static bool test_FlushEventLog(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct eventlog_FlushEventLog r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
if (!get_policy_handle(tctx, p, &handle))
return false;
r.in.handle = &handle;
/* Huh? Does this RPC always return access denied? */
torture_assert_ntstatus_equal(tctx,
dcerpc_eventlog_FlushEventLog(p, tctx, &r),
NT_STATUS_ACCESS_DENIED,
"FlushEventLog failed");
cr.in.handle = cr.out.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
"CloseEventLog failed");
return true;
}
static void test_scan_call(struct torture_context *tctx, const struct ndr_interface_table *iface, int opnum)
{
DATA_BLOB stub_in, stub_out;
int i;
NTSTATUS status;
struct dcerpc_pipe *p = NULL;
struct policy_handle handle;
reopen(tctx, &p, iface);
get_policy_handle(p, tctx, &handle);
/* work out the minimum amount of input data */
for (i=0;i<2000;i++) {
stub_in = data_blob(NULL, i);
data_blob_clear(&stub_in);
status = dcerpc_request(p, NULL, opnum, tctx, &stub_in, &stub_out);
if (NT_STATUS_IS_OK(status)) {
printf("opnum %d min_input %d - output %d\n",
opnum, (int)stub_in.length, (int)stub_out.length);
dump_data(0, stub_out.data, stub_out.length);
talloc_free(p);
test_ptr_scan(tctx, iface, opnum, &stub_in, 0, stub_in.length, 0);
return;
}
fill_blob_handle(&stub_in, tctx, &handle);
status = dcerpc_request(p, NULL, opnum, tctx, &stub_in, &stub_out);
if (NT_STATUS_IS_OK(status)) {
printf("opnum %d min_input %d - output %d (with handle)\n",
opnum, (int)stub_in.length, (int)stub_out.length);
dump_data(0, stub_out.data, stub_out.length);
talloc_free(p);
test_ptr_scan(tctx, iface, opnum, &stub_in, 0, stub_in.length, 0);
return;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
printf("opnum %d size %d fault %s\n", opnum, i, dcerpc_errstr(tctx, p->last_fault_code));
if (p->last_fault_code == 5) {
reopen(tctx, &p, iface);
}
continue;
}
printf("opnum %d size %d error %s\n", opnum, i, nt_errstr(status));
}
printf("opnum %d minimum not found!?\n", opnum);
talloc_free(p);
}
static bool test_OpenEventLog(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct policy_handle handle;
struct eventlog_CloseEventLog cr;
if (!get_policy_handle(tctx, p, &handle))
return false;
cr.in.handle = cr.out.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
"CloseEventLog failed");
return true;
}
static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p)
{
struct eventlog_GetNumRecords r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
if (!get_policy_handle(tctx, p, &handle))
return false;
r.in.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_GetNumRecords(p, tctx, &r),
"GetNumRecords failed");
torture_comment(tctx, talloc_asprintf(tctx, "%d records\n", *r.out.number));
cr.in.handle = cr.out.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
"CloseEventLog failed");
return true;
}
static bool test_ClearEventLog(struct dcerpc_pipe *p, TALLOC_CTX *tctx)
{
struct eventlog_ClearEventLogW r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
if (!get_policy_handle(tctx, p, &handle))
return false;
r.in.handle = &handle;
r.in.unknown = NULL;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
"ClearEventLog failed");
cr.in.handle = cr.out.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
"CloseEventLog failed");
return true;
}
static bool test_ReadEventLog(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct eventlog_ReadEventLogW r;
struct eventlog_CloseEventLog cr;
struct policy_handle handle;
if (!get_policy_handle(tctx, p, &handle))
return false;
r.in.offset = 0;
r.in.handle = &handle;
r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
while (1) {
DATA_BLOB blob;
struct eventlog_Record rec;
struct ndr_pull *ndr;
/* Read first for number of bytes in record */
r.in.number_of_bytes = 0;
r.out.data = NULL;
status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
break;
}
torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
"ReadEventLog failed");
/* Now read the actual record */
r.in.number_of_bytes = *r.out.real_size;
r.out.data = talloc_size(tctx, r.in.number_of_bytes);
status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
/* Decode a user-marshalled record */
blob.length = *r.out.sent_size;
blob.data = talloc_steal(tctx, r.out.data);
ndr = ndr_pull_init_blob(&blob, tctx);
status = ndr_pull_eventlog_Record(
ndr, NDR_SCALARS|NDR_BUFFERS, &rec);
NDR_PRINT_DEBUG(eventlog_Record, &rec);
torture_assert_ntstatus_ok(tctx, status,
"ReadEventLog failed parsing event log record");
r.in.offset++;
}
cr.in.handle = cr.out.handle = &handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
"CloseEventLog failed");
return true;
}
