mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
356 lines
9.4 KiB
356 lines
9.4 KiB
/*++
|
|
|
|
Copyright (c) 1990 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ELF.IDL
|
|
|
|
Abstract:
|
|
|
|
Contains the Elfr APIs which are used to remote the Elf APIs to
|
|
the local or remote server via RPC.
|
|
Also contains the RPC specific data structures for these API.
|
|
|
|
Author:
|
|
|
|
Rajen Shah (rajens) 02-Apr-1991
|
|
|
|
Revision History:
|
|
|
|
02-Apr-1991 RajenS
|
|
created
|
|
|
|
--*/
|
|
|
|
//
|
|
// Interface Attributes
|
|
//
|
|
|
|
[
|
|
uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
|
|
version(0.0),
|
|
#ifdef __midl
|
|
ms_union,
|
|
#endif // __midl
|
|
pointer_default(unique)
|
|
]
|
|
|
|
//
|
|
// Interface Keyword
|
|
//
|
|
|
|
interface eventlog
|
|
|
|
//
|
|
// Interface Body
|
|
//
|
|
|
|
{
|
|
|
|
import "imports.idl"; // import all the include files
|
|
#include "event.h"
|
|
|
|
//
|
|
// ELF Generic Handle used to bind from client to server.
|
|
//
|
|
|
|
typedef [handle,unique] LPWSTR EVENTLOG_HANDLE_W;
|
|
typedef [handle,unique] LPSTR EVENTLOG_HANDLE_A;
|
|
|
|
//
|
|
// ELF RPC Context Handle (Internal definition of ELF_HANDLE)
|
|
//
|
|
|
|
typedef [context_handle] struct _IELF_HANDLE {
|
|
LIST_ENTRY Next;
|
|
ULONG Signature; // BUGBUG - For debug only
|
|
ULONG Flags; // e.g. "invalid"
|
|
ULONG GrantedAccess;
|
|
ATOM Atom;
|
|
ULONG SeekRecordPos;
|
|
ULONG SeekBytePos;
|
|
ULONG MajorVersion; // To identify caller
|
|
ULONG MinorVersion;
|
|
DWORD dwNotifyRequests;
|
|
ULONG NameLength;
|
|
[size_is(NameLength)] WCHAR Name[]; // Keep this as last field
|
|
} *IELF_HANDLE;
|
|
typedef IELF_HANDLE *PIELF_HANDLE;
|
|
|
|
|
|
//
|
|
// UNICODE Function Prototypes
|
|
//
|
|
//
|
|
// Only OpenEL and CloseEL need to take PIELF_HANDLE
|
|
// parameters since they are the only ones to modify the handle.
|
|
// The others will take IELF_HANDLE parameters instead.
|
|
//
|
|
|
|
// NOTE:
|
|
// The names of the functions are short so that when RPC
|
|
// prepends the interface name to the names, they are still
|
|
// unique.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrClearELFW (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in,unique] PRPC_UNICODE_STRING BackupFileName
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrBackupELFW (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] PRPC_UNICODE_STRING BackupFileName
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrCloseEL (
|
|
[in,out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrDeregisterEventSource (
|
|
[in,out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrNumberOfRecords(
|
|
[in] IELF_HANDLE LogHandle,
|
|
[out] PULONG NumberOfRecords
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrOldestRecord(
|
|
[in] IELF_HANDLE LogHandle,
|
|
[out] PULONG OldestRecordNumber
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrChangeNotify(
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] RPC_CLIENT_ID ClientId,
|
|
[in] ULONG Event
|
|
);
|
|
|
|
//
|
|
// The ModuleName is the one passed in by the caller of the API. This is
|
|
// the one that is written to the log file.
|
|
//
|
|
// RegModuleName is generated by the client stub, and is the name that is
|
|
// used to determine the default log file name from the registry. For
|
|
// NT Product1, this will be "Application". NOTE: It is necessary to do this
|
|
// now so that we can support viewing logs from a Product 2 system in the
|
|
// future if we change our logging mechanism.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrOpenELW (
|
|
[in] EVENTLOG_HANDLE_W UNCServerName,
|
|
[in] PRPC_UNICODE_STRING ModuleName, // Passed in API call
|
|
[in] PRPC_UNICODE_STRING RegModuleName, // Used for registry
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrRegisterEventSourceW (
|
|
[in] EVENTLOG_HANDLE_W UNCServerName,
|
|
[in] PRPC_UNICODE_STRING ModuleName, // Passed in API call
|
|
[in] PRPC_UNICODE_STRING RegModuleName, // Used for registry info
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrOpenBELW (
|
|
[in] EVENTLOG_HANDLE_W UNCServerName,
|
|
[in] PRPC_UNICODE_STRING BackupFileName, // Passed in API call
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
|
|
//
|
|
// BUGBUG - Fix this interface once RPC supports the ability to return
|
|
// zero bytes. Then, Buffer will have a length_is(*NumberOfBytesRead)
|
|
// added to it. For now, always transfer NumberOfBytesToRead bytes!
|
|
//
|
|
// The LogHandle is an [in,out] since the server side stores information
|
|
// in it that pertains to the current seek position.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrReadELW (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] ULONG ReadFlags,
|
|
[in] ULONG RecordOffset,
|
|
[in] ULONG NumberOfBytesToRead,
|
|
[out,size_is(NumberOfBytesToRead)] PBYTE Buffer,
|
|
[out] PULONG NumberOfBytesRead,
|
|
[out] PULONG MinNumberOfBytesNeeded
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrReportEventW (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] ULONG Time,
|
|
[in] USHORT EventType,
|
|
[in] USHORT EventCategory,
|
|
[in] ULONG EventID,
|
|
[in] USHORT NumStrings,
|
|
[in] ULONG DataSize,
|
|
[in] PRPC_UNICODE_STRING ComputerName,
|
|
[in, unique] PRPC_SID UserSID,
|
|
[in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
|
|
[in, size_is(DataSize), unique] PBYTE Data,
|
|
[in] USHORT Flags,
|
|
[in,out,unique] PULONG RecordNumber,
|
|
[in,out,unique] PULONG TimeWritten
|
|
);
|
|
|
|
//
|
|
// ANSI Function Prototypes
|
|
//
|
|
//
|
|
// Only OpenEL needs to take PIELF_HANDLE
|
|
// parameters since they are the only ones to modify the handle.
|
|
// The others will take IELF_HANDLE parameters instead.
|
|
//
|
|
// NOTE that there is only one api for CloseEL since there are no
|
|
// strings involved.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrClearELFA (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in,unique] PRPC_STRING BackupFileName
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrBackupELFA (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] PRPC_STRING BackupFileName
|
|
);
|
|
|
|
//
|
|
// The ModuleName is the one passed in by the caller of the API. This is
|
|
// the one that is written to the log file.
|
|
//
|
|
// RegModuleName is generated by the client stub, and is the name that is
|
|
// used to determine the default log file name from the registry. For
|
|
// NT Product1, this will be "Application". NOTE: It is necessary to do this
|
|
// now so that we can support viewing logs from a Product 2 system in the
|
|
// future if we change our logging mechanism.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrOpenELA (
|
|
[in] EVENTLOG_HANDLE_A UNCServerName,
|
|
[in] PRPC_STRING ModuleName, // Passed in API call
|
|
[in] PRPC_STRING RegModuleName, // Used for registry info
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrRegisterEventSourceA (
|
|
[in] EVENTLOG_HANDLE_A UNCServerName,
|
|
[in] PRPC_STRING ModuleName, // Passed in API call
|
|
[in] PRPC_STRING RegModuleName, // Used for registry info
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrOpenBELA (
|
|
[in] EVENTLOG_HANDLE_A UNCServerName,
|
|
[in] PRPC_STRING FileName, // Passed in API call
|
|
[in] ULONG MajorVersion,
|
|
[in] ULONG MinorVersion,
|
|
[out] PIELF_HANDLE LogHandle
|
|
);
|
|
|
|
//
|
|
// BUGBUG - Fix this interface once RPC supports the ability to return
|
|
// zero bytes. Then, Buffer will have a length_is(*NumberOfBytesRead)
|
|
// added to it. For now, always transfer NumberOfBytesToRead bytes!
|
|
//
|
|
// The LogHandle is an [in,out] since the server side stores information
|
|
// in it that pertains to the current seek position.
|
|
//
|
|
|
|
NTSTATUS
|
|
ElfrReadELA (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] ULONG ReadFlags,
|
|
[in] ULONG RecordOffset,
|
|
[in] ULONG NumberOfBytesToRead,
|
|
[out,size_is(NumberOfBytesToRead)] PBYTE Buffer,
|
|
[out] PULONG NumberOfBytesRead,
|
|
[out] PULONG MinNumberOfBytesNeeded
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrReportEventA (
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] ULONG Time,
|
|
[in] USHORT EventType,
|
|
[in] USHORT EventCategory,
|
|
[in] ULONG EventID,
|
|
[in] USHORT NumStrings,
|
|
[in] ULONG DataSize,
|
|
[in] PRPC_STRING ComputerName,
|
|
[in, unique] PRPC_SID UserSID,
|
|
[in, size_is(NumStrings), unique] PRPC_STRING Strings[*],
|
|
[in, size_is(DataSize), unique] PBYTE Data,
|
|
[in] USHORT Flags,
|
|
[in,out,unique] PULONG RecordNumber,
|
|
[in,out,unique] PULONG TimeWritten
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
ElfrRegisterClusterSvc(
|
|
[in] EVENTLOG_HANDLE_W UNCServerName,
|
|
[out] PULONG pulSize,
|
|
[out, size_is(,*pulSize)] BYTE **ppPackedEventInfo );
|
|
|
|
NTSTATUS
|
|
ElfrDeregisterClusterSvc(
|
|
[in] EVENTLOG_HANDLE_W UNCServerName
|
|
);
|
|
|
|
NTSTATUS
|
|
ElfrWriteClusterEvents(
|
|
[in] EVENTLOG_HANDLE_W UNCServerName,
|
|
[in] ULONG ulSize,
|
|
[in,size_is(ulSize)] BYTE *pBuffer
|
|
);
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Functions below this point are not in Windows NT version 4.0 or earlier
|
|
//
|
|
// (Note that new functions must always be added at the end, otherwise
|
|
// function calls are mismatched when client and server talk different
|
|
// versions of the interface)
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
ElfrGetLogInformation(
|
|
[in] IELF_HANDLE LogHandle,
|
|
[in] ULONG InfoLevel,
|
|
[out, size_is(cbBufSize)] PBYTE lpBuffer,
|
|
[in] ULONG cbBufSize,
|
|
[out] PULONG pcbBytesNeeded
|
|
);
|
|
|
|
}
|