[reactos.git] / reactos / base / services / eventlog / rpc.c

/*
 * PROJECT:         ReactOS EventLog Service
 * LICENSE:         GPL - See COPYING in the top level directory
 * FILE:            base/services/eventlog/rpc.c
 * PURPOSE:         RPC Port Interface support
 * COPYRIGHT:       Copyright 2005 Saveliy Tretiakov
 *                  Copyright 2008 Michael Martin
 *                  Copyright 2010-2011 Eric Kohl
 */

/* INCLUDES *****************************************************************/

#include "eventlog.h"

#define NDEBUG
#include <debug.h>

static LIST_ENTRY LogHandleListHead;

/* FUNCTIONS ****************************************************************/

DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
{
    RPC_STATUS Status;

    InitializeListHead(&LogHandleListHead);

    Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
    if (Status != RPC_S_OK)
    {
        DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
        return 0;
    }

    Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
    if (Status != RPC_S_OK)
    {
        DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
        return 0;
    }

    Status = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, FALSE);
    if (Status != RPC_S_OK)
    {
        DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
    }

    return 0;
}


static NTSTATUS
ElfCreateEventLogHandle(PLOGHANDLE* LogHandle,
                        PUNICODE_STRING LogName,
                        BOOLEAN Create)
{
    NTSTATUS Status = STATUS_SUCCESS;
    PLOGHANDLE pLogHandle;
    PLOGFILE currentLogFile = NULL;
    DWORD i, LogsActive;
    PEVENTSOURCE pEventSource;

    DPRINT("ElfCreateEventLogHandle(%wZ)\n", LogName);

    *LogHandle = NULL;

    i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
    pLogHandle = HeapAlloc(GetProcessHeap(),
                           HEAP_ZERO_MEMORY,
                           FIELD_OFFSET(LOGHANDLE, szName[i]));
    if (!pLogHandle)
    {
        DPRINT1("Failed to allocate Heap!\n");
        return STATUS_NO_MEMORY;
    }

    StringCchCopyW(pLogHandle->szName, i, LogName->Buffer);

    /* Get the number of Log Files the EventLog service found */
    // NOTE: We could just as well loop only once within the list of logs
    // and retrieve what the code below that calls LogfListItemByIndex, does!!
    LogsActive = LogfListItemCount();
    if (LogsActive == 0)
    {
        DPRINT1("EventLog service reports no log files!\n");
        Status = STATUS_UNSUCCESSFUL;
        goto Done;
    }

    /* If Creating, default to the Application Log in case we fail, as documented on MSDN */
    if (Create)
    {
        pEventSource = GetEventSourceByName(LogName->Buffer);
        DPRINT("EventSource: %p\n", pEventSource);
        if (pEventSource)
        {
            DPRINT("EventSource LogFile: %p\n", pEventSource->LogFile);
            pLogHandle->LogFile = pEventSource->LogFile;
        }
        else
        {
            DPRINT("EventSource LogFile: Application log file\n");
            pLogHandle->LogFile = LogfListItemByName(L"Application");
        }

        DPRINT("LogHandle LogFile: %p\n", pLogHandle->LogFile);
    }
    else
    {
        pLogHandle->LogFile = NULL;

        for (i = 1; i <= LogsActive; i++)
        {
            currentLogFile = LogfListItemByIndex(i);

            if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0)
            {
                pLogHandle->LogFile = currentLogFile;
                break;
            }
        }

        /* Use the application log if the desired log does not exist */
        if (pLogHandle->LogFile == NULL)
        {
            pLogHandle->LogFile = LogfListItemByName(L"Application");
            if (pLogHandle->LogFile == NULL)
            {
                DPRINT1("Application log is missing!\n");
                Status = STATUS_UNSUCCESSFUL;
                goto Done;
            }
        }

        /* Reset the current record */
        pLogHandle->CurrentRecord = 0;
    }

    if (!pLogHandle->LogFile)
        Status = STATUS_UNSUCCESSFUL;

Done:
    if (NT_SUCCESS(Status))
    {
        /* Append log handle */
        InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
        *LogHandle = pLogHandle;
    }
    else
    {
        HeapFree(GetProcessHeap(), 0, pLogHandle);
    }

    return Status;
}


static NTSTATUS
ElfCreateBackupLogHandle(PLOGHANDLE* LogHandle,
                         PUNICODE_STRING FileName)
{
    NTSTATUS Status = STATUS_SUCCESS;
    PLOGHANDLE pLogHandle;

    DPRINT("ElfCreateBackupLogHandle(%wZ)\n", FileName);

    *LogHandle = NULL;

    pLogHandle = HeapAlloc(GetProcessHeap(),
                           HEAP_ZERO_MEMORY,
                           sizeof(LOGHANDLE));
    if (pLogHandle == NULL)
    {
        DPRINT1("Failed to allocate Heap!\n");
        return STATUS_NO_MEMORY;
    }

    /* Create the log file */
    Status = LogfCreate(&pLogHandle->LogFile,
                        NULL,
                        FileName,
                        0,
                        0,
                        FALSE,
                        TRUE);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to create the log file! (Status 0x%08lx)\n", Status);
        goto Done;
    }

    /* Set the backup flag */
    pLogHandle->Flags |= LOG_HANDLE_BACKUP_FILE;

    /* Reset the current record */
    pLogHandle->CurrentRecord = 0;

Done:
    if (NT_SUCCESS(Status))
    {
        /* Append log handle */
        InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
        *LogHandle = pLogHandle;
    }
    else
    {
        HeapFree(GetProcessHeap(), 0, pLogHandle);
    }

    return Status;
}


static PLOGHANDLE
ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
{
    PLIST_ENTRY CurrentEntry;
    PLOGHANDLE pLogHandle;

    CurrentEntry = LogHandleListHead.Flink;
    while (CurrentEntry != &LogHandleListHead)
    {
        pLogHandle = CONTAINING_RECORD(CurrentEntry,
                                       LOGHANDLE,
                                       LogHandleListEntry);
        CurrentEntry = CurrentEntry->Flink;

        if (pLogHandle == EventLogHandle)
            return pLogHandle;
    }

    return NULL;
}


static NTSTATUS
ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
{
    PLOGHANDLE pLogHandle;

    pLogHandle = ElfGetLogHandleEntryByHandle(*LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    RemoveEntryList(&pLogHandle->LogHandleListEntry);
    LogfClose(pLogHandle->LogFile, FALSE);

    HeapFree(GetProcessHeap(), 0, pLogHandle);

    *LogHandle = NULL;

    return STATUS_SUCCESS;
}


/* Function 0 */
NTSTATUS
ElfrClearELFW(
    IELF_HANDLE LogHandle,
    PRPC_UNICODE_STRING BackupFileName)
{
    PLOGHANDLE pLogHandle;

    DPRINT("ElfrClearELFW()\n");

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    /* Fail, if the log file is a backup file */
    if (pLogHandle->Flags & LOG_HANDLE_BACKUP_FILE)
        return STATUS_INVALID_HANDLE;

    return LogfClearFile(pLogHandle->LogFile,
                         (PUNICODE_STRING)BackupFileName);
}


/* Function 1 */
NTSTATUS
ElfrBackupELFW(
    IELF_HANDLE LogHandle,
    PRPC_UNICODE_STRING BackupFileName)
{
    PLOGHANDLE pLogHandle;

    DPRINT("ElfrBackupELFW()\n");

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    return LogfBackupFile(pLogHandle->LogFile,
                          (PUNICODE_STRING)BackupFileName);
}


/* Function 2 */
NTSTATUS
ElfrCloseEL(
    PIELF_HANDLE LogHandle)
{
    return ElfDeleteEventLogHandle(LogHandle);
}


/* Function 3 */
NTSTATUS
ElfrDeregisterEventSource(
    PIELF_HANDLE LogHandle)
{
    return ElfDeleteEventLogHandle(LogHandle);
}


/* Function 4 */
NTSTATUS
ElfrNumberOfRecords(
    IELF_HANDLE LogHandle,
    PULONG NumberOfRecords)
{
    PLOGHANDLE pLogHandle;
    PLOGFILE pLogFile;

    DPRINT("ElfrNumberOfRecords()\n");

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    if (!NumberOfRecords)
        return STATUS_INVALID_PARAMETER;

    pLogFile = pLogHandle->LogFile;

    DPRINT("Oldest: %lu  Current: %lu\n",
           pLogFile->Header.OldestRecordNumber,
           pLogFile->Header.CurrentRecordNumber);

    if (pLogFile->Header.OldestRecordNumber == 0)
    {
        /* OldestRecordNumber == 0 when the log is empty */
        *NumberOfRecords = 0;
    }
    else
    {
        /* The log contains events */
        *NumberOfRecords = pLogFile->Header.CurrentRecordNumber -
                           pLogFile->Header.OldestRecordNumber;
    }

    return STATUS_SUCCESS;
}


/* Function 5 */
NTSTATUS
ElfrOldestRecord(
    IELF_HANDLE LogHandle,
    PULONG OldestRecordNumber)
{
    PLOGHANDLE pLogHandle;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    if (!OldestRecordNumber)
        return STATUS_INVALID_PARAMETER;

    *OldestRecordNumber = pLogHandle->LogFile->Header.OldestRecordNumber;

    return STATUS_SUCCESS;
}


/* Function 6 */
NTSTATUS
ElfrChangeNotify(
    IELF_HANDLE LogHandle,
    RPC_CLIENT_ID ClientId,
    ULONG Event)
{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}


/* Function 7 */
NTSTATUS
ElfrOpenELW(
    EVENTLOG_HANDLE_W UNCServerName,
    PRPC_UNICODE_STRING ModuleName,
    PRPC_UNICODE_STRING RegModuleName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    if ((MajorVersion != 1) || (MinorVersion != 1))
        return STATUS_INVALID_PARAMETER;

    /* RegModuleName must be an empty string */
    if (RegModuleName->Length > 0)
        return STATUS_INVALID_PARAMETER;

    /* FIXME: UNCServerName must specify the server */

    /* FIXME: Must verify that caller has read access */

    return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
                                   (PUNICODE_STRING)ModuleName,
                                   FALSE);
}


/* Function 8 */
NTSTATUS
ElfrRegisterEventSourceW(
    EVENTLOG_HANDLE_W UNCServerName,
    PRPC_UNICODE_STRING ModuleName,
    PRPC_UNICODE_STRING RegModuleName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    DPRINT("ElfrRegisterEventSourceW()\n");

    if ((MajorVersion != 1) || (MinorVersion != 1))
        return STATUS_INVALID_PARAMETER;

    /* RegModuleName must be an empty string */
    if (RegModuleName->Length > 0)
        return STATUS_INVALID_PARAMETER;

    DPRINT("ModuleName: %wZ\n", ModuleName);

    /* FIXME: UNCServerName must specify the server or empty for local */

    /* FIXME: Must verify that caller has write access */

    return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
                                   (PUNICODE_STRING)ModuleName,
                                   TRUE);
}


/* Function 9 */
NTSTATUS
ElfrOpenBELW(
    EVENTLOG_HANDLE_W UNCServerName,
    PRPC_UNICODE_STRING BackupFileName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);

    if ((MajorVersion != 1) || (MinorVersion != 1))
        return STATUS_INVALID_PARAMETER;

    /* FIXME: UNCServerName must specify the server */

    /* FIXME: Must verify that caller has read access */

    return ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
                                    (PUNICODE_STRING)BackupFileName);
}


/* Function 10 */
NTSTATUS
ElfrReadELW(
    IELF_HANDLE LogHandle,
    ULONG ReadFlags,
    ULONG RecordOffset,
    RULONG NumberOfBytesToRead,
    PBYTE Buffer,
    PULONG NumberOfBytesRead,
    PULONG MinNumberOfBytesNeeded)
{
    NTSTATUS Status;
    PLOGHANDLE pLogHandle;
    ULONG RecordNumber;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    if (!Buffer)
        return STATUS_INVALID_PARAMETER;

    /* If sequential read, retrieve the CurrentRecord from this log handle */
    if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
    {
        RecordNumber = pLogHandle->CurrentRecord;
    }
    else // (ReadFlags & EVENTLOG_SEEK_READ)
    {
        RecordNumber = RecordOffset;
    }

    Status = LogfReadEvents(pLogHandle->LogFile,
                            ReadFlags,
                            &RecordNumber,
                            NumberOfBytesToRead,
                            Buffer,
                            NumberOfBytesRead,
                            MinNumberOfBytesNeeded,
                            FALSE);

    /* Update the handle's CurrentRecord if success */
    if (NT_SUCCESS(Status))
    {
        pLogHandle->CurrentRecord = RecordNumber;
    }

    return Status;
}


/* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
NTSTATUS
ElfrIntReportEventW(
    IELF_HANDLE LogHandle,
    ULONG Time,
    USHORT EventType,
    USHORT EventCategory,
    ULONG EventID,
    PRPC_UNICODE_STRING SourceName OPTIONAL,
    USHORT NumStrings,
    ULONG DataSize,
    PRPC_UNICODE_STRING ComputerName,
    PRPC_SID UserSID,
    PRPC_UNICODE_STRING Strings[],
    PBYTE Data,
    USHORT Flags,
    PULONG RecordNumber,
    PULONG TimeWritten)
{
    NTSTATUS Status;
    PLOGHANDLE pLogHandle;
    PEVENTLOGRECORD LogBuffer;
    USHORT i;
    SIZE_T RecSize;
    ULONG dwStringsSize = 0;
    ULONG dwUserSidLength = 0;
    PWSTR lpStrings, str;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    /* Flags must be 0 */
    if (Flags)
        return STATUS_INVALID_PARAMETER;

    for (i = 0; i < NumStrings; i++)
    {
        switch (EventType)
        {
            case EVENTLOG_SUCCESS:
                DPRINT("Success: %wZ\n", Strings[i]);
                break;

            case EVENTLOG_ERROR_TYPE:
                DPRINT("Error: %wZ\n", Strings[i]);
                break;

            case EVENTLOG_WARNING_TYPE:
                DPRINT("Warning: %wZ\n", Strings[i]);
                break;

            case EVENTLOG_INFORMATION_TYPE:
                DPRINT("Info: %wZ\n", Strings[i]);
                break;

            case EVENTLOG_AUDIT_SUCCESS:
                DPRINT("Audit Success: %wZ\n", Strings[i]);
                break;

            case EVENTLOG_AUDIT_FAILURE:
                DPRINT("Audit Failure: %wZ\n", Strings[i]);
                break;

            default:
                DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
                break;
        }
        dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
    }

    lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
    if (!lpStrings)
    {
        DPRINT1("Failed to allocate heap\n");
        return STATUS_NO_MEMORY;
    }

    str = lpStrings;
    for (i = 0; i < NumStrings; i++)
    {
        RtlCopyMemory(str, Strings[i]->Buffer, Strings[i]->Length);
        str += Strings[i]->Length / sizeof(WCHAR);
        *str = UNICODE_NULL;
        str++;
    }

    if (UserSID)
        dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);

    LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
                                           Time,
                                           EventType,
                                           EventCategory,
                                           EventID,
                                           (SourceName && SourceName->Buffer)
                                                ? SourceName->Buffer
                                                : pLogHandle->szName,
                                           ComputerName->Buffer,
                                           dwUserSidLength,
                                           UserSID,
                                           NumStrings,
                                           lpStrings,
                                           DataSize,
                                           Data);

    Status = LogfWriteRecord(pLogHandle->LogFile, RecSize, LogBuffer);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
                pLogHandle->LogFile->LogName, Status);
    }

    if (NT_SUCCESS(Status))
    {
        /* Retrieve the two fields that were set by LogfWriteRecord into the record */
        if (RecordNumber)
            *RecordNumber = LogBuffer->RecordNumber;
        if (TimeWritten)
            *TimeWritten = LogBuffer->TimeWritten;
    }

    LogfFreeRecord(LogBuffer);

    HeapFree(GetProcessHeap(), 0, lpStrings);

    return Status;
}


/* Function 11 */
NTSTATUS
ElfrReportEventW(
    IELF_HANDLE LogHandle,
    ULONG Time,
    USHORT EventType,
    USHORT EventCategory,
    ULONG EventID,
    USHORT NumStrings,
    ULONG DataSize,
    PRPC_UNICODE_STRING ComputerName,
    PRPC_SID UserSID,
    PRPC_UNICODE_STRING Strings[],
    PBYTE Data,
    USHORT Flags,
    PULONG RecordNumber,
    PULONG TimeWritten)
{
    /* Call the helper function. The event source is provided via the log handle. */
    return ElfrIntReportEventW(LogHandle,
                               Time,
                               EventType,
                               EventCategory,
                               EventID,
                               NULL,
                               NumStrings,
                               DataSize,
                               ComputerName,
                               UserSID,
                               Strings,
                               Data,
                               Flags,
                               RecordNumber,
                               TimeWritten);
}


/* Function 12 */
NTSTATUS
ElfrClearELFA(
    IELF_HANDLE LogHandle,
    PRPC_STRING BackupFileName)
{
    NTSTATUS Status;
    UNICODE_STRING BackupFileNameW;

    Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
                                          (PANSI_STRING)BackupFileName,
                                          TRUE);
    if (!NT_SUCCESS(Status))
        return Status;

    Status = ElfrClearELFW(LogHandle,
                           (PRPC_UNICODE_STRING)&BackupFileNameW);

    RtlFreeUnicodeString(&BackupFileNameW);

    return Status;
}


/* Function 13 */
NTSTATUS
ElfrBackupELFA(
    IELF_HANDLE LogHandle,
    PRPC_STRING BackupFileName)
{
    NTSTATUS Status;
    UNICODE_STRING BackupFileNameW;

    Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
                                          (PANSI_STRING)BackupFileName,
                                          TRUE);
    if (!NT_SUCCESS(Status))
        return Status;

    Status = ElfrBackupELFW(LogHandle,
                            (PRPC_UNICODE_STRING)&BackupFileNameW);

    RtlFreeUnicodeString(&BackupFileNameW);

    return Status;
}


/* Function 14 */
NTSTATUS
ElfrOpenELA(
    EVENTLOG_HANDLE_A UNCServerName,
    PRPC_STRING ModuleName,
    PRPC_STRING RegModuleName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    NTSTATUS Status;
    UNICODE_STRING ModuleNameW;

    if ((MajorVersion != 1) || (MinorVersion != 1))
        return STATUS_INVALID_PARAMETER;

    /* RegModuleName must be an empty string */
    if (RegModuleName->Length > 0)
        return STATUS_INVALID_PARAMETER;

    Status = RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
    if (!NT_SUCCESS(Status))
        return Status;

    /* FIXME: Must verify that caller has read access */

    Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
                                     &ModuleNameW,
                                     FALSE);

    RtlFreeUnicodeString(&ModuleNameW);

    return Status;
}


/* Function 15 */
NTSTATUS
ElfrRegisterEventSourceA(
    EVENTLOG_HANDLE_A UNCServerName,
    PRPC_STRING ModuleName,
    PRPC_STRING RegModuleName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    NTSTATUS Status;
    UNICODE_STRING ModuleNameW;

    Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
                                          (PANSI_STRING)ModuleName,
                                          TRUE);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
        return Status;
    }

    /* RegModuleName must be an empty string */
    if (RegModuleName->Length > 0)
    {
        RtlFreeUnicodeString(&ModuleNameW);
        return STATUS_INVALID_PARAMETER;
    }

    if ((MajorVersion != 1) || (MinorVersion != 1))
    {
        RtlFreeUnicodeString(&ModuleNameW);
        return STATUS_INVALID_PARAMETER;
    }

    /* FIXME: Must verify that caller has write access */

    Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
                                     &ModuleNameW,
                                     TRUE);

    RtlFreeUnicodeString(&ModuleNameW);

    return Status;
}


/* Function 16 */
NTSTATUS
ElfrOpenBELA(
    EVENTLOG_HANDLE_A UNCServerName,
    PRPC_STRING BackupFileName,
    ULONG MajorVersion,
    ULONG MinorVersion,
    PIELF_HANDLE LogHandle)
{
    NTSTATUS Status;
    UNICODE_STRING BackupFileNameW;

    DPRINT("ElfrOpenBELA(%Z)\n", BackupFileName);

    Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
                                          (PANSI_STRING)BackupFileName,
                                          TRUE);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
        return Status;
    }

    if ((MajorVersion != 1) || (MinorVersion != 1))
    {
        RtlFreeUnicodeString(&BackupFileNameW);
        return STATUS_INVALID_PARAMETER;
    }

    /* FIXME: UNCServerName must specify the server */

    /* FIXME: Must verify that caller has read access */

    Status = ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
                                      &BackupFileNameW);

    RtlFreeUnicodeString(&BackupFileNameW);

    return Status;
}


/* Function 17 */
NTSTATUS
ElfrReadELA(
    IELF_HANDLE LogHandle,
    ULONG ReadFlags,
    ULONG RecordOffset,
    RULONG NumberOfBytesToRead,
    PBYTE Buffer,
    PULONG NumberOfBytesRead,
    PULONG MinNumberOfBytesNeeded)
{
    NTSTATUS Status;
    PLOGHANDLE pLogHandle;
    ULONG RecordNumber;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    if (!Buffer)
        return STATUS_INVALID_PARAMETER;

    /* If sequential read, retrieve the CurrentRecord from this log handle */
    if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
    {
        RecordNumber = pLogHandle->CurrentRecord;
    }
    else // (ReadFlags & EVENTLOG_SEEK_READ)
    {
        RecordNumber = RecordOffset;
    }

    Status = LogfReadEvents(pLogHandle->LogFile,
                            ReadFlags,
                            &RecordNumber,
                            NumberOfBytesToRead,
                            Buffer,
                            NumberOfBytesRead,
                            MinNumberOfBytesNeeded,
                            TRUE);

    /* Update the handle's CurrentRecord if success */
    if (NT_SUCCESS(Status))
    {
        pLogHandle->CurrentRecord = RecordNumber;
    }

    return Status;
}


/* Function 18 */
NTSTATUS
ElfrReportEventA(
    IELF_HANDLE LogHandle,
    ULONG Time,
    USHORT EventType,
    USHORT EventCategory,
    ULONG EventID,
    USHORT NumStrings,
    ULONG DataSize,
    PRPC_STRING ComputerName,
    PRPC_SID UserSID,
    PRPC_STRING Strings[],
    PBYTE Data,
    USHORT Flags,
    PULONG RecordNumber,
    PULONG TimeWritten)
{
    NTSTATUS Status = STATUS_SUCCESS;
    UNICODE_STRING ComputerNameW;
    PUNICODE_STRING *StringsArrayW = NULL;
    USHORT i;

    DPRINT("ElfrReportEventA(%hu)\n", NumStrings);

#if 0
    for (i = 0; i < NumStrings; i++)
    {
        if (Strings[i] == NULL)
        {
            DPRINT1("String %hu is null\n", i);
        }
        else
        {
            DPRINT1("String %hu: %Z\n", i, Strings[i]);
        }
    }
#endif

    Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
                                          (PANSI_STRING)ComputerName,
                                          TRUE);
    if (!NT_SUCCESS(Status))
        return Status;

    if (NumStrings != 0)
    {
        StringsArrayW = HeapAlloc(GetProcessHeap(),
                                  HEAP_ZERO_MEMORY,
                                  NumStrings * sizeof(PUNICODE_STRING));
        if (StringsArrayW == NULL)
        {
            Status = STATUS_NO_MEMORY;
            goto Done;
        }

        for (i = 0; i < NumStrings; i++)
        {
            if (Strings[i] != NULL)
            {
                StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
                                             HEAP_ZERO_MEMORY,
                                             sizeof(UNICODE_STRING));
                if (StringsArrayW[i] == NULL)
                {
                    Status = STATUS_NO_MEMORY;
                    break;
                }

                Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
                                                      (PANSI_STRING)Strings[i],
                                                      TRUE);
            }

            if (!NT_SUCCESS(Status))
                break;
        }
    }

    if (NT_SUCCESS(Status))
    {
        Status = ElfrReportEventW(LogHandle,
                                  Time,
                                  EventType,
                                  EventCategory,
                                  EventID,
                                  NumStrings,
                                  DataSize,
                                  (PRPC_UNICODE_STRING)&ComputerNameW,
                                  UserSID,
                                  (PRPC_UNICODE_STRING*)StringsArrayW,
                                  Data,
                                  Flags,
                                  RecordNumber,
                                  TimeWritten);
    }

Done:
    if (StringsArrayW != NULL)
    {
        for (i = 0; i < NumStrings; i++)
        {
            if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer))
            {
                RtlFreeUnicodeString(StringsArrayW[i]);
                HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
            }
        }

        HeapFree(GetProcessHeap(), 0, StringsArrayW);
    }

    RtlFreeUnicodeString(&ComputerNameW);

    return Status;
}


/* Function 19 */
NTSTATUS
ElfrRegisterClusterSvc(
    handle_t BindingHandle)
{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}


/* Function 20 */
NTSTATUS
ElfrDeregisterClusterSvc(
    handle_t BindingHandle)
{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}


/* Function 21 */
NTSTATUS
ElfrWriteClusterEvents(
    handle_t BindingHandle)
{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}


/* Function 22 */
NTSTATUS
ElfrGetLogInformation(
    IELF_HANDLE LogHandle,
    ULONG InfoLevel,
    PBYTE Buffer,
    ULONG cbBufSize,
    PULONG pcbBytesNeeded)
{
    NTSTATUS Status = STATUS_SUCCESS;
    PLOGHANDLE pLogHandle;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    switch (InfoLevel)
    {
        case EVENTLOG_FULL_INFO:
        {
            LPEVENTLOG_FULL_INFORMATION efi = (LPEVENTLOG_FULL_INFORMATION)Buffer;

            *pcbBytesNeeded = sizeof(EVENTLOG_FULL_INFORMATION);
            if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION))
            {
                Status = STATUS_BUFFER_TOO_SMALL;
                break;
            }

            /*
             * FIXME. To check whether an event log is "full" one needs
             * to compare its current size with respect to the maximum
             * size threshold "MaxSize" contained in its header.
             */
            efi->dwFull = 0;
            break;
        }

        default:
            Status = STATUS_INVALID_LEVEL;
            break;
    }

    return Status;
}


/* Function 23 */
NTSTATUS
ElfrFlushEL(
    IELF_HANDLE LogHandle)
{
    PLOGHANDLE pLogHandle;

    pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
    if (!pLogHandle)
        return STATUS_INVALID_HANDLE;

    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}


/* Function 24 */
NTSTATUS
ElfrReportEventAndSourceW(
    IELF_HANDLE LogHandle,
    ULONG Time,
    USHORT EventType,
    USHORT EventCategory,
    ULONG EventID,
    PRPC_UNICODE_STRING SourceName,
    USHORT NumStrings,
    ULONG DataSize,
    PRPC_UNICODE_STRING ComputerName,
    PRPC_SID UserSID,
    PRPC_UNICODE_STRING Strings[],
    PBYTE Data,
    USHORT Flags,
    PULONG RecordNumber,
    PULONG TimeWritten)
{
    /* Call the helper function. The event source is specified by the caller. */
    return ElfrIntReportEventW(LogHandle,
                               Time,
                               EventType,
                               EventCategory,
                               EventID,
                               SourceName,
                               NumStrings,
                               DataSize,
                               ComputerName,
                               UserSID,
                               Strings,
                               Data,
                               Flags,
                               RecordNumber,
                               TimeWritten);
}


void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
{
    return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
}


void __RPC_USER midl_user_free(void __RPC_FAR * ptr)
{
    HeapFree(GetProcessHeap(), 0, ptr);
}


void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
{
    /* Close the handle */
    ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle);
}