Beispiel #1
0
static void display_eventlog_names( void )
{
    const char **elogs;
    int i;

    elogs = lp_eventlog_list(  );
    printf( "Active eventlog names (from smb.conf):\n" );
    printf( "--------------------------------------\n" );
    if ( elogs ) {
        for ( i = 0; elogs[i]; i++ ) {
            printf( "\t%s\n", elogs[i] );
        }
    }
    else
        printf( "\t<None specified>\n");
}
Beispiel #2
0
static bool elog_validate_logname( const char *name )
{
	int i;
	const char **elogs = lp_eventlog_list();

	if (!elogs) {
		return False;
	}

	for ( i=0; elogs[i]; i++ ) {
		if ( strequal( name, elogs[i] ) )
			return True;
	}

	return False;
}
Beispiel #3
0
bool eventlog_init_keys(void)
{
    /* Find all of the eventlogs, add keys for each of them */
    const char **elogs = lp_eventlog_list();
    char *evtlogpath = NULL;
    char *evtfilepath = NULL;
    struct regsubkey_ctr *subkeys;
    REGVAL_CTR *values;
    uint32 uiMaxSize;
    uint32 uiRetention;
    uint32 uiCategoryCount;
    UNISTR2 data;
    TALLOC_CTX *ctx = talloc_tos();
    WERROR werr;

    while (elogs && *elogs) {
        werr = regsubkey_ctr_init(ctx, &subkeys);
        if (!W_ERROR_IS_OK(werr)) {
            DEBUG( 0, ( "talloc() failure!\n" ) );
            return False;
        }
        regdb_fetch_keys(KEY_EVENTLOG, subkeys);
        regsubkey_ctr_addkey( subkeys, *elogs );
        if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) ) {
            TALLOC_FREE(subkeys);
            return False;
        }
        TALLOC_FREE(subkeys);

        /* add in the key of form KEY_EVENTLOG/Application */
        DEBUG( 5,
               ( "Adding key of [%s] to path of [%s]\n", *elogs,
                 KEY_EVENTLOG ) );

        evtlogpath = talloc_asprintf(ctx, "%s\\%s",
                                     KEY_EVENTLOG, *elogs);
        if (!evtlogpath) {
            return false;
        }
        /* add in the key of form KEY_EVENTLOG/Application/Application */
        DEBUG( 5,
               ( "Adding key of [%s] to path of [%s]\n", *elogs,
                 evtlogpath ) );
        werr = regsubkey_ctr_init(ctx, &subkeys);
        if (!W_ERROR_IS_OK(werr)) {
            DEBUG( 0, ( "talloc() failure!\n" ) );
            return False;
        }
        regdb_fetch_keys( evtlogpath, subkeys );
        regsubkey_ctr_addkey( subkeys, *elogs );

        if ( !regdb_store_keys( evtlogpath, subkeys ) ) {
            TALLOC_FREE(subkeys);
            return False;
        }
        TALLOC_FREE( subkeys );

        /* now add the values to the KEY_EVENTLOG/Application form key */
        if (!(values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
            DEBUG( 0, ( "talloc() failure!\n" ) );
            return False;
        }
        DEBUG( 5,
               ( "Storing values to eventlog path of [%s]\n",
                 evtlogpath ) );
        regdb_fetch_values( evtlogpath, values );


        if (!regval_ctr_key_exists(values, "MaxSize")) {

            /* assume we have none, add them all */

            /* hard code some initial values */

            /* uiDisplayNameId = 0x00000100; */
            uiMaxSize = 0x00080000;
            uiRetention = 0x93A80;

            regval_ctr_addvalue(values, "MaxSize", REG_DWORD,
                                (char *)&uiMaxSize,
                                sizeof(uint32));

            regval_ctr_addvalue(values, "Retention", REG_DWORD,
                                (char *)&uiRetention,
                                sizeof(uint32));
            init_unistr2(&data, *elogs, UNI_STR_TERMINATE);

            regval_ctr_addvalue(values, "PrimaryModule", REG_SZ,
                                (char *)data.buffer,
                                data.uni_str_len *
                                sizeof(uint16));
            init_unistr2(&data, *elogs, UNI_STR_TERMINATE);

            regval_ctr_addvalue(values, "Sources", REG_MULTI_SZ,
                                (char *)data.buffer,
                                data.uni_str_len *
                                sizeof(uint16));

            evtfilepath = talloc_asprintf(ctx,
                                          "%%SystemRoot%%\\system32\\config\\%s.tdb",
                                          *elogs);
            if (!evtfilepath) {
                TALLOC_FREE(values);
            }
            init_unistr2(&data, evtfilepath, UNI_STR_TERMINATE);
            regval_ctr_addvalue(values, "File", REG_EXPAND_SZ, (char *)data.buffer,
                                data.uni_str_len * sizeof(uint16));
            regdb_store_values(evtlogpath, values);

        }

        TALLOC_FREE(values);

        /* now do the values under KEY_EVENTLOG/Application/Application */
        TALLOC_FREE(evtlogpath);
        evtlogpath = talloc_asprintf(ctx, "%s\\%s\\%s",
                                     KEY_EVENTLOG, *elogs, *elogs);
        if (!evtlogpath) {
            return false;
        }
        if (!(values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
            DEBUG( 0, ( "talloc() failure!\n" ) );
            return False;
        }
        DEBUG( 5,
               ( "Storing values to eventlog path of [%s]\n",
                 evtlogpath));
        regdb_fetch_values(evtlogpath, values);
        if (!regval_ctr_key_exists( values, "CategoryCount")) {

            /* hard code some initial values */

            uiCategoryCount = 0x00000007;
            regval_ctr_addvalue( values, "CategoryCount",
                                 REG_DWORD,
                                 ( char * ) &uiCategoryCount,
                                 sizeof( uint32 ) );
            init_unistr2( &data,
                          "%SystemRoot%\\system32\\eventlog.dll",
                          UNI_STR_TERMINATE );

            regval_ctr_addvalue( values, "CategoryMessageFile",
                                 REG_EXPAND_SZ,
                                 ( char * ) data.buffer,
                                 data.uni_str_len *
                                 sizeof( uint16 ) );
            regdb_store_values( evtlogpath, values );
        }
        TALLOC_FREE(values);
        elogs++;
    }

    return true;
}
Beispiel #4
0
bool eventlog_add_source( const char *eventlog, const char *sourcename,
                          const char *messagefile )
{
    /* Find all of the eventlogs, add keys for each of them */
    /* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
       need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */

    const char **elogs = lp_eventlog_list(  );
    char **wrklist, **wp;
    char *evtlogpath = NULL;
    struct regsubkey_ctr *subkeys;
    REGVAL_CTR *values;
    REGISTRY_VALUE *rval;
    UNISTR2 data;
    uint16 *msz_wp;
    int mbytes, ii;
    bool already_in;
    int i;
    int numsources;
    TALLOC_CTX *ctx = talloc_tos();
    WERROR werr;

    if (!elogs) {
        return False;
    }

    for ( i = 0; elogs[i]; i++ ) {
        if ( strequal( elogs[i], eventlog ) )
            break;
    }

    if ( !elogs[i] ) {
        DEBUG( 0,
               ( "Eventlog [%s] not found in list of valid event logs\n",
                 eventlog ) );
        return false;	/* invalid named passed in */
    }

    /* have to assume that the evenlog key itself exists at this point */
    /* add in a key of [sourcename] under the eventlog key */

    /* todo add to Sources */

    if (!( values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
        DEBUG( 0, ( "talloc() failure!\n" ));
        return false;
    }

    evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog);
    if (!evtlogpath) {
        TALLOC_FREE(values);
        return false;
    }

    regdb_fetch_values( evtlogpath, values );


    if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) {
        DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) );
        return False;
    }
    /* perhaps this adding a new string to a multi_sz should be a fn? */
    /* check to see if it's there already */

    if ( rval->type != REG_MULTI_SZ ) {
        DEBUG( 0,
               ( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) );
        return False;
    }
    /* convert to a 'regulah' chars to do some comparisons */

    already_in = False;
    wrklist = NULL;
    dump_data( 1, rval->data_p, rval->size );
    if ( ( numsources =
                regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size,
                                         &wrklist ) ) > 0 ) {

        ii = numsources;
        /* see if it's in there already */
        wp = wrklist;

        while ( ii && wp && *wp ) {
            if ( strequal( *wp, sourcename ) ) {
                DEBUG( 5,
                       ( "Source name [%s] already in list for [%s] \n",
                         sourcename, eventlog ) );
                already_in = True;
                break;
            }
            wp++;
            ii--;
        }
    } else {
        if ( numsources < 0 ) {
            DEBUG( 3, ( "problem in getting the sources\n" ) );
            return False;
        }
        DEBUG( 3,
               ( "Nothing in the sources list, this might be a problem\n" ) );
    }

    wp = wrklist;

    if ( !already_in ) {
        /* make a new list with an additional entry; copy values, add another */
        wp = TALLOC_ARRAY(ctx, char *, numsources + 2 );

        if ( !wp ) {
            DEBUG( 0, ( "talloc() failed \n" ) );
            return False;
        }
        memcpy( wp, wrklist, sizeof( char * ) * numsources );
        *( wp + numsources ) = ( char * ) sourcename;
        *( wp + numsources + 1 ) = NULL;
        mbytes = regval_build_multi_sz( wp, &msz_wp );
        dump_data( 1, ( uint8 * ) msz_wp, mbytes );
        regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
                             ( char * ) msz_wp, mbytes );
        regdb_store_values( evtlogpath, values );
        TALLOC_FREE(msz_wp);
    } else {
Beispiel #5
0
/*********************************************************************
 for an eventlog, add in a source name. If the eventlog doesn't
 exist (not in the list) do nothing.   If a source for the log
 already exists, change the information (remove, replace)
*********************************************************************/
static bool eventlog_add_source( const char *eventlog, const char *sourcename,
				 const char *messagefile )
{
	/* Find all of the eventlogs, add keys for each of them */
	/* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
	   need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */

	const char **elogs = lp_eventlog_list(  );
	const char **wrklist, **wp;
	char *evtlogpath = NULL;
	int ii = 0;
	bool already_in;
	int i;
	int numsources = 0;
	TALLOC_CTX *ctx = talloc_stackframe();
	WERROR werr;
	struct registry_key *key_hive, *key_eventlog, *key_source;
	struct security_token *token = NULL;
	const char *hive_name, *relpath;
	enum winreg_CreateAction action;
	struct registry_value *value;
	static const uint32_t ACCESS = REG_KEY_READ | REG_KEY_WRITE;
	bool ret = false;

	if (!elogs) {
		d_printf("No Eventlogs configured\n");
		goto done;
	}

	for ( i = 0; elogs[i]; i++ ) {
		if ( strequal( elogs[i], eventlog ) )
			break;
	}

	if ( !elogs[i] ) {
		d_printf("Eventlog [%s] not found in list of valid event logs\n",
			 eventlog);
		goto done;
	}

	/* have to assume that the evenlog key itself exists at this point */
	/* add in a key of [sourcename] under the eventlog key */

	/* todo add to Sources */

	evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog);
	if (!evtlogpath) {
		d_printf("Out of memory\n");
		goto done;
	}

	relpath = evtlogpath + sizeof(KEY_EVENTLOG);
	hive_name = talloc_strndup(ctx, evtlogpath, relpath - evtlogpath);
	if (!hive_name) {
		d_printf("Out of memory\n");
		goto done;
	}
	relpath++;

	werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
	if (!W_ERROR_IS_OK(werr)) {
		d_printf("Failed to create admin token: %s\n", win_errstr(werr));
		goto done;
	}

	werr = reg_openhive(ctx, hive_name, ACCESS, token, &key_hive);
	if (!W_ERROR_IS_OK(werr)) {
		d_printf("Failed to open hive [%s]: %s\n", hive_name, win_errstr(werr));
		goto done;
	}

	werr = reg_openkey(ctx, key_hive, relpath, ACCESS, &key_eventlog);
	if (!W_ERROR_IS_OK(werr)) {
		d_printf("Failed to open key [%s]: %s\n", evtlogpath, win_errstr(werr));
		goto done;
	}

	werr = reg_queryvalue(ctx, key_eventlog, "Sources", &value);
	if (!W_ERROR_IS_OK(werr)) {
		d_printf("Failed to get value \"Sources\" for [%s]: %s\n", evtlogpath, win_errstr(werr));
		goto done;
	}
	/* perhaps this adding a new string to a multi_sz should be a fn? */
	/* check to see if it's there already */

	if ( value->type != REG_MULTI_SZ ) {
		d_printf("Wrong type for \"Sources\", should be REG_MULTI_SZ\n");
		goto done;
	}
	/* convert to a 'regulah' chars to do some comparisons */

	already_in = false;
	wrklist = NULL;
	dump_data(1, value->data.data, value->data.length);

	if (!pull_reg_multi_sz(ctx, &value->data, &wrklist)) {
		d_printf("Failed to pull REG_MULTI_SZ from \"Sources\"\n");
		goto done;
	}

	for (ii=0; wrklist[ii]; ii++) {
		numsources++;
	}

	if (numsources > 0) {
		/* see if it's in there already */
		wp = wrklist;

		while (wp && *wp ) {
			if ( strequal( *wp, sourcename ) ) {
				d_printf("Source name [%s] already in list for [%s] \n",
					 sourcename, eventlog);
				already_in = true;
				break;
			}
			wp++;
		}
	} else {
		d_printf("Nothing in the sources list, this might be a problem\n");
	}

	if ( !already_in ) {
		/* make a new list with an additional entry; copy values, add another */
		wp = talloc_realloc(ctx, wrklist, const char *, numsources + 2 );
		if ( !wp ) {
			d_printf("Out of memory\n");
			goto done;
		}

		wp[numsources] = sourcename;
		wp[numsources+1] = NULL;
		if (!push_reg_multi_sz(ctx, &value->data, wp)) {
			d_printf("Failed to push Sources\n");
			goto done;
		}
		dump_data( 1, value->data.data, value->data.length);
		werr = reg_setvalue(key_eventlog,  "Sources", value);
		if (!W_ERROR_IS_OK(werr)) {
			d_printf("Failed to set value Sources:  %s\n", win_errstr(werr));
			goto done;
		}
	} else {