184.108.40.206 EvtRpcGetPublisherListForChannel (Opnum 23)
The EvtRpcGetPublisherListForChannel (Opnum 23) method is used by a client to get the list of publishers that write events to a particular channel.
error_status_t EvtRpcGetPublisherListForChannel( [in] RPC_BINDING_HANDLE binding, [in] LPCWSTR channelName, [in] DWORD flags, [out] DWORD* numPublisherIds, [out, size_is(,*numPublisherIds), range(0, MAX_RPC_PUBLISHER_COUNT), string] LPWSTR** publisherIds );
binding: An RPC binding handle as specified in section 2.2.21.
channelName: A pointer to a string that contains the name of the channel for which the publisher list is needed.
flags: A 32-bit unsigned integer that MUST be set to zero when sent and MAY be ignored on receipt.<44>
numPublisherIds: A pointer to a 32-bit unsigned integer that contains the number of publishers that are registered and that can write to the log.
publisherIds: A pointer to an array of strings that contain publisher names.
Return Values: The method MUST return ERROR_SUCCESS (0x00000000) on success; otherwise, it MUST return an implementation-specific nonzero value as specified in [MS-ERREF].
In response to this request from the client, the server MUST verify that the channelName parameter specifies a correct channel name. The server MUST fail the method if the channelName parameter is invalid with the error ERROR_INVALID_PARAMETER (0x00000057). The server checks if a channel name is valid by searching the given name in its channel table.
Next, the server MUST verify that the caller has read access to the channel and MUST fail the method with the error ERROR_ACCESS_DENIED (0x00000005) if the caller does not have read access. To perform the access check, the server SHOULD first determine the identity of the caller. Information determining the identity of the caller for the purpose of performing an access check is specified in [MS-RPCE] section 220.127.116.11.2. Then, if the client specifies a channel, the server SHOULD read the channel's access property (as specified in section 18.104.22.168) as the security descriptor string. Next, the server SHOULD be able to perform the read access check using the Access Check algorithm (as specified in [MS-DTYP] section 22.214.171.124).
If the previous checks succeed, the server MUST attempt to return a list of publishers for the channel specified by the channelName parameter. In order to do this, the server searches all the publisher entries in its publisher table. For each publisher, the server checks if the publisher declares that it will generate events to the given channel. If that is true, the server adds this publisher to the result parameter publisherIds and the numPublisherIds (initialized as 0) is increased by 1. The server SHOULD only fail when not enough memory space can be allocated to copy the matched publisher names into the publisherIds parameter. In that case, the server SHOULD return ERROR_OUTOFMEMORY (0x0000000E). The server MUST NOT update its state.
The server MUST return a value indicating success or failure for this operation.