2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "system/passwd.h" /* uid_wrapper */
26 #include "../librpc/gen_ndr/srv_eventlog.h"
27 #include "lib/eventlog/eventlog.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_winreg_c.h"
30 #include "rpc_client/cli_winreg_int.h"
31 #include "rpc_client/cli_winreg.h"
32 #include "smbd/smbd.h"
37 #define DBGC_CLASS DBGC_RPC_SRV
39 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
44 uint32 current_record;
48 uint32 access_granted;
51 /********************************************************************
52 ********************************************************************/
54 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
57 elog_close_tdb(elog->etdb, false);
62 /********************************************************************
63 ********************************************************************/
65 static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p,
66 struct policy_handle * handle )
70 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
72 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
79 /********************************************************************
80 ********************************************************************/
82 static bool elog_check_access( EVENTLOG_INFO *info, const struct security_token *token )
84 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
85 struct security_descriptor *sec_desc;
86 struct security_ace *ace;
92 /* get the security descriptor for the file */
94 status = get_nt_acl_no_snum( info,
96 SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL,
98 TALLOC_FREE( tdbname );
100 if (!NT_STATUS_IS_OK(status)) {
101 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s: %s\n",
102 tdbname, nt_errstr(status)));
106 ace = talloc_zero(sec_desc, struct security_ace);
108 TALLOC_FREE(sec_desc);
112 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
114 ace->access_mask = REG_KEY_ALL;
115 ace->trustee = global_sid_System;
117 status = security_descriptor_dacl_add(sec_desc, ace);
118 if (!NT_STATUS_IS_OK(status)) {
119 TALLOC_FREE(sec_desc);
125 if ( geteuid() == sec_initial_uid() ) {
126 DEBUG(5,("elog_check_access: running as root, using system token\n"));
127 token = get_system_token();
130 /* run the check, try for the max allowed */
132 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
133 &info->access_granted);
135 TALLOC_FREE(sec_desc);
137 if (!NT_STATUS_IS_OK(status)) {
138 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
143 /* we have to have READ permission for a successful open */
145 return ( info->access_granted & SEC_FILE_READ_DATA );
148 /********************************************************************
149 ********************************************************************/
151 static bool elog_validate_logname( const char *name )
154 const char **elogs = lp_eventlog_list();
160 for ( i=0; elogs[i]; i++ ) {
161 if ( strequal( name, elogs[i] ) )
168 /********************************************************************
169 ********************************************************************/
171 static bool get_num_records_hook( EVENTLOG_INFO * info )
177 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
181 /* lock the tdb since we have to get 2 records */
183 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
184 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
185 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
186 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
189 ( "Oldest Record %d; Next Record %d\n", oldest_record,
192 info->num_records = ( next_record - oldest_record );
193 info->oldest_entry = oldest_record;
198 /********************************************************************
199 ********************************************************************/
201 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
203 /* it's the same thing */
204 return get_num_records_hook( info );
207 /********************************************************************
208 ********************************************************************/
210 static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct policy_handle *hnd )
214 /* first thing is to validate the eventlog name */
216 if ( !elog_validate_logname( logname ) )
217 return NT_STATUS_OBJECT_PATH_INVALID;
219 if ( !(elog = talloc_zero( NULL, EVENTLOG_INFO )) )
220 return NT_STATUS_NO_MEMORY;
221 talloc_set_destructor(elog, eventlog_info_destructor);
223 elog->logname = talloc_strdup( elog, logname );
225 /* Open the tdb first (so that we can create any new tdbs if necessary).
226 We have to do this as root and then use an internal access check
227 on the file permissions since you can only have a tdb open once
228 in a single process */
231 elog->etdb = elog_open_tdb( elog->logname, False, False );
235 /* according to MSDN, if the logfile cannot be found, we should
236 default to the "Application" log */
238 if ( !strequal( logname, ELOG_APPL ) ) {
240 TALLOC_FREE( elog->logname );
242 elog->logname = talloc_strdup( elog, ELOG_APPL );
244 /* do the access check */
245 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
247 return NT_STATUS_ACCESS_DENIED;
251 elog->etdb = elog_open_tdb( elog->logname, False, False );
257 return NT_STATUS_ACCESS_DENIED; /* ??? */
261 /* now do the access check. Close the tdb if we fail here */
263 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
265 return NT_STATUS_ACCESS_DENIED;
268 /* create the policy handle */
270 if ( !create_policy_hnd( p, hnd, elog ) ) {
272 return NT_STATUS_NO_MEMORY;
275 /* set the initial current_record pointer */
277 if ( !get_oldest_entry_hook( elog ) ) {
278 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
279 "get any information on internal records!\n"));
282 elog->current_record = elog->oldest_entry;
287 /********************************************************************
288 ********************************************************************/
290 static NTSTATUS elog_close( struct pipes_struct *p, struct policy_handle *hnd )
292 if ( !( close_policy_hnd( p, hnd ) ) ) {
293 return NT_STATUS_INVALID_HANDLE;
299 /*******************************************************************
300 *******************************************************************/
302 static int elog_size( EVENTLOG_INFO *info )
304 if ( !info || !info->etdb ) {
305 DEBUG(0,("elog_size: Invalid info* structure!\n"));
309 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
312 /********************************************************************
313 note that this can only be called AFTER the table is constructed,
314 since it uses the table to find the tdb handle
315 ********************************************************************/
317 static bool sync_eventlog_params(TALLOC_CTX *mem_ctx,
318 struct messaging_context *msg_ctx,
321 struct dcerpc_binding_handle *h = NULL;
322 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
323 struct policy_handle hive_hnd, key_hnd;
324 uint32_t uiMaxSize = 0;
325 uint32_t uiRetention = 0;
328 WERROR wresult = WERR_OK;
329 char *elogname = info->logname;
333 ctx = talloc_stackframe();
338 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
341 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
344 /* set resonable defaults. 512Kb on size and 1 week on time */
347 uiRetention = 604800;
349 /* the general idea is to internally open the registry
350 key and retrieve the values. That way we can continue
351 to use the same fetch/store api that we use in
353 path = talloc_asprintf(ctx, "%s\\%s", TOP_LEVEL_EVENTLOG_KEY, elogname);
358 status = dcerpc_winreg_int_hklm_openkey(ctx,
359 get_session_info_system(),
368 if (!NT_STATUS_IS_OK(status)) {
369 DEBUG(4,("sync_eventlog_params: Failed to open key [%s] (%s)\n",
370 path, nt_errstr(status)));
373 if ( !W_ERROR_IS_OK( wresult ) ) {
375 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
376 path, win_errstr( wresult ) ) );
380 status = dcerpc_winreg_query_dword(ctx,
386 if (!NT_STATUS_IS_OK(status)) {
387 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
391 if (!W_ERROR_IS_OK(wresult)) {
392 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
393 win_errstr(wresult)));
397 status = dcerpc_winreg_query_dword(ctx,
403 if (!NT_STATUS_IS_OK(status)) {
404 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
408 if (!W_ERROR_IS_OK(wresult)) {
409 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
410 win_errstr(wresult)));
414 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
415 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
423 if (is_valid_policy_hnd(&key_hnd)) {
424 dcerpc_winreg_CloseKey(h, ctx, &key_hnd, &ignore);
426 if (is_valid_policy_hnd(&hive_hnd)) {
427 dcerpc_winreg_CloseKey(h, ctx, &hive_hnd, &ignore);
435 /********************************************************************
436 _eventlog_OpenEventLogW
437 ********************************************************************/
439 NTSTATUS _eventlog_OpenEventLogW(struct pipes_struct *p,
440 struct eventlog_OpenEventLogW *r)
445 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
446 r->in.servername->string, r->in.logname->string ));
448 /* according to MSDN, if the logfile cannot be found, we should
449 default to the "Application" log */
451 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
454 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
455 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
456 r->in.logname->string ));
457 elog_close( p, r->out.handle );
458 return NT_STATUS_INVALID_HANDLE;
461 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
463 if (!sync_eventlog_params(p->mem_ctx,
466 elog_close(p, r->out.handle);
467 return NT_STATUS_EVENTLOG_FILE_CORRUPT;
469 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
474 /********************************************************************
475 _eventlog_ClearEventLogW
476 This call still needs some work
477 ********************************************************************/
478 /** The windows client seems to be doing something funny with the file name
480 ClearEventLog(handle, "backup_file")
481 on the client side will result in the backup file name looking like this on the
483 \??\${CWD of client}\backup_file
484 If an absolute path gets specified, such as
485 ClearEventLog(handle, "C:\\temp\\backup_file")
486 then it is still mangled by the client into this:
487 \??\C:\temp\backup_file
488 when it is on the wire.
489 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
490 would be added in given that the backup file gets written on the server side. */
492 NTSTATUS _eventlog_ClearEventLogW(struct pipes_struct *p,
493 struct eventlog_ClearEventLogW *r)
495 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
498 return NT_STATUS_INVALID_HANDLE;
500 if (r->in.backupfile && r->in.backupfile->string) {
502 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
503 "file name for log [%s].",
504 r->in.backupfile->string, info->logname ) );
507 /* check for WRITE access to the file */
509 if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
510 return NT_STATUS_ACCESS_DENIED;
512 /* Force a close and reopen */
514 elog_close_tdb( info->etdb, True );
516 info->etdb = elog_open_tdb( info->logname, True, False );
520 return NT_STATUS_ACCESS_DENIED;
525 /********************************************************************
526 _eventlog_CloseEventLog
527 ********************************************************************/
529 NTSTATUS _eventlog_CloseEventLog(struct pipes_struct * p,
530 struct eventlog_CloseEventLog *r)
534 status = elog_close( p, r->in.handle );
535 if (!NT_STATUS_IS_OK(status)) {
539 ZERO_STRUCTP(r->out.handle);
544 /********************************************************************
545 _eventlog_ReadEventLogW
546 ********************************************************************/
548 NTSTATUS _eventlog_ReadEventLogW(struct pipes_struct *p,
549 struct eventlog_ReadEventLogW *r)
551 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
552 uint32_t num_records_read = 0;
553 int bytes_left, record_number;
554 uint32_t elog_read_type, elog_read_dir;
557 return NT_STATUS_INVALID_HANDLE;
560 info->flags = r->in.flags;
561 bytes_left = r->in.number_of_bytes;
564 return NT_STATUS_ACCESS_DENIED;
567 /* check for valid flags. Can't use the sequential and seek flags together */
569 elog_read_type = r->in.flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
570 elog_read_dir = r->in.flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
572 if (r->in.flags == 0 ||
573 elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) ||
574 elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ))
576 DEBUG(3,("_eventlog_ReadEventLogW: "
577 "Invalid flags [0x%08x] for ReadEventLog\n",
579 return NT_STATUS_INVALID_PARAMETER;
582 /* a sequential read should ignore the offset */
584 if (elog_read_type & EVENTLOG_SEQUENTIAL_READ) {
585 record_number = info->current_record;
587 record_number = r->in.offset;
590 if (r->in.number_of_bytes == 0) {
591 struct EVENTLOGRECORD *e;
592 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
595 return NT_STATUS_END_OF_FILE;
597 *r->out.real_size = e->Length;
598 return NT_STATUS_BUFFER_TOO_SMALL;
601 while (bytes_left > 0) {
604 enum ndr_err_code ndr_err;
605 struct EVENTLOGRECORD *e;
607 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
613 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, e,
614 (ndr_push_flags_fn_t)ndr_push_EVENTLOGRECORD);
615 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
616 return ndr_map_error2ntstatus(ndr_err);
619 if (DEBUGLEVEL >= 10) {
620 NDR_PRINT_DEBUG(EVENTLOGRECORD, e);
623 if (blob.length > r->in.number_of_bytes) {
624 *r->out.real_size = blob.length;
625 return NT_STATUS_BUFFER_TOO_SMALL;
628 if (*r->out.sent_size + blob.length > r->in.number_of_bytes) {
632 bytes_left -= blob.length;
634 if (info->flags & EVENTLOG_FORWARDS_READ) {
640 /* update the eventlog record pointer */
642 info->current_record = record_number;
644 memcpy(&r->out.data[*(r->out.sent_size)],
645 blob.data, blob.length);
646 *(r->out.sent_size) += blob.length;
651 if (r->in.offset == 0 && record_number == 0 && *r->out.sent_size == 0) {
652 return NT_STATUS_END_OF_FILE;
658 /********************************************************************
659 _eventlog_GetOldestRecord
660 ********************************************************************/
662 NTSTATUS _eventlog_GetOldestRecord(struct pipes_struct *p,
663 struct eventlog_GetOldestRecord *r)
665 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
668 return NT_STATUS_INVALID_HANDLE;
671 if ( !( get_oldest_entry_hook( info ) ) )
672 return NT_STATUS_ACCESS_DENIED;
674 *r->out.oldest_entry = info->oldest_entry;
679 /********************************************************************
680 _eventlog_GetNumRecords
681 ********************************************************************/
683 NTSTATUS _eventlog_GetNumRecords(struct pipes_struct *p,
684 struct eventlog_GetNumRecords *r)
686 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
689 return NT_STATUS_INVALID_HANDLE;
692 if ( !( get_num_records_hook( info ) ) )
693 return NT_STATUS_ACCESS_DENIED;
695 *r->out.number = info->num_records;
700 NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r)
702 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
703 return NT_STATUS_NOT_IMPLEMENTED;
706 /********************************************************************
707 _eventlog_GetLogInformation
708 ********************************************************************/
710 NTSTATUS _eventlog_GetLogInformation(struct pipes_struct *p,
711 struct eventlog_GetLogInformation *r)
713 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
714 struct EVENTLOG_FULL_INFORMATION f;
715 enum ndr_err_code ndr_err;
719 return NT_STATUS_INVALID_HANDLE;
722 if (r->in.level != 0) {
723 return NT_STATUS_INVALID_LEVEL;
726 *r->out.bytes_needed = 4;
728 if (r->in.buf_size < 4) {
729 return NT_STATUS_BUFFER_TOO_SMALL;
732 /* FIXME: this should be retrieved from the handle */
735 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &f,
736 (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
737 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
738 return ndr_map_error2ntstatus(ndr_err);
741 if (DEBUGLEVEL >= 10) {
742 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
745 memcpy(r->out.buffer, blob.data, 4);
750 /********************************************************************
751 _eventlog_FlushEventLog
752 ********************************************************************/
754 NTSTATUS _eventlog_FlushEventLog(struct pipes_struct *p,
755 struct eventlog_FlushEventLog *r)
757 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
759 return NT_STATUS_INVALID_HANDLE;
762 return NT_STATUS_ACCESS_DENIED;
765 /********************************************************************
766 ********************************************************************/
768 static NTSTATUS evlog_report_to_record(TALLOC_CTX *mem_ctx,
769 const struct eventlog_ReportEventW *r,
771 struct EVENTLOGRECORD *e)
776 e->TimeGenerated = r->in.timestamp;
777 e->TimeWritten = time(NULL);
778 e->EventID = r->in.event_id;
779 e->EventType = r->in.event_type;
780 e->NumStrings = r->in.num_of_strings;
781 e->EventCategory = r->in.event_category;
782 e->ReservedFlags = r->in.flags;
783 e->DataLength = r->in.data_size;
784 e->SourceName = talloc_strdup(mem_ctx, logname);
785 NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
786 if (r->in.servername->string) {
787 e->Computername = r->in.servername->string;
789 e->Computername = talloc_strdup(mem_ctx, "");
790 NT_STATUS_HAVE_NO_MEMORY(e->Computername);
792 if (r->in.user_sid) {
793 e->UserSid = *r->in.user_sid;
795 e->Strings = talloc_array(mem_ctx, const char *, e->NumStrings);
796 NT_STATUS_HAVE_NO_MEMORY(e->Strings);
798 for (i=0; i < e->NumStrings; i++) {
799 e->Strings[i] = talloc_strdup(e->Strings,
800 r->in.strings[i]->string);
801 NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
803 e->Data = r->in.data;
808 /********************************************************************
809 _eventlog_ReportEventW
810 ********************************************************************/
812 NTSTATUS _eventlog_ReportEventW(struct pipes_struct *p,
813 struct eventlog_ReportEventW *r)
816 struct EVENTLOGRECORD record;
818 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
820 return NT_STATUS_INVALID_HANDLE;
823 status = evlog_report_to_record(p->mem_ctx, r, info->logname, &record);
824 if (!NT_STATUS_IS_OK(status)) {
828 status = evlog_push_record(p->mem_ctx,
829 ELOG_TDB_CTX(info->etdb),
831 r->out.record_number);
832 if (!NT_STATUS_IS_OK(status)) {
839 /********************************************************************
840 ********************************************************************/
842 NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p,
843 struct eventlog_DeregisterEventSource *r)
845 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
846 return NT_STATUS_NOT_IMPLEMENTED;
849 NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p,
850 struct eventlog_ChangeNotify *r)
852 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
853 return NT_STATUS_NOT_IMPLEMENTED;
856 NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p,
857 struct eventlog_RegisterEventSourceW *r)
859 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
860 return NT_STATUS_NOT_IMPLEMENTED;
863 NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p,
864 struct eventlog_OpenBackupEventLogW *r)
866 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
867 return NT_STATUS_NOT_IMPLEMENTED;
870 NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p,
871 struct eventlog_ClearEventLogA *r)
873 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
874 return NT_STATUS_NOT_IMPLEMENTED;
877 NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p,
878 struct eventlog_BackupEventLogA *r)
880 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
881 return NT_STATUS_NOT_IMPLEMENTED;
884 NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p,
885 struct eventlog_OpenEventLogA *r)
887 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
888 return NT_STATUS_NOT_IMPLEMENTED;
891 NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p,
892 struct eventlog_RegisterEventSourceA *r)
894 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
895 return NT_STATUS_NOT_IMPLEMENTED;
898 NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p,
899 struct eventlog_OpenBackupEventLogA *r)
901 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
902 return NT_STATUS_NOT_IMPLEMENTED;
905 NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p,
906 struct eventlog_ReadEventLogA *r)
908 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
909 return NT_STATUS_NOT_IMPLEMENTED;
912 NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p,
913 struct eventlog_ReportEventA *r)
915 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
916 return NT_STATUS_NOT_IMPLEMENTED;
919 NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p,
920 struct eventlog_RegisterClusterSvc *r)
922 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
923 return NT_STATUS_NOT_IMPLEMENTED;
926 NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p,
927 struct eventlog_DeregisterClusterSvc *r)
929 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
930 return NT_STATUS_NOT_IMPLEMENTED;
933 NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p,
934 struct eventlog_WriteClusterEvents *r)
936 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
937 return NT_STATUS_NOT_IMPLEMENTED;
940 NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p,
941 struct eventlog_ReportEventAndSourceW *r)
943 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
944 return NT_STATUS_NOT_IMPLEMENTED;
git.samba.org / metze / samba / wip.git / blob