2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 #include "../librpc/gen_ndr/srv_eventlog.h"
26 #include "lib/eventlog/eventlog.h"
27 #include "../libcli/security/security.h"
28 #include "../librpc/gen_ndr/ndr_winreg_c.h"
29 #include "rpc_client/cli_winreg_int.h"
30 #include "rpc_client/cli_winreg.h"
31 #include "smbd/smbd.h"
35 #define DBGC_CLASS DBGC_RPC_SRV
37 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
42 uint32 current_record;
46 uint32 access_granted;
49 /********************************************************************
50 ********************************************************************/
52 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
55 elog_close_tdb(elog->etdb, false);
60 /********************************************************************
61 ********************************************************************/
63 static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p,
64 struct policy_handle * handle )
68 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
70 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
77 /********************************************************************
78 ********************************************************************/
80 static bool elog_check_access( EVENTLOG_INFO *info, const struct security_token *token )
82 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
83 struct security_descriptor *sec_desc;
84 struct security_ace *ace;
90 /* get the security descriptor for the file */
92 sec_desc = get_nt_acl_no_snum( info, tdbname );
93 TALLOC_FREE( tdbname );
96 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
101 ace = talloc_zero(sec_desc, struct security_ace);
103 TALLOC_FREE(sec_desc);
107 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
109 ace->access_mask = REG_KEY_ALL;
110 ace->trustee = global_sid_System;
112 status = security_descriptor_dacl_add(sec_desc, ace);
113 if (!NT_STATUS_IS_OK(status)) {
114 TALLOC_FREE(sec_desc);
120 if ( geteuid() == sec_initial_uid() ) {
121 DEBUG(5,("elog_check_access: running as root, using system token\n"));
122 token = get_system_token();
125 /* run the check, try for the max allowed */
127 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
128 &info->access_granted);
130 TALLOC_FREE(sec_desc);
132 if (!NT_STATUS_IS_OK(status)) {
133 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
138 /* we have to have READ permission for a successful open */
140 return ( info->access_granted & SEC_FILE_READ_DATA );
143 /********************************************************************
144 ********************************************************************/
146 static bool elog_validate_logname( const char *name )
149 const char **elogs = lp_eventlog_list();
155 for ( i=0; elogs[i]; i++ ) {
156 if ( strequal( name, elogs[i] ) )
163 /********************************************************************
164 ********************************************************************/
166 static bool get_num_records_hook( EVENTLOG_INFO * info )
172 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
176 /* lock the tdb since we have to get 2 records */
178 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
179 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
180 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
181 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
184 ( "Oldest Record %d; Next Record %d\n", oldest_record,
187 info->num_records = ( next_record - oldest_record );
188 info->oldest_entry = oldest_record;
193 /********************************************************************
194 ********************************************************************/
196 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
198 /* it's the same thing */
199 return get_num_records_hook( info );
202 /********************************************************************
203 ********************************************************************/
205 static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct policy_handle *hnd )
209 /* first thing is to validate the eventlog name */
211 if ( !elog_validate_logname( logname ) )
212 return NT_STATUS_OBJECT_PATH_INVALID;
214 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
215 return NT_STATUS_NO_MEMORY;
216 talloc_set_destructor(elog, eventlog_info_destructor);
218 elog->logname = talloc_strdup( elog, logname );
220 /* Open the tdb first (so that we can create any new tdbs if necessary).
221 We have to do this as root and then use an internal access check
222 on the file permissions since you can only have a tdb open once
223 in a single process */
226 elog->etdb = elog_open_tdb( elog->logname, False, False );
230 /* according to MSDN, if the logfile cannot be found, we should
231 default to the "Application" log */
233 if ( !strequal( logname, ELOG_APPL ) ) {
235 TALLOC_FREE( elog->logname );
237 elog->logname = talloc_strdup( elog, ELOG_APPL );
239 /* do the access check */
240 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
242 return NT_STATUS_ACCESS_DENIED;
246 elog->etdb = elog_open_tdb( elog->logname, False, False );
252 return NT_STATUS_ACCESS_DENIED; /* ??? */
256 /* now do the access check. Close the tdb if we fail here */
258 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
260 return NT_STATUS_ACCESS_DENIED;
263 /* create the policy handle */
265 if ( !create_policy_hnd( p, hnd, elog ) ) {
267 return NT_STATUS_NO_MEMORY;
270 /* set the initial current_record pointer */
272 if ( !get_oldest_entry_hook( elog ) ) {
273 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
274 "get any information on internal records!\n"));
277 elog->current_record = elog->oldest_entry;
282 /********************************************************************
283 ********************************************************************/
285 static NTSTATUS elog_close( struct pipes_struct *p, struct policy_handle *hnd )
287 if ( !( close_policy_hnd( p, hnd ) ) ) {
288 return NT_STATUS_INVALID_HANDLE;
294 /*******************************************************************
295 *******************************************************************/
297 static int elog_size( EVENTLOG_INFO *info )
299 if ( !info || !info->etdb ) {
300 DEBUG(0,("elog_size: Invalid info* structure!\n"));
304 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
307 /********************************************************************
308 note that this can only be called AFTER the table is constructed,
309 since it uses the table to find the tdb handle
310 ********************************************************************/
312 static bool sync_eventlog_params(TALLOC_CTX *mem_ctx,
313 struct messaging_context *msg_ctx,
316 struct dcerpc_binding_handle *h = NULL;
317 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
318 struct policy_handle hive_hnd, key_hnd;
319 uint32_t uiMaxSize = 0;
320 uint32_t uiRetention = 0;
323 WERROR wresult = WERR_OK;
324 char *elogname = info->logname;
328 ctx = talloc_stackframe();
333 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
336 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
339 /* set resonable defaults. 512Kb on size and 1 week on time */
342 uiRetention = 604800;
344 /* the general idea is to internally open the registry
345 key and retrieve the values. That way we can continue
346 to use the same fetch/store api that we use in
348 path = talloc_asprintf(ctx, "%s\\%s", TOP_LEVEL_EVENTLOG_KEY, elogname);
353 status = dcerpc_winreg_int_hklm_openkey(ctx,
354 get_session_info_system(),
363 if (!NT_STATUS_IS_OK(status)) {
364 DEBUG(4,("sync_eventlog_params: Failed to open key [%s] (%s)\n",
365 path, nt_errstr(status)));
368 if ( !W_ERROR_IS_OK( wresult ) ) {
370 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
371 path, win_errstr( wresult ) ) );
375 status = dcerpc_winreg_query_dword(ctx,
381 if (!NT_STATUS_IS_OK(status)) {
382 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
386 if (!W_ERROR_IS_OK(wresult)) {
387 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
388 win_errstr(wresult)));
392 status = dcerpc_winreg_query_dword(ctx,
398 if (!NT_STATUS_IS_OK(status)) {
399 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
403 if (!W_ERROR_IS_OK(wresult)) {
404 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
405 win_errstr(wresult)));
409 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
410 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
418 if (is_valid_policy_hnd(&key_hnd)) {
419 dcerpc_winreg_CloseKey(h, ctx, &key_hnd, &ignore);
421 if (is_valid_policy_hnd(&hive_hnd)) {
422 dcerpc_winreg_CloseKey(h, ctx, &hive_hnd, &ignore);
430 /********************************************************************
431 _eventlog_OpenEventLogW
432 ********************************************************************/
434 NTSTATUS _eventlog_OpenEventLogW(struct pipes_struct *p,
435 struct eventlog_OpenEventLogW *r)
440 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
441 r->in.servername->string, r->in.logname->string ));
443 /* according to MSDN, if the logfile cannot be found, we should
444 default to the "Application" log */
446 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
449 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
450 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
451 r->in.logname->string ));
452 elog_close( p, r->out.handle );
453 return NT_STATUS_INVALID_HANDLE;
456 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
458 if (!sync_eventlog_params(p->mem_ctx,
461 elog_close(p, r->out.handle);
462 return NT_STATUS_EVENTLOG_FILE_CORRUPT;
464 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
469 /********************************************************************
470 _eventlog_ClearEventLogW
471 This call still needs some work
472 ********************************************************************/
473 /** The windows client seems to be doing something funny with the file name
475 ClearEventLog(handle, "backup_file")
476 on the client side will result in the backup file name looking like this on the
478 \??\${CWD of client}\backup_file
479 If an absolute path gets specified, such as
480 ClearEventLog(handle, "C:\\temp\\backup_file")
481 then it is still mangled by the client into this:
482 \??\C:\temp\backup_file
483 when it is on the wire.
484 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
485 would be added in given that the backup file gets written on the server side. */
487 NTSTATUS _eventlog_ClearEventLogW(struct pipes_struct *p,
488 struct eventlog_ClearEventLogW *r)
490 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
493 return NT_STATUS_INVALID_HANDLE;
495 if (r->in.backupfile && r->in.backupfile->string) {
497 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
498 "file name for log [%s].",
499 r->in.backupfile->string, info->logname ) );
502 /* check for WRITE access to the file */
504 if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
505 return NT_STATUS_ACCESS_DENIED;
507 /* Force a close and reopen */
509 elog_close_tdb( info->etdb, True );
511 info->etdb = elog_open_tdb( info->logname, True, False );
515 return NT_STATUS_ACCESS_DENIED;
520 /********************************************************************
521 _eventlog_CloseEventLog
522 ********************************************************************/
524 NTSTATUS _eventlog_CloseEventLog(struct pipes_struct * p,
525 struct eventlog_CloseEventLog *r)
529 status = elog_close( p, r->in.handle );
530 if (!NT_STATUS_IS_OK(status)) {
534 ZERO_STRUCTP(r->out.handle);
539 /********************************************************************
540 _eventlog_ReadEventLogW
541 ********************************************************************/
543 NTSTATUS _eventlog_ReadEventLogW(struct pipes_struct *p,
544 struct eventlog_ReadEventLogW *r)
546 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
547 uint32_t num_records_read = 0;
548 int bytes_left, record_number;
549 uint32_t elog_read_type, elog_read_dir;
552 return NT_STATUS_INVALID_HANDLE;
555 info->flags = r->in.flags;
556 bytes_left = r->in.number_of_bytes;
559 return NT_STATUS_ACCESS_DENIED;
562 /* check for valid flags. Can't use the sequential and seek flags together */
564 elog_read_type = r->in.flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
565 elog_read_dir = r->in.flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
567 if (r->in.flags == 0 ||
568 elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) ||
569 elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ))
571 DEBUG(3,("_eventlog_ReadEventLogW: "
572 "Invalid flags [0x%08x] for ReadEventLog\n",
574 return NT_STATUS_INVALID_PARAMETER;
577 /* a sequential read should ignore the offset */
579 if (elog_read_type & EVENTLOG_SEQUENTIAL_READ) {
580 record_number = info->current_record;
582 record_number = r->in.offset;
585 if (r->in.number_of_bytes == 0) {
586 struct EVENTLOGRECORD *e;
587 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
590 return NT_STATUS_END_OF_FILE;
592 *r->out.real_size = e->Length;
593 return NT_STATUS_BUFFER_TOO_SMALL;
596 while (bytes_left > 0) {
599 enum ndr_err_code ndr_err;
600 struct EVENTLOGRECORD *e;
602 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
608 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, e,
609 (ndr_push_flags_fn_t)ndr_push_EVENTLOGRECORD);
610 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
611 return ndr_map_error2ntstatus(ndr_err);
614 if (DEBUGLEVEL >= 10) {
615 NDR_PRINT_DEBUG(EVENTLOGRECORD, e);
618 if (blob.length > r->in.number_of_bytes) {
619 *r->out.real_size = blob.length;
620 return NT_STATUS_BUFFER_TOO_SMALL;
623 if (*r->out.sent_size + blob.length > r->in.number_of_bytes) {
627 bytes_left -= blob.length;
629 if (info->flags & EVENTLOG_FORWARDS_READ) {
635 /* update the eventlog record pointer */
637 info->current_record = record_number;
639 memcpy(&r->out.data[*(r->out.sent_size)],
640 blob.data, blob.length);
641 *(r->out.sent_size) += blob.length;
646 if (r->in.offset == 0 && record_number == 0 && *r->out.sent_size == 0) {
647 return NT_STATUS_END_OF_FILE;
653 /********************************************************************
654 _eventlog_GetOldestRecord
655 ********************************************************************/
657 NTSTATUS _eventlog_GetOldestRecord(struct pipes_struct *p,
658 struct eventlog_GetOldestRecord *r)
660 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
663 return NT_STATUS_INVALID_HANDLE;
666 if ( !( get_oldest_entry_hook( info ) ) )
667 return NT_STATUS_ACCESS_DENIED;
669 *r->out.oldest_entry = info->oldest_entry;
674 /********************************************************************
675 _eventlog_GetNumRecords
676 ********************************************************************/
678 NTSTATUS _eventlog_GetNumRecords(struct pipes_struct *p,
679 struct eventlog_GetNumRecords *r)
681 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
684 return NT_STATUS_INVALID_HANDLE;
687 if ( !( get_num_records_hook( info ) ) )
688 return NT_STATUS_ACCESS_DENIED;
690 *r->out.number = info->num_records;
695 NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r)
697 p->rng_fault_state = True;
698 return NT_STATUS_NOT_IMPLEMENTED;
701 /********************************************************************
702 _eventlog_GetLogInformation
703 ********************************************************************/
705 NTSTATUS _eventlog_GetLogInformation(struct pipes_struct *p,
706 struct eventlog_GetLogInformation *r)
708 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
709 struct EVENTLOG_FULL_INFORMATION f;
710 enum ndr_err_code ndr_err;
714 return NT_STATUS_INVALID_HANDLE;
717 if (r->in.level != 0) {
718 return NT_STATUS_INVALID_LEVEL;
721 *r->out.bytes_needed = 4;
723 if (r->in.buf_size < 4) {
724 return NT_STATUS_BUFFER_TOO_SMALL;
727 /* FIXME: this should be retrieved from the handle */
730 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &f,
731 (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
732 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
733 return ndr_map_error2ntstatus(ndr_err);
736 if (DEBUGLEVEL >= 10) {
737 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
740 memcpy(r->out.buffer, blob.data, 4);
745 /********************************************************************
746 _eventlog_FlushEventLog
747 ********************************************************************/
749 NTSTATUS _eventlog_FlushEventLog(struct pipes_struct *p,
750 struct eventlog_FlushEventLog *r)
752 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
754 return NT_STATUS_INVALID_HANDLE;
757 return NT_STATUS_ACCESS_DENIED;
760 /********************************************************************
761 ********************************************************************/
763 static NTSTATUS evlog_report_to_record(TALLOC_CTX *mem_ctx,
764 const struct eventlog_ReportEventW *r,
766 struct EVENTLOGRECORD *e)
771 e->TimeGenerated = r->in.timestamp;
772 e->TimeWritten = time(NULL);
773 e->EventID = r->in.event_id;
774 e->EventType = r->in.event_type;
775 e->NumStrings = r->in.num_of_strings;
776 e->EventCategory = r->in.event_category;
777 e->ReservedFlags = r->in.flags;
778 e->DataLength = r->in.data_size;
779 e->SourceName = talloc_strdup(mem_ctx, logname);
780 NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
781 if (r->in.servername->string) {
782 e->Computername = r->in.servername->string;
784 e->Computername = talloc_strdup(mem_ctx, "");
785 NT_STATUS_HAVE_NO_MEMORY(e->Computername);
787 if (r->in.user_sid) {
788 e->UserSid = *r->in.user_sid;
790 e->Strings = talloc_array(mem_ctx, const char *, e->NumStrings);
791 NT_STATUS_HAVE_NO_MEMORY(e->Strings);
793 for (i=0; i < e->NumStrings; i++) {
794 e->Strings[i] = talloc_strdup(e->Strings,
795 r->in.strings[i]->string);
796 NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
798 e->Data = r->in.data;
803 /********************************************************************
804 _eventlog_ReportEventW
805 ********************************************************************/
807 NTSTATUS _eventlog_ReportEventW(struct pipes_struct *p,
808 struct eventlog_ReportEventW *r)
811 struct EVENTLOGRECORD record;
813 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
815 return NT_STATUS_INVALID_HANDLE;
818 status = evlog_report_to_record(p->mem_ctx, r, info->logname, &record);
819 if (!NT_STATUS_IS_OK(status)) {
823 status = evlog_push_record(p->mem_ctx,
824 ELOG_TDB_CTX(info->etdb),
826 r->out.record_number);
827 if (!NT_STATUS_IS_OK(status)) {
834 /********************************************************************
835 ********************************************************************/
837 NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p,
838 struct eventlog_DeregisterEventSource *r)
840 p->rng_fault_state = True;
841 return NT_STATUS_NOT_IMPLEMENTED;
844 NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p,
845 struct eventlog_ChangeNotify *r)
847 p->rng_fault_state = True;
848 return NT_STATUS_NOT_IMPLEMENTED;
851 NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p,
852 struct eventlog_RegisterEventSourceW *r)
854 p->rng_fault_state = True;
855 return NT_STATUS_NOT_IMPLEMENTED;
858 NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p,
859 struct eventlog_OpenBackupEventLogW *r)
861 p->rng_fault_state = True;
862 return NT_STATUS_NOT_IMPLEMENTED;
865 NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p,
866 struct eventlog_ClearEventLogA *r)
868 p->rng_fault_state = True;
869 return NT_STATUS_NOT_IMPLEMENTED;
872 NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p,
873 struct eventlog_BackupEventLogA *r)
875 p->rng_fault_state = True;
876 return NT_STATUS_NOT_IMPLEMENTED;
879 NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p,
880 struct eventlog_OpenEventLogA *r)
882 p->rng_fault_state = True;
883 return NT_STATUS_NOT_IMPLEMENTED;
886 NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p,
887 struct eventlog_RegisterEventSourceA *r)
889 p->rng_fault_state = True;
890 return NT_STATUS_NOT_IMPLEMENTED;
893 NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p,
894 struct eventlog_OpenBackupEventLogA *r)
896 p->rng_fault_state = True;
897 return NT_STATUS_NOT_IMPLEMENTED;
900 NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p,
901 struct eventlog_ReadEventLogA *r)
903 p->rng_fault_state = True;
904 return NT_STATUS_NOT_IMPLEMENTED;
907 NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p,
908 struct eventlog_ReportEventA *r)
910 p->rng_fault_state = True;
911 return NT_STATUS_NOT_IMPLEMENTED;
914 NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p,
915 struct eventlog_RegisterClusterSvc *r)
917 p->rng_fault_state = True;
918 return NT_STATUS_NOT_IMPLEMENTED;
921 NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p,
922 struct eventlog_DeregisterClusterSvc *r)
924 p->rng_fault_state = True;
925 return NT_STATUS_NOT_IMPLEMENTED;
928 NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p,
929 struct eventlog_WriteClusterEvents *r)
931 p->rng_fault_state = True;
932 return NT_STATUS_NOT_IMPLEMENTED;
935 NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p,
936 struct eventlog_ReportEventAndSourceW *r)
938 p->rng_fault_state = True;
939 return NT_STATUS_NOT_IMPLEMENTED;