search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
advapi32/tests: Fix the backup tests when run in a non-administrator pre-Vista account.
[wine.git] / dlls / advapi32 / tests / eventlog.c
bloba3fe44b770d9c9443185fad27f8576c474e9675e
1 /*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22
23 #include "windef.h"
24 #include "winbase.h"
25 #include "winerror.h"
26 #include "winnt.h"
27 #include "winreg.h"
28 #include "sddl.h"
29
30 #include "wine/test.h"
31
32 static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
33 static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
34
35 static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
36 static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
37 static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
38
39 static void init_function_pointers(void)
40 {
41 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
42 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
43
44 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
45 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
46
47 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
48 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
49 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
50 }
51
52 static BOOL create_backup(const char *filename)
53 {
54 HANDLE handle;
55 DWORD rc, attribs;
56
57 DeleteFileA(filename);
58 handle = OpenEventLogA(NULL, "Application");
59 rc = BackupEventLogA(handle, filename);
60 if (!rc && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
61 {
62 skip("insufficient privileges to backup the eventlog\n");
63 CloseEventLog(handle);
64 return FALSE;
65 }
66 ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError());
67 CloseEventLog(handle);
68
69 attribs = GetFileAttributesA(filename);
70 todo_wine
71 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError());
72 return TRUE;
73 }
74
75 static void test_open_close(void)
76 {
77 HANDLE handle;
78 BOOL ret;
79
80 SetLastError(0xdeadbeef);
81 ret = CloseEventLog(NULL);
82 ok(!ret, "Expected failure\n");
83 ok(GetLastError() == ERROR_INVALID_HANDLE ||
84 GetLastError() == ERROR_NOACCESS, /* W2K */
85 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
86
87 SetLastError(0xdeadbeef);
88 handle = OpenEventLogA(NULL, NULL);
89 ok(handle == NULL, "Didn't expect a handle\n");
90 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
91
92 SetLastError(0xdeadbeef);
93 handle = OpenEventLogA("IDontExist", NULL);
94 ok(handle == NULL, "Didn't expect a handle\n");
95 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
96
97 SetLastError(0xdeadbeef);
98 handle = OpenEventLogA("IDontExist", "deadbeef");
99 ok(handle == NULL, "Didn't expect a handle\n");
100 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
101 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
102 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
103
104 /* This one opens the Application log */
105 handle = OpenEventLogA(NULL, "deadbeef");
106 ok(handle != NULL, "Expected a handle\n");
107 ret = CloseEventLog(handle);
108 ok(ret, "Expected success\n");
109 /* Close a second time */
110 SetLastError(0xdeadbeef);
111 ret = CloseEventLog(handle);
112 todo_wine
113 {
114 ok(!ret, "Expected failure\n");
115 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
116 }
117
118 /* Empty servername should be read as local server */
119 handle = OpenEventLogA("", "Application");
120 ok(handle != NULL, "Expected a handle\n");
121 CloseEventLog(handle);
122
123 handle = OpenEventLogA(NULL, "Application");
124 ok(handle != NULL, "Expected a handle\n");
125 CloseEventLog(handle);
126 }
127
128 static void test_info(void)
129 {
130 HANDLE handle;
131 BOOL ret;
132 DWORD needed;
133 EVENTLOG_FULL_INFORMATION efi;
134
135 if (!pGetEventLogInformation)
136 {
137 /* NT4 */
138 win_skip("GetEventLogInformation is not available\n");
139 return;
140 }
141 SetLastError(0xdeadbeef);
142 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
143 ok(!ret, "Expected failure\n");
144 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
145
146 SetLastError(0xdeadbeef);
147 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
148 ok(!ret, "Expected failure\n");
149 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
150
151 handle = OpenEventLogA(NULL, "Application");
152
153 SetLastError(0xdeadbeef);
154 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
155 ok(!ret, "Expected failure\n");
156 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
157
158 SetLastError(0xdeadbeef);
159 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
160 ok(!ret, "Expected failure\n");
161 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
162
163 SetLastError(0xdeadbeef);
164 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, 0, NULL);
165 ok(!ret, "Expected failure\n");
166 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
167
168 SetLastError(0xdeadbeef);
169 needed = 0xdeadbeef;
170 efi.dwFull = 0xdeadbeef;
171 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, 0, &needed);
172 ok(!ret, "Expected failure\n");
173 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
174 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
175 ok(efi.dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
176
177 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
178 efi.dwFull = 0xdeadbeef;
179 needed *= 2;
180 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, needed, &needed);
181 ok(ret, "Expected success\n");
182 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
183 ok(efi.dwFull == 0 || efi.dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi.dwFull);
184
185 CloseEventLog(handle);
186 }
187
188 static void test_count(void)
189 {
190 HANDLE handle;
191 BOOL ret;
192 DWORD count;
193 const char backup[] = "backup.evt";
194
195 SetLastError(0xdeadbeef);
196 ret = GetNumberOfEventLogRecords(NULL, NULL);
197 ok(!ret, "Expected failure\n");
198 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
199
200 SetLastError(0xdeadbeef);
201 count = 0xdeadbeef;
202 ret = GetNumberOfEventLogRecords(NULL, &count);
203 ok(!ret, "Expected failure\n");
204 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
205 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
206
207 handle = OpenEventLogA(NULL, "Application");
208
209 SetLastError(0xdeadbeef);
210 ret = GetNumberOfEventLogRecords(handle, NULL);
211 ok(!ret, "Expected failure\n");
212 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
213
214 count = 0xdeadbeef;
215 ret = GetNumberOfEventLogRecords(handle, &count);
216 ok(ret, "Expected success\n");
217 ok(count != 0xdeadbeef, "Expected the number of records\n");
218
219 CloseEventLog(handle);
220
221 /* Make a backup eventlog to work with */
222 if (create_backup(backup))
223 {
224 handle = OpenBackupEventLogA(NULL, backup);
225 todo_wine
226 ok(handle != NULL, "Expected a handle, le=%d\n", GetLastError());
227
228 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
229 count = 0xdeadbeef;
230 ret = GetNumberOfEventLogRecords(handle, &count);
231 todo_wine
232 {
233 ok(ret, "Expected success\n");
234 ok(count != 0xdeadbeef, "Expected the number of records\n");
235 }
236
237 CloseEventLog(handle);
238 DeleteFileA(backup);
239 }
240 }
241
242 static void test_oldest(void)
243 {
244 HANDLE handle;
245 BOOL ret;
246 DWORD oldest;
247 const char backup[] = "backup.evt";
248
249 SetLastError(0xdeadbeef);
250 ret = GetOldestEventLogRecord(NULL, NULL);
251 ok(!ret, "Expected failure\n");
252 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
253
254 SetLastError(0xdeadbeef);
255 oldest = 0xdeadbeef;
256 ret = GetOldestEventLogRecord(NULL, &oldest);
257 ok(!ret, "Expected failure\n");
258 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
259 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
260
261 handle = OpenEventLogA(NULL, "Application");
262
263 SetLastError(0xdeadbeef);
264 ret = GetOldestEventLogRecord(handle, NULL);
265 ok(!ret, "Expected failure\n");
266 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
267
268 oldest = 0xdeadbeef;
269 ret = GetOldestEventLogRecord(handle, &oldest);
270 ok(ret, "Expected success\n");
271 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
272
273 CloseEventLog(handle);
274
275 /* Make a backup eventlog to work with */
276 if (create_backup(backup))
277 {
278 handle = OpenBackupEventLogA(NULL, backup);
279 todo_wine
280 ok(handle != NULL, "Expected a handle\n");
281
282 /* Does GetOldestEventLogRecord work with backup eventlogs? */
283 oldest = 0xdeadbeef;
284 ret = GetOldestEventLogRecord(handle, &oldest);
285 todo_wine
286 {
287 ok(ret, "Expected success\n");
288 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
289 }
290
291 CloseEventLog(handle);
292 DeleteFileA(backup);
293 }
294 }
295
296 static void test_backup(void)
297 {
298 HANDLE handle;
299 BOOL ret;
300 const char backup[] = "backup.evt";
301 const char backup2[] = "backup2.evt";
302
303 SetLastError(0xdeadbeef);
304 ret = BackupEventLogA(NULL, NULL);
305 ok(!ret, "Expected failure\n");
306 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
307
308 SetLastError(0xdeadbeef);
309 ret = BackupEventLogA(NULL, backup);
310 ok(!ret, "Expected failure\n");
311 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
312
313 handle = OpenEventLogA(NULL, "Application");
314
315 SetLastError(0xdeadbeef);
316 ret = BackupEventLogA(handle, NULL);
317 ok(!ret, "Expected failure\n");
318 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
319
320 ret = BackupEventLogA(handle, backup);
321 if (!ret && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
322 {
323 skip("insufficient privileges for backup tests\n");
324 CloseEventLog(handle);
325 return;
326 }
327 ok(ret, "Expected success\n");
328 todo_wine
329 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
330
331 /* Try to overwrite */
332 SetLastError(0xdeadbeef);
333 ret = BackupEventLogA(handle, backup);
334 todo_wine
335 {
336 ok(!ret, "Expected failure\n");
337 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
338 }
339
340 CloseEventLog(handle);
341
342 /* Can we make a backup of a backup? */
343 handle = OpenBackupEventLogA(NULL, backup);
344 todo_wine
345 ok(handle != NULL, "Expected a handle\n");
346
347 ret = BackupEventLogA(handle, backup2);
348 todo_wine
349 {
350 ok(ret, "Expected success\n");
351 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
352 }
353
354 CloseEventLog(handle);
355 DeleteFileA(backup);
356 DeleteFileA(backup2);
357 }
358
359 static void test_read(void)
360 {
361 HANDLE handle;
362 BOOL ret;
363 DWORD count, toread, read, needed;
364 void *buf;
365
366 SetLastError(0xdeadbeef);
367 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
368 ok(!ret, "Expected failure\n");
369 todo_wine
370 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
371
372 read = 0xdeadbeef;
373 SetLastError(0xdeadbeef);
374 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
375 ok(!ret, "Expected failure\n");
376 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
377 todo_wine
378 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
379
380 needed = 0xdeadbeef;
381 SetLastError(0xdeadbeef);
382 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
383 ok(!ret, "Expected failure\n");
384 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
385 todo_wine
386 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
387
388 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
389 SetLastError(0xdeadbeef);
390 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
391 ok(!ret, "Expected failure\n");
392 todo_wine
393 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
394
395 SetLastError(0xdeadbeef);
396 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL);
397 ok(!ret, "Expected failure\n");
398 todo_wine
399 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
400
401 SetLastError(0xdeadbeef);
402 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed);
403 ok(!ret, "Expected failure\n");
404 todo_wine
405 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
406
407 buf = NULL;
408 SetLastError(0xdeadbeef);
409 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
410 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
411 ok(!ret, "Expected failure\n");
412 todo_wine
413 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
414
415 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
416 SetLastError(0xdeadbeef);
417 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
418 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
419 ok(!ret, "Expected failure\n");
420 todo_wine
421 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
422 HeapFree(GetProcessHeap(), 0, buf);
423
424 handle = OpenEventLogA(NULL, "Application");
425
426 /* Show that we need the proper dwFlags with a (for the rest) proper call */
427 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
428
429 SetLastError(0xdeadbeef);
430 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
431 ok(!ret, "Expected failure\n");
432 todo_wine
433 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
434
435 SetLastError(0xdeadbeef);
436 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
437 ok(!ret, "Expected failure\n");
438 todo_wine
439 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
440
441 SetLastError(0xdeadbeef);
442 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
443 ok(!ret, "Expected failure\n");
444 todo_wine
445 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
446
447 SetLastError(0xdeadbeef);
448 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
449 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
450 ok(!ret, "Expected failure\n");
451 todo_wine
452 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
453
454 SetLastError(0xdeadbeef);
455 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
456 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
457 ok(!ret, "Expected failure\n");
458 todo_wine
459 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
460
461 SetLastError(0xdeadbeef);
462 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
463 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
464 ok(!ret, "Expected failure\n");
465 todo_wine
466 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
467
468 HeapFree(GetProcessHeap(), 0, buf);
469
470 /* First check if there are any records (in practice only on Wine: FIXME) */
471 count = 0;
472 GetNumberOfEventLogRecords(handle, &count);
473 if (!count)
474 {
475 skip("No records in the 'Application' log\n");
476 CloseEventLog(handle);
477 return;
478 }
479
480 /* Get the buffer size for the first record */
481 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
482 read = needed = 0xdeadbeef;
483 SetLastError(0xdeadbeef);
484 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
485 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
486 ok(!ret, "Expected failure\n");
487 ok(read == 0, "Expected no bytes read\n");
488 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
489 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
490
491 /* Read the first record */
492 toread = needed;
493 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
494 read = needed = 0xdeadbeef;
495 SetLastError(0xdeadbeef);
496 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed);
497 ok(ret, "Expected success\n");
498 ok(read == toread ||
499 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
500 "Expected the requested size to be read\n");
501 ok(needed == 0, "Expected no extra bytes to be read\n");
502 HeapFree(GetProcessHeap(), 0, buf);
503
504 CloseEventLog(handle);
505 }
506
507 static void test_openbackup(void)
508 {
509 HANDLE handle, handle2, file;
510 DWORD written;
511 const char backup[] = "backup.evt";
512 const char text[] = "Just some text";
513
514 SetLastError(0xdeadbeef);
515 handle = OpenBackupEventLogA(NULL, NULL);
516 ok(handle == NULL, "Didn't expect a handle\n");
517 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
518
519 SetLastError(0xdeadbeef);
520 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
521 ok(handle == NULL, "Didn't expect a handle\n");
522 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
523
524 SetLastError(0xdeadbeef);
525 handle = OpenBackupEventLogA("IDontExist", NULL);
526 ok(handle == NULL, "Didn't expect a handle\n");
527 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
528
529 SetLastError(0xdeadbeef);
530 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
531 ok(handle == NULL, "Didn't expect a handle\n");
532 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
533 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
534 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
535
536 /* Make a backup eventlog to work with */
537 if (create_backup(backup))
538 {
539 /* FIXME: Wine stops here */
540 if (GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES)
541 {
542 skip("We don't have a backup eventlog to work with\n");
543 return;
544 }
545
546 SetLastError(0xdeadbeef);
547 handle = OpenBackupEventLogA("IDontExist", backup);
548 ok(handle == NULL, "Didn't expect a handle\n");
549 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
550 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
551 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
552
553 /* Empty servername should be read as local server */
554 handle = OpenBackupEventLogA("", backup);
555 ok(handle != NULL, "Expected a handle\n");
556 CloseEventLog(handle);
557
558 handle = OpenBackupEventLogA(NULL, backup);
559 ok(handle != NULL, "Expected a handle\n");
560
561 /* Can we open that same backup eventlog more than once? */
562 handle2 = OpenBackupEventLogA(NULL, backup);
563 ok(handle2 != NULL, "Expected a handle\n");
564 ok(handle2 != handle, "Didn't expect the same handle\n");
565 CloseEventLog(handle2);
566
567 CloseEventLog(handle);
568 DeleteFileA(backup);
569 }
570
571 /* Is there any content checking done? */
572 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
573 CloseHandle(file);
574 SetLastError(0xdeadbeef);
575 handle = OpenBackupEventLogA(NULL, backup);
576 ok(handle == NULL, "Didn't expect a handle\n");
577 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY ||
578 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
579 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
580 CloseEventLog(handle);
581 DeleteFileA(backup);
582
583 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
584 WriteFile(file, text, sizeof(text), &written, NULL);
585 CloseHandle(file);
586 SetLastError(0xdeadbeef);
587 handle = OpenBackupEventLogA(NULL, backup);
588 ok(handle == NULL, "Didn't expect a handle\n");
589 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
590 CloseEventLog(handle);
591 DeleteFileA(backup);
592 }
593
594 static void test_clear(void)
595 {
596 HANDLE handle;
597 BOOL ret;
598 const char backup[] = "backup.evt";
599 const char backup2[] = "backup2.evt";
600
601 SetLastError(0xdeadbeef);
602 ret = ClearEventLogA(NULL, NULL);
603 ok(!ret, "Expected failure\n");
604 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
605
606 /* Make a backup eventlog to work with */
607 if (!create_backup(backup))
608 return;
609
610 SetLastError(0xdeadbeef);
611 ret = ClearEventLogA(NULL, backup);
612 ok(!ret, "Expected failure\n");
613 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
614
615 handle = OpenBackupEventLogA(NULL, backup);
616 todo_wine
617 ok(handle != NULL, "Expected a handle\n");
618
619 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
620 SetLastError(0xdeadbeef);
621 ret = ClearEventLogA(handle, backup);
622 ok(!ret, "Expected failure\n");
623 /* The eventlog service runs under an account that doesn't have the necessary
624 * permissions on the users home directory on a default Vista+ system.
625 */
626 ok(GetLastError() == ERROR_INVALID_HANDLE ||
627 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
628 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
629
630 /* Show that ClearEventLog only works for real eventlogs. */
631 SetLastError(0xdeadbeef);
632 ret = ClearEventLogA(handle, backup2);
633 ok(!ret, "Expected failure\n");
634 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
635 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
636
637 SetLastError(0xdeadbeef);
638 ret = ClearEventLogA(handle, NULL);
639 ok(!ret, "Expected failure\n");
640 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
641
642 CloseEventLog(handle);
643 todo_wine
644 ok(DeleteFileA(backup), "Could not delete the backup file\n");
645 }
646
647 static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
648 static const char eventlogname[] = "Wine";
649 static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
650
651 static BOOL create_new_eventlog(void)
652 {
653 HKEY key, eventkey;
654 BOOL bret = FALSE;
655 LONG lret;
656 DWORD i;
657
658 /* First create our eventlog */
659 lret = RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
660 if (lret != ERROR_SUCCESS)
661 {
662 skip("Could not open the EventLog service registry key\n");
663 return FALSE;
664 }
665 lret = RegCreateKeyA(key, eventlogname, &eventkey);
666 if (lret != ERROR_SUCCESS)
667 {
668 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
669 goto cleanup;
670 }
671
672 /* Create some event sources, the registry value 'Sources' is updated automatically */
673 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
674 {
675 HKEY srckey;
676
677 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
678 if (lret != ERROR_SUCCESS)
679 {
680 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
681 goto cleanup;
682 }
683 RegFlushKey(srckey);
684 RegCloseKey(srckey);
685 }
686
687 bret = TRUE;
688
689 /* The flushing of the registry (here and above) gives us some assurance
690 * that we are not to quickly writing events as 'Sources' could still be
691 * not updated.
692 */
693 RegFlushKey(eventkey);
694 cleanup:
695 RegCloseKey(eventkey);
696 RegCloseKey(key);
697
698 return bret;
699 }
700
701 static const char *one_string[] = { "First string" };
702 static const char *two_strings[] = { "First string", "Second string" };
703 static const struct
704 {
705 const char *evt_src;
706 WORD evt_type;
707 WORD evt_cat;
708 DWORD evt_id;
709 BOOL evt_sid;
710 WORD evt_numstrings;
711 const char **evt_strings;
712 } read_write [] =
713 {
714 { eventlogname, EVENTLOG_INFORMATION_TYPE, 1, 1, FALSE, 1, one_string },
715 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
716 { eventsources[1], EVENTLOG_AUDIT_FAILURE, 1, 3, FALSE, 2, two_strings },
717 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
718 { eventsources[3], EVENTLOG_WARNING_TYPE, 1, 5, FALSE, 1, one_string },
719 { eventlogname, EVENTLOG_SUCCESS, 2, 6, TRUE, 2, two_strings },
720 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
721 { eventsources[1], EVENTLOG_AUDIT_SUCCESS, 2, 8, TRUE, 2, two_strings },
722 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
723 { eventsources[3], EVENTLOG_ERROR_TYPE, 2, 10, TRUE, 1, one_string }
724 };
725
726 static void test_readwrite(void)
727 {
728 HANDLE handle;
729 PSID user;
730 DWORD sidsize, count;
731 BOOL ret, sidavailable;
732 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
733 DWORD i;
734 char *localcomputer = NULL;
735 DWORD size;
736
737 if (pCreateWellKnownSid)
738 {
739 sidsize = SECURITY_MAX_SID_SIZE;
740 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
741 SetLastError(0xdeadbeef);
742 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
743 sidavailable = TRUE;
744 }
745 else
746 {
747 win_skip("Skipping some SID related tests\n");
748 sidavailable = FALSE;
749 user = NULL;
750 }
751
752 /* Write an event with an incorrect event type. This will fail on Windows 7
753 * but succeed on all others, hence it's not part of the struct.
754 */
755 handle = OpenEventLogA(NULL, eventlogname);
756 if (!handle)
757 {
758 /* Intermittently seen on NT4 when tests are run immediately after boot */
759 win_skip("Could not get a handle to the eventlog\n");
760 goto cleanup;
761 }
762
763 count = 0xdeadbeef;
764 GetNumberOfEventLogRecords(handle, &count);
765 if (count != 0)
766 {
767 /* Needed for W2K3 without a service pack */
768 win_skip("We most likely opened the Application eventlog\n");
769 CloseEventLog(handle);
770 Sleep(2000);
771
772 handle = OpenEventLogA(NULL, eventlogname);
773 count = 0xdeadbeef;
774 GetNumberOfEventLogRecords(handle, &count);
775 if (count != 0)
776 {
777 win_skip("We didn't open our new eventlog\n");
778 CloseEventLog(handle);
779 goto cleanup;
780 }
781 }
782
783 SetLastError(0xdeadbeef);
784 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
785 if (!ret && GetLastError() == ERROR_CRC)
786 {
787 win_skip("Win7 fails when using incorrect event types\n");
788 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
789 ok(ret, "Expected success : %d\n", GetLastError());
790 }
791 else
792 {
793 void *buf;
794 DWORD read, needed = 0;
795 EVENTLOGRECORD *record;
796
797 ok(ret, "Expected success : %d\n", GetLastError());
798
799 /* Needed to catch earlier Vista (with no ServicePack for example) */
800 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
801 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
802 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
803 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
804 {
805 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
806 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
807 0, buf, needed, &read, &needed);
808 }
809 if (ret)
810 {
811 record = (EVENTLOGRECORD *)buf;
812
813 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
814 * the written eventtype (0x20 in this case).
815 */
816 if (record->EventType == EVENTLOG_SUCCESS)
817 on_vista = TRUE;
818 }
819 HeapFree(GetProcessHeap(), 0, buf);
820 }
821
822 /* This will clear the eventlog. The record numbering for new
823 * events however differs on Vista SP1+. Before Vista the first
824 * event would be numbered 1, on Vista SP1+ it's higher as we already
825 * had at least one event (more in case of multiple test runs without
826 * a reboot).
827 */
828 ClearEventLogA(handle, NULL);
829 CloseEventLog(handle);
830
831 /* Write a bunch of events while using different event sources */
832 for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
833 {
834 DWORD oldest;
835 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
836
837 /* We don't need to use RegisterEventSource to report events */
838 if (i % 2)
839 handle = OpenEventLogA(NULL, read_write[i].evt_src);
840 else
841 handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
842 ok(handle != NULL, "Expected a handle\n");
843
844 SetLastError(0xdeadbeef);
845 ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
846 read_write[i].evt_id, run_sidtests ? user : NULL,
847 read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
848 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
849
850 count = 0xdeadbeef;
851 SetLastError(0xdeadbeef);
852 ret = GetNumberOfEventLogRecords(handle, &count);
853 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
854 todo_wine
855 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
856
857 oldest = 0xdeadbeef;
858 ret = GetOldestEventLogRecord(handle, &oldest);
859 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
860 todo_wine
861 ok(oldest == 1 ||
862 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
863 "Expected oldest to be 1 or higher, got %d\n", oldest);
864 if (oldest > 1 && oldest != 0xdeadbeef)
865 on_vista = TRUE;
866
867 SetLastError(0xdeadbeef);
868 if (i % 2)
869 ret = CloseEventLog(handle);
870 else
871 ret = DeregisterEventSource(handle);
872 ok(ret, "Expected success : %d\n", GetLastError());
873 }
874
875 handle = OpenEventLogA(NULL, eventlogname);
876 count = 0xdeadbeef;
877 ret = GetNumberOfEventLogRecords(handle, &count);
878 ok(ret, "Expected success\n");
879 todo_wine
880 ok(count == i, "Expected %d records, got %d\n", i, count);
881 CloseEventLog(handle);
882
883 if (count == 0)
884 {
885 skip("No events were written to the eventlog\n");
886 goto cleanup;
887 }
888
889 /* Report only once */
890 if (on_vista)
891 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
892
893 if (on_vista && pGetComputerNameExA)
894 {
895 /* New Vista+ behavior */
896 size = 0;
897 SetLastError(0xdeadbeef);
898 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
899 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
900 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
901 }
902 else
903 {
904 size = MAX_COMPUTERNAME_LENGTH + 1;
905 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
906 GetComputerNameA(localcomputer, &size);
907 }
908
909 /* Read all events from our created eventlog, one by one */
910 handle = OpenEventLogA(NULL, eventlogname);
911 i = 0;
912 for (;;)
913 {
914 void *buf;
915 DWORD read, needed;
916 EVENTLOGRECORD *record;
917 char *sourcename, *computername;
918 int k;
919 char *ptr;
920 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
921
922 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
923 SetLastError(0xdeadbeef);
924 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
925 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
926 if (!ret && GetLastError() == ERROR_HANDLE_EOF)
927 {
928 HeapFree(GetProcessHeap(), 0, buf);
929 break;
930 }
931 ok(!ret, "Expected failure\n");
932 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
933 "Expected ERROR_INVALID_PARAMETER, got %d\n",GetLastError());
934
935 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
936 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
937 0, buf, needed, &read, &needed);
938 ok(ret, "Expected success: %d\n", GetLastError());
939
940 record = (EVENTLOGRECORD *)buf;
941
942 ok(record->Length == read,
943 "Expected %d, got %d\n", read, record->Length);
944 ok(record->Reserved == 0x654c664c,
945 "Expected 0x654c664c, got %d\n", record->Reserved);
946 ok(record->RecordNumber == i + 1 ||
947 (on_vista && (record->RecordNumber > i + 1)),
948 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
949 ok(record->EventID == read_write[i].evt_id,
950 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
951 ok(record->EventType == read_write[i].evt_type,
952 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
953 ok(record->NumStrings == read_write[i].evt_numstrings,
954 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
955 ok(record->EventCategory == read_write[i].evt_cat,
956 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
957
958 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
959 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
960 read_write[i].evt_src, sourcename);
961
962 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
963 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
964 localcomputer, computername);
965
966 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
967 * no padding was actually required a 0 DWORD was still used for padding. No
968 * application should be relying on the padding as we are working with offsets
969 * anyway.
970 */
971
972 if (!on_vista)
973 {
974 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
975
976 /* We are already DWORD aligned, there should still be some padding */
977 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
978 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
979
980 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
981 }
982
983 if (run_sidtests)
984 {
985 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
986 }
987 else
988 {
989 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
990 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
991 }
992
993 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
994
995 ptr = (char *)((BYTE *)buf + record->StringOffset);
996 for (k = 0; k < record->NumStrings; k++)
997 {
998 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
999 ptr += lstrlenA(ptr) + 1;
1000 }
1001
1002 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1003 "Expected the closing DWORD to contain the length of the record\n");
1004
1005 HeapFree(GetProcessHeap(), 0, buf);
1006 i++;
1007 }
1008 CloseEventLog(handle);
1009
1010 /* Test clearing a real eventlog */
1011 handle = OpenEventLogA(NULL, eventlogname);
1012
1013 SetLastError(0xdeadbeef);
1014 ret = ClearEventLogA(handle, NULL);
1015 ok(ret, "Expected success\n");
1016
1017 count = 0xdeadbeef;
1018 ret = GetNumberOfEventLogRecords(handle, &count);
1019 ok(ret, "Expected success\n");
1020 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1021
1022 CloseEventLog(handle);
1023
1024 cleanup:
1025 HeapFree(GetProcessHeap(), 0, localcomputer);
1026 HeapFree(GetProcessHeap(), 0, user);
1027 }
1028
1029 /* Before Vista:
1030 *
1031 * Creating an eventlog on Windows (via the registry) automatically leads
1032 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1033 * potential event sources for this eventlog. 'Sources' is automatically
1034 * updated when a new key (aka event source) is created.
1035 *
1036 * Although the updating of registry keys is almost instantaneously, we
1037 * check it after some other tests to assure we are not querying the
1038 * registry or file system to quickly.
1039 *
1040 * NT4 and higher:
1041 *
1042 * The eventlog file itself is also automatically created, even before we
1043 * start writing events.
1044 */
1045 static char eventlogfile[MAX_PATH];
1046 static void test_autocreation(void)
1047 {
1048 HKEY key, eventkey;
1049 DWORD type, size;
1050 LONG ret;
1051 int i;
1052 char *p;
1053 char sources[sizeof(eventsources)];
1054 char sysdir[MAX_PATH];
1055 void *redir = 0;
1056
1057 RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
1058 RegOpenKeyA(key, eventlogname, &eventkey);
1059
1060 size = sizeof(sources);
1061 sources[0] = 0;
1062 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1063 if (ret == ERROR_SUCCESS)
1064 {
1065 char sources_verify[sizeof(eventsources)];
1066
1067 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1068
1069 /* Build the expected string */
1070 memset(sources_verify, 0, sizeof(sources_verify));
1071 p = sources_verify;
1072 for (i = sizeof(eventsources)/sizeof(eventsources[0]); i > 0; i--)
1073 {
1074 lstrcpyA(p, eventsources[i - 1]);
1075 p += (lstrlenA(eventsources[i - 1]) + 1);
1076 }
1077 lstrcpyA(p, eventlogname);
1078
1079 ok(!memcmp(sources, sources_verify, size),
1080 "Expected a correct 'Sources' value (size : %d)\n", size);
1081 }
1082
1083 RegCloseKey(eventkey);
1084 RegCloseKey(key);
1085
1086 /* The directory that holds the eventlog files could be redirected */
1087 if (pWow64DisableWow64FsRedirection)
1088 pWow64DisableWow64FsRedirection(&redir);
1089
1090 /* On Windows we also automatically get an eventlog file */
1091 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1092
1093 /* NT4 - W2K3 */
1094 lstrcpyA(eventlogfile, sysdir);
1095 lstrcatA(eventlogfile, "\\config\\");
1096 lstrcatA(eventlogfile, eventlogname);
1097 lstrcatA(eventlogfile, ".evt");
1098
1099 if (GetFileAttributesA(eventlogfile) == INVALID_FILE_ATTRIBUTES)
1100 {
1101 /* Vista+ */
1102 lstrcpyA(eventlogfile, sysdir);
1103 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1104 lstrcatA(eventlogfile, eventlogname);
1105 lstrcatA(eventlogfile, ".evtx");
1106 }
1107
1108 todo_wine
1109 ok(GetFileAttributesA(eventlogfile) != INVALID_FILE_ATTRIBUTES,
1110 "Expected an eventlog file\n");
1111
1112 if (pWow64RevertWow64FsRedirection)
1113 pWow64RevertWow64FsRedirection(redir);
1114 }
1115
1116 static void cleanup_eventlog(void)
1117 {
1118 BOOL bret;
1119 LONG lret;
1120 HKEY key;
1121 DWORD i;
1122 char winesvc[MAX_PATH];
1123
1124 /* Delete the registry tree */
1125 lstrcpyA(winesvc, eventlogsvc);
1126 lstrcatA(winesvc, "\\");
1127 lstrcatA(winesvc, eventlogname);
1128
1129 RegOpenKeyA(HKEY_LOCAL_MACHINE, winesvc, &key);
1130 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
1131 RegDeleteKeyA(key, eventsources[i]);
1132 RegDeleteValueA(key, "Sources");
1133 RegCloseKey(key);
1134 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1135 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1136
1137 /* A handle to the eventlog is locked by services.exe. We can only
1138 * delete the eventlog file after reboot.
1139 */
1140 bret = MoveFileExA(eventlogfile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
1141 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1142 }
1143
1144 START_TEST(eventlog)
1145 {
1146 SetLastError(0xdeadbeef);
1147 CloseEventLog(NULL);
1148 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
1149 {
1150 win_skip("Event log functions are not implemented\n");
1151 return;
1152 }
1153
1154 init_function_pointers();
1155
1156 /* Parameters only */
1157 test_open_close();
1158 test_info();
1159 test_count();
1160 test_oldest();
1161 test_backup();
1162 test_openbackup();
1163 test_read();
1164 test_clear();
1165
1166 /* Functional tests */
1167 if (create_new_eventlog())
1168 {
1169 test_readwrite();
1170 test_autocreation();
1171 cleanup_eventlog();
1172 }
1173 }
Windows API implementation