Author: ekohl Date: Thu Jan 5 23:03:40 2012 New Revision: 54847 URL: http://svn.reactos.org/svn/reactos?rev=54847&view=rev Log: [EVENTLOG] - Implement LogfBackupFile. - Fix a typo. Modified: trunk/reactos/base/services/eventlog/eventlog.c trunk/reactos/base/services/eventlog/eventlog.h trunk/reactos/base/services/eventlog/file.c trunk/reactos/base/services/eventlog/rpc.c Modified: trunk/reactos/base/services/eventlog/eventlog.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/eve… ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] Thu Jan 5 23:03:40 2012 @@ -495,7 +495,7 @@ DPRINT("Flags: "); if (header->Flags & ELF_LOGFILE_HEADER_DIRTY) DPRINT("ELF_LOGFILE_HEADER_DIRTY"); if (header->Flags & ELF_LOGFILE_HEADER_WRAP) DPRINT("| ELF_LOGFILE_HEADER_WRAP "); - if (header->Flags & ELF_LOGGFILE_LOGFULL_WRITTEN) DPRINT("| ELF_LOGGFILE_LOGFULL_WRITTEN "); + if (header->Flags & ELF_LOGFILE_LOGFULL_WRITTEN) DPRINT("| ELF_LOGFILE_LOGFULL_WRITTEN "); if (header->Flags & ELF_LOGFILE_ARCHIVE_SET) DPRINT("| ELF_LOGFILE_ARCHIVE_SET "); DPRINT("\n"); } Modified: trunk/reactos/base/services/eventlog/eventlog.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/eve… ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] Thu Jan 5 23:03:40 2012 @@ -19,7 +19,7 @@ #include <lpcfuncs.h> #include <rtlfuncs.h> #include <obfuncs.h> -#include <iotypes.h> +#include <iofuncs.h> #include <debug.h> #include "eventlogrpc_s.h" @@ -42,7 +42,7 @@ */ #define ELF_LOGFILE_HEADER_DIRTY 1 #define ELF_LOGFILE_HEADER_WRAP 2 -#define ELF_LOGGFILE_LOGFULL_WRITTEN 4 +#define ELF_LOGFILE_LOGFULL_WRITTEN 4 #define ELF_LOGFILE_ARCHIVE_SET 8 /* FIXME: MSDN reads that the following two structs are in winnt.h. Are they? */ Modified: trunk/reactos/base/services/eventlog/file.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/fil… ============================================================================== --- trunk/reactos/base/services/eventlog/file.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/file.c [iso-8859-1] Thu Jan 5 23:03:40 2012 @@ -1077,13 +1077,200 @@ LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName) { -// RtlAcquireResourceShared(&LogFile->Lock, TRUE); - - /* FIXME: Write a backup file */ - -// RtlReleaseResource(&LogFile->Lock); - - return STATUS_NOT_IMPLEMENTED; + OBJECT_ATTRIBUTES ObjectAttributes; + IO_STATUS_BLOCK IoStatusBlock; + EVENTLOGHEADER Header; + EVENTLOGEOF EofRec; + HANDLE FileHandle = NULL; + ULONG i; + LARGE_INTEGER FileOffset; + NTSTATUS Status; + PUCHAR Buffer = NULL; + + DWORD dwOffset, dwRead, dwRecSize; + + DPRINT("LogfBackupFile(%p, %wZ)\n", LogFile, BackupFileName); + + /* Lock the log file shared */ + RtlAcquireResourceShared(&LogFile->Lock, TRUE); + + InitializeObjectAttributes(&ObjectAttributes, + BackupFileName, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + + Status = NtCreateFile(&FileHandle, + GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE, + &ObjectAttributes, + &IoStatusBlock, + NULL, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ, + FILE_CREATE, + FILE_WRITE_THROUGH | FILE_SYNCHRONOUS_IO_NONALERT, + NULL, + 0); + if (!NT_SUCCESS(Status)) + { + DPRINT("Can't create backup file %wZ (Status: 0x%08lx)\n", BackupFileName, Status); + goto Done; + } + + /* Initialize the (dirty) log file header */ + Header.HeaderSize = sizeof(EVENTLOGHEADER); + Header.Signature = LOGFILE_SIGNATURE; + Header.MajorVersion = MAJORVER; + Header.MinorVersion = MINORVER; + Header.StartOffset = sizeof(EVENTLOGHEADER); + Header.EndOffset = sizeof(EVENTLOGHEADER); + Header.CurrentRecordNumber = 1; + Header.OldestRecordNumber = 1; + Header.MaxSize = 0; + Header.Flags = ELF_LOGFILE_HEADER_DIRTY; + Header.Retention = LogFile->Header.Retention; + Header.EndHeaderSize = sizeof(EVENTLOGHEADER); + + /* Write the (dirty) log file header */ + Status = NtWriteFile(FileHandle, + NULL, + NULL, + NULL, + &IoStatusBlock, + &Header, + sizeof(EVENTLOGHEADER), + NULL, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to write the log file header (Status: 0x%08lx)\n", Status); + goto Done; + } + + for (i = LogFile->Header.OldestRecordNumber; i < LogFile->Header.CurrentRecordNumber; i++) + { + dwOffset = LogfOffsetByNumber(LogFile, i); + if (dwOffset == 0) + break; + + if (SetFilePointer(LogFile->hFile, dwOffset, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER) + { + DPRINT1("SetFilePointer() failed!\n"); + goto Done; + } + + if (!ReadFile(LogFile->hFile, &dwRecSize, sizeof(DWORD), &dwRead, NULL)) + { + DPRINT1("ReadFile() failed!\n"); + goto Done; + } + + if (SetFilePointer(LogFile->hFile, dwOffset, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER) + { + DPRINT1("SetFilePointer() failed!\n"); + goto Done; + } + + Buffer = HeapAlloc(MyHeap, 0, dwRecSize); + if (Buffer == NULL) + { + DPRINT1("HeapAlloc() failed!\n"); + goto Done; + } + + if (!ReadFile(LogFile->hFile, &Buffer, dwRecSize, &dwRead, NULL)) + { + DPRINT1("ReadFile() failed!\n"); + goto Done; + } + + /* Write the event record */ + Status = NtWriteFile(FileHandle, + NULL, + NULL, + NULL, + &IoStatusBlock, + Buffer, + dwRecSize, + NULL, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtWriteFile() failed!\n"); + goto Done; + } + + /* Update the header information */ + Header.EndOffset += dwRecSize; + + /* Free the buffer */ + HeapFree(MyHeap, 0, Buffer); + Buffer = NULL; + } + + /* Initialize the EOF record */ + EofRec.RecordSizeBeginning = sizeof(EVENTLOGEOF); + EofRec.Ones = 0x11111111; + EofRec.Twos = 0x22222222; + EofRec.Threes = 0x33333333; + EofRec.Fours = 0x44444444; + EofRec.BeginRecord = sizeof(EVENTLOGHEADER); + EofRec.EndRecord = Header.EndOffset; + EofRec.CurrentRecordNumber = LogFile->Header.CurrentRecordNumber; + EofRec.OldestRecordNumber = LogFile->Header.OldestRecordNumber; + EofRec.RecordSizeEnd = sizeof(EVENTLOGEOF); + + /* Write the EOF record */ + Status = NtWriteFile(FileHandle, + NULL, + NULL, + NULL, + &IoStatusBlock, + &EofRec, + sizeof(EVENTLOGEOF), + NULL, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtWriteFile() failed!\n"); + goto Done; + } + + /* Update the header information */ + Header.CurrentRecordNumber = LogFile->Header.CurrentRecordNumber; + Header.OldestRecordNumber = LogFile->Header.OldestRecordNumber; + Header.MaxSize = Header.EndOffset + sizeof(EVENTLOGEOF); + Header.Flags = 0; + + /* Write the (clean) log file header */ + FileOffset.QuadPart = 0; + Status = NtWriteFile(FileHandle, + NULL, + NULL, + NULL, + &IoStatusBlock, + &Header, + sizeof(EVENTLOGHEADER), + &FileOffset, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtWriteFile() failed!\n"); + } + +Done: + /* Free the buffer */ + if (Buffer != NULL) + HeapFree(MyHeap, 0, Buffer); + + /* Close the backup file */ + if (FileHandle != NULL) + NtClose(FileHandle); + + /* Unlock the log file */ + RtlReleaseResource(&LogFile->Lock); + + return Status; } Modified: trunk/reactos/base/services/eventlog/rpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/rpc… ============================================================================== --- trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] Thu Jan 5 23:03:40 2012 @@ -472,6 +472,14 @@ case EVENTLOG_INFORMATION_TYPE: DPRINT("Info: %wZ\n", Strings[i]); + break; + + case EVENTLOG_AUDIT_SUCCESS: + DPRINT("Audit Success: %wZ\n", Strings[i]); + break; + + case EVENTLOG_AUDIT_FAILURE: + DPRINT("Audit Failure: %wZ\n", Strings[i]); break; default: