2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
23 #include "../librpc/gen_ndr/ndr_eventlog.h"
24 #include "../librpc/gen_ndr/cli_eventlog.h"
26 static NTSTATUS
get_eventlog_handle(struct rpc_pipe_client
*cli
,
29 struct policy_handle
*handle
)
32 struct eventlog_OpenUnknown0 unknown0
;
33 struct lsa_String logname
, servername
;
35 unknown0
.unknown0
= 0x005c;
36 unknown0
.unknown1
= 0x0001;
38 init_lsa_String(&logname
, log
);
39 init_lsa_String(&servername
, NULL
);
41 status
= rpccli_eventlog_OpenEventLogW(cli
, mem_ctx
,
45 0x00000001, /* major */
46 0x00000001, /* minor */
48 if (!NT_STATUS_IS_OK(status
)) {
55 static NTSTATUS
cmd_eventlog_readlog(struct rpc_pipe_client
*cli
,
60 NTSTATUS status
= NT_STATUS_OK
;
61 struct policy_handle handle
;
63 uint32_t flags
= EVENTLOG_BACKWARDS_READ
|
64 EVENTLOG_SEQUENTIAL_READ
;
66 uint32_t number_of_bytes
= 0;
68 uint32_t sent_size
= 0;
69 uint32_t real_size
= 0;
71 if (argc
< 2 || argc
> 4) {
72 printf("Usage: %s logname [offset] [number_of_bytes]\n", argv
[0]);
77 offset
= atoi(argv
[2]);
81 number_of_bytes
= atoi(argv
[3]);
82 data
= talloc_array(mem_ctx
, uint8_t, number_of_bytes
);
88 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
89 if (!NT_STATUS_IS_OK(status
)) {
95 enum ndr_err_code ndr_err
;
97 struct EVENTLOGRECORD r
;
101 status
= rpccli_eventlog_ReadEventLogW(cli
, mem_ctx
,
109 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
) &&
111 number_of_bytes
= real_size
;
112 data
= talloc_array(mem_ctx
, uint8_t, real_size
);
116 status
= rpccli_eventlog_ReadEventLogW(cli
, mem_ctx
,
126 if (!NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
) &&
127 !NT_STATUS_IS_OK(status
)) {
133 size
= IVAL(data
, pos
);
137 blob
= data_blob_const(data
+ pos
, size
);
138 /* dump_data(0, blob.data, blob.length); */
139 ndr_err
= ndr_pull_struct_blob_all(&blob
, mem_ctx
, &r
,
140 (ndr_pull_flags_fn_t
)ndr_pull_EVENTLOGRECORD
);
141 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
142 status
= ndr_map_error2ntstatus(ndr_err
);
146 NDR_PRINT_DEBUG(EVENTLOGRECORD
, &r
);
150 if (pos
+ 4 > sent_size
) {
154 size
= IVAL(data
, pos
);
159 } while (NT_STATUS_IS_OK(status
));
162 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
167 static NTSTATUS
cmd_eventlog_numrecords(struct rpc_pipe_client
*cli
,
173 struct policy_handle handle
;
177 printf("Usage: %s logname\n", argv
[0]);
181 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
182 if (!NT_STATUS_IS_OK(status
)) {
186 status
= rpccli_eventlog_GetNumRecords(cli
, mem_ctx
,
189 if (!NT_STATUS_IS_OK(status
)) {
193 printf("number of records: %d\n", number
);
196 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
201 static NTSTATUS
cmd_eventlog_oldestrecord(struct rpc_pipe_client
*cli
,
207 struct policy_handle handle
;
208 uint32_t oldest_entry
= 0;
211 printf("Usage: %s logname\n", argv
[0]);
215 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
216 if (!NT_STATUS_IS_OK(status
)) {
220 status
= rpccli_eventlog_GetOldestRecord(cli
, mem_ctx
,
223 if (!NT_STATUS_IS_OK(status
)) {
227 printf("oldest entry: %d\n", oldest_entry
);
230 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
235 static NTSTATUS
cmd_eventlog_reportevent(struct rpc_pipe_client
*cli
,
241 struct policy_handle handle
;
243 uint16_t num_of_strings
= 1;
244 uint32_t data_size
= 0;
245 struct lsa_String servername
;
246 struct lsa_String
*strings
;
247 uint8_t *data
= NULL
;
248 uint32_t record_number
= 0;
249 time_t time_written
= 0;
252 printf("Usage: %s logname\n", argv
[0]);
256 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
257 if (!NT_STATUS_IS_OK(status
)) {
261 strings
= talloc_array(mem_ctx
, struct lsa_String
, num_of_strings
);
263 return NT_STATUS_NO_MEMORY
;
266 init_lsa_String(&strings
[0], "test event written by rpcclient\n");
267 init_lsa_String(&servername
, NULL
);
269 status
= rpccli_eventlog_ReportEventW(cli
, mem_ctx
,
272 EVENTLOG_INFORMATION_TYPE
,
273 0, /* event_category */
285 if (!NT_STATUS_IS_OK(status
)) {
289 printf("entry: %d written at %s\n", record_number
,
290 http_timestring(talloc_tos(), time_written
));
293 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
298 static NTSTATUS
cmd_eventlog_reporteventsource(struct rpc_pipe_client
*cli
,
304 struct policy_handle handle
;
306 uint16_t num_of_strings
= 1;
307 uint32_t data_size
= 0;
308 struct lsa_String servername
, sourcename
;
309 struct lsa_String
*strings
;
310 uint8_t *data
= NULL
;
311 uint32_t record_number
= 0;
312 time_t time_written
= 0;
315 printf("Usage: %s logname\n", argv
[0]);
319 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
320 if (!NT_STATUS_IS_OK(status
)) {
324 strings
= talloc_array(mem_ctx
, struct lsa_String
, num_of_strings
);
326 return NT_STATUS_NO_MEMORY
;
329 init_lsa_String(&strings
[0], "test event written by rpcclient\n");
330 init_lsa_String(&servername
, NULL
);
331 init_lsa_String(&sourcename
, "rpcclient");
333 status
= rpccli_eventlog_ReportEventAndSourceW(cli
, mem_ctx
,
336 EVENTLOG_INFORMATION_TYPE
,
337 0, /* event_category */
349 if (!NT_STATUS_IS_OK(status
)) {
353 printf("entry: %d written at %s\n", record_number
,
354 http_timestring(talloc_tos(), time_written
));
357 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
362 static NTSTATUS
cmd_eventlog_registerevsource(struct rpc_pipe_client
*cli
,
368 struct policy_handle log_handle
;
369 struct lsa_String module_name
, reg_module_name
;
370 struct eventlog_OpenUnknown0 unknown0
;
372 unknown0
.unknown0
= 0x005c;
373 unknown0
.unknown1
= 0x0001;
376 printf("Usage: %s logname\n", argv
[0]);
380 init_lsa_String(&module_name
, "rpcclient");
381 init_lsa_String(®_module_name
, NULL
);
383 status
= rpccli_eventlog_RegisterEventSourceW(cli
, mem_ctx
,
387 1, /* major_version */
388 1, /* minor_version */
390 if (!NT_STATUS_IS_OK(status
)) {
395 rpccli_eventlog_DeregisterEventSource(cli
, mem_ctx
, &log_handle
);
400 static NTSTATUS
cmd_eventlog_backuplog(struct rpc_pipe_client
*cli
,
406 struct policy_handle handle
;
407 struct lsa_String backup_filename
;
411 printf("Usage: %s logname backupname\n", argv
[0]);
415 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
416 if (!NT_STATUS_IS_OK(status
)) {
420 tmp
= talloc_asprintf(mem_ctx
, "\\??\\%s", argv
[2]);
422 status
= NT_STATUS_NO_MEMORY
;
426 init_lsa_String(&backup_filename
, tmp
);
428 status
= rpccli_eventlog_BackupEventLogW(cli
, mem_ctx
,
433 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
438 static NTSTATUS
cmd_eventlog_loginfo(struct rpc_pipe_client
*cli
,
444 struct policy_handle handle
;
445 uint8_t *buffer
= NULL
;
446 uint32_t buf_size
= 0;
447 uint32_t bytes_needed
= 0;
450 printf("Usage: %s logname\n", argv
[0]);
454 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
455 if (!NT_STATUS_IS_OK(status
)) {
459 status
= rpccli_eventlog_GetLogInformation(cli
, mem_ctx
,
465 if (!NT_STATUS_IS_OK(status
) &&
466 !NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
)) {
470 buf_size
= bytes_needed
;
471 buffer
= talloc_array(mem_ctx
, uint8_t, bytes_needed
);
473 status
= NT_STATUS_NO_MEMORY
;
477 status
= rpccli_eventlog_GetLogInformation(cli
, mem_ctx
,
483 if (!NT_STATUS_IS_OK(status
)) {
488 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
494 struct cmd_set eventlog_commands
[] = {
496 { "eventlog_readlog", RPC_RTYPE_NTSTATUS
, cmd_eventlog_readlog
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Read Eventlog", "" },
497 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_numrecords
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get number of records", "" },
498 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_oldestrecord
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get oldest record", "" },
499 { "eventlog_reportevent", RPC_RTYPE_NTSTATUS
, cmd_eventlog_reportevent
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Report event", "" },
500 { "eventlog_reporteventsource", RPC_RTYPE_NTSTATUS
, cmd_eventlog_reporteventsource
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Report event and source", "" },
501 { "eventlog_registerevsource", RPC_RTYPE_NTSTATUS
, cmd_eventlog_registerevsource
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Register event source", "" },
502 { "eventlog_backuplog", RPC_RTYPE_NTSTATUS
, cmd_eventlog_backuplog
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Backup Eventlog File", "" },
503 { "eventlog_loginfo", RPC_RTYPE_NTSTATUS
, cmd_eventlog_loginfo
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get Eventlog Information", "" },