2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 #define DBGC_CLASS DBGC_RPC_SRV
30 uint32 current_record;
34 uint32 access_granted;
37 /********************************************************************
38 ********************************************************************/
40 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
43 elog_close_tdb(elog->etdb, false);
48 /********************************************************************
49 ********************************************************************/
51 static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p,
56 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
58 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
65 /********************************************************************
66 ********************************************************************/
68 static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
70 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
77 /* get the security descriptor for the file */
79 sec_desc = get_nt_acl_no_snum( info, tdbname );
80 TALLOC_FREE( tdbname );
83 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
90 if ( geteuid() == sec_initial_uid() ) {
91 DEBUG(5,("elog_check_access: using root's token\n"));
92 token = get_root_nt_token();
95 /* run the check, try for the max allowed */
97 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
98 &info->access_granted);
101 TALLOC_FREE( sec_desc );
103 if (!NT_STATUS_IS_OK(status)) {
104 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
109 /* we have to have READ permission for a successful open */
111 return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
114 /********************************************************************
115 ********************************************************************/
117 static bool elog_validate_logname( const char *name )
120 const char **elogs = lp_eventlog_list();
126 for ( i=0; elogs[i]; i++ ) {
127 if ( strequal( name, elogs[i] ) )
134 /********************************************************************
135 ********************************************************************/
137 static bool get_num_records_hook( EVENTLOG_INFO * info )
143 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
147 /* lock the tdb since we have to get 2 records */
149 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
150 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
151 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
152 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
155 ( "Oldest Record %d; Next Record %d\n", oldest_record,
158 info->num_records = ( next_record - oldest_record );
159 info->oldest_entry = oldest_record;
164 /********************************************************************
165 ********************************************************************/
167 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
169 /* it's the same thing */
170 return get_num_records_hook( info );
173 /********************************************************************
174 ********************************************************************/
176 static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd )
180 /* first thing is to validate the eventlog name */
182 if ( !elog_validate_logname( logname ) )
183 return NT_STATUS_OBJECT_PATH_INVALID;
185 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
186 return NT_STATUS_NO_MEMORY;
187 talloc_set_destructor(elog, eventlog_info_destructor);
189 elog->logname = talloc_strdup( elog, logname );
191 /* Open the tdb first (so that we can create any new tdbs if necessary).
192 We have to do this as root and then use an internal access check
193 on the file permissions since you can only have a tdb open once
194 in a single process */
197 elog->etdb = elog_open_tdb( elog->logname, False );
201 /* according to MSDN, if the logfile cannot be found, we should
202 default to the "Application" log */
204 if ( !strequal( logname, ELOG_APPL ) ) {
206 TALLOC_FREE( elog->logname );
208 elog->logname = talloc_strdup( elog, ELOG_APPL );
210 /* do the access check */
211 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
213 return NT_STATUS_ACCESS_DENIED;
217 elog->etdb = elog_open_tdb( elog->logname, False );
223 return NT_STATUS_ACCESS_DENIED; /* ??? */
227 /* now do the access check. Close the tdb if we fail here */
229 if ( !elog_check_access( elog, p->server_info->ptok ) ) {
231 return NT_STATUS_ACCESS_DENIED;
234 /* create the policy handle */
236 if ( !create_policy_hnd( p, hnd, elog ) ) {
238 return NT_STATUS_NO_MEMORY;
241 /* set the initial current_record pointer */
243 if ( !get_oldest_entry_hook( elog ) ) {
244 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
245 "get any information on internal records!\n"));
248 elog->current_record = elog->oldest_entry;
253 /********************************************************************
254 ********************************************************************/
256 static NTSTATUS elog_close( pipes_struct *p, POLICY_HND *hnd )
258 if ( !( close_policy_hnd( p, hnd ) ) ) {
259 return NT_STATUS_INVALID_HANDLE;
265 /*******************************************************************
266 *******************************************************************/
268 static int elog_size( EVENTLOG_INFO *info )
270 if ( !info || !info->etdb ) {
271 DEBUG(0,("elog_size: Invalid info* structure!\n"));
275 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
278 /********************************************************************
279 For the given tdb, get the next eventlog record into the passed
280 Eventlog_entry. returns NULL if it can't get the record for some reason.
281 ********************************************************************/
283 static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx,
287 Eventlog_entry *ee = NULL;
294 char *wpsource = NULL;
295 char *wpcomputer = NULL;
298 char *puserdata = NULL;
300 key.dsize = sizeof(int32_t);
303 key.dptr = (unsigned char *)&srecno;
305 ret = tdb_fetch( tdb, key );
307 if ( ret.dsize == 0 ) {
309 ( "Can't find a record for the key, record %d\n",
314 len = tdb_unpack( ret.dptr, ret.dsize, "d", &reclen );
316 DEBUG( 10, ( "Unpacking record %d, size is %d\n", srecno, len ) );
321 ee = TALLOC_ARRAY(mem_ctx, Eventlog_entry, 1);
327 len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd",
328 &ee->record.length, &ee->record.reserved1,
329 &ee->record.record_number,
330 &ee->record.time_generated,
331 &ee->record.time_written, &ee->record.event_id,
332 &ee->record.event_type, &ee->record.num_strings,
333 &ee->record.event_category, &ee->record.reserved2,
334 &ee->record.closing_record_number,
335 &ee->record.string_offset,
336 &ee->record.user_sid_length,
337 &ee->record.user_sid_offset,
338 &ee->record.data_length, &ee->record.data_offset,
339 &ee->data_record.source_name_len, &wpsource,
340 &ee->data_record.computer_name_len, &wpcomputer,
341 &ee->data_record.sid_padding,
342 &ee->record.user_sid_length, &wpsid,
343 &ee->data_record.strings_len, &wpstrs,
344 &ee->data_record.user_data_len, &puserdata,
345 &ee->data_record.data_padding );
347 ( "Read record %d, len in tdb was %d\n",
348 ee->record.record_number, len ) );
350 /* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff
351 into it's 2nd argment for 'B' */
354 ee->data_record.computer_name = (smb_ucs2_t *)TALLOC_MEMDUP(
355 ee, wpcomputer, ee->data_record.computer_name_len);
356 if (!ee->data_record.computer_name) {
362 ee->data_record.source_name = (smb_ucs2_t *)TALLOC_MEMDUP(
363 ee, wpsource, ee->data_record.source_name_len);
364 if (!ee->data_record.source_name) {
371 ee->data_record.sid = (smb_ucs2_t *)TALLOC_MEMDUP(
372 ee, wpsid, ee->record.user_sid_length);
373 if (!ee->data_record.sid) {
379 ee->data_record.strings = (smb_ucs2_t *)TALLOC_MEMDUP(
380 ee, wpstrs, ee->data_record.strings_len);
381 if (!ee->data_record.strings) {
388 ee->data_record.user_data = (char *)TALLOC_MEMDUP(
389 ee, puserdata, ee->data_record.user_data_len);
390 if (!ee->data_record.user_data) {
398 SAFE_FREE(wpcomputer);
402 SAFE_FREE(puserdata);
404 DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) );
406 ( "get_eventlog_record: computer_name %d is ",
407 ee->data_record.computer_name_len ) );
412 /********************************************************************
413 note that this can only be called AFTER the table is constructed,
414 since it uses the table to find the tdb handle
415 ********************************************************************/
417 static bool sync_eventlog_params( EVENTLOG_INFO *info )
422 struct registry_key *key;
423 struct registry_value *value;
425 char *elogname = info->logname;
426 TALLOC_CTX *ctx = talloc_stackframe();
429 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
432 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
435 /* set resonable defaults. 512Kb on size and 1 week on time */
438 uiRetention = 604800;
440 /* the general idea is to internally open the registry
441 key and retrieve the values. That way we can continue
442 to use the same fetch/store api that we use in
445 path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
450 wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(),
453 if ( !W_ERROR_IS_OK( wresult ) ) {
455 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
456 path, win_errstr( wresult ) ) );
460 wresult = reg_queryvalue(key, key, "Retention", &value);
461 if (!W_ERROR_IS_OK(wresult)) {
462 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
463 win_errstr(wresult)));
466 uiRetention = value->v.dword;
468 wresult = reg_queryvalue(key, key, "MaxSize", &value);
469 if (!W_ERROR_IS_OK(wresult)) {
470 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
471 win_errstr(wresult)));
474 uiMaxSize = value->v.dword;
476 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
477 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
486 /********************************************************************
487 ********************************************************************/
489 static Eventlog_entry *read_package_entry( TALLOC_CTX *mem_ctx,
490 Eventlog_entry * entry )
493 Eventlog_entry *ee_new = NULL;
495 ee_new = TALLOC_ZERO_ARRAY(mem_ctx, Eventlog_entry, 1 );
496 if ( ee_new == NULL ) {
500 entry->data_record.sid_padding =
502 ( ( entry->data_record.source_name_len +
503 entry->data_record.computer_name_len ) % 4 ) ) % 4 );
504 entry->data_record.data_padding =
506 ( ( entry->data_record.strings_len +
507 entry->data_record.user_data_len ) % 4 ) ) % 4;
508 entry->record.length = sizeof( Eventlog_record );
509 entry->record.length += entry->data_record.source_name_len;
510 entry->record.length += entry->data_record.computer_name_len;
511 if ( entry->record.user_sid_length == 0 ) {
512 /* Should not pad to a DWORD boundary for writing out the sid if there is
513 no SID, so just propagate the padding to pad the data */
514 entry->data_record.data_padding +=
515 entry->data_record.sid_padding;
516 entry->data_record.sid_padding = 0;
519 ( "sid_padding is [%d].\n", entry->data_record.sid_padding ) );
521 ( "data_padding is [%d].\n",
522 entry->data_record.data_padding ) );
524 entry->record.length += entry->data_record.sid_padding;
525 entry->record.length += entry->record.user_sid_length;
526 entry->record.length += entry->data_record.strings_len;
527 entry->record.length += entry->data_record.user_data_len;
528 entry->record.length += entry->data_record.data_padding;
529 /* need another copy of length at the end of the data */
530 entry->record.length += sizeof( entry->record.length );
532 ( "entry->record.length is [%d].\n", entry->record.length ) );
534 TALLOC_ZERO_ARRAY(mem_ctx, uint8_t,
535 entry->record.length -
536 sizeof( Eventlog_record ) -
537 sizeof( entry->record.length ));
538 if ( entry->data == NULL ) {
541 offset = entry->data;
542 memcpy( offset, &( entry->data_record.source_name ),
543 entry->data_record.source_name_len );
544 offset += entry->data_record.source_name_len;
545 memcpy( offset, &( entry->data_record.computer_name ),
546 entry->data_record.computer_name_len );
547 offset += entry->data_record.computer_name_len;
548 /* SID needs to be DWORD-aligned */
549 offset += entry->data_record.sid_padding;
550 entry->record.user_sid_offset =
551 sizeof( Eventlog_record ) + ( offset - entry->data );
552 memcpy( offset, &( entry->data_record.sid ),
553 entry->record.user_sid_length );
554 offset += entry->record.user_sid_length;
555 /* Now do the strings */
556 entry->record.string_offset =
557 sizeof( Eventlog_record ) + ( offset - entry->data );
558 memcpy( offset, &( entry->data_record.strings ),
559 entry->data_record.strings_len );
560 offset += entry->data_record.strings_len;
561 /* Now do the data */
562 entry->record.data_length = entry->data_record.user_data_len;
563 entry->record.data_offset =
564 sizeof( Eventlog_record ) + ( offset - entry->data );
565 memcpy( offset, &( entry->data_record.user_data ),
566 entry->data_record.user_data_len );
567 offset += entry->data_record.user_data_len;
569 memcpy( &( ee_new->record ), &entry->record,
570 sizeof( Eventlog_record ) );
571 memcpy( &( ee_new->data_record ), &entry->data_record,
572 sizeof( Eventlog_data_record ) );
573 ee_new->data = entry->data;
578 /********************************************************************
579 ********************************************************************/
581 static bool add_record_to_resp( Eventlog_entry *entry,
582 uint32_t *num_records,
583 uint32_t *num_bytes_in_resp,
584 Eventlog_entry * ee_new )
586 Eventlog_entry *insert_point;
588 insert_point = entry;
590 if ( NULL == insert_point ) {
594 while ( ( NULL != insert_point->next ) ) {
595 insert_point = insert_point->next;
598 insert_point->next = ee_new;
601 *num_bytes_in_resp += ee_new->record.length;
606 /********************************************************************
607 _eventlog_OpenEventLogW
608 ********************************************************************/
610 NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p,
611 struct eventlog_OpenEventLogW *r)
616 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
617 r->in.servername->string, r->in.logname->string ));
619 /* according to MSDN, if the logfile cannot be found, we should
620 default to the "Application" log */
622 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
625 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
626 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
627 r->in.logname->string ));
628 elog_close( p, r->out.handle );
629 return NT_STATUS_INVALID_HANDLE;
632 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
634 sync_eventlog_params( info );
635 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
640 /********************************************************************
641 _eventlog_ClearEventLogW
642 This call still needs some work
643 ********************************************************************/
644 /** The windows client seems to be doing something funny with the file name
646 ClearEventLog(handle, "backup_file")
647 on the client side will result in the backup file name looking like this on the
649 \??\${CWD of client}\backup_file
650 If an absolute path gets specified, such as
651 ClearEventLog(handle, "C:\\temp\\backup_file")
652 then it is still mangled by the client into this:
653 \??\C:\temp\backup_file
654 when it is on the wire.
655 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
656 would be added in given that the backup file gets written on the server side. */
658 NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
659 struct eventlog_ClearEventLogW *r)
661 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
664 return NT_STATUS_INVALID_HANDLE;
666 if (r->in.backupfile && r->in.backupfile->string) {
668 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
669 "file name for log [%s].",
670 r->in.backupfile->string, info->logname ) );
673 /* check for WRITE access to the file */
675 if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
676 return NT_STATUS_ACCESS_DENIED;
678 /* Force a close and reopen */
680 elog_close_tdb( info->etdb, True );
682 info->etdb = elog_open_tdb( info->logname, True );
686 return NT_STATUS_ACCESS_DENIED;
691 /********************************************************************
692 _eventlog_CloseEventLog
693 ********************************************************************/
695 NTSTATUS _eventlog_CloseEventLog(pipes_struct * p,
696 struct eventlog_CloseEventLog *r)
700 status = elog_close( p, r->in.handle );
701 if (!NT_STATUS_IS_OK(status)) {
705 ZERO_STRUCTP(r->out.handle);
710 /********************************************************************
711 ********************************************************************/
713 NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
714 EVENTLOG_Q_READ_EVENTLOG * q_u,
715 EVENTLOG_R_READ_EVENTLOG * r_u )
717 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
718 Eventlog_entry *entry = NULL, *ee_new = NULL;
719 uint32 num_records_read = 0;
720 int bytes_left, record_number;
721 uint32 elog_read_type, elog_read_dir;
724 return NT_STATUS_INVALID_HANDLE;
727 info->flags = q_u->flags;
729 bytes_left = q_u->max_read_size;
732 return NT_STATUS_ACCESS_DENIED;
734 /* check for valid flags. Can't use the sequential and seek flags together */
736 elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
737 elog_read_dir = q_u->flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
739 if ( elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ)
740 || elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ) )
742 DEBUG(3,("_eventlog_read_eventlog: Invalid flags [0x%x] for ReadEventLog\n", q_u->flags));
743 return NT_STATUS_INVALID_PARAMETER;
746 /* a sequential read should ignore the offset */
748 if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ )
749 record_number = info->current_record;
751 record_number = q_u->offset;
753 while ( bytes_left > 0 ) {
755 /* assume that when the record fetch fails, that we are done */
757 entry = get_eventlog_record (p->mem_ctx, ELOG_TDB_CTX(info->etdb), record_number);
762 DEBUG( 8, ( "Retrieved record %d\n", record_number ) );
764 /* Now see if there is enough room to add */
766 if ( !(ee_new = read_package_entry( p->mem_ctx, entry )) )
767 return NT_STATUS_NO_MEMORY;
769 if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
770 r_u->bytes_in_next_record = ee_new->record.length;
772 /* response would be too big to fit in client-size buffer */
778 add_record_to_resp( r_u->entry,
779 &r_u->num_records, &r_u->num_bytes_in_resp,
782 bytes_left -= ee_new->record.length;
784 num_records_read = r_u->num_records - num_records_read;
786 DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total "
787 "of [%d] records using [%d] bytes out of a max of [%d].\n",
788 num_records_read, r_u->num_records,
789 r_u->num_bytes_in_resp,
790 q_u->max_read_size ) );
792 if ( info->flags & EVENTLOG_FORWARDS_READ )
797 /* update the eventlog record pointer */
799 info->current_record = record_number;
802 /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to
803 say when there are no more records */
805 return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL);
808 /********************************************************************
809 _eventlog_GetOldestRecord
810 ********************************************************************/
812 NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p,
813 struct eventlog_GetOldestRecord *r)
815 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
818 return NT_STATUS_INVALID_HANDLE;
821 if ( !( get_oldest_entry_hook( info ) ) )
822 return NT_STATUS_ACCESS_DENIED;
824 *r->out.oldest_entry = info->oldest_entry;
829 /********************************************************************
830 _eventlog_GetNumRecords
831 ********************************************************************/
833 NTSTATUS _eventlog_GetNumRecords(pipes_struct *p,
834 struct eventlog_GetNumRecords *r)
836 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
839 return NT_STATUS_INVALID_HANDLE;
842 if ( !( get_num_records_hook( info ) ) )
843 return NT_STATUS_ACCESS_DENIED;
845 *r->out.number = info->num_records;
850 NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r)
852 p->rng_fault_state = True;
853 return NT_STATUS_NOT_IMPLEMENTED;
856 NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r)
858 p->rng_fault_state = True;
859 return NT_STATUS_NOT_IMPLEMENTED;
862 NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r)
864 p->rng_fault_state = True;
865 return NT_STATUS_NOT_IMPLEMENTED;
868 NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r)
870 p->rng_fault_state = True;
871 return NT_STATUS_NOT_IMPLEMENTED;
874 NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r)
876 p->rng_fault_state = True;
877 return NT_STATUS_NOT_IMPLEMENTED;
880 NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p, struct eventlog_ReadEventLogW *r)
882 p->rng_fault_state = True;
883 return NT_STATUS_NOT_IMPLEMENTED;
886 NTSTATUS _eventlog_ReportEventW(pipes_struct *p, struct eventlog_ReportEventW *r)
888 p->rng_fault_state = True;
889 return NT_STATUS_NOT_IMPLEMENTED;
892 NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r)
894 p->rng_fault_state = True;
895 return NT_STATUS_NOT_IMPLEMENTED;
898 NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r)
900 p->rng_fault_state = True;
901 return NT_STATUS_NOT_IMPLEMENTED;
904 NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r)
906 p->rng_fault_state = True;
907 return NT_STATUS_NOT_IMPLEMENTED;
910 NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r)
912 p->rng_fault_state = True;
913 return NT_STATUS_NOT_IMPLEMENTED;
916 NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r)
918 p->rng_fault_state = True;
919 return NT_STATUS_NOT_IMPLEMENTED;
922 NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r)
924 p->rng_fault_state = True;
925 return NT_STATUS_NOT_IMPLEMENTED;
928 NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r)
930 p->rng_fault_state = True;
931 return NT_STATUS_NOT_IMPLEMENTED;
934 NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r)
936 p->rng_fault_state = True;
937 return NT_STATUS_NOT_IMPLEMENTED;
940 NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r)
942 p->rng_fault_state = True;
943 return NT_STATUS_NOT_IMPLEMENTED;
946 NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r)
948 p->rng_fault_state = True;
949 return NT_STATUS_NOT_IMPLEMENTED;
952 NTSTATUS _eventlog_GetLogIntormation(pipes_struct *p, struct eventlog_GetLogIntormation *r)
954 p->rng_fault_state = True;
955 return NT_STATUS_NOT_IMPLEMENTED;
958 NTSTATUS _eventlog_FlushEventLog(pipes_struct *p, struct eventlog_FlushEventLog *r)
960 p->rng_fault_state = True;
961 return NT_STATUS_NOT_IMPLEMENTED;