1 /*
2 * Win32 advapi functions
3 *
4 * Copyright 1995 Sven Verdoolaege
5 * Copyright 1998 Juergen Schmied
6 * Copyright 2003 Mike Hearn
7 * Copyright 2007 Hervé Poussineau
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 /* INCLUDES ******************************************************************/
25
26 #include <advapi32.h>
27
28 #include <ndk/kefuncs.h>
29 #include <eventlogrpc_c.h>
30
31 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
32
33 static RPC_UNICODE_STRING EmptyStringU = { 0, 0, L"" };
34 static RPC_STRING EmptyStringA = { 0, 0, "" };
35
36
37 /* FUNCTIONS *****************************************************************/
38
39 handle_t __RPC_USER
EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)40 EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
41 {
42 handle_t hBinding = NULL;
43 RPC_CSTR pszStringBinding;
44 RPC_STATUS status;
45
46 TRACE("EVENTLOG_HANDLE_A_bind() called\n");
47
48 status = RpcStringBindingComposeA(NULL,
49 (RPC_CSTR)"ncacn_np",
50 (RPC_CSTR)UNCServerName,
51 (RPC_CSTR)"\\pipe\\EventLog",
52 NULL,
53 &pszStringBinding);
54 if (status)
55 {
56 ERR("RpcStringBindingCompose returned 0x%x\n", status);
57 return NULL;
58 }
59
60 /* Set the binding handle that will be used to bind to the server. */
61 status = RpcBindingFromStringBindingA(pszStringBinding,
62 &hBinding);
63 if (status != RPC_S_OK)
64 {
65 ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
66 }
67
68 status = RpcStringFreeA(&pszStringBinding);
69 if (status != RPC_S_OK)
70 {
71 ERR("RpcStringFree returned 0x%x\n", status);
72 }
73
74 return hBinding;
75 }
76
77
78 void __RPC_USER
EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,handle_t hBinding)79 EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,
80 handle_t hBinding)
81 {
82 RPC_STATUS status;
83
84 TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
85
86 status = RpcBindingFree(&hBinding);
87 if (status != RPC_S_OK)
88 {
89 ERR("RpcBindingFree returned 0x%x\n", status);
90 }
91 }
92
93
94 handle_t __RPC_USER
EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)95 EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
96 {
97 handle_t hBinding = NULL;
98 RPC_WSTR pszStringBinding;
99 RPC_STATUS status;
100
101 TRACE("EVENTLOG_HANDLE_W_bind() called\n");
102
103 status = RpcStringBindingComposeW(NULL,
104 L"ncacn_np",
105 UNCServerName,
106 L"\\pipe\\EventLog",
107 NULL,
108 &pszStringBinding);
109 if (status != RPC_S_OK)
110 {
111 ERR("RpcStringBindingCompose returned 0x%x\n", status);
112 return NULL;
113 }
114
115 /* Set the binding handle that will be used to bind to the server. */
116 status = RpcBindingFromStringBindingW(pszStringBinding,
117 &hBinding);
118 if (status != RPC_S_OK)
119 {
120 ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
121 }
122
123 status = RpcStringFreeW(&pszStringBinding);
124 if (status != RPC_S_OK)
125 {
126 ERR("RpcStringFree returned 0x%x\n", status);
127 }
128
129 return hBinding;
130 }
131
132
133 void __RPC_USER
EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,handle_t hBinding)134 EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,
135 handle_t hBinding)
136 {
137 RPC_STATUS status;
138
139 TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
140
141 status = RpcBindingFree(&hBinding);
142 if (status != RPC_S_OK)
143 {
144 ERR("RpcBindingFree returned 0x%x\n", status);
145 }
146 }
147
148
149 /******************************************************************************
150 * BackupEventLogA [ADVAPI32.@]
151 */
152 NTSTATUS
153 NTAPI
ElfBackupEventLogFileA(IN HANDLE hEventLog,IN PANSI_STRING BackupFileNameA)154 ElfBackupEventLogFileA(IN HANDLE hEventLog,
155 IN PANSI_STRING BackupFileNameA)
156 {
157 NTSTATUS Status;
158
159 if (!BackupFileNameA || (BackupFileNameA->Length == 0))
160 return STATUS_INVALID_PARAMETER;
161
162 RpcTryExcept
163 {
164 Status = ElfrBackupELFA(hEventLog,
165 (PRPC_STRING)BackupFileNameA);
166 }
167 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
168 {
169 Status = I_RpcMapWin32Status(RpcExceptionCode());
170 }
171 RpcEndExcept;
172
173 return Status;
174 }
175
176 BOOL WINAPI
BackupEventLogA(IN HANDLE hEventLog,IN LPCSTR lpBackupFileName)177 BackupEventLogA(IN HANDLE hEventLog,
178 IN LPCSTR lpBackupFileName)
179 {
180 BOOL Success;
181 NTSTATUS Status;
182 ANSI_STRING BackupFileNameA;
183 UNICODE_STRING BackupFileNameW;
184
185 TRACE("%p, %s\n", hEventLog, lpBackupFileName);
186
187 if (lpBackupFileName == NULL)
188 {
189 SetLastError(ERROR_INVALID_PARAMETER);
190 return FALSE;
191 }
192
193 RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
194
195 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
196 &BackupFileNameA,
197 TRUE);
198 if (!NT_SUCCESS(Status))
199 {
200 SetLastError(RtlNtStatusToDosError(Status));
201 return FALSE;
202 }
203
204 Success = BackupEventLogW(hEventLog,
205 BackupFileNameW.Buffer);
206
207 RtlFreeUnicodeString(&BackupFileNameW);
208
209 return Success;
210 }
211
212
213 /******************************************************************************
214 * BackupEventLogW [ADVAPI32.@]
215 *
216 * PARAMS
217 * hEventLog []
218 * lpBackupFileName []
219 */
220 NTSTATUS
221 NTAPI
ElfBackupEventLogFileW(IN HANDLE hEventLog,IN PUNICODE_STRING BackupFileNameU)222 ElfBackupEventLogFileW(IN HANDLE hEventLog,
223 IN PUNICODE_STRING BackupFileNameU)
224 {
225 NTSTATUS Status;
226
227 if (!BackupFileNameU || (BackupFileNameU->Length == 0))
228 return STATUS_INVALID_PARAMETER;
229
230 RpcTryExcept
231 {
232 Status = ElfrBackupELFW(hEventLog,
233 (PRPC_UNICODE_STRING)BackupFileNameU);
234 }
235 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
236 {
237 Status = I_RpcMapWin32Status(RpcExceptionCode());
238 }
239 RpcEndExcept;
240
241 return Status;
242 }
243
244 BOOL WINAPI
BackupEventLogW(IN HANDLE hEventLog,IN LPCWSTR lpBackupFileName)245 BackupEventLogW(IN HANDLE hEventLog,
246 IN LPCWSTR lpBackupFileName)
247 {
248 NTSTATUS Status;
249 UNICODE_STRING BackupFileName;
250
251 TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
252
253 if (lpBackupFileName == NULL)
254 {
255 SetLastError(ERROR_INVALID_PARAMETER);
256 return FALSE;
257 }
258
259 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
260 NULL, NULL))
261 {
262 SetLastError(ERROR_INVALID_PARAMETER);
263 return FALSE;
264 }
265
266 Status = ElfBackupEventLogFileW(hEventLog, &BackupFileName);
267
268 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
269
270 if (!NT_SUCCESS(Status))
271 {
272 SetLastError(RtlNtStatusToDosError(Status));
273 return FALSE;
274 }
275
276 return TRUE;
277 }
278
279
280 /******************************************************************************
281 * ClearEventLogA [ADVAPI32.@]
282 */
283 NTSTATUS
284 NTAPI
ElfClearEventLogFileA(IN HANDLE hEventLog,IN PANSI_STRING BackupFileNameA)285 ElfClearEventLogFileA(IN HANDLE hEventLog,
286 IN PANSI_STRING BackupFileNameA)
287 {
288 NTSTATUS Status;
289
290 RpcTryExcept
291 {
292 Status = ElfrClearELFA(hEventLog,
293 (PRPC_STRING)BackupFileNameA);
294 }
295 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
296 {
297 Status = I_RpcMapWin32Status(RpcExceptionCode());
298 }
299 RpcEndExcept;
300
301 return Status;
302 }
303
304 BOOL WINAPI
ClearEventLogA(IN HANDLE hEventLog,IN LPCSTR lpBackupFileName)305 ClearEventLogA(IN HANDLE hEventLog,
306 IN LPCSTR lpBackupFileName)
307 {
308 BOOL Success;
309 NTSTATUS Status;
310 ANSI_STRING BackupFileNameA;
311 UNICODE_STRING BackupFileNameW;
312
313 TRACE("%p, %s\n", hEventLog, lpBackupFileName);
314
315 if (lpBackupFileName == NULL)
316 {
317 RtlInitUnicodeString(&BackupFileNameW, NULL);
318 }
319 else
320 {
321 RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
322
323 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
324 &BackupFileNameA,
325 TRUE);
326 if (!NT_SUCCESS(Status))
327 {
328 SetLastError(RtlNtStatusToDosError(Status));
329 return FALSE;
330 }
331 }
332
333 Success = ClearEventLogW(hEventLog,
334 BackupFileNameW.Buffer);
335
336 RtlFreeUnicodeString(&BackupFileNameW);
337
338 return Success;
339 }
340
341
342 /******************************************************************************
343 * ClearEventLogW [ADVAPI32.@]
344 */
345 NTSTATUS
346 NTAPI
ElfClearEventLogFileW(IN HANDLE hEventLog,IN PUNICODE_STRING BackupFileNameU)347 ElfClearEventLogFileW(IN HANDLE hEventLog,
348 IN PUNICODE_STRING BackupFileNameU)
349 {
350 NTSTATUS Status;
351
352 RpcTryExcept
353 {
354 Status = ElfrClearELFW(hEventLog,
355 (PRPC_UNICODE_STRING)BackupFileNameU);
356 }
357 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
358 {
359 Status = I_RpcMapWin32Status(RpcExceptionCode());
360 }
361 RpcEndExcept;
362
363 return Status;
364 }
365
366 BOOL WINAPI
ClearEventLogW(IN HANDLE hEventLog,IN LPCWSTR lpBackupFileName)367 ClearEventLogW(IN HANDLE hEventLog,
368 IN LPCWSTR lpBackupFileName)
369 {
370 NTSTATUS Status;
371 UNICODE_STRING BackupFileName;
372
373 TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
374
375 if (lpBackupFileName == NULL)
376 {
377 RtlInitUnicodeString(&BackupFileName, NULL);
378 }
379 else
380 {
381 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
382 NULL, NULL))
383 {
384 SetLastError(ERROR_INVALID_PARAMETER);
385 return FALSE;
386 }
387 }
388
389 Status = ElfClearEventLogFileW(hEventLog, &BackupFileName);
390
391 if (lpBackupFileName != NULL)
392 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
393
394 if (!NT_SUCCESS(Status))
395 {
396 SetLastError(RtlNtStatusToDosError(Status));
397 return FALSE;
398 }
399
400 return TRUE;
401 }
402
403
404 /******************************************************************************
405 * CloseEventLog [ADVAPI32.@]
406 */
407 NTSTATUS
408 NTAPI
ElfCloseEventLog(IN HANDLE hEventLog)409 ElfCloseEventLog(IN HANDLE hEventLog)
410 {
411 NTSTATUS Status;
412
413 RpcTryExcept
414 {
415 Status = ElfrCloseEL(&hEventLog);
416 }
417 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
418 {
419 Status = I_RpcMapWin32Status(RpcExceptionCode());
420 }
421 RpcEndExcept;
422
423 return Status;
424 }
425
426 BOOL WINAPI
CloseEventLog(IN HANDLE hEventLog)427 CloseEventLog(IN HANDLE hEventLog)
428 {
429 NTSTATUS Status;
430
431 TRACE("%p\n", hEventLog);
432
433 Status = ElfCloseEventLog(hEventLog);
434 if (!NT_SUCCESS(Status))
435 {
436 SetLastError(RtlNtStatusToDosError(Status));
437 return FALSE;
438 }
439
440 return TRUE;
441 }
442
443
444 /******************************************************************************
445 * DeregisterEventSource [ADVAPI32.@]
446 * Closes a handle to the specified event log
447 *
448 * PARAMS
449 * hEventLog [I] Handle to event log
450 *
451 * RETURNS STD
452 */
453 NTSTATUS
454 NTAPI
ElfDeregisterEventSource(IN HANDLE hEventLog)455 ElfDeregisterEventSource(IN HANDLE hEventLog)
456 {
457 NTSTATUS Status;
458
459 RpcTryExcept
460 {
461 Status = ElfrDeregisterEventSource(&hEventLog);
462 }
463 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
464 {
465 Status = I_RpcMapWin32Status(RpcExceptionCode());
466 }
467 RpcEndExcept;
468
469 return Status;
470 }
471
472 BOOL WINAPI
DeregisterEventSource(IN HANDLE hEventLog)473 DeregisterEventSource(IN HANDLE hEventLog)
474 {
475 NTSTATUS Status;
476
477 TRACE("%p\n", hEventLog);
478
479 Status = ElfDeregisterEventSource(hEventLog);
480 if (!NT_SUCCESS(Status))
481 {
482 SetLastError(RtlNtStatusToDosError(Status));
483 return FALSE;
484 }
485
486 return TRUE;
487 }
488
489
490 /******************************************************************************
491 * GetEventLogInformation [ADVAPI32.@]
492 *
493 * PARAMS
494 * hEventLog [I] Handle to event log
495 * dwInfoLevel [I] Level of event log information to return
496 * lpBuffer [O] Buffer that receives the event log information
497 * cbBufSize [I] Size of the lpBuffer buffer
498 * pcbBytesNeeded [O] Required buffer size
499 */
500 BOOL WINAPI
GetEventLogInformation(IN HANDLE hEventLog,IN DWORD dwInfoLevel,OUT LPVOID lpBuffer,IN DWORD cbBufSize,OUT LPDWORD pcbBytesNeeded)501 GetEventLogInformation(IN HANDLE hEventLog,
502 IN DWORD dwInfoLevel,
503 OUT LPVOID lpBuffer,
504 IN DWORD cbBufSize,
505 OUT LPDWORD pcbBytesNeeded)
506 {
507 NTSTATUS Status;
508
509 if (dwInfoLevel != EVENTLOG_FULL_INFO)
510 {
511 SetLastError(ERROR_INVALID_LEVEL);
512 return FALSE;
513 }
514
515 RpcTryExcept
516 {
517 Status = ElfrGetLogInformation(hEventLog,
518 dwInfoLevel,
519 (LPBYTE)lpBuffer,
520 cbBufSize,
521 pcbBytesNeeded);
522 }
523 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
524 {
525 Status = I_RpcMapWin32Status(RpcExceptionCode());
526 }
527 RpcEndExcept;
528
529 if (!NT_SUCCESS(Status))
530 {
531 SetLastError(RtlNtStatusToDosError(Status));
532 return FALSE;
533 }
534
535 return TRUE;
536 }
537
538
539 /******************************************************************************
540 * GetNumberOfEventLogRecords [ADVAPI32.@]
541 *
542 * PARAMS
543 * hEventLog []
544 * NumberOfRecords []
545 */
546 NTSTATUS
547 NTAPI
ElfNumberOfRecords(IN HANDLE hEventLog,OUT PULONG NumberOfRecords)548 ElfNumberOfRecords(IN HANDLE hEventLog,
549 OUT PULONG NumberOfRecords)
550 {
551 NTSTATUS Status;
552
553 if (!NumberOfRecords)
554 return STATUS_INVALID_PARAMETER;
555
556 RpcTryExcept
557 {
558 Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
559 }
560 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
561 {
562 Status = I_RpcMapWin32Status(RpcExceptionCode());
563 }
564 RpcEndExcept;
565
566 return Status;
567 }
568
569 BOOL WINAPI
GetNumberOfEventLogRecords(IN HANDLE hEventLog,OUT PDWORD NumberOfRecords)570 GetNumberOfEventLogRecords(IN HANDLE hEventLog,
571 OUT PDWORD NumberOfRecords)
572 {
573 NTSTATUS Status;
574
575 TRACE("%p, %p\n", hEventLog, NumberOfRecords);
576
577 Status = ElfNumberOfRecords(hEventLog, NumberOfRecords);
578 if (!NT_SUCCESS(Status))
579 {
580 SetLastError(RtlNtStatusToDosError(Status));
581 return FALSE;
582 }
583
584 return TRUE;
585 }
586
587
588 /******************************************************************************
589 * GetOldestEventLogRecord [ADVAPI32.@]
590 *
591 * PARAMS
592 * hEventLog []
593 * OldestRecord []
594 */
595 NTSTATUS
596 NTAPI
ElfOldestRecord(IN HANDLE hEventLog,OUT PULONG OldestRecordNumber)597 ElfOldestRecord(IN HANDLE hEventLog,
598 OUT PULONG OldestRecordNumber)
599 {
600 NTSTATUS Status;
601
602 if (!OldestRecordNumber)
603 return STATUS_INVALID_PARAMETER;
604
605 RpcTryExcept
606 {
607 Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
608 }
609 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
610 {
611 Status = I_RpcMapWin32Status(RpcExceptionCode());
612 }
613 RpcEndExcept;
614
615 return Status;
616 }
617
618 BOOL WINAPI
GetOldestEventLogRecord(IN HANDLE hEventLog,OUT PDWORD OldestRecord)619 GetOldestEventLogRecord(IN HANDLE hEventLog,
620 OUT PDWORD OldestRecord)
621 {
622 NTSTATUS Status;
623
624 TRACE("%p, %p\n", hEventLog, OldestRecord);
625
626 Status = ElfOldestRecord(hEventLog, OldestRecord);
627 if (!NT_SUCCESS(Status))
628 {
629 SetLastError(RtlNtStatusToDosError(Status));
630 return FALSE;
631 }
632
633 return TRUE;
634 }
635
636
637 /******************************************************************************
638 * NotifyChangeEventLog [ADVAPI32.@]
639 *
640 * PARAMS
641 * hEventLog []
642 * hEvent []
643 */
644 NTSTATUS
645 NTAPI
ElfChangeNotify(IN HANDLE hEventLog,IN HANDLE hEvent)646 ElfChangeNotify(IN HANDLE hEventLog,
647 IN HANDLE hEvent)
648 {
649 NTSTATUS Status;
650 CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
651 RPC_CLIENT_ID RpcClientId;
652
653 RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
654 RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
655
656 RpcTryExcept
657 {
658 Status = ElfrChangeNotify(hEventLog, RpcClientId, HandleToUlong(hEvent));
659 }
660 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
661 {
662 Status = I_RpcMapWin32Status(RpcExceptionCode());
663 }
664 RpcEndExcept;
665
666 return Status;
667 }
668
669 BOOL WINAPI
NotifyChangeEventLog(IN HANDLE hEventLog,IN HANDLE hEvent)670 NotifyChangeEventLog(IN HANDLE hEventLog,
671 IN HANDLE hEvent)
672 {
673 NTSTATUS Status;
674
675 TRACE("%p, %p\n", hEventLog, hEvent);
676
677 Status = ElfChangeNotify(hEventLog, hEvent);
678 if (!NT_SUCCESS(Status))
679 {
680 SetLastError(RtlNtStatusToDosError(Status));
681 return FALSE;
682 }
683
684 return TRUE;
685 }
686
687
688 /******************************************************************************
689 * OpenBackupEventLogA [ADVAPI32.@]
690 */
691 NTSTATUS
692 NTAPI
ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,IN PANSI_STRING BackupFileNameA,OUT PHANDLE phEventLog)693 ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,
694 IN PANSI_STRING BackupFileNameA,
695 OUT PHANDLE phEventLog)
696 {
697 NTSTATUS Status;
698 PSTR pUNCServerName = NULL;
699
700 if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
701 return STATUS_INVALID_PARAMETER;
702
703 if (UNCServerNameA && (UNCServerNameA->Length != 0))
704 pUNCServerName = UNCServerNameA->Buffer;
705
706 *phEventLog = NULL;
707
708 RpcTryExcept
709 {
710 Status = ElfrOpenBELA(pUNCServerName,
711 (PRPC_STRING)BackupFileNameA,
712 1, 1,
713 (IELF_HANDLE*)phEventLog);
714 }
715 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
716 {
717 Status = I_RpcMapWin32Status(RpcExceptionCode());
718 }
719 RpcEndExcept;
720
721 return Status;
722 }
723
724 HANDLE WINAPI
OpenBackupEventLogA(IN LPCSTR lpUNCServerName,IN LPCSTR lpFileName)725 OpenBackupEventLogA(IN LPCSTR lpUNCServerName,
726 IN LPCSTR lpFileName)
727 {
728 NTSTATUS Status;
729 HANDLE LogHandle;
730 ANSI_STRING UNCServerNameA;
731 UNICODE_STRING UNCServerNameW;
732 ANSI_STRING FileNameA;
733 UNICODE_STRING FileNameW;
734
735 TRACE("%s, %s\n", lpUNCServerName, lpFileName);
736
737 /* Convert the server name to unicode */
738 if (lpUNCServerName == NULL)
739 {
740 RtlInitUnicodeString(&UNCServerNameW, NULL);
741 }
742 else
743 {
744 RtlInitAnsiString(&UNCServerNameA, lpUNCServerName);
745
746 Status = RtlAnsiStringToUnicodeString(&UNCServerNameW,
747 &UNCServerNameA,
748 TRUE);
749 if (!NT_SUCCESS(Status))
750 {
751 SetLastError(RtlNtStatusToDosError(Status));
752 return NULL;
753 }
754 }
755
756 /* Convert the file name to unicode */
757 if (lpFileName == NULL)
758 {
759 RtlInitUnicodeString(&FileNameW, NULL);
760 }
761 else
762 {
763 RtlInitAnsiString(&FileNameA, lpFileName);
764
765 Status = RtlAnsiStringToUnicodeString(&FileNameW,
766 &FileNameA,
767 TRUE);
768 if (!NT_SUCCESS(Status))
769 {
770 RtlFreeUnicodeString(&UNCServerNameW);
771 SetLastError(RtlNtStatusToDosError(Status));
772 return NULL;
773 }
774 }
775
776 /* Call the unicode function */
777 LogHandle = OpenBackupEventLogW(UNCServerNameW.Buffer,
778 FileNameW.Buffer);
779
780 /* Free the unicode strings */
781 RtlFreeUnicodeString(&UNCServerNameW);
782 RtlFreeUnicodeString(&FileNameW);
783
784 return LogHandle;
785 }
786
787
788 /******************************************************************************
789 * OpenBackupEventLogW [ADVAPI32.@]
790 *
791 * PARAMS
792 * lpUNCServerName []
793 * lpFileName []
794 */
795 NTSTATUS
796 NTAPI
ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,IN PUNICODE_STRING BackupFileNameU,OUT PHANDLE phEventLog)797 ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,
798 IN PUNICODE_STRING BackupFileNameU,
799 OUT PHANDLE phEventLog)
800 {
801 NTSTATUS Status;
802 PWSTR pUNCServerName = NULL;
803
804 if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
805 return STATUS_INVALID_PARAMETER;
806
807 if (UNCServerNameU && (UNCServerNameU->Length != 0))
808 pUNCServerName = UNCServerNameU->Buffer;
809
810 *phEventLog = NULL;
811
812 RpcTryExcept
813 {
814 Status = ElfrOpenBELW(pUNCServerName,
815 (PRPC_UNICODE_STRING)BackupFileNameU,
816 1,
817 1,
818 (IELF_HANDLE*)phEventLog);
819 }
820 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
821 {
822 Status = I_RpcMapWin32Status(RpcExceptionCode());
823 }
824 RpcEndExcept;
825
826 return Status;
827 }
828
829 HANDLE WINAPI
OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,IN LPCWSTR lpFileName)830 OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,
831 IN LPCWSTR lpFileName)
832 {
833 NTSTATUS Status;
834 HANDLE hEventLog;
835 UNICODE_STRING UNCServerName, FileName;
836
837 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpFileName));
838
839 if (lpFileName == NULL)
840 {
841 SetLastError(ERROR_INVALID_PARAMETER);
842 return NULL;
843 }
844
845 if (!RtlDosPathNameToNtPathName_U(lpFileName, &FileName,
846 NULL, NULL))
847 {
848 SetLastError(ERROR_INVALID_PARAMETER);
849 return NULL;
850 }
851
852 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
853
854 Status = ElfOpenBackupEventLogW(&UNCServerName, &FileName, &hEventLog);
855
856 if (FileName.Buffer != NULL)
857 RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
858
859 if (!NT_SUCCESS(Status))
860 {
861 SetLastError(RtlNtStatusToDosError(Status));
862 return NULL;
863 }
864
865 return hEventLog;
866 }
867
868
869 /******************************************************************************
870 * OpenEventLogA [ADVAPI32.@]
871 *
872 * Opens a handle to the specified event log.
873 *
874 * PARAMS
875 * lpUNCServerName [I] UNC name of the server on which the event log is
876 * opened.
877 * lpSourceName [I] Name of the log.
878 *
879 * RETURNS
880 * Success: Handle to an event log.
881 * Failure: NULL
882 */
883 NTSTATUS
884 NTAPI
ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,IN PANSI_STRING SourceNameA,OUT PHANDLE phEventLog)885 ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,
886 IN PANSI_STRING SourceNameA,
887 OUT PHANDLE phEventLog)
888 {
889 NTSTATUS Status;
890 PSTR pUNCServerName = NULL;
891
892 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
893 return STATUS_INVALID_PARAMETER;
894
895 if (UNCServerNameA && (UNCServerNameA->Length != 0))
896 pUNCServerName = UNCServerNameA->Buffer;
897
898 *phEventLog = NULL;
899
900 RpcTryExcept
901 {
902 Status = ElfrOpenELA(pUNCServerName,
903 (PRPC_STRING)SourceNameA,
904 &EmptyStringA,
905 1,
906 1,
907 (IELF_HANDLE*)phEventLog);
908 }
909 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
910 {
911 Status = I_RpcMapWin32Status(RpcExceptionCode());
912 }
913 RpcEndExcept;
914
915 return Status;
916 }
917
918 HANDLE WINAPI
OpenEventLogA(IN LPCSTR lpUNCServerName,IN LPCSTR lpSourceName)919 OpenEventLogA(IN LPCSTR lpUNCServerName,
920 IN LPCSTR lpSourceName)
921 {
922 NTSTATUS Status;
923 HANDLE hEventLog;
924 ANSI_STRING UNCServerName, SourceName;
925
926 TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
927
928 RtlInitAnsiString(&UNCServerName, lpUNCServerName);
929 RtlInitAnsiString(&SourceName, lpSourceName);
930
931 Status = ElfOpenEventLogA(&UNCServerName, &SourceName, &hEventLog);
932 if (!NT_SUCCESS(Status))
933 {
934 SetLastError(RtlNtStatusToDosError(Status));
935 return NULL;
936 }
937
938 return hEventLog;
939 }
940
941
942 /******************************************************************************
943 * OpenEventLogW [ADVAPI32.@]
944 *
945 * PARAMS
946 * lpUNCServerName []
947 * lpSourceName []
948 */
949 NTSTATUS
950 NTAPI
ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,IN PUNICODE_STRING SourceNameU,OUT PHANDLE phEventLog)951 ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,
952 IN PUNICODE_STRING SourceNameU,
953 OUT PHANDLE phEventLog)
954 {
955 NTSTATUS Status;
956 PWSTR pUNCServerName = NULL;
957
958 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
959 return STATUS_INVALID_PARAMETER;
960
961 if (UNCServerNameU && (UNCServerNameU->Length != 0))
962 pUNCServerName = UNCServerNameU->Buffer;
963
964 *phEventLog = NULL;
965
966 RpcTryExcept
967 {
968 Status = ElfrOpenELW(pUNCServerName,
969 (PRPC_UNICODE_STRING)SourceNameU,
970 &EmptyStringU,
971 1,
972 1,
973 (IELF_HANDLE*)phEventLog);
974 }
975 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
976 {
977 Status = I_RpcMapWin32Status(RpcExceptionCode());
978 }
979 RpcEndExcept;
980
981 return Status;
982 }
983
984 HANDLE WINAPI
OpenEventLogW(IN LPCWSTR lpUNCServerName,IN LPCWSTR lpSourceName)985 OpenEventLogW(IN LPCWSTR lpUNCServerName,
986 IN LPCWSTR lpSourceName)
987 {
988 NTSTATUS Status;
989 HANDLE hEventLog;
990 UNICODE_STRING UNCServerName, SourceName;
991
992 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
993
994 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
995 RtlInitUnicodeString(&SourceName, lpSourceName);
996
997 Status = ElfOpenEventLogW(&UNCServerName, &SourceName, &hEventLog);
998 if (!NT_SUCCESS(Status))
999 {
1000 SetLastError(RtlNtStatusToDosError(Status));
1001 return NULL;
1002 }
1003
1004 return hEventLog;
1005 }
1006
1007
1008 /******************************************************************************
1009 * ReadEventLogA [ADVAPI32.@]
1010 */
1011 NTSTATUS
1012 NTAPI
ElfReadEventLogA(IN HANDLE hEventLog,IN ULONG ReadFlags,IN ULONG RecordOffset,OUT LPVOID Buffer,IN ULONG NumberOfBytesToRead,OUT PULONG NumberOfBytesRead,OUT PULONG MinNumberOfBytesNeeded)1013 ElfReadEventLogA(IN HANDLE hEventLog,
1014 IN ULONG ReadFlags,
1015 IN ULONG RecordOffset,
1016 OUT LPVOID Buffer,
1017 IN ULONG NumberOfBytesToRead,
1018 OUT PULONG NumberOfBytesRead,
1019 OUT PULONG MinNumberOfBytesNeeded)
1020 {
1021 NTSTATUS Status;
1022 ULONG Flags;
1023
1024 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1025 {
1026 return STATUS_INVALID_PARAMETER;
1027 }
1028
1029 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1030 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1031 {
1032 return STATUS_INVALID_PARAMETER;
1033 }
1034
1035 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1036 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1037 {
1038 return STATUS_INVALID_PARAMETER;
1039 }
1040
1041 RpcTryExcept
1042 {
1043 Status = ElfrReadELA(hEventLog,
1044 ReadFlags,
1045 RecordOffset,
1046 NumberOfBytesToRead,
1047 Buffer,
1048 NumberOfBytesRead,
1049 MinNumberOfBytesNeeded);
1050 }
1051 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1052 {
1053 Status = I_RpcMapWin32Status(RpcExceptionCode());
1054 }
1055 RpcEndExcept;
1056
1057 return Status;
1058 }
1059
1060 BOOL WINAPI
ReadEventLogA(IN HANDLE hEventLog,IN DWORD dwReadFlags,IN DWORD dwRecordOffset,OUT LPVOID lpBuffer,IN DWORD nNumberOfBytesToRead,OUT DWORD * pnBytesRead,OUT DWORD * pnMinNumberOfBytesNeeded)1061 ReadEventLogA(IN HANDLE hEventLog,
1062 IN DWORD dwReadFlags,
1063 IN DWORD dwRecordOffset,
1064 OUT LPVOID lpBuffer,
1065 IN DWORD nNumberOfBytesToRead,
1066 OUT DWORD *pnBytesRead,
1067 OUT DWORD *pnMinNumberOfBytesNeeded)
1068 {
1069 NTSTATUS Status;
1070
1071 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1072 hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1073 nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1074
1075 Status = ElfReadEventLogA(hEventLog,
1076 dwReadFlags,
1077 dwRecordOffset,
1078 lpBuffer,
1079 nNumberOfBytesToRead,
1080 pnBytesRead,
1081 pnMinNumberOfBytesNeeded);
1082 if (!NT_SUCCESS(Status))
1083 {
1084 SetLastError(RtlNtStatusToDosError(Status));
1085 return FALSE;
1086 }
1087
1088 return TRUE;
1089 }
1090
1091
1092 /******************************************************************************
1093 * ReadEventLogW [ADVAPI32.@]
1094 *
1095 * PARAMS
1096 * hEventLog []
1097 * dwReadFlags []
1098 * dwRecordOffset []
1099 * lpBuffer []
1100 * nNumberOfBytesToRead []
1101 * pnBytesRead []
1102 * pnMinNumberOfBytesNeeded []
1103 */
1104 NTSTATUS
1105 NTAPI
ElfReadEventLogW(IN HANDLE hEventLog,IN ULONG ReadFlags,IN ULONG RecordOffset,OUT LPVOID Buffer,IN ULONG NumberOfBytesToRead,OUT PULONG NumberOfBytesRead,OUT PULONG MinNumberOfBytesNeeded)1106 ElfReadEventLogW(IN HANDLE hEventLog,
1107 IN ULONG ReadFlags,
1108 IN ULONG RecordOffset,
1109 OUT LPVOID Buffer,
1110 IN ULONG NumberOfBytesToRead,
1111 OUT PULONG NumberOfBytesRead,
1112 OUT PULONG MinNumberOfBytesNeeded)
1113 {
1114 NTSTATUS Status;
1115 ULONG Flags;
1116
1117 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1118 {
1119 return STATUS_INVALID_PARAMETER;
1120 }
1121
1122 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1123 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1124 {
1125 return STATUS_INVALID_PARAMETER;
1126 }
1127
1128 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1129 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1130 {
1131 return STATUS_INVALID_PARAMETER;
1132 }
1133
1134 RpcTryExcept
1135 {
1136 Status = ElfrReadELW(hEventLog,
1137 ReadFlags,
1138 RecordOffset,
1139 NumberOfBytesToRead,
1140 Buffer,
1141 NumberOfBytesRead,
1142 MinNumberOfBytesNeeded);
1143 }
1144 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1145 {
1146 Status = I_RpcMapWin32Status(RpcExceptionCode());
1147 }
1148 RpcEndExcept;
1149
1150 return Status;
1151 }
1152
1153 BOOL WINAPI
ReadEventLogW(IN HANDLE hEventLog,IN DWORD dwReadFlags,IN DWORD dwRecordOffset,OUT LPVOID lpBuffer,IN DWORD nNumberOfBytesToRead,OUT DWORD * pnBytesRead,OUT DWORD * pnMinNumberOfBytesNeeded)1154 ReadEventLogW(IN HANDLE hEventLog,
1155 IN DWORD dwReadFlags,
1156 IN DWORD dwRecordOffset,
1157 OUT LPVOID lpBuffer,
1158 IN DWORD nNumberOfBytesToRead,
1159 OUT DWORD *pnBytesRead,
1160 OUT DWORD *pnMinNumberOfBytesNeeded)
1161 {
1162 NTSTATUS Status;
1163
1164 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1165 hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1166 nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1167
1168 Status = ElfReadEventLogW(hEventLog,
1169 dwReadFlags,
1170 dwRecordOffset,
1171 lpBuffer,
1172 nNumberOfBytesToRead,
1173 pnBytesRead,
1174 pnMinNumberOfBytesNeeded);
1175 if (!NT_SUCCESS(Status))
1176 {
1177 SetLastError(RtlNtStatusToDosError(Status));
1178 return FALSE;
1179 }
1180
1181 return TRUE;
1182 }
1183
1184
1185 /******************************************************************************
1186 * RegisterEventSourceA [ADVAPI32.@]
1187 */
1188 NTSTATUS
1189 NTAPI
ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,IN PANSI_STRING SourceNameA,OUT PHANDLE phEventLog)1190 ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,
1191 IN PANSI_STRING SourceNameA,
1192 OUT PHANDLE phEventLog)
1193 {
1194 NTSTATUS Status;
1195 PSTR pUNCServerName = NULL;
1196
1197 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
1198 return STATUS_INVALID_PARAMETER;
1199
1200 if (UNCServerNameA && (UNCServerNameA->Length != 0))
1201 pUNCServerName = UNCServerNameA->Buffer;
1202
1203 *phEventLog = NULL;
1204
1205 RpcTryExcept
1206 {
1207 Status = ElfrRegisterEventSourceA(pUNCServerName,
1208 (PRPC_STRING)SourceNameA,
1209 &EmptyStringA,
1210 1,
1211 1,
1212 (IELF_HANDLE*)phEventLog);
1213 }
1214 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1215 {
1216 Status = I_RpcMapWin32Status(RpcExceptionCode());
1217 }
1218 RpcEndExcept;
1219
1220 return Status;
1221 }
1222
1223 HANDLE WINAPI
RegisterEventSourceA(IN LPCSTR lpUNCServerName,IN LPCSTR lpSourceName)1224 RegisterEventSourceA(IN LPCSTR lpUNCServerName,
1225 IN LPCSTR lpSourceName)
1226 {
1227 NTSTATUS Status;
1228 HANDLE hEventLog;
1229 ANSI_STRING UNCServerName, SourceName;
1230
1231 TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
1232
1233 RtlInitAnsiString(&UNCServerName, lpUNCServerName);
1234 RtlInitAnsiString(&SourceName, lpSourceName);
1235
1236 Status = ElfRegisterEventSourceA(&UNCServerName, &SourceName, &hEventLog);
1237 if (!NT_SUCCESS(Status))
1238 {
1239 SetLastError(RtlNtStatusToDosError(Status));
1240 return NULL;
1241 }
1242
1243 return hEventLog;
1244 }
1245
1246
1247 /******************************************************************************
1248 * RegisterEventSourceW [ADVAPI32.@]
1249 * Returns a registered handle to an event log
1250 *
1251 * PARAMS
1252 * lpUNCServerName [I] Server name for source
1253 * lpSourceName [I] Source name for registered handle
1254 *
1255 * RETURNS
1256 * Success: Handle
1257 * Failure: NULL
1258 */
1259 NTSTATUS
1260 NTAPI
ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,IN PUNICODE_STRING SourceNameU,OUT PHANDLE phEventLog)1261 ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,
1262 IN PUNICODE_STRING SourceNameU,
1263 OUT PHANDLE phEventLog)
1264 {
1265 NTSTATUS Status;
1266 PWSTR pUNCServerName = NULL;
1267
1268 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
1269 return STATUS_INVALID_PARAMETER;
1270
1271 if (UNCServerNameU && (UNCServerNameU->Length != 0))
1272 pUNCServerName = UNCServerNameU->Buffer;
1273
1274 *phEventLog = NULL;
1275
1276 RpcTryExcept
1277 {
1278 Status = ElfrRegisterEventSourceW(pUNCServerName,
1279 (PRPC_UNICODE_STRING)SourceNameU,
1280 &EmptyStringU,
1281 1,
1282 1,
1283 (IELF_HANDLE*)phEventLog);
1284 }
1285 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1286 {
1287 Status = I_RpcMapWin32Status(RpcExceptionCode());
1288 }
1289 RpcEndExcept;
1290
1291 return Status;
1292 }
1293
1294 HANDLE WINAPI
RegisterEventSourceW(IN LPCWSTR lpUNCServerName,IN LPCWSTR lpSourceName)1295 RegisterEventSourceW(IN LPCWSTR lpUNCServerName,
1296 IN LPCWSTR lpSourceName)
1297 {
1298 NTSTATUS Status;
1299 HANDLE hEventLog;
1300 UNICODE_STRING UNCServerName, SourceName;
1301
1302 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
1303
1304 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
1305 RtlInitUnicodeString(&SourceName, lpSourceName);
1306
1307 Status = ElfRegisterEventSourceW(&UNCServerName, &SourceName, &hEventLog);
1308 if (!NT_SUCCESS(Status))
1309 {
1310 SetLastError(RtlNtStatusToDosError(Status));
1311 return NULL;
1312 }
1313
1314 return hEventLog;
1315 }
1316
1317
1318 /******************************************************************************
1319 * ReportEventA [ADVAPI32.@]
1320 */
1321 NTSTATUS
1322 NTAPI
ElfReportEventA(IN HANDLE hEventLog,IN USHORT EventType,IN USHORT EventCategory,IN ULONG EventID,IN PSID UserSID,IN USHORT NumStrings,IN ULONG DataSize,IN PANSI_STRING * Strings,IN PVOID Data,IN USHORT Flags,IN OUT PULONG RecordNumber,IN OUT PULONG TimeWritten)1323 ElfReportEventA(IN HANDLE hEventLog,
1324 IN USHORT EventType,
1325 IN USHORT EventCategory,
1326 IN ULONG EventID,
1327 IN PSID UserSID,
1328 IN USHORT NumStrings,
1329 IN ULONG DataSize,
1330 IN PANSI_STRING* Strings,
1331 IN PVOID Data,
1332 IN USHORT Flags,
1333 IN OUT PULONG RecordNumber,
1334 IN OUT PULONG TimeWritten)
1335 {
1336 NTSTATUS Status;
1337 LARGE_INTEGER SystemTime;
1338 ULONG Time;
1339 ULONG dwSize;
1340 ANSI_STRING ComputerName;
1341 CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1342
1343 dwSize = ARRAYSIZE(szComputerName);
1344 GetComputerNameA(szComputerName, &dwSize);
1345 RtlInitAnsiString(&ComputerName, szComputerName);
1346
1347 NtQuerySystemTime(&SystemTime);
1348 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1349
1350 RpcTryExcept
1351 {
1352 Status = ElfrReportEventA(hEventLog,
1353 Time,
1354 EventType,
1355 EventCategory,
1356 EventID,
1357 NumStrings,
1358 DataSize,
1359 (PRPC_STRING)&ComputerName,
1360 (PRPC_SID)UserSID,
1361 (PRPC_STRING*)Strings,
1362 Data,
1363 Flags,
1364 RecordNumber,
1365 TimeWritten);
1366 }
1367 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1368 {
1369 Status = I_RpcMapWin32Status(RpcExceptionCode());
1370 }
1371 RpcEndExcept;
1372
1373 return Status;
1374 }
1375
1376 BOOL WINAPI
ReportEventA(IN HANDLE hEventLog,IN WORD wType,IN WORD wCategory,IN DWORD dwEventID,IN PSID lpUserSid,IN WORD wNumStrings,IN DWORD dwDataSize,IN LPCSTR * lpStrings,IN LPVOID lpRawData)1377 ReportEventA(IN HANDLE hEventLog,
1378 IN WORD wType,
1379 IN WORD wCategory,
1380 IN DWORD dwEventID,
1381 IN PSID lpUserSid,
1382 IN WORD wNumStrings,
1383 IN DWORD dwDataSize,
1384 IN LPCSTR *lpStrings,
1385 IN LPVOID lpRawData)
1386 {
1387 NTSTATUS Status;
1388 PANSI_STRING *Strings;
1389 WORD i;
1390
1391 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1392 hEventLog, wType, wCategory, dwEventID, lpUserSid,
1393 wNumStrings, dwDataSize, lpStrings, lpRawData);
1394
1395 Strings = HeapAlloc(GetProcessHeap(),
1396 HEAP_ZERO_MEMORY,
1397 wNumStrings * sizeof(PANSI_STRING));
1398 if (!Strings)
1399 {
1400 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1401 return FALSE;
1402 }
1403
1404 for (i = 0; i < wNumStrings; i++)
1405 {
1406 Strings[i] = HeapAlloc(GetProcessHeap(),
1407 HEAP_ZERO_MEMORY,
1408 sizeof(ANSI_STRING));
1409 if (Strings[i])
1410 {
1411 RtlInitAnsiString(Strings[i], lpStrings[i]);
1412 }
1413 }
1414
1415 Status = ElfReportEventA(hEventLog,
1416 wType,
1417 wCategory,
1418 dwEventID,
1419 lpUserSid,
1420 wNumStrings,
1421 dwDataSize,
1422 Strings,
1423 lpRawData,
1424 0,
1425 NULL,
1426 NULL);
1427
1428 for (i = 0; i < wNumStrings; i++)
1429 {
1430 if (Strings[i] != NULL)
1431 HeapFree(GetProcessHeap(), 0, Strings[i]);
1432 }
1433
1434 HeapFree(GetProcessHeap(), 0, Strings);
1435
1436 if (!NT_SUCCESS(Status))
1437 {
1438 SetLastError(RtlNtStatusToDosError(Status));
1439 return FALSE;
1440 }
1441
1442 return TRUE;
1443 }
1444
1445
1446 /******************************************************************************
1447 * ReportEventW [ADVAPI32.@]
1448 *
1449 * PARAMS
1450 * hEventLog []
1451 * wType []
1452 * wCategory []
1453 * dwEventID []
1454 * lpUserSid []
1455 * wNumStrings []
1456 * dwDataSize []
1457 * lpStrings []
1458 * lpRawData []
1459 */
1460 NTSTATUS
1461 NTAPI
ElfReportEventW(IN HANDLE hEventLog,IN USHORT EventType,IN USHORT EventCategory,IN ULONG EventID,IN PSID UserSID,IN USHORT NumStrings,IN ULONG DataSize,IN PUNICODE_STRING * Strings,IN PVOID Data,IN USHORT Flags,IN OUT PULONG RecordNumber,IN OUT PULONG TimeWritten)1462 ElfReportEventW(IN HANDLE hEventLog,
1463 IN USHORT EventType,
1464 IN USHORT EventCategory,
1465 IN ULONG EventID,
1466 IN PSID UserSID,
1467 IN USHORT NumStrings,
1468 IN ULONG DataSize,
1469 IN PUNICODE_STRING* Strings,
1470 IN PVOID Data,
1471 IN USHORT Flags,
1472 IN OUT PULONG RecordNumber,
1473 IN OUT PULONG TimeWritten)
1474 {
1475 NTSTATUS Status;
1476 LARGE_INTEGER SystemTime;
1477 ULONG Time;
1478 ULONG dwSize;
1479 UNICODE_STRING ComputerName;
1480 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1481
1482 dwSize = ARRAYSIZE(szComputerName);
1483 GetComputerNameW(szComputerName, &dwSize);
1484 RtlInitUnicodeString(&ComputerName, szComputerName);
1485
1486 NtQuerySystemTime(&SystemTime);
1487 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1488
1489 RpcTryExcept
1490 {
1491 Status = ElfrReportEventW(hEventLog,
1492 Time,
1493 EventType,
1494 EventCategory,
1495 EventID,
1496 NumStrings,
1497 DataSize,
1498 (PRPC_UNICODE_STRING)&ComputerName,
1499 (PRPC_SID)UserSID,
1500 (PRPC_UNICODE_STRING*)Strings,
1501 Data,
1502 Flags,
1503 RecordNumber,
1504 TimeWritten);
1505 }
1506 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1507 {
1508 Status = I_RpcMapWin32Status(RpcExceptionCode());
1509 }
1510 RpcEndExcept;
1511
1512 return Status;
1513 }
1514
1515 BOOL WINAPI
ReportEventW(IN HANDLE hEventLog,IN WORD wType,IN WORD wCategory,IN DWORD dwEventID,IN PSID lpUserSid,IN WORD wNumStrings,IN DWORD dwDataSize,IN LPCWSTR * lpStrings,IN LPVOID lpRawData)1516 ReportEventW(IN HANDLE hEventLog,
1517 IN WORD wType,
1518 IN WORD wCategory,
1519 IN DWORD dwEventID,
1520 IN PSID lpUserSid,
1521 IN WORD wNumStrings,
1522 IN DWORD dwDataSize,
1523 IN LPCWSTR *lpStrings,
1524 IN LPVOID lpRawData)
1525 {
1526 NTSTATUS Status;
1527 PUNICODE_STRING *Strings;
1528 WORD i;
1529
1530 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1531 hEventLog, wType, wCategory, dwEventID, lpUserSid,
1532 wNumStrings, dwDataSize, lpStrings, lpRawData);
1533
1534 Strings = HeapAlloc(GetProcessHeap(),
1535 HEAP_ZERO_MEMORY,
1536 wNumStrings * sizeof(PUNICODE_STRING));
1537 if (!Strings)
1538 {
1539 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1540 return FALSE;
1541 }
1542
1543 for (i = 0; i < wNumStrings; i++)
1544 {
1545 Strings[i] = HeapAlloc(GetProcessHeap(),
1546 HEAP_ZERO_MEMORY,
1547 sizeof(UNICODE_STRING));
1548 if (Strings[i])
1549 {
1550 RtlInitUnicodeString(Strings[i], lpStrings[i]);
1551 }
1552 }
1553
1554 Status = ElfReportEventW(hEventLog,
1555 wType,
1556 wCategory,
1557 dwEventID,
1558 lpUserSid,
1559 wNumStrings,
1560 dwDataSize,
1561 Strings,
1562 lpRawData,
1563 0,
1564 NULL,
1565 NULL);
1566
1567 for (i = 0; i < wNumStrings; i++)
1568 {
1569 if (Strings[i] != NULL)
1570 HeapFree(GetProcessHeap(), 0, Strings[i]);
1571 }
1572
1573 HeapFree(GetProcessHeap(), 0, Strings);
1574
1575 if (!NT_SUCCESS(Status))
1576 {
1577 SetLastError(RtlNtStatusToDosError(Status));
1578 return FALSE;
1579 }
1580
1581 return TRUE;
1582 }
1583
1584 NTSTATUS
1585 NTAPI
ElfReportEventAndSourceW(IN HANDLE hEventLog,IN ULONG Time,IN PUNICODE_STRING ComputerName,IN USHORT EventType,IN USHORT EventCategory,IN ULONG EventID,IN PSID UserSID,IN PUNICODE_STRING SourceName,IN USHORT NumStrings,IN ULONG DataSize,IN PUNICODE_STRING * Strings,IN PVOID Data,IN USHORT Flags,IN OUT PULONG RecordNumber,IN OUT PULONG TimeWritten)1586 ElfReportEventAndSourceW(IN HANDLE hEventLog,
1587 IN ULONG Time,
1588 IN PUNICODE_STRING ComputerName,
1589 IN USHORT EventType,
1590 IN USHORT EventCategory,
1591 IN ULONG EventID,
1592 IN PSID UserSID,
1593 IN PUNICODE_STRING SourceName,
1594 IN USHORT NumStrings,
1595 IN ULONG DataSize,
1596 IN PUNICODE_STRING* Strings,
1597 IN PVOID Data,
1598 IN USHORT Flags,
1599 IN OUT PULONG RecordNumber,
1600 IN OUT PULONG TimeWritten)
1601 {
1602 NTSTATUS Status;
1603
1604 RpcTryExcept
1605 {
1606 Status = ElfrReportEventAndSourceW(hEventLog,
1607 Time,
1608 EventType,
1609 EventCategory,
1610 EventID,
1611 (PRPC_UNICODE_STRING)SourceName,
1612 NumStrings,
1613 DataSize,
1614 (PRPC_UNICODE_STRING)ComputerName,
1615 (PRPC_SID)UserSID,
1616 (PRPC_UNICODE_STRING*)Strings,
1617 (PBYTE)Data,
1618 Flags,
1619 RecordNumber,
1620 TimeWritten);
1621 }
1622 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1623 {
1624 Status = I_RpcMapWin32Status(RpcExceptionCode());
1625 }
1626 RpcEndExcept;
1627
1628 return Status;
1629 }
1630
1631 NTSTATUS
1632 NTAPI
ElfFlushEventLog(IN HANDLE hEventLog)1633 ElfFlushEventLog(IN HANDLE hEventLog)
1634 {
1635 NTSTATUS Status;
1636
1637 RpcTryExcept
1638 {
1639 Status = ElfrFlushEL(hEventLog);
1640 }
1641 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1642 {
1643 Status = I_RpcMapWin32Status(RpcExceptionCode());
1644 }
1645 RpcEndExcept;
1646
1647 return Status;
1648 }
1649