2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "../librpc/gen_ndr/srv_eventlog.h"
25 #include "lib/eventlog/eventlog.h"
28 #define DBGC_CLASS DBGC_RPC_SRV
33 uint32 current_record
;
37 uint32 access_granted
;
40 /********************************************************************
41 ********************************************************************/
43 static int eventlog_info_destructor(EVENTLOG_INFO
*elog
)
46 elog_close_tdb(elog
->etdb
, false);
51 /********************************************************************
52 ********************************************************************/
54 static EVENTLOG_INFO
*find_eventlog_info_by_hnd( pipes_struct
* p
,
55 struct policy_handle
* handle
)
59 if ( !find_policy_by_hnd( p
, handle
, (void **)(void *)&info
) ) {
61 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
68 /********************************************************************
69 ********************************************************************/
71 static bool elog_check_access( EVENTLOG_INFO
*info
, NT_USER_TOKEN
*token
)
73 char *tdbname
= elog_tdbname(talloc_tos(), info
->logname
);
80 /* get the security descriptor for the file */
82 sec_desc
= get_nt_acl_no_snum( info
, tdbname
);
83 TALLOC_FREE( tdbname
);
86 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
93 if ( geteuid() == sec_initial_uid() ) {
94 DEBUG(5,("elog_check_access: using root's token\n"));
95 token
= get_root_nt_token();
98 /* run the check, try for the max allowed */
100 status
= se_access_check( sec_desc
, token
, MAXIMUM_ALLOWED_ACCESS
,
101 &info
->access_granted
);
104 TALLOC_FREE( sec_desc
);
106 if (!NT_STATUS_IS_OK(status
)) {
107 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
112 /* we have to have READ permission for a successful open */
114 return ( info
->access_granted
& SA_RIGHT_FILE_READ_DATA
);
117 /********************************************************************
118 ********************************************************************/
120 static bool elog_validate_logname( const char *name
)
123 const char **elogs
= lp_eventlog_list();
129 for ( i
=0; elogs
[i
]; i
++ ) {
130 if ( strequal( name
, elogs
[i
] ) )
137 /********************************************************************
138 ********************************************************************/
140 static bool get_num_records_hook( EVENTLOG_INFO
* info
)
146 DEBUG( 10, ( "No open tdb for %s\n", info
->logname
) );
150 /* lock the tdb since we have to get 2 records */
152 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
, 1 );
153 next_record
= tdb_fetch_int32( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
);
154 oldest_record
= tdb_fetch_int32( ELOG_TDB_CTX(info
->etdb
), EVT_OLDEST_ENTRY
);
155 tdb_unlock_bystring( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
);
158 ( "Oldest Record %d; Next Record %d\n", oldest_record
,
161 info
->num_records
= ( next_record
- oldest_record
);
162 info
->oldest_entry
= oldest_record
;
167 /********************************************************************
168 ********************************************************************/
170 static bool get_oldest_entry_hook( EVENTLOG_INFO
* info
)
172 /* it's the same thing */
173 return get_num_records_hook( info
);
176 /********************************************************************
177 ********************************************************************/
179 static NTSTATUS
elog_open( pipes_struct
* p
, const char *logname
, struct policy_handle
*hnd
)
183 /* first thing is to validate the eventlog name */
185 if ( !elog_validate_logname( logname
) )
186 return NT_STATUS_OBJECT_PATH_INVALID
;
188 if ( !(elog
= TALLOC_ZERO_P( NULL
, EVENTLOG_INFO
)) )
189 return NT_STATUS_NO_MEMORY
;
190 talloc_set_destructor(elog
, eventlog_info_destructor
);
192 elog
->logname
= talloc_strdup( elog
, logname
);
194 /* Open the tdb first (so that we can create any new tdbs if necessary).
195 We have to do this as root and then use an internal access check
196 on the file permissions since you can only have a tdb open once
197 in a single process */
200 elog
->etdb
= elog_open_tdb( elog
->logname
, False
, False
);
204 /* according to MSDN, if the logfile cannot be found, we should
205 default to the "Application" log */
207 if ( !strequal( logname
, ELOG_APPL
) ) {
209 TALLOC_FREE( elog
->logname
);
211 elog
->logname
= talloc_strdup( elog
, ELOG_APPL
);
213 /* do the access check */
214 if ( !elog_check_access( elog
, p
->server_info
->ptok
) ) {
216 return NT_STATUS_ACCESS_DENIED
;
220 elog
->etdb
= elog_open_tdb( elog
->logname
, False
, False
);
226 return NT_STATUS_ACCESS_DENIED
; /* ??? */
230 /* now do the access check. Close the tdb if we fail here */
232 if ( !elog_check_access( elog
, p
->server_info
->ptok
) ) {
234 return NT_STATUS_ACCESS_DENIED
;
237 /* create the policy handle */
239 if ( !create_policy_hnd( p
, hnd
, elog
) ) {
241 return NT_STATUS_NO_MEMORY
;
244 /* set the initial current_record pointer */
246 if ( !get_oldest_entry_hook( elog
) ) {
247 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
248 "get any information on internal records!\n"));
251 elog
->current_record
= elog
->oldest_entry
;
256 /********************************************************************
257 ********************************************************************/
259 static NTSTATUS
elog_close( pipes_struct
*p
, struct policy_handle
*hnd
)
261 if ( !( close_policy_hnd( p
, hnd
) ) ) {
262 return NT_STATUS_INVALID_HANDLE
;
268 /*******************************************************************
269 *******************************************************************/
271 static int elog_size( EVENTLOG_INFO
*info
)
273 if ( !info
|| !info
->etdb
) {
274 DEBUG(0,("elog_size: Invalid info* structure!\n"));
278 return elog_tdb_size( ELOG_TDB_CTX(info
->etdb
), NULL
, NULL
);
281 /********************************************************************
282 note that this can only be called AFTER the table is constructed,
283 since it uses the table to find the tdb handle
284 ********************************************************************/
286 static bool sync_eventlog_params( EVENTLOG_INFO
*info
)
291 struct registry_key
*key
;
292 struct registry_value
*value
;
294 char *elogname
= info
->logname
;
295 TALLOC_CTX
*ctx
= talloc_stackframe();
298 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname
) );
301 DEBUG( 4, ( "No open tdb! (%s)\n", info
->logname
) );
304 /* set resonable defaults. 512Kb on size and 1 week on time */
307 uiRetention
= 604800;
309 /* the general idea is to internally open the registry
310 key and retrieve the values. That way we can continue
311 to use the same fetch/store api that we use in
314 path
= talloc_asprintf(ctx
, "%s/%s", KEY_EVENTLOG
, elogname
);
319 wresult
= reg_open_path(ctx
, path
, REG_KEY_READ
, get_root_nt_token(),
322 if ( !W_ERROR_IS_OK( wresult
) ) {
324 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
325 path
, win_errstr( wresult
) ) );
329 wresult
= reg_queryvalue(key
, key
, "Retention", &value
);
330 if (!W_ERROR_IS_OK(wresult
)) {
331 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
332 win_errstr(wresult
)));
335 uiRetention
= value
->v
.dword
;
337 wresult
= reg_queryvalue(key
, key
, "MaxSize", &value
);
338 if (!W_ERROR_IS_OK(wresult
)) {
339 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
340 win_errstr(wresult
)));
343 uiMaxSize
= value
->v
.dword
;
345 tdb_store_int32( ELOG_TDB_CTX(info
->etdb
), EVT_MAXSIZE
, uiMaxSize
);
346 tdb_store_int32( ELOG_TDB_CTX(info
->etdb
), EVT_RETENTION
, uiRetention
);
355 /********************************************************************
356 _eventlog_OpenEventLogW
357 ********************************************************************/
359 NTSTATUS
_eventlog_OpenEventLogW(pipes_struct
*p
,
360 struct eventlog_OpenEventLogW
*r
)
365 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
366 r
->in
.servername
->string
, r
->in
.logname
->string
));
368 /* according to MSDN, if the logfile cannot be found, we should
369 default to the "Application" log */
371 if ( !NT_STATUS_IS_OK( result
= elog_open( p
, r
->in
.logname
->string
, r
->out
.handle
)) )
374 if ( !(info
= find_eventlog_info_by_hnd( p
, r
->out
.handle
)) ) {
375 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
376 r
->in
.logname
->string
));
377 elog_close( p
, r
->out
.handle
);
378 return NT_STATUS_INVALID_HANDLE
;
381 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info
)));
383 sync_eventlog_params( info
);
384 prune_eventlog( ELOG_TDB_CTX(info
->etdb
) );
389 /********************************************************************
390 _eventlog_ClearEventLogW
391 This call still needs some work
392 ********************************************************************/
393 /** The windows client seems to be doing something funny with the file name
395 ClearEventLog(handle, "backup_file")
396 on the client side will result in the backup file name looking like this on the
398 \??\${CWD of client}\backup_file
399 If an absolute path gets specified, such as
400 ClearEventLog(handle, "C:\\temp\\backup_file")
401 then it is still mangled by the client into this:
402 \??\C:\temp\backup_file
403 when it is on the wire.
404 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
405 would be added in given that the backup file gets written on the server side. */
407 NTSTATUS
_eventlog_ClearEventLogW(pipes_struct
*p
,
408 struct eventlog_ClearEventLogW
*r
)
410 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
413 return NT_STATUS_INVALID_HANDLE
;
415 if (r
->in
.backupfile
&& r
->in
.backupfile
->string
) {
417 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
418 "file name for log [%s].",
419 r
->in
.backupfile
->string
, info
->logname
) );
422 /* check for WRITE access to the file */
424 if ( !(info
->access_granted
&SA_RIGHT_FILE_WRITE_DATA
) )
425 return NT_STATUS_ACCESS_DENIED
;
427 /* Force a close and reopen */
429 elog_close_tdb( info
->etdb
, True
);
431 info
->etdb
= elog_open_tdb( info
->logname
, True
, False
);
435 return NT_STATUS_ACCESS_DENIED
;
440 /********************************************************************
441 _eventlog_CloseEventLog
442 ********************************************************************/
444 NTSTATUS
_eventlog_CloseEventLog(pipes_struct
* p
,
445 struct eventlog_CloseEventLog
*r
)
449 status
= elog_close( p
, r
->in
.handle
);
450 if (!NT_STATUS_IS_OK(status
)) {
454 ZERO_STRUCTP(r
->out
.handle
);
459 /********************************************************************
460 _eventlog_ReadEventLogW
461 ********************************************************************/
463 NTSTATUS
_eventlog_ReadEventLogW(pipes_struct
*p
,
464 struct eventlog_ReadEventLogW
*r
)
466 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
467 uint32_t num_records_read
= 0;
468 int bytes_left
, record_number
;
469 uint32_t elog_read_type
, elog_read_dir
;
472 return NT_STATUS_INVALID_HANDLE
;
475 info
->flags
= r
->in
.flags
;
476 bytes_left
= r
->in
.number_of_bytes
;
479 return NT_STATUS_ACCESS_DENIED
;
482 /* check for valid flags. Can't use the sequential and seek flags together */
484 elog_read_type
= r
->in
.flags
& (EVENTLOG_SEQUENTIAL_READ
|EVENTLOG_SEEK_READ
);
485 elog_read_dir
= r
->in
.flags
& (EVENTLOG_FORWARDS_READ
|EVENTLOG_BACKWARDS_READ
);
487 if (r
->in
.flags
== 0 ||
488 elog_read_type
== (EVENTLOG_SEQUENTIAL_READ
|EVENTLOG_SEEK_READ
) ||
489 elog_read_dir
== (EVENTLOG_FORWARDS_READ
|EVENTLOG_BACKWARDS_READ
))
491 DEBUG(3,("_eventlog_ReadEventLogW: "
492 "Invalid flags [0x%08x] for ReadEventLog\n",
494 return NT_STATUS_INVALID_PARAMETER
;
497 /* a sequential read should ignore the offset */
499 if (elog_read_type
& EVENTLOG_SEQUENTIAL_READ
) {
500 record_number
= info
->current_record
;
502 record_number
= r
->in
.offset
;
505 if (r
->in
.number_of_bytes
== 0) {
506 struct EVENTLOGRECORD
*e
;
507 e
= evlog_pull_record(p
->mem_ctx
, ELOG_TDB_CTX(info
->etdb
),
510 return NT_STATUS_END_OF_FILE
;
512 *r
->out
.real_size
= e
->Length
;
513 return NT_STATUS_BUFFER_TOO_SMALL
;
516 while (bytes_left
> 0) {
519 enum ndr_err_code ndr_err
;
520 struct EVENTLOGRECORD
*e
;
522 e
= evlog_pull_record(p
->mem_ctx
, ELOG_TDB_CTX(info
->etdb
),
528 ndr_err
= ndr_push_struct_blob(&blob
, p
->mem_ctx
, NULL
, e
,
529 (ndr_push_flags_fn_t
)ndr_push_EVENTLOGRECORD
);
530 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
531 return ndr_map_error2ntstatus(ndr_err
);
534 if (DEBUGLEVEL
>= 10) {
535 NDR_PRINT_DEBUG(EVENTLOGRECORD
, e
);
538 if (blob
.length
> r
->in
.number_of_bytes
) {
539 *r
->out
.real_size
= blob
.length
;
540 return NT_STATUS_BUFFER_TOO_SMALL
;
543 if (*r
->out
.sent_size
+ blob
.length
> r
->in
.number_of_bytes
) {
547 bytes_left
-= blob
.length
;
549 if (info
->flags
& EVENTLOG_FORWARDS_READ
) {
555 /* update the eventlog record pointer */
557 info
->current_record
= record_number
;
559 memcpy(&r
->out
.data
[*(r
->out
.sent_size
)],
560 blob
.data
, blob
.length
);
561 *(r
->out
.sent_size
) += blob
.length
;
566 if (r
->in
.offset
== 0 && record_number
== 0 && *r
->out
.sent_size
== 0) {
567 return NT_STATUS_END_OF_FILE
;
573 /********************************************************************
574 _eventlog_GetOldestRecord
575 ********************************************************************/
577 NTSTATUS
_eventlog_GetOldestRecord(pipes_struct
*p
,
578 struct eventlog_GetOldestRecord
*r
)
580 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
583 return NT_STATUS_INVALID_HANDLE
;
586 if ( !( get_oldest_entry_hook( info
) ) )
587 return NT_STATUS_ACCESS_DENIED
;
589 *r
->out
.oldest_entry
= info
->oldest_entry
;
594 /********************************************************************
595 _eventlog_GetNumRecords
596 ********************************************************************/
598 NTSTATUS
_eventlog_GetNumRecords(pipes_struct
*p
,
599 struct eventlog_GetNumRecords
*r
)
601 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
604 return NT_STATUS_INVALID_HANDLE
;
607 if ( !( get_num_records_hook( info
) ) )
608 return NT_STATUS_ACCESS_DENIED
;
610 *r
->out
.number
= info
->num_records
;
615 NTSTATUS
_eventlog_BackupEventLogW(pipes_struct
*p
, struct eventlog_BackupEventLogW
*r
)
617 p
->rng_fault_state
= True
;
618 return NT_STATUS_NOT_IMPLEMENTED
;
621 /********************************************************************
622 _eventlog_GetLogInformation
623 ********************************************************************/
625 NTSTATUS
_eventlog_GetLogInformation(pipes_struct
*p
,
626 struct eventlog_GetLogInformation
*r
)
628 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
629 struct EVENTLOG_FULL_INFORMATION f
;
630 enum ndr_err_code ndr_err
;
634 return NT_STATUS_INVALID_HANDLE
;
637 if (r
->in
.level
!= 0) {
638 return NT_STATUS_INVALID_LEVEL
;
641 *r
->out
.bytes_needed
= 4;
643 if (r
->in
.buf_size
< 4) {
644 return NT_STATUS_BUFFER_TOO_SMALL
;
647 /* FIXME: this should be retrieved from the handle */
650 ndr_err
= ndr_push_struct_blob(&blob
, p
->mem_ctx
, NULL
, &f
,
651 (ndr_push_flags_fn_t
)ndr_push_EVENTLOG_FULL_INFORMATION
);
652 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
653 return ndr_map_error2ntstatus(ndr_err
);
656 if (DEBUGLEVEL
>= 10) {
657 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION
, &f
);
660 memcpy(r
->out
.buffer
, blob
.data
, 4);
665 /********************************************************************
666 _eventlog_FlushEventLog
667 ********************************************************************/
669 NTSTATUS
_eventlog_FlushEventLog(pipes_struct
*p
,
670 struct eventlog_FlushEventLog
*r
)
672 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
674 return NT_STATUS_INVALID_HANDLE
;
677 return NT_STATUS_ACCESS_DENIED
;
680 /********************************************************************
681 ********************************************************************/
683 static NTSTATUS
evlog_report_to_record(TALLOC_CTX
*mem_ctx
,
684 const struct eventlog_ReportEventW
*r
,
686 struct EVENTLOGRECORD
*e
)
691 e
->TimeGenerated
= r
->in
.timestamp
;
692 e
->TimeWritten
= time(NULL
);
693 e
->EventID
= r
->in
.event_id
;
694 e
->EventType
= r
->in
.event_type
;
695 e
->NumStrings
= r
->in
.num_of_strings
;
696 e
->EventCategory
= r
->in
.event_category
;
697 e
->ReservedFlags
= r
->in
.flags
;
698 e
->DataLength
= r
->in
.data_size
;
699 e
->SourceName
= talloc_strdup(mem_ctx
, logname
);
700 NT_STATUS_HAVE_NO_MEMORY(e
->SourceName
);
701 if (r
->in
.servername
->string
) {
702 e
->Computername
= r
->in
.servername
->string
;
704 e
->Computername
= talloc_strdup(mem_ctx
, "");
705 NT_STATUS_HAVE_NO_MEMORY(e
->Computername
);
707 if (r
->in
.user_sid
) {
708 e
->UserSid
= *r
->in
.user_sid
;
710 e
->Strings
= talloc_array(mem_ctx
, const char *, e
->NumStrings
);
711 NT_STATUS_HAVE_NO_MEMORY(e
->Strings
);
713 for (i
=0; i
< e
->NumStrings
; i
++) {
714 e
->Strings
[i
] = talloc_strdup(e
->Strings
,
715 r
->in
.strings
[i
]->string
);
716 NT_STATUS_HAVE_NO_MEMORY(e
->Strings
[i
]);
718 e
->Data
= r
->in
.data
;
723 /********************************************************************
724 _eventlog_ReportEventW
725 ********************************************************************/
727 NTSTATUS
_eventlog_ReportEventW(pipes_struct
*p
,
728 struct eventlog_ReportEventW
*r
)
731 struct EVENTLOGRECORD record
;
733 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
735 return NT_STATUS_INVALID_HANDLE
;
738 status
= evlog_report_to_record(p
->mem_ctx
, r
, info
->logname
, &record
);
739 if (!NT_STATUS_IS_OK(status
)) {
743 status
= evlog_push_record(p
->mem_ctx
,
744 ELOG_TDB_CTX(info
->etdb
),
746 r
->out
.record_number
);
747 if (!NT_STATUS_IS_OK(status
)) {
754 /********************************************************************
755 ********************************************************************/
757 NTSTATUS
_eventlog_DeregisterEventSource(pipes_struct
*p
, struct eventlog_DeregisterEventSource
*r
)
759 p
->rng_fault_state
= True
;
760 return NT_STATUS_NOT_IMPLEMENTED
;
763 NTSTATUS
_eventlog_ChangeNotify(pipes_struct
*p
, struct eventlog_ChangeNotify
*r
)
765 p
->rng_fault_state
= True
;
766 return NT_STATUS_NOT_IMPLEMENTED
;
769 NTSTATUS
_eventlog_RegisterEventSourceW(pipes_struct
*p
, struct eventlog_RegisterEventSourceW
*r
)
771 p
->rng_fault_state
= True
;
772 return NT_STATUS_NOT_IMPLEMENTED
;
775 NTSTATUS
_eventlog_OpenBackupEventLogW(pipes_struct
*p
, struct eventlog_OpenBackupEventLogW
*r
)
777 p
->rng_fault_state
= True
;
778 return NT_STATUS_NOT_IMPLEMENTED
;
781 NTSTATUS
_eventlog_ClearEventLogA(pipes_struct
*p
, struct eventlog_ClearEventLogA
*r
)
783 p
->rng_fault_state
= True
;
784 return NT_STATUS_NOT_IMPLEMENTED
;
787 NTSTATUS
_eventlog_BackupEventLogA(pipes_struct
*p
, struct eventlog_BackupEventLogA
*r
)
789 p
->rng_fault_state
= True
;
790 return NT_STATUS_NOT_IMPLEMENTED
;
793 NTSTATUS
_eventlog_OpenEventLogA(pipes_struct
*p
, struct eventlog_OpenEventLogA
*r
)
795 p
->rng_fault_state
= True
;
796 return NT_STATUS_NOT_IMPLEMENTED
;
799 NTSTATUS
_eventlog_RegisterEventSourceA(pipes_struct
*p
, struct eventlog_RegisterEventSourceA
*r
)
801 p
->rng_fault_state
= True
;
802 return NT_STATUS_NOT_IMPLEMENTED
;
805 NTSTATUS
_eventlog_OpenBackupEventLogA(pipes_struct
*p
, struct eventlog_OpenBackupEventLogA
*r
)
807 p
->rng_fault_state
= True
;
808 return NT_STATUS_NOT_IMPLEMENTED
;
811 NTSTATUS
_eventlog_ReadEventLogA(pipes_struct
*p
, struct eventlog_ReadEventLogA
*r
)
813 p
->rng_fault_state
= True
;
814 return NT_STATUS_NOT_IMPLEMENTED
;
817 NTSTATUS
_eventlog_ReportEventA(pipes_struct
*p
, struct eventlog_ReportEventA
*r
)
819 p
->rng_fault_state
= True
;
820 return NT_STATUS_NOT_IMPLEMENTED
;
823 NTSTATUS
_eventlog_RegisterClusterSvc(pipes_struct
*p
, struct eventlog_RegisterClusterSvc
*r
)
825 p
->rng_fault_state
= True
;
826 return NT_STATUS_NOT_IMPLEMENTED
;
829 NTSTATUS
_eventlog_DeregisterClusterSvc(pipes_struct
*p
, struct eventlog_DeregisterClusterSvc
*r
)
831 p
->rng_fault_state
= True
;
832 return NT_STATUS_NOT_IMPLEMENTED
;
835 NTSTATUS
_eventlog_WriteClusterEvents(pipes_struct
*p
, struct eventlog_WriteClusterEvents
*r
)
837 p
->rng_fault_state
= True
;
838 return NT_STATUS_NOT_IMPLEMENTED
;
841 NTSTATUS
_eventlog_ReportEventAndSourceW(pipes_struct
*p
, struct eventlog_ReportEventAndSourceW
*r
)
843 p
->rng_fault_state
= True
;
844 return NT_STATUS_NOT_IMPLEMENTED
;