3
* Unix SMB/CIFS implementation.
4
* Virtual Windows Registry Layer
5
* Copyright (C) Marcin Krzysztof Porwit 2005,
6
* Copyright (C) Brian Moran 2005.
7
* Copyright (C) Gerald (Jerry) Carter 2005.
9
* This program is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU General Public License as published by
11
* the Free Software Foundation; either version 2 of the License, or
12
* (at your option) any later version.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program; if not, write to the Free Software
21
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27
/**********************************************************************
28
for an eventlog, add in the default values
29
*********************************************************************/
31
BOOL eventlog_init_keys( void )
33
/* Find all of the eventlogs, add keys for each of them */
34
const char **elogs = lp_eventlog_list( );
37
REGSUBKEY_CTR *subkeys;
41
uint32 uiCategoryCount;
44
while ( elogs && *elogs ) {
45
if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
46
DEBUG( 0, ( "talloc() failure!\n" ) );
49
regdb_fetch_keys( KEY_EVENTLOG, subkeys );
50
regsubkey_ctr_addkey( subkeys, *elogs );
51
if ( !regdb_store_keys( KEY_EVENTLOG, subkeys ) )
53
TALLOC_FREE( subkeys );
55
/* add in the key of form KEY_EVENTLOG/Application */
57
( "Adding key of [%s] to path of [%s]\n", *elogs,
60
slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s",
61
KEY_EVENTLOG, *elogs );
62
/* add in the key of form KEY_EVENTLOG/Application/Application */
64
( "Adding key of [%s] to path of [%s]\n", *elogs,
66
if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
67
DEBUG( 0, ( "talloc() failure!\n" ) );
70
regdb_fetch_keys( evtlogpath, subkeys );
71
regsubkey_ctr_addkey( subkeys, *elogs );
73
if ( !regdb_store_keys( evtlogpath, subkeys ) )
75
TALLOC_FREE( subkeys );
77
/* now add the values to the KEY_EVENTLOG/Application form key */
78
if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
79
DEBUG( 0, ( "talloc() failure!\n" ) );
83
( "Storing values to eventlog path of [%s]\n",
85
regdb_fetch_values( evtlogpath, values );
88
if ( !regval_ctr_key_exists( values, "MaxSize" ) ) {
90
/* assume we have none, add them all */
92
/* hard code some initial values */
94
/* uiDisplayNameId = 0x00000100; */
95
uiMaxSize = 0x00080000;
96
uiRetention = 0x93A80;
98
regval_ctr_addvalue( values, "MaxSize", REG_DWORD,
99
( char * ) &uiMaxSize,
102
regval_ctr_addvalue( values, "Retention", REG_DWORD,
103
( char * ) &uiRetention,
105
init_unistr2( &data, *elogs, UNI_STR_TERMINATE );
107
regval_ctr_addvalue( values, "PrimaryModule", REG_SZ,
108
( char * ) data.buffer,
111
init_unistr2( &data, *elogs, UNI_STR_TERMINATE );
113
regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
114
( char * ) data.buffer,
118
pstr_sprintf( evtfilepath, "%%SystemRoot%%\\system32\\config\\%s.tdb", *elogs );
119
init_unistr2( &data, evtfilepath, UNI_STR_TERMINATE );
120
regval_ctr_addvalue( values, "File", REG_EXPAND_SZ, ( char * ) data.buffer,
121
data.uni_str_len * sizeof( uint16 ) );
122
regdb_store_values( evtlogpath, values );
126
TALLOC_FREE( values );
128
/* now do the values under KEY_EVENTLOG/Application/Application */
129
slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s",
130
KEY_EVENTLOG, *elogs, *elogs );
131
if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
132
DEBUG( 0, ( "talloc() failure!\n" ) );
136
( "Storing values to eventlog path of [%s]\n",
138
regdb_fetch_values( evtlogpath, values );
139
if ( !regval_ctr_key_exists( values, "CategoryCount" ) ) {
141
/* hard code some initial values */
143
uiCategoryCount = 0x00000007;
144
regval_ctr_addvalue( values, "CategoryCount",
146
( char * ) &uiCategoryCount,
149
"%SystemRoot%\\system32\\eventlog.dll",
152
regval_ctr_addvalue( values, "CategoryMessageFile",
154
( char * ) data.buffer,
157
regdb_store_values( evtlogpath, values );
159
TALLOC_FREE( values );
167
/*********************************************************************
168
for an eventlog, add in a source name. If the eventlog doesn't
169
exist (not in the list) do nothing. If a source for the log
170
already exists, change the information (remove, replace)
171
*********************************************************************/
173
BOOL eventlog_add_source( const char *eventlog, const char *sourcename,
174
const char *messagefile )
176
/* Find all of the eventlogs, add keys for each of them */
177
/* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary)
178
need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */
180
const char **elogs = lp_eventlog_list( );
181
char **wrklist, **wp;
183
REGSUBKEY_CTR *subkeys;
185
REGISTRY_VALUE *rval;
193
for ( i = 0; elogs[i]; i++ ) {
194
if ( strequal( elogs[i], eventlog ) )
200
( "Eventlog [%s] not found in list of valid event logs\n",
202
return False; /* invalid named passed in */
205
/* have to assume that the evenlog key itself exists at this point */
206
/* add in a key of [sourcename] under the eventlog key */
208
/* todo add to Sources */
210
if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
211
DEBUG( 0, ( "talloc() failure!\n" ) );
215
pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog );
217
regdb_fetch_values( evtlogpath, values );
220
if ( !( rval = regval_ctr_getvalue( values, "Sources" ) ) ) {
221
DEBUG( 0, ( "No Sources value for [%s]!\n", eventlog ) );
224
/* perhaps this adding a new string to a multi_sz should be a fn? */
225
/* check to see if it's there already */
227
if ( rval->type != REG_MULTI_SZ ) {
229
( "Wrong type for Sources, should be REG_MULTI_SZ\n" ) );
232
/* convert to a 'regulah' chars to do some comparisons */
236
dump_data( 1, (const char *)rval->data_p, rval->size );
238
regval_convert_multi_sz( ( uint16 * ) rval->data_p, rval->size,
242
/* see if it's in there already */
245
while ( ii && wp && *wp ) {
246
if ( strequal( *wp, sourcename ) ) {
248
( "Source name [%s] already in list for [%s] \n",
249
sourcename, eventlog ) );
257
if ( numsources < 0 ) {
258
DEBUG( 3, ( "problem in getting the sources\n" ) );
262
( "Nothing in the sources list, this might be a problem\n" ) );
268
/* make a new list with an additional entry; copy values, add another */
269
wp = TALLOC_ARRAY( NULL, char *, numsources + 2 );
272
DEBUG( 0, ( "talloc() failed \n" ) );
275
memcpy( wp, wrklist, sizeof( char * ) * numsources );
276
*( wp + numsources ) = ( char * ) sourcename;
277
*( wp + numsources + 1 ) = NULL;
278
mbytes = regval_build_multi_sz( wp, &msz_wp );
279
dump_data( 1, ( char * ) msz_wp, mbytes );
280
regval_ctr_addvalue( values, "Sources", REG_MULTI_SZ,
281
( char * ) msz_wp, mbytes );
282
regdb_store_values( evtlogpath, values );
283
TALLOC_FREE( msz_wp );
286
( "Source name [%s] found in existing list of sources\n",
289
TALLOC_FREE( values );
291
TALLOC_FREE( wrklist ); /* */
293
if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
294
DEBUG( 0, ( "talloc() failure!\n" ) );
297
pstr_sprintf( evtlogpath, "%s\\%s", KEY_EVENTLOG, eventlog );
299
regdb_fetch_keys( evtlogpath, subkeys );
301
if ( !regsubkey_ctr_key_exists( subkeys, sourcename ) ) {
303
( " Source name [%s] for eventlog [%s] didn't exist, adding \n",
304
sourcename, eventlog ) );
305
regsubkey_ctr_addkey( subkeys, sourcename );
306
if ( !regdb_store_keys( evtlogpath, subkeys ) )
309
TALLOC_FREE( subkeys );
311
/* at this point KEY_EVENTLOG/<eventlog>/<sourcename> key is in there. Now need to add EventMessageFile */
313
/* now allocate room for the source's subkeys */
315
if ( !( subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR ) ) ) {
316
DEBUG( 0, ( "talloc() failure!\n" ) );
319
slprintf( evtlogpath, sizeof( evtlogpath ) - 1, "%s\\%s\\%s",
320
KEY_EVENTLOG, eventlog, sourcename );
322
regdb_fetch_keys( evtlogpath, subkeys );
324
/* now add the values to the KEY_EVENTLOG/Application form key */
325
if ( !( values = TALLOC_ZERO_P( NULL, REGVAL_CTR ) ) ) {
326
DEBUG( 0, ( "talloc() failure!\n" ) );
330
( "Storing EventMessageFile [%s] to eventlog path of [%s]\n",
331
messagefile, evtlogpath ) );
333
regdb_fetch_values( evtlogpath, values );
335
init_unistr2( &data, messagefile, UNI_STR_TERMINATE );
337
regval_ctr_addvalue( values, "EventMessageFile", REG_SZ,
338
( char * ) data.buffer,
339
data.uni_str_len * sizeof( uint16 ) );
340
regdb_store_values( evtlogpath, values );
342
TALLOC_FREE( values );
added
removed
source/registry/reg_eventlog.c
