source3/registry/reg_eventlog.c

   1
   2 /*
   3  *  Unix SMB/CIFS implementation.
   4  *  Virtual Windows Registry Layer
   5  *  Copyright (C) Marcin Krzysztof Porwit    2005,
   6  *  Copyright (C) Brian Moran                2005.
   7  *  Copyright (C) Gerald (Jerry) Carter      2005.
   8  *
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 3 of the License, or
  12  *  (at your option) any later version.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  21  */
  22
  23 #include "includes.h"
  24
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_REGISTRY
  27
  28 /**********************************************************************
  29  for an eventlog, add in the default values
  30 *********************************************************************/
  31
  32 bool eventlog_init_keys(void)
  33 {
  34         /* Find all of the eventlogs, add keys for each of them */
  35         const char **elogs = lp_eventlog_list();
  36         char *evtlogpath = NULL;
  37         char *evtfilepath = NULL;
  38         struct regsubkey_ctr *subkeys;
  39         struct regval_ctr *values;
  40         uint32 uiMaxSize;
  41         uint32 uiRetention;
  42         uint32 uiCategoryCount;
  43         UNISTR2 data;
  44         TALLOC_CTX *ctx = talloc_tos();
  45         WERROR werr;
  46
  47         while (elogs && *elogs) {
  48                 werr = regsubkey_ctr_init(ctx, &subkeys);
  49                 if (!W_ERROR_IS_OK(werr)) {
  50                         DEBUG( 0, ( "talloc() failure!\n" ) );
  51                         return False;
  52                 }
  53                 regdb_fetch_keys(KEY_EVENTLOG, subkeys);
  54                 regsubkey_ctr_addkey( subkeys, *elogs );
  55                 if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) ) {
  56                         TALLOC_FREE(subkeys);
  57                         return False;
  58                 }
  59                 TALLOC_FREE(subkeys);
  60
  61                 /* add in the key of form KEY_EVENTLOG/Application */
  62                 DEBUG( 5,
  63                        ( "Adding key of [%s] to path of [%s]\n", *elogs,
  64                          KEY_EVENTLOG ) );
  65
  66                 evtlogpath = talloc_asprintf(ctx, "%s\\%s",
  67                           KEY_EVENTLOG, *elogs);
  68                 if (!evtlogpath) {
  69                         return false;
  70                 }
  71                 /* add in the key of form KEY_EVENTLOG/Application/Application */
  72                 DEBUG( 5,
  73                        ( "Adding key of [%s] to path of [%s]\n", *elogs,
  74                          evtlogpath ) );
  75                 werr = regsubkey_ctr_init(ctx, &subkeys);
  76                 if (!W_ERROR_IS_OK(werr)) {
  77                         DEBUG( 0, ( "talloc() failure!\n" ) );
  78                         return False;
  79                 }
  80                 regdb_fetch_keys( evtlogpath, subkeys );
  81                 regsubkey_ctr_addkey( subkeys, *elogs );
  82
  83                 if ( !regdb_store_keys( evtlogpath, subkeys ) ) {
  84                         TALLOC_FREE(subkeys);
  85                         return False;
  86                 }
  87                 TALLOC_FREE( subkeys );
  88
  89                 /* now add the values to the KEY_EVENTLOG/Application form key */
  90                 if (!(values = TALLOC_ZERO_P(ctx, struct regval_ctr))) {
  91                         DEBUG( 0, ( "talloc() failure!\n" ) );
  92                         return False;
  93                 }
  94                 DEBUG( 5,
  95                        ( "Storing values to eventlog path of [%s]\n",
  96                          evtlogpath ) );
  97                 regdb_fetch_values( evtlogpath, values );
  98
  99
 100                 if (!regval_ctr_key_exists(values, "MaxSize")) {
 101
 102                         /* assume we have none, add them all */
 103
 104                         /* hard code some initial values */
 105
 106                         /* uiDisplayNameId = 0x00000100; */
 107                         uiMaxSize = 0x00080000;
 108                         uiRetention = 0x93A80;
 109
 110                         regval_ctr_addvalue(values, "MaxSize", REG_DWORD,
 111                                              (char *)&uiMaxSize,
 112                                              sizeof(uint32));
 113
 114                         regval_ctr_addvalue(values, "Retention", REG_DWORD,
 115                                              (char *)&uiRetention,
 116                                              sizeof(uint32));
 117                         init_unistr2(&data, *elogs, UNI_STR_TERMINATE);
 118
 119                         regval_ctr_addvalue(values, "PrimaryModule", REG_SZ,
 120                                              (char *)data.buffer,
 121                                              data.uni_str_len *
 122                                              sizeof(uint16));
 123                         init_unistr2(&data, *elogs, UNI_STR_TERMINATE);
 124
 125                         regval_ctr_addvalue(values, "Sources", REG_MULTI_SZ,
 126                                              (char *)data.buffer,
 127                                              data.uni_str_len *
 128                                              sizeof(uint16));
 129
 130                         evtfilepath = talloc_asprintf(ctx,
 131                                         "%%SystemRoot%%\\system32\\config\\%s.tdb",
 132                                         *elogs);
 133                         if (!evtfilepath) {
 134                                 TALLOC_FREE(values);
 135                         }
 136                         init_unistr2(&data, evtfilepath, UNI_STR_TERMINATE);
 137                         regval_ctr_addvalue(values, "File", REG_EXPAND_SZ, (char *)data.buffer,
 138                                              data.uni_str_len * sizeof(uint16));
 139                         regdb_store_values(evtlogpath, values);
 140
 141                 }
 142
 143                 TALLOC_FREE(values);
 144
 145                 /* now do the values under KEY_EVENTLOG/Application/Application */
 146                 TALLOC_FREE(evtlogpath);
 147                 evtlogpath = talloc_asprintf(ctx, "%s\\%s\\%s",
 148                           KEY_EVENTLOG, *elogs, *elogs);
 149                 if (!evtlogpath) {
 150                         return false;
 151                 }
 152                 if (!(values = TALLOC_ZERO_P(ctx, struct regval_ctr))) {
 153                         DEBUG( 0, ( "talloc() failure!\n" ) );
 154                         return False;
 155                 }
 156                 DEBUG( 5,
 157                        ( "Storing values to eventlog path of [%s]\n",
 158                          evtlogpath));
 159                 regdb_fetch_values(evtlogpath, values);
 160                 if (!regval_ctr_key_exists( values, "CategoryCount")) {
 161
 162                         /* hard code some initial values */
 163
 164                         uiCategoryCount = 0x00000007;
 165                         regval_ctr_addvalue( values, "CategoryCount",
 166                                              REG_DWORD,
 167                                              ( char * ) &uiCategoryCount,
 168                                              sizeof( uint32 ) );
 169                         init_unistr2( &data,
 170                                       "%SystemRoot%\\system32\\eventlog.dll",
 171                                       UNI_STR_TERMINATE );
 172
 173                         regval_ctr_addvalue( values, "CategoryMessageFile",
 174                                              REG_EXPAND_SZ,
 175                                              ( char * ) data.buffer,
 176                                              data.uni_str_len *
 177                                              sizeof( uint16 ) );
 178                         regdb_store_values( evtlogpath, values );
 179                 }
 180                 TALLOC_FREE(values);
 181                 elogs++;
 182         }
 183
 184         return true;
 185 }
 186
 187 /*********************************************************************
 188  for an eventlog, add in a source name. If the eventlog doesn't
 189  exist (not in the list) do nothing.   If a source for the log
 190  already exists, change the information (remove, replace)
 191 *********************************************************************/
 192
 193 bool eventlog_add_source( const char *eventlog, const char *sourcename,
 194                           const char *messagefile )
 195 {
 196         /* Find all of the eventlogs, add keys for each of them */
 197         /* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
 198            need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */
 199
 200         const char **elogs = lp_eventlog_list(  );
 201         char **wrklist, **wp;
 202         char *evtlogpath = NULL;
 203         struct regsubkey_ctr *subkeys;
 204         struct regval_ctr *values;
 205         REGISTRY_VALUE *rval;
 206         UNISTR2 data;
 207         uint16 *msz_wp;
 208         int mbytes, ii;
 209         bool already_in;
 210         int i;
 211         int numsources;
 212         TALLOC_CTX *ctx = talloc_tos();
 213         WERROR werr;
 214
 215         if (!elogs) {
 216                 return False;
 217         }
 218
 219         for ( i = 0; elogs[i]; i++ ) {
 220                 if ( strequal( elogs[i], eventlog ) )
 221                         break;
 222         }
 223
 224         if ( !elogs[i] ) {
 225                 DEBUG( 0,
 226                        ( "Eventlog [%s] not found in list of valid event logs\n",
 227                          eventlog ) );
 228                 return false;   /* invalid named passed in */
 229         }
 230
 231         /* have to assume that the evenlog key itself exists at this point */
 232         /* add in a key of [sourcename] under the eventlog key */
 233
 234         /* todo add to Sources */
 235
 236         if (!( values = TALLOC_ZERO_P(ctx, struct regval_ctr))) {
 237                 DEBUG( 0, ( "talloc() failure!\n" ));
 238                 return false;
 239         }
 240
 241         evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog);
 242         if (!evtlogpath) {
 243                 TALLOC_FREE(values);
 244                 return false;
 245         }
 246
 247         regdb_fetch_values( evtlogpath, values );
 248
 249
 250         if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) {
 251                 DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) );
 252                 return False;
 253         }
 254         /* perhaps this adding a new string to a multi_sz should be a fn? */
 255         /* check to see if it's there already */
 256
 257         if ( rval->type != REG_MULTI_SZ ) {
 258                 DEBUG( 0,
 259                        ( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) );
 260                 return False;
 261         }
 262         /* convert to a 'regulah' chars to do some comparisons */
 263
 264         already_in = False;
 265         wrklist = NULL;
 266         dump_data( 1, rval->data_p, rval->size );
 267         if ( ( numsources =
 268                regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size,
 269                                         &wrklist ) ) > 0 ) {
 270
 271                 ii = numsources;
 272                 /* see if it's in there already */
 273                 wp = wrklist;
 274
 275                 while ( ii && wp && *wp ) {
 276                         if ( strequal( *wp, sourcename ) ) {
 277                                 DEBUG( 5,
 278                                        ( "Source name [%s] already in list for [%s] \n",
 279                                          sourcename, eventlog ) );
 280                                 already_in = True;
 281                                 break;
 282                         }
 283                         wp++;
 284                         ii--;
 285                 }
 286         } else {
 287                 if ( numsources < 0 ) {
 288                         DEBUG( 3, ( "problem in getting the sources\n" ) );
 289                         return False;
 290                 }
 291                 DEBUG( 3,
 292                        ( "Nothing in the sources list, this might be a problem\n" ) );
 293         }
 294
 295         wp = wrklist;
 296
 297         if ( !already_in ) {
 298                 /* make a new list with an additional entry; copy values, add another */
 299                 wp = TALLOC_ARRAY(ctx, char *, numsources + 2 );
 300
 301                 if ( !wp ) {
 302                         DEBUG( 0, ( "talloc() failed \n" ) );
 303                         return False;
 304                 }
 305                 memcpy( wp, wrklist, sizeof( char * ) * numsources );
 306                 *( wp + numsources ) = ( char * ) sourcename;
 307                 *( wp + numsources + 1 ) = NULL;
 308                 mbytes = regval_build_multi_sz( wp, &msz_wp );
 309                 dump_data( 1, ( uint8 * ) msz_wp, mbytes );
 310                 regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
 311                                      ( char * ) msz_wp, mbytes );
 312                 regdb_store_values( evtlogpath, values );
 313                 TALLOC_FREE(msz_wp);
 314         } else {
 315                 DEBUG( 3,
 316                        ( "Source name [%s] found in existing list of sources\n",
 317                          sourcename ) );
 318         }
 319         TALLOC_FREE(values);
 320         TALLOC_FREE(wrklist);   /*  */
 321
 322         werr = regsubkey_ctr_init(ctx, &subkeys);
 323         if (!W_ERROR_IS_OK(werr)) {
 324                 DEBUG( 0, ( "talloc() failure!\n" ) );
 325                 return False;
 326         }
 327         TALLOC_FREE(evtlogpath);
 328         evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog );
 329         if (!evtlogpath) {
 330                 TALLOC_FREE(subkeys);
 331                 return false;
 332         }
 333
 334         regdb_fetch_keys( evtlogpath, subkeys );
 335
 336         if ( !regsubkey_ctr_key_exists( subkeys, sourcename ) ) {
 337                 DEBUG( 5,
 338                        ( " Source name [%s] for eventlog [%s] didn't exist, adding \n",
 339                          sourcename, eventlog ) );
 340                 regsubkey_ctr_addkey( subkeys, sourcename );
 341                 if ( !regdb_store_keys( evtlogpath, subkeys ) )
 342                         return False;
 343         }
 344         TALLOC_FREE(subkeys);
 345
 346         /* at this point KEY_EVENTLOG/<eventlog>/<sourcename> key is in there. Now need to add EventMessageFile */
 347
 348         /* now allocate room for the source's subkeys */
 349
 350         werr = regsubkey_ctr_init(ctx, &subkeys);
 351         if (!W_ERROR_IS_OK(werr)) {
 352                 DEBUG( 0, ( "talloc() failure!\n" ) );
 353                 return False;
 354         }
 355         TALLOC_FREE(evtlogpath);
 356         evtlogpath = talloc_asprintf(ctx, "%s\\%s\\%s",
 357                   KEY_EVENTLOG, eventlog, sourcename);
 358         if (!evtlogpath) {
 359                 TALLOC_FREE(subkeys);
 360                 return false;
 361         }
 362
 363         regdb_fetch_keys( evtlogpath, subkeys );
 364
 365         /* now add the values to the KEY_EVENTLOG/Application form key */
 366         if ( !( values = TALLOC_ZERO_P(ctx, struct regval_ctr ) ) ) {
 367                 DEBUG( 0, ( "talloc() failure!\n" ) );
 368                 return False;
 369         }
 370         DEBUG( 5,
 371                ( "Storing EventMessageFile [%s] to eventlog path of [%s]\n",
 372                  messagefile, evtlogpath ) );
 373
 374         regdb_fetch_values( evtlogpath, values );
 375
 376         init_unistr2( &data, messagefile, UNI_STR_TERMINATE );
 377
 378         regval_ctr_addvalue( values, "EventMessageFile", REG_SZ,
 379                              ( char * ) data.buffer,
 380                              data.uni_str_len * sizeof( uint16 ) );
 381         regdb_store_values( evtlogpath, values );
 382
 383         TALLOC_FREE(values);
 384
 385         return True;
 386 }