00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #include "includes.h"
00025
00026
00027
00028
00029
00030
00031 BOOL eventlog_init_keys( void )
00032 {
00033
00034 const char **elogs = lp_eventlog_list( );
00035 pstring evtlogpath;
00036 pstring evtfilepath;
00037 REGSUBKEY_CTR *subkeys;
00038 REGVAL_CTR *values;
00039 uint32 uiMaxSize;
00040 uint32 uiRetention;
00041 uint32 uiCategoryCount;
00042 UNISTR2 data;
00043
00044 while ( elogs && *elogs ) {
00045 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
00046 DEBUG( 0, ( "talloc() failure!\n" ) );
00047 return False;
00048 }
00049 regdb_fetch_keys( KEY_EVENTLOG, subkeys );
00050 regsubkey_ctr_addkey( subkeys, *elogs );
00051 if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) )
00052 return False;
00053 TALLOC_FREE( subkeys );
00054
00055
00056 DEBUG( 5,
00057 ( "Adding key of [%s] to path of [%s]\n", *elogs,
00058 KEY_EVENTLOG ) );
00059
00060 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s",
00061 KEY_EVENTLOG, *elogs );
00062
00063 DEBUG( 5,
00064 ( "Adding key of [%s] to path of [%s]\n", *elogs,
00065 evtlogpath ) );
00066 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
00067 DEBUG( 0, ( "talloc() failure!\n" ) );
00068 return False;
00069 }
00070 regdb_fetch_keys( evtlogpath, subkeys );
00071 regsubkey_ctr_addkey( subkeys, *elogs );
00072
00073 if ( !regdb_store_keys( evtlogpath, subkeys ) )
00074 return False;
00075 TALLOC_FREE( subkeys );
00076
00077
00078 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
00079 DEBUG( 0, ( "talloc() failure!\n" ) );
00080 return False;
00081 }
00082 DEBUG( 5,
00083 ( "Storing values to eventlog path of [%s]\n",
00084 evtlogpath ) );
00085 regdb_fetch_values( evtlogpath, values );
00086
00087
00088 if ( !regval_ctr_key_exists( values, "MaxSize" ) ) {
00089
00090
00091
00092
00093
00094
00095 uiMaxSize = 0x00080000;
00096 uiRetention = 0x93A80;
00097
00098 regval_ctr_addvalue( values, "MaxSize", REG_DWORD,
00099 ( char * ) &uiMaxSize,
00100 sizeof( uint32 ) );
00101
00102 regval_ctr_addvalue( values, "Retention", REG_DWORD,
00103 ( char * ) &uiRetention,
00104 sizeof( uint32 ) );
00105 init_unistr2( &data, *elogs, UNI_STR_TERMINATE );
00106
00107 regval_ctr_addvalue( values, "PrimaryModule", REG_SZ,
00108 ( char * ) data.buffer,
00109 data.uni_str_len *
00110 sizeof( uint16 ) );
00111 init_unistr2( &data, *elogs, UNI_STR_TERMINATE );
00112
00113 regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
00114 ( char * ) data.buffer,
00115 data.uni_str_len *
00116 sizeof( uint16 ) );
00117
00118 pstr_sprintf( evtfilepath, "%%SystemRoot%%\\system32\\config\\%s.tdb", *elogs );
00119 init_unistr2( &data, evtfilepath, UNI_STR_TERMINATE );
00120 regval_ctr_addvalue( values, "File", REG_EXPAND_SZ, ( char * ) data.buffer,
00121 data.uni_str_len * sizeof( uint16 ) );
00122 regdb_store_values( evtlogpath, values );
00123
00124 }
00125
00126 TALLOC_FREE( values );
00127
00128
00129 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s",
00130 KEY_EVENTLOG, *elogs, *elogs );
00131 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
00132 DEBUG( 0, ( "talloc() failure!\n" ) );
00133 return False;
00134 }
00135 DEBUG( 5,
00136 ( "Storing values to eventlog path of [%s]\n",
00137 evtlogpath ) );
00138 regdb_fetch_values( evtlogpath, values );
00139 if ( !regval_ctr_key_exists( values, "CategoryCount" ) ) {
00140
00141
00142
00143 uiCategoryCount = 0x00000007;
00144 regval_ctr_addvalue( values, "CategoryCount",
00145 REG_DWORD,
00146 ( char * ) &uiCategoryCount,
00147 sizeof( uint32 ) );
00148 init_unistr2( &data,
00149 "%SystemRoot%\\system32\\eventlog.dll",
00150 UNI_STR_TERMINATE );
00151
00152 regval_ctr_addvalue( values, "CategoryMessageFile",
00153 REG_EXPAND_SZ,
00154 ( char * ) data.buffer,
00155 data.uni_str_len *
00156 sizeof( uint16 ) );
00157 regdb_store_values( evtlogpath, values );
00158 }
00159 TALLOC_FREE( values );
00160 elogs++;
00161 }
00162
00163 return True;
00164
00165 }
00166
00167
00168
00169
00170
00171
00172
00173 BOOL eventlog_add_source( const char *eventlog, const char *sourcename,
00174 const char *messagefile )
00175 {
00176
00177
00178
00179
00180 const char **elogs = lp_eventlog_list( );
00181 char **wrklist, **wp;
00182 pstring evtlogpath;
00183 REGSUBKEY_CTR *subkeys;
00184 REGVAL_CTR *values;
00185 REGISTRY_VALUE *rval;
00186 UNISTR2 data;
00187 uint16 *msz_wp;
00188 int mbytes, ii;
00189 BOOL already_in;
00190 int i;
00191 int numsources;
00192
00193 if (!elogs) {
00194 return False;
00195 }
00196
00197 for ( i = 0; elogs[i]; i++ ) {
00198 if ( strequal( elogs[i], eventlog ) )
00199 break;
00200 }
00201
00202 if ( !elogs[i] ) {
00203 DEBUG( 0,
00204 ( "Eventlog [%s] not found in list of valid event logs\n",
00205 eventlog ) );
00206 return False;
00207 }
00208
00209
00210
00211
00212
00213
00214 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
00215 DEBUG( 0, ( "talloc() failure!\n" ) );
00216 return False;
00217 }
00218
00219 pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog );
00220
00221 regdb_fetch_values( evtlogpath, values );
00222
00223
00224 if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) {
00225 DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) );
00226 return False;
00227 }
00228
00229
00230
00231 if ( rval->type != REG_MULTI_SZ ) {
00232 DEBUG( 0,
00233 ( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) );
00234 return False;
00235 }
00236
00237
00238 already_in = False;
00239 wrklist = NULL;
00240 dump_data( 1, (const char *)rval->data_p, rval->size );
00241 if ( ( numsources =
00242 regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size,
00243 &wrklist ) ) > 0 ) {
00244
00245 ii = numsources;
00246
00247 wp = wrklist;
00248
00249 while ( ii && wp && *wp ) {
00250 if ( strequal( *wp, sourcename ) ) {
00251 DEBUG( 5,
00252 ( "Source name [%s] already in list for [%s] \n",
00253 sourcename, eventlog ) );
00254 already_in = True;
00255 break;
00256 }
00257 wp++;
00258 ii--;
00259 }
00260 } else {
00261 if ( numsources < 0 ) {
00262 DEBUG( 3, ( "problem in getting the sources\n" ) );
00263 return False;
00264 }
00265 DEBUG( 3,
00266 ( "Nothing in the sources list, this might be a problem\n" ) );
00267 }
00268
00269 wp = wrklist;
00270
00271 if ( !already_in ) {
00272
00273 wp = TALLOC_ARRAY( NULL, char *, numsources + 2 );
00274
00275 if ( !wp ) {
00276 DEBUG( 0, ( "talloc() failed \n" ) );
00277 return False;
00278 }
00279 memcpy( wp, wrklist, sizeof( char * ) * numsources );
00280 *( wp + numsources ) = ( char * ) sourcename;
00281 *( wp + numsources + 1 ) = NULL;
00282 mbytes = regval_build_multi_sz( wp, &msz_wp );
00283 dump_data( 1, ( char * ) msz_wp, mbytes );
00284 regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
00285 ( char * ) msz_wp, mbytes );
00286 regdb_store_values( evtlogpath, values );
00287 TALLOC_FREE( msz_wp );
00288 } else {
00289 DEBUG( 3,
00290 ( "Source name [%s] found in existing list of sources\n",
00291 sourcename ) );
00292 }
00293 TALLOC_FREE( values );
00294 if ( wrklist )
00295 TALLOC_FREE( wrklist );
00296
00297 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
00298 DEBUG( 0, ( "talloc() failure!\n" ) );
00299 return False;
00300 }
00301 pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog );
00302
00303 regdb_fetch_keys( evtlogpath, subkeys );
00304
00305 if ( !regsubkey_ctr_key_exists( subkeys, sourcename ) ) {
00306 DEBUG( 5,
00307 ( " Source name [%s] for eventlog [%s] didn't exist, adding \n",
00308 sourcename, eventlog ) );
00309 regsubkey_ctr_addkey( subkeys, sourcename );
00310 if ( !regdb_store_keys( evtlogpath, subkeys ) )
00311 return False;
00312 }
00313 TALLOC_FREE( subkeys );
00314
00315
00316
00317
00318
00319 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
00320 DEBUG( 0, ( "talloc() failure!\n" ) );
00321 return False;
00322 }
00323 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s",
00324 KEY_EVENTLOG, eventlog, sourcename );
00325
00326 regdb_fetch_keys( evtlogpath, subkeys );
00327
00328
00329 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
00330 DEBUG( 0, ( "talloc() failure!\n" ) );
00331 return False;
00332 }
00333 DEBUG( 5,
00334 ( "Storing EventMessageFile [%s] to eventlog path of [%s]\n",
00335 messagefile, evtlogpath ) );
00336
00337 regdb_fetch_values( evtlogpath, values );
00338
00339 init_unistr2( &data, messagefile, UNI_STR_TERMINATE );
00340
00341 regval_ctr_addvalue( values, "EventMessageFile", REG_SZ,
00342 ( char * ) data.buffer,
00343 data.uni_str_len * sizeof( uint16 ) );
00344 regdb_store_values( evtlogpath, values );
00345
00346 TALLOC_FREE( values );
00347
00348 return True;
00349 }