00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "includes.h"
00022
00023 #undef DBGC_CLASS
00024 #define DBGC_CLASS DBGC_RPC_PARSE
00025
00026
00027
00028
00029 BOOL prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u )
00030 {
00031 if ( !u )
00032 return False;
00033
00034 if ( !prs_uint16("", ps, depth, &u->unknown1) )
00035 return False;
00036 if ( !prs_uint16("", ps, depth, &u->unknown2) )
00037 return False;
00038
00039 return True;
00040 }
00041
00042
00043
00044
00045 BOOL eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u,
00046 prs_struct *ps, int depth)
00047 {
00048 if(q_u == NULL)
00049 return False;
00050
00051 prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog");
00052 depth++;
00053
00054 if(!prs_align(ps))
00055 return False;
00056
00057 if ( !prs_pointer("", ps, depth, (void*)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0))
00058 return False;
00059
00060 if ( !prs_unistr4("logname", ps, depth, &q_u->logname) )
00061 return False;
00062 if ( !prs_align(ps) )
00063 return False;
00064
00065 if ( !prs_unistr4("servername", ps, depth, &q_u->servername) )
00066 return False;
00067 if ( !prs_align(ps) )
00068 return False;
00069
00070 if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
00071 return False;
00072 if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) )
00073 return False;
00074
00075 return True;
00076 }
00077
00078 BOOL eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u,
00079 prs_struct *ps, int depth)
00080 {
00081 if(r_u == NULL)
00082 return False;
00083
00084 prs_debug(ps, depth, desc, "eventlog_io_r_open_eventlog");
00085 depth++;
00086
00087 if(!prs_align(ps))
00088 return False;
00089
00090 if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth)))
00091 return False;
00092
00093 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00094 return False;
00095
00096 return True;
00097 }
00098
00099 BOOL eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u,
00100 prs_struct *ps, int depth)
00101 {
00102 if(q_u == NULL)
00103 return False;
00104
00105 prs_debug(ps, depth, desc, "eventlog_io_q_get_num_records");
00106 depth++;
00107
00108 if(!(prs_align(ps)))
00109 return False;
00110
00111 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
00112 return False;
00113
00114 return True;
00115 }
00116
00117 BOOL eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u,
00118 prs_struct *ps, int depth)
00119 {
00120 if(r_u == NULL)
00121 return False;
00122
00123 prs_debug(ps, depth, desc, "eventlog_io_r_get_num_records");
00124 depth++;
00125
00126 if(!(prs_align(ps)))
00127 return False;
00128
00129 if(!(prs_uint32("num records", ps, depth, &(r_u->num_records))))
00130 return False;
00131
00132 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00133 return False;
00134
00135 return True;
00136 }
00137
00138 BOOL eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u,
00139 prs_struct *ps, int depth)
00140 {
00141 if(q_u == NULL)
00142 return False;
00143
00144 prs_debug(ps, depth, desc, "eventlog_io_q_get_oldest_entry");
00145 depth++;
00146
00147 if(!(prs_align(ps)))
00148 return False;
00149
00150 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
00151 return False;
00152
00153 return True;
00154 }
00155
00156 BOOL eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u,
00157 prs_struct *ps, int depth)
00158 {
00159 if(r_u == NULL)
00160 return False;
00161
00162 prs_debug(ps, depth, desc, "eventlog_io_r_get_oldest_entry");
00163 depth++;
00164
00165 if(!(prs_align(ps)))
00166 return False;
00167
00168 if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry))))
00169 return False;
00170
00171 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00172 return False;
00173
00174 return True;
00175 }
00176
00177 BOOL eventlog_io_q_close_eventlog(const char *desc, EVENTLOG_Q_CLOSE_EVENTLOG *q_u,
00178 prs_struct *ps, int depth)
00179 {
00180 if(q_u == NULL)
00181 return False;
00182
00183 prs_debug(ps, depth, desc, "eventlog_io_q_close_eventlog");
00184 depth++;
00185
00186 if(!(prs_align(ps)))
00187 return False;
00188
00189 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
00190 return False;
00191
00192 return True;
00193 }
00194
00195 BOOL eventlog_io_r_close_eventlog(const char *desc, EVENTLOG_R_CLOSE_EVENTLOG *r_u,
00196 prs_struct *ps, int depth)
00197 {
00198 if(r_u == NULL)
00199 return False;
00200
00201 prs_debug(ps, depth, desc, "eventlog_io_r_close_eventlog");
00202 depth++;
00203
00204 if(!(prs_align(ps)))
00205 return False;
00206
00207 if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth)))
00208 return False;
00209
00210 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00211 return False;
00212
00213 return True;
00214 }
00215
00216 BOOL eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u,
00217 prs_struct *ps, int depth)
00218 {
00219 if(q_u == NULL)
00220 return False;
00221
00222 prs_debug(ps, depth, desc, "eventlog_io_q_read_eventlog");
00223 depth++;
00224
00225 if(!(prs_align(ps)))
00226 return False;
00227
00228 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
00229 return False;
00230
00231 if(!(prs_uint32("read flags", ps, depth, &(q_u->flags))))
00232 return False;
00233
00234 if(!(prs_uint32("read offset", ps, depth, &(q_u->offset))))
00235 return False;
00236
00237 if(!(prs_uint32("read buf size", ps, depth, &(q_u->max_read_size))))
00238 return False;
00239
00240 return True;
00241 }
00242
00243
00244
00245
00246
00247
00248
00249 BOOL eventlog_io_r_read_eventlog(const char *desc,
00250 EVENTLOG_Q_READ_EVENTLOG *q_u,
00251 EVENTLOG_R_READ_EVENTLOG *r_u,
00252 prs_struct *ps,
00253 int depth)
00254 {
00255 Eventlog_entry *entry;
00256 uint32 record_written = 0;
00257 uint32 record_total = 0;
00258
00259 if(r_u == NULL)
00260 return False;
00261
00262 prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog");
00263 depth++;
00264
00265
00266
00267 if(r_u->num_bytes_in_resp > q_u->max_read_size) {
00268 entry = r_u->entry;
00269
00270
00271
00272 while(entry->next != NULL)
00273 entry = entry->next;
00274
00275 r_u->num_bytes_in_resp -= entry->record.length;
00276
00277
00278
00279 r_u->num_records--;
00280 }
00281
00282 entry = r_u->entry;
00283 record_total = r_u->num_records;
00284
00285 if(r_u->num_bytes_in_resp != 0)
00286 r_u->sent_size = r_u->num_bytes_in_resp;
00287 else
00288 r_u->real_size = r_u->bytes_in_next_record;
00289
00290 if(!(prs_align(ps)))
00291 return False;
00292 if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size))))
00293 return False;
00294
00295 while(entry != NULL && record_written < record_total)
00296 {
00297 DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total));
00298
00299
00300
00301 if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
00302 return False;
00303 if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
00304 return False;
00305 if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
00306 return False;
00307 if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
00308 return False;
00309 if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
00310 return False;
00311 if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
00312 return False;
00313 if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
00314 return False;
00315 if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
00316 return False;
00317 if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
00318 return False;
00319 if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
00320 return False;
00321 if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
00322 return False;
00323 if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
00324 return False;
00325 if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
00326 return False;
00327 if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
00328 return False;
00329 if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
00330 return False;
00331 if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
00332 return False;
00333 if(!(prs_align(ps)))
00334 return False;
00335
00336
00337
00338 if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
00339 entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
00340 {
00341 return False;
00342 }
00343
00344 if(!(prs_align(ps)))
00345 return False;
00346 if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
00347 return False;
00348
00349 entry = entry->next;
00350 record_written++;
00351
00352 }
00353
00354
00355
00356 if (q_u->max_read_size - r_u->num_bytes_in_resp) {
00357 if (!r_u->end_of_entries_padding) {
00358 return False;
00359 }
00360
00361 if(!(prs_uint8s(False, "end of entries padding", ps,
00362 depth, r_u->end_of_entries_padding,
00363 (q_u->max_read_size - r_u->num_bytes_in_resp)))) {
00364 free(r_u->end_of_entries_padding);
00365 return False;
00366 }
00367
00368 free(r_u->end_of_entries_padding);
00369 }
00370
00371
00372
00373 if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size))))
00374 return False;
00375 if(!(prs_uint32("real size", ps, depth, &(r_u->real_size))))
00376 return False;
00377 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00378 return False;
00379
00380 return True;
00381 }
00382
00383
00384
00385
00386
00387
00388
00389
00390
00391
00392
00393
00394
00395
00396
00397 BOOL eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u,
00398 prs_struct *ps, int depth)
00399 {
00400 if(q_u == NULL)
00401 return False;
00402
00403 prs_debug(ps, depth, desc, "eventlog_io_q_clear_eventlog");
00404 depth++;
00405
00406 if(!prs_align(ps))
00407 return False;
00408 if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
00409 return False;
00410
00411 if ( !prs_unistr4("backupfile", ps, depth, &q_u->backupfile) )
00412 return False;
00413
00414 return True;
00415
00416 }
00417
00418 BOOL eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u,
00419 prs_struct *ps, int depth)
00420 {
00421 if(r_u == NULL)
00422 return False;
00423
00424 prs_debug(ps, depth, desc, "eventlog_io_r_clear_eventlog");
00425 depth++;
00426
00427 if(!prs_align(ps))
00428 return False;
00429 if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
00430 return False;
00431
00432 return True;
00433 }