2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "system/passwd.h" /* uid_wrapper */
26 #include "../librpc/gen_ndr/srv_eventlog.h"
27 #include "lib/eventlog/eventlog.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_winreg_c.h"
30 #include "rpc_client/cli_winreg_int.h"
31 #include "rpc_client/cli_winreg.h"
32 #include "smbd/smbd.h"
37 #define DBGC_CLASS DBGC_RPC_SRV
39 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
44 uint32 current_record
;
48 uint32 access_granted
;
51 /********************************************************************
52 ********************************************************************/
54 static int eventlog_info_destructor(EVENTLOG_INFO
*elog
)
57 elog_close_tdb(elog
->etdb
, false);
62 /********************************************************************
63 ********************************************************************/
65 static EVENTLOG_INFO
*find_eventlog_info_by_hnd( struct pipes_struct
* p
,
66 struct policy_handle
* handle
)
70 if ( !find_policy_by_hnd( p
, handle
, (void **)(void *)&info
) ) {
72 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
79 /********************************************************************
80 ********************************************************************/
82 static bool elog_check_access( EVENTLOG_INFO
*info
, const struct security_token
*token
)
84 char *tdbname
= elog_tdbname(talloc_tos(), info
->logname
);
85 struct security_descriptor
*sec_desc
;
86 struct security_ace
*ace
;
92 /* get the security descriptor for the file */
94 sec_desc
= get_nt_acl_no_snum( info
, tdbname
);
95 TALLOC_FREE( tdbname
);
98 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
103 ace
= talloc_zero(sec_desc
, struct security_ace
);
105 TALLOC_FREE(sec_desc
);
109 ace
->type
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
111 ace
->access_mask
= REG_KEY_ALL
;
112 ace
->trustee
= global_sid_System
;
114 status
= security_descriptor_dacl_add(sec_desc
, ace
);
115 if (!NT_STATUS_IS_OK(status
)) {
116 TALLOC_FREE(sec_desc
);
122 if ( geteuid() == sec_initial_uid() ) {
123 DEBUG(5,("elog_check_access: running as root, using system token\n"));
124 token
= get_system_token();
127 /* run the check, try for the max allowed */
129 status
= se_access_check( sec_desc
, token
, MAXIMUM_ALLOWED_ACCESS
,
130 &info
->access_granted
);
132 TALLOC_FREE(sec_desc
);
134 if (!NT_STATUS_IS_OK(status
)) {
135 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
140 /* we have to have READ permission for a successful open */
142 return ( info
->access_granted
& SEC_FILE_READ_DATA
);
145 /********************************************************************
146 ********************************************************************/
148 static bool elog_validate_logname( const char *name
)
151 const char **elogs
= lp_eventlog_list();
157 for ( i
=0; elogs
[i
]; i
++ ) {
158 if ( strequal( name
, elogs
[i
] ) )
165 /********************************************************************
166 ********************************************************************/
168 static bool get_num_records_hook( EVENTLOG_INFO
* info
)
174 DEBUG( 10, ( "No open tdb for %s\n", info
->logname
) );
178 /* lock the tdb since we have to get 2 records */
180 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
, 1 );
181 next_record
= tdb_fetch_int32( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
);
182 oldest_record
= tdb_fetch_int32( ELOG_TDB_CTX(info
->etdb
), EVT_OLDEST_ENTRY
);
183 tdb_unlock_bystring( ELOG_TDB_CTX(info
->etdb
), EVT_NEXT_RECORD
);
186 ( "Oldest Record %d; Next Record %d\n", oldest_record
,
189 info
->num_records
= ( next_record
- oldest_record
);
190 info
->oldest_entry
= oldest_record
;
195 /********************************************************************
196 ********************************************************************/
198 static bool get_oldest_entry_hook( EVENTLOG_INFO
* info
)
200 /* it's the same thing */
201 return get_num_records_hook( info
);
204 /********************************************************************
205 ********************************************************************/
207 static NTSTATUS
elog_open( struct pipes_struct
* p
, const char *logname
, struct policy_handle
*hnd
)
211 /* first thing is to validate the eventlog name */
213 if ( !elog_validate_logname( logname
) )
214 return NT_STATUS_OBJECT_PATH_INVALID
;
216 if ( !(elog
= talloc_zero( NULL
, EVENTLOG_INFO
)) )
217 return NT_STATUS_NO_MEMORY
;
218 talloc_set_destructor(elog
, eventlog_info_destructor
);
220 elog
->logname
= talloc_strdup( elog
, logname
);
222 /* Open the tdb first (so that we can create any new tdbs if necessary).
223 We have to do this as root and then use an internal access check
224 on the file permissions since you can only have a tdb open once
225 in a single process */
228 elog
->etdb
= elog_open_tdb( elog
->logname
, False
, False
);
232 /* according to MSDN, if the logfile cannot be found, we should
233 default to the "Application" log */
235 if ( !strequal( logname
, ELOG_APPL
) ) {
237 TALLOC_FREE( elog
->logname
);
239 elog
->logname
= talloc_strdup( elog
, ELOG_APPL
);
241 /* do the access check */
242 if ( !elog_check_access( elog
, p
->session_info
->security_token
) ) {
244 return NT_STATUS_ACCESS_DENIED
;
248 elog
->etdb
= elog_open_tdb( elog
->logname
, False
, False
);
254 return NT_STATUS_ACCESS_DENIED
; /* ??? */
258 /* now do the access check. Close the tdb if we fail here */
260 if ( !elog_check_access( elog
, p
->session_info
->security_token
) ) {
262 return NT_STATUS_ACCESS_DENIED
;
265 /* create the policy handle */
267 if ( !create_policy_hnd( p
, hnd
, elog
) ) {
269 return NT_STATUS_NO_MEMORY
;
272 /* set the initial current_record pointer */
274 if ( !get_oldest_entry_hook( elog
) ) {
275 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
276 "get any information on internal records!\n"));
279 elog
->current_record
= elog
->oldest_entry
;
284 /********************************************************************
285 ********************************************************************/
287 static NTSTATUS
elog_close( struct pipes_struct
*p
, struct policy_handle
*hnd
)
289 if ( !( close_policy_hnd( p
, hnd
) ) ) {
290 return NT_STATUS_INVALID_HANDLE
;
296 /*******************************************************************
297 *******************************************************************/
299 static int elog_size( EVENTLOG_INFO
*info
)
301 if ( !info
|| !info
->etdb
) {
302 DEBUG(0,("elog_size: Invalid info* structure!\n"));
306 return elog_tdb_size( ELOG_TDB_CTX(info
->etdb
), NULL
, NULL
);
309 /********************************************************************
310 note that this can only be called AFTER the table is constructed,
311 since it uses the table to find the tdb handle
312 ********************************************************************/
314 static bool sync_eventlog_params(TALLOC_CTX
*mem_ctx
,
315 struct messaging_context
*msg_ctx
,
318 struct dcerpc_binding_handle
*h
= NULL
;
319 uint32_t access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
320 struct policy_handle hive_hnd
, key_hnd
;
321 uint32_t uiMaxSize
= 0;
322 uint32_t uiRetention
= 0;
325 WERROR wresult
= WERR_OK
;
326 char *elogname
= info
->logname
;
330 ctx
= talloc_stackframe();
335 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname
) );
338 DEBUG( 4, ( "No open tdb! (%s)\n", info
->logname
) );
341 /* set resonable defaults. 512Kb on size and 1 week on time */
344 uiRetention
= 604800;
346 /* the general idea is to internally open the registry
347 key and retrieve the values. That way we can continue
348 to use the same fetch/store api that we use in
350 path
= talloc_asprintf(ctx
, "%s\\%s", TOP_LEVEL_EVENTLOG_KEY
, elogname
);
355 status
= dcerpc_winreg_int_hklm_openkey(ctx
,
356 get_session_info_system(),
365 if (!NT_STATUS_IS_OK(status
)) {
366 DEBUG(4,("sync_eventlog_params: Failed to open key [%s] (%s)\n",
367 path
, nt_errstr(status
)));
370 if ( !W_ERROR_IS_OK( wresult
) ) {
372 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
373 path
, win_errstr( wresult
) ) );
377 status
= dcerpc_winreg_query_dword(ctx
,
383 if (!NT_STATUS_IS_OK(status
)) {
384 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
388 if (!W_ERROR_IS_OK(wresult
)) {
389 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
390 win_errstr(wresult
)));
394 status
= dcerpc_winreg_query_dword(ctx
,
400 if (!NT_STATUS_IS_OK(status
)) {
401 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
405 if (!W_ERROR_IS_OK(wresult
)) {
406 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
407 win_errstr(wresult
)));
411 tdb_store_int32( ELOG_TDB_CTX(info
->etdb
), EVT_MAXSIZE
, uiMaxSize
);
412 tdb_store_int32( ELOG_TDB_CTX(info
->etdb
), EVT_RETENTION
, uiRetention
);
420 if (is_valid_policy_hnd(&key_hnd
)) {
421 dcerpc_winreg_CloseKey(h
, ctx
, &key_hnd
, &ignore
);
423 if (is_valid_policy_hnd(&hive_hnd
)) {
424 dcerpc_winreg_CloseKey(h
, ctx
, &hive_hnd
, &ignore
);
432 /********************************************************************
433 _eventlog_OpenEventLogW
434 ********************************************************************/
436 NTSTATUS
_eventlog_OpenEventLogW(struct pipes_struct
*p
,
437 struct eventlog_OpenEventLogW
*r
)
442 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
443 r
->in
.servername
->string
, r
->in
.logname
->string
));
445 /* according to MSDN, if the logfile cannot be found, we should
446 default to the "Application" log */
448 if ( !NT_STATUS_IS_OK( result
= elog_open( p
, r
->in
.logname
->string
, r
->out
.handle
)) )
451 if ( !(info
= find_eventlog_info_by_hnd( p
, r
->out
.handle
)) ) {
452 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
453 r
->in
.logname
->string
));
454 elog_close( p
, r
->out
.handle
);
455 return NT_STATUS_INVALID_HANDLE
;
458 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info
)));
460 if (!sync_eventlog_params(p
->mem_ctx
,
463 elog_close(p
, r
->out
.handle
);
464 return NT_STATUS_EVENTLOG_FILE_CORRUPT
;
466 prune_eventlog( ELOG_TDB_CTX(info
->etdb
) );
471 /********************************************************************
472 _eventlog_ClearEventLogW
473 This call still needs some work
474 ********************************************************************/
475 /** The windows client seems to be doing something funny with the file name
477 ClearEventLog(handle, "backup_file")
478 on the client side will result in the backup file name looking like this on the
480 \??\${CWD of client}\backup_file
481 If an absolute path gets specified, such as
482 ClearEventLog(handle, "C:\\temp\\backup_file")
483 then it is still mangled by the client into this:
484 \??\C:\temp\backup_file
485 when it is on the wire.
486 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
487 would be added in given that the backup file gets written on the server side. */
489 NTSTATUS
_eventlog_ClearEventLogW(struct pipes_struct
*p
,
490 struct eventlog_ClearEventLogW
*r
)
492 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
495 return NT_STATUS_INVALID_HANDLE
;
497 if (r
->in
.backupfile
&& r
->in
.backupfile
->string
) {
499 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
500 "file name for log [%s].",
501 r
->in
.backupfile
->string
, info
->logname
) );
504 /* check for WRITE access to the file */
506 if ( !(info
->access_granted
& SEC_FILE_WRITE_DATA
) )
507 return NT_STATUS_ACCESS_DENIED
;
509 /* Force a close and reopen */
511 elog_close_tdb( info
->etdb
, True
);
513 info
->etdb
= elog_open_tdb( info
->logname
, True
, False
);
517 return NT_STATUS_ACCESS_DENIED
;
522 /********************************************************************
523 _eventlog_CloseEventLog
524 ********************************************************************/
526 NTSTATUS
_eventlog_CloseEventLog(struct pipes_struct
* p
,
527 struct eventlog_CloseEventLog
*r
)
531 status
= elog_close( p
, r
->in
.handle
);
532 if (!NT_STATUS_IS_OK(status
)) {
536 ZERO_STRUCTP(r
->out
.handle
);
541 /********************************************************************
542 _eventlog_ReadEventLogW
543 ********************************************************************/
545 NTSTATUS
_eventlog_ReadEventLogW(struct pipes_struct
*p
,
546 struct eventlog_ReadEventLogW
*r
)
548 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
549 uint32_t num_records_read
= 0;
550 int bytes_left
, record_number
;
551 uint32_t elog_read_type
, elog_read_dir
;
554 return NT_STATUS_INVALID_HANDLE
;
557 info
->flags
= r
->in
.flags
;
558 bytes_left
= r
->in
.number_of_bytes
;
561 return NT_STATUS_ACCESS_DENIED
;
564 /* check for valid flags. Can't use the sequential and seek flags together */
566 elog_read_type
= r
->in
.flags
& (EVENTLOG_SEQUENTIAL_READ
|EVENTLOG_SEEK_READ
);
567 elog_read_dir
= r
->in
.flags
& (EVENTLOG_FORWARDS_READ
|EVENTLOG_BACKWARDS_READ
);
569 if (r
->in
.flags
== 0 ||
570 elog_read_type
== (EVENTLOG_SEQUENTIAL_READ
|EVENTLOG_SEEK_READ
) ||
571 elog_read_dir
== (EVENTLOG_FORWARDS_READ
|EVENTLOG_BACKWARDS_READ
))
573 DEBUG(3,("_eventlog_ReadEventLogW: "
574 "Invalid flags [0x%08x] for ReadEventLog\n",
576 return NT_STATUS_INVALID_PARAMETER
;
579 /* a sequential read should ignore the offset */
581 if (elog_read_type
& EVENTLOG_SEQUENTIAL_READ
) {
582 record_number
= info
->current_record
;
584 record_number
= r
->in
.offset
;
587 if (r
->in
.number_of_bytes
== 0) {
588 struct EVENTLOGRECORD
*e
;
589 e
= evlog_pull_record(p
->mem_ctx
, ELOG_TDB_CTX(info
->etdb
),
592 return NT_STATUS_END_OF_FILE
;
594 *r
->out
.real_size
= e
->Length
;
595 return NT_STATUS_BUFFER_TOO_SMALL
;
598 while (bytes_left
> 0) {
601 enum ndr_err_code ndr_err
;
602 struct EVENTLOGRECORD
*e
;
604 e
= evlog_pull_record(p
->mem_ctx
, ELOG_TDB_CTX(info
->etdb
),
610 ndr_err
= ndr_push_struct_blob(&blob
, p
->mem_ctx
, e
,
611 (ndr_push_flags_fn_t
)ndr_push_EVENTLOGRECORD
);
612 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
613 return ndr_map_error2ntstatus(ndr_err
);
616 if (DEBUGLEVEL
>= 10) {
617 NDR_PRINT_DEBUG(EVENTLOGRECORD
, e
);
620 if (blob
.length
> r
->in
.number_of_bytes
) {
621 *r
->out
.real_size
= blob
.length
;
622 return NT_STATUS_BUFFER_TOO_SMALL
;
625 if (*r
->out
.sent_size
+ blob
.length
> r
->in
.number_of_bytes
) {
629 bytes_left
-= blob
.length
;
631 if (info
->flags
& EVENTLOG_FORWARDS_READ
) {
637 /* update the eventlog record pointer */
639 info
->current_record
= record_number
;
641 memcpy(&r
->out
.data
[*(r
->out
.sent_size
)],
642 blob
.data
, blob
.length
);
643 *(r
->out
.sent_size
) += blob
.length
;
648 if (r
->in
.offset
== 0 && record_number
== 0 && *r
->out
.sent_size
== 0) {
649 return NT_STATUS_END_OF_FILE
;
655 /********************************************************************
656 _eventlog_GetOldestRecord
657 ********************************************************************/
659 NTSTATUS
_eventlog_GetOldestRecord(struct pipes_struct
*p
,
660 struct eventlog_GetOldestRecord
*r
)
662 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
665 return NT_STATUS_INVALID_HANDLE
;
668 if ( !( get_oldest_entry_hook( info
) ) )
669 return NT_STATUS_ACCESS_DENIED
;
671 *r
->out
.oldest_entry
= info
->oldest_entry
;
676 /********************************************************************
677 _eventlog_GetNumRecords
678 ********************************************************************/
680 NTSTATUS
_eventlog_GetNumRecords(struct pipes_struct
*p
,
681 struct eventlog_GetNumRecords
*r
)
683 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd( p
, r
->in
.handle
);
686 return NT_STATUS_INVALID_HANDLE
;
689 if ( !( get_num_records_hook( info
) ) )
690 return NT_STATUS_ACCESS_DENIED
;
692 *r
->out
.number
= info
->num_records
;
697 NTSTATUS
_eventlog_BackupEventLogW(struct pipes_struct
*p
, struct eventlog_BackupEventLogW
*r
)
699 p
->rng_fault_state
= True
;
700 return NT_STATUS_NOT_IMPLEMENTED
;
703 /********************************************************************
704 _eventlog_GetLogInformation
705 ********************************************************************/
707 NTSTATUS
_eventlog_GetLogInformation(struct pipes_struct
*p
,
708 struct eventlog_GetLogInformation
*r
)
710 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
711 struct EVENTLOG_FULL_INFORMATION f
;
712 enum ndr_err_code ndr_err
;
716 return NT_STATUS_INVALID_HANDLE
;
719 if (r
->in
.level
!= 0) {
720 return NT_STATUS_INVALID_LEVEL
;
723 *r
->out
.bytes_needed
= 4;
725 if (r
->in
.buf_size
< 4) {
726 return NT_STATUS_BUFFER_TOO_SMALL
;
729 /* FIXME: this should be retrieved from the handle */
732 ndr_err
= ndr_push_struct_blob(&blob
, p
->mem_ctx
, &f
,
733 (ndr_push_flags_fn_t
)ndr_push_EVENTLOG_FULL_INFORMATION
);
734 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
735 return ndr_map_error2ntstatus(ndr_err
);
738 if (DEBUGLEVEL
>= 10) {
739 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION
, &f
);
742 memcpy(r
->out
.buffer
, blob
.data
, 4);
747 /********************************************************************
748 _eventlog_FlushEventLog
749 ********************************************************************/
751 NTSTATUS
_eventlog_FlushEventLog(struct pipes_struct
*p
,
752 struct eventlog_FlushEventLog
*r
)
754 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
756 return NT_STATUS_INVALID_HANDLE
;
759 return NT_STATUS_ACCESS_DENIED
;
762 /********************************************************************
763 ********************************************************************/
765 static NTSTATUS
evlog_report_to_record(TALLOC_CTX
*mem_ctx
,
766 const struct eventlog_ReportEventW
*r
,
768 struct EVENTLOGRECORD
*e
)
773 e
->TimeGenerated
= r
->in
.timestamp
;
774 e
->TimeWritten
= time(NULL
);
775 e
->EventID
= r
->in
.event_id
;
776 e
->EventType
= r
->in
.event_type
;
777 e
->NumStrings
= r
->in
.num_of_strings
;
778 e
->EventCategory
= r
->in
.event_category
;
779 e
->ReservedFlags
= r
->in
.flags
;
780 e
->DataLength
= r
->in
.data_size
;
781 e
->SourceName
= talloc_strdup(mem_ctx
, logname
);
782 NT_STATUS_HAVE_NO_MEMORY(e
->SourceName
);
783 if (r
->in
.servername
->string
) {
784 e
->Computername
= r
->in
.servername
->string
;
786 e
->Computername
= talloc_strdup(mem_ctx
, "");
787 NT_STATUS_HAVE_NO_MEMORY(e
->Computername
);
789 if (r
->in
.user_sid
) {
790 e
->UserSid
= *r
->in
.user_sid
;
792 e
->Strings
= talloc_array(mem_ctx
, const char *, e
->NumStrings
);
793 NT_STATUS_HAVE_NO_MEMORY(e
->Strings
);
795 for (i
=0; i
< e
->NumStrings
; i
++) {
796 e
->Strings
[i
] = talloc_strdup(e
->Strings
,
797 r
->in
.strings
[i
]->string
);
798 NT_STATUS_HAVE_NO_MEMORY(e
->Strings
[i
]);
800 e
->Data
= r
->in
.data
;
805 /********************************************************************
806 _eventlog_ReportEventW
807 ********************************************************************/
809 NTSTATUS
_eventlog_ReportEventW(struct pipes_struct
*p
,
810 struct eventlog_ReportEventW
*r
)
813 struct EVENTLOGRECORD record
;
815 EVENTLOG_INFO
*info
= find_eventlog_info_by_hnd(p
, r
->in
.handle
);
817 return NT_STATUS_INVALID_HANDLE
;
820 status
= evlog_report_to_record(p
->mem_ctx
, r
, info
->logname
, &record
);
821 if (!NT_STATUS_IS_OK(status
)) {
825 status
= evlog_push_record(p
->mem_ctx
,
826 ELOG_TDB_CTX(info
->etdb
),
828 r
->out
.record_number
);
829 if (!NT_STATUS_IS_OK(status
)) {
836 /********************************************************************
837 ********************************************************************/
839 NTSTATUS
_eventlog_DeregisterEventSource(struct pipes_struct
*p
,
840 struct eventlog_DeregisterEventSource
*r
)
842 p
->rng_fault_state
= True
;
843 return NT_STATUS_NOT_IMPLEMENTED
;
846 NTSTATUS
_eventlog_ChangeNotify(struct pipes_struct
*p
,
847 struct eventlog_ChangeNotify
*r
)
849 p
->rng_fault_state
= True
;
850 return NT_STATUS_NOT_IMPLEMENTED
;
853 NTSTATUS
_eventlog_RegisterEventSourceW(struct pipes_struct
*p
,
854 struct eventlog_RegisterEventSourceW
*r
)
856 p
->rng_fault_state
= True
;
857 return NT_STATUS_NOT_IMPLEMENTED
;
860 NTSTATUS
_eventlog_OpenBackupEventLogW(struct pipes_struct
*p
,
861 struct eventlog_OpenBackupEventLogW
*r
)
863 p
->rng_fault_state
= True
;
864 return NT_STATUS_NOT_IMPLEMENTED
;
867 NTSTATUS
_eventlog_ClearEventLogA(struct pipes_struct
*p
,
868 struct eventlog_ClearEventLogA
*r
)
870 p
->rng_fault_state
= True
;
871 return NT_STATUS_NOT_IMPLEMENTED
;
874 NTSTATUS
_eventlog_BackupEventLogA(struct pipes_struct
*p
,
875 struct eventlog_BackupEventLogA
*r
)
877 p
->rng_fault_state
= True
;
878 return NT_STATUS_NOT_IMPLEMENTED
;
881 NTSTATUS
_eventlog_OpenEventLogA(struct pipes_struct
*p
,
882 struct eventlog_OpenEventLogA
*r
)
884 p
->rng_fault_state
= True
;
885 return NT_STATUS_NOT_IMPLEMENTED
;
888 NTSTATUS
_eventlog_RegisterEventSourceA(struct pipes_struct
*p
,
889 struct eventlog_RegisterEventSourceA
*r
)
891 p
->rng_fault_state
= True
;
892 return NT_STATUS_NOT_IMPLEMENTED
;
895 NTSTATUS
_eventlog_OpenBackupEventLogA(struct pipes_struct
*p
,
896 struct eventlog_OpenBackupEventLogA
*r
)
898 p
->rng_fault_state
= True
;
899 return NT_STATUS_NOT_IMPLEMENTED
;
902 NTSTATUS
_eventlog_ReadEventLogA(struct pipes_struct
*p
,
903 struct eventlog_ReadEventLogA
*r
)
905 p
->rng_fault_state
= True
;
906 return NT_STATUS_NOT_IMPLEMENTED
;
909 NTSTATUS
_eventlog_ReportEventA(struct pipes_struct
*p
,
910 struct eventlog_ReportEventA
*r
)
912 p
->rng_fault_state
= True
;
913 return NT_STATUS_NOT_IMPLEMENTED
;
916 NTSTATUS
_eventlog_RegisterClusterSvc(struct pipes_struct
*p
,
917 struct eventlog_RegisterClusterSvc
*r
)
919 p
->rng_fault_state
= True
;
920 return NT_STATUS_NOT_IMPLEMENTED
;
923 NTSTATUS
_eventlog_DeregisterClusterSvc(struct pipes_struct
*p
,
924 struct eventlog_DeregisterClusterSvc
*r
)
926 p
->rng_fault_state
= True
;
927 return NT_STATUS_NOT_IMPLEMENTED
;
930 NTSTATUS
_eventlog_WriteClusterEvents(struct pipes_struct
*p
,
931 struct eventlog_WriteClusterEvents
*r
)
933 p
->rng_fault_state
= True
;
934 return NT_STATUS_NOT_IMPLEMENTED
;
937 NTSTATUS
_eventlog_ReportEventAndSourceW(struct pipes_struct
*p
,
938 struct eventlog_ReportEventAndSourceW
*r
)
940 p
->rng_fault_state
= True
;
941 return NT_STATUS_NOT_IMPLEMENTED
;