search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-eventlog: move all eventlog headers to lib/eventlog and only include where required.
[Samba/ekacnet.git] / source3 / rpc_server / srv_eventlog_nt.c
blob3b109558f07bbb31a92a9ec0c255ea6669ee5d8a
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "../librpc/gen_ndr/srv_eventlog.h"
25 #include "lib/eventlog/eventlog.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_RPC_SRV
29
30 typedef struct {
31 char *logname;
32 ELOG_TDB *etdb;
33 uint32 current_record;
34 uint32 num_records;
35 uint32 oldest_entry;
36 uint32 flags;
37 uint32 access_granted;
38 } EVENTLOG_INFO;
39
40 /********************************************************************
41 ********************************************************************/
42
43 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
44 {
45 if (elog->etdb) {
46 elog_close_tdb(elog->etdb, false);
47 }
48 return 0;
49 }
50
51 /********************************************************************
52 ********************************************************************/
53
54 static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p,
55 struct policy_handle * handle )
56 {
57 EVENTLOG_INFO *info;
58
59 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
60 DEBUG( 2,
61 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
62 return NULL;
63 }
64
65 return info;
66 }
67
68 /********************************************************************
69 ********************************************************************/
70
71 static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
72 {
73 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
74 SEC_DESC *sec_desc;
75 NTSTATUS status;
76
77 if ( !tdbname )
78 return False;
79
80 /* get the security descriptor for the file */
81
82 sec_desc = get_nt_acl_no_snum( info, tdbname );
83 TALLOC_FREE( tdbname );
84
85 if ( !sec_desc ) {
86 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
87 tdbname));
88 return False;
89 }
90
91 /* root free pass */
92
93 if ( geteuid() == sec_initial_uid() ) {
94 DEBUG(5,("elog_check_access: using root's token\n"));
95 token = get_root_nt_token();
96 }
97
98 /* run the check, try for the max allowed */
99
100 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
101 &info->access_granted);
102
103 if ( sec_desc )
104 TALLOC_FREE( sec_desc );
105
106 if (!NT_STATUS_IS_OK(status)) {
107 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
108 nt_errstr(status)));
109 return False;
110 }
111
112 /* we have to have READ permission for a successful open */
113
114 return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
115 }
116
117 /********************************************************************
118 ********************************************************************/
119
120 static bool elog_validate_logname( const char *name )
121 {
122 int i;
123 const char **elogs = lp_eventlog_list();
124
125 if (!elogs) {
126 return False;
127 }
128
129 for ( i=0; elogs[i]; i++ ) {
130 if ( strequal( name, elogs[i] ) )
131 return True;
132 }
133
134 return False;
135 }
136
137 /********************************************************************
138 ********************************************************************/
139
140 static bool get_num_records_hook( EVENTLOG_INFO * info )
141 {
142 int next_record;
143 int oldest_record;
144
145 if ( !info->etdb ) {
146 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
147 return False;
148 }
149
150 /* lock the tdb since we have to get 2 records */
151
152 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
153 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
154 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
155 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
156
157 DEBUG( 8,
158 ( "Oldest Record %d; Next Record %d\n", oldest_record,
159 next_record ) );
160
161 info->num_records = ( next_record - oldest_record );
162 info->oldest_entry = oldest_record;
163
164 return True;
165 }
166
167 /********************************************************************
168 ********************************************************************/
169
170 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
171 {
172 /* it's the same thing */
173 return get_num_records_hook( info );
174 }
175
176 /********************************************************************
177 ********************************************************************/
178
179 static NTSTATUS elog_open( pipes_struct * p, const char *logname, struct policy_handle *hnd )
180 {
181 EVENTLOG_INFO *elog;
182
183 /* first thing is to validate the eventlog name */
184
185 if ( !elog_validate_logname( logname ) )
186 return NT_STATUS_OBJECT_PATH_INVALID;
187
188 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
189 return NT_STATUS_NO_MEMORY;
190 talloc_set_destructor(elog, eventlog_info_destructor);
191
192 elog->logname = talloc_strdup( elog, logname );
193
194 /* Open the tdb first (so that we can create any new tdbs if necessary).
195 We have to do this as root and then use an internal access check
196 on the file permissions since you can only have a tdb open once
197 in a single process */
198
199 become_root();
200 elog->etdb = elog_open_tdb( elog->logname, False, False );
201 unbecome_root();
202
203 if ( !elog->etdb ) {
204 /* according to MSDN, if the logfile cannot be found, we should
205 default to the "Application" log */
206
207 if ( !strequal( logname, ELOG_APPL ) ) {
208
209 TALLOC_FREE( elog->logname );
210
211 elog->logname = talloc_strdup( elog, ELOG_APPL );
212
213 /* do the access check */
214 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
215 TALLOC_FREE( elog );
216 return NT_STATUS_ACCESS_DENIED;
217 }
218
219 become_root();
220 elog->etdb = elog_open_tdb( elog->logname, False, False );
221 unbecome_root();
222 }
223
224 if ( !elog->etdb ) {
225 TALLOC_FREE( elog );
226 return NT_STATUS_ACCESS_DENIED; /* ??? */
227 }
228 }
229
230 /* now do the access check. Close the tdb if we fail here */
231
232 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
233 TALLOC_FREE( elog );
234 return NT_STATUS_ACCESS_DENIED;
235 }
236
237 /* create the policy handle */
238
239 if ( !create_policy_hnd( p, hnd, elog ) ) {
240 TALLOC_FREE(elog);
241 return NT_STATUS_NO_MEMORY;
242 }
243
244 /* set the initial current_record pointer */
245
246 if ( !get_oldest_entry_hook( elog ) ) {
247 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
248 "get any information on internal records!\n"));
249 }
250
251 elog->current_record = elog->oldest_entry;
252
253 return NT_STATUS_OK;
254 }
255
256 /********************************************************************
257 ********************************************************************/
258
259 static NTSTATUS elog_close( pipes_struct *p, struct policy_handle *hnd )
260 {
261 if ( !( close_policy_hnd( p, hnd ) ) ) {
262 return NT_STATUS_INVALID_HANDLE;
263 }
264
265 return NT_STATUS_OK;
266 }
267
268 /*******************************************************************
269 *******************************************************************/
270
271 static int elog_size( EVENTLOG_INFO *info )
272 {
273 if ( !info || !info->etdb ) {
274 DEBUG(0,("elog_size: Invalid info* structure!\n"));
275 return 0;
276 }
277
278 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
279 }
280
281 /********************************************************************
282 note that this can only be called AFTER the table is constructed,
283 since it uses the table to find the tdb handle
284 ********************************************************************/
285
286 static bool sync_eventlog_params( EVENTLOG_INFO *info )
287 {
288 char *path = NULL;
289 uint32 uiMaxSize;
290 uint32 uiRetention;
291 struct registry_key *key;
292 struct registry_value *value;
293 WERROR wresult;
294 char *elogname = info->logname;
295 TALLOC_CTX *ctx = talloc_stackframe();
296 bool ret = false;
297
298 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
299
300 if ( !info->etdb ) {
301 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
302 goto done;
303 }
304 /* set resonable defaults. 512Kb on size and 1 week on time */
305
306 uiMaxSize = 0x80000;
307 uiRetention = 604800;
308
309 /* the general idea is to internally open the registry
310 key and retrieve the values. That way we can continue
311 to use the same fetch/store api that we use in
312 srv_reg_nt.c */
313
314 path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
315 if (!path) {
316 goto done;
317 }
318
319 wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(),
320 &key);
321
322 if ( !W_ERROR_IS_OK( wresult ) ) {
323 DEBUG( 4,
324 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
325 path, win_errstr( wresult ) ) );
326 goto done;
327 }
328
329 wresult = reg_queryvalue(key, key, "Retention", &value);
330 if (!W_ERROR_IS_OK(wresult)) {
331 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
332 win_errstr(wresult)));
333 goto done;
334 }
335 uiRetention = value->v.dword;
336
337 wresult = reg_queryvalue(key, key, "MaxSize", &value);
338 if (!W_ERROR_IS_OK(wresult)) {
339 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
340 win_errstr(wresult)));
341 goto done;
342 }
343 uiMaxSize = value->v.dword;
344
345 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
346 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
347
348 ret = true;
349
350 done:
351 TALLOC_FREE(ctx);
352 return ret;
353 }
354
355 /********************************************************************
356 _eventlog_OpenEventLogW
357 ********************************************************************/
358
359 NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p,
360 struct eventlog_OpenEventLogW *r)
361 {
362 EVENTLOG_INFO *info;
363 NTSTATUS result;
364
365 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
366 r->in.servername->string, r->in.logname->string ));
367
368 /* according to MSDN, if the logfile cannot be found, we should
369 default to the "Application" log */
370
371 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
372 return result;
373
374 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
375 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
376 r->in.logname->string ));
377 elog_close( p, r->out.handle );
378 return NT_STATUS_INVALID_HANDLE;
379 }
380
381 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
382
383 sync_eventlog_params( info );
384 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
385
386 return NT_STATUS_OK;
387 }
388
389 /********************************************************************
390 _eventlog_ClearEventLogW
391 This call still needs some work
392 ********************************************************************/
393 /** The windows client seems to be doing something funny with the file name
394 A call like
395 ClearEventLog(handle, "backup_file")
396 on the client side will result in the backup file name looking like this on the
397 server side:
398 \??\${CWD of client}\backup_file
399 If an absolute path gets specified, such as
400 ClearEventLog(handle, "C:\\temp\\backup_file")
401 then it is still mangled by the client into this:
402 \??\C:\temp\backup_file
403 when it is on the wire.
404 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
405 would be added in given that the backup file gets written on the server side. */
406
407 NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
408 struct eventlog_ClearEventLogW *r)
409 {
410 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
411
412 if ( !info )
413 return NT_STATUS_INVALID_HANDLE;
414
415 if (r->in.backupfile && r->in.backupfile->string) {
416
417 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
418 "file name for log [%s].",
419 r->in.backupfile->string, info->logname ) );
420 }
421
422 /* check for WRITE access to the file */
423
424 if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
425 return NT_STATUS_ACCESS_DENIED;
426
427 /* Force a close and reopen */
428
429 elog_close_tdb( info->etdb, True );
430 become_root();
431 info->etdb = elog_open_tdb( info->logname, True, False );
432 unbecome_root();
433
434 if ( !info->etdb )
435 return NT_STATUS_ACCESS_DENIED;
436
437 return NT_STATUS_OK;
438 }
439
440 /********************************************************************
441 _eventlog_CloseEventLog
442 ********************************************************************/
443
444 NTSTATUS _eventlog_CloseEventLog(pipes_struct * p,
445 struct eventlog_CloseEventLog *r)
446 {
447 NTSTATUS status;
448
449 status = elog_close( p, r->in.handle );
450 if (!NT_STATUS_IS_OK(status)) {
451 return status;
452 }
453
454 ZERO_STRUCTP(r->out.handle);
455
456 return NT_STATUS_OK;
457 }
458
459 /********************************************************************
460 _eventlog_ReadEventLogW
461 ********************************************************************/
462
463 NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p,
464 struct eventlog_ReadEventLogW *r)
465 {
466 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
467 uint32_t num_records_read = 0;
468 int bytes_left, record_number;
469 uint32_t elog_read_type, elog_read_dir;
470
471 if (!info) {
472 return NT_STATUS_INVALID_HANDLE;
473 }
474
475 info->flags = r->in.flags;
476 bytes_left = r->in.number_of_bytes;
477
478 if (!info->etdb) {
479 return NT_STATUS_ACCESS_DENIED;
480 }
481
482 /* check for valid flags. Can't use the sequential and seek flags together */
483
484 elog_read_type = r->in.flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
485 elog_read_dir = r->in.flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
486
487 if (r->in.flags == 0 ||
488 elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) ||
489 elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ))
490 {
491 DEBUG(3,("_eventlog_ReadEventLogW: "
492 "Invalid flags [0x%08x] for ReadEventLog\n",
493 r->in.flags));
494 return NT_STATUS_INVALID_PARAMETER;
495 }
496
497 /* a sequential read should ignore the offset */
498
499 if (elog_read_type & EVENTLOG_SEQUENTIAL_READ) {
500 record_number = info->current_record;
501 } else {
502 record_number = r->in.offset;
503 }
504
505 if (r->in.number_of_bytes == 0) {
506 struct EVENTLOGRECORD *e;
507 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
508 record_number);
509 if (!e) {
510 return NT_STATUS_END_OF_FILE;
511 }
512 *r->out.real_size = e->Length;
513 return NT_STATUS_BUFFER_TOO_SMALL;
514 }
515
516 while (bytes_left > 0) {
517
518 DATA_BLOB blob;
519 enum ndr_err_code ndr_err;
520 struct EVENTLOGRECORD *e;
521
522 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
523 record_number);
524 if (!e) {
525 break;
526 }
527
528 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, NULL, e,
529 (ndr_push_flags_fn_t)ndr_push_EVENTLOGRECORD);
530 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
531 return ndr_map_error2ntstatus(ndr_err);
532 }
533
534 if (DEBUGLEVEL >= 10) {
535 NDR_PRINT_DEBUG(EVENTLOGRECORD, e);
536 }
537
538 if (blob.length > r->in.number_of_bytes) {
539 *r->out.real_size = blob.length;
540 return NT_STATUS_BUFFER_TOO_SMALL;
541 }
542
543 if (*r->out.sent_size + blob.length > r->in.number_of_bytes) {
544 break;
545 }
546
547 bytes_left -= blob.length;
548
549 if (info->flags & EVENTLOG_FORWARDS_READ) {
550 record_number++;
551 } else {
552 record_number--;
553 }
554
555 /* update the eventlog record pointer */
556
557 info->current_record = record_number;
558
559 memcpy(&r->out.data[*(r->out.sent_size)],
560 blob.data, blob.length);
561 *(r->out.sent_size) += blob.length;
562
563 num_records_read++;
564 }
565
566 if (r->in.offset == 0 && record_number == 0 && *r->out.sent_size == 0) {
567 return NT_STATUS_END_OF_FILE;
568 }
569
570 return NT_STATUS_OK;
571 }
572
573 /********************************************************************
574 _eventlog_GetOldestRecord
575 ********************************************************************/
576
577 NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p,
578 struct eventlog_GetOldestRecord *r)
579 {
580 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
581
582 if (info == NULL) {
583 return NT_STATUS_INVALID_HANDLE;
584 }
585
586 if ( !( get_oldest_entry_hook( info ) ) )
587 return NT_STATUS_ACCESS_DENIED;
588
589 *r->out.oldest_entry = info->oldest_entry;
590
591 return NT_STATUS_OK;
592 }
593
594 /********************************************************************
595 _eventlog_GetNumRecords
596 ********************************************************************/
597
598 NTSTATUS _eventlog_GetNumRecords(pipes_struct *p,
599 struct eventlog_GetNumRecords *r)
600 {
601 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
602
603 if (info == NULL) {
604 return NT_STATUS_INVALID_HANDLE;
605 }
606
607 if ( !( get_num_records_hook( info ) ) )
608 return NT_STATUS_ACCESS_DENIED;
609
610 *r->out.number = info->num_records;
611
612 return NT_STATUS_OK;
613 }
614
615 NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r)
616 {
617 p->rng_fault_state = True;
618 return NT_STATUS_NOT_IMPLEMENTED;
619 }
620
621 /********************************************************************
622 _eventlog_GetLogInformation
623 ********************************************************************/
624
625 NTSTATUS _eventlog_GetLogInformation(pipes_struct *p,
626 struct eventlog_GetLogInformation *r)
627 {
628 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
629 struct EVENTLOG_FULL_INFORMATION f;
630 enum ndr_err_code ndr_err;
631 DATA_BLOB blob;
632
633 if (!info) {
634 return NT_STATUS_INVALID_HANDLE;
635 }
636
637 if (r->in.level != 0) {
638 return NT_STATUS_INVALID_LEVEL;
639 }
640
641 *r->out.bytes_needed = 4;
642
643 if (r->in.buf_size < 4) {
644 return NT_STATUS_BUFFER_TOO_SMALL;
645 }
646
647 /* FIXME: this should be retrieved from the handle */
648 f.full = false;
649
650 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, NULL, &f,
651 (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
652 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
653 return ndr_map_error2ntstatus(ndr_err);
654 }
655
656 if (DEBUGLEVEL >= 10) {
657 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
658 }
659
660 memcpy(r->out.buffer, blob.data, 4);
661
662 return NT_STATUS_OK;
663 }
664
665 /********************************************************************
666 _eventlog_FlushEventLog
667 ********************************************************************/
668
669 NTSTATUS _eventlog_FlushEventLog(pipes_struct *p,
670 struct eventlog_FlushEventLog *r)
671 {
672 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
673 if (!info) {
674 return NT_STATUS_INVALID_HANDLE;
675 }
676
677 return NT_STATUS_ACCESS_DENIED;
678 }
679
680 /********************************************************************
681 ********************************************************************/
682
683 static NTSTATUS evlog_report_to_record(TALLOC_CTX *mem_ctx,
684 const struct eventlog_ReportEventW *r,
685 const char *logname,
686 struct EVENTLOGRECORD *e)
687 {
688 uint32_t i;
689 ZERO_STRUCTP(e);
690
691 e->TimeGenerated = r->in.timestamp;
692 e->TimeWritten = time(NULL);
693 e->EventID = r->in.event_id;
694 e->EventType = r->in.event_type;
695 e->NumStrings = r->in.num_of_strings;
696 e->EventCategory = r->in.event_category;
697 e->ReservedFlags = r->in.flags;
698 e->DataLength = r->in.data_size;
699 e->SourceName = talloc_strdup(mem_ctx, logname);
700 NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
701 if (r->in.servername->string) {
702 e->Computername = r->in.servername->string;
703 } else {
704 e->Computername = talloc_strdup(mem_ctx, "");
705 NT_STATUS_HAVE_NO_MEMORY(e->Computername);
706 }
707 if (r->in.user_sid) {
708 e->UserSid = *r->in.user_sid;
709 }
710 e->Strings = talloc_array(mem_ctx, const char *, e->NumStrings);
711 NT_STATUS_HAVE_NO_MEMORY(e->Strings);
712
713 for (i=0; i < e->NumStrings; i++) {
714 e->Strings[i] = talloc_strdup(e->Strings,
715 r->in.strings[i]->string);
716 NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
717 }
718 e->Data = r->in.data;
719
720 return NT_STATUS_OK;
721 }
722
723 /********************************************************************
724 _eventlog_ReportEventW
725 ********************************************************************/
726
727 NTSTATUS _eventlog_ReportEventW(pipes_struct *p,
728 struct eventlog_ReportEventW *r)
729 {
730 NTSTATUS status;
731 struct EVENTLOGRECORD record;
732
733 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
734 if (!info) {
735 return NT_STATUS_INVALID_HANDLE;
736 }
737
738 status = evlog_report_to_record(p->mem_ctx, r, info->logname, &record);
739 if (!NT_STATUS_IS_OK(status)) {
740 return status;
741 }
742
743 status = evlog_push_record(p->mem_ctx,
744 ELOG_TDB_CTX(info->etdb),
745 &record,
746 r->out.record_number);
747 if (!NT_STATUS_IS_OK(status)) {
748 return status;
749 }
750
751 return NT_STATUS_OK;
752 }
753
754 /********************************************************************
755 ********************************************************************/
756
757 NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r)
758 {
759 p->rng_fault_state = True;
760 return NT_STATUS_NOT_IMPLEMENTED;
761 }
762
763 NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r)
764 {
765 p->rng_fault_state = True;
766 return NT_STATUS_NOT_IMPLEMENTED;
767 }
768
769 NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r)
770 {
771 p->rng_fault_state = True;
772 return NT_STATUS_NOT_IMPLEMENTED;
773 }
774
775 NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r)
776 {
777 p->rng_fault_state = True;
778 return NT_STATUS_NOT_IMPLEMENTED;
779 }
780
781 NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r)
782 {
783 p->rng_fault_state = True;
784 return NT_STATUS_NOT_IMPLEMENTED;
785 }
786
787 NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r)
788 {
789 p->rng_fault_state = True;
790 return NT_STATUS_NOT_IMPLEMENTED;
791 }
792
793 NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r)
794 {
795 p->rng_fault_state = True;
796 return NT_STATUS_NOT_IMPLEMENTED;
797 }
798
799 NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r)
800 {
801 p->rng_fault_state = True;
802 return NT_STATUS_NOT_IMPLEMENTED;
803 }
804
805 NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r)
806 {
807 p->rng_fault_state = True;
808 return NT_STATUS_NOT_IMPLEMENTED;
809 }
810
811 NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r)
812 {
813 p->rng_fault_state = True;
814 return NT_STATUS_NOT_IMPLEMENTED;
815 }
816
817 NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r)
818 {
819 p->rng_fault_state = True;
820 return NT_STATUS_NOT_IMPLEMENTED;
821 }
822
823 NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r)
824 {
825 p->rng_fault_state = True;
826 return NT_STATUS_NOT_IMPLEMENTED;
827 }
828
829 NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r)
830 {
831 p->rng_fault_state = True;
832 return NT_STATUS_NOT_IMPLEMENTED;
833 }
834
835 NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r)
836 {
837 p->rng_fault_state = True;
838 return NT_STATUS_NOT_IMPLEMENTED;
839 }
840
841 NTSTATUS _eventlog_ReportEventAndSourceW(pipes_struct *p, struct eventlog_ReportEventAndSourceW *r)
842 {
843 p->rng_fault_state = True;
844 return NT_STATUS_NOT_IMPLEMENTED;
845 }