source3/rpc_server/eventlog/srv_eventlog_reg.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *
   4  *  Eventlog RPC server keys initialization
   5  *
   6  *  Copyright (c) 2005      Marcin Krzysztof Porwit
   7  *  Copyright (c) 2005      Brian Moran
   8  *  Copyright (c) 2005      Gerald (Jerry) Carter
   9  *  Copyright (c) 2011      Andreas Schneider <asn@samba.org>
  10  *
  11  *  This program is free software; you can redistribute it and/or modify
  12  *  it under the terms of the GNU General Public License as published by
  13  *  the Free Software Foundation; either version 3 of the License, or
  14  *  (at your option) any later version.
  15  *
  16  *  This program is distributed in the hope that it will be useful,
  17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  *  GNU General Public License for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License
  22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  23  */
  24
  25 #include "includes.h"
  26 #include "../librpc/gen_ndr/ndr_winreg_c.h"
  27 #include "rpc_client/cli_winreg_int.h"
  28 #include "rpc_client/cli_winreg.h"
  29 #include "rpc_server/eventlog/srv_eventlog_reg.h"
  30
  31 #undef DBGC_CLASS
  32 #define DBGC_CLASS DBGC_REGISTRY
  33
  34 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
  35
  36 bool eventlog_init_winreg(struct messaging_context *msg_ctx)
  37 {
  38         struct dcerpc_binding_handle *h = NULL;
  39         uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
  40         struct policy_handle hive_hnd, key_hnd;
  41         uint32_t uiMaxSize = 0x00080000;
  42         uint32_t uiRetention = 0x93A80;
  43         const char **elogs = lp_eventlog_list();
  44         const char **subkeys = NULL;
  45         uint32_t num_subkeys = 0;
  46         uint32_t i;
  47         char *key = NULL;
  48         NTSTATUS status;
  49         WERROR result = WERR_OK;
  50         bool ok = false;
  51         TALLOC_CTX *tmp_ctx;
  52
  53         tmp_ctx = talloc_stackframe();
  54         if (tmp_ctx == NULL) {
  55                 return false;
  56         }
  57
  58         DEBUG(3, ("Initialise the eventlog registry keys if needed.\n"));
  59
  60         key = talloc_strdup(tmp_ctx, TOP_LEVEL_EVENTLOG_KEY);
  61
  62         status = dcerpc_winreg_int_hklm_openkey(tmp_ctx,
  63                                                 get_server_info_system(),
  64                                                 msg_ctx,
  65                                                 &h,
  66                                                 key,
  67                                                 false,
  68                                                 access_mask,
  69                                                 &hive_hnd,
  70                                                 &key_hnd,
  71                                                 &result);
  72         if (!NT_STATUS_IS_OK(status)) {
  73                 DEBUG(0, ("eventlog_init_winreg: Could not open %s - %s\n",
  74                           key, nt_errstr(status)));
  75                 goto done;
  76         }
  77         if (!W_ERROR_IS_OK(result)) {
  78                 DEBUG(0, ("eventlog_init_winreg: Could not open %s - %s\n",
  79                           key, win_errstr(result)));
  80                 goto done;
  81         }
  82
  83         status = dcerpc_winreg_enum_keys(tmp_ctx,
  84                                          h,
  85                                          &key_hnd,
  86                                          &num_subkeys,
  87                                          &subkeys,
  88                                          &result);
  89         if (!NT_STATUS_IS_OK(status)) {
  90                 DEBUG(0, ("eventlog_init_winreg: Could enum keys at %s - %s\n",
  91                           key, nt_errstr(status)));
  92                 goto done;
  93         }
  94         if (!W_ERROR_IS_OK(result)) {
  95                 DEBUG(0, ("eventlog_init_winreg: Could enum keys at %s - %s\n",
  96                           key, win_errstr(result)));
  97                 goto done;
  98         }
  99
 100         if (is_valid_policy_hnd(&key_hnd)) {
 101                 dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 102         }
 103
 104         /* create subkeys if they don't exist */
 105         while (elogs && *elogs) {
 106                 enum winreg_CreateAction action = REG_ACTION_NONE;
 107                 char *evt_tdb = NULL;
 108                 struct winreg_String wkey;
 109                 struct winreg_String wkeyclass;
 110                 bool skip = false;
 111
 112                 for (i = 0; i < num_subkeys; i++) {
 113                         if (strequal(subkeys[i], *elogs)) {
 114                                 skip = true;
 115                         }
 116                 }
 117
 118                 if (skip) {
 119                         elogs++;
 120                         continue;
 121                 }
 122
 123                 ZERO_STRUCT(key_hnd);
 124                 ZERO_STRUCT(wkey);
 125
 126                 wkey.name = talloc_asprintf(tmp_ctx, "%s\\%s", key, *elogs);
 127                 if (wkey.name == NULL) {
 128                         result = WERR_NOMEM;
 129                         goto done;
 130                 }
 131
 132                 ZERO_STRUCT(wkeyclass);
 133                 wkeyclass.name = "";
 134
 135
 136                 status = dcerpc_winreg_CreateKey(h,
 137                                                  tmp_ctx,
 138                                                  &hive_hnd,
 139                                                  wkey,
 140                                                  wkeyclass,
 141                                                  0,
 142                                                  access_mask,
 143                                                  NULL,
 144                                                  &key_hnd,
 145                                                  &action,
 146                                                  &result);
 147                 if (!NT_STATUS_IS_OK(status)) {
 148                         DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 149                                 wkey.name, nt_errstr(status)));
 150                         goto done;
 151                 }
 152                 if (!W_ERROR_IS_OK(result)) {
 153                         DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 154                                 wkey.name, win_errstr(result)));
 155                         goto done;
 156                 }
 157
 158                 status = dcerpc_winreg_set_dword(tmp_ctx,
 159                                                  h,
 160                                                  &key_hnd,
 161                                                  "MaxSize",
 162                                                  uiMaxSize,
 163                                                  &result);
 164
 165                 status = dcerpc_winreg_set_dword(tmp_ctx,
 166                                                  h,
 167                                                  &key_hnd,
 168                                                  "Retention",
 169                                                  uiRetention,
 170                                                  &result);
 171
 172                 status = dcerpc_winreg_set_sz(tmp_ctx,
 173                                               h,
 174                                               &key_hnd,
 175                                               "PrimaryModule",
 176                                               *elogs,
 177                                               &result);
 178
 179                 evt_tdb = talloc_asprintf(tmp_ctx,
 180                                           "%%SystemRoot%%\\system32\\config\\%s.tdb",
 181                                           *elogs);
 182                 if (evt_tdb == NULL) {
 183                         goto done;
 184                 }
 185                 status = dcerpc_winreg_set_expand_sz(tmp_ctx,
 186                                                      h,
 187                                                      &key_hnd,
 188                                                      "File",
 189                                                      evt_tdb,
 190                                                      &result);
 191                 TALLOC_FREE(evt_tdb);
 192
 193                 status = dcerpc_winreg_add_multi_sz(tmp_ctx,
 194                                                     h,
 195                                                     &key_hnd,
 196                                                     "Sources",
 197                                                     *elogs,
 198                                                     &result);
 199
 200                 if (is_valid_policy_hnd(&key_hnd)) {
 201                         dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 202                 }
 203
 204                 /* sub-subkeys */
 205                 {
 206                         uint32_t uiCategoryCount = 0x00000007;
 207
 208                         wkey.name = talloc_asprintf(tmp_ctx,
 209                                                     "%s\\%s",
 210                                                     wkey.name, *elogs);
 211                         if (wkey.name == NULL) {
 212                                 result = WERR_NOMEM;
 213                                 goto done;
 214                         }
 215
 216                         status = dcerpc_winreg_CreateKey(h,
 217                                                          tmp_ctx,
 218                                                          &hive_hnd,
 219                                                          wkey,
 220                                                          wkeyclass,
 221                                                          0,
 222                                                          access_mask,
 223                                                          NULL,
 224                                                          &key_hnd,
 225                                                          &action,
 226                                                          &result);
 227                         if (!NT_STATUS_IS_OK(status)) {
 228                                 DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 229                                         wkey.name, nt_errstr(status)));
 230                                 goto done;
 231                         }
 232                         if (!W_ERROR_IS_OK(result)) {
 233                                 DEBUG(0, ("eventlog_init_winreg_keys: Could not create key %s: %s\n",
 234                                         wkey.name, win_errstr(result)));
 235                                 goto done;
 236                         }
 237
 238                         status = dcerpc_winreg_set_dword(tmp_ctx,
 239                                                          h,
 240                                                          &key_hnd,
 241                                                          "CategoryCount",
 242                                                          uiCategoryCount,
 243                                                          &result);
 244
 245                         status = dcerpc_winreg_set_expand_sz(tmp_ctx,
 246                                                              h,
 247                                                              &key_hnd,
 248                                                              "CategoryMessageFile",
 249                                                              "%SystemRoot%\\system32\\eventlog.dll",
 250                                                              &result);
 251
 252                         if (is_valid_policy_hnd(&key_hnd)) {
 253                                 dcerpc_winreg_CloseKey(h, tmp_ctx, &key_hnd, &result);
 254                         }
 255                 }
 256
 257                 elogs++;
 258         } /* loop */
 259
 260         ok = true;
 261 done:
 262         TALLOC_FREE(tmp_ctx);
 263         return ok;
 264 }
 265
 266 /* vim: set ts=8 sw=8 noet cindent syntax=c.doxygen: */