static void display_eventlog_names( void )
{
const char **elogs;
int i;
elogs = lp_eventlog_list( );
printf( "Active eventlog names (from smb.conf):\n" );
printf( "--------------------------------------\n" );
if ( elogs ) {
for ( i = 0; elogs[i]; i++ ) {
printf( "\t%s\n", elogs[i] );
}
}
else
printf( "\t<None specified>\n");
}
static bool elog_validate_logname( const char *name )
{
int i;
const char **elogs = lp_eventlog_list();
if (!elogs) {
return False;
}
for ( i=0; elogs[i]; i++ ) {
if ( strequal( name, elogs[i] ) )
return True;
}
return False;
}
bool eventlog_init_keys(void)
{
/* Find all of the eventlogs, add keys for each of them */
const char **elogs = lp_eventlog_list();
char *evtlogpath = NULL;
char *evtfilepath = NULL;
struct regsubkey_ctr *subkeys;
REGVAL_CTR *values;
uint32 uiMaxSize;
uint32 uiRetention;
uint32 uiCategoryCount;
UNISTR2 data;
TALLOC_CTX *ctx = talloc_tos();
WERROR werr;
while (elogs && *elogs) {
werr = regsubkey_ctr_init(ctx, &subkeys);
if (!W_ERROR_IS_OK(werr)) {
DEBUG( 0, ( "talloc() failure!\n" ) );
return False;
}
regdb_fetch_keys(KEY_EVENTLOG, subkeys);
regsubkey_ctr_addkey( subkeys, *elogs );
if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) ) {
TALLOC_FREE(subkeys);
return False;
}
TALLOC_FREE(subkeys);
/* add in the key of form KEY_EVENTLOG/Application */
DEBUG( 5,
( "Adding key of [%s] to path of [%s]\n", *elogs,
KEY_EVENTLOG ) );
evtlogpath = talloc_asprintf(ctx, "%s\\%s",
KEY_EVENTLOG, *elogs);
if (!evtlogpath) {
return false;
}
/* add in the key of form KEY_EVENTLOG/Application/Application */
DEBUG( 5,
( "Adding key of [%s] to path of [%s]\n", *elogs,
evtlogpath ) );
werr = regsubkey_ctr_init(ctx, &subkeys);
if (!W_ERROR_IS_OK(werr)) {
DEBUG( 0, ( "talloc() failure!\n" ) );
return False;
}
regdb_fetch_keys( evtlogpath, subkeys );
regsubkey_ctr_addkey( subkeys, *elogs );
if ( !regdb_store_keys( evtlogpath, subkeys ) ) {
TALLOC_FREE(subkeys);
return False;
}
TALLOC_FREE( subkeys );
/* now add the values to the KEY_EVENTLOG/Application form key */
if (!(values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
DEBUG( 0, ( "talloc() failure!\n" ) );
return False;
}
DEBUG( 5,
( "Storing values to eventlog path of [%s]\n",
evtlogpath ) );
regdb_fetch_values( evtlogpath, values );
if (!regval_ctr_key_exists(values, "MaxSize")) {
/* assume we have none, add them all */
/* hard code some initial values */
/* uiDisplayNameId = 0x00000100; */
uiMaxSize = 0x00080000;
uiRetention = 0x93A80;
regval_ctr_addvalue(values, "MaxSize", REG_DWORD,
(char *)&uiMaxSize,
sizeof(uint32));
regval_ctr_addvalue(values, "Retention", REG_DWORD,
(char *)&uiRetention,
sizeof(uint32));
init_unistr2(&data, *elogs, UNI_STR_TERMINATE);
regval_ctr_addvalue(values, "PrimaryModule", REG_SZ,
(char *)data.buffer,
data.uni_str_len *
sizeof(uint16));
init_unistr2(&data, *elogs, UNI_STR_TERMINATE);
regval_ctr_addvalue(values, "Sources", REG_MULTI_SZ,
(char *)data.buffer,
data.uni_str_len *
sizeof(uint16));
evtfilepath = talloc_asprintf(ctx,
"%%SystemRoot%%\\system32\\config\\%s.tdb",
*elogs);
if (!evtfilepath) {
TALLOC_FREE(values);
}
init_unistr2(&data, evtfilepath, UNI_STR_TERMINATE);
regval_ctr_addvalue(values, "File", REG_EXPAND_SZ, (char *)data.buffer,
data.uni_str_len * sizeof(uint16));
regdb_store_values(evtlogpath, values);
}
TALLOC_FREE(values);
/* now do the values under KEY_EVENTLOG/Application/Application */
TALLOC_FREE(evtlogpath);
evtlogpath = talloc_asprintf(ctx, "%s\\%s\\%s",
KEY_EVENTLOG, *elogs, *elogs);
if (!evtlogpath) {
return false;
}
if (!(values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
DEBUG( 0, ( "talloc() failure!\n" ) );
return False;
}
DEBUG( 5,
( "Storing values to eventlog path of [%s]\n",
evtlogpath));
regdb_fetch_values(evtlogpath, values);
if (!regval_ctr_key_exists( values, "CategoryCount")) {
/* hard code some initial values */
uiCategoryCount = 0x00000007;
regval_ctr_addvalue( values, "CategoryCount",
REG_DWORD,
( char * ) &uiCategoryCount,
sizeof( uint32 ) );
init_unistr2( &data,
"%SystemRoot%\\system32\\eventlog.dll",
UNI_STR_TERMINATE );
regval_ctr_addvalue( values, "CategoryMessageFile",
REG_EXPAND_SZ,
( char * ) data.buffer,
data.uni_str_len *
sizeof( uint16 ) );
regdb_store_values( evtlogpath, values );
}
TALLOC_FREE(values);
elogs++;
}
return true;
}
bool eventlog_add_source( const char *eventlog, const char *sourcename,
const char *messagefile )
{
/* Find all of the eventlogs, add keys for each of them */
/* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */
const char **elogs = lp_eventlog_list( );
char **wrklist, **wp;
char *evtlogpath = NULL;
struct regsubkey_ctr *subkeys;
REGVAL_CTR *values;
REGISTRY_VALUE *rval;
UNISTR2 data;
uint16 *msz_wp;
int mbytes, ii;
bool already_in;
int i;
int numsources;
TALLOC_CTX *ctx = talloc_tos();
WERROR werr;
if (!elogs) {
return False;
}
for ( i = 0; elogs[i]; i++ ) {
if ( strequal( elogs[i], eventlog ) )
break;
}
if ( !elogs[i] ) {
DEBUG( 0,
( "Eventlog [%s] not found in list of valid event logs\n",
eventlog ) );
return false; /* invalid named passed in */
}
/* have to assume that the evenlog key itself exists at this point */
/* add in a key of [sourcename] under the eventlog key */
/* todo add to Sources */
if (!( values = TALLOC_ZERO_P(ctx, REGVAL_CTR))) {
DEBUG( 0, ( "talloc() failure!\n" ));
return false;
}
evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog);
if (!evtlogpath) {
TALLOC_FREE(values);
return false;
}
regdb_fetch_values( evtlogpath, values );
if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) {
DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) );
return False;
}
/* perhaps this adding a new string to a multi_sz should be a fn? */
/* check to see if it's there already */
if ( rval->type != REG_MULTI_SZ ) {
DEBUG( 0,
( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) );
return False;
}
/* convert to a 'regulah' chars to do some comparisons */
already_in = False;
wrklist = NULL;
dump_data( 1, rval->data_p, rval->size );
if ( ( numsources =
regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size,
&wrklist ) ) > 0 ) {
ii = numsources;
/* see if it's in there already */
wp = wrklist;
while ( ii && wp && *wp ) {
if ( strequal( *wp, sourcename ) ) {
DEBUG( 5,
( "Source name [%s] already in list for [%s] \n",
sourcename, eventlog ) );
already_in = True;
break;
}
wp++;
ii--;
}
} else {
if ( numsources < 0 ) {
DEBUG( 3, ( "problem in getting the sources\n" ) );
return False;
}
DEBUG( 3,
( "Nothing in the sources list, this might be a problem\n" ) );
}
wp = wrklist;
if ( !already_in ) {
/* make a new list with an additional entry; copy values, add another */
wp = TALLOC_ARRAY(ctx, char *, numsources + 2 );
if ( !wp ) {
DEBUG( 0, ( "talloc() failed \n" ) );
return False;
}
memcpy( wp, wrklist, sizeof( char * ) * numsources );
*( wp + numsources ) = ( char * ) sourcename;
*( wp + numsources + 1 ) = NULL;
mbytes = regval_build_multi_sz( wp, &msz_wp );
dump_data( 1, ( uint8 * ) msz_wp, mbytes );
regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
( char * ) msz_wp, mbytes );
regdb_store_values( evtlogpath, values );
TALLOC_FREE(msz_wp);
} else {
/*********************************************************************
for an eventlog, add in a source name. If the eventlog doesn't
exist (not in the list) do nothing. If a source for the log
already exists, change the information (remove, replace)
*********************************************************************/
static bool eventlog_add_source( const char *eventlog, const char *sourcename,
const char *messagefile )
{
/* Find all of the eventlogs, add keys for each of them */
/* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */
const char **elogs = lp_eventlog_list( );
const char **wrklist, **wp;
char *evtlogpath = NULL;
int ii = 0;
bool already_in;
int i;
int numsources = 0;
TALLOC_CTX *ctx = talloc_stackframe();
WERROR werr;
struct registry_key *key_hive, *key_eventlog, *key_source;
struct security_token *token = NULL;
const char *hive_name, *relpath;
enum winreg_CreateAction action;
struct registry_value *value;
static const uint32_t ACCESS = REG_KEY_READ | REG_KEY_WRITE;
bool ret = false;
if (!elogs) {
d_printf("No Eventlogs configured\n");
goto done;
}
for ( i = 0; elogs[i]; i++ ) {
if ( strequal( elogs[i], eventlog ) )
break;
}
if ( !elogs[i] ) {
d_printf("Eventlog [%s] not found in list of valid event logs\n",
eventlog);
goto done;
}
/* have to assume that the evenlog key itself exists at this point */
/* add in a key of [sourcename] under the eventlog key */
/* todo add to Sources */
evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog);
if (!evtlogpath) {
d_printf("Out of memory\n");
goto done;
}
relpath = evtlogpath + sizeof(KEY_EVENTLOG);
hive_name = talloc_strndup(ctx, evtlogpath, relpath - evtlogpath);
if (!hive_name) {
d_printf("Out of memory\n");
goto done;
}
relpath++;
werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
if (!W_ERROR_IS_OK(werr)) {
d_printf("Failed to create admin token: %s\n", win_errstr(werr));
goto done;
}
werr = reg_openhive(ctx, hive_name, ACCESS, token, &key_hive);
if (!W_ERROR_IS_OK(werr)) {
d_printf("Failed to open hive [%s]: %s\n", hive_name, win_errstr(werr));
goto done;
}
werr = reg_openkey(ctx, key_hive, relpath, ACCESS, &key_eventlog);
if (!W_ERROR_IS_OK(werr)) {
d_printf("Failed to open key [%s]: %s\n", evtlogpath, win_errstr(werr));
goto done;
}
werr = reg_queryvalue(ctx, key_eventlog, "Sources", &value);
if (!W_ERROR_IS_OK(werr)) {
d_printf("Failed to get value \"Sources\" for [%s]: %s\n", evtlogpath, win_errstr(werr));
goto done;
}
/* perhaps this adding a new string to a multi_sz should be a fn? */
/* check to see if it's there already */
if ( value->type != REG_MULTI_SZ ) {
d_printf("Wrong type for \"Sources\", should be REG_MULTI_SZ\n");
goto done;
}
/* convert to a 'regulah' chars to do some comparisons */
already_in = false;
wrklist = NULL;
dump_data(1, value->data.data, value->data.length);
if (!pull_reg_multi_sz(ctx, &value->data, &wrklist)) {
d_printf("Failed to pull REG_MULTI_SZ from \"Sources\"\n");
goto done;
}
for (ii=0; wrklist[ii]; ii++) {
numsources++;
}
if (numsources > 0) {
/* see if it's in there already */
wp = wrklist;
while (wp && *wp ) {
if ( strequal( *wp, sourcename ) ) {
d_printf("Source name [%s] already in list for [%s] \n",
sourcename, eventlog);
already_in = true;
break;
}
wp++;
}
} else {
d_printf("Nothing in the sources list, this might be a problem\n");
}
if ( !already_in ) {
/* make a new list with an additional entry; copy values, add another */
wp = talloc_realloc(ctx, wrklist, const char *, numsources + 2 );
if ( !wp ) {
d_printf("Out of memory\n");
goto done;
}
wp[numsources] = sourcename;
wp[numsources+1] = NULL;
if (!push_reg_multi_sz(ctx, &value->data, wp)) {
d_printf("Failed to push Sources\n");
goto done;
}
dump_data( 1, value->data.data, value->data.length);
werr = reg_setvalue(key_eventlog, "Sources", value);
if (!W_ERROR_IS_OK(werr)) {
d_printf("Failed to set value Sources: %s\n", win_errstr(werr));
goto done;
}
} else {