search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
makefiles: Don't use standard libs for programs that specify -nodefaultlibs.
[wine/zf.git] / dlls / advapi32 / tests / eventlog.c
blob6722ea7d622a14e77e700648679343b8dd1cc9e5
1 /*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22
23 #include "initguid.h"
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winerror.h"
27 #include "winnt.h"
28 #include "winreg.h"
29 #include "sddl.h"
30 #include "wmistr.h"
31 #include "evntprov.h"
32 #include "evntrace.h"
33
34 #include "wine/test.h"
35
36 static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
37 static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
38 static ULONG (WINAPI *pEventRegister)(const GUID *,PENABLECALLBACK,void *,REGHANDLE *);
39 static ULONG (WINAPI *pEventUnregister)(REGHANDLE);
40 static ULONG (WINAPI *pEventWriteString)(REGHANDLE,UCHAR,ULONGLONG,const WCHAR *);
41
42 static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
43 static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
44 static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
45
46 static void init_function_pointers(void)
47 {
48 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
49 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
50
51 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
52 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
53 pEventWriteString = (void*)GetProcAddress(hadvapi32, "EventWriteString");
54 pEventRegister = (void*)GetProcAddress(hadvapi32, "EventRegister");
55 pEventUnregister = (void*)GetProcAddress(hadvapi32, "EventUnregister");
56
57 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
58 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
59 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
60 }
61
62 static BOOL create_backup(const char *filename)
63 {
64 HANDLE handle;
65 DWORD rc, attribs;
66
67 DeleteFileA(filename);
68 handle = OpenEventLogA(NULL, "Application");
69 rc = BackupEventLogA(handle, filename);
70 if (!rc && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
71 {
72 skip("insufficient privileges to backup the eventlog\n");
73 CloseEventLog(handle);
74 return FALSE;
75 }
76 ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError());
77 CloseEventLog(handle);
78
79 attribs = GetFileAttributesA(filename);
80 todo_wine
81 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError());
82 return TRUE;
83 }
84
85 static void test_open_close(void)
86 {
87 HANDLE handle;
88 BOOL ret;
89
90 SetLastError(0xdeadbeef);
91 ret = CloseEventLog(NULL);
92 ok(!ret, "Expected failure\n");
93 ok(GetLastError() == ERROR_INVALID_HANDLE ||
94 GetLastError() == ERROR_NOACCESS, /* W2K */
95 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
96
97 SetLastError(0xdeadbeef);
98 handle = OpenEventLogA(NULL, NULL);
99 ok(handle == NULL, "Didn't expect a handle\n");
100 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
101
102 SetLastError(0xdeadbeef);
103 handle = OpenEventLogA("IDontExist", NULL);
104 ok(handle == NULL, "Didn't expect a handle\n");
105 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
106
107 SetLastError(0xdeadbeef);
108 handle = OpenEventLogA("IDontExist", "deadbeef");
109 ok(handle == NULL, "Didn't expect a handle\n");
110 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
111 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
112 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
113
114 /* This one opens the Application log */
115 handle = OpenEventLogA(NULL, "deadbeef");
116 ok(handle != NULL, "Expected a handle\n");
117 ret = CloseEventLog(handle);
118 ok(ret, "Expected success\n");
119 /* Close a second time */
120 SetLastError(0xdeadbeef);
121 ret = CloseEventLog(handle);
122 todo_wine
123 {
124 ok(!ret, "Expected failure\n");
125 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
126 }
127
128 /* Empty servername should be read as local server */
129 handle = OpenEventLogA("", "Application");
130 ok(handle != NULL, "Expected a handle\n");
131 CloseEventLog(handle);
132
133 handle = OpenEventLogA(NULL, "Application");
134 ok(handle != NULL, "Expected a handle\n");
135 CloseEventLog(handle);
136 }
137
138 static void test_info(void)
139 {
140 HANDLE handle;
141 BOOL ret;
142 DWORD needed;
143 BYTE buffer[2 * sizeof(EVENTLOG_FULL_INFORMATION)];
144 EVENTLOG_FULL_INFORMATION *efi = (void *)buffer;
145
146 if (!pGetEventLogInformation)
147 {
148 /* NT4 */
149 win_skip("GetEventLogInformation is not available\n");
150 return;
151 }
152 SetLastError(0xdeadbeef);
153 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
154 ok(!ret, "Expected failure\n");
155 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
156
157 SetLastError(0xdeadbeef);
158 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
159 ok(!ret, "Expected failure\n");
160 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
161
162 handle = OpenEventLogA(NULL, "Application");
163
164 SetLastError(0xdeadbeef);
165 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
166 ok(!ret, "Expected failure\n");
167 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
168
169 SetLastError(0xdeadbeef);
170 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
171 ok(!ret, "Expected failure\n");
172 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
173
174 SetLastError(0xdeadbeef);
175 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL);
176 ok(!ret, "Expected failure\n");
177 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
178
179 SetLastError(0xdeadbeef);
180 needed = 0xdeadbeef;
181 efi->dwFull = 0xdeadbeef;
182 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed);
183 ok(!ret, "Expected failure\n");
184 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
185 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
186 ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
187
188 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
189 efi->dwFull = 0xdeadbeef;
190 needed = sizeof(buffer);
191 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed);
192 ok(ret, "Expected success\n");
193 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
194 ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi->dwFull);
195
196 CloseEventLog(handle);
197 }
198
199 static void test_count(void)
200 {
201 HANDLE handle;
202 BOOL ret;
203 DWORD count;
204 const char backup[] = "backup.evt";
205
206 SetLastError(0xdeadbeef);
207 ret = GetNumberOfEventLogRecords(NULL, NULL);
208 ok(!ret, "Expected failure\n");
209 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
210
211 SetLastError(0xdeadbeef);
212 count = 0xdeadbeef;
213 ret = GetNumberOfEventLogRecords(NULL, &count);
214 ok(!ret, "Expected failure\n");
215 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
216 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
217
218 handle = OpenEventLogA(NULL, "Application");
219
220 SetLastError(0xdeadbeef);
221 ret = GetNumberOfEventLogRecords(handle, NULL);
222 ok(!ret, "Expected failure\n");
223 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
224
225 count = 0xdeadbeef;
226 ret = GetNumberOfEventLogRecords(handle, &count);
227 ok(ret, "Expected success\n");
228 ok(count != 0xdeadbeef, "Expected the number of records\n");
229
230 CloseEventLog(handle);
231
232 /* Make a backup eventlog to work with */
233 if (create_backup(backup))
234 {
235 handle = OpenBackupEventLogA(NULL, backup);
236 todo_wine
237 ok(handle != NULL, "Expected a handle, le=%d\n", GetLastError());
238
239 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
240 count = 0xdeadbeef;
241 ret = GetNumberOfEventLogRecords(handle, &count);
242 todo_wine
243 {
244 ok(ret, "Expected success\n");
245 ok(count != 0xdeadbeef, "Expected the number of records\n");
246 }
247
248 CloseEventLog(handle);
249 DeleteFileA(backup);
250 }
251 }
252
253 static void test_oldest(void)
254 {
255 HANDLE handle;
256 BOOL ret;
257 DWORD oldest;
258 const char backup[] = "backup.evt";
259
260 SetLastError(0xdeadbeef);
261 ret = GetOldestEventLogRecord(NULL, NULL);
262 ok(!ret, "Expected failure\n");
263 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
264
265 SetLastError(0xdeadbeef);
266 oldest = 0xdeadbeef;
267 ret = GetOldestEventLogRecord(NULL, &oldest);
268 ok(!ret, "Expected failure\n");
269 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
270 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
271
272 handle = OpenEventLogA(NULL, "Application");
273
274 SetLastError(0xdeadbeef);
275 ret = GetOldestEventLogRecord(handle, NULL);
276 ok(!ret, "Expected failure\n");
277 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
278
279 oldest = 0xdeadbeef;
280 ret = GetOldestEventLogRecord(handle, &oldest);
281 ok(ret, "Expected success\n");
282 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
283
284 CloseEventLog(handle);
285
286 /* Make a backup eventlog to work with */
287 if (create_backup(backup))
288 {
289 handle = OpenBackupEventLogA(NULL, backup);
290 todo_wine
291 ok(handle != NULL, "Expected a handle\n");
292
293 /* Does GetOldestEventLogRecord work with backup eventlogs? */
294 oldest = 0xdeadbeef;
295 ret = GetOldestEventLogRecord(handle, &oldest);
296 todo_wine
297 {
298 ok(ret, "Expected success\n");
299 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
300 }
301
302 CloseEventLog(handle);
303 DeleteFileA(backup);
304 }
305 }
306
307 static void test_backup(void)
308 {
309 HANDLE handle;
310 BOOL ret;
311 const char backup[] = "backup.evt";
312 const char backup2[] = "backup2.evt";
313
314 SetLastError(0xdeadbeef);
315 ret = BackupEventLogA(NULL, NULL);
316 ok(!ret, "Expected failure\n");
317 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
318
319 SetLastError(0xdeadbeef);
320 ret = BackupEventLogA(NULL, backup);
321 ok(!ret, "Expected failure\n");
322 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
323
324 handle = OpenEventLogA(NULL, "Application");
325
326 SetLastError(0xdeadbeef);
327 ret = BackupEventLogA(handle, NULL);
328 ok(!ret, "Expected failure\n");
329 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
330
331 ret = BackupEventLogA(handle, backup);
332 if (!ret && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
333 {
334 skip("insufficient privileges for backup tests\n");
335 CloseEventLog(handle);
336 return;
337 }
338 ok(ret, "Expected success\n");
339 todo_wine
340 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
341
342 /* Try to overwrite */
343 SetLastError(0xdeadbeef);
344 ret = BackupEventLogA(handle, backup);
345 todo_wine
346 {
347 ok(!ret, "Expected failure\n");
348 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
349 }
350
351 CloseEventLog(handle);
352
353 /* Can we make a backup of a backup? */
354 handle = OpenBackupEventLogA(NULL, backup);
355 todo_wine
356 ok(handle != NULL, "Expected a handle\n");
357
358 ret = BackupEventLogA(handle, backup2);
359 todo_wine
360 {
361 ok(ret, "Expected success\n");
362 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
363 }
364
365 CloseEventLog(handle);
366 DeleteFileA(backup);
367 DeleteFileA(backup2);
368 }
369
370 static void test_read(void)
371 {
372 HANDLE handle;
373 BOOL ret;
374 DWORD count, toread, read, needed;
375 void *buf;
376
377 SetLastError(0xdeadbeef);
378 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
379 ok(!ret, "Expected failure\n");
380 todo_wine
381 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
382
383 read = 0xdeadbeef;
384 SetLastError(0xdeadbeef);
385 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
386 ok(!ret, "Expected failure\n");
387 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
388 todo_wine
389 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
390
391 needed = 0xdeadbeef;
392 SetLastError(0xdeadbeef);
393 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
394 ok(!ret, "Expected failure\n");
395 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
396 todo_wine
397 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
398
399 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
400 SetLastError(0xdeadbeef);
401 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
402 ok(!ret, "Expected failure\n");
403 todo_wine
404 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
405
406 SetLastError(0xdeadbeef);
407 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL);
408 ok(!ret, "Expected failure\n");
409 todo_wine
410 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
411
412 SetLastError(0xdeadbeef);
413 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed);
414 ok(!ret, "Expected failure\n");
415 todo_wine
416 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
417
418 buf = NULL;
419 SetLastError(0xdeadbeef);
420 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
421 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
422 ok(!ret, "Expected failure\n");
423 todo_wine
424 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
425
426 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
427 SetLastError(0xdeadbeef);
428 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
429 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
430 ok(!ret, "Expected failure\n");
431 todo_wine
432 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
433 HeapFree(GetProcessHeap(), 0, buf);
434
435 handle = OpenEventLogA(NULL, "Application");
436
437 /* Show that we need the proper dwFlags with a (for the rest) proper call */
438 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
439
440 SetLastError(0xdeadbeef);
441 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
442 ok(!ret, "Expected failure\n");
443 todo_wine
444 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
445
446 SetLastError(0xdeadbeef);
447 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
448 ok(!ret, "Expected failure\n");
449 todo_wine
450 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
451
452 SetLastError(0xdeadbeef);
453 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
454 ok(!ret, "Expected failure\n");
455 todo_wine
456 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
457
458 SetLastError(0xdeadbeef);
459 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
460 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
461 ok(!ret, "Expected failure\n");
462 todo_wine
463 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
464
465 SetLastError(0xdeadbeef);
466 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
467 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
468 ok(!ret, "Expected failure\n");
469 todo_wine
470 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
471
472 SetLastError(0xdeadbeef);
473 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
474 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
475 ok(!ret, "Expected failure\n");
476 todo_wine
477 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
478
479 HeapFree(GetProcessHeap(), 0, buf);
480
481 /* First check if there are any records (in practice only on Wine: FIXME) */
482 count = 0;
483 GetNumberOfEventLogRecords(handle, &count);
484 if (!count)
485 {
486 skip("No records in the 'Application' log\n");
487 CloseEventLog(handle);
488 return;
489 }
490
491 /* Get the buffer size for the first record */
492 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
493 read = needed = 0xdeadbeef;
494 SetLastError(0xdeadbeef);
495 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
496 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
497 ok(!ret, "Expected failure\n");
498 ok(read == 0, "Expected no bytes read\n");
499 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
500 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
501
502 /* Read the first record */
503 toread = needed;
504 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
505 read = needed = 0xdeadbeef;
506 SetLastError(0xdeadbeef);
507 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed);
508 ok(ret, "Expected success\n");
509 ok(read == toread ||
510 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
511 "Expected the requested size to be read\n");
512 ok(needed == 0, "Expected no extra bytes to be read\n");
513 HeapFree(GetProcessHeap(), 0, buf);
514
515 CloseEventLog(handle);
516 }
517
518 static void test_openbackup(void)
519 {
520 HANDLE handle, handle2, file;
521 DWORD written;
522 const char backup[] = "backup.evt";
523 const char text[] = "Just some text";
524
525 SetLastError(0xdeadbeef);
526 handle = OpenBackupEventLogA(NULL, NULL);
527 ok(handle == NULL, "Didn't expect a handle\n");
528 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
529
530 SetLastError(0xdeadbeef);
531 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
532 ok(handle == NULL, "Didn't expect a handle\n");
533 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
534
535 SetLastError(0xdeadbeef);
536 handle = OpenBackupEventLogA("IDontExist", NULL);
537 ok(handle == NULL, "Didn't expect a handle\n");
538 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
539
540 SetLastError(0xdeadbeef);
541 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
542 ok(handle == NULL, "Didn't expect a handle\n");
543 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
544 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
545 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
546
547 /* Make a backup eventlog to work with */
548 if (create_backup(backup))
549 {
550 /* FIXME: Wine stops here */
551 if (GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES)
552 {
553 skip("We don't have a backup eventlog to work with\n");
554 return;
555 }
556
557 SetLastError(0xdeadbeef);
558 handle = OpenBackupEventLogA("IDontExist", backup);
559 ok(handle == NULL, "Didn't expect a handle\n");
560 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
561 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
562 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
563
564 /* Empty servername should be read as local server */
565 handle = OpenBackupEventLogA("", backup);
566 ok(handle != NULL, "Expected a handle\n");
567 CloseEventLog(handle);
568
569 handle = OpenBackupEventLogA(NULL, backup);
570 ok(handle != NULL, "Expected a handle\n");
571
572 /* Can we open that same backup eventlog more than once? */
573 handle2 = OpenBackupEventLogA(NULL, backup);
574 ok(handle2 != NULL, "Expected a handle\n");
575 ok(handle2 != handle, "Didn't expect the same handle\n");
576 CloseEventLog(handle2);
577
578 CloseEventLog(handle);
579 DeleteFileA(backup);
580 }
581
582 /* Is there any content checking done? */
583 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
584 CloseHandle(file);
585 SetLastError(0xdeadbeef);
586 handle = OpenBackupEventLogA(NULL, backup);
587 ok(handle == NULL, "Didn't expect a handle\n");
588 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY ||
589 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
590 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
591 CloseEventLog(handle);
592 DeleteFileA(backup);
593
594 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
595 WriteFile(file, text, sizeof(text), &written, NULL);
596 CloseHandle(file);
597 SetLastError(0xdeadbeef);
598 handle = OpenBackupEventLogA(NULL, backup);
599 ok(handle == NULL, "Didn't expect a handle\n");
600 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
601 CloseEventLog(handle);
602 DeleteFileA(backup);
603 }
604
605 static void test_clear(void)
606 {
607 HANDLE handle;
608 BOOL ret;
609 const char backup[] = "backup.evt";
610 const char backup2[] = "backup2.evt";
611
612 SetLastError(0xdeadbeef);
613 ret = ClearEventLogA(NULL, NULL);
614 ok(!ret, "Expected failure\n");
615 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
616
617 /* Make a backup eventlog to work with */
618 if (!create_backup(backup))
619 return;
620
621 SetLastError(0xdeadbeef);
622 ret = ClearEventLogA(NULL, backup);
623 ok(!ret, "Expected failure\n");
624 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
625
626 handle = OpenBackupEventLogA(NULL, backup);
627 todo_wine
628 ok(handle != NULL, "Expected a handle\n");
629
630 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
631 SetLastError(0xdeadbeef);
632 ret = ClearEventLogA(handle, backup);
633 ok(!ret, "Expected failure\n");
634 /* The eventlog service runs under an account that doesn't have the necessary
635 * permissions on the users home directory on a default Vista+ system.
636 */
637 ok(GetLastError() == ERROR_INVALID_HANDLE ||
638 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
639 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
640
641 /* Show that ClearEventLog only works for real eventlogs. */
642 SetLastError(0xdeadbeef);
643 ret = ClearEventLogA(handle, backup2);
644 ok(!ret, "Expected failure\n");
645 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
646 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
647
648 SetLastError(0xdeadbeef);
649 ret = ClearEventLogA(handle, NULL);
650 ok(!ret, "Expected failure\n");
651 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
652
653 CloseEventLog(handle);
654 todo_wine
655 ok(DeleteFileA(backup), "Could not delete the backup file\n");
656 }
657
658 static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
659 static const char eventlogname[] = "Wine";
660 static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
661
662 static BOOL create_new_eventlog(void)
663 {
664 HKEY key, eventkey;
665 BOOL bret = FALSE;
666 LONG lret;
667 DWORD i;
668
669 /* First create our eventlog */
670 lret = RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
671 if (lret != ERROR_SUCCESS)
672 {
673 skip("Could not open the EventLog service registry key\n");
674 return FALSE;
675 }
676 lret = RegCreateKeyA(key, eventlogname, &eventkey);
677 if (lret != ERROR_SUCCESS)
678 {
679 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
680 goto cleanup;
681 }
682
683 /* Create some event sources, the registry value 'Sources' is updated automatically */
684 for (i = 0; i < ARRAY_SIZE(eventsources); i++)
685 {
686 HKEY srckey;
687
688 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
689 if (lret != ERROR_SUCCESS)
690 {
691 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
692 goto cleanup;
693 }
694 RegFlushKey(srckey);
695 RegCloseKey(srckey);
696 }
697
698 bret = TRUE;
699
700 /* The flushing of the registry (here and above) gives us some assurance
701 * that we are not to quickly writing events as 'Sources' could still be
702 * not updated.
703 */
704 RegFlushKey(eventkey);
705 cleanup:
706 RegCloseKey(eventkey);
707 RegCloseKey(key);
708
709 return bret;
710 }
711
712 static const char *one_string[] = { "First string" };
713 static const char *two_strings[] = { "First string", "Second string" };
714 static const struct
715 {
716 const char *evt_src;
717 WORD evt_type;
718 WORD evt_cat;
719 DWORD evt_id;
720 BOOL evt_sid;
721 WORD evt_numstrings;
722 const char **evt_strings;
723 } read_write [] =
724 {
725 { eventlogname, EVENTLOG_INFORMATION_TYPE, 1, 1, FALSE, 1, one_string },
726 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
727 { eventsources[1], EVENTLOG_AUDIT_FAILURE, 1, 3, FALSE, 2, two_strings },
728 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
729 { eventsources[3], EVENTLOG_WARNING_TYPE, 1, 5, FALSE, 1, one_string },
730 { eventlogname, EVENTLOG_SUCCESS, 2, 6, TRUE, 2, two_strings },
731 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
732 { eventsources[1], EVENTLOG_AUDIT_SUCCESS, 2, 8, TRUE, 2, two_strings },
733 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
734 { eventsources[3], EVENTLOG_ERROR_TYPE, 2, 10, TRUE, 1, one_string }
735 };
736
737 static void test_readwrite(void)
738 {
739 HANDLE handle;
740 PSID user;
741 DWORD sidsize, count;
742 BOOL ret, sidavailable;
743 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
744 DWORD i;
745 char *localcomputer = NULL;
746 DWORD size;
747
748 if (pCreateWellKnownSid)
749 {
750 sidsize = SECURITY_MAX_SID_SIZE;
751 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
752 SetLastError(0xdeadbeef);
753 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
754 sidavailable = TRUE;
755 }
756 else
757 {
758 win_skip("Skipping some SID related tests\n");
759 sidavailable = FALSE;
760 user = NULL;
761 }
762
763 /* Write an event with an incorrect event type. This will fail on Windows 7
764 * but succeed on all others, hence it's not part of the struct.
765 */
766 handle = OpenEventLogA(NULL, eventlogname);
767 if (!handle)
768 {
769 /* Intermittently seen on NT4 when tests are run immediately after boot */
770 win_skip("Could not get a handle to the eventlog\n");
771 goto cleanup;
772 }
773
774 count = 0xdeadbeef;
775 GetNumberOfEventLogRecords(handle, &count);
776 if (count != 0)
777 {
778 /* Needed for W2K3 without a service pack */
779 win_skip("We most likely opened the Application eventlog\n");
780 CloseEventLog(handle);
781 Sleep(2000);
782
783 handle = OpenEventLogA(NULL, eventlogname);
784 count = 0xdeadbeef;
785 GetNumberOfEventLogRecords(handle, &count);
786 if (count != 0)
787 {
788 win_skip("We didn't open our new eventlog\n");
789 CloseEventLog(handle);
790 goto cleanup;
791 }
792 }
793
794 SetLastError(0xdeadbeef);
795 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
796 if (!ret && GetLastError() == ERROR_CRC)
797 {
798 win_skip("Win7 fails when using incorrect event types\n");
799 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
800 ok(ret, "Expected success : %d\n", GetLastError());
801 }
802 else
803 {
804 void *buf;
805 DWORD read, needed = 0;
806 EVENTLOGRECORD *record;
807
808 ok(ret, "Expected success : %d\n", GetLastError());
809
810 /* Needed to catch earlier Vista (with no ServicePack for example) */
811 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
812 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
813 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
814 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
815 {
816 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
817 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
818 0, buf, needed, &read, &needed);
819 }
820 if (ret)
821 {
822 record = (EVENTLOGRECORD *)buf;
823
824 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
825 * the written eventtype (0x20 in this case).
826 */
827 if (record->EventType == EVENTLOG_SUCCESS)
828 on_vista = TRUE;
829 }
830 HeapFree(GetProcessHeap(), 0, buf);
831 }
832
833 /* This will clear the eventlog. The record numbering for new
834 * events however differs on Vista SP1+. Before Vista the first
835 * event would be numbered 1, on Vista SP1+ it's higher as we already
836 * had at least one event (more in case of multiple test runs without
837 * a reboot).
838 */
839 ClearEventLogA(handle, NULL);
840 CloseEventLog(handle);
841
842 /* Write a bunch of events while using different event sources */
843 for (i = 0; i < ARRAY_SIZE(read_write); i++)
844 {
845 DWORD oldest;
846 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
847
848 /* We don't need to use RegisterEventSource to report events */
849 if (i % 2)
850 handle = OpenEventLogA(NULL, read_write[i].evt_src);
851 else
852 handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
853 ok(handle != NULL, "Expected a handle\n");
854
855 SetLastError(0xdeadbeef);
856 ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
857 read_write[i].evt_id, run_sidtests ? user : NULL,
858 read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
859 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
860
861 count = 0xdeadbeef;
862 SetLastError(0xdeadbeef);
863 ret = GetNumberOfEventLogRecords(handle, &count);
864 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
865 todo_wine
866 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
867
868 oldest = 0xdeadbeef;
869 ret = GetOldestEventLogRecord(handle, &oldest);
870 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
871 todo_wine
872 ok(oldest == 1 ||
873 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
874 "Expected oldest to be 1 or higher, got %d\n", oldest);
875 if (oldest > 1 && oldest != 0xdeadbeef)
876 on_vista = TRUE;
877
878 SetLastError(0xdeadbeef);
879 if (i % 2)
880 ret = CloseEventLog(handle);
881 else
882 ret = DeregisterEventSource(handle);
883 ok(ret, "Expected success : %d\n", GetLastError());
884 }
885
886 handle = OpenEventLogA(NULL, eventlogname);
887 count = 0xdeadbeef;
888 ret = GetNumberOfEventLogRecords(handle, &count);
889 ok(ret, "Expected success\n");
890 todo_wine
891 ok(count == i, "Expected %d records, got %d\n", i, count);
892 CloseEventLog(handle);
893
894 if (count == 0)
895 {
896 skip("No events were written to the eventlog\n");
897 goto cleanup;
898 }
899
900 /* Report only once */
901 if (on_vista)
902 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
903
904 if (on_vista && pGetComputerNameExA)
905 {
906 /* New Vista+ behavior */
907 size = 0;
908 SetLastError(0xdeadbeef);
909 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
910 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
911 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
912 }
913 else
914 {
915 size = MAX_COMPUTERNAME_LENGTH + 1;
916 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
917 GetComputerNameA(localcomputer, &size);
918 }
919
920 /* Read all events from our created eventlog, one by one */
921 handle = OpenEventLogA(NULL, eventlogname);
922 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
923 i = 0;
924 for (;;)
925 {
926 void *buf;
927 DWORD read, needed;
928 EVENTLOGRECORD *record;
929 char *sourcename, *computername;
930 int k;
931 char *ptr;
932 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
933
934 buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
935 SetLastError(0xdeadbeef);
936 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
937 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
938 ok(!ret, "Expected failure\n");
939 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
940 {
941 HeapFree(GetProcessHeap(), 0, buf);
942 ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
943 break;
944 }
945
946 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
947 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
948 0, buf, needed, &read, &needed);
949 ok(ret, "Expected success: %d\n", GetLastError());
950
951 record = (EVENTLOGRECORD *)buf;
952
953 ok(record->Length == read,
954 "Expected %d, got %d\n", read, record->Length);
955 ok(record->Reserved == 0x654c664c,
956 "Expected 0x654c664c, got %d\n", record->Reserved);
957 ok(record->RecordNumber == i + 1 ||
958 (on_vista && (record->RecordNumber > i + 1)),
959 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
960 ok(record->EventID == read_write[i].evt_id,
961 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
962 ok(record->EventType == read_write[i].evt_type,
963 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
964 ok(record->NumStrings == read_write[i].evt_numstrings,
965 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
966 ok(record->EventCategory == read_write[i].evt_cat,
967 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
968
969 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
970 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
971 read_write[i].evt_src, sourcename);
972
973 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
974 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
975 localcomputer, computername);
976
977 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
978 * no padding was actually required a 0 DWORD was still used for padding. No
979 * application should be relying on the padding as we are working with offsets
980 * anyway.
981 */
982
983 if (!on_vista)
984 {
985 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
986
987 /* We are already DWORD aligned, there should still be some padding */
988 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
989 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
990
991 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
992 }
993
994 if (run_sidtests)
995 {
996 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
997 }
998 else
999 {
1000 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1001 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
1002 }
1003
1004 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
1005
1006 ptr = (char *)((BYTE *)buf + record->StringOffset);
1007 for (k = 0; k < record->NumStrings; k++)
1008 {
1009 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
1010 ptr += lstrlenA(ptr) + 1;
1011 }
1012
1013 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1014 "Expected the closing DWORD to contain the length of the record\n");
1015
1016 HeapFree(GetProcessHeap(), 0, buf);
1017 i++;
1018 }
1019 CloseEventLog(handle);
1020
1021 /* Test clearing a real eventlog */
1022 handle = OpenEventLogA(NULL, eventlogname);
1023 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
1024
1025 SetLastError(0xdeadbeef);
1026 ret = ClearEventLogA(handle, NULL);
1027 ok(ret, "Expected success\n");
1028
1029 count = 0xdeadbeef;
1030 ret = GetNumberOfEventLogRecords(handle, &count);
1031 ok(ret, "Expected success\n");
1032 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1033
1034 CloseEventLog(handle);
1035
1036 cleanup:
1037 HeapFree(GetProcessHeap(), 0, localcomputer);
1038 HeapFree(GetProcessHeap(), 0, user);
1039 }
1040
1041 /* Before Vista:
1042 *
1043 * Creating an eventlog on Windows (via the registry) automatically leads
1044 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1045 * potential event sources for this eventlog. 'Sources' is automatically
1046 * updated when a new key (aka event source) is created.
1047 *
1048 * Although the updating of registry keys is almost instantaneously, we
1049 * check it after some other tests to assure we are not querying the
1050 * registry or file system to quickly.
1051 *
1052 * NT4 and higher:
1053 *
1054 * The eventlog file itself is also automatically created, even before we
1055 * start writing events.
1056 */
1057 static char eventlogfile[MAX_PATH];
1058 static void test_autocreation(void)
1059 {
1060 HKEY key, eventkey;
1061 DWORD type, size;
1062 LONG ret;
1063 int i;
1064 char *p;
1065 char sources[sizeof(eventsources)];
1066 char sysdir[MAX_PATH];
1067 void *redir = 0;
1068
1069 RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
1070 RegOpenKeyA(key, eventlogname, &eventkey);
1071
1072 size = sizeof(sources);
1073 sources[0] = 0;
1074 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1075 if (ret == ERROR_SUCCESS)
1076 {
1077 char sources_verify[sizeof(eventsources)];
1078
1079 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1080
1081 /* Build the expected string */
1082 memset(sources_verify, 0, sizeof(sources_verify));
1083 p = sources_verify;
1084 for (i = ARRAY_SIZE(eventsources); i > 0; i--)
1085 {
1086 lstrcpyA(p, eventsources[i - 1]);
1087 p += (lstrlenA(eventsources[i - 1]) + 1);
1088 }
1089 lstrcpyA(p, eventlogname);
1090
1091 ok(!memcmp(sources, sources_verify, size),
1092 "Expected a correct 'Sources' value (size : %d)\n", size);
1093 }
1094
1095 RegCloseKey(eventkey);
1096 RegCloseKey(key);
1097
1098 /* The directory that holds the eventlog files could be redirected */
1099 if (pWow64DisableWow64FsRedirection)
1100 pWow64DisableWow64FsRedirection(&redir);
1101
1102 /* On Windows we also automatically get an eventlog file */
1103 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1104
1105 /* NT4 - W2K3 */
1106 lstrcpyA(eventlogfile, sysdir);
1107 lstrcatA(eventlogfile, "\\config\\");
1108 lstrcatA(eventlogfile, eventlogname);
1109 lstrcatA(eventlogfile, ".evt");
1110
1111 if (GetFileAttributesA(eventlogfile) == INVALID_FILE_ATTRIBUTES)
1112 {
1113 /* Vista+ */
1114 lstrcpyA(eventlogfile, sysdir);
1115 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1116 lstrcatA(eventlogfile, eventlogname);
1117 lstrcatA(eventlogfile, ".evtx");
1118 }
1119
1120 todo_wine
1121 ok(GetFileAttributesA(eventlogfile) != INVALID_FILE_ATTRIBUTES,
1122 "Expected an eventlog file\n");
1123
1124 if (pWow64RevertWow64FsRedirection)
1125 pWow64RevertWow64FsRedirection(redir);
1126 }
1127
1128 static void cleanup_eventlog(void)
1129 {
1130 BOOL bret;
1131 LONG lret;
1132 HKEY key;
1133 DWORD i;
1134 char winesvc[MAX_PATH];
1135
1136 /* Delete the registry tree */
1137 lstrcpyA(winesvc, eventlogsvc);
1138 lstrcatA(winesvc, "\\");
1139 lstrcatA(winesvc, eventlogname);
1140
1141 RegOpenKeyA(HKEY_LOCAL_MACHINE, winesvc, &key);
1142 for (i = 0; i < ARRAY_SIZE(eventsources); i++)
1143 RegDeleteKeyA(key, eventsources[i]);
1144 RegDeleteValueA(key, "Sources");
1145 RegCloseKey(key);
1146 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1147 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1148
1149 /* A handle to the eventlog is locked by services.exe. We can only
1150 * delete the eventlog file after reboot.
1151 */
1152 bret = MoveFileExA(eventlogfile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
1153 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1154 }
1155
1156 static void test_trace_event_params(void)
1157 {
1158 static const WCHAR emptyW[] = {0};
1159 static const GUID test_guid = {0x57696E65, 0x0000, 0x0000, {0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x01}};
1160
1161 REGHANDLE reg_handle;
1162 ULONG uret;
1163
1164 if (!pEventRegister)
1165 {
1166 win_skip("advapi32.EventRegister is missing, skipping trace event tests\n");
1167 return;
1168 }
1169
1170 uret = pEventRegister(NULL, NULL, NULL, &reg_handle);
1171 todo_wine ok(uret == ERROR_INVALID_PARAMETER, "EventRegister gave wrong error: %#x\n", uret);
1172
1173 uret = pEventRegister(&test_guid, NULL, NULL, NULL);
1174 ok(uret == ERROR_INVALID_PARAMETER, "EventRegister gave wrong error: %#x\n", uret);
1175
1176 uret = pEventRegister(&test_guid, NULL, NULL, &reg_handle);
1177 ok(uret == ERROR_SUCCESS, "EventRegister gave wrong error: %#x\n", uret);
1178
1179 uret = pEventWriteString(0, 0, 0, emptyW);
1180 todo_wine ok(uret == ERROR_INVALID_HANDLE, "EventWriteString gave wrong error: %#x\n", uret);
1181
1182 uret = pEventWriteString(reg_handle, 0, 0, NULL);
1183 todo_wine ok(uret == ERROR_INVALID_PARAMETER, "EventWriteString gave wrong error: %#x\n", uret);
1184
1185 uret = pEventUnregister(0);
1186 todo_wine ok(uret == ERROR_INVALID_HANDLE, "EventUnregister gave wrong error: %#x\n", uret);
1187
1188 uret = pEventUnregister(reg_handle);
1189 ok(uret == ERROR_SUCCESS, "EventUnregister gave wrong error: %#x\n", uret);
1190 }
1191
1192 static void test_start_trace(void)
1193 {
1194 const char sessionname[] = "wine";
1195 const char filepath[] = "wine.etl";
1196 const char filepath2[] = "eniw.etl";
1197 EVENT_TRACE_PROPERTIES *properties;
1198 TRACEHANDLE handle;
1199 LONG buffersize;
1200 LONG ret;
1201
1202 buffersize = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname) + sizeof(filepath);
1203 properties = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffersize);
1204 properties->Wnode.BufferSize = buffersize;
1205 properties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
1206 properties->LogFileMode = EVENT_TRACE_FILE_MODE_NONE;
1207 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1208 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1209 strcpy((char *)properties + properties->LogFileNameOffset, filepath);
1210
1211 properties->Wnode.BufferSize = 0;
1212 ret = StartTraceA(&handle, sessionname, properties);
1213 todo_wine
1214 ok(ret == ERROR_BAD_LENGTH ||
1215 ret == ERROR_INVALID_PARAMETER, /* XP and 2k3 */
1216 "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1217 properties->Wnode.BufferSize = buffersize;
1218
1219 ret = StartTraceA(&handle, "this name is too long", properties);
1220 todo_wine
1221 ok(ret == ERROR_BAD_LENGTH, "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1222
1223 ret = StartTraceA(&handle, sessionname, NULL);
1224 todo_wine
1225 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1226
1227 ret = StartTraceA(NULL, sessionname, properties);
1228 todo_wine
1229 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1230
1231 properties->LogFileNameOffset = 1;
1232 ret = StartTraceA(&handle, sessionname, properties);
1233 todo_wine
1234 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1235 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1236
1237 properties->LoggerNameOffset = 1;
1238 ret = StartTraceA(&handle, sessionname, properties);
1239 todo_wine
1240 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1241 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1242
1243 properties->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL | EVENT_TRACE_FILE_MODE_CIRCULAR;
1244 ret = StartTraceA(&handle, sessionname, properties);
1245 todo_wine
1246 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1247 properties->LogFileMode = EVENT_TRACE_FILE_MODE_NONE;
1248 /* XP creates a file we can't delete, so change the filepath to something else */
1249 strcpy((char *)properties + properties->LogFileNameOffset, filepath2);
1250
1251 properties->Wnode.Guid = SystemTraceControlGuid;
1252 ret = StartTraceA(&handle, sessionname, properties);
1253 todo_wine
1254 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1255 memset(&properties->Wnode.Guid, 0, sizeof(properties->Wnode.Guid));
1256
1257 properties->LogFileNameOffset = 0;
1258 ret = StartTraceA(&handle, sessionname, properties);
1259 todo_wine
1260 ok(ret == ERROR_BAD_PATHNAME, "Expected ERROR_BAD_PATHNAME, got %d\n", ret);
1261 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1262
1263 ret = StartTraceA(&handle, sessionname, properties);
1264 if (ret == ERROR_ACCESS_DENIED)
1265 {
1266 skip("need admin rights\n");
1267 goto done;
1268 }
1269 ok(ret == ERROR_SUCCESS, "Expected success, got %d\n", ret);
1270
1271 ret = StartTraceA(&handle, sessionname, properties);
1272 todo_wine
1273 ok(ret == ERROR_ALREADY_EXISTS ||
1274 ret == ERROR_SHARING_VIOLATION, /* 2k3 */
1275 "Expected ERROR_ALREADY_EXISTS, got %d\n", ret);
1276
1277 /* clean up */
1278 ControlTraceA(handle, sessionname, properties, EVENT_TRACE_CONTROL_STOP);
1279 done:
1280 HeapFree(GetProcessHeap(), 0, properties);
1281 DeleteFileA(filepath);
1282 }
1283
1284 START_TEST(eventlog)
1285 {
1286 SetLastError(0xdeadbeef);
1287 CloseEventLog(NULL);
1288 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
1289 {
1290 win_skip("Event log functions are not implemented\n");
1291 return;
1292 }
1293
1294 init_function_pointers();
1295
1296 /* Parameters only */
1297 test_open_close();
1298 test_info();
1299 test_count();
1300 test_oldest();
1301 test_backup();
1302 test_openbackup();
1303 test_read();
1304 test_clear();
1305 test_trace_event_params();
1306
1307 /* Functional tests */
1308 if (create_new_eventlog())
1309 {
1310 test_readwrite();
1311 test_autocreation();
1312 cleanup_eventlog();
1313 }
1314
1315 /* Trace tests */
1316 test_start_trace();
1317 }
Zebediah Figura's local tree