2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Marcin Krzysztof Porwit 2005,
5 * Copyright (C) Brian Moran 2005,
6 * Copyright (C) Gerald (Jerry) Carter 2005.
7 * Copyright (C) Guenther Deschner 2009.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "../librpc/gen_ndr/srv_eventlog.h"
25 #include "lib/eventlog/eventlog.h"
27 #include "../libcli/security/security.h"
28 #include "../librpc/gen_ndr/ndr_winreg_c.h"
29 #include "rpc_client/cli_winreg_int.h"
30 #include "rpc_client/cli_winreg.h"
31 #include "smbd/smbd.h"
36 #define DBGC_CLASS DBGC_RPC_SRV
38 #define TOP_LEVEL_EVENTLOG_KEY "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
43 uint32 current_record;
47 uint32 access_granted;
50 /********************************************************************
51 ********************************************************************/
53 static int eventlog_info_destructor(EVENTLOG_INFO *elog)
56 elog_close_tdb(elog->etdb, false);
61 /********************************************************************
62 ********************************************************************/
64 static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p,
65 struct policy_handle * handle )
69 if ( !find_policy_by_hnd( p, handle, (void **)(void *)&info ) ) {
71 ( "find_eventlog_info_by_hnd: eventlog not found.\n" ) );
78 /********************************************************************
79 ********************************************************************/
81 static bool elog_check_access( EVENTLOG_INFO *info, const struct security_token *token )
83 char *tdbname = elog_tdbname(talloc_tos(), info->logname );
84 struct security_descriptor *sec_desc;
85 struct security_ace *ace;
91 /* get the security descriptor for the file */
93 sec_desc = get_nt_acl_no_snum( info, tdbname );
94 TALLOC_FREE( tdbname );
97 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n",
102 ace = talloc_zero(sec_desc, struct security_ace);
104 TALLOC_FREE(sec_desc);
108 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
110 ace->access_mask = REG_KEY_ALL;
111 ace->trustee = global_sid_System;
113 status = security_descriptor_dacl_add(sec_desc, ace);
114 if (!NT_STATUS_IS_OK(status)) {
115 TALLOC_FREE(sec_desc);
121 if ( geteuid() == sec_initial_uid() ) {
122 DEBUG(5,("elog_check_access: running as root, using system token\n"));
123 token = get_system_token();
126 /* run the check, try for the max allowed */
128 status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
129 &info->access_granted);
131 TALLOC_FREE(sec_desc);
133 if (!NT_STATUS_IS_OK(status)) {
134 DEBUG(8,("elog_check_access: se_access_check() return %s\n",
139 /* we have to have READ permission for a successful open */
141 return ( info->access_granted & SEC_FILE_READ_DATA );
144 /********************************************************************
145 ********************************************************************/
147 static bool elog_validate_logname( const char *name )
150 const char **elogs = lp_eventlog_list();
156 for ( i=0; elogs[i]; i++ ) {
157 if ( strequal( name, elogs[i] ) )
164 /********************************************************************
165 ********************************************************************/
167 static bool get_num_records_hook( EVENTLOG_INFO * info )
173 DEBUG( 10, ( "No open tdb for %s\n", info->logname ) );
177 /* lock the tdb since we have to get 2 records */
179 tdb_lock_bystring_with_timeout( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD, 1 );
180 next_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
181 oldest_record = tdb_fetch_int32( ELOG_TDB_CTX(info->etdb), EVT_OLDEST_ENTRY);
182 tdb_unlock_bystring( ELOG_TDB_CTX(info->etdb), EVT_NEXT_RECORD);
185 ( "Oldest Record %d; Next Record %d\n", oldest_record,
188 info->num_records = ( next_record - oldest_record );
189 info->oldest_entry = oldest_record;
194 /********************************************************************
195 ********************************************************************/
197 static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
199 /* it's the same thing */
200 return get_num_records_hook( info );
203 /********************************************************************
204 ********************************************************************/
206 static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct policy_handle *hnd )
210 /* first thing is to validate the eventlog name */
212 if ( !elog_validate_logname( logname ) )
213 return NT_STATUS_OBJECT_PATH_INVALID;
215 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )
216 return NT_STATUS_NO_MEMORY;
217 talloc_set_destructor(elog, eventlog_info_destructor);
219 elog->logname = talloc_strdup( elog, logname );
221 /* Open the tdb first (so that we can create any new tdbs if necessary).
222 We have to do this as root and then use an internal access check
223 on the file permissions since you can only have a tdb open once
224 in a single process */
227 elog->etdb = elog_open_tdb( elog->logname, False, False );
231 /* according to MSDN, if the logfile cannot be found, we should
232 default to the "Application" log */
234 if ( !strequal( logname, ELOG_APPL ) ) {
236 TALLOC_FREE( elog->logname );
238 elog->logname = talloc_strdup( elog, ELOG_APPL );
240 /* do the access check */
241 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
243 return NT_STATUS_ACCESS_DENIED;
247 elog->etdb = elog_open_tdb( elog->logname, False, False );
253 return NT_STATUS_ACCESS_DENIED; /* ??? */
257 /* now do the access check. Close the tdb if we fail here */
259 if ( !elog_check_access( elog, p->session_info->security_token ) ) {
261 return NT_STATUS_ACCESS_DENIED;
264 /* create the policy handle */
266 if ( !create_policy_hnd( p, hnd, elog ) ) {
268 return NT_STATUS_NO_MEMORY;
271 /* set the initial current_record pointer */
273 if ( !get_oldest_entry_hook( elog ) ) {
274 DEBUG(3,("elog_open: Successfully opened eventlog but can't "
275 "get any information on internal records!\n"));
278 elog->current_record = elog->oldest_entry;
283 /********************************************************************
284 ********************************************************************/
286 static NTSTATUS elog_close( struct pipes_struct *p, struct policy_handle *hnd )
288 if ( !( close_policy_hnd( p, hnd ) ) ) {
289 return NT_STATUS_INVALID_HANDLE;
295 /*******************************************************************
296 *******************************************************************/
298 static int elog_size( EVENTLOG_INFO *info )
300 if ( !info || !info->etdb ) {
301 DEBUG(0,("elog_size: Invalid info* structure!\n"));
305 return elog_tdb_size( ELOG_TDB_CTX(info->etdb), NULL, NULL );
308 /********************************************************************
309 note that this can only be called AFTER the table is constructed,
310 since it uses the table to find the tdb handle
311 ********************************************************************/
313 static bool sync_eventlog_params(TALLOC_CTX *mem_ctx,
314 struct messaging_context *msg_ctx,
317 struct dcerpc_binding_handle *h = NULL;
318 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
319 struct policy_handle hive_hnd, key_hnd;
320 uint32_t uiMaxSize = 0;
321 uint32_t uiRetention = 0;
324 WERROR wresult = WERR_OK;
325 char *elogname = info->logname;
329 ctx = talloc_stackframe();
334 DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
337 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
340 /* set resonable defaults. 512Kb on size and 1 week on time */
343 uiRetention = 604800;
345 /* the general idea is to internally open the registry
346 key and retrieve the values. That way we can continue
347 to use the same fetch/store api that we use in
349 path = talloc_asprintf(ctx, "%s\\%s", TOP_LEVEL_EVENTLOG_KEY, elogname);
354 status = dcerpc_winreg_int_hklm_openkey(ctx,
355 get_session_info_system(),
364 if (!NT_STATUS_IS_OK(status)) {
365 DEBUG(4,("sync_eventlog_params: Failed to open key [%s] (%s)\n",
366 path, nt_errstr(status)));
369 if ( !W_ERROR_IS_OK( wresult ) ) {
371 ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
372 path, win_errstr( wresult ) ) );
376 status = dcerpc_winreg_query_dword(ctx,
382 if (!NT_STATUS_IS_OK(status)) {
383 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
387 if (!W_ERROR_IS_OK(wresult)) {
388 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
389 win_errstr(wresult)));
393 status = dcerpc_winreg_query_dword(ctx,
399 if (!NT_STATUS_IS_OK(status)) {
400 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
404 if (!W_ERROR_IS_OK(wresult)) {
405 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
406 win_errstr(wresult)));
410 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
411 tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
419 if (is_valid_policy_hnd(&key_hnd)) {
420 dcerpc_winreg_CloseKey(h, ctx, &key_hnd, &ignore);
422 if (is_valid_policy_hnd(&hive_hnd)) {
423 dcerpc_winreg_CloseKey(h, ctx, &hive_hnd, &ignore);
431 /********************************************************************
432 _eventlog_OpenEventLogW
433 ********************************************************************/
435 NTSTATUS _eventlog_OpenEventLogW(struct pipes_struct *p,
436 struct eventlog_OpenEventLogW *r)
441 DEBUG( 10,("_eventlog_OpenEventLogW: Server [%s], Log [%s]\n",
442 r->in.servername->string, r->in.logname->string ));
444 /* according to MSDN, if the logfile cannot be found, we should
445 default to the "Application" log */
447 if ( !NT_STATUS_IS_OK( result = elog_open( p, r->in.logname->string, r->out.handle )) )
450 if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
451 DEBUG(0,("_eventlog_OpenEventLogW: eventlog (%s) opened but unable to find handle!\n",
452 r->in.logname->string ));
453 elog_close( p, r->out.handle );
454 return NT_STATUS_INVALID_HANDLE;
457 DEBUG(10,("_eventlog_OpenEventLogW: Size [%d]\n", elog_size( info )));
459 if (!sync_eventlog_params(p->mem_ctx,
462 elog_close(p, r->out.handle);
463 return NT_STATUS_EVENTLOG_FILE_CORRUPT;
465 prune_eventlog( ELOG_TDB_CTX(info->etdb) );
470 /********************************************************************
471 _eventlog_ClearEventLogW
472 This call still needs some work
473 ********************************************************************/
474 /** The windows client seems to be doing something funny with the file name
476 ClearEventLog(handle, "backup_file")
477 on the client side will result in the backup file name looking like this on the
479 \??\${CWD of client}\backup_file
480 If an absolute path gets specified, such as
481 ClearEventLog(handle, "C:\\temp\\backup_file")
482 then it is still mangled by the client into this:
483 \??\C:\temp\backup_file
484 when it is on the wire.
485 I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
486 would be added in given that the backup file gets written on the server side. */
488 NTSTATUS _eventlog_ClearEventLogW(struct pipes_struct *p,
489 struct eventlog_ClearEventLogW *r)
491 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
494 return NT_STATUS_INVALID_HANDLE;
496 if (r->in.backupfile && r->in.backupfile->string) {
498 DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
499 "file name for log [%s].",
500 r->in.backupfile->string, info->logname ) );
503 /* check for WRITE access to the file */
505 if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
506 return NT_STATUS_ACCESS_DENIED;
508 /* Force a close and reopen */
510 elog_close_tdb( info->etdb, True );
512 info->etdb = elog_open_tdb( info->logname, True, False );
516 return NT_STATUS_ACCESS_DENIED;
521 /********************************************************************
522 _eventlog_CloseEventLog
523 ********************************************************************/
525 NTSTATUS _eventlog_CloseEventLog(struct pipes_struct * p,
526 struct eventlog_CloseEventLog *r)
530 status = elog_close( p, r->in.handle );
531 if (!NT_STATUS_IS_OK(status)) {
535 ZERO_STRUCTP(r->out.handle);
540 /********************************************************************
541 _eventlog_ReadEventLogW
542 ********************************************************************/
544 NTSTATUS _eventlog_ReadEventLogW(struct pipes_struct *p,
545 struct eventlog_ReadEventLogW *r)
547 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
548 uint32_t num_records_read = 0;
549 int bytes_left, record_number;
550 uint32_t elog_read_type, elog_read_dir;
553 return NT_STATUS_INVALID_HANDLE;
556 info->flags = r->in.flags;
557 bytes_left = r->in.number_of_bytes;
560 return NT_STATUS_ACCESS_DENIED;
563 /* check for valid flags. Can't use the sequential and seek flags together */
565 elog_read_type = r->in.flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
566 elog_read_dir = r->in.flags & (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ);
568 if (r->in.flags == 0 ||
569 elog_read_type == (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ) ||
570 elog_read_dir == (EVENTLOG_FORWARDS_READ|EVENTLOG_BACKWARDS_READ))
572 DEBUG(3,("_eventlog_ReadEventLogW: "
573 "Invalid flags [0x%08x] for ReadEventLog\n",
575 return NT_STATUS_INVALID_PARAMETER;
578 /* a sequential read should ignore the offset */
580 if (elog_read_type & EVENTLOG_SEQUENTIAL_READ) {
581 record_number = info->current_record;
583 record_number = r->in.offset;
586 if (r->in.number_of_bytes == 0) {
587 struct EVENTLOGRECORD *e;
588 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
591 return NT_STATUS_END_OF_FILE;
593 *r->out.real_size = e->Length;
594 return NT_STATUS_BUFFER_TOO_SMALL;
597 while (bytes_left > 0) {
600 enum ndr_err_code ndr_err;
601 struct EVENTLOGRECORD *e;
603 e = evlog_pull_record(p->mem_ctx, ELOG_TDB_CTX(info->etdb),
609 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, e,
610 (ndr_push_flags_fn_t)ndr_push_EVENTLOGRECORD);
611 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
612 return ndr_map_error2ntstatus(ndr_err);
615 if (DEBUGLEVEL >= 10) {
616 NDR_PRINT_DEBUG(EVENTLOGRECORD, e);
619 if (blob.length > r->in.number_of_bytes) {
620 *r->out.real_size = blob.length;
621 return NT_STATUS_BUFFER_TOO_SMALL;
624 if (*r->out.sent_size + blob.length > r->in.number_of_bytes) {
628 bytes_left -= blob.length;
630 if (info->flags & EVENTLOG_FORWARDS_READ) {
636 /* update the eventlog record pointer */
638 info->current_record = record_number;
640 memcpy(&r->out.data[*(r->out.sent_size)],
641 blob.data, blob.length);
642 *(r->out.sent_size) += blob.length;
647 if (r->in.offset == 0 && record_number == 0 && *r->out.sent_size == 0) {
648 return NT_STATUS_END_OF_FILE;
654 /********************************************************************
655 _eventlog_GetOldestRecord
656 ********************************************************************/
658 NTSTATUS _eventlog_GetOldestRecord(struct pipes_struct *p,
659 struct eventlog_GetOldestRecord *r)
661 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
664 return NT_STATUS_INVALID_HANDLE;
667 if ( !( get_oldest_entry_hook( info ) ) )
668 return NT_STATUS_ACCESS_DENIED;
670 *r->out.oldest_entry = info->oldest_entry;
675 /********************************************************************
676 _eventlog_GetNumRecords
677 ********************************************************************/
679 NTSTATUS _eventlog_GetNumRecords(struct pipes_struct *p,
680 struct eventlog_GetNumRecords *r)
682 EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
685 return NT_STATUS_INVALID_HANDLE;
688 if ( !( get_num_records_hook( info ) ) )
689 return NT_STATUS_ACCESS_DENIED;
691 *r->out.number = info->num_records;
696 NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r)
698 p->rng_fault_state = True;
699 return NT_STATUS_NOT_IMPLEMENTED;
702 /********************************************************************
703 _eventlog_GetLogInformation
704 ********************************************************************/
706 NTSTATUS _eventlog_GetLogInformation(struct pipes_struct *p,
707 struct eventlog_GetLogInformation *r)
709 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
710 struct EVENTLOG_FULL_INFORMATION f;
711 enum ndr_err_code ndr_err;
715 return NT_STATUS_INVALID_HANDLE;
718 if (r->in.level != 0) {
719 return NT_STATUS_INVALID_LEVEL;
722 *r->out.bytes_needed = 4;
724 if (r->in.buf_size < 4) {
725 return NT_STATUS_BUFFER_TOO_SMALL;
728 /* FIXME: this should be retrieved from the handle */
731 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &f,
732 (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
733 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
734 return ndr_map_error2ntstatus(ndr_err);
737 if (DEBUGLEVEL >= 10) {
738 NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
741 memcpy(r->out.buffer, blob.data, 4);
746 /********************************************************************
747 _eventlog_FlushEventLog
748 ********************************************************************/
750 NTSTATUS _eventlog_FlushEventLog(struct pipes_struct *p,
751 struct eventlog_FlushEventLog *r)
753 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
755 return NT_STATUS_INVALID_HANDLE;
758 return NT_STATUS_ACCESS_DENIED;
761 /********************************************************************
762 ********************************************************************/
764 static NTSTATUS evlog_report_to_record(TALLOC_CTX *mem_ctx,
765 const struct eventlog_ReportEventW *r,
767 struct EVENTLOGRECORD *e)
772 e->TimeGenerated = r->in.timestamp;
773 e->TimeWritten = time(NULL);
774 e->EventID = r->in.event_id;
775 e->EventType = r->in.event_type;
776 e->NumStrings = r->in.num_of_strings;
777 e->EventCategory = r->in.event_category;
778 e->ReservedFlags = r->in.flags;
779 e->DataLength = r->in.data_size;
780 e->SourceName = talloc_strdup(mem_ctx, logname);
781 NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
782 if (r->in.servername->string) {
783 e->Computername = r->in.servername->string;
785 e->Computername = talloc_strdup(mem_ctx, "");
786 NT_STATUS_HAVE_NO_MEMORY(e->Computername);
788 if (r->in.user_sid) {
789 e->UserSid = *r->in.user_sid;
791 e->Strings = talloc_array(mem_ctx, const char *, e->NumStrings);
792 NT_STATUS_HAVE_NO_MEMORY(e->Strings);
794 for (i=0; i < e->NumStrings; i++) {
795 e->Strings[i] = talloc_strdup(e->Strings,
796 r->in.strings[i]->string);
797 NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
799 e->Data = r->in.data;
804 /********************************************************************
805 _eventlog_ReportEventW
806 ********************************************************************/
808 NTSTATUS _eventlog_ReportEventW(struct pipes_struct *p,
809 struct eventlog_ReportEventW *r)
812 struct EVENTLOGRECORD record;
814 EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
816 return NT_STATUS_INVALID_HANDLE;
819 status = evlog_report_to_record(p->mem_ctx, r, info->logname, &record);
820 if (!NT_STATUS_IS_OK(status)) {
824 status = evlog_push_record(p->mem_ctx,
825 ELOG_TDB_CTX(info->etdb),
827 r->out.record_number);
828 if (!NT_STATUS_IS_OK(status)) {
835 /********************************************************************
836 ********************************************************************/
838 NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p,
839 struct eventlog_DeregisterEventSource *r)
841 p->rng_fault_state = True;
842 return NT_STATUS_NOT_IMPLEMENTED;
845 NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p,
846 struct eventlog_ChangeNotify *r)
848 p->rng_fault_state = True;
849 return NT_STATUS_NOT_IMPLEMENTED;
852 NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p,
853 struct eventlog_RegisterEventSourceW *r)
855 p->rng_fault_state = True;
856 return NT_STATUS_NOT_IMPLEMENTED;
859 NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p,
860 struct eventlog_OpenBackupEventLogW *r)
862 p->rng_fault_state = True;
863 return NT_STATUS_NOT_IMPLEMENTED;
866 NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p,
867 struct eventlog_ClearEventLogA *r)
869 p->rng_fault_state = True;
870 return NT_STATUS_NOT_IMPLEMENTED;
873 NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p,
874 struct eventlog_BackupEventLogA *r)
876 p->rng_fault_state = True;
877 return NT_STATUS_NOT_IMPLEMENTED;
880 NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p,
881 struct eventlog_OpenEventLogA *r)
883 p->rng_fault_state = True;
884 return NT_STATUS_NOT_IMPLEMENTED;
887 NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p,
888 struct eventlog_RegisterEventSourceA *r)
890 p->rng_fault_state = True;
891 return NT_STATUS_NOT_IMPLEMENTED;
894 NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p,
895 struct eventlog_OpenBackupEventLogA *r)
897 p->rng_fault_state = True;
898 return NT_STATUS_NOT_IMPLEMENTED;
901 NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p,
902 struct eventlog_ReadEventLogA *r)
904 p->rng_fault_state = True;
905 return NT_STATUS_NOT_IMPLEMENTED;
908 NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p,
909 struct eventlog_ReportEventA *r)
911 p->rng_fault_state = True;
912 return NT_STATUS_NOT_IMPLEMENTED;
915 NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p,
916 struct eventlog_RegisterClusterSvc *r)
918 p->rng_fault_state = True;
919 return NT_STATUS_NOT_IMPLEMENTED;
922 NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p,
923 struct eventlog_DeregisterClusterSvc *r)
925 p->rng_fault_state = True;
926 return NT_STATUS_NOT_IMPLEMENTED;
929 NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p,
930 struct eventlog_WriteClusterEvents *r)
932 p->rng_fault_state = True;
933 return NT_STATUS_NOT_IMPLEMENTED;
936 NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p,
937 struct eventlog_ReportEventAndSourceW *r)
939 p->rng_fault_state = True;
940 return NT_STATUS_NOT_IMPLEMENTED;