rpc_server/srv_eventlog_nt.c

ソースコードを見る。

データ構造

struct  EVENTLOG_INFO

関数

static void free_eventlog_info (void *ptr)
static EVENTLOG_INFOfind_eventlog_info_by_hnd (pipes_struct *p, POLICY_HND *handle)
static BOOL elog_check_access (EVENTLOG_INFO *info, NT_USER_TOKEN *token)
static BOOL elog_validate_logname (const char *name)
static BOOL get_num_records_hook (EVENTLOG_INFO *info)
static BOOL get_oldest_entry_hook (EVENTLOG_INFO *info)
static NTSTATUS elog_open (pipes_struct *p, const char *logname, POLICY_HND *hnd)
static NTSTATUS elog_close (pipes_struct *p, POLICY_HND *hnd)
static int elog_size (EVENTLOG_INFO *info)
static Eventlog_entryget_eventlog_record (prs_struct *ps, TDB_CONTEXT *tdb, int recno, Eventlog_entry *ee)
static BOOL sync_eventlog_params (EVENTLOG_INFO *info)
static Eventlog_entryread_package_entry (prs_struct *ps, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *entry)
static BOOL add_record_to_resp (EVENTLOG_R_READ_EVENTLOG *r_u, Eventlog_entry *ee_new)
NTSTATUS _eventlog_open_eventlog (pipes_struct *p, EVENTLOG_Q_OPEN_EVENTLOG *q_u, EVENTLOG_R_OPEN_EVENTLOG *r_u)
NTSTATUS _eventlog_clear_eventlog (pipes_struct *p, EVENTLOG_Q_CLEAR_EVENTLOG *q_u, EVENTLOG_R_CLEAR_EVENTLOG *r_u)
NTSTATUS _eventlog_close_eventlog (pipes_struct *p, EVENTLOG_Q_CLOSE_EVENTLOG *q_u, EVENTLOG_R_CLOSE_EVENTLOG *r_u)
NTSTATUS _eventlog_read_eventlog (pipes_struct *p, EVENTLOG_Q_READ_EVENTLOG *q_u, EVENTLOG_R_READ_EVENTLOG *r_u)
NTSTATUS _eventlog_get_oldest_entry (pipes_struct *p, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u, EVENTLOG_R_GET_OLDEST_ENTRY *r_u)
NTSTATUS _eventlog_get_num_records (pipes_struct *p, EVENTLOG_Q_GET_NUM_RECORDS *q_u, EVENTLOG_R_GET_NUM_RECORDS *r_u)


関数

static void free_eventlog_info ( void *  ptr  )  [static]

srv_eventlog_nt.c41 行で定義されています。

参照先 elog_close_tdb()EVENTLOG_INFO::etdb.

参照元 elog_open().

00042 {
00043         EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr;
00044         
00045         if ( elog->etdb )
00046                 elog_close_tdb( elog->etdb, False );
00047         
00048         TALLOC_FREE( elog );
00049 }

static EVENTLOG_INFO* find_eventlog_info_by_hnd ( pipes_struct p,
POLICY_HND handle 
) [static]

srv_eventlog_nt.c54 行で定義されています。

参照先 find_policy_by_hnd()handle.

参照元 _eventlog_clear_eventlog()_eventlog_get_num_records()_eventlog_get_oldest_entry()_eventlog_open_eventlog()_eventlog_read_eventlog().

00056 {
00057         EVENTLOG_INFO *info;
00058 
00059         if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
00060                 DEBUG( 2,
00061                        ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
00062                 return NULL;
00063         }
00064 
00065         return info;
00066 }

static BOOL elog_check_access ( EVENTLOG_INFO info,
NT_USER_TOKEN token 
) [static]

srv_eventlog_nt.c71 行で定義されています。

参照先 EVENTLOG_INFO::access_grantedelog_tdbname()get_nt_acl_no_snum()get_root_nt_token()EVENTLOG_INFO::lognament_errstr()ntstatusse_access_check()sec_initial_uid().

参照元 elog_open().

00072 {
00073         char *tdbname = elog_tdbname( info->logname );
00074         SEC_DESC *sec_desc;
00075         BOOL ret;
00076         NTSTATUS ntstatus;
00077         
00078         if ( !tdbname ) 
00079                 return False;
00080         
00081         /* get the security descriptor for the file */
00082         
00083         sec_desc = get_nt_acl_no_snum( info, tdbname );
00084         SAFE_FREE( tdbname );
00085         
00086         if ( !sec_desc ) {
00087                 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", 
00088                         tdbname));
00089                 return False;
00090         }
00091         
00092         /* root free pass */
00093 
00094         if ( geteuid() == sec_initial_uid() ) {
00095                 DEBUG(5,("elog_check_access: using root's token\n"));
00096                 token = get_root_nt_token();
00097         }
00098 
00099         /* run the check, try for the max allowed */
00100         
00101         ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
00102                 &info->access_granted, &ntstatus );
00103                 
00104         if ( sec_desc )
00105                 TALLOC_FREE( sec_desc );
00106                 
00107         if ( !ret ) {
00108                 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
00109                         nt_errstr( ntstatus)));
00110                 return False;
00111         }
00112         
00113         /* we have to have READ permission for a successful open */
00114         
00115         return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
00116 }

static BOOL elog_validate_logname ( const char *  name  )  [static]

srv_eventlog_nt.c121 行で定義されています。

参照先 strequal().

参照元 elog_open().

00122 {
00123         int i;
00124         const char **elogs = lp_eventlog_list();
00125         
00126         if (!elogs) {
00127                 return False;
00128         }
00129 
00130         for ( i=0; elogs[i]; i++ ) {
00131                 if ( strequal( name, elogs[i] ) )
00132                         return True;
00133         }
00134         
00135         return False;
00136 }

static BOOL get_num_records_hook ( EVENTLOG_INFO info  )  [static]

srv_eventlog_nt.c141 行で定義されています。

参照先 EVENTLOG_INFO::etdbEVENTLOG_INFO::lognamenext_record()EVENTLOG_INFO::num_recordsEVENTLOG_INFO::oldest_entrytdb_fetch_int32()tdb_lock_bystring_with_timeout()tdb_unlock_bystring().

参照元 _eventlog_get_num_records()get_oldest_entry_hook().

00142 {
00143         int next_record;
00144         int oldest_record;
00145 
00146         if ( !info->etdb ) {
00147                 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
00148                 return False;
00149         }
00150 
00151         /* lock the tdb since we have to get 2 records */
00152 
00153         tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
00154         next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
00155         oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
00156         tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
00157 
00158         DEBUG( 8,
00159                ( "Oldest Record %d; Next Record %d\n", oldest_record,
00160                  next_record ) );
00161 
00162         info->num_records = ( next_record - oldest_record );
00163         info->oldest_entry = oldest_record;
00164 
00165         return True;
00166 }

static BOOL get_oldest_entry_hook ( EVENTLOG_INFO info  )  [static]

srv_eventlog_nt.c171 行で定義されています。

参照先 get_num_records_hook().

参照元 _eventlog_get_oldest_entry()elog_open().

00172 {
00173         /* it's the same thing */
00174         return get_num_records_hook( info );
00175 }

static NTSTATUS elog_open ( pipes_struct p,
const char *  logname,
POLICY_HND hnd 
) [static]

srv_eventlog_nt.c180 行で定義されています。

参照先 become_root()create_policy_hnd()elog_check_access()elog_close_tdb()elog_open_tdb()elog_validate_logname()EVENTLOG_INFO::etdbfree_eventlog_info()get_oldest_entry_hook()EVENTLOG_INFO::lognamecurrent_user::nt_user_tokenpipes_struct::pipe_userstrequal()talloc_strdup()unbecome_root().

参照元 _eventlog_open_eventlog().

00181 {
00182         EVENTLOG_INFO *elog;
00183         
00184         /* first thing is to validate the eventlog name */
00185         
00186         if ( !elog_validate_logname( logname ) )
00187                 return NT_STATUS_OBJECT_PATH_INVALID;
00188         
00189         if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
00190                 return NT_STATUS_NO_MEMORY;
00191                 
00192         elog->logname = talloc_strdup( elog, logname );
00193         
00194         /* Open the tdb first (so that we can create any new tdbs if necessary).
00195            We have to do this as root and then use an internal access check 
00196            on the file permissions since you can only have a tdb open once
00197            in a single process */
00198 
00199         become_root();
00200         elog->etdb = elog_open_tdb( elog->logname, False );
00201         unbecome_root();
00202 
00203         if ( !elog->etdb ) {
00204                 /* according to MSDN, if the logfile cannot be found, we should
00205                   default to the "Application" log */
00206         
00207                 if ( !strequal( logname, ELOG_APPL ) ) {
00208                 
00209                         TALLOC_FREE( elog->logname );
00210                         
00211                         elog->logname = talloc_strdup( elog, ELOG_APPL );                       
00212 
00213                         /* do the access check */
00214                         if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
00215                                 TALLOC_FREE( elog );
00216                                 return NT_STATUS_ACCESS_DENIED;
00217                         }
00218         
00219                         become_root();
00220                         elog->etdb = elog_open_tdb( elog->logname, False );
00221                         unbecome_root();
00222                 }       
00223                 
00224                 if ( !elog->etdb ) {
00225                         TALLOC_FREE( elog );
00226                         return NT_STATUS_ACCESS_DENIED; /* ??? */               
00227                 }
00228         }
00229         
00230         /* now do the access check.  Close the tdb if we fail here */
00231 
00232         if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
00233                 elog_close_tdb( elog->etdb, False );
00234                 TALLOC_FREE( elog );
00235                 return NT_STATUS_ACCESS_DENIED;
00236         }
00237         
00238         /* create the policy handle */
00239         
00240         if ( !create_policy_hnd
00241              ( p, hnd, free_eventlog_info, ( void * ) elog ) ) {
00242                 free_eventlog_info( elog );
00243                 return NT_STATUS_NO_MEMORY;
00244         }
00245 
00246         /* set the initial current_record pointer */
00247 
00248         if ( !get_oldest_entry_hook( elog ) ) {
00249                 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
00250                         "get any information on internal records!\n"));
00251         }       
00252 
00253         elog->current_record = elog->oldest_entry;
00254 
00255         return NT_STATUS_OK;
00256 }

static NTSTATUS elog_close ( pipes_struct p,
POLICY_HND hnd 
) [static]

srv_eventlog_nt.c261 行で定義されています。

参照先 close_policy_hnd().

参照元 _eventlog_close_eventlog()_eventlog_open_eventlog().

00262 {
00263         if ( !( close_policy_hnd( p, hnd ) ) ) {
00264                 return NT_STATUS_INVALID_HANDLE;
00265         }
00266 
00267         return NT_STATUS_OK;
00268 }

static int elog_size ( EVENTLOG_INFO info  )  [static]

srv_eventlog_nt.c273 行で定義されています。

参照先 elog_tdb_size()EVENTLOG_INFO::etdb.

参照元 _eventlog_open_eventlog().

00274 {
00275         if ( !info || !info->etdb ) {
00276                 DEBUG(0,("elog_size: Invalid info* structure!\n"));
00277                 return 0;
00278         }
00279 
00280         return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
00281 }

static Eventlog_entry* get_eventlog_record ( prs_struct ps,
TDB_CONTEXT tdb,
int  recno,
Eventlog_entry ee 
) [static]

srv_eventlog_nt.c288 行で定義されています。

参照先 Eventlog_record::closing_record_numberEventlog_data_record::computer_nameEventlog_data_record::computer_name_lenEventlog_record::data_lengthEventlog_record::data_offsetEventlog_data_record::data_paddingeventlog_entry::data_recordTDB_DATA::dptrTDB_DATA::dsizeEventlog_record::event_categoryEventlog_record::event_idEventlog_record::event_typelenEventlog_record::lengthEventlog_record::num_stringseventlog_entry::recordEventlog_record::record_numberEventlog_record::reserved1Eventlog_record::reserved2Eventlog_data_record::sidEventlog_data_record::sid_paddingEventlog_data_record::source_nameEventlog_data_record::source_name_lenEventlog_record::string_offsetEventlog_data_record::stringsEventlog_data_record::strings_lentdbtdb_fetch()tdb_unpack()Eventlog_record::time_generatedEventlog_record::time_writtenEventlog_data_record::user_dataEventlog_data_record::user_data_lenEventlog_record::user_sid_lengthEventlog_record::user_sid_offset.

参照元 _eventlog_read_eventlog().

00290 {
00291         TDB_DATA ret, key;
00292 
00293         int srecno;
00294         int reclen;
00295         int len;
00296 
00297         pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata;
00298 
00299         key.dsize = sizeof( int32 );
00300 
00301         srecno = recno;
00302         key.dptr = ( char * ) &srecno;
00303 
00304         ret = tdb_fetch( tdb, key );
00305 
00306         if ( ret.dsize == 0 ) {
00307                 DEBUG( 8,
00308                        ( "Can't find a record for the key, record %d\n",
00309                          recno ) );
00310                 return NULL;
00311         }
00312 
00313         len = tdb_unpack( ret.dptr, ret.dsize, "d", &reclen );
00314 
00315         DEBUG( 10, ( "Unpacking record %d, size is %d\n", srecno, len ) );
00316 
00317         if ( !len )
00318                 return NULL;
00319 
00320         /* ee = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); */
00321 
00322         if ( !ee )
00323                 return NULL;
00324 
00325         len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd",
00326                           &ee->record.length, &ee->record.reserved1,
00327                           &ee->record.record_number,
00328                           &ee->record.time_generated,
00329                           &ee->record.time_written, &ee->record.event_id,
00330                           &ee->record.event_type, &ee->record.num_strings,
00331                           &ee->record.event_category, &ee->record.reserved2,
00332                           &ee->record.closing_record_number,
00333                           &ee->record.string_offset,
00334                           &ee->record.user_sid_length,
00335                           &ee->record.user_sid_offset,
00336                           &ee->record.data_length, &ee->record.data_offset,
00337                           &ee->data_record.source_name_len, &wpsource,
00338                           &ee->data_record.computer_name_len, &wpcomputer,
00339                           &ee->data_record.sid_padding,
00340                           &ee->record.user_sid_length, &wpsid,
00341                           &ee->data_record.strings_len, &wpstrs,
00342                           &ee->data_record.user_data_len, &puserdata,
00343                           &ee->data_record.data_padding );
00344         DEBUG( 10,
00345                ( "Read record %d, len in tdb was %d\n",
00346                  ee->record.record_number, len ) );
00347 
00348         /* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff
00349            into it's 2nd argment for 'B' */
00350 
00351         if ( wpcomputer )
00352                 memcpy( ee->data_record.computer_name, wpcomputer,
00353                         ee->data_record.computer_name_len );
00354         if ( wpsource )
00355                 memcpy( ee->data_record.source_name, wpsource,
00356                         ee->data_record.source_name_len );
00357 
00358         if ( wpsid )
00359                 memcpy( ee->data_record.sid, wpsid,
00360                         ee->record.user_sid_length );
00361         if ( wpstrs )
00362                 memcpy( ee->data_record.strings, wpstrs,
00363                         ee->data_record.strings_len );
00364 
00365         /* note that userdata is a pstring */
00366         if ( puserdata )
00367                 memcpy( ee->data_record.user_data, puserdata,
00368                         ee->data_record.user_data_len );
00369 
00370         SAFE_FREE( wpcomputer );
00371         SAFE_FREE( wpsource );
00372         SAFE_FREE( wpsid );
00373         SAFE_FREE( wpstrs );
00374         SAFE_FREE( puserdata );
00375 
00376         DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) );
00377         DEBUG( 10,
00378                ( "get_eventlog_record: computer_name %d is ",
00379                  ee->data_record.computer_name_len ) );
00380         SAFE_FREE( ret.dptr );
00381         return ee;
00382 }

static BOOL sync_eventlog_params ( EVENTLOG_INFO info  )  [static]

srv_eventlog_nt.c389 行で定義されています。

参照先 dos_errstr()EVENTLOG_INFO::etdbfetch_reg_values()get_root_nt_token()EVENTLOG_INFO::lognamepstr_sprintf()regkey_close_internal()regkey_open_internal()regval_ctr_getvalue()regval_data_p()tdb_store_int32()values.

参照元 _eventlog_open_eventlog().

00390 {
00391         pstring path;
00392         uint32 uiMaxSize;
00393         uint32 uiRetention;
00394         REGISTRY_KEY *keyinfo;
00395         REGISTRY_VALUE *val;
00396         REGVAL_CTR *values;
00397         WERROR wresult;
00398         char *elogname = info->logname;
00399 
00400         DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
00401 
00402         if ( !info->etdb ) {
00403                 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
00404                 return False;
00405         }
00406         /* set resonable defaults.  512Kb on size and 1 week on time */
00407 
00408         uiMaxSize = 0x80000;
00409         uiRetention = 604800;
00410 
00411         /* the general idea is to internally open the registry 
00412            key and retreive the values.  That way we can continue 
00413            to use the same fetch/store api that we use in 
00414            srv_reg_nt.c */
00415 
00416         pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname );
00417 
00418         wresult =
00419                 regkey_open_internal( &keyinfo, path, get_root_nt_token(  ),
00420                                       REG_KEY_READ );
00421 
00422         if ( !W_ERROR_IS_OK( wresult ) ) {
00423                 DEBUG( 4,
00424                        ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
00425                          path, dos_errstr( wresult ) ) );
00426                 return False;
00427         }
00428 
00429         if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) {
00430                 TALLOC_FREE( keyinfo );
00431                 DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) );
00432 
00433                 return False;
00434         }
00435         fetch_reg_values( keyinfo, values );
00436 
00437         if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL )
00438                 uiRetention = IVAL( regval_data_p( val ), 0 );
00439 
00440         if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL )
00441                 uiMaxSize = IVAL( regval_data_p( val ), 0 );
00442 
00443         regkey_close_internal( keyinfo );
00444 
00445         tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
00446         tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
00447 
00448         return True;
00449 }

static Eventlog_entry* read_package_entry ( prs_struct ps,
EVENTLOG_Q_READ_EVENTLOG q_u,
EVENTLOG_R_READ_EVENTLOG r_u,
Eventlog_entry entry 
) [static]

srv_eventlog_nt.c454 行で定義されています。

参照先 Eventlog_data_record::computer_nameEventlog_data_record::computer_name_leneventlog_entry::dataEventlog_record::data_lengthEventlog_record::data_offsetEventlog_data_record::data_paddingeventlog_entry::data_recordEventlog_record::lengtheventlog_entry::recordEventlog_data_record::sidEventlog_data_record::sid_paddingEventlog_data_record::source_nameEventlog_data_record::source_name_lenEventlog_record::string_offsetEventlog_data_record::stringsEventlog_data_record::strings_lenEventlog_data_record::user_dataEventlog_data_record::user_data_lenEventlog_record::user_sid_lengthEventlog_record::user_sid_offset.

参照元 _eventlog_read_eventlog().

00458 {
00459         uint8 *offset;
00460         Eventlog_entry *ee_new = NULL;
00461 
00462         ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 );
00463         if ( ee_new == NULL ) {
00464                 return NULL;
00465         }
00466 
00467         entry->data_record.sid_padding =
00468                 ( ( 4 -
00469                     ( ( entry->data_record.source_name_len +
00470                         entry->data_record.computer_name_len ) % 4 ) ) % 4 );
00471         entry->data_record.data_padding =
00472                 ( 4 -
00473                   ( ( entry->data_record.strings_len +
00474                       entry->data_record.user_data_len ) % 4 ) ) % 4;
00475         entry->record.length = sizeof( Eventlog_record );
00476         entry->record.length += entry->data_record.source_name_len;
00477         entry->record.length += entry->data_record.computer_name_len;
00478         if ( entry->record.user_sid_length == 0 ) {
00479                 /* Should not pad to a DWORD boundary for writing out the sid if there is
00480                    no SID, so just propagate the padding to pad the data */
00481                 entry->data_record.data_padding +=
00482                         entry->data_record.sid_padding;
00483                 entry->data_record.sid_padding = 0;
00484         }
00485         DEBUG( 10,
00486                ( "sid_padding is [%d].\n", entry->data_record.sid_padding ) );
00487         DEBUG( 10,
00488                ( "data_padding is [%d].\n",
00489                  entry->data_record.data_padding ) );
00490 
00491         entry->record.length += entry->data_record.sid_padding;
00492         entry->record.length += entry->record.user_sid_length;
00493         entry->record.length += entry->data_record.strings_len;
00494         entry->record.length += entry->data_record.user_data_len;
00495         entry->record.length += entry->data_record.data_padding;
00496         /* need another copy of length at the end of the data */
00497         entry->record.length += sizeof( entry->record.length );
00498         DEBUG( 10,
00499                ( "entry->record.length is [%d].\n", entry->record.length ) );
00500         entry->data =
00501                 PRS_ALLOC_MEM( ps, uint8,
00502                                entry->record.length -
00503                                sizeof( Eventlog_record ) -
00504                                sizeof( entry->record.length ) );
00505         if ( entry->data == NULL ) {
00506                 return NULL;
00507         }
00508         offset = entry->data;
00509         memcpy( offset, &( entry->data_record.source_name ),
00510                 entry->data_record.source_name_len );
00511         offset += entry->data_record.source_name_len;
00512         memcpy( offset, &( entry->data_record.computer_name ),
00513                 entry->data_record.computer_name_len );
00514         offset += entry->data_record.computer_name_len;
00515         /* SID needs to be DWORD-aligned */
00516         offset += entry->data_record.sid_padding;
00517         entry->record.user_sid_offset =
00518                 sizeof( Eventlog_record ) + ( offset - entry->data );
00519         memcpy( offset, &( entry->data_record.sid ),
00520                 entry->record.user_sid_length );
00521         offset += entry->record.user_sid_length;
00522         /* Now do the strings */
00523         entry->record.string_offset =
00524                 sizeof( Eventlog_record ) + ( offset - entry->data );
00525         memcpy( offset, &( entry->data_record.strings ),
00526                 entry->data_record.strings_len );
00527         offset += entry->data_record.strings_len;
00528         /* Now do the data */
00529         entry->record.data_length = entry->data_record.user_data_len;
00530         entry->record.data_offset =
00531                 sizeof( Eventlog_record ) + ( offset - entry->data );
00532         memcpy( offset, &( entry->data_record.user_data ),
00533                 entry->data_record.user_data_len );
00534         offset += entry->data_record.user_data_len;
00535 
00536         memcpy( &( ee_new->record ), &entry->record,
00537                 sizeof( Eventlog_record ) );
00538         memcpy( &( ee_new->data_record ), &entry->data_record,
00539                 sizeof( Eventlog_data_record ) );
00540         ee_new->data = entry->data;
00541 
00542         return ee_new;
00543 }

static BOOL add_record_to_resp ( EVENTLOG_R_READ_EVENTLOG r_u,
Eventlog_entry ee_new 
) [static]

srv_eventlog_nt.c548 行で定義されています。

参照先 EVENTLOG_R_READ_EVENTLOG::entryEventlog_record::lengtheventlog_entry::nextEVENTLOG_R_READ_EVENTLOG::num_bytes_in_respEVENTLOG_R_READ_EVENTLOG::num_recordseventlog_entry::record.

参照元 _eventlog_read_eventlog().

00550 {
00551         Eventlog_entry *insert_point;
00552 
00553         insert_point = r_u->entry;
00554 
00555         if ( NULL == insert_point ) {
00556                 r_u->entry = ee_new;
00557                 ee_new->next = NULL;
00558         } else {
00559                 while ( ( NULL != insert_point->next ) ) {
00560                         insert_point = insert_point->next;
00561                 }
00562                 ee_new->next = NULL;
00563                 insert_point->next = ee_new;
00564         }
00565         r_u->num_records++;
00566         r_u->num_bytes_in_resp += ee_new->record.length;
00567 
00568         return True;
00569 }

NTSTATUS _eventlog_open_eventlog ( pipes_struct p,
EVENTLOG_Q_OPEN_EVENTLOG q_u,
EVENTLOG_R_OPEN_EVENTLOG r_u 
)

srv_eventlog_nt.c574 行で定義されています。

参照先 UNISTR2::bufferelog_close()elog_open()elog_size()EVENTLOG_INFO::etdbfind_eventlog_info_by_hnd()EVENTLOG_R_OPEN_EVENTLOG::handleEVENTLOG_Q_OPEN_EVENTLOG::lognameprune_eventlog()resultrpcstr_pull()EVENTLOG_Q_OPEN_EVENTLOG::servernameUNISTR4::stringsync_eventlog_params()UNISTR2::uni_str_len.

参照元 api_eventlog_open_eventlog().

00577 {
00578         fstring servername, logname;
00579         EVENTLOG_INFO *info;
00580         NTSTATUS result;
00581 
00582         fstrcpy( servername, "" );
00583         if ( q_u->servername.string ) {
00584                 rpcstr_pull( servername, q_u->servername.string->buffer,
00585                              sizeof( servername ),
00586                              q_u->servername.string->uni_str_len * 2, 0 );
00587         }
00588 
00589         fstrcpy( logname, "" );
00590         if ( q_u->logname.string ) {
00591                 rpcstr_pull( logname, q_u->logname.string->buffer,
00592                              sizeof( logname ),
00593                              q_u->logname.string->uni_str_len * 2, 0 );
00594         }
00595         
00596         DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n",
00597                 servername, logname ));
00598                 
00599         /* according to MSDN, if the logfile cannot be found, we should
00600           default to the "Application" log */
00601           
00602         if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) )
00603                 return result;
00604 
00605         if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) {
00606                 DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n",
00607                         logname ));
00608                 elog_close( p, &r_u->handle );
00609                 return NT_STATUS_INVALID_HANDLE;
00610         }
00611 
00612         DEBUG(10,("_eventlog_open_eventlog: Size [%d]\n", elog_size( info )));
00613 
00614         sync_eventlog_params( info );
00615         prune_eventlog( ELOG_TDB_CTX(info->etdb) );
00616 
00617         return NT_STATUS_OK;
00618 }

NTSTATUS _eventlog_clear_eventlog ( pipes_struct p,
EVENTLOG_Q_CLEAR_EVENTLOG q_u,
EVENTLOG_R_CLEAR_EVENTLOG r_u 
)

srv_eventlog_nt.c624 行で定義されています。

参照先 EVENTLOG_INFO::access_grantedEVENTLOG_Q_CLEAR_EVENTLOG::backupfilebecome_root()UNISTR2::bufferelog_close_tdb()elog_open_tdb()EVENTLOG_INFO::etdbfind_eventlog_info_by_hnd()EVENTLOG_Q_CLEAR_EVENTLOG::handleEVENTLOG_INFO::lognamerpcstr_pull()UNISTR4::stringunbecome_root()UNISTR2::uni_str_len.

参照元 api_eventlog_clear_eventlog().

00627 {
00628         EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
00629         pstring backup_file_name;
00630 
00631         if ( !info )
00632                 return NT_STATUS_INVALID_HANDLE;
00633 
00634         pstrcpy( backup_file_name, "" );
00635         if ( q_u->backupfile.string ) {
00636                 rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer,
00637                              sizeof( backup_file_name ),
00638                              q_u->backupfile.string->uni_str_len * 2, 0 );
00639 
00640                 DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup "
00641                         "file name for log [%s].",
00642                          backup_file_name, info->logname ) );
00643         }
00644 
00645         /* check for WRITE access to the file */
00646 
00647         if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
00648                 return NT_STATUS_ACCESS_DENIED;
00649 
00650         /* Force a close and reopen */
00651 
00652         elog_close_tdb( info->etdb, True ); 
00653         become_root();
00654         info->etdb = elog_open_tdb( info->logname, True );
00655         unbecome_root();
00656 
00657         if ( !info->etdb )
00658                 return NT_STATUS_ACCESS_DENIED;
00659 
00660         return NT_STATUS_OK;
00661 }

NTSTATUS _eventlog_close_eventlog ( pipes_struct p,
EVENTLOG_Q_CLOSE_EVENTLOG q_u,
EVENTLOG_R_CLOSE_EVENTLOG r_u 
)

srv_eventlog_nt.c666 行で定義されています。

参照先 elog_close()EVENTLOG_Q_CLOSE_EVENTLOG::handle.

参照元 api_eventlog_close_eventlog().

00669 {
00670         return elog_close( p, &q_u->handle );
00671 }

NTSTATUS _eventlog_read_eventlog ( pipes_struct p,
EVENTLOG_Q_READ_EVENTLOG q_u,
EVENTLOG_R_READ_EVENTLOG r_u 
)

srv_eventlog_nt.c676 行で定義されています。

参照先 add_record_to_resp()EVENTLOG_R_READ_EVENTLOG::bytes_in_next_recordEVENTLOG_INFO::current_recordEVENTLOG_INFO::etdbfind_eventlog_info_by_hnd()EVENTLOG_Q_READ_EVENTLOG::flagsEVENTLOG_INFO::flagsget_eventlog_record()EVENTLOG_Q_READ_EVENTLOG::handleEventlog_record::lengthEVENTLOG_Q_READ_EVENTLOG::max_read_sizeEVENTLOG_R_READ_EVENTLOG::num_bytes_in_respEVENTLOG_R_READ_EVENTLOG::num_recordsEVENTLOG_Q_READ_EVENTLOG::offsetpipes_struct::out_data_output_data::rdataread_package_entry()eventlog_entry::record.

参照元 api_eventlog_read_eventlog().

00679 {
00680         EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
00681         Eventlog_entry entry, *ee_new;
00682         uint32 num_records_read = 0;
00683         prs_struct *ps;
00684         int bytes_left, record_number;
00685         uint32 elog_read_type, elog_read_dir;
00686 
00687         if (info == NULL) {
00688                 return NT_STATUS_INVALID_HANDLE;
00689         }
00690 
00691         info->flags = q_u->flags;
00692         ps = &p->out_data.rdata;
00693 
00694         bytes_left = q_u->max_read_size;
00695 
00696         if ( !info->etdb ) 
00697                 return NT_STATUS_ACCESS_DENIED;
00698                 
00699         /* check for valid flags.  Can't use the sequential and seek flags together */
00700 
00701         elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
00702         elog_read_dir = q_u->flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
00703 
00704         if ( elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) 
00705                 ||  elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ) )
00706         {
00707                 DEBUG(3,("_eventlog_read_eventlog: Invalid flags [0x%x] for ReadEventLog\n", q_u->flags));
00708                 return NT_STATUS_INVALID_PARAMETER;
00709         }
00710 
00711         /* a sequential read should ignore the offset */
00712 
00713         if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ )
00714                 record_number = info->current_record;
00715         else 
00716                 record_number = q_u->offset;
00717 
00718         while ( bytes_left > 0 ) {
00719 
00720                 /* assume that when the record fetch fails, that we are done */
00721 
00722                 if ( !get_eventlog_record ( ps, ELOG_TDB_CTX(info->etdb), record_number, &entry ) ) 
00723                         break;
00724 
00725                 DEBUG( 8, ( "Retrieved record %d\n", record_number ) );
00726                                
00727                 /* Now see if there is enough room to add */
00728 
00729                 if ( !(ee_new = read_package_entry( ps, q_u, r_u,&entry )) )
00730                         return NT_STATUS_NO_MEMORY;
00731 
00732                 if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
00733                         r_u->bytes_in_next_record = ee_new->record.length;
00734 
00735                         /* response would be too big to fit in client-size buffer */
00736                                 
00737                         bytes_left = 0;
00738                         break;
00739                 }
00740                         
00741                 add_record_to_resp( r_u, ee_new );
00742                 bytes_left -= ee_new->record.length;
00743                 ZERO_STRUCT( entry );
00744                 num_records_read = r_u->num_records - num_records_read;
00745                                 
00746                 DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total "
00747                         "of [%d] records using [%d] bytes out of a max of [%d].\n",
00748                          num_records_read, r_u->num_records,
00749                          r_u->num_bytes_in_resp,
00750                          q_u->max_read_size ) );
00751 
00752                 if ( info->flags & EVENTLOG_FORWARDS_READ )
00753                         record_number++;
00754                 else
00755                         record_number--;
00756                 
00757                 /* update the eventlog record pointer */
00758                 
00759                 info->current_record = record_number;
00760         }
00761 
00762         /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to 
00763            say when there are no more records */
00764 
00765         return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL);
00766 }

NTSTATUS _eventlog_get_oldest_entry ( pipes_struct p,
EVENTLOG_Q_GET_OLDEST_ENTRY q_u,
EVENTLOG_R_GET_OLDEST_ENTRY r_u 
)

srv_eventlog_nt.c771 行で定義されています。

参照先 find_eventlog_info_by_hnd()get_oldest_entry_hook()EVENTLOG_Q_GET_OLDEST_ENTRY::handleEVENTLOG_INFO::oldest_entryEVENTLOG_R_GET_OLDEST_ENTRY::oldest_entry.

参照元 api_eventlog_get_oldest_entry().

00774 {
00775         EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
00776 
00777         if (info == NULL) {
00778                 return NT_STATUS_INVALID_HANDLE;
00779         }
00780 
00781         if ( !( get_oldest_entry_hook( info ) ) )
00782                 return NT_STATUS_ACCESS_DENIED;
00783 
00784         r_u->oldest_entry = info->oldest_entry;
00785 
00786         return NT_STATUS_OK;
00787 }

NTSTATUS _eventlog_get_num_records ( pipes_struct p,
EVENTLOG_Q_GET_NUM_RECORDS q_u,
EVENTLOG_R_GET_NUM_RECORDS r_u 
)

srv_eventlog_nt.c792 行で定義されています。

参照先 find_eventlog_info_by_hnd()get_num_records_hook()EVENTLOG_Q_GET_NUM_RECORDS::handleEVENTLOG_INFO::num_recordsEVENTLOG_R_GET_NUM_RECORDS::num_records.

参照元 api_eventlog_get_num_records().

00795 {
00796         EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
00797 
00798         if (info == NULL) {
00799                 return NT_STATUS_INVALID_HANDLE;
00800         }
00801 
00802         if ( !( get_num_records_hook( info ) ) )
00803                 return NT_STATUS_ACCESS_DENIED;
00804 
00805         r_u->num_records = info->num_records;
00806 
00807         return NT_STATUS_OK;
00808 }


Sambaに対してSat Aug 29 21:24:16 2009に生成されました。  doxygen 1.4.7