root/source4/torture/rpc/eventlog.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. init_lsa_String
  2. get_policy_handle
  3. test_GetNumRecords
  4. test_ReadEventLog
  5. test_ReportEventLog
  6. test_FlushEventLog
  7. test_ClearEventLog
  8. test_GetLogInformation
  9. test_OpenEventLog
  10. test_BackupLog
  11. torture_rpc_eventlog

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for eventlog rpc operations
   4 
   5    Copyright (C) Tim Potter 2003,2005
   6    Copyright (C) Jelmer Vernooij 2004
   7    Copyright (C) Guenther Deschner 2009
   8 
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13 
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18 
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 #include "torture/torture.h"
  25 #include "librpc/gen_ndr/ndr_eventlog.h"
  26 #include "librpc/gen_ndr/ndr_eventlog_c.h"
  27 #include "librpc/gen_ndr/ndr_lsa.h"
  28 #include "torture/rpc/rpc.h"
  29 #include "param/param.h"
  30 
  31 #define TEST_BACKUP_NAME "samrtorturetest"
  32 
  33 static void init_lsa_String(struct lsa_String *name, const char *s)
     /* [<][>][^][v][top][bottom][index][help] */
  34 {
  35         name->string = s;
  36         name->length = 2*strlen_m(s);
  37         name->size = name->length;
  38 }
  39 
  40 static bool get_policy_handle(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
  41                               struct dcerpc_pipe *p,
  42                               struct policy_handle *handle)
  43 {
  44         struct eventlog_OpenEventLogW r;
  45         struct eventlog_OpenUnknown0 unknown0;
  46         struct lsa_String logname, servername;
  47 
  48         unknown0.unknown0 = 0x005c;
  49         unknown0.unknown1 = 0x0001;
  50 
  51         r.in.unknown0 = &unknown0;
  52         init_lsa_String(&logname, "dns server");
  53         init_lsa_String(&servername, NULL);
  54         r.in.logname = &logname;
  55         r.in.servername = &servername;
  56         r.in.major_version = 0x00000001;
  57         r.in.minor_version = 0x00000001;
  58         r.out.handle = handle;
  59 
  60         torture_assert_ntstatus_ok(tctx,
  61                         dcerpc_eventlog_OpenEventLogW(p, tctx, &r),
  62                         "OpenEventLog failed");
  63 
  64         torture_assert_ntstatus_ok(tctx, r.out.result, "OpenEventLog failed");
  65 
  66         return true;
  67 }
  68 
  69 
  70 
  71 static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p)
     /* [<][>][^][v][top][bottom][index][help] */
  72 {
  73         struct eventlog_GetNumRecords r;
  74         struct eventlog_CloseEventLog cr;
  75         struct policy_handle handle;
  76         uint32_t number = 0;
  77 
  78         if (!get_policy_handle(tctx, p, &handle))
  79                 return false;
  80 
  81         ZERO_STRUCT(r);
  82         r.in.handle = &handle;
  83         r.out.number = &number;
  84 
  85         torture_assert_ntstatus_ok(tctx,
  86                         dcerpc_eventlog_GetNumRecords(p, tctx, &r),
  87                         "GetNumRecords failed");
  88 
  89         torture_comment(tctx, "%d records\n", *r.out.number);
  90 
  91         cr.in.handle = cr.out.handle = &handle;
  92 
  93         torture_assert_ntstatus_ok(tctx,
  94                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
  95                         "CloseEventLog failed");
  96         return true;
  97 }
  98 
  99 static bool test_ReadEventLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 100                               struct dcerpc_pipe *p)
 101 {
 102         NTSTATUS status;
 103         struct eventlog_ReadEventLogW r;
 104         struct eventlog_CloseEventLog cr;
 105         struct policy_handle handle;
 106 
 107         uint32_t sent_size = 0;
 108         uint32_t real_size = 0;
 109 
 110         if (!get_policy_handle(tctx, p, &handle))
 111                 return false;
 112 
 113         ZERO_STRUCT(r);
 114         r.in.offset = 0;
 115         r.in.handle = &handle;
 116         r.in.flags = 0;
 117         r.out.data = NULL;
 118         r.out.sent_size = &sent_size;
 119         r.out.real_size = &real_size;
 120 
 121         status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
 122 
 123         torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
 124                         "ReadEventLog failed");
 125 
 126         while (1) {
 127                 DATA_BLOB blob;
 128                 struct EVENTLOGRECORD rec;
 129                 enum ndr_err_code ndr_err;
 130                 uint32_t size = 0;
 131                 uint32_t pos = 0;
 132 
 133                 /* Read first for number of bytes in record */
 134 
 135                 r.in.number_of_bytes = 0;
 136                 r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
 137                 r.out.data = NULL;
 138                 r.out.sent_size = &sent_size;
 139                 r.out.real_size = &real_size;
 140 
 141                 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
 142 
 143                 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
 144                         /* FIXME: still need to decode then */
 145                         break;
 146                 }
 147 
 148                 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
 149                         "ReadEventLog failed");
 150 
 151                 /* Now read the actual record */
 152 
 153                 r.in.number_of_bytes = *r.out.real_size;
 154                 r.out.data = talloc_array(tctx, uint8_t, r.in.number_of_bytes);
 155 
 156                 status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r);
 157 
 158                 torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed");
 159 
 160                 /* Decode a user-marshalled record */
 161                 size = IVAL(r.out.data, pos);
 162 
 163                 while (size > 0) {
 164 
 165                         blob = data_blob_const(r.out.data + pos, size);
 166                         dump_data(0, blob.data, blob.length);
 167 
 168                         ndr_err = ndr_pull_struct_blob_all(&blob, tctx,
 169                                 lp_iconv_convenience(tctx->lp_ctx), &rec,
 170                                 (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
 171                         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 172                                 status = ndr_map_error2ntstatus(ndr_err);
 173                                 torture_assert_ntstatus_ok(tctx, status,
 174                                         "ReadEventLog failed parsing event log record");
 175                         }
 176 
 177                         NDR_PRINT_DEBUG(EVENTLOGRECORD, &rec);
 178 
 179                         pos += size;
 180 
 181                         if (pos + 4 > *r.out.sent_size) {
 182                                 break;
 183                         }
 184 
 185                         size = IVAL(r.out.data, pos);
 186                 }
 187 
 188                 torture_assert_ntstatus_ok(tctx, status,
 189                                 "ReadEventLog failed parsing event log record");
 190 
 191                 r.in.offset++;
 192         }
 193 
 194         cr.in.handle = cr.out.handle = &handle;
 195 
 196         torture_assert_ntstatus_ok(tctx,
 197                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 198                         "CloseEventLog failed");
 199 
 200         return true;
 201 }
 202 
 203 static bool test_ReportEventLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 204                                 struct dcerpc_pipe *p)
 205 {
 206         struct eventlog_ReportEventW r;
 207         struct eventlog_CloseEventLog cr;
 208         struct policy_handle handle;
 209 
 210         uint32_t record_number = 0;
 211         time_t time_written = 0;
 212         struct lsa_String servername, *strings;
 213 
 214         if (!get_policy_handle(tctx, p, &handle))
 215                 return false;
 216 
 217         init_lsa_String(&servername, NULL);
 218 
 219         strings = talloc_array(tctx, struct lsa_String, 1);
 220         init_lsa_String(&strings[0], "Currently tortured by samba 4");
 221 
 222         ZERO_STRUCT(r);
 223 
 224         r.in.handle = &handle;
 225         r.in.timestamp = time(NULL);
 226         r.in.event_type = EVENTLOG_INFORMATION_TYPE;
 227         r.in.event_category = 0;
 228         r.in.event_id = 0;
 229         r.in.num_of_strings = 1;
 230         r.in.data_size = 0;
 231         r.in.servername = &servername;
 232         r.in.user_sid = NULL;
 233         r.in.strings = &strings;
 234         r.in.data = NULL;
 235         r.in.flags = 0;
 236         r.out.record_number = &record_number;
 237         r.out.time_written = &time_written;
 238 
 239         torture_assert_ntstatus_ok(tctx,
 240                         dcerpc_eventlog_ReportEventW(p, tctx, &r),
 241                         "ReportEventW failed");
 242 
 243         torture_assert_ntstatus_ok(tctx, r.out.result, "ReportEventW failed");
 244 
 245         cr.in.handle = cr.out.handle = &handle;
 246 
 247         torture_assert_ntstatus_ok(tctx,
 248                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 249                         "CloseEventLog failed");
 250         return true;
 251 }
 252 
 253 static bool test_FlushEventLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 254                                struct dcerpc_pipe *p)
 255 {
 256         struct eventlog_FlushEventLog r;
 257         struct eventlog_CloseEventLog cr;
 258         struct policy_handle handle;
 259 
 260         if (!get_policy_handle(tctx, p, &handle))
 261                 return false;
 262 
 263         r.in.handle = &handle;
 264 
 265         /* Huh?  Does this RPC always return access denied? */
 266         torture_assert_ntstatus_equal(tctx,
 267                         dcerpc_eventlog_FlushEventLog(p, tctx, &r),
 268                         NT_STATUS_ACCESS_DENIED,
 269                         "FlushEventLog failed");
 270 
 271         cr.in.handle = cr.out.handle = &handle;
 272 
 273         torture_assert_ntstatus_ok(tctx,
 274                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 275                         "CloseEventLog failed");
 276 
 277         return true;
 278 }
 279 
 280 static bool test_ClearEventLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 281                                struct dcerpc_pipe *p)
 282 {
 283         struct eventlog_ClearEventLogW r;
 284         struct eventlog_CloseEventLog cr;
 285         struct policy_handle handle;
 286 
 287         if (!get_policy_handle(tctx, p, &handle))
 288                 return false;
 289 
 290         r.in.handle = &handle;
 291         r.in.backupfile = NULL;
 292 
 293         torture_assert_ntstatus_ok(tctx,
 294                         dcerpc_eventlog_ClearEventLogW(p, tctx, &r),
 295                         "ClearEventLog failed");
 296 
 297         cr.in.handle = cr.out.handle = &handle;
 298 
 299         torture_assert_ntstatus_ok(tctx,
 300                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 301                         "CloseEventLog failed");
 302 
 303         return true;
 304 }
 305 
 306 static bool test_GetLogInformation(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 307                                    struct dcerpc_pipe *p)
 308 {
 309         NTSTATUS status;
 310         struct eventlog_GetLogInformation r;
 311         struct eventlog_CloseEventLog cr;
 312         struct policy_handle handle;
 313         uint32_t bytes_needed = 0;
 314 
 315         if (!get_policy_handle(tctx, p, &handle))
 316                 return false;
 317 
 318         r.in.handle = &handle;
 319         r.in.level = 1;
 320         r.in.buf_size = 0;
 321         r.out.buffer = NULL;
 322         r.out.bytes_needed = &bytes_needed;
 323 
 324         status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
 325 
 326         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_LEVEL,
 327                                       "GetLogInformation failed");
 328 
 329         r.in.level = 0;
 330 
 331         status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
 332 
 333         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_BUFFER_TOO_SMALL,
 334                                       "GetLogInformation failed");
 335 
 336         r.in.buf_size = bytes_needed;
 337         r.out.buffer = talloc_array(tctx, uint8_t, bytes_needed);
 338 
 339         status = dcerpc_eventlog_GetLogInformation(p, tctx, &r);
 340 
 341         torture_assert_ntstatus_ok(tctx, status, "GetLogInformation failed");
 342 
 343         cr.in.handle = cr.out.handle = &handle;
 344 
 345         torture_assert_ntstatus_ok(tctx,
 346                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 347                         "CloseEventLog failed");
 348 
 349         return true;
 350 }
 351 
 352 
 353 static bool test_OpenEventLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 354                               struct dcerpc_pipe *p)
 355 {
 356         struct policy_handle handle;
 357         struct eventlog_CloseEventLog cr;
 358 
 359         if (!get_policy_handle(tctx, p, &handle))
 360                 return false;
 361 
 362         cr.in.handle = cr.out.handle = &handle;
 363 
 364         torture_assert_ntstatus_ok(tctx,
 365                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 366                         "CloseEventLog failed");
 367 
 368         return true;
 369 }
 370 
 371 static bool test_BackupLog(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 372                            struct dcerpc_pipe *p)
 373 {
 374         NTSTATUS status;
 375         struct policy_handle handle, backup_handle;
 376         struct eventlog_BackupEventLogW r;
 377         struct eventlog_OpenBackupEventLogW b;
 378         struct eventlog_CloseEventLog cr;
 379         const char *tmp;
 380         struct lsa_String backup_filename;
 381         struct eventlog_OpenUnknown0 unknown0;
 382 
 383         if (!get_policy_handle(tctx, p, &handle))
 384                 return false;
 385 
 386         tmp = talloc_asprintf(tctx, "C:\\%s", TEST_BACKUP_NAME);
 387         init_lsa_String(&backup_filename, tmp);
 388 
 389         r.in.handle = &handle;
 390         r.in.backup_filename = &backup_filename;
 391 
 392         status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
 393         torture_assert_ntstatus_equal(tctx, status,
 394                 NT_STATUS_OBJECT_PATH_SYNTAX_BAD, "BackupEventLogW failed");
 395 
 396         tmp = talloc_asprintf(tctx, "\\??\\C:\\%s", TEST_BACKUP_NAME);
 397         init_lsa_String(&backup_filename, tmp);
 398 
 399         r.in.handle = &handle;
 400         r.in.backup_filename = &backup_filename;
 401 
 402         status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
 403         torture_assert_ntstatus_ok(tctx, status, "BackupEventLogW failed");
 404 
 405         status = dcerpc_eventlog_BackupEventLogW(p, tctx, &r);
 406         torture_assert_ntstatus_equal(tctx, status,
 407                 NT_STATUS_OBJECT_NAME_COLLISION, "BackupEventLogW failed");
 408 
 409         cr.in.handle = cr.out.handle = &handle;
 410 
 411         torture_assert_ntstatus_ok(tctx,
 412                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 413                         "BackupLog failed");
 414 
 415         unknown0.unknown0 = 0x005c;
 416         unknown0.unknown1 = 0x0001;
 417 
 418         b.in.unknown0 = &unknown0;
 419         b.in.backup_logname = &backup_filename;
 420         b.in.major_version = 1;
 421         b.in.minor_version = 1;
 422         b.out.handle = &backup_handle;
 423 
 424         status = dcerpc_eventlog_OpenBackupEventLogW(p, tctx, &b);
 425 
 426         torture_assert_ntstatus_ok(tctx, status, "OpenBackupEventLogW failed");
 427 
 428         cr.in.handle = cr.out.handle = &backup_handle;
 429 
 430         torture_assert_ntstatus_ok(tctx,
 431                         dcerpc_eventlog_CloseEventLog(p, tctx, &cr),
 432                         "CloseEventLog failed");
 433 
 434         return true;
 435 }
 436 
 437 struct torture_suite *torture_rpc_eventlog(TALLOC_CTX *mem_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
 438 {
 439         struct torture_suite *suite;
 440         struct torture_rpc_tcase *tcase;
 441         struct torture_test *test;
 442 
 443         suite = torture_suite_create(mem_ctx, "EVENTLOG");
 444         tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
 445                                                   &ndr_table_eventlog);
 446 
 447         torture_rpc_tcase_add_test(tcase, "OpenEventLog", test_OpenEventLog);
 448         test = torture_rpc_tcase_add_test(tcase, "ClearEventLog",
 449                                           test_ClearEventLog);
 450         test->dangerous = true;
 451         torture_rpc_tcase_add_test(tcase, "GetNumRecords", test_GetNumRecords);
 452         torture_rpc_tcase_add_test(tcase, "ReadEventLog", test_ReadEventLog);
 453         torture_rpc_tcase_add_test(tcase, "ReportEventLog", test_ReportEventLog);
 454         torture_rpc_tcase_add_test(tcase, "FlushEventLog", test_FlushEventLog);
 455         torture_rpc_tcase_add_test(tcase, "GetLogIntormation", test_GetLogInformation);
 456         torture_rpc_tcase_add_test(tcase, "BackupLog", test_BackupLog);
 457 
 458         return suite;
 459 }

/* [<][>][^][v][top][bottom][index][help] */