reactos/dll/win32/advapi32/service/eventlog.c

1648 lines
42 KiB
C

/*
* Win32 advapi functions
*
* Copyright 1995 Sven Verdoolaege
* Copyright 1998 Juergen Schmied
* Copyright 2003 Mike Hearn
* Copyright 2007 Hervé Poussineau
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* INCLUDES ******************************************************************/
#include <advapi32.h>
#include <ndk/kefuncs.h>
#include <eventlogrpc_c.h>
WINE_DEFAULT_DEBUG_CHANNEL(advapi);
static RPC_UNICODE_STRING EmptyStringU = { 0, 0, L"" };
static RPC_STRING EmptyStringA = { 0, 0, "" };
/* FUNCTIONS *****************************************************************/
handle_t __RPC_USER
EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
{
handle_t hBinding = NULL;
RPC_CSTR pszStringBinding;
RPC_STATUS status;
TRACE("EVENTLOG_HANDLE_A_bind() called\n");
status = RpcStringBindingComposeA(NULL,
(RPC_CSTR)"ncacn_np",
(RPC_CSTR)UNCServerName,
(RPC_CSTR)"\\pipe\\EventLog",
NULL,
&pszStringBinding);
if (status)
{
ERR("RpcStringBindingCompose returned 0x%x\n", status);
return NULL;
}
/* Set the binding handle that will be used to bind to the server. */
status = RpcBindingFromStringBindingA(pszStringBinding,
&hBinding);
if (status != RPC_S_OK)
{
ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
}
status = RpcStringFreeA(&pszStringBinding);
if (status != RPC_S_OK)
{
ERR("RpcStringFree returned 0x%x\n", status);
}
return hBinding;
}
void __RPC_USER
EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,
handle_t hBinding)
{
RPC_STATUS status;
TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
status = RpcBindingFree(&hBinding);
if (status != RPC_S_OK)
{
ERR("RpcBindingFree returned 0x%x\n", status);
}
}
handle_t __RPC_USER
EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
{
handle_t hBinding = NULL;
RPC_WSTR pszStringBinding;
RPC_STATUS status;
TRACE("EVENTLOG_HANDLE_W_bind() called\n");
status = RpcStringBindingComposeW(NULL,
L"ncacn_np",
UNCServerName,
L"\\pipe\\EventLog",
NULL,
&pszStringBinding);
if (status != RPC_S_OK)
{
ERR("RpcStringBindingCompose returned 0x%x\n", status);
return NULL;
}
/* Set the binding handle that will be used to bind to the server. */
status = RpcBindingFromStringBindingW(pszStringBinding,
&hBinding);
if (status != RPC_S_OK)
{
ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
}
status = RpcStringFreeW(&pszStringBinding);
if (status != RPC_S_OK)
{
ERR("RpcStringFree returned 0x%x\n", status);
}
return hBinding;
}
void __RPC_USER
EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,
handle_t hBinding)
{
RPC_STATUS status;
TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
status = RpcBindingFree(&hBinding);
if (status != RPC_S_OK)
{
ERR("RpcBindingFree returned 0x%x\n", status);
}
}
/******************************************************************************
* BackupEventLogA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfBackupEventLogFileA(IN HANDLE hEventLog,
IN PANSI_STRING BackupFileNameA)
{
NTSTATUS Status;
if (!BackupFileNameA || (BackupFileNameA->Length == 0))
return STATUS_INVALID_PARAMETER;
RpcTryExcept
{
Status = ElfrBackupELFA(hEventLog,
(PRPC_STRING)BackupFileNameA);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
BackupEventLogA(IN HANDLE hEventLog,
IN LPCSTR lpBackupFileName)
{
BOOL Success;
NTSTATUS Status;
ANSI_STRING BackupFileNameA;
UNICODE_STRING BackupFileNameW;
TRACE("%p, %s\n", hEventLog, lpBackupFileName);
if (lpBackupFileName == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
&BackupFileNameA,
TRUE);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
Success = BackupEventLogW(hEventLog,
BackupFileNameW.Buffer);
RtlFreeUnicodeString(&BackupFileNameW);
return Success;
}
/******************************************************************************
* BackupEventLogW [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* lpBackupFileName []
*/
NTSTATUS
NTAPI
ElfBackupEventLogFileW(IN HANDLE hEventLog,
IN PUNICODE_STRING BackupFileNameU)
{
NTSTATUS Status;
if (!BackupFileNameU || (BackupFileNameU->Length == 0))
return STATUS_INVALID_PARAMETER;
RpcTryExcept
{
Status = ElfrBackupELFW(hEventLog,
(PRPC_UNICODE_STRING)BackupFileNameU);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
BackupEventLogW(IN HANDLE hEventLog,
IN LPCWSTR lpBackupFileName)
{
NTSTATUS Status;
UNICODE_STRING BackupFileName;
TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
if (lpBackupFileName == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
NULL, NULL))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
Status = ElfBackupEventLogFileW(hEventLog, &BackupFileName);
RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* ClearEventLogA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfClearEventLogFileA(IN HANDLE hEventLog,
IN PANSI_STRING BackupFileNameA)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrClearELFA(hEventLog,
(PRPC_STRING)BackupFileNameA);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ClearEventLogA(IN HANDLE hEventLog,
IN LPCSTR lpBackupFileName)
{
BOOL Success;
NTSTATUS Status;
ANSI_STRING BackupFileNameA;
UNICODE_STRING BackupFileNameW;
TRACE("%p, %s\n", hEventLog, lpBackupFileName);
if (lpBackupFileName == NULL)
{
RtlInitUnicodeString(&BackupFileNameW, NULL);
}
else
{
RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
&BackupFileNameA,
TRUE);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
}
Success = ClearEventLogW(hEventLog,
BackupFileNameW.Buffer);
RtlFreeUnicodeString(&BackupFileNameW);
return Success;
}
/******************************************************************************
* ClearEventLogW [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfClearEventLogFileW(IN HANDLE hEventLog,
IN PUNICODE_STRING BackupFileNameU)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrClearELFW(hEventLog,
(PRPC_UNICODE_STRING)BackupFileNameU);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ClearEventLogW(IN HANDLE hEventLog,
IN LPCWSTR lpBackupFileName)
{
NTSTATUS Status;
UNICODE_STRING BackupFileName;
TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
if (lpBackupFileName == NULL)
{
RtlInitUnicodeString(&BackupFileName, NULL);
}
else
{
if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
NULL, NULL))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
}
Status = ElfClearEventLogFileW(hEventLog, &BackupFileName);
if (lpBackupFileName != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* CloseEventLog [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfCloseEventLog(IN HANDLE hEventLog)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrCloseEL(&hEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
CloseEventLog(IN HANDLE hEventLog)
{
NTSTATUS Status;
TRACE("%p\n", hEventLog);
Status = ElfCloseEventLog(hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* DeregisterEventSource [ADVAPI32.@]
* Closes a handle to the specified event log
*
* PARAMS
* hEventLog [I] Handle to event log
*
* RETURNS STD
*/
NTSTATUS
NTAPI
ElfDeregisterEventSource(IN HANDLE hEventLog)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrDeregisterEventSource(&hEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
DeregisterEventSource(IN HANDLE hEventLog)
{
NTSTATUS Status;
TRACE("%p\n", hEventLog);
Status = ElfDeregisterEventSource(hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* GetEventLogInformation [ADVAPI32.@]
*
* PARAMS
* hEventLog [I] Handle to event log
* dwInfoLevel [I] Level of event log information to return
* lpBuffer [O] Buffer that receives the event log information
* cbBufSize [I] Size of the lpBuffer buffer
* pcbBytesNeeded [O] Required buffer size
*/
BOOL WINAPI
GetEventLogInformation(IN HANDLE hEventLog,
IN DWORD dwInfoLevel,
OUT LPVOID lpBuffer,
IN DWORD cbBufSize,
OUT LPDWORD pcbBytesNeeded)
{
NTSTATUS Status;
if (dwInfoLevel != EVENTLOG_FULL_INFO)
{
SetLastError(ERROR_INVALID_LEVEL);
return FALSE;
}
RpcTryExcept
{
Status = ElfrGetLogInformation(hEventLog,
dwInfoLevel,
(LPBYTE)lpBuffer,
cbBufSize,
pcbBytesNeeded);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* GetNumberOfEventLogRecords [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* NumberOfRecords []
*/
NTSTATUS
NTAPI
ElfNumberOfRecords(IN HANDLE hEventLog,
OUT PULONG NumberOfRecords)
{
NTSTATUS Status;
if (!NumberOfRecords)
return STATUS_INVALID_PARAMETER;
RpcTryExcept
{
Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
GetNumberOfEventLogRecords(IN HANDLE hEventLog,
OUT PDWORD NumberOfRecords)
{
NTSTATUS Status;
TRACE("%p, %p\n", hEventLog, NumberOfRecords);
Status = ElfNumberOfRecords(hEventLog, NumberOfRecords);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* GetOldestEventLogRecord [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* OldestRecord []
*/
NTSTATUS
NTAPI
ElfOldestRecord(IN HANDLE hEventLog,
OUT PULONG OldestRecordNumber)
{
NTSTATUS Status;
if (!OldestRecordNumber)
return STATUS_INVALID_PARAMETER;
RpcTryExcept
{
Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
GetOldestEventLogRecord(IN HANDLE hEventLog,
OUT PDWORD OldestRecord)
{
NTSTATUS Status;
TRACE("%p, %p\n", hEventLog, OldestRecord);
Status = ElfOldestRecord(hEventLog, OldestRecord);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* NotifyChangeEventLog [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* hEvent []
*/
NTSTATUS
NTAPI
ElfChangeNotify(IN HANDLE hEventLog,
IN HANDLE hEvent)
{
NTSTATUS Status;
CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
RPC_CLIENT_ID RpcClientId;
RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
RpcTryExcept
{
Status = ElfrChangeNotify(hEventLog, RpcClientId, (DWORD)hEvent);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
NotifyChangeEventLog(IN HANDLE hEventLog,
IN HANDLE hEvent)
{
NTSTATUS Status;
TRACE("%p, %p\n", hEventLog, hEvent);
Status = ElfChangeNotify(hEventLog, hEvent);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* OpenBackupEventLogA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,
IN PANSI_STRING BackupFileNameA,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PSTR pUNCServerName = NULL;
if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameA && (UNCServerNameA->Length != 0))
pUNCServerName = UNCServerNameA->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrOpenBELA(pUNCServerName,
(PRPC_STRING)BackupFileNameA,
1, 1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
OpenBackupEventLogA(IN LPCSTR lpUNCServerName,
IN LPCSTR lpFileName)
{
NTSTATUS Status;
HANDLE LogHandle;
ANSI_STRING UNCServerNameA;
UNICODE_STRING UNCServerNameW;
ANSI_STRING FileNameA;
UNICODE_STRING FileNameW;
TRACE("%s, %s\n", lpUNCServerName, lpFileName);
/* Convert the server name to unicode */
if (lpUNCServerName == NULL)
{
RtlInitUnicodeString(&UNCServerNameW, NULL);
}
else
{
RtlInitAnsiString(&UNCServerNameA, lpUNCServerName);
Status = RtlAnsiStringToUnicodeString(&UNCServerNameW,
&UNCServerNameA,
TRUE);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
}
/* Convert the file name to unicode */
if (lpFileName == NULL)
{
RtlInitUnicodeString(&FileNameW, NULL);
}
else
{
RtlInitAnsiString(&FileNameA, lpFileName);
Status = RtlAnsiStringToUnicodeString(&FileNameW,
&FileNameA,
TRUE);
if (!NT_SUCCESS(Status))
{
RtlFreeUnicodeString(&UNCServerNameW);
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
}
/* Call the unicode function */
LogHandle = OpenBackupEventLogW(UNCServerNameW.Buffer,
FileNameW.Buffer);
/* Free the unicode strings */
RtlFreeUnicodeString(&UNCServerNameW);
RtlFreeUnicodeString(&FileNameW);
return LogHandle;
}
/******************************************************************************
* OpenBackupEventLogW [ADVAPI32.@]
*
* PARAMS
* lpUNCServerName []
* lpFileName []
*/
NTSTATUS
NTAPI
ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,
IN PUNICODE_STRING BackupFileNameU,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PWSTR pUNCServerName = NULL;
if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameU && (UNCServerNameU->Length != 0))
pUNCServerName = UNCServerNameU->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrOpenBELW(pUNCServerName,
(PRPC_UNICODE_STRING)BackupFileNameU,
1,
1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,
IN LPCWSTR lpFileName)
{
NTSTATUS Status;
HANDLE hEventLog;
UNICODE_STRING UNCServerName, FileName;
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpFileName));
if (lpFileName == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
if (!RtlDosPathNameToNtPathName_U(lpFileName, &FileName,
NULL, NULL))
{
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
Status = ElfOpenBackupEventLogW(&UNCServerName, &FileName, &hEventLog);
if (FileName.Buffer != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
return hEventLog;
}
/******************************************************************************
* OpenEventLogA [ADVAPI32.@]
*
* Opens a handle to the specified event log.
*
* PARAMS
* lpUNCServerName [I] UNC name of the server on which the event log is
* opened.
* lpSourceName [I] Name of the log.
*
* RETURNS
* Success: Handle to an event log.
* Failure: NULL
*/
NTSTATUS
NTAPI
ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,
IN PANSI_STRING SourceNameA,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PSTR pUNCServerName = NULL;
if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameA && (UNCServerNameA->Length != 0))
pUNCServerName = UNCServerNameA->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrOpenELA(pUNCServerName,
(PRPC_STRING)SourceNameA,
&EmptyStringA,
1,
1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
OpenEventLogA(IN LPCSTR lpUNCServerName,
IN LPCSTR lpSourceName)
{
NTSTATUS Status;
HANDLE hEventLog;
ANSI_STRING UNCServerName, SourceName;
TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
RtlInitAnsiString(&UNCServerName, lpUNCServerName);
RtlInitAnsiString(&SourceName, lpSourceName);
Status = ElfOpenEventLogA(&UNCServerName, &SourceName, &hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
return hEventLog;
}
/******************************************************************************
* OpenEventLogW [ADVAPI32.@]
*
* PARAMS
* lpUNCServerName []
* lpSourceName []
*/
NTSTATUS
NTAPI
ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,
IN PUNICODE_STRING SourceNameU,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PWSTR pUNCServerName = NULL;
if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameU && (UNCServerNameU->Length != 0))
pUNCServerName = UNCServerNameU->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrOpenELW(pUNCServerName,
(PRPC_UNICODE_STRING)SourceNameU,
&EmptyStringU,
1,
1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
OpenEventLogW(IN LPCWSTR lpUNCServerName,
IN LPCWSTR lpSourceName)
{
NTSTATUS Status;
HANDLE hEventLog;
UNICODE_STRING UNCServerName, SourceName;
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
RtlInitUnicodeString(&SourceName, lpSourceName);
Status = ElfOpenEventLogW(&UNCServerName, &SourceName, &hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
return hEventLog;
}
/******************************************************************************
* ReadEventLogA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfReadEventLogA(IN HANDLE hEventLog,
IN ULONG ReadFlags,
IN ULONG RecordOffset,
OUT LPVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded)
{
NTSTATUS Status;
ULONG Flags;
if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
{
return STATUS_INVALID_PARAMETER;
}
Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
{
return STATUS_INVALID_PARAMETER;
}
Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
{
return STATUS_INVALID_PARAMETER;
}
RpcTryExcept
{
Status = ElfrReadELA(hEventLog,
ReadFlags,
RecordOffset,
NumberOfBytesToRead,
Buffer,
NumberOfBytesRead,
MinNumberOfBytesNeeded);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ReadEventLogA(IN HANDLE hEventLog,
IN DWORD dwReadFlags,
IN DWORD dwRecordOffset,
OUT LPVOID lpBuffer,
IN DWORD nNumberOfBytesToRead,
OUT DWORD *pnBytesRead,
OUT DWORD *pnMinNumberOfBytesNeeded)
{
NTSTATUS Status;
TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
Status = ElfReadEventLogA(hEventLog,
dwReadFlags,
dwRecordOffset,
lpBuffer,
nNumberOfBytesToRead,
pnBytesRead,
pnMinNumberOfBytesNeeded);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* ReadEventLogW [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* dwReadFlags []
* dwRecordOffset []
* lpBuffer []
* nNumberOfBytesToRead []
* pnBytesRead []
* pnMinNumberOfBytesNeeded []
*/
NTSTATUS
NTAPI
ElfReadEventLogW(IN HANDLE hEventLog,
IN ULONG ReadFlags,
IN ULONG RecordOffset,
OUT LPVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded)
{
NTSTATUS Status;
ULONG Flags;
if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
{
return STATUS_INVALID_PARAMETER;
}
Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
{
return STATUS_INVALID_PARAMETER;
}
Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
{
return STATUS_INVALID_PARAMETER;
}
RpcTryExcept
{
Status = ElfrReadELW(hEventLog,
ReadFlags,
RecordOffset,
NumberOfBytesToRead,
Buffer,
NumberOfBytesRead,
MinNumberOfBytesNeeded);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ReadEventLogW(IN HANDLE hEventLog,
IN DWORD dwReadFlags,
IN DWORD dwRecordOffset,
OUT LPVOID lpBuffer,
IN DWORD nNumberOfBytesToRead,
OUT DWORD *pnBytesRead,
OUT DWORD *pnMinNumberOfBytesNeeded)
{
NTSTATUS Status;
TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
Status = ElfReadEventLogW(hEventLog,
dwReadFlags,
dwRecordOffset,
lpBuffer,
nNumberOfBytesToRead,
pnBytesRead,
pnMinNumberOfBytesNeeded);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* RegisterEventSourceA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,
IN PANSI_STRING SourceNameA,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PSTR pUNCServerName = NULL;
if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameA && (UNCServerNameA->Length != 0))
pUNCServerName = UNCServerNameA->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrRegisterEventSourceA(pUNCServerName,
(PRPC_STRING)SourceNameA,
&EmptyStringA,
1,
1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
RegisterEventSourceA(IN LPCSTR lpUNCServerName,
IN LPCSTR lpSourceName)
{
NTSTATUS Status;
HANDLE hEventLog;
ANSI_STRING UNCServerName, SourceName;
TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
RtlInitAnsiString(&UNCServerName, lpUNCServerName);
RtlInitAnsiString(&SourceName, lpSourceName);
Status = ElfRegisterEventSourceA(&UNCServerName, &SourceName, &hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
return hEventLog;
}
/******************************************************************************
* RegisterEventSourceW [ADVAPI32.@]
* Returns a registered handle to an event log
*
* PARAMS
* lpUNCServerName [I] Server name for source
* lpSourceName [I] Source name for registered handle
*
* RETURNS
* Success: Handle
* Failure: NULL
*/
NTSTATUS
NTAPI
ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,
IN PUNICODE_STRING SourceNameU,
OUT PHANDLE phEventLog)
{
NTSTATUS Status;
PWSTR pUNCServerName = NULL;
if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
return STATUS_INVALID_PARAMETER;
if (UNCServerNameU && (UNCServerNameU->Length != 0))
pUNCServerName = UNCServerNameU->Buffer;
*phEventLog = NULL;
RpcTryExcept
{
Status = ElfrRegisterEventSourceW(pUNCServerName,
(PRPC_UNICODE_STRING)SourceNameU,
&EmptyStringU,
1,
1,
(IELF_HANDLE*)phEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
HANDLE WINAPI
RegisterEventSourceW(IN LPCWSTR lpUNCServerName,
IN LPCWSTR lpSourceName)
{
NTSTATUS Status;
HANDLE hEventLog;
UNICODE_STRING UNCServerName, SourceName;
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
RtlInitUnicodeString(&SourceName, lpSourceName);
Status = ElfRegisterEventSourceW(&UNCServerName, &SourceName, &hEventLog);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return NULL;
}
return hEventLog;
}
/******************************************************************************
* ReportEventA [ADVAPI32.@]
*/
NTSTATUS
NTAPI
ElfReportEventA(IN HANDLE hEventLog,
IN USHORT EventType,
IN USHORT EventCategory,
IN ULONG EventID,
IN PSID UserSID,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PANSI_STRING* Strings,
IN PVOID Data,
IN USHORT Flags,
IN OUT PULONG RecordNumber,
IN OUT PULONG TimeWritten)
{
NTSTATUS Status;
LARGE_INTEGER SystemTime;
ULONG Time;
ULONG dwSize;
ANSI_STRING ComputerName;
CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
dwSize = ARRAYSIZE(szComputerName);
GetComputerNameA(szComputerName, &dwSize);
RtlInitAnsiString(&ComputerName, szComputerName);
NtQuerySystemTime(&SystemTime);
RtlTimeToSecondsSince1970(&SystemTime, &Time);
RpcTryExcept
{
Status = ElfrReportEventA(hEventLog,
Time,
EventType,
EventCategory,
EventID,
NumStrings,
DataSize,
(PRPC_STRING)&ComputerName,
(PRPC_SID)UserSID,
(PRPC_STRING*)Strings,
Data,
Flags,
RecordNumber,
TimeWritten);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ReportEventA(IN HANDLE hEventLog,
IN WORD wType,
IN WORD wCategory,
IN DWORD dwEventID,
IN PSID lpUserSid,
IN WORD wNumStrings,
IN DWORD dwDataSize,
IN LPCSTR *lpStrings,
IN LPVOID lpRawData)
{
NTSTATUS Status;
PANSI_STRING *Strings;
WORD i;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
hEventLog, wType, wCategory, dwEventID, lpUserSid,
wNumStrings, dwDataSize, lpStrings, lpRawData);
Strings = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
wNumStrings * sizeof(PANSI_STRING));
if (!Strings)
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return FALSE;
}
for (i = 0; i < wNumStrings; i++)
{
Strings[i] = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(ANSI_STRING));
if (Strings[i])
{
RtlInitAnsiString(Strings[i], lpStrings[i]);
}
}
Status = ElfReportEventA(hEventLog,
wType,
wCategory,
dwEventID,
lpUserSid,
wNumStrings,
dwDataSize,
Strings,
lpRawData,
0,
NULL,
NULL);
for (i = 0; i < wNumStrings; i++)
{
if (Strings[i] != NULL)
HeapFree(GetProcessHeap(), 0, Strings[i]);
}
HeapFree(GetProcessHeap(), 0, Strings);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/******************************************************************************
* ReportEventW [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* wType []
* wCategory []
* dwEventID []
* lpUserSid []
* wNumStrings []
* dwDataSize []
* lpStrings []
* lpRawData []
*/
NTSTATUS
NTAPI
ElfReportEventW(IN HANDLE hEventLog,
IN USHORT EventType,
IN USHORT EventCategory,
IN ULONG EventID,
IN PSID UserSID,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PUNICODE_STRING* Strings,
IN PVOID Data,
IN USHORT Flags,
IN OUT PULONG RecordNumber,
IN OUT PULONG TimeWritten)
{
NTSTATUS Status;
LARGE_INTEGER SystemTime;
ULONG Time;
ULONG dwSize;
UNICODE_STRING ComputerName;
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
dwSize = ARRAYSIZE(szComputerName);
GetComputerNameW(szComputerName, &dwSize);
RtlInitUnicodeString(&ComputerName, szComputerName);
NtQuerySystemTime(&SystemTime);
RtlTimeToSecondsSince1970(&SystemTime, &Time);
RpcTryExcept
{
Status = ElfrReportEventW(hEventLog,
Time,
EventType,
EventCategory,
EventID,
NumStrings,
DataSize,
(PRPC_UNICODE_STRING)&ComputerName,
(PRPC_SID)UserSID,
(PRPC_UNICODE_STRING*)Strings,
Data,
Flags,
RecordNumber,
TimeWritten);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
BOOL WINAPI
ReportEventW(IN HANDLE hEventLog,
IN WORD wType,
IN WORD wCategory,
IN DWORD dwEventID,
IN PSID lpUserSid,
IN WORD wNumStrings,
IN DWORD dwDataSize,
IN LPCWSTR *lpStrings,
IN LPVOID lpRawData)
{
NTSTATUS Status;
PUNICODE_STRING *Strings;
WORD i;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
hEventLog, wType, wCategory, dwEventID, lpUserSid,
wNumStrings, dwDataSize, lpStrings, lpRawData);
Strings = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
wNumStrings * sizeof(PUNICODE_STRING));
if (!Strings)
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return FALSE;
}
for (i = 0; i < wNumStrings; i++)
{
Strings[i] = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(UNICODE_STRING));
if (Strings[i])
{
RtlInitUnicodeString(Strings[i], lpStrings[i]);
}
}
Status = ElfReportEventW(hEventLog,
wType,
wCategory,
dwEventID,
lpUserSid,
wNumStrings,
dwDataSize,
Strings,
lpRawData,
0,
NULL,
NULL);
for (i = 0; i < wNumStrings; i++)
{
if (Strings[i] != NULL)
HeapFree(GetProcessHeap(), 0, Strings[i]);
}
HeapFree(GetProcessHeap(), 0, Strings);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
NTSTATUS
NTAPI
ElfReportEventAndSourceW(IN HANDLE hEventLog,
IN ULONG Time,
IN PUNICODE_STRING ComputerName,
IN USHORT EventType,
IN USHORT EventCategory,
IN ULONG EventID,
IN PSID UserSID,
IN PUNICODE_STRING SourceName,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PUNICODE_STRING* Strings,
IN PVOID Data,
IN USHORT Flags,
IN OUT PULONG RecordNumber,
IN OUT PULONG TimeWritten)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrReportEventAndSourceW(hEventLog,
Time,
EventType,
EventCategory,
EventID,
(PRPC_UNICODE_STRING)SourceName,
NumStrings,
DataSize,
(PRPC_UNICODE_STRING)ComputerName,
(PRPC_SID)UserSID,
(PRPC_UNICODE_STRING*)Strings,
(PBYTE)Data,
Flags,
RecordNumber,
TimeWritten);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
NTSTATUS
NTAPI
ElfFlushEventLog(IN HANDLE hEventLog)
{
NTSTATUS Status;
RpcTryExcept
{
Status = ElfrFlushEL(hEventLog);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}