search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Release 1.6-rc2.
[wine/testsucceed.git] / dlls / advapi32 / tests / eventlog.c
blobb0283544c5b912afb0a765256f19215a6f36fbf8
1 /*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22
23 #include "windef.h"
24 #include "winbase.h"
25 #include "winerror.h"
26 #include "winnt.h"
27 #include "winreg.h"
28 #include "sddl.h"
29
30 #include "wine/test.h"
31
32 static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
33 static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
34
35 static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
36 static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
37 static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
38
39 static void init_function_pointers(void)
40 {
41 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
42 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
43
44 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
45 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
46
47 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
48 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
49 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
50 }
51
52 static void create_backup(const char *filename)
53 {
54 HANDLE handle;
55
56 DeleteFileA(filename);
57 handle = OpenEventLogA(NULL, "Application");
58 BackupEventLogA(handle, filename);
59 CloseEventLog(handle);
60
61 todo_wine
62 ok(GetFileAttributesA(filename) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
63 }
64
65 static void test_open_close(void)
66 {
67 HANDLE handle;
68 BOOL ret;
69
70 SetLastError(0xdeadbeef);
71 ret = CloseEventLog(NULL);
72 ok(!ret, "Expected failure\n");
73 ok(GetLastError() == ERROR_INVALID_HANDLE ||
74 GetLastError() == ERROR_NOACCESS, /* W2K */
75 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
76
77 SetLastError(0xdeadbeef);
78 handle = OpenEventLogA(NULL, NULL);
79 ok(handle == NULL, "Didn't expect a handle\n");
80 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
81
82 SetLastError(0xdeadbeef);
83 handle = OpenEventLogA("IDontExist", NULL);
84 ok(handle == NULL, "Didn't expect a handle\n");
85 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
86
87 SetLastError(0xdeadbeef);
88 handle = OpenEventLogA("IDontExist", "deadbeef");
89 ok(handle == NULL, "Didn't expect a handle\n");
90 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
91 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
92 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
93
94 /* This one opens the Application log */
95 handle = OpenEventLogA(NULL, "deadbeef");
96 ok(handle != NULL, "Expected a handle\n");
97 ret = CloseEventLog(handle);
98 ok(ret, "Expected success\n");
99 /* Close a second time */
100 SetLastError(0xdeadbeef);
101 ret = CloseEventLog(handle);
102 todo_wine
103 {
104 ok(!ret, "Expected failure\n");
105 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
106 }
107
108 /* Empty servername should be read as local server */
109 handle = OpenEventLogA("", "Application");
110 ok(handle != NULL, "Expected a handle\n");
111 CloseEventLog(handle);
112
113 handle = OpenEventLogA(NULL, "Application");
114 ok(handle != NULL, "Expected a handle\n");
115 CloseEventLog(handle);
116 }
117
118 static void test_info(void)
119 {
120 HANDLE handle;
121 BOOL ret;
122 DWORD needed;
123 EVENTLOG_FULL_INFORMATION efi;
124
125 if (!pGetEventLogInformation)
126 {
127 /* NT4 */
128 win_skip("GetEventLogInformation is not available\n");
129 return;
130 }
131 SetLastError(0xdeadbeef);
132 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
133 ok(!ret, "Expected failure\n");
134 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
135
136 SetLastError(0xdeadbeef);
137 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
138 ok(!ret, "Expected failure\n");
139 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
140
141 handle = OpenEventLogA(NULL, "Application");
142
143 SetLastError(0xdeadbeef);
144 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
145 ok(!ret, "Expected failure\n");
146 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
147
148 SetLastError(0xdeadbeef);
149 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
150 ok(!ret, "Expected failure\n");
151 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
152
153 SetLastError(0xdeadbeef);
154 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, 0, NULL);
155 ok(!ret, "Expected failure\n");
156 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
157
158 SetLastError(0xdeadbeef);
159 needed = 0xdeadbeef;
160 efi.dwFull = 0xdeadbeef;
161 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, 0, &needed);
162 ok(!ret, "Expected failure\n");
163 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
164 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
165 ok(efi.dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
166
167 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
168 efi.dwFull = 0xdeadbeef;
169 needed *= 2;
170 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, (LPVOID)&efi, needed, &needed);
171 ok(ret, "Expected success\n");
172 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
173 ok(efi.dwFull == 0 || efi.dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi.dwFull);
174
175 CloseEventLog(handle);
176 }
177
178 static void test_count(void)
179 {
180 HANDLE handle;
181 BOOL ret;
182 DWORD count;
183 const char backup[] = "backup.evt";
184
185 SetLastError(0xdeadbeef);
186 ret = GetNumberOfEventLogRecords(NULL, NULL);
187 ok(!ret, "Expected failure\n");
188 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
189
190 SetLastError(0xdeadbeef);
191 count = 0xdeadbeef;
192 ret = GetNumberOfEventLogRecords(NULL, &count);
193 ok(!ret, "Expected failure\n");
194 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
195 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
196
197 handle = OpenEventLogA(NULL, "Application");
198
199 SetLastError(0xdeadbeef);
200 ret = GetNumberOfEventLogRecords(handle, NULL);
201 ok(!ret, "Expected failure\n");
202 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
203
204 count = 0xdeadbeef;
205 ret = GetNumberOfEventLogRecords(handle, &count);
206 ok(ret, "Expected success\n");
207 ok(count != 0xdeadbeef, "Expected the number of records\n");
208
209 CloseEventLog(handle);
210
211 /* Make a backup eventlog to work with */
212 create_backup(backup);
213
214 handle = OpenBackupEventLogA(NULL, backup);
215 todo_wine
216 ok(handle != NULL, "Expected a handle\n");
217
218 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
219 count = 0xdeadbeef;
220 ret = GetNumberOfEventLogRecords(handle, &count);
221 todo_wine
222 {
223 ok(ret, "Expected success\n");
224 ok(count != 0xdeadbeef, "Expected the number of records\n");
225 }
226
227 CloseEventLog(handle);
228 DeleteFileA(backup);
229 }
230
231 static void test_oldest(void)
232 {
233 HANDLE handle;
234 BOOL ret;
235 DWORD oldest;
236 const char backup[] = "backup.evt";
237
238 SetLastError(0xdeadbeef);
239 ret = GetOldestEventLogRecord(NULL, NULL);
240 ok(!ret, "Expected failure\n");
241 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
242
243 SetLastError(0xdeadbeef);
244 oldest = 0xdeadbeef;
245 ret = GetOldestEventLogRecord(NULL, &oldest);
246 ok(!ret, "Expected failure\n");
247 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
248 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
249
250 handle = OpenEventLogA(NULL, "Application");
251
252 SetLastError(0xdeadbeef);
253 ret = GetOldestEventLogRecord(handle, NULL);
254 ok(!ret, "Expected failure\n");
255 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
256
257 oldest = 0xdeadbeef;
258 ret = GetOldestEventLogRecord(handle, &oldest);
259 ok(ret, "Expected success\n");
260 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
261
262 CloseEventLog(handle);
263
264 /* Make a backup eventlog to work with */
265 create_backup(backup);
266
267 handle = OpenBackupEventLogA(NULL, backup);
268 todo_wine
269 ok(handle != NULL, "Expected a handle\n");
270
271 /* Does GetOldestEventLogRecord work with backup eventlogs? */
272 oldest = 0xdeadbeef;
273 ret = GetOldestEventLogRecord(handle, &oldest);
274 todo_wine
275 {
276 ok(ret, "Expected success\n");
277 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
278 }
279
280 CloseEventLog(handle);
281 DeleteFileA(backup);
282 }
283
284 static void test_backup(void)
285 {
286 HANDLE handle;
287 BOOL ret;
288 const char backup[] = "backup.evt";
289 const char backup2[] = "backup2.evt";
290
291 SetLastError(0xdeadbeef);
292 ret = BackupEventLogA(NULL, NULL);
293 ok(!ret, "Expected failure\n");
294 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
295
296 SetLastError(0xdeadbeef);
297 ret = BackupEventLogA(NULL, backup);
298 ok(!ret, "Expected failure\n");
299 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
300
301 handle = OpenEventLogA(NULL, "Application");
302
303 SetLastError(0xdeadbeef);
304 ret = BackupEventLogA(handle, NULL);
305 ok(!ret, "Expected failure\n");
306 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
307
308 ret = BackupEventLogA(handle, backup);
309 ok(ret, "Expected success\n");
310 todo_wine
311 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
312
313 /* Try to overwrite */
314 SetLastError(0xdeadbeef);
315 ret = BackupEventLogA(handle, backup);
316 todo_wine
317 {
318 ok(!ret, "Expected failure\n");
319 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
320 }
321
322 CloseEventLog(handle);
323
324 /* Can we make a backup of a backup? */
325 handle = OpenBackupEventLogA(NULL, backup);
326 todo_wine
327 ok(handle != NULL, "Expected a handle\n");
328
329 ret = BackupEventLogA(handle, backup2);
330 todo_wine
331 {
332 ok(ret, "Expected success\n");
333 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
334 }
335
336 CloseEventLog(handle);
337 DeleteFileA(backup);
338 DeleteFileA(backup2);
339 }
340
341 static void test_read(void)
342 {
343 HANDLE handle;
344 BOOL ret;
345 DWORD count, toread, read, needed;
346 void *buf;
347
348 SetLastError(0xdeadbeef);
349 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
350 ok(!ret, "Expected failure\n");
351 todo_wine
352 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
353
354 read = 0xdeadbeef;
355 SetLastError(0xdeadbeef);
356 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
357 ok(!ret, "Expected failure\n");
358 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
359 todo_wine
360 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
361
362 needed = 0xdeadbeef;
363 SetLastError(0xdeadbeef);
364 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
365 ok(!ret, "Expected failure\n");
366 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
367 todo_wine
368 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
369
370 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
371 SetLastError(0xdeadbeef);
372 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
373 ok(!ret, "Expected failure\n");
374 todo_wine
375 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
376
377 SetLastError(0xdeadbeef);
378 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL);
379 ok(!ret, "Expected failure\n");
380 todo_wine
381 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
382
383 SetLastError(0xdeadbeef);
384 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed);
385 ok(!ret, "Expected failure\n");
386 todo_wine
387 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
388
389 buf = NULL;
390 SetLastError(0xdeadbeef);
391 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
392 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
393 ok(!ret, "Expected failure\n");
394 todo_wine
395 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
396
397 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
398 SetLastError(0xdeadbeef);
399 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
400 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
401 ok(!ret, "Expected failure\n");
402 todo_wine
403 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
404 HeapFree(GetProcessHeap(), 0, buf);
405
406 handle = OpenEventLogA(NULL, "Application");
407
408 /* Show that we need the proper dwFlags with a (for the rest) proper call */
409 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
410
411 SetLastError(0xdeadbeef);
412 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
413 ok(!ret, "Expected failure\n");
414 todo_wine
415 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
416
417 SetLastError(0xdeadbeef);
418 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
419 ok(!ret, "Expected failure\n");
420 todo_wine
421 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
422
423 SetLastError(0xdeadbeef);
424 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
425 ok(!ret, "Expected failure\n");
426 todo_wine
427 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
428
429 SetLastError(0xdeadbeef);
430 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
431 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
432 ok(!ret, "Expected failure\n");
433 todo_wine
434 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
435
436 SetLastError(0xdeadbeef);
437 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
438 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
439 ok(!ret, "Expected failure\n");
440 todo_wine
441 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
442
443 SetLastError(0xdeadbeef);
444 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
445 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
446 ok(!ret, "Expected failure\n");
447 todo_wine
448 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
449
450 HeapFree(GetProcessHeap(), 0, buf);
451
452 /* First check if there are any records (in practice only on Wine: FIXME) */
453 count = 0;
454 GetNumberOfEventLogRecords(handle, &count);
455 if (!count)
456 {
457 skip("No records in the 'Application' log\n");
458 CloseEventLog(handle);
459 return;
460 }
461
462 /* Get the buffer size for the first record */
463 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
464 read = needed = 0xdeadbeef;
465 SetLastError(0xdeadbeef);
466 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
467 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
468 ok(!ret, "Expected failure\n");
469 ok(read == 0, "Expected no bytes read\n");
470 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
471 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
472
473 /* Read the first record */
474 toread = needed;
475 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
476 read = needed = 0xdeadbeef;
477 SetLastError(0xdeadbeef);
478 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed);
479 ok(ret, "Expected success\n");
480 ok(read == toread ||
481 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
482 "Expected the requested size to be read\n");
483 ok(needed == 0, "Expected no extra bytes to be read\n");
484 HeapFree(GetProcessHeap(), 0, buf);
485
486 CloseEventLog(handle);
487 }
488
489 static void test_openbackup(void)
490 {
491 HANDLE handle, handle2, file;
492 DWORD written;
493 const char backup[] = "backup.evt";
494 const char text[] = "Just some text";
495
496 SetLastError(0xdeadbeef);
497 handle = OpenBackupEventLogA(NULL, NULL);
498 ok(handle == NULL, "Didn't expect a handle\n");
499 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
500
501 SetLastError(0xdeadbeef);
502 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
503 ok(handle == NULL, "Didn't expect a handle\n");
504 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
505
506 SetLastError(0xdeadbeef);
507 handle = OpenBackupEventLogA("IDontExist", NULL);
508 ok(handle == NULL, "Didn't expect a handle\n");
509 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
510
511 SetLastError(0xdeadbeef);
512 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
513 ok(handle == NULL, "Didn't expect a handle\n");
514 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
515 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
516 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
517
518 /* Make a backup eventlog to work with */
519 create_backup(backup);
520
521 /* FIXME: Wine stops here */
522 if (GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES)
523 {
524 skip("We don't have a backup eventlog to work with\n");
525 return;
526 }
527
528 SetLastError(0xdeadbeef);
529 handle = OpenBackupEventLogA("IDontExist", backup);
530 ok(handle == NULL, "Didn't expect a handle\n");
531 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
532 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
533 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
534
535 /* Empty servername should be read as local server */
536 handle = OpenBackupEventLogA("", backup);
537 ok(handle != NULL, "Expected a handle\n");
538 CloseEventLog(handle);
539
540 handle = OpenBackupEventLogA(NULL, backup);
541 ok(handle != NULL, "Expected a handle\n");
542
543 /* Can we open that same backup eventlog more than once? */
544 handle2 = OpenBackupEventLogA(NULL, backup);
545 ok(handle2 != NULL, "Expected a handle\n");
546 ok(handle2 != handle, "Didn't expect the same handle\n");
547 CloseEventLog(handle2);
548
549 CloseEventLog(handle);
550 DeleteFileA(backup);
551
552 /* Is there any content checking done? */
553 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
554 CloseHandle(file);
555 SetLastError(0xdeadbeef);
556 handle = OpenBackupEventLogA(NULL, backup);
557 ok(handle == NULL, "Didn't expect a handle\n");
558 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY ||
559 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
560 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
561 CloseEventLog(handle);
562 DeleteFileA(backup);
563
564 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
565 WriteFile(file, text, sizeof(text), &written, NULL);
566 CloseHandle(file);
567 SetLastError(0xdeadbeef);
568 handle = OpenBackupEventLogA(NULL, backup);
569 ok(handle == NULL, "Didn't expect a handle\n");
570 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
571 CloseEventLog(handle);
572 DeleteFileA(backup);
573 }
574
575 static void test_clear(void)
576 {
577 HANDLE handle;
578 BOOL ret;
579 const char backup[] = "backup.evt";
580 const char backup2[] = "backup2.evt";
581
582 SetLastError(0xdeadbeef);
583 ret = ClearEventLogA(NULL, NULL);
584 ok(!ret, "Expected failure\n");
585 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
586
587 /* Make a backup eventlog to work with */
588 create_backup(backup);
589
590 SetLastError(0xdeadbeef);
591 ret = ClearEventLogA(NULL, backup);
592 ok(!ret, "Expected failure\n");
593 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
594
595 handle = OpenBackupEventLogA(NULL, backup);
596 todo_wine
597 ok(handle != NULL, "Expected a handle\n");
598
599 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
600 SetLastError(0xdeadbeef);
601 ret = ClearEventLogA(handle, backup);
602 ok(!ret, "Expected failure\n");
603 /* The eventlog service runs under an account that doesn't have the necessary
604 * permissions on the users home directory on a default Vista+ system.
605 */
606 ok(GetLastError() == ERROR_INVALID_HANDLE ||
607 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
608 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
609
610 /* Show that ClearEventLog only works for real eventlogs. */
611 SetLastError(0xdeadbeef);
612 ret = ClearEventLogA(handle, backup2);
613 ok(!ret, "Expected failure\n");
614 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
615 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
616
617 SetLastError(0xdeadbeef);
618 ret = ClearEventLogA(handle, NULL);
619 ok(!ret, "Expected failure\n");
620 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
621
622 CloseEventLog(handle);
623 todo_wine
624 ok(DeleteFileA(backup), "Could not delete the backup file\n");
625 }
626
627 static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
628 static const char eventlogname[] = "Wine";
629 static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
630
631 static BOOL create_new_eventlog(void)
632 {
633 HKEY key, eventkey;
634 BOOL bret = FALSE;
635 LONG lret;
636 DWORD i;
637
638 /* First create our eventlog */
639 lret = RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
640 if (lret != ERROR_SUCCESS)
641 {
642 skip("Could not open the EventLog service registry key\n");
643 return FALSE;
644 }
645 lret = RegCreateKeyA(key, eventlogname, &eventkey);
646 if (lret != ERROR_SUCCESS)
647 {
648 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
649 goto cleanup;
650 }
651
652 /* Create some event sources, the registry value 'Sources' is updated automatically */
653 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
654 {
655 HKEY srckey;
656
657 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
658 if (lret != ERROR_SUCCESS)
659 {
660 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
661 goto cleanup;
662 }
663 RegFlushKey(srckey);
664 RegCloseKey(srckey);
665 }
666
667 bret = TRUE;
668
669 /* The flushing of the registry (here and above) gives us some assurance
670 * that we are not to quickly writing events as 'Sources' could still be
671 * not updated.
672 */
673 RegFlushKey(eventkey);
674 cleanup:
675 RegCloseKey(eventkey);
676 RegCloseKey(key);
677
678 return bret;
679 }
680
681 static const char *one_string[] = { "First string" };
682 static const char *two_strings[] = { "First string", "Second string" };
683 static const struct
684 {
685 const char *evt_src;
686 WORD evt_type;
687 WORD evt_cat;
688 DWORD evt_id;
689 BOOL evt_sid;
690 WORD evt_numstrings;
691 const char **evt_strings;
692 } read_write [] =
693 {
694 { eventlogname, EVENTLOG_INFORMATION_TYPE, 1, 1, FALSE, 1, one_string },
695 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
696 { eventsources[1], EVENTLOG_AUDIT_FAILURE, 1, 3, FALSE, 2, two_strings },
697 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
698 { eventsources[3], EVENTLOG_WARNING_TYPE, 1, 5, FALSE, 1, one_string },
699 { eventlogname, EVENTLOG_SUCCESS, 2, 6, TRUE, 2, two_strings },
700 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
701 { eventsources[1], EVENTLOG_AUDIT_SUCCESS, 2, 8, TRUE, 2, two_strings },
702 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
703 { eventsources[3], EVENTLOG_ERROR_TYPE, 2, 10, TRUE, 1, one_string }
704 };
705
706 static void test_readwrite(void)
707 {
708 HANDLE handle;
709 PSID user;
710 DWORD sidsize, count;
711 BOOL ret, sidavailable;
712 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
713 DWORD i;
714 char *localcomputer = NULL;
715 DWORD size;
716
717 if (pCreateWellKnownSid)
718 {
719 sidsize = SECURITY_MAX_SID_SIZE;
720 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
721 SetLastError(0xdeadbeef);
722 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
723 sidavailable = TRUE;
724 }
725 else
726 {
727 win_skip("Skipping some SID related tests\n");
728 sidavailable = FALSE;
729 user = NULL;
730 }
731
732 /* Write an event with an incorrect event type. This will fail on Windows 7
733 * but succeed on all others, hence it's not part of the struct.
734 */
735 handle = OpenEventLogA(NULL, eventlogname);
736 if (!handle)
737 {
738 /* Intermittently seen on NT4 when tests are run immediately after boot */
739 win_skip("Could not get a handle to the eventlog\n");
740 goto cleanup;
741 }
742
743 count = 0xdeadbeef;
744 GetNumberOfEventLogRecords(handle, &count);
745 if (count != 0)
746 {
747 /* Needed for W2K3 without a service pack */
748 win_skip("We most likely opened the Application eventlog\n");
749 CloseEventLog(handle);
750 Sleep(2000);
751
752 handle = OpenEventLogA(NULL, eventlogname);
753 count = 0xdeadbeef;
754 GetNumberOfEventLogRecords(handle, &count);
755 if (count != 0)
756 {
757 win_skip("We didn't open our new eventlog\n");
758 CloseEventLog(handle);
759 goto cleanup;
760 }
761 }
762
763 SetLastError(0xdeadbeef);
764 ret = ReportEvent(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
765 if (!ret && GetLastError() == ERROR_CRC)
766 {
767 win_skip("Win7 fails when using incorrect event types\n");
768 ret = ReportEvent(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
769 ok(ret, "Expected success : %d\n", GetLastError());
770 }
771 else
772 {
773 void *buf;
774 DWORD read, needed = 0;
775 EVENTLOGRECORD *record;
776
777 ok(ret, "Expected success : %d\n", GetLastError());
778
779 /* Needed to catch earlier Vista (with no ServicePack for example) */
780 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
781 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
782 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
783 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
784 {
785 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
786 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
787 0, buf, needed, &read, &needed);
788 }
789 if (ret)
790 {
791 record = (EVENTLOGRECORD *)buf;
792
793 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
794 * the written eventtype (0x20 in this case).
795 */
796 if (record->EventType == EVENTLOG_SUCCESS)
797 on_vista = TRUE;
798 }
799 HeapFree(GetProcessHeap(), 0, buf);
800 }
801
802 /* This will clear the eventlog. The record numbering for new
803 * events however differs on Vista SP1+. Before Vista the first
804 * event would be numbered 1, on Vista SP1+ it's higher as we already
805 * had at least one event (more in case of multiple test runs without
806 * a reboot).
807 */
808 ClearEventLogA(handle, NULL);
809 CloseEventLog(handle);
810
811 /* Write a bunch of events while using different event sources */
812 for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
813 {
814 DWORD oldest;
815 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
816
817 /* We don't need to use RegisterEventSource to report events */
818 if (i % 2)
819 handle = OpenEventLogA(NULL, read_write[i].evt_src);
820 else
821 handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
822 ok(handle != NULL, "Expected a handle\n");
823
824 SetLastError(0xdeadbeef);
825 ret = ReportEvent(handle, read_write[i].evt_type, read_write[i].evt_cat,
826 read_write[i].evt_id, run_sidtests ? user : NULL,
827 read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
828 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
829
830 count = 0xdeadbeef;
831 SetLastError(0xdeadbeef);
832 ret = GetNumberOfEventLogRecords(handle, &count);
833 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
834 todo_wine
835 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
836
837 oldest = 0xdeadbeef;
838 ret = GetOldestEventLogRecord(handle, &oldest);
839 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
840 todo_wine
841 ok(oldest == 1 ||
842 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
843 "Expected oldest to be 1 or higher, got %d\n", oldest);
844 if (oldest > 1 && oldest != 0xdeadbeef)
845 on_vista = TRUE;
846
847 SetLastError(0xdeadbeef);
848 if (i % 2)
849 ret = CloseEventLog(handle);
850 else
851 ret = DeregisterEventSource(handle);
852 ok(ret, "Expected success : %d\n", GetLastError());
853 }
854
855 handle = OpenEventLogA(NULL, eventlogname);
856 count = 0xdeadbeef;
857 ret = GetNumberOfEventLogRecords(handle, &count);
858 ok(ret, "Expected success\n");
859 todo_wine
860 ok(count == i, "Expected %d records, got %d\n", i, count);
861 CloseEventLog(handle);
862
863 if (count == 0)
864 {
865 skip("No events were written to the eventlog\n");
866 goto cleanup;
867 }
868
869 /* Report only once */
870 if (on_vista)
871 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
872
873 if (on_vista && pGetComputerNameExA)
874 {
875 /* New Vista+ behavior */
876 size = 0;
877 SetLastError(0xdeadbeef);
878 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
879 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
880 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
881 }
882 else
883 {
884 size = MAX_COMPUTERNAME_LENGTH + 1;
885 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
886 GetComputerNameA(localcomputer, &size);
887 }
888
889 /* Read all events from our created eventlog, one by one */
890 handle = OpenEventLogA(NULL, eventlogname);
891 i = 0;
892 for (;;)
893 {
894 void *buf;
895 DWORD read, needed;
896 EVENTLOGRECORD *record;
897 char *sourcename, *computername;
898 int k;
899 char *ptr;
900 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
901
902 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
903 SetLastError(0xdeadbeef);
904 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
905 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
906 if (!ret && GetLastError() == ERROR_HANDLE_EOF)
907 {
908 HeapFree(GetProcessHeap(), 0, buf);
909 break;
910 }
911 ok(!ret, "Expected failure\n");
912 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
913 "Expected ERROR_INVALID_PARAMETER, got %d\n",GetLastError());
914
915 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
916 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
917 0, buf, needed, &read, &needed);
918 ok(ret, "Expected success: %d\n", GetLastError());
919
920 record = (EVENTLOGRECORD *)buf;
921
922 ok(record->Length == read,
923 "Expected %d, got %d\n", read, record->Length);
924 ok(record->Reserved == 0x654c664c,
925 "Expected 0x654c664c, got %d\n", record->Reserved);
926 ok(record->RecordNumber == i + 1 ||
927 (on_vista && (record->RecordNumber > i + 1)),
928 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
929 ok(record->EventID == read_write[i].evt_id,
930 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
931 ok(record->EventType == read_write[i].evt_type,
932 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
933 ok(record->NumStrings == read_write[i].evt_numstrings,
934 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
935 ok(record->EventCategory == read_write[i].evt_cat,
936 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
937
938 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
939 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
940 read_write[i].evt_src, sourcename);
941
942 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
943 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
944 localcomputer, computername);
945
946 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
947 * no padding was actually required a 0 DWORD was still used for padding. No
948 * application should be relying on the padding as we are working with offsets
949 * anyway.
950 */
951
952 if (!on_vista)
953 {
954 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
955
956 /* We are already DWORD aligned, there should still be some padding */
957 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
958 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
959
960 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
961 }
962
963 if (run_sidtests)
964 {
965 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
966 }
967 else
968 {
969 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
970 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
971 }
972
973 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
974
975 ptr = (char *)((BYTE *)buf + record->StringOffset);
976 for (k = 0; k < record->NumStrings; k++)
977 {
978 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
979 ptr += lstrlenA(ptr) + 1;
980 }
981
982 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
983 "Expected the closing DWORD to contain the length of the record\n");
984
985 HeapFree(GetProcessHeap(), 0, buf);
986 i++;
987 }
988 CloseEventLog(handle);
989
990 /* Test clearing a real eventlog */
991 handle = OpenEventLogA(NULL, eventlogname);
992
993 SetLastError(0xdeadbeef);
994 ret = ClearEventLogA(handle, NULL);
995 ok(ret, "Expected success\n");
996
997 count = 0xdeadbeef;
998 ret = GetNumberOfEventLogRecords(handle, &count);
999 ok(ret, "Expected success\n");
1000 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1001
1002 CloseEventLog(handle);
1003
1004 cleanup:
1005 HeapFree(GetProcessHeap(), 0, localcomputer);
1006 HeapFree(GetProcessHeap(), 0, user);
1007 }
1008
1009 /* Before Vista:
1010 *
1011 * Creating an eventlog on Windows (via the registry) automatically leads
1012 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1013 * potential event sources for this eventlog. 'Sources' is automatically
1014 * updated when a new key (aka event source) is created.
1015 *
1016 * Although the updating of registry keys is almost instantaneously, we
1017 * check it after some other tests to assure we are not querying the
1018 * registry or file system to quickly.
1019 *
1020 * NT4 and higher:
1021 *
1022 * The eventlog file itself is also automatically created, even before we
1023 * start writing events.
1024 */
1025 static char eventlogfile[MAX_PATH];
1026 static void test_autocreation(void)
1027 {
1028 HKEY key, eventkey;
1029 DWORD type, size;
1030 LONG ret;
1031 int i;
1032 char *p;
1033 char sources[sizeof(eventsources)];
1034 char sysdir[MAX_PATH];
1035 void *redir = 0;
1036
1037 RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
1038 RegOpenKeyA(key, eventlogname, &eventkey);
1039
1040 size = sizeof(sources);
1041 sources[0] = 0;
1042 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1043 if (ret == ERROR_SUCCESS)
1044 {
1045 char sources_verify[sizeof(eventsources)];
1046
1047 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1048
1049 /* Build the expected string */
1050 memset(sources_verify, 0, sizeof(sources_verify));
1051 p = sources_verify;
1052 for (i = sizeof(eventsources)/sizeof(eventsources[0]); i > 0; i--)
1053 {
1054 lstrcpyA(p, eventsources[i - 1]);
1055 p += (lstrlenA(eventsources[i - 1]) + 1);
1056 }
1057 lstrcpyA(p, eventlogname);
1058
1059 ok(!memcmp(sources, sources_verify, size),
1060 "Expected a correct 'Sources' value (size : %d)\n", size);
1061 }
1062
1063 RegCloseKey(eventkey);
1064 RegCloseKey(key);
1065
1066 /* The directory that holds the eventlog files could be redirected */
1067 if (pWow64DisableWow64FsRedirection)
1068 pWow64DisableWow64FsRedirection(&redir);
1069
1070 /* On Windows we also automatically get an eventlog file */
1071 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1072
1073 /* NT4 - W2K3 */
1074 lstrcpyA(eventlogfile, sysdir);
1075 lstrcatA(eventlogfile, "\\config\\");
1076 lstrcatA(eventlogfile, eventlogname);
1077 lstrcatA(eventlogfile, ".evt");
1078
1079 if (GetFileAttributesA(eventlogfile) == INVALID_FILE_ATTRIBUTES)
1080 {
1081 /* Vista+ */
1082 lstrcpyA(eventlogfile, sysdir);
1083 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1084 lstrcatA(eventlogfile, eventlogname);
1085 lstrcatA(eventlogfile, ".evtx");
1086 }
1087
1088 todo_wine
1089 ok(GetFileAttributesA(eventlogfile) != INVALID_FILE_ATTRIBUTES,
1090 "Expected an eventlog file\n");
1091
1092 if (pWow64RevertWow64FsRedirection)
1093 pWow64RevertWow64FsRedirection(redir);
1094 }
1095
1096 static void cleanup_eventlog(void)
1097 {
1098 BOOL bret;
1099 LONG lret;
1100 HKEY key;
1101 DWORD i;
1102 char winesvc[MAX_PATH];
1103
1104 /* Delete the registry tree */
1105 lstrcpyA(winesvc, eventlogsvc);
1106 lstrcatA(winesvc, "\\");
1107 lstrcatA(winesvc, eventlogname);
1108
1109 RegOpenKeyA(HKEY_LOCAL_MACHINE, winesvc, &key);
1110 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
1111 RegDeleteKeyA(key, eventsources[i]);
1112 RegDeleteValueA(key, "Sources");
1113 RegCloseKey(key);
1114 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1115 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1116
1117 /* A handle to the eventlog is locked by services.exe. We can only
1118 * delete the eventlog file after reboot.
1119 */
1120 bret = MoveFileExA(eventlogfile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
1121 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1122 }
1123
1124 START_TEST(eventlog)
1125 {
1126 SetLastError(0xdeadbeef);
1127 CloseEventLog(NULL);
1128 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
1129 {
1130 win_skip("Event log functions are not implemented\n");
1131 return;
1132 }
1133
1134 init_function_pointers();
1135
1136 /* Parameters only */
1137 test_open_close();
1138 test_info();
1139 test_count();
1140 test_oldest();
1141 test_backup();
1142 test_openbackup();
1143 test_read();
1144 test_clear();
1145
1146 /* Functional tests */
1147 if (create_new_eventlog())
1148 {
1149 test_readwrite();
1150 test_autocreation();
1151 cleanup_eventlog();
1152 }
1153 }
Quick hack tree for wine patches julliard doesn't want to commit