_uint32("length", ps
, depth
, &(entry
->record
.length
))))
322 if(!(prs_uint32("reserved", ps
, depth
, &(entry
->record
.reserved1
))))
324 if(!(prs_uint32("record number", ps
, depth
, &(entry
->record
.record_number
))))
326 if(!(prs_uint32("time generated", ps
, depth
, &(entry
->record
.time_generated
))))
328 if(!(prs_uint32("time written", ps
, depth
, &(entry
->record
.time_written
))))
330 if(!(prs_uint32("event id", ps
, depth
, &(entry
->record
.event_id
))))
332 if(!(prs_uint16("event type", ps
, depth
, &(entry
->record
.event_type
))))
334 if(!(prs_uint16("num strings", ps
, depth
, &(entry
->record
.num_strings
))))
336 if(!(prs_uint16("event category", ps
, depth
, &(entry
->record
.event_category
))))
338 if(!(prs_uint16("reserved2", ps
, depth
, &(entry
->record
.reserved2
))))
340 if(!(prs_uint32("closing record", ps
, depth
, &(entry
->record
.closing_record_number
))))
342 if(!(prs_uint32("string offset", ps
, depth
, &(entry
->record
.string_offset
))))
344 if(!(prs_uint32("user sid length", ps
, depth
, &(entry
->record
.user_sid_length
))))
346 if(!(prs_uint32("user sid offset", ps
, depth
, &(entry
->record
.user_sid_offset
))))
348 if(!(prs_uint32("data length", ps
, depth
, &(entry
->record
.data_length
))))
350 if(!(prs_uint32("data offset", ps
, depth
, &(entry
->record
.data_offset
))))
355 /* Now encoding data */
357 if(!(prs_uint8s(False
, "buffer", ps
, depth
, entry
->data
,
358 entry
->record
.length
- sizeof(Eventlog_record
) - sizeof(entry
->record
.length
))))
365 if(!(prs_uint32("length 2", ps
, depth
, &(entry
->record
.length
))))
371 } /* end of encoding EVENTLOGRECORD */
373 /* Now pad with whitespace until the end of the response buffer */
375 r_u
->end_of_entries_padding
=
376 SMB_CALLOC_ARRAY(uint8
,
377 q_u
->max_read_size
- r_u
->num_bytes_in_resp
);
379 if(!(prs_uint8s(False
, "end of entries padding", ps
,
380 depth
, r_u
->end_of_entries_padding
,
381 (q_u
->max_read_size
- r_u
->num_bytes_in_resp
))))
386 free(r_u
->end_of_entries_padding
);
388 /* We had better be DWORD aligned here */
390 if(!(prs_uint32("sent size", ps
, depth
, &(r_u
->sent_size
))))
392 if(!(prs_uint32("real size", ps
, depth
, &(r_u
->real_size
))))
394 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))
400 /** The windows client seems to be doing something funny with the file name
402 ClearEventLog(handle, "backup_file")
403 on the client side will result in the backup file name looking like this on the
405 \??\${CWD of client}\backup_file
406 If an absolute path gets specified, such as
407 ClearEventLog(handle, "C:\\temp\\backup_file")
408 then it is still mangled by the client into this:
409 \??\C:\temp\backup_file
410 when it is on the wire.
411 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
412 would be added in given that the backup file gets written on the server side. */
414 BOOL
eventlog_io_q_clear_eventlog(const char *desc
, EVENTLOG_Q_CLEAR_EVENTLOG
*q_u
,
415 prs_struct
*ps
, int depth
)
420 prs_debug(ps
, depth
, desc
, "eventlog_io_q_clear_eventlog");
425 if(!(smb_io_pol_hnd("log handle", &(q_u
->handle
), ps
, depth
)))
429 if(!(prs_uint32("unknown1", ps
, depth
, &q_u
->unknown1
)))
431 if(!(prs_uint16("backup_file_length", ps
, depth
, &q_u
->backup_file_length
)))
433 if(!(prs_uint16("backup_file_size", ps
, depth
, &q_u
->backup_file_size
)))
435 if(!prs_uint32("backup_file_ptr", ps
, depth
, &q_u
->backup_file_ptr
))
437 if(!smb_io_unistr2("backup file", &q_u
->backup_file
, q_u
->backup_file_ptr
, ps
, depth
))
444 BOOL
eventlog_io_r_clear_eventlog(const char *desc
, EVENTLOG_R_CLEAR_EVENTLOG
*r_u
,
445 prs_struct
*ps
, int depth
)
450 prs_debug(ps
, depth
, desc
, "eventlog_io_r_clear_eventlog");
455 if(!(prs_werror("status code", ps
, depth
, &(r_u
->status
))))