projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[ADVAPI32_WINETEST]
[reactos.git] / rostests / winetests / advapi32 / eventlog.c
1 /*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22
23 #include "windef.h"
24 #include "winbase.h"
25 #include "winerror.h"
26 #include "winnt.h"
27 #include "winreg.h"
28 #include "sddl.h"
29
30 #include "wine/test.h"
31
32 static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
33 static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
34
35 static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
36 static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
37 static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
38
39 static void init_function_pointers(void)
40 {
41 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
42 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
43
44 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
45 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
46
47 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
48 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
49 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
50 }
51
52 static BOOL create_backup(const char *filename)
53 {
54 HANDLE handle;
55 DWORD rc, attribs;
56
57 DeleteFileA(filename);
58 handle = OpenEventLogA(NULL, "Application");
59 rc = BackupEventLogA(handle, filename);
60 if (!rc && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
61 {
62 skip("insufficient privileges to backup the eventlog\n");
63 CloseEventLog(handle);
64 return FALSE;
65 }
66 ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError());
67 CloseEventLog(handle);
68
69 attribs = GetFileAttributesA(filename);
70 todo_wine
71 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError());
72 return TRUE;
73 }
74
75 static void test_open_close(void)
76 {
77 HANDLE handle;
78 BOOL ret;
79
80 SetLastError(0xdeadbeef);
81 ret = CloseEventLog(NULL);
82 ok(!ret, "Expected failure\n");
83 ok(GetLastError() == ERROR_INVALID_HANDLE ||
84 GetLastError() == ERROR_NOACCESS, /* W2K */
85 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
86
87 SetLastError(0xdeadbeef);
88 handle = OpenEventLogA(NULL, NULL);
89 ok(handle == NULL, "Didn't expect a handle\n");
90 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
91
92 SetLastError(0xdeadbeef);
93 handle = OpenEventLogA("IDontExist", NULL);
94 ok(handle == NULL, "Didn't expect a handle\n");
95 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
96
97 SetLastError(0xdeadbeef);
98 handle = OpenEventLogA("IDontExist", "deadbeef");
99 ok(handle == NULL, "Didn't expect a handle\n");
100 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
101 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
102 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
103
104 /* This one opens the Application log */
105 handle = OpenEventLogA(NULL, "deadbeef");
106 ok(handle != NULL, "Expected a handle\n");
107 ret = CloseEventLog(handle);
108 ok(ret, "Expected success\n");
109 /* Close a second time */
110 SetLastError(0xdeadbeef);
111 ret = CloseEventLog(handle);
112 todo_wine
113 {
114 ok(!ret, "Expected failure\n");
115 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
116 }
117
118 /* Empty servername should be read as local server */
119 handle = OpenEventLogA("", "Application");
120 ok(handle != NULL, "Expected a handle\n");
121 CloseEventLog(handle);
122
123 handle = OpenEventLogA(NULL, "Application");
124 ok(handle != NULL, "Expected a handle\n");
125 CloseEventLog(handle);
126 }
127
128 static void test_info(void)
129 {
130 HANDLE handle;
131 BOOL ret;
132 DWORD needed;
133 BYTE buffer[2 * sizeof(EVENTLOG_FULL_INFORMATION)];
134 EVENTLOG_FULL_INFORMATION *efi = (void *)buffer;
135
136 if (!pGetEventLogInformation)
137 {
138 /* NT4 */
139 win_skip("GetEventLogInformation is not available\n");
140 return;
141 }
142 SetLastError(0xdeadbeef);
143 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
144 ok(!ret, "Expected failure\n");
145 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
146
147 SetLastError(0xdeadbeef);
148 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
149 ok(!ret, "Expected failure\n");
150 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
151
152 handle = OpenEventLogA(NULL, "Application");
153
154 SetLastError(0xdeadbeef);
155 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
156 ok(!ret, "Expected failure\n");
157 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
158
159 SetLastError(0xdeadbeef);
160 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
161 ok(!ret, "Expected failure\n");
162 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
163
164 SetLastError(0xdeadbeef);
165 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL);
166 ok(!ret, "Expected failure\n");
167 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
168
169 SetLastError(0xdeadbeef);
170 needed = 0xdeadbeef;
171 efi->dwFull = 0xdeadbeef;
172 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed);
173 ok(!ret, "Expected failure\n");
174 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
175 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
176 ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
177
178 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
179 efi->dwFull = 0xdeadbeef;
180 needed = sizeof(buffer);
181 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed);
182 ok(ret, "Expected success\n");
183 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
184 ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi->dwFull);
185
186 CloseEventLog(handle);
187 }
188
189 static void test_count(void)
190 {
191 HANDLE handle;
192 BOOL ret;
193 DWORD count;
194 const char backup[] = "backup.evt";
195
196 SetLastError(0xdeadbeef);
197 ret = GetNumberOfEventLogRecords(NULL, NULL);
198 ok(!ret, "Expected failure\n");
199 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
200
201 SetLastError(0xdeadbeef);
202 count = 0xdeadbeef;
203 ret = GetNumberOfEventLogRecords(NULL, &count);
204 ok(!ret, "Expected failure\n");
205 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
206 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
207
208 handle = OpenEventLogA(NULL, "Application");
209
210 SetLastError(0xdeadbeef);
211 ret = GetNumberOfEventLogRecords(handle, NULL);
212 ok(!ret, "Expected failure\n");
213 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
214
215 count = 0xdeadbeef;
216 ret = GetNumberOfEventLogRecords(handle, &count);
217 ok(ret, "Expected success\n");
218 ok(count != 0xdeadbeef, "Expected the number of records\n");
219
220 CloseEventLog(handle);
221
222 /* Make a backup eventlog to work with */
223 if (create_backup(backup))
224 {
225 handle = OpenBackupEventLogA(NULL, backup);
226 todo_wine
227 ok(handle != NULL, "Expected a handle, le=%d\n", GetLastError());
228
229 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
230 count = 0xdeadbeef;
231 ret = GetNumberOfEventLogRecords(handle, &count);
232 todo_wine
233 {
234 ok(ret, "Expected success\n");
235 ok(count != 0xdeadbeef, "Expected the number of records\n");
236 }
237
238 CloseEventLog(handle);
239 DeleteFileA(backup);
240 }
241 }
242
243 static void test_oldest(void)
244 {
245 HANDLE handle;
246 BOOL ret;
247 DWORD oldest;
248 const char backup[] = "backup.evt";
249
250 SetLastError(0xdeadbeef);
251 ret = GetOldestEventLogRecord(NULL, NULL);
252 ok(!ret, "Expected failure\n");
253 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
254
255 SetLastError(0xdeadbeef);
256 oldest = 0xdeadbeef;
257 ret = GetOldestEventLogRecord(NULL, &oldest);
258 ok(!ret, "Expected failure\n");
259 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
260 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
261
262 handle = OpenEventLogA(NULL, "Application");
263
264 SetLastError(0xdeadbeef);
265 ret = GetOldestEventLogRecord(handle, NULL);
266 ok(!ret, "Expected failure\n");
267 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
268
269 oldest = 0xdeadbeef;
270 ret = GetOldestEventLogRecord(handle, &oldest);
271 ok(ret, "Expected success\n");
272 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
273
274 CloseEventLog(handle);
275
276 /* Make a backup eventlog to work with */
277 if (create_backup(backup))
278 {
279 handle = OpenBackupEventLogA(NULL, backup);
280 todo_wine
281 ok(handle != NULL, "Expected a handle\n");
282
283 /* Does GetOldestEventLogRecord work with backup eventlogs? */
284 oldest = 0xdeadbeef;
285 ret = GetOldestEventLogRecord(handle, &oldest);
286 todo_wine
287 {
288 ok(ret, "Expected success\n");
289 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
290 }
291
292 CloseEventLog(handle);
293 DeleteFileA(backup);
294 }
295 }
296
297 static void test_backup(void)
298 {
299 HANDLE handle;
300 BOOL ret;
301 const char backup[] = "backup.evt";
302 const char backup2[] = "backup2.evt";
303
304 SetLastError(0xdeadbeef);
305 ret = BackupEventLogA(NULL, NULL);
306 ok(!ret, "Expected failure\n");
307 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
308
309 SetLastError(0xdeadbeef);
310 ret = BackupEventLogA(NULL, backup);
311 ok(!ret, "Expected failure\n");
312 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
313
314 handle = OpenEventLogA(NULL, "Application");
315
316 SetLastError(0xdeadbeef);
317 ret = BackupEventLogA(handle, NULL);
318 ok(!ret, "Expected failure\n");
319 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
320
321 ret = BackupEventLogA(handle, backup);
322 if (!ret && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
323 {
324 skip("insufficient privileges for backup tests\n");
325 CloseEventLog(handle);
326 return;
327 }
328 ok(ret, "Expected success\n");
329 todo_wine
330 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
331
332 /* Try to overwrite */
333 SetLastError(0xdeadbeef);
334 ret = BackupEventLogA(handle, backup);
335 todo_wine
336 {
337 ok(!ret, "Expected failure\n");
338 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
339 }
340
341 CloseEventLog(handle);
342
343 /* Can we make a backup of a backup? */
344 handle = OpenBackupEventLogA(NULL, backup);
345 todo_wine
346 ok(handle != NULL, "Expected a handle\n");
347
348 ret = BackupEventLogA(handle, backup2);
349 todo_wine
350 {
351 ok(ret, "Expected success\n");
352 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
353 }
354
355 CloseEventLog(handle);
356 DeleteFileA(backup);
357 DeleteFileA(backup2);
358 }
359
360 static void test_read(void)
361 {
362 HANDLE handle;
363 BOOL ret;
364 DWORD count, toread, read, needed;
365 void *buf;
366
367 SetLastError(0xdeadbeef);
368 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
369 ok(!ret, "Expected failure\n");
370 todo_wine
371 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
372
373 read = 0xdeadbeef;
374 SetLastError(0xdeadbeef);
375 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
376 ok(!ret, "Expected failure\n");
377 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
378 todo_wine
379 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
380
381 needed = 0xdeadbeef;
382 SetLastError(0xdeadbeef);
383 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
384 ok(!ret, "Expected failure\n");
385 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
386 todo_wine
387 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
388
389 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
390 SetLastError(0xdeadbeef);
391 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
392 ok(!ret, "Expected failure\n");
393 todo_wine
394 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
395
396 SetLastError(0xdeadbeef);
397 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL);
398 ok(!ret, "Expected failure\n");
399 todo_wine
400 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
401
402 SetLastError(0xdeadbeef);
403 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed);
404 ok(!ret, "Expected failure\n");
405 todo_wine
406 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
407
408 buf = NULL;
409 SetLastError(0xdeadbeef);
410 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
411 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
412 ok(!ret, "Expected failure\n");
413 todo_wine
414 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
415
416 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
417 SetLastError(0xdeadbeef);
418 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
419 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
420 ok(!ret, "Expected failure\n");
421 todo_wine
422 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
423 HeapFree(GetProcessHeap(), 0, buf);
424
425 handle = OpenEventLogA(NULL, "Application");
426
427 /* Show that we need the proper dwFlags with a (for the rest) proper call */
428 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
429
430 SetLastError(0xdeadbeef);
431 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
432 ok(!ret, "Expected failure\n");
433 todo_wine
434 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
435
436 SetLastError(0xdeadbeef);
437 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
438 ok(!ret, "Expected failure\n");
439 todo_wine
440 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
441
442 SetLastError(0xdeadbeef);
443 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
444 ok(!ret, "Expected failure\n");
445 todo_wine
446 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
447
448 SetLastError(0xdeadbeef);
449 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
450 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
451 ok(!ret, "Expected failure\n");
452 todo_wine
453 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
454
455 SetLastError(0xdeadbeef);
456 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
457 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
458 ok(!ret, "Expected failure\n");
459 todo_wine
460 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
461
462 SetLastError(0xdeadbeef);
463 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
464 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
465 ok(!ret, "Expected failure\n");
466 todo_wine
467 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
468
469 HeapFree(GetProcessHeap(), 0, buf);
470
471 /* First check if there are any records (in practice only on Wine: FIXME) */
472 count = 0;
473 GetNumberOfEventLogRecords(handle, &count);
474 if (!count)
475 {
476 skip("No records in the 'Application' log\n");
477 CloseEventLog(handle);
478 return;
479 }
480
481 /* Get the buffer size for the first record */
482 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
483 read = needed = 0xdeadbeef;
484 SetLastError(0xdeadbeef);
485 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
486 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
487 ok(!ret, "Expected failure\n");
488 ok(read == 0, "Expected no bytes read\n");
489 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
490 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
491
492 /* Read the first record */
493 toread = needed;
494 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
495 read = needed = 0xdeadbeef;
496 SetLastError(0xdeadbeef);
497 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed);
498 ok(ret, "Expected success\n");
499 ok(read == toread ||
500 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
501 "Expected the requested size to be read\n");
502 ok(needed == 0, "Expected no extra bytes to be read\n");
503 HeapFree(GetProcessHeap(), 0, buf);
504
505 CloseEventLog(handle);
506 }
507
508 static void test_openbackup(void)
509 {
510 HANDLE handle, handle2, file;
511 DWORD written;
512 const char backup[] = "backup.evt";
513 const char text[] = "Just some text";
514
515 SetLastError(0xdeadbeef);
516 handle = OpenBackupEventLogA(NULL, NULL);
517 ok(handle == NULL, "Didn't expect a handle\n");
518 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
519
520 SetLastError(0xdeadbeef);
521 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
522 ok(handle == NULL, "Didn't expect a handle\n");
523 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
524
525 SetLastError(0xdeadbeef);
526 handle = OpenBackupEventLogA("IDontExist", NULL);
527 ok(handle == NULL, "Didn't expect a handle\n");
528 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
529
530 SetLastError(0xdeadbeef);
531 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
532 ok(handle == NULL, "Didn't expect a handle\n");
533 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
534 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
535 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
536
537 /* Make a backup eventlog to work with */
538 if (create_backup(backup))
539 {
540 /* FIXME: Wine stops here */
541 if (GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES)
542 {
543 skip("We don't have a backup eventlog to work with\n");
544 return;
545 }
546
547 SetLastError(0xdeadbeef);
548 handle = OpenBackupEventLogA("IDontExist", backup);
549 ok(handle == NULL, "Didn't expect a handle\n");
550 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
551 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
552 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
553
554 /* Empty servername should be read as local server */
555 handle = OpenBackupEventLogA("", backup);
556 ok(handle != NULL, "Expected a handle\n");
557 CloseEventLog(handle);
558
559 handle = OpenBackupEventLogA(NULL, backup);
560 ok(handle != NULL, "Expected a handle\n");
561
562 /* Can we open that same backup eventlog more than once? */
563 handle2 = OpenBackupEventLogA(NULL, backup);
564 ok(handle2 != NULL, "Expected a handle\n");
565 ok(handle2 != handle, "Didn't expect the same handle\n");
566 CloseEventLog(handle2);
567
568 CloseEventLog(handle);
569 DeleteFileA(backup);
570 }
571
572 /* Is there any content checking done? */
573 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
574 CloseHandle(file);
575 SetLastError(0xdeadbeef);
576 handle = OpenBackupEventLogA(NULL, backup);
577 ok(handle == NULL, "Didn't expect a handle\n");
578 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY ||
579 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
580 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
581 CloseEventLog(handle);
582 DeleteFileA(backup);
583
584 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
585 WriteFile(file, text, sizeof(text), &written, NULL);
586 CloseHandle(file);
587 SetLastError(0xdeadbeef);
588 handle = OpenBackupEventLogA(NULL, backup);
589 ok(handle == NULL, "Didn't expect a handle\n");
590 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
591 CloseEventLog(handle);
592 DeleteFileA(backup);
593 }
594
595 static void test_clear(void)
596 {
597 HANDLE handle;
598 BOOL ret;
599 const char backup[] = "backup.evt";
600 const char backup2[] = "backup2.evt";
601
602 SetLastError(0xdeadbeef);
603 ret = ClearEventLogA(NULL, NULL);
604 ok(!ret, "Expected failure\n");
605 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
606
607 /* Make a backup eventlog to work with */
608 if (!create_backup(backup))
609 return;
610
611 SetLastError(0xdeadbeef);
612 ret = ClearEventLogA(NULL, backup);
613 ok(!ret, "Expected failure\n");
614 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
615
616 handle = OpenBackupEventLogA(NULL, backup);
617 todo_wine
618 ok(handle != NULL, "Expected a handle\n");
619
620 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
621 SetLastError(0xdeadbeef);
622 ret = ClearEventLogA(handle, backup);
623 ok(!ret, "Expected failure\n");
624 /* The eventlog service runs under an account that doesn't have the necessary
625 * permissions on the users home directory on a default Vista+ system.
626 */
627 ok(GetLastError() == ERROR_INVALID_HANDLE ||
628 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
629 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
630
631 /* Show that ClearEventLog only works for real eventlogs. */
632 SetLastError(0xdeadbeef);
633 ret = ClearEventLogA(handle, backup2);
634 ok(!ret, "Expected failure\n");
635 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
636 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
637
638 SetLastError(0xdeadbeef);
639 ret = ClearEventLogA(handle, NULL);
640 ok(!ret, "Expected failure\n");
641 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
642
643 CloseEventLog(handle);
644 todo_wine
645 ok(DeleteFileA(backup), "Could not delete the backup file\n");
646 }
647
648 static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
649 static const char eventlogname[] = "Wine";
650 static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
651
652 static BOOL create_new_eventlog(void)
653 {
654 HKEY key, eventkey;
655 BOOL bret = FALSE;
656 LONG lret;
657 DWORD i;
658
659 /* First create our eventlog */
660 lret = RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
661 if (lret != ERROR_SUCCESS)
662 {
663 skip("Could not open the EventLog service registry key\n");
664 return FALSE;
665 }
666 lret = RegCreateKeyA(key, eventlogname, &eventkey);
667 if (lret != ERROR_SUCCESS)
668 {
669 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
670 goto cleanup;
671 }
672
673 /* Create some event sources, the registry value 'Sources' is updated automatically */
674 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
675 {
676 HKEY srckey;
677
678 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
679 if (lret != ERROR_SUCCESS)
680 {
681 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
682 goto cleanup;
683 }
684 RegFlushKey(srckey);
685 RegCloseKey(srckey);
686 }
687
688 bret = TRUE;
689
690 /* The flushing of the registry (here and above) gives us some assurance
691 * that we are not to quickly writing events as 'Sources' could still be
692 * not updated.
693 */
694 RegFlushKey(eventkey);
695 cleanup:
696 RegCloseKey(eventkey);
697 RegCloseKey(key);
698
699 return bret;
700 }
701
702 static const char *one_string[] = { "First string" };
703 static const char *two_strings[] = { "First string", "Second string" };
704 static const struct
705 {
706 const char *evt_src;
707 WORD evt_type;
708 WORD evt_cat;
709 DWORD evt_id;
710 BOOL evt_sid;
711 WORD evt_numstrings;
712 const char **evt_strings;
713 } read_write [] =
714 {
715 { eventlogname, EVENTLOG_INFORMATION_TYPE, 1, 1, FALSE, 1, one_string },
716 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
717 { eventsources[1], EVENTLOG_AUDIT_FAILURE, 1, 3, FALSE, 2, two_strings },
718 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
719 { eventsources[3], EVENTLOG_WARNING_TYPE, 1, 5, FALSE, 1, one_string },
720 { eventlogname, EVENTLOG_SUCCESS, 2, 6, TRUE, 2, two_strings },
721 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
722 { eventsources[1], EVENTLOG_AUDIT_SUCCESS, 2, 8, TRUE, 2, two_strings },
723 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
724 { eventsources[3], EVENTLOG_ERROR_TYPE, 2, 10, TRUE, 1, one_string }
725 };
726
727 static void test_readwrite(void)
728 {
729 HANDLE handle;
730 PSID user;
731 DWORD sidsize, count;
732 BOOL ret, sidavailable;
733 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
734 DWORD i;
735 char *localcomputer = NULL;
736 DWORD size;
737
738 if (pCreateWellKnownSid)
739 {
740 sidsize = SECURITY_MAX_SID_SIZE;
741 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
742 SetLastError(0xdeadbeef);
743 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
744 sidavailable = TRUE;
745 }
746 else
747 {
748 win_skip("Skipping some SID related tests\n");
749 sidavailable = FALSE;
750 user = NULL;
751 }
752
753 /* Write an event with an incorrect event type. This will fail on Windows 7
754 * but succeed on all others, hence it's not part of the struct.
755 */
756 handle = OpenEventLogA(NULL, eventlogname);
757 if (!handle)
758 {
759 /* Intermittently seen on NT4 when tests are run immediately after boot */
760 win_skip("Could not get a handle to the eventlog\n");
761 goto cleanup;
762 }
763
764 count = 0xdeadbeef;
765 GetNumberOfEventLogRecords(handle, &count);
766 if (count != 0)
767 {
768 /* Needed for W2K3 without a service pack */
769 win_skip("We most likely opened the Application eventlog\n");
770 CloseEventLog(handle);
771 Sleep(2000);
772
773 handle = OpenEventLogA(NULL, eventlogname);
774 count = 0xdeadbeef;
775 GetNumberOfEventLogRecords(handle, &count);
776 if (count != 0)
777 {
778 win_skip("We didn't open our new eventlog\n");
779 CloseEventLog(handle);
780 goto cleanup;
781 }
782 }
783
784 SetLastError(0xdeadbeef);
785 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
786 if (!ret && GetLastError() == ERROR_CRC)
787 {
788 win_skip("Win7 fails when using incorrect event types\n");
789 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
790 ok(ret, "Expected success : %d\n", GetLastError());
791 }
792 else
793 {
794 void *buf;
795 DWORD read, needed = 0;
796 EVENTLOGRECORD *record;
797
798 ok(ret, "Expected success : %d\n", GetLastError());
799
800 /* Needed to catch earlier Vista (with no ServicePack for example) */
801 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
802 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
803 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
804 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
805 {
806 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
807 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
808 0, buf, needed, &read, &needed);
809 }
810 if (ret)
811 {
812 record = (EVENTLOGRECORD *)buf;
813
814 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
815 * the written eventtype (0x20 in this case).
816 */
817 if (record->EventType == EVENTLOG_SUCCESS)
818 on_vista = TRUE;
819 }
820 HeapFree(GetProcessHeap(), 0, buf);
821 }
822
823 /* This will clear the eventlog. The record numbering for new
824 * events however differs on Vista SP1+. Before Vista the first
825 * event would be numbered 1, on Vista SP1+ it's higher as we already
826 * had at least one event (more in case of multiple test runs without
827 * a reboot).
828 */
829 ClearEventLogA(handle, NULL);
830 CloseEventLog(handle);
831
832 /* Write a bunch of events while using different event sources */
833 for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
834 {
835 DWORD oldest;
836 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
837
838 /* We don't need to use RegisterEventSource to report events */
839 if (i % 2)
840 handle = OpenEventLogA(NULL, read_write[i].evt_src);
841 else
842 handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
843 ok(handle != NULL, "Expected a handle\n");
844
845 SetLastError(0xdeadbeef);
846 ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
847 read_write[i].evt_id, run_sidtests ? user : NULL,
848 read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
849 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
850
851 count = 0xdeadbeef;
852 SetLastError(0xdeadbeef);
853 ret = GetNumberOfEventLogRecords(handle, &count);
854 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
855 todo_wine
856 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
857
858 oldest = 0xdeadbeef;
859 ret = GetOldestEventLogRecord(handle, &oldest);
860 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
861 todo_wine
862 ok(oldest == 1 ||
863 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
864 "Expected oldest to be 1 or higher, got %d\n", oldest);
865 if (oldest > 1 && oldest != 0xdeadbeef)
866 on_vista = TRUE;
867
868 SetLastError(0xdeadbeef);
869 if (i % 2)
870 ret = CloseEventLog(handle);
871 else
872 ret = DeregisterEventSource(handle);
873 ok(ret, "Expected success : %d\n", GetLastError());
874 }
875
876 handle = OpenEventLogA(NULL, eventlogname);
877 count = 0xdeadbeef;
878 ret = GetNumberOfEventLogRecords(handle, &count);
879 ok(ret, "Expected success\n");
880 todo_wine
881 ok(count == i, "Expected %d records, got %d\n", i, count);
882 CloseEventLog(handle);
883
884 if (count == 0)
885 {
886 skip("No events were written to the eventlog\n");
887 goto cleanup;
888 }
889
890 /* Report only once */
891 if (on_vista)
892 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
893
894 if (on_vista && pGetComputerNameExA)
895 {
896 /* New Vista+ behavior */
897 size = 0;
898 SetLastError(0xdeadbeef);
899 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
900 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
901 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
902 }
903 else
904 {
905 size = MAX_COMPUTERNAME_LENGTH + 1;
906 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
907 GetComputerNameA(localcomputer, &size);
908 }
909
910 /* Read all events from our created eventlog, one by one */
911 handle = OpenEventLogA(NULL, eventlogname);
912 i = 0;
913 for (;;)
914 {
915 void *buf;
916 DWORD read, needed;
917 EVENTLOGRECORD *record;
918 char *sourcename, *computername;
919 int k;
920 char *ptr;
921 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
922
923 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
924 SetLastError(0xdeadbeef);
925 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
926 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
927 if (!ret && GetLastError() == ERROR_HANDLE_EOF)
928 {
929 HeapFree(GetProcessHeap(), 0, buf);
930 break;
931 }
932 ok(!ret, "Expected failure\n");
933 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
934 "Expected ERROR_INVALID_PARAMETER, got %d\n",GetLastError());
935
936 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
937 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
938 0, buf, needed, &read, &needed);
939 ok(ret, "Expected success: %d\n", GetLastError());
940
941 record = (EVENTLOGRECORD *)buf;
942
943 ok(record->Length == read,
944 "Expected %d, got %d\n", read, record->Length);
945 ok(record->Reserved == 0x654c664c,
946 "Expected 0x654c664c, got %d\n", record->Reserved);
947 ok(record->RecordNumber == i + 1 ||
948 (on_vista && (record->RecordNumber > i + 1)),
949 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
950 ok(record->EventID == read_write[i].evt_id,
951 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
952 ok(record->EventType == read_write[i].evt_type,
953 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
954 ok(record->NumStrings == read_write[i].evt_numstrings,
955 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
956 ok(record->EventCategory == read_write[i].evt_cat,
957 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
958
959 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
960 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
961 read_write[i].evt_src, sourcename);
962
963 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
964 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
965 localcomputer, computername);
966
967 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
968 * no padding was actually required a 0 DWORD was still used for padding. No
969 * application should be relying on the padding as we are working with offsets
970 * anyway.
971 */
972
973 if (!on_vista)
974 {
975 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
976
977 /* We are already DWORD aligned, there should still be some padding */
978 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
979 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
980
981 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
982 }
983
984 if (run_sidtests)
985 {
986 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
987 }
988 else
989 {
990 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
991 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
992 }
993
994 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
995
996 ptr = (char *)((BYTE *)buf + record->StringOffset);
997 for (k = 0; k < record->NumStrings; k++)
998 {
999 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
1000 ptr += lstrlenA(ptr) + 1;
1001 }
1002
1003 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1004 "Expected the closing DWORD to contain the length of the record\n");
1005
1006 HeapFree(GetProcessHeap(), 0, buf);
1007 i++;
1008 }
1009 CloseEventLog(handle);
1010
1011 /* Test clearing a real eventlog */
1012 handle = OpenEventLogA(NULL, eventlogname);
1013
1014 SetLastError(0xdeadbeef);
1015 ret = ClearEventLogA(handle, NULL);
1016 ok(ret, "Expected success\n");
1017
1018 count = 0xdeadbeef;
1019 ret = GetNumberOfEventLogRecords(handle, &count);
1020 ok(ret, "Expected success\n");
1021 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1022
1023 CloseEventLog(handle);
1024
1025 cleanup:
1026 HeapFree(GetProcessHeap(), 0, localcomputer);
1027 HeapFree(GetProcessHeap(), 0, user);
1028 }
1029
1030 /* Before Vista:
1031 *
1032 * Creating an eventlog on Windows (via the registry) automatically leads
1033 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1034 * potential event sources for this eventlog. 'Sources' is automatically
1035 * updated when a new key (aka event source) is created.
1036 *
1037 * Although the updating of registry keys is almost instantaneously, we
1038 * check it after some other tests to assure we are not querying the
1039 * registry or file system to quickly.
1040 *
1041 * NT4 and higher:
1042 *
1043 * The eventlog file itself is also automatically created, even before we
1044 * start writing events.
1045 */
1046 static char eventlogfile[MAX_PATH];
1047 static void test_autocreation(void)
1048 {
1049 HKEY key, eventkey;
1050 DWORD type, size;
1051 LONG ret;
1052 int i;
1053 char *p;
1054 char sources[sizeof(eventsources)];
1055 char sysdir[MAX_PATH];
1056 void *redir = 0;
1057
1058 RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
1059 RegOpenKeyA(key, eventlogname, &eventkey);
1060
1061 size = sizeof(sources);
1062 sources[0] = 0;
1063 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1064 if (ret == ERROR_SUCCESS)
1065 {
1066 char sources_verify[sizeof(eventsources)];
1067
1068 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1069
1070 /* Build the expected string */
1071 memset(sources_verify, 0, sizeof(sources_verify));
1072 p = sources_verify;
1073 for (i = sizeof(eventsources)/sizeof(eventsources[0]); i > 0; i--)
1074 {
1075 lstrcpyA(p, eventsources[i - 1]);
1076 p += (lstrlenA(eventsources[i - 1]) + 1);
1077 }
1078 lstrcpyA(p, eventlogname);
1079
1080 ok(!memcmp(sources, sources_verify, size),
1081 "Expected a correct 'Sources' value (size : %d)\n", size);
1082 }
1083
1084 RegCloseKey(eventkey);
1085 RegCloseKey(key);
1086
1087 /* The directory that holds the eventlog files could be redirected */
1088 if (pWow64DisableWow64FsRedirection)
1089 pWow64DisableWow64FsRedirection(&redir);
1090
1091 /* On Windows we also automatically get an eventlog file */
1092 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1093
1094 /* NT4 - W2K3 */
1095 lstrcpyA(eventlogfile, sysdir);
1096 lstrcatA(eventlogfile, "\\config\\");
1097 lstrcatA(eventlogfile, eventlogname);
1098 lstrcatA(eventlogfile, ".evt");
1099
1100 if (GetFileAttributesA(eventlogfile) == INVALID_FILE_ATTRIBUTES)
1101 {
1102 /* Vista+ */
1103 lstrcpyA(eventlogfile, sysdir);
1104 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1105 lstrcatA(eventlogfile, eventlogname);
1106 lstrcatA(eventlogfile, ".evtx");
1107 }
1108
1109 todo_wine
1110 ok(GetFileAttributesA(eventlogfile) != INVALID_FILE_ATTRIBUTES,
1111 "Expected an eventlog file\n");
1112
1113 if (pWow64RevertWow64FsRedirection)
1114 pWow64RevertWow64FsRedirection(redir);
1115 }
1116
1117 static void cleanup_eventlog(void)
1118 {
1119 BOOL bret;
1120 LONG lret;
1121 HKEY key;
1122 DWORD i;
1123 char winesvc[MAX_PATH];
1124
1125 /* Delete the registry tree */
1126 lstrcpyA(winesvc, eventlogsvc);
1127 lstrcatA(winesvc, "\\");
1128 lstrcatA(winesvc, eventlogname);
1129
1130 RegOpenKeyA(HKEY_LOCAL_MACHINE, winesvc, &key);
1131 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
1132 RegDeleteKeyA(key, eventsources[i]);
1133 RegDeleteValueA(key, "Sources");
1134 RegCloseKey(key);
1135 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1136 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1137
1138 /* A handle to the eventlog is locked by services.exe. We can only
1139 * delete the eventlog file after reboot.
1140 */
1141 bret = MoveFileExA(eventlogfile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
1142 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1143 }
1144
1145 START_TEST(eventlog)
1146 {
1147 SetLastError(0xdeadbeef);
1148 CloseEventLog(NULL);
1149 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
1150 {
1151 win_skip("Event log functions are not implemented\n");
1152 return;
1153 }
1154
1155 init_function_pointers();
1156
1157 /* Parameters only */
1158 test_open_close();
1159 test_info();
1160 test_count();
1161 test_oldest();
1162 test_backup();
1163 test_openbackup();
1164 test_read();
1165 test_clear();
1166
1167 /* Functional tests */
1168 if (create_new_eventlog())
1169 {
1170 test_readwrite();
1171 test_autocreation();
1172 cleanup_eventlog();
1173 }
1174 }
A free Windows-compatible Operating System