IELF_HANDLE LogHandle,
PRPC_UNICODE_STRING BackupFileName)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLOGHANDLE lpLogHandle;
+
+ DPRINT("ElfrClearELFW()\n");
+
+ lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
+ if (!lpLogHandle)
+ {
+ return STATUS_INVALID_HANDLE;
+ }
+
+ return LogfClearFile(lpLogHandle->LogFile,
+ (PUNICODE_STRING)BackupFileName);
}
IELF_HANDLE LogHandle,
PRPC_UNICODE_STRING BackupFileName)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLOGHANDLE lpLogHandle;
+
+ DPRINT("ElfrBackupELFW()\n");
+
+ lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
+ if (!lpLogHandle)
+ {
+ return STATUS_INVALID_HANDLE;
+ }
+
+ return LogfBackupFile(lpLogHandle->LogFile,
+ (PUNICODE_STRING)BackupFileName);
}
+
/* Function 2 */
NTSTATUS ElfrCloseEL(
IELF_HANDLE *LogHandle)
PLOGHANDLE lpLogHandle;
PLOGFILE lpLogFile;
+ DPRINT("ElfrNumberOfRecords()");
+
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
if (!lpLogHandle)
{
lpLogFile = lpLogHandle->LogFile;
- if (lpLogFile->Header.OldestRecordNumber == 0)
- *NumberOfRecords = 0;
- else
- *NumberOfRecords = lpLogFile->Header.CurrentRecordNumber -
- lpLogFile->Header.OldestRecordNumber;
+ DPRINT("Oldest: %lu Current: %lu\n",
+ lpLogFile->Header.OldestRecordNumber,
+ lpLogFile->Header.CurrentRecordNumber);
+
+ *NumberOfRecords = lpLogFile->Header.CurrentRecordNumber -
+ lpLogFile->Header.OldestRecordNumber;
return STATUS_SUCCESS;
}
return STATUS_INVALID_PARAMETER;
}
- *OldestRecordNumber = 0;
*OldestRecordNumber = LogfGetOldestRecord(lpLogHandle->LogFile);
+
return STATUS_SUCCESS;
}
RPC_CLIENT_ID ClientId,
DWORD Event)
{
+ DPRINT("ElfrChangeNotify()");
+
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
DWORD MinorVersion,
IELF_HANDLE *LogHandle)
{
- DPRINT1("ElfrRegisterEventSourceW()\n");
+ DPRINT("ElfrRegisterEventSourceW()\n");
if ((MajorVersion != 1) || (MinorVersion != 1))
return STATUS_INVALID_PARAMETER;
if (RegModuleName->Length > 0)
return STATUS_INVALID_PARAMETER;
- DPRINT1("ModuleName: %S\n", ModuleName->Buffer);
+ DPRINT("ModuleName: %S\n", ModuleName->Buffer);
/*FIXME: UNCServerName must specify the server or empty for local */
return STATUS_INVALID_HANDLE;
}
- if (!Buffer)
- return I_RpcMapWin32Status(ERROR_INVALID_PARAMETER);
+ if (!Buffer)
+ return STATUS_INVALID_PARAMETER;
/* If sequential read, retrieve the CurrentRecord from this log handle */
if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
}
dwError = LogfReadEvent(lpLogHandle->LogFile, ReadFlags, &RecordNumber,
- NumberOfBytesToRead, Buffer, NumberOfBytesRead, MinNumberOfBytesNeeded);
+ NumberOfBytesToRead, Buffer, NumberOfBytesRead, MinNumberOfBytesNeeded,
+ FALSE);
/* Update the handles CurrentRecord if success*/
if (dwError == ERROR_SUCCESS)
lpLogHandle->CurrentRecord = RecordNumber;
}
+ /* HACK!!! */
+ if (dwError == ERROR_HANDLE_EOF)
+ return STATUS_END_OF_FILE;
+
return I_RpcMapWin32Status(dwError);
}
DPRINT("Info: %wZ\n", Strings[i]);
break;
+ case EVENTLOG_AUDIT_SUCCESS:
+ DPRINT("Audit Success: %wZ\n", Strings[i]);
+ break;
+
+ case EVENTLOG_AUDIT_FAILURE:
+ DPRINT("Audit Failure: %wZ\n", Strings[i]);
+ break;
+
default:
DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
break;
IELF_HANDLE LogHandle,
PRPC_STRING BackupFileName)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNICODE_STRING BackupFileNameW;
+ NTSTATUS Status;
+
+ Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
+ (PANSI_STRING)BackupFileName,
+ TRUE);
+ if (!NT_SUCCESS(Status))
+ return Status;
+
+ Status = ElfrClearELFW(LogHandle,
+ (PRPC_UNICODE_STRING)&BackupFileNameW);
+
+ RtlFreeUnicodeString(&BackupFileNameW);
+
+ return Status;
}
IELF_HANDLE LogHandle,
PRPC_STRING BackupFileName)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNICODE_STRING BackupFileNameW;
+ NTSTATUS Status;
+
+ Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
+ (PANSI_STRING)BackupFileName,
+ TRUE);
+ if (!NT_SUCCESS(Status))
+ return Status;
+
+ Status = ElfrBackupELFW(LogHandle,
+ (PRPC_UNICODE_STRING)&BackupFileNameW);
+
+ RtlFreeUnicodeString(&BackupFileNameW);
+
+ return Status;
}
IELF_HANDLE *LogHandle)
{
UNICODE_STRING ModuleNameW;
+ NTSTATUS Status;
if ((MajorVersion != 1) || (MinorVersion != 1))
return STATUS_INVALID_PARAMETER;
if (RegModuleName->Length > 0)
return STATUS_INVALID_PARAMETER;
- RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
+ Status = RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
+ if (!NT_SUCCESS(Status))
+ return Status;
/* FIXME: Must verify that caller has read access */
DWORD MinorVersion,
IELF_HANDLE *LogHandle)
{
- UNICODE_STRING ModuleNameW = { 0, 0, NULL };
+ UNICODE_STRING ModuleNameW;
+ NTSTATUS Status;
- if (ModuleName &&
- !RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE))
+ Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
+ (PANSI_STRING)ModuleName,
+ TRUE);
+ if (!NT_SUCCESS(Status))
{
- return STATUS_NO_MEMORY;
+ DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
+ return Status;
}
/* RegModuleName must be an empty string */
DWORD *NumberOfBytesRead,
DWORD *MinNumberOfBytesNeeded)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLOGHANDLE lpLogHandle;
+ DWORD dwError;
+ DWORD RecordNumber;
+
+ lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
+ if (!lpLogHandle)
+ {
+ return STATUS_INVALID_HANDLE;
+ }
+
+ if (!Buffer)
+ return STATUS_INVALID_PARAMETER;
+
+ /* If sequential read, retrieve the CurrentRecord from this log handle */
+ if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
+ {
+ RecordNumber = lpLogHandle->CurrentRecord;
+ }
+ else
+ {
+ RecordNumber = RecordOffset;
+ }
+
+ dwError = LogfReadEvent(lpLogHandle->LogFile,
+ ReadFlags,
+ &RecordNumber,
+ NumberOfBytesToRead,
+ Buffer,
+ NumberOfBytesRead,
+ MinNumberOfBytesNeeded,
+ TRUE);
+
+ /* Update the handles CurrentRecord if success*/
+ if (dwError == ERROR_SUCCESS)
+ {
+ lpLogHandle->CurrentRecord = RecordNumber;
+ }
+
+ /* HACK!!! */
+ if (dwError == ERROR_HANDLE_EOF)
+ return STATUS_END_OF_FILE;
+
+ return I_RpcMapWin32Status(dwError);
}
DWORD *RecordNumber,
DWORD *TimeWritten)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNICODE_STRING ComputerNameW;
+ PUNICODE_STRING *StringsArrayW = NULL;
+ NTSTATUS Status = STATUS_SUCCESS;
+ USHORT i;
+
+ DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
+
+#if 0
+ for (i = 0; i < NumStrings; i++)
+ {
+ if (Strings[i] == NULL)
+ {
+ DPRINT1("String %hu is null\n", i);
+ }
+ else
+ {
+ DPRINT1("String %hu: %Z\n", i, Strings[i]);
+ }
+ }
+#endif
+
+ Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
+ (PANSI_STRING)ComputerName,
+ TRUE);
+ if (!NT_SUCCESS(Status))
+ return Status;
+
+ if (NumStrings != 0)
+ {
+ StringsArrayW = HeapAlloc(MyHeap,
+ HEAP_ZERO_MEMORY,
+ NumStrings * sizeof (PUNICODE_STRING));
+ if (StringsArrayW == NULL)
+ {
+ Status = STATUS_NO_MEMORY;
+ goto Done;
+ }
+
+ for (i = 0; i < NumStrings; i++)
+ {
+ if (Strings[i] != NULL)
+ {
+ StringsArrayW[i] = HeapAlloc(MyHeap,
+ HEAP_ZERO_MEMORY,
+ sizeof(UNICODE_STRING));
+ if (StringsArrayW[i] == NULL)
+ {
+ Status = STATUS_NO_MEMORY;
+ break;
+ }
+
+ Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
+ (PANSI_STRING)Strings[i],
+ TRUE);
+ }
+
+ if (!NT_SUCCESS(Status))
+ break;
+ }
+ }
+
+ if (NT_SUCCESS(Status))
+ {
+ Status = ElfrReportEventW(LogHandle,
+ Time,
+ EventType,
+ EventCategory,
+ EventID,
+ NumStrings,
+ DataSize,
+ (PRPC_UNICODE_STRING)&ComputerNameW,
+ UserSID,
+ (PRPC_UNICODE_STRING*)StringsArrayW,
+ Data,
+ Flags,
+ RecordNumber,
+ TimeWritten);
+ }
+
+Done:
+ for (i = 0; i < NumStrings; i++)
+ {
+ if (StringsArrayW[i] != NULL)
+ {
+ if (StringsArrayW[i]->Buffer)
+ {
+ RtlFreeUnicodeString(StringsArrayW[i]);
+ HeapFree(MyHeap, 0, StringsArrayW[i]);
+ }
+ }
+ }
+
+ if (StringsArrayW != NULL)
+ HeapFree(MyHeap, 0, StringsArrayW);
+
+ RtlFreeUnicodeString(&ComputerNameW);
+
+ return Status;
}