archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/nteventprovider/dll/ntevtprov.cpp

694 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //***************************************************************************
  3. //
  5. // NTEVTPROV.CPP
  7. //
  9. // Module: WBEM NT EVENT PROVIDER
  11. //
  13. // Purpose: Contains the WBEM interface for event provider classes
  15. //
  17. // Copyright (c) 1996-2001 Microsoft Corporation, All Rights Reserved
  18. //
  19. //***************************************************************************
  21. #include "precomp.h"
  23. #include "ql.h"
  24. #include "analyser.h"
  26. BOOL ObtainedSerialAccess(CMutex* pLock)
  27. {
  28. BOOL bResult = FALSE;
  30. if (pLock != NULL)
  31. {
  32. if (pLock->Lock())
  33. {
  34. bResult = TRUE;
  35. }
  36. }
  38. return bResult;
  39. }
  41. void ReleaseSerialAccess(CMutex* pLock)
  42. {
  43. if (pLock != NULL)
  44. {
  45. pLock->Unlock();
  46. }
  47. }
  49. void CNTEventProvider::AllocateGlobalSIDs()
  50. {
  51. SID_IDENTIFIER_AUTHORITY t_WorldAuthoritySid = SECURITY_WORLD_SID_AUTHORITY;
  53. if (!AllocateAndInitializeSid(
  54. &t_WorldAuthoritySid,
  55. 1,
  56. SECURITY_WORLD_RID,
  57. 0,
  58. 0, 0, 0, 0, 0, 0,
  59. &s_WorldSid))
  60. {
  61. s_WorldSid = NULL;
  62. }
  64. SID_IDENTIFIER_AUTHORITY t_NTAuthoritySid = SECURITY_NT_AUTHORITY;
  66. if (!AllocateAndInitializeSid(
  67. &t_NTAuthoritySid,
  68. 1,
  69. SECURITY_ANONYMOUS_LOGON_RID,
  70. 0, 0, 0, 0, 0, 0, 0,
  71. &s_AnonymousLogonSid))
  72. {
  73. s_AnonymousLogonSid = NULL;
  74. }
  76. if (!AllocateAndInitializeSid(
  77. &t_NTAuthoritySid,
  78. 2,
  79. SECURITY_BUILTIN_DOMAIN_RID,
  80. DOMAIN_ALIAS_RID_ADMINS,
  81. 0, 0, 0, 0, 0, 0,
  82. &s_AliasAdminsSid))
  83. {
  84. s_AliasAdminsSid = NULL;
  85. }
  87. if (!AllocateAndInitializeSid(
  88. &t_NTAuthoritySid,
  89. 1,
  90. SECURITY_LOCAL_SYSTEM_RID,
  91. 0, 0, 0, 0, 0, 0, 0,
  92. &s_LocalSystemSid
  93. ))
  94. {
  95. s_LocalSystemSid = NULL;
  96. }
  98. if (!AllocateAndInitializeSid(
  99. &t_NTAuthoritySid,
  100. 2,
  101. SECURITY_BUILTIN_DOMAIN_RID,
  102. DOMAIN_ALIAS_RID_GUESTS,
  103. 0,0,0,0,0,0,
  104. &s_AliasGuestsSid
  105. ))
  106. {
  107. s_AliasGuestsSid = NULL;
  108. }
  110. if (!AllocateAndInitializeSid(
  111. &t_NTAuthoritySid,
  112. 2,
  113. SECURITY_BUILTIN_DOMAIN_RID,
  114. DOMAIN_ALIAS_RID_SYSTEM_OPS,
  115. 0,0,0,0,0,0,
  116. &s_AliasSystemOpsSid
  117. ))
  118. {
  119. s_AliasSystemOpsSid = NULL;
  120. }
  122. if (!AllocateAndInitializeSid(
  123. &t_NTAuthoritySid,
  124. 2,
  125. SECURITY_BUILTIN_DOMAIN_RID,
  126. DOMAIN_ALIAS_RID_BACKUP_OPS,
  127. 0,0,0,0,0,0,
  128. &s_AliasBackupOpsSid
  129. ))
  130. {
  131. s_AliasBackupOpsSid = NULL;
  132. }
  134. if (!AllocateAndInitializeSid(
  135. &t_NTAuthoritySid,
  136. 1,
  137. SECURITY_LOCAL_SERVICE_RID,
  138. 0,
  139. 0, 0, 0, 0, 0, 0,
  140. &s_LocalServiceSid
  141. ))
  142. {
  143. s_LocalServiceSid = NULL;
  144. }
  146. if (!AllocateAndInitializeSid(
  147. &t_NTAuthoritySid,
  148. 1,
  149. SECURITY_NETWORK_SERVICE_RID,
  150. 0,
  151. 0, 0, 0, 0, 0, 0,
  152. &s_NetworkServiceSid
  153. ))
  154. {
  155. s_NetworkServiceSid = NULL;
  156. }
  157. }
  159. void CNTEventProvider::FreeGlobalSIDs()
  160. {
  161. if (s_NetworkServiceSid)
  162. {
  163. FreeSid(s_NetworkServiceSid);
  164. s_NetworkServiceSid = NULL;
  165. }
  167. if (s_LocalServiceSid)
  168. {
  169. FreeSid(s_LocalServiceSid);
  170. s_LocalServiceSid = NULL;
  171. }
  173. if (s_AliasBackupOpsSid)
  174. {
  175. FreeSid(s_AliasBackupOpsSid);
  176. s_AliasBackupOpsSid = NULL;
  177. }
  179. if (s_AliasSystemOpsSid)
  180. {
  181. FreeSid(s_AliasSystemOpsSid);
  182. s_AliasSystemOpsSid = NULL;
  183. }
  185. if (s_AliasGuestsSid)
  186. {
  187. FreeSid(s_AliasGuestsSid);
  188. s_AliasGuestsSid = NULL;
  189. }
  191. if (s_LocalSystemSid)
  192. {
  193. FreeSid(s_LocalSystemSid);
  194. s_LocalSystemSid = NULL;
  195. }
  197. if (s_AliasAdminsSid)
  198. {
  199. FreeSid(s_AliasAdminsSid);
  200. s_AliasAdminsSid = NULL;
  201. }
  203. if (s_AnonymousLogonSid)
  204. {
  205. FreeSid(s_AnonymousLogonSid);
  206. s_AnonymousLogonSid = NULL;
  207. }
  209. if (s_WorldSid)
  210. {
  211. FreeSid(s_WorldSid);
  212. s_WorldSid = NULL;
  213. }
  214. }
  216. BOOL CNTEventProvider::GlobalSIDsOK()
  217. {
  218. return (s_NetworkServiceSid
  219. && s_LocalServiceSid
  220. && s_AliasBackupOpsSid
  221. && s_AliasSystemOpsSid
  222. && s_AliasGuestsSid
  223. && s_LocalSystemSid
  224. && s_AliasAdminsSid
  225. && s_AnonymousLogonSid
  226. && s_WorldSid);
  227. }
  230. STDMETHODIMP CNTEventProvider::AccessCheck (
  231. LPCWSTR wszQueryLanguage,
  232. LPCWSTR wszQuery,
  233. LONG lSidLength,
  234. const BYTE __RPC_FAR *pSid
  235. )
  236. {
  237. HRESULT t_Status = WBEM_E_ACCESS_DENIED;
  238. SetStructuredExceptionHandler seh;
  240. try
  241. {
  242. DebugOut(
  243. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  244. L"Entering CNTEventProvider::AccessCheck\r\n");
  245. )
  248. if (lSidLength > 0)
  249. {
  250. if (pSid != NULL)
  251. {
  252. // permanent consumer: hope core did its job
  253. return WBEM_S_SUBJECT_TO_SDS;
  254. }
  255. else
  256. {
  257. return WBEM_E_ACCESS_DENIED;
  258. }
  259. }
  261. if (FAILED(CImpNTEvtProv::GetImpersonation()))
  262. {
  263. return WBEM_E_ACCESS_DENIED;
  264. }
  266. QL_LEVEL_1_RPN_EXPRESSION* pExpr;
  267. CTextLexSource Source(wszQuery);
  268. QL1_Parser Parser(&Source);
  270. int iError = CAbstractQl1Parser::SUCCESS;
  271. if( ( iError = Parser.Parse(&pExpr) ) == 0)
  272. {
  273. // Analyze this
  275. QL_LEVEL_1_RPN_EXPRESSION* pNewExpr;
  276. CPropertyName MyProp;
  277. MyProp.AddElement(TARGET_PROP);
  278. MyProp.AddElement(LOGFILE_PROP);
  280. if(SUCCEEDED(CQueryAnalyser::GetNecessaryQueryForProperty(pExpr, MyProp, pNewExpr)))
  281. {
  282. CStringArray t_wsVals;
  283. HRESULT t_hres = CQueryAnalyser::GetValuesForProp(pNewExpr, MyProp, t_wsVals);
  285. if(SUCCEEDED(t_hres))
  286. {
  287. //grant access and set false if a failure occurs...
  288. t_Status = S_OK;
  290. // awsVals contains the list of files
  291. for (int x = 0; x < t_wsVals.GetSize(); x++)
  292. {
  293. DWORD t_dwReason = 0;
  294. HANDLE t_hEvtlog = CEventLogFile::OpenLocalEventLog(t_wsVals[x], &t_dwReason);
  296. if (t_hEvtlog == NULL)
  297. {
  298. if (t_dwReason != ERROR_FILE_NOT_FOUND)
  299. {
  300. DebugOut(
  301. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  302. L"Entering CNTEventProvider::AccessCheck - Failed to verify logfile access\r\n");
  303. )
  304. t_Status = WBEM_E_ACCESS_DENIED;
  305. break;
  306. }
  307. else
  308. {
  309. DebugOut(
  310. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  311. L"Entering CNTEventProvider::AccessCheck - Logfile not found assuming access allowed for log\r\n");
  312. )
  313. }
  314. }
  315. else
  316. {
  317. CloseEventLog(t_hEvtlog);
  318. }
  319. }
  320. }
  321. else if(t_hres == WBEMESS_E_REGISTRATION_TOO_BROAD)
  322. {
  323. // user asked for all, check all logs....
  324. HKEY hkResult = NULL;
  325. LONG t_lErr = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  326. EVENTLOG_BASE, 0,
  327. KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS,
  328. &hkResult);
  330. if (t_lErr == ERROR_SUCCESS)
  331. {
  332. DWORD iValue = 0;
  333. WCHAR t_logname[MAX_PATH+1];
  334. DWORD t_lognameSize = MAX_PATH+1;
  335. //grant access and set false if a failure occurs...
  336. t_Status = S_OK;
  338. // read all entries under this key to find all logfiles...
  339. while ((t_lErr = RegEnumKey(hkResult, iValue, t_logname, t_lognameSize)) != ERROR_NO_MORE_ITEMS)
  340. {
  341. // if error during read
  342. if (t_lErr != ERROR_SUCCESS)
  343. {
  344. // indicate error
  345. t_Status = WBEM_E_ACCESS_DENIED;
  346. break;
  347. }
  349. //open logfile
  350. DWORD t_dwReason = 0;
  351. HANDLE t_hEvtlog = CEventLogFile::OpenLocalEventLog(t_logname, &t_dwReason);
  353. if (t_hEvtlog == NULL)
  354. {
  355. if (t_dwReason != ERROR_FILE_NOT_FOUND)
  356. {
  357. DebugOut(
  358. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  359. L"Entering CNTEventProvider::AccessCheck - Failed to verify logfile access\r\n");
  360. )
  361. t_Status = WBEM_E_ACCESS_DENIED;
  362. break;
  363. }
  364. else
  365. {
  366. DebugOut(
  367. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  368. L"Entering CNTEventProvider::AccessCheck - Logfile not found assuming access allowed for log\r\n");
  369. )
  370. }
  371. }
  372. else
  373. {
  374. CloseEventLog(t_hEvtlog);
  375. }
  377. // read next parameter
  378. iValue++;
  380. } // end while
  382. RegCloseKey(hkResult);
  383. }
  384. }
  386. t_wsVals.RemoveAll();
  387. delete pNewExpr;
  388. }
  390. delete pExpr;
  391. }
  392. else
  393. {
  394. if ( iError == CAbstractQl1Parser::SYNTAX_ERROR )
  395. {
  396. t_Status = WBEM_E_INVALID_QUERY;
  397. }
  398. else if ( iError == CAbstractQl1Parser::LEXICAL_ERROR )
  399. {
  400. t_Status = WBEM_E_UNPARSABLE_QUERY;
  401. }
  402. else if ( iError == CAbstractQl1Parser::FAILED )
  403. {
  404. t_Status = WBEM_E_FAILED;
  405. }
  406. else if ( iError == CAbstractQl1Parser::BUFFER_TOO_SMALL )
  407. {
  408. // as this is unexpected to happen
  409. t_Status = WBEM_E_UNEXPECTED;
  410. }
  411. }
  413. WbemCoRevertToSelf();
  415. DebugOut(
  416. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  417. L"Leaving CNTEventProvider::AccessCheck\r\n");
  418. )
  419. }
  420. catch(Structured_Exception e_SE)
  421. {
  422. WbemCoRevertToSelf();
  423. t_Status = WBEM_E_UNEXPECTED;
  424. }
  425. catch(Heap_Exception e_HE)
  426. {
  427. WbemCoRevertToSelf();
  428. t_Status = WBEM_E_OUT_OF_MEMORY;
  429. }
  430. catch(...)
  431. {
  432. WbemCoRevertToSelf();
  433. t_Status = WBEM_E_UNEXPECTED;
  434. }
  436. return t_Status;
  437. }
  439. STDMETHODIMP CNTEventProvider::Initialize (
  440. LPWSTR pszUser,
  441. LONG lFlags,
  442. LPWSTR pszNamespace,
  443. LPWSTR pszLocale,
  444. IWbemServices *pCIMOM, // For anybody
  445. IWbemContext *pCtx,
  446. IWbemProviderInitSink *pInitSink // For init signals
  447. )
  448. {
  449. DebugOut(
  450. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  451. L"Entering CNTEventProvider::Initialize\r\n");
  452. )
  453. HRESULT t_Status = WBEM_NO_ERROR;
  454. SetStructuredExceptionHandler seh;
  456. try
  457. {
  458. if (GlobalSIDsOK())
  459. {
  460. m_pNamespace = pCIMOM;
  461. m_pNamespace->AddRef();
  462. m_Mgr->SetFirstSinceLogon(pCIMOM, pCtx);
  463. pInitSink->SetStatus ( WBEM_S_INITIALIZED , 0 );
  464. }
  465. else
  466. {
  467. pInitSink->SetStatus ( WBEM_E_UNEXPECTED , 0 );
  468. }
  471. DebugOut(
  472. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  473. L"Leaving CNTEventProvider::Initialize with SUCCEEDED\r\n");
  474. )
  475. }
  476. catch(Structured_Exception e_SE)
  477. {
  478. t_Status = WBEM_E_UNEXPECTED;
  479. }
  480. catch(Heap_Exception e_HE)
  481. {
  482. t_Status = WBEM_E_OUT_OF_MEMORY;
  483. }
  484. catch(...)
  485. {
  486. t_Status = WBEM_E_UNEXPECTED;
  487. }
  489. return t_Status;
  490. }
  492. STDMETHODIMP CNTEventProvider::ProvideEvents(IWbemObjectSink* pSink, LONG lFlags)
  493. {
  494. HRESULT t_Status = WBEM_NO_ERROR;
  495. SetStructuredExceptionHandler seh;
  497. try
  498. {
  499. DebugOut(
  500. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  501. L"Entering CNTEventProvider::ProvideEvents\r\n");
  502. )
  504. m_pEventSink = pSink;
  505. m_pEventSink->AddRef();
  507. if (!m_Mgr->Register(this))
  508. {
  510. DebugOut(
  511. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  512. L"Leaving CNTEventProvider::ProvideEvents with FAILED\r\n");
  513. )
  515. return WBEM_E_FAILED;
  516. }
  518. DebugOut(
  519. CNTEventProvider::g_NTEvtDebugLog->WriteFileAndLine(_T(__FILE__),__LINE__,
  520. L"Leaving CNTEventProvider::ProvideEvents with SUCCEEDED\r\n");
  521. )
  522. }
  523. catch(Structured_Exception e_SE)
  524. {
  525. t_Status = WBEM_E_UNEXPECTED;
  526. }
  527. catch(Heap_Exception e_HE)
  528. {
  529. t_Status = WBEM_E_OUT_OF_MEMORY;
  530. }
  531. catch(...)
  532. {
  533. t_Status = WBEM_E_UNEXPECTED;
  534. }
  536. return t_Status;
  537. }
  540. CNTEventProvider::~CNTEventProvider()
  541. {
  542. if (m_pNamespace != NULL)
  543. {
  544. m_pNamespace->Release();
  545. }
  547. if (m_pEventSink != NULL)
  548. {
  549. m_pEventSink->Release();
  550. }
  551. }
  554. CNTEventProvider::CNTEventProvider(CEventProviderManager* mgr) : m_pNamespace(NULL), m_pEventSink(NULL)
  555. {
  556. m_Mgr = mgr;
  557. m_ref = 0;
  558. }
  561. IWbemServices* CNTEventProvider::GetNamespace()
  562. {
  563. m_pNamespace->AddRef();
  564. return m_pNamespace;
  565. }
  567. IWbemObjectSink* CNTEventProvider::GetEventSink()
  568. {
  569. m_pEventSink->AddRef();
  570. return m_pEventSink;
  571. }
  572. void CNTEventProvider::ReleaseAll()
  573. {
  574. //release dependencies
  575. m_pNamespace->Release();
  576. m_pEventSink->Release();
  577. Release();
  578. }
  580. void CNTEventProvider::AddRefAll()
  581. {
  582. //addref dependencies
  583. m_pNamespace->AddRef();
  584. m_pEventSink->AddRef();
  585. AddRef();
  586. }
  588. STDMETHODIMP_( ULONG ) CNTEventProvider::AddRef()
  589. {
  590. SetStructuredExceptionHandler seh;
  592. try
  593. {
  594. InterlockedIncrement(&(CNTEventProviderClassFactory::objectsInProgress));
  595. return InterlockedIncrement ( &m_ref ) ;
  596. }
  597. catch(Structured_Exception e_SE)
  598. {
  599. return 0;
  600. }
  601. catch(Heap_Exception e_HE)
  602. {
  603. return 0;
  604. }
  605. catch(...)
  606. {
  607. return 0;
  608. }
  610. }
  612. STDMETHODIMP_(ULONG) CNTEventProvider::Release()
  613. {
  614. SetStructuredExceptionHandler seh;
  616. try
  617. {
  618. long ret;
  620. if ( 0 == (ret = InterlockedDecrement(&m_ref)) )
  621. {
  622. delete this;
  623. }
  624. else if ( 1 == ret )
  625. {
  626. m_Mgr->UnRegister(this);
  627. }
  629. InterlockedDecrement(&(CNTEventProviderClassFactory::objectsInProgress));
  630. return ret;
  631. }
  632. catch(Structured_Exception e_SE)
  633. {
  634. return 0;
  635. }
  636. catch(Heap_Exception e_HE)
  637. {
  638. return 0;
  639. }
  640. catch(...)
  641. {
  642. return 0;
  643. }
  644. }
  646. STDMETHODIMP CNTEventProvider::QueryInterface(REFIID riid, PVOID* ppv)
  647. {
  648. SetStructuredExceptionHandler seh;
  650. try
  651. {
  652. *ppv = NULL;
  654. if (IID_IUnknown == riid)
  655. {
  656. *ppv=(IWbemEventProvider*)this;
  657. }
  658. else if (IID_IWbemEventProvider == riid)
  659. {
  660. *ppv=(IWbemEventProvider*)this;
  661. }
  662. else if (IID_IWbemProviderInit == riid)
  663. {
  664. *ppv= (IWbemProviderInit*)this;
  665. }
  666. else if (IID_IWbemEventProviderSecurity == riid)
  667. {
  668. *ppv= (IWbemEventProviderSecurity*)this;
  669. }
  671. if (NULL==*ppv)
  672. {
  673. return E_NOINTERFACE;
  674. }
  676. //AddRef any interface we'll return.
  677. ((LPUNKNOWN)*ppv)->AddRef();
  678. return NOERROR;
  679. }
  680. catch(Structured_Exception e_SE)
  681. {
  682. return E_UNEXPECTED;
  683. }
  684. catch(Heap_Exception e_HE)
  685. {
  686. return E_OUTOFMEMORY;
  687. }
  688. catch(...)
  689. {
  690. return E_UNEXPECTED;
  691. }
  692. }