LCOV - code coverage report
Current view: top level - source3/utils - net_eventlog.c (source / functions) Hit Total Coverage
Test: coverage report for master 2b515b7d Lines: 0 108 0.0 %
Date: 2024-02-28 12:06:22 Functions: 0 4 0.0 %

          Line data    Source code
       1             : /*
       2             :  * Samba Unix/Linux SMB client library
       3             :  * Distributed SMB/CIFS Server Management Utility
       4             :  * Local win32 eventlog interface
       5             :  *
       6             :  * Copyright (C) Guenther Deschner 2009
       7             :  *
       8             :  * This program is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * This program is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include "includes.h"
      23             : #include "utils/net.h"
      24             : #include "lib/eventlog/eventlog.h"
      25             : 
      26             : /**
      27             :  * Dump an *evt win32 eventlog file
      28             :  *
      29             :  * @param argc  Standard main() style argc.
      30             :  * @param argv  Standard main() style argv. Initial components are already
      31             :  *              stripped.
      32             :  *
      33             :  * @return A shell status integer (0 for success).
      34             :  **/
      35             : 
      36           0 : static int net_eventlog_dump(struct net_context *c, int argc,
      37             :                              const char **argv)
      38             : {
      39           0 :         int ret = -1;
      40           0 :         TALLOC_CTX *ctx = talloc_stackframe();
      41           0 :         enum ndr_err_code ndr_err;
      42           0 :         DATA_BLOB blob;
      43           0 :         struct EVENTLOG_EVT_FILE evt;
      44           0 :         char *s;
      45             : 
      46           0 :         if (argc < 1 || c->display_usage) {
      47           0 :                 d_fprintf(stderr, "%s\nnet eventlog dump <file.evt>\n",
      48             :                           _("Usage:"));
      49           0 :                 goto done;
      50             :         }
      51             : 
      52           0 :         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
      53           0 :         if (!blob.data) {
      54           0 :                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
      55           0 :                 goto done;
      56             :         }
      57             : 
      58           0 :         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt,
      59             :                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
      60           0 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
      61           0 :                 d_fprintf(stderr, _("evt pull failed: %s\n"),
      62             :                           ndr_errstr(ndr_err));
      63           0 :                 goto done;
      64             :         }
      65             : 
      66           0 :         s = NDR_PRINT_STRUCT_STRING(ctx, EVENTLOG_EVT_FILE, &evt);
      67           0 :         if (s) {
      68           0 :                 printf("%s\n", s);
      69             :         }
      70             : 
      71           0 :         ret = 0;
      72           0 :  done:
      73           0 :         TALLOC_FREE(ctx);
      74           0 :         return ret;
      75             : }
      76             : 
      77             : /**
      78             :  * Import an *evt win32 eventlog file to internal tdb representation
      79             :  *
      80             :  * @param argc  Standard main() style argc.
      81             :  * @param argv  Standard main() style argv. Initial components are already
      82             :  *              stripped.
      83             :  *
      84             :  * @return A shell status integer (0 for success).
      85             :  **/
      86             : 
      87           0 : static int net_eventlog_import(struct net_context *c, int argc,
      88             :                                const char **argv)
      89             : {
      90           0 :         int ret = -1;
      91           0 :         TALLOC_CTX *ctx = talloc_stackframe();
      92           0 :         NTSTATUS status;
      93           0 :         enum ndr_err_code ndr_err;
      94           0 :         DATA_BLOB blob;
      95           0 :         uint32_t num_records = 0;
      96           0 :         uint32_t i;
      97           0 :         ELOG_TDB *etdb = NULL;
      98             : 
      99           0 :         struct EVENTLOGHEADER evt_header;
     100           0 :         struct EVENTLOG_EVT_FILE evt;
     101             : 
     102           0 :         if (argc < 2 || c->display_usage) {
     103           0 :                 d_fprintf(stderr,
     104             :                           "%s\nnet eventlog import <file> <eventlog>\n",
     105             :                           _("Usage:"));
     106           0 :                 goto done;
     107             :         }
     108             : 
     109           0 :         blob.data = (uint8_t *)file_load(argv[0], &blob.length, 0, ctx);
     110           0 :         if (!blob.data) {
     111           0 :                 d_fprintf(stderr, _("failed to load evt file: %s\n"), argv[0]);
     112           0 :                 goto done;
     113             :         }
     114             : 
     115             :         /* dump_data(0, blob.data, blob.length); */
     116           0 :         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt_header,
     117             :                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGHEADER);
     118           0 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     119           0 :                 d_fprintf(stderr, _("evt header pull failed: %s\n"),
     120             :                           ndr_errstr(ndr_err));
     121           0 :                 goto done;
     122             :         }
     123             : 
     124           0 :         if (evt_header.Flags & ELF_LOGFILE_HEADER_WRAP) {
     125           0 :                 d_fprintf(stderr, _("input file is wrapped, cannot proceed\n"));
     126           0 :                 goto done;
     127             :         }
     128             : 
     129           0 :         ndr_err = ndr_pull_struct_blob(&blob, ctx, &evt,
     130             :                    (ndr_pull_flags_fn_t)ndr_pull_EVENTLOG_EVT_FILE);
     131           0 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     132           0 :                 d_fprintf(stderr, _("evt pull failed: %s\n"),
     133             :                           ndr_errstr(ndr_err));
     134           0 :                 goto done;
     135             :         }
     136             : 
     137             :         /* NDR_PRINT_DEBUG(EVENTLOG_EVT_FILE, &evt); */
     138             : 
     139           0 :         etdb = elog_open_tdb(argv[1], false, false);
     140           0 :         if (!etdb) {
     141           0 :                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
     142           0 :                           argv[1]);
     143           0 :                 goto done;
     144             :         }
     145             : 
     146           0 :         num_records = evt.hdr.CurrentRecordNumber - evt.hdr.OldestRecordNumber;
     147             : 
     148           0 :         for (i=0; i<num_records; i++) {
     149           0 :                 uint32_t record_number;
     150           0 :                 struct eventlog_Record_tdb e;
     151             : 
     152           0 :                 status = evlog_evt_entry_to_tdb_entry(ctx, &evt.records[i], &e);
     153           0 :                 if (!NT_STATUS_IS_OK(status)) {
     154           0 :                         goto done;
     155             :                 }
     156             : 
     157           0 :                 status = evlog_push_record_tdb(ctx, ELOG_TDB_CTX(etdb),
     158             :                                                &e, &record_number);
     159           0 :                 if (!NT_STATUS_IS_OK(status)) {
     160           0 :                         d_fprintf(stderr,
     161           0 :                                   _("can't write to the eventlog: %s\n"),
     162             :                                   nt_errstr(status));
     163           0 :                         goto done;
     164             :                 }
     165             :         }
     166             : 
     167           0 :         printf(_("wrote %d entries to tdb\n"), i);
     168             : 
     169           0 :         ret = 0;
     170           0 :  done:
     171             : 
     172           0 :         elog_close_tdb(etdb, false);
     173             : 
     174           0 :         TALLOC_FREE(ctx);
     175           0 :         return ret;
     176             : }
     177             : 
     178             : /**
     179             :  * Export internal eventlog tdb representation to an *evt win32 eventlog file
     180             :  *
     181             :  * @param argc  Standard main() style argc.
     182             :  * @param argv  Standard main() style argv. Initial components are already
     183             :  *              stripped.
     184             :  *
     185             :  * @return A shell status integer (0 for success).
     186             :  **/
     187             : 
     188           0 : static int net_eventlog_export(struct net_context *c, int argc,
     189             :                                const char **argv)
     190             : {
     191           0 :         int ret = -1;
     192           0 :         NTSTATUS status;
     193           0 :         TALLOC_CTX *ctx = talloc_stackframe();
     194           0 :         DATA_BLOB blob;
     195           0 :         uint32_t num_records = 0;
     196           0 :         ELOG_TDB *etdb = NULL;
     197             : 
     198           0 :         if (argc < 2 || c->display_usage) {
     199           0 :                 d_fprintf(stderr,
     200             :                           "%s\nnet eventlog export <file> <eventlog>\n",
     201             :                           _("Usage:"));
     202           0 :                 goto done;
     203             :         }
     204             : 
     205           0 :         etdb = elog_open_tdb(argv[1], false, true);
     206           0 :         if (!etdb) {
     207           0 :                 d_fprintf(stderr, _("can't open the eventlog TDB (%s)\n"),
     208           0 :                           argv[1]);
     209           0 :                 goto done;
     210             :         }
     211             : 
     212           0 :         status = evlog_convert_tdb_to_evt(ctx, etdb, &blob, &num_records);
     213           0 :         if (!NT_STATUS_IS_OK(status)) {
     214           0 :                 goto done;
     215             :         }
     216             : 
     217           0 :         if (!file_save(argv[0], blob.data, blob.length)) {
     218           0 :                 d_fprintf(stderr, _("failed to save evt file: %s\n"), argv[0]);
     219           0 :                 goto done;
     220             :         }
     221             : 
     222           0 :         ret = 0;
     223           0 :  done:
     224             : 
     225           0 :         elog_close_tdb(etdb, false);
     226             : 
     227           0 :         TALLOC_FREE(ctx);
     228           0 :         return ret;
     229             : }
     230             : 
     231             : /**
     232             :  * 'net rpc eventlog' entrypoint.
     233             :  * @param argc  Standard main() style argc.
     234             :  * @param argv  Standard main() style argv. Initial components are already
     235             :  *              stripped.
     236             :  **/
     237             : 
     238           0 : int net_eventlog(struct net_context *c, int argc, const char **argv)
     239             : {
     240           0 :         int ret = -1;
     241             : 
     242           0 :         struct functable func[] = {
     243             :                 {
     244             :                         "dump",
     245             :                         net_eventlog_dump,
     246             :                         NET_TRANSPORT_LOCAL,
     247             :                         N_("Dump eventlog"),
     248             :                         N_("net eventlog dump\n"
     249             :                            "    Dump win32 *.evt eventlog file")
     250             :                 },
     251             :                 {
     252             :                         "import",
     253             :                         net_eventlog_import,
     254             :                         NET_TRANSPORT_LOCAL,
     255             :                         N_("Import eventlog"),
     256             :                         N_("net eventlog import\n"
     257             :                            "    Import win32 *.evt eventlog file")
     258             :                 },
     259             :                 {
     260             :                         "export",
     261             :                         net_eventlog_export,
     262             :                         NET_TRANSPORT_LOCAL,
     263             :                         N_("Export eventlog"),
     264             :                         N_("net eventlog export\n"
     265             :                            "    Export win32 *.evt eventlog file")
     266             :                 },
     267             : 
     268             : 
     269             :         { NULL, NULL, 0, NULL, NULL }
     270             :         };
     271             : 
     272           0 :         ret = net_run_function(c, argc, argv, "net eventlog", func);
     273             : 
     274           0 :         return ret;
     275             : }

Generated by: LCOV version 1.14