NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
struct eventlog_ClearEventLogW *r)
{
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
if ( !info )
return NT_STATUS_INVALID_HANDLE;
if (r->in.backupfile && r->in.backupfile->string) {
DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
"file name for log [%s].",
r->in.backupfile->string, info->logname ) );
}
/* check for WRITE access to the file */
if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
return NT_STATUS_ACCESS_DENIED;
/* Force a close and reopen */
elog_close_tdb( info->etdb, True );
become_root();
info->etdb = elog_open_tdb( info->logname, True, False );
unbecome_root();
if ( !info->etdb )
return NT_STATUS_ACCESS_DENIED;
return NT_STATUS_OK;
}
static int DoDumpCommand(int argc, char **argv, bool debugflag, char *exename)
{
ELOG_TDB *etdb;
TALLOC_CTX *mem_ctx = talloc_tos();
const char *tdb_filename;
uint32_t count = 1;
if (argc > 2) {
return -1;
}
tdb_filename = argv[0];
if (argc > 1) {
count = atoi(argv[1]);
}
etdb = elog_open_tdb(argv[0], false, true);
if (!etdb) {
printf("can't open the eventlog TDB (%s)\n", argv[0]);
return -1;
}
while (1) {
struct eventlog_Record_tdb *r;
char *s;
r = evlog_pull_record_tdb(mem_ctx, etdb->tdb, count);
if (!r) {
break;
}
printf("displaying record: %d\n", count);
s = NDR_PRINT_STRUCT_STRING(mem_ctx, eventlog_Record_tdb, r);
if (s) {
printf("%s\n", s);
talloc_free(s);
}
count++;
}
elog_close_tdb(etdb, false);
return 0;
}
static NTSTATUS elog_open( pipes_struct * p, const char *logname, struct policy_handle *hnd )
{
EVENTLOG_INFO *elog;
/* first thing is to validate the eventlog name */
if ( !elog_validate_logname( logname ) )
return NT_STATUS_OBJECT_PATH_INVALID;
if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
return NT_STATUS_NO_MEMORY;
talloc_set_destructor(elog, eventlog_info_destructor);
elog->logname = talloc_strdup( elog, logname );
/* Open the tdb first (so that we can create any new tdbs if necessary).
We have to do this as root and then use an internal access check
on the file permissions since you can only have a tdb open once
in a single process */
become_root();
elog->etdb = elog_open_tdb( elog->logname, False, False );
unbecome_root();
if ( !elog->etdb ) {
/* according to MSDN, if the logfile cannot be found, we should
default to the "Application" log */
if ( !strequal( logname, ELOG_APPL ) ) {
TALLOC_FREE( elog->logname );
elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
if ( !elog_check_access( elog, p->server_info->ptok ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
become_root();
elog->etdb = elog_open_tdb( elog->logname, False, False );
unbecome_root();
}
if ( !elog->etdb ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED; /* ??? */
}
}
/* now do the access check. Close the tdb if we fail here */
if ( !elog_check_access( elog, p->server_info->ptok ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
/* create the policy handle */
if ( !create_policy_hnd( p, hnd, elog ) ) {
TALLOC_FREE(elog);
return NT_STATUS_NO_MEMORY;
}
/* set the initial current_record pointer */
if ( !get_oldest_entry_hook( elog ) ) {
DEBUG(3,("elog_open: Successfully opened eventlog but can't "
"get any information on internal records!\n"));
}
elog->current_record = elog->oldest_entry;
return NT_STATUS_OK;
}
static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename )
{
FILE *f1;
char *argfname;
ELOG_TDB *etdb;
/* fixed constants are bad bad bad */
char linein[1024];
bool is_eor;
Eventlog_entry ee;
int rcnum;
f1 = stdin;
if ( !f1 ) {
printf( "Can't open STDIN\n" );
return -1;
}
if ( debugflag ) {
printf( "Starting write for eventlog [%s]\n", argv[0] );
display_eventlog_names( );
}
argfname = argv[0];
if ( !( etdb = elog_open_tdb( argfname, False ) ) ) {
printf( "can't open the eventlog TDB (%s)\n", argfname );
return -1;
}
ZERO_STRUCT( ee ); /* MUST initialize between records */
while ( !feof( f1 ) ) {
if (fgets( linein, sizeof( linein ) - 1, f1 ) == NULL) {
break;
}
linein[strlen( linein ) - 1] = 0; /* whack the line delimiter */
if ( debugflag )
printf( "Read line [%s]\n", linein );
is_eor = False;
parse_logentry( ( char * ) &linein, &ee, &is_eor );
/* should we do something with the return code? */
if ( is_eor ) {
fixup_eventlog_entry( &ee );
if ( opt_debug )
printf( "record number [%d], tg [%d] , tw [%d]\n", ee.record.record_number, ee.record.time_generated, ee.record.time_written );
if ( ee.record.time_generated != 0 ) {
/* printf("Writing to the event log\n"); */
rcnum = write_eventlog_tdb( ELOG_TDB_CTX(etdb), &ee );
if ( !rcnum ) {
printf( "Can't write to the event log\n" );
} else {
if ( opt_debug )
printf( "Wrote record %d\n",
rcnum );
}
} else {
if ( opt_debug )
printf( "<null record>\n" );
}
ZERO_STRUCT( ee ); /* MUST initialize between records */
}
}
elog_close_tdb( etdb , False );
return 0;
}
static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename )
{
FILE *f1;
char *argfname;
ELOG_TDB *etdb;
NTSTATUS status;
/* fixed constants are bad bad bad */
char linein[1024];
bool is_eor;
struct eventlog_Record_tdb ee;
uint32_t record_number = 0;
TALLOC_CTX *mem_ctx = talloc_tos();
f1 = stdin;
if ( !f1 ) {
printf( "Can't open STDIN\n" );
return -1;
}
if ( debugflag ) {
printf( "Starting write for eventlog [%s]\n", argv[0] );
display_eventlog_names( );
}
argfname = argv[0];
if ( !( etdb = elog_open_tdb( argfname, False, False ) ) ) {
printf( "can't open the eventlog TDB (%s)\n", argfname );
return -1;
}
ZERO_STRUCT( ee ); /* MUST initialize between records */
while ( !feof( f1 ) ) {
if (fgets( linein, sizeof( linein ) - 1, f1 ) == NULL) {
break;
}
if ((strlen(linein) > 0)
&& (linein[strlen(linein)-1] == '\n')) {
linein[strlen(linein)-1] = 0;
}
if ( debugflag )
printf( "Read line [%s]\n", linein );
is_eor = False;
parse_logentry( mem_ctx, ( char * ) &linein, &ee, &is_eor );
/* should we do something with the return code? */
if ( is_eor ) {
fixup_eventlog_record_tdb( &ee );
if ( opt_debug )
printf( "record number [%d], tg [%d] , tw [%d]\n",
ee.record_number, (int)ee.time_generated, (int)ee.time_written );
if ( ee.time_generated != 0 ) {
/* printf("Writing to the event log\n"); */
status = evlog_push_record_tdb( mem_ctx, ELOG_TDB_CTX(etdb),
&ee, &record_number );
if ( !NT_STATUS_IS_OK(status) ) {
printf( "Can't write to the event log: %s\n",
nt_errstr(status) );
} else {
if ( opt_debug )
printf( "Wrote record %d\n",
record_number );
}
} else {
if ( opt_debug )
printf( "<null record>\n" );
}
ZERO_STRUCT( ee ); /* MUST initialize between records */
}
}
elog_close_tdb( etdb , False );
return 0;
}
