source3/utils/net_eventlog.c

   1 /*
   2  * Samba Unix/Linux SMB client library
   3  * Distributed SMB/CIFS Server Management Utility
   4  * Local win32 eventlog interface
   5  *
   6  * Copyright (C) Guenther Deschner 2009
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20  */
  21
  22 #include "includes.h"
  23 #include "utils/net.h"
  24 #include "lib/eventlog/eventlog.h"
  25 #include "lib/util/util_file.h"
  26
  27 /**
  28  * Dump an *evt win32 eventlog file
  29  *
  30  * @param argc  Standard main() style argc.
  31  * @param argv  Standard main() style argv. Initial components are already
  32  *              stripped.
  33  *
  34  * @return A shell status integer (0 for success).
  35  **/
  36
  37 static int net_eventlog_dump(struct net_context *c, int argc,
  38                              const char **argv)
  39 {
  40         int ret = -1;
  41         TALLOC_CTX *ctx = talloc_stackframe();
  42         enum ndr_err_code ndr_err;
  43         DATA_BLOB blob;
  44         struct EVENTLOG_EVT_FILE evt;
  45         char *s;
  46
  47         if (argc < 1 || c->display_usage) {
  48                 d_fprintf(stderr, "%s\nnet eventlog dump <file.evt>\n",
  49                           _("Usage:"));
  50                 goto done;
  51         }
  52
  53         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
  54         if (!blob.data) {
  55                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
  56                 goto done;
  57         }
  58
  59         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt,
  60                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
  61         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
  62                 d_fprintf(stderr, _("evt pull failed: %s\n"),
  63                           ndr_errstr(ndr_err));
  64                 goto done;
  65         }
  66
  67         s = NDR_PRINT_STRUCT_STRING(ctx, EVENTLOG_EVT_FILE, &evt);
  68         if (s) {
  69                 printf("%s\n", s);
  70         }
  71
  72         ret = 0;
  73  done:
  74         TALLOC_FREE(ctx);
  75         return ret;
  76 }
  77
  78 /**
  79  * Import an *evt win32 eventlog file to internal tdb representation
  80  *
  81  * @param argc  Standard main() style argc.
  82  * @param argv  Standard main() style argv. Initial components are already
  83  *              stripped.
  84  *
  85  * @return A shell status integer (0 for success).
  86  **/
  87
  88 static int net_eventlog_import(struct net_context *c, int argc,
  89                                const char **argv)
  90 {
  91         int ret = -1;
  92         TALLOC_CTX *ctx = talloc_stackframe();
  93         NTSTATUS status;
  94         enum ndr_err_code ndr_err;
  95         DATA_BLOB blob;
  96         uint32_t num_records = 0;
  97         uint32_t i;
  98         ELOG_TDB *etdb = NULL;
  99
 100         struct EVENTLOGHEADER evt_header;
 101         struct EVENTLOG_EVT_FILE evt;
 102
 103         if (argc < 2 || c->display_usage) {
 104                 d_fprintf(stderr,
 105                           "%s\nnet eventlog import <file> <eventlog>\n",
 106                           _("Usage:"));
 107                 goto done;
 108         }
 109
 110         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
 111         if (!blob.data) {
 112                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
 113                 goto done;
 114         }
 115
 116         /* dump_data(0, blob.data, blob.length); */
 117         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt_header,
 118                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGHEADER);
 119         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 120                 d_fprintf(stderr, _("evt header pull failed: %s\n"),
 121                           ndr_errstr(ndr_err));
 122                 goto done;
 123         }
 124
 125         if (evt_header.Flags & ELF_LOGFILE_HEADER_WRAP) {
 126                 d_fprintf(stderr, _("input file is wrapped, cannot proceed\n"));
 127                 goto done;
 128         }
 129
 130         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt,
 131                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
 132         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 133                 d_fprintf(stderr, _("evt pull failed: %s\n"),
 134                           ndr_errstr(ndr_err));
 135                 goto done;
 136         }
 137
 138         /* NDR_PRINT_DEBUG(EVENTLOG_EVT_FILE, &evt); */
 139
 140         etdb = elog_open_tdb(argv[1], false, false);
 141         if (!etdb) {
 142                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
 143                           argv[1]);
 144                 goto done;
 145         }
 146
 147         num_records = evt.hdr.CurrentRecordNumber - evt.hdr.OldestRecordNumber;
 148
 149         for (i=0; i<num_records; i++) {
 150                 uint32_t record_number;
 151                 struct eventlog_Record_tdb e;
 152
 153                 status = evlog_evt_entry_to_tdb_entry(ctx, &evt.records[i], &e);
 154                 if (!NT_STATUS_IS_OK(status)) {
 155                         goto done;
 156                 }
 157
 158                 status = evlog_push_record_tdb(ctx, ELOG_TDB_CTX(etdb),
 159                                                &e, &record_number);
 160                 if (!NT_STATUS_IS_OK(status)) {
 161                         d_fprintf(stderr,
 162                                   _("can't write to the eventlog: %s\n"),
 163                                   nt_errstr(status));
 164                         goto done;
 165                 }
 166         }
 167
 168         printf(_("wrote %d entries to tdb\n"), i);
 169
 170         ret = 0;
 171  done:
 172
 173         elog_close_tdb(etdb, false);
 174
 175         TALLOC_FREE(ctx);
 176         return ret;
 177 }
 178
 179 /**
 180  * Export internal eventlog tdb representation to an *evt win32 eventlog file
 181  *
 182  * @param argc  Standard main() style argc.
 183  * @param argv  Standard main() style argv. Initial components are already
 184  *              stripped.
 185  *
 186  * @return A shell status integer (0 for success).
 187  **/
 188
 189 static int net_eventlog_export(struct net_context *c, int argc,
 190                                const char **argv)
 191 {
 192         int ret = -1;
 193         NTSTATUS status;
 194         TALLOC_CTX *ctx = talloc_stackframe();
 195         DATA_BLOB blob;
 196         uint32_t num_records = 0;
 197         ELOG_TDB *etdb = NULL;
 198
 199         if (argc < 2 || c->display_usage) {
 200                 d_fprintf(stderr,
 201                           "%s\nnet eventlog export <file> <eventlog>\n",
 202                           _("Usage:"));
 203                 goto done;
 204         }
 205
 206         etdb = elog_open_tdb(argv[1], false, true);
 207         if (!etdb) {
 208                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
 209                           argv[1]);
 210                 goto done;
 211         }
 212
 213         status = evlog_convert_tdb_to_evt(ctx, etdb, &blob, &num_records);
 214         if (!NT_STATUS_IS_OK(status)) {
 215                 goto done;
 216         }
 217
 218         if (!file_save(argv[0], blob.data, blob.length)) {
 219                 d_fprintf(stderr, _("failed to save evt file: %s\n"), argv[0]);
 220                 goto done;
 221         }
 222
 223         ret = 0;
 224  done:
 225
 226         elog_close_tdb(etdb, false);
 227
 228         TALLOC_FREE(ctx);
 229         return ret;
 230 }
 231
 232 /**
 233  * 'net rpc eventlog' entrypoint.
 234  * @param argc  Standard main() style argc.
 235  * @param argv  Standard main() style argv. Initial components are already
 236  *              stripped.
 237  **/
 238
 239 int net_eventlog(struct net_context *c, int argc, const char **argv)
 240 {
 241         int ret = -1;
 242
 243         struct functable func[] = {
 244                 {
 245                         "dump",
 246                         net_eventlog_dump,
 247                         NET_TRANSPORT_LOCAL,
 248                         N_("Dump eventlog"),
 249                         N_("net eventlog dump\n"
 250                            "    Dump win32 *.evt eventlog file")
 251                 },
 252                 {
 253                         "import",
 254                         net_eventlog_import,
 255                         NET_TRANSPORT_LOCAL,
 256                         N_("Import eventlog"),
 257                         N_("net eventlog import\n"
 258                            "    Import win32 *.evt eventlog file")
 259                 },
 260                 {
 261                         "export",
 262                         net_eventlog_export,
 263                         NET_TRANSPORT_LOCAL,
 264                         N_("Export eventlog"),
 265                         N_("net eventlog export\n"
 266                            "    Export win32 *.evt eventlog file")
 267                 },
 268
 269
 270         { NULL, NULL, 0, NULL, NULL }
 271         };
 272
 273         ret = net_run_function(c, argc, argv, "net eventlog", func);
 274
 275         return ret;
 276 }