| blob | 734f52fffb37f8ac0552417ce2f04f718b2f5c3b |
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
23 #undef DBGC_CLASS
24 #define DBGC_CLASS DBGC_RPC_PARSE
26 /*
27 * called from eventlog_q_open_eventlog (srv_eventlog.c)
28 */
32 {
36 /** Data format seems to be:
37 UNKNOWN structure
38 uint32 unknown
39 uint16 unknown
40 uint16 unknown
41 Eventlog name
42 uint16 eventlog name length
43 uint16 eventlog name size
44 Character Array
45 uint32 unknown
46 uint32 max count
47 uint32 offset
48 uint32 actual count
49 UNISTR2 log file name
50 Server Name
51 uint16 server name length
52 uint16 server name size
53 Character Array
54 UNISTR2 server name
55 */
58 depth++;
63 /* Munch unknown bits */
74 /* Get name of log source */
87 /* Get server name */
95 }
99 {
104 depth++;
116 }
120 {
125 depth++;
134 }
138 {
143 depth++;
155 }
159 {
164 depth++;
173 }
177 {
182 depth++;
194 }
198 {
203 depth++;
212 }
216 {
221 depth++;
233 }
237 {
242 depth++;
260 }
261 /** Structure of response seems to be:
262 DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
263 for i=0..n
264 EVENTLOGRECORD record
265 DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise
266 DWORD real_size -- 0 if records returned, otherwise length of next record to be returned
267 WERROR status */
273 {
282 depth++;
284 /* First, see if we've read more logs than we can output */
289 /* remove the size of the last entry from the list */
296 /* do not output the last log entry */
299 }
306 else
315 {
316 DEBUG(10, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total));
318 /* Encode the actual eventlog record record */
355 /* Now encoding data */
359 {
361 }
369 record_written++;
373 /* Now pad with whitespace until the end of the response buffer */
382 {
384 }
388 /* We had better be DWORD aligned here */
398 }
400 /** The windows client seems to be doing something funny with the file name
401 A call like
402 ClearEventLog(handle, "backup_file")
403 on the client side will result in the backup file name looking like this on the
404 server side:
405 \??\${CWD of client}\backup_file
406 If an absolute path gets specified, such as
407 ClearEventLog(handle, "C:\\temp\\backup_file")
408 then it is still mangled by the client into this:
409 \??\C:\temp\backup_file
410 when it is on the wire.
411 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
412 would be added in given that the backup file gets written on the server side. */
416 {
421 depth++;
442 }
446 {
451 depth++;
459 }