1 2/* 3 * Unix SMB/CIFS implementation. 4 * Virtual Windows Registry Layer 5 * Copyright (C) Marcin Krzysztof Porwit 2005, 6 * Copyright (C) Brian Moran 2005. 7 * Copyright (C) Gerald (Jerry) Carter 2005. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 */ 23 24#include "includes.h" 25 26 27/********************************************************************** 28 for an eventlog, add in the default values 29*********************************************************************/ 30 31BOOL eventlog_init_keys( void ) 32{ 33 /* Find all of the eventlogs, add keys for each of them */ 34 const char **elogs = lp_eventlog_list( ); 35 pstring evtlogpath; 36 pstring evtfilepath; 37 REGSUBKEY_CTR *subkeys; 38 REGVAL_CTR *values; 39 uint32 uiMaxSize; 40 uint32 uiRetention; 41 uint32 uiCategoryCount; 42 UNISTR2 data; 43 44 while ( elogs && *elogs ) { 45 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) { 46 DEBUG( 0, ( "talloc() failure!\n" ) ); 47 return False; 48 } 49 regdb_fetch_keys( KEY_EVENTLOG, subkeys ); 50 regsubkey_ctr_addkey( subkeys, *elogs ); 51 if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) ) 52 return False; 53 TALLOC_FREE( subkeys ); 54 55 /* add in the key of form KEY_EVENTLOG/Application */ 56 DEBUG( 5, 57 ( "Adding key of [%s] to path of [%s]\n", *elogs, 58 KEY_EVENTLOG ) ); 59 60 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s", 61 KEY_EVENTLOG, *elogs ); 62 /* add in the key of form KEY_EVENTLOG/Application/Application */ 63 DEBUG( 5, 64 ( "Adding key of [%s] to path of [%s]\n", *elogs, 65 evtlogpath ) ); 66 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) { 67 DEBUG( 0, ( "talloc() failure!\n" ) ); 68 return False; 69 } 70 regdb_fetch_keys( evtlogpath, subkeys ); 71 regsubkey_ctr_addkey( subkeys, *elogs ); 72 73 if ( !regdb_store_keys( evtlogpath, subkeys ) ) 74 return False; 75 TALLOC_FREE( subkeys ); 76 77 /* now add the values to the KEY_EVENTLOG/Application form key */ 78 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) { 79 DEBUG( 0, ( "talloc() failure!\n" ) ); 80 return False; 81 } 82 DEBUG( 5, 83 ( "Storing values to eventlog path of [%s]\n", 84 evtlogpath ) ); 85 regdb_fetch_values( evtlogpath, values ); 86 87 88 if ( !regval_ctr_key_exists( values, "MaxSize" ) ) { 89 90 /* assume we have none, add them all */ 91 92 /* hard code some initial values */ 93 94 /* uiDisplayNameId = 0x00000100; */ 95 uiMaxSize = 0x00080000; 96 uiRetention = 0x93A80; 97 98 regval_ctr_addvalue( values, "MaxSize", REG_DWORD, 99 ( char * ) &uiMaxSize, 100 sizeof( uint32 ) ); 101 102 regval_ctr_addvalue( values, "Retention", REG_DWORD, 103 ( char * ) &uiRetention, 104 sizeof( uint32 ) ); 105 init_unistr2( &data, *elogs, UNI_STR_TERMINATE ); 106 107 regval_ctr_addvalue( values, "PrimaryModule", REG_SZ, 108 ( char * ) data.buffer, 109 data.uni_str_len * 110 sizeof( uint16 ) ); 111 init_unistr2( &data, *elogs, UNI_STR_TERMINATE ); 112 113 regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ, 114 ( char * ) data.buffer, 115 data.uni_str_len * 116 sizeof( uint16 ) ); 117 118 pstr_sprintf( evtfilepath, "%%SystemRoot%%\\system32\\config\\%s.tdb", *elogs ); 119 init_unistr2( &data, evtfilepath, UNI_STR_TERMINATE ); 120 regval_ctr_addvalue( values, "File", REG_EXPAND_SZ, ( char * ) data.buffer, 121 data.uni_str_len * sizeof( uint16 ) ); 122 regdb_store_values( evtlogpath, values ); 123 124 } 125 126 TALLOC_FREE( values ); 127 128 /* now do the values under KEY_EVENTLOG/Application/Application */ 129 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s", 130 KEY_EVENTLOG, *elogs, *elogs ); 131 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) { 132 DEBUG( 0, ( "talloc() failure!\n" ) ); 133 return False; 134 } 135 DEBUG( 5, 136 ( "Storing values to eventlog path of [%s]\n", 137 evtlogpath ) ); 138 regdb_fetch_values( evtlogpath, values ); 139 if ( !regval_ctr_key_exists( values, "CategoryCount" ) ) { 140 141 /* hard code some initial values */ 142 143 uiCategoryCount = 0x00000007; 144 regval_ctr_addvalue( values, "CategoryCount", 145 REG_DWORD, 146 ( char * ) &uiCategoryCount, 147 sizeof( uint32 ) ); 148 init_unistr2( &data, 149 "%SystemRoot%\\system32\\eventlog.dll", 150 UNI_STR_TERMINATE ); 151 152 regval_ctr_addvalue( values, "CategoryMessageFile", 153 REG_EXPAND_SZ, 154 ( char * ) data.buffer, 155 data.uni_str_len * 156 sizeof( uint16 ) ); 157 regdb_store_values( evtlogpath, values ); 158 } 159 TALLOC_FREE( values ); 160 elogs++; 161 } 162 163 return True; 164 165} 166 167/********************************************************************* 168 for an eventlog, add in a source name. If the eventlog doesn't 169 exist (not in the list) do nothing. If a source for the log 170 already exists, change the information (remove, replace) 171*********************************************************************/ 172 173BOOL eventlog_add_source( const char *eventlog, const char *sourcename, 174 const char *messagefile ) 175{ 176 /* Find all of the eventlogs, add keys for each of them */ 177 /* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary) 178 need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */ 179 180 const char **elogs = lp_eventlog_list( ); 181 char **wrklist, **wp; 182 pstring evtlogpath; 183 REGSUBKEY_CTR *subkeys; 184 REGVAL_CTR *values; 185 REGISTRY_VALUE *rval; 186 UNISTR2 data; 187 uint16 *msz_wp; 188 int mbytes, ii; 189 BOOL already_in; 190 int i; 191 int numsources; 192 193 if (!elogs) { 194 return False; 195 } 196 197 for ( i = 0; elogs[i]; i++ ) { 198 if ( strequal( elogs[i], eventlog ) ) 199 break; 200 } 201 202 if ( !elogs[i] ) { 203 DEBUG( 0, 204 ( "Eventlog [%s] not found in list of valid event logs\n", 205 eventlog ) ); 206 return False; /* invalid named passed in */ 207 } 208 209 /* have to assume that the evenlog key itself exists at this point */ 210 /* add in a key of [sourcename] under the eventlog key */ 211 212 /* todo add to Sources */ 213 214 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) { 215 DEBUG( 0, ( "talloc() failure!\n" ) ); 216 return False; 217 } 218 219 pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog ); 220 221 regdb_fetch_values( evtlogpath, values ); 222 223 224 if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) { 225 DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) ); 226 return False; 227 } 228 /* perhaps this adding a new string to a multi_sz should be a fn? */ 229 /* check to see if it's there already */ 230 231 if ( rval->type != REG_MULTI_SZ ) { 232 DEBUG( 0, 233 ( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) ); 234 return False; 235 } 236 /* convert to a 'regulah' chars to do some comparisons */ 237 238 already_in = False; 239 wrklist = NULL; 240 dump_data( 1, (const char *)rval->data_p, rval->size ); 241 if ( ( numsources = 242 regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size, 243 &wrklist ) ) > 0 ) { 244 245 ii = numsources; 246 /* see if it's in there already */ 247 wp = wrklist; 248 249 while ( ii && wp && *wp ) { 250 if ( strequal( *wp, sourcename ) ) { 251 DEBUG( 5, 252 ( "Source name [%s] already in list for [%s] \n", 253 sourcename, eventlog ) ); 254 already_in = True; 255 break; 256 } 257 wp++; 258 ii--; 259 } 260 } else { 261 if ( numsources < 0 ) { 262 DEBUG( 3, ( "problem in getting the sources\n" ) ); 263 return False; 264 } 265 DEBUG( 3, 266 ( "Nothing in the sources list, this might be a problem\n" ) ); 267 } 268 269 wp = wrklist; 270 271 if ( !already_in ) { 272 /* make a new list with an additional entry; copy values, add another */ 273 wp = TALLOC_ARRAY( NULL, char *, numsources + 2 ); 274 275 if ( !wp ) { 276 DEBUG( 0, ( "talloc() failed \n" ) ); 277 return False; 278 } 279 memcpy( wp, wrklist, sizeof( char * ) * numsources ); 280 *( wp + numsources ) = ( char * ) sourcename; 281 *( wp + numsources + 1 ) = NULL; 282 mbytes = regval_build_multi_sz( wp, &msz_wp ); 283 dump_data( 1, ( char * ) msz_wp, mbytes ); 284 regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ, 285 ( char * ) msz_wp, mbytes ); 286 regdb_store_values( evtlogpath, values ); 287 TALLOC_FREE( msz_wp ); 288 } else { 289 DEBUG( 3, 290 ( "Source name [%s] found in existing list of sources\n", 291 sourcename ) ); 292 } 293 TALLOC_FREE( values ); 294 if ( wrklist ) 295 TALLOC_FREE( wrklist ); /* */ 296 297 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) { 298 DEBUG( 0, ( "talloc() failure!\n" ) ); 299 return False; 300 } 301 pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog ); 302 303 regdb_fetch_keys( evtlogpath, subkeys ); 304 305 if ( !regsubkey_ctr_key_exists( subkeys, sourcename ) ) { 306 DEBUG( 5, 307 ( " Source name [%s] for eventlog [%s] didn't exist, adding \n", 308 sourcename, eventlog ) ); 309 regsubkey_ctr_addkey( subkeys, sourcename ); 310 if ( !regdb_store_keys( evtlogpath, subkeys ) ) 311 return False; 312 } 313 TALLOC_FREE( subkeys ); 314 315 /* at this point KEY_EVENTLOG/<eventlog>/<sourcename> key is in there. Now need to add EventMessageFile */ 316 317 /* now allocate room for the source's subkeys */ 318 319 if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) { 320 DEBUG( 0, ( "talloc() failure!\n" ) ); 321 return False; 322 } 323 slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s", 324 KEY_EVENTLOG, eventlog, sourcename ); 325 326 regdb_fetch_keys( evtlogpath, subkeys ); 327 328 /* now add the values to the KEY_EVENTLOG/Application form key */ 329 if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) { 330 DEBUG( 0, ( "talloc() failure!\n" ) ); 331 return False; 332 } 333 DEBUG( 5, 334 ( "Storing EventMessageFile [%s] to eventlog path of [%s]\n", 335 messagefile, evtlogpath ) ); 336 337 regdb_fetch_values( evtlogpath, values ); 338 339 init_unistr2( &data, messagefile, UNI_STR_TERMINATE ); 340 341 regval_ctr_addvalue( values, "EventMessageFile", REG_SZ, 342 ( char * ) data.buffer, 343 data.uni_str_len * sizeof( uint16 ) ); 344 regdb_store_values( evtlogpath, values ); 345 346 TALLOC_FREE( values ); 347 348 return True; 349} 350