Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

225 lines
5.8 KiB

  1. /*++
  2. Copyright (c) 1990 Microsoft Corporation
  3. Module Name:
  4. DATA.C
  5. Abstract:
  6. This file contains all the global data elements of the eventlog service.
  7. Author:
  8. Rajen Shah (rajens) 10-Jul-1991
  9. [Environment:]
  10. User Mode - Win32, except for NTSTATUS returned by some functions.
  11. Revision History:
  12. 10-Jul-1991 RajenS
  13. created
  14. --*/
  15. //
  16. // INCLUDES
  17. //
  18. #include <eventp.h>
  19. #include <elfcfg.h>
  20. #if DBG
  21. //
  22. // Always write errors to the debugger on checked builds
  23. //
  24. DWORD ElfDebugLevel = DEBUG_ERROR;
  25. #endif // DBG
  26. //
  27. // Handles used for the LPC port.
  28. //
  29. HANDLE ElfConnectionPortHandle;
  30. HANDLE ElfCommunicationPortHandle;
  31. // The heads of various linked lists
  32. //
  33. LIST_ENTRY LogFilesHead; // Log files
  34. RTL_CRITICAL_SECTION LogFileCritSec; // Accessing log files
  35. LIST_ENTRY LogModuleHead; // Modules registered for logging
  36. RTL_CRITICAL_SECTION LogModuleCritSec; // Accessing log files
  37. LIST_ENTRY LogHandleListHead; // Context-handles for log handles
  38. RTL_CRITICAL_SECTION LogHandleCritSec; // Accessing log handles
  39. LIST_ENTRY QueuedEventListHead; // Deferred events to write
  40. RTL_CRITICAL_SECTION QueuedEventCritSec; // Accessing the deferred events
  41. LIST_ENTRY QueuedMessageListHead; // Deferred messagebox
  42. RTL_CRITICAL_SECTION QueuedMessageCritSec; // Accessing the deferred mb's
  43. //
  44. // Service-related global data
  45. //
  46. SERVICE_STATUS_HANDLE ElfServiceStatusHandle;
  47. //
  48. // The following resource is used to serialize access to the resources
  49. // of the Eventlog service at the highest level. It is used to make sure
  50. // that the threads that write/read/clear the log file(s) do not step over
  51. // the threads that monitor the registry and deal with service control
  52. // operations.
  53. //
  54. // The threads that operate on the log file(s) have Shared access to the
  55. // resource, since they are further serialized on the file that they are
  56. // working on.
  57. //
  58. // The threads that will modify the internal data structures, or the state
  59. // of the service, need Exclusive access to the resource so that we can
  60. // control access to the data structures and log files.
  61. //
  62. RTL_RESOURCE GlobalElfResource;
  63. //
  64. // This is used by the Backup API to signify which 4K block of the log it's
  65. // currently reading. This is used to prevent a writer from overwriting this
  66. // block while it is reading it. The event is used to let a writer block if
  67. // it was going to overwrite the current backup block, and get pulsed when
  68. // the backup thread moves to the next block.
  69. PVOID ElfBackupPointer;
  70. HANDLE ElfBackupEvent;
  71. //
  72. // Handle for the LPC thread
  73. //
  74. HANDLE LPCThreadHandle;
  75. //
  76. // Handle for the MessageBox thread
  77. //
  78. HANDLE MBThreadHandle;
  79. //
  80. // Handle and ID for the registry monitor thread
  81. //
  82. HANDLE RegistryThreadHandle;
  83. DWORD RegistryThreadId;
  84. //
  85. // Bitmask of things that have been allocated and/or started by the
  86. // service. When the service terminates, this is what needs to be
  87. // cleaned.
  88. //
  89. ULONG EventFlags; // Keep track of what is allocated
  90. //
  91. // Record used to indicate the end of the event records in the file.
  92. //
  93. ELF_EOF_RECORD EOFRecord = { ELFEOFRECORDSIZE,
  94. 0x11111111,
  95. 0x22222222,
  96. 0x33333333,
  97. 0x44444444,
  98. FILEHEADERBUFSIZE,
  99. FILEHEADERBUFSIZE,
  100. 1,
  101. 1,
  102. ELFEOFRECORDSIZE
  103. };
  104. //
  105. // Default module to use if no match is found, APPLICATION
  106. //
  107. PLOGMODULE ElfDefaultLogModule;
  108. //
  109. // Module for the eventlog service itself
  110. //
  111. PLOGMODULE ElfModule;
  112. //
  113. // Module for security
  114. //
  115. PLOGMODULE ElfSecModule;
  116. //
  117. // Handle (key) to the event log node in the registry.
  118. // This is set up by the service main function.
  119. //
  120. HANDLE hEventLogNode;
  121. //
  122. // Handle (key) to the ComputerName node in the registry.
  123. // This is set up by the service main function.
  124. //
  125. HANDLE hComputerNameNode;
  126. //
  127. // Used to create a unigue module name for backup logs
  128. //
  129. DWORD BackupModuleNumber;
  130. //
  131. // NT well-known SIDs
  132. //
  133. PSVCS_GLOBAL_DATA ElfGlobalData;
  134. //
  135. // Shutdown Flag
  136. //
  137. BOOL EventlogShutdown;
  138. HANDLE ElfGlobalSvcRefHandle;
  139. //
  140. // This is the string used as the title of the log full message box.
  141. // GlobalMessageBoxTitle will either point to the default string or
  142. // to the string allocated in the format Message function.
  143. //
  144. LPWSTR GlobalMessageBoxTitle;
  145. BOOL bGlobalMessageBoxTitleNeedFree = FALSE;
  146. //SS:start of changes for clustering
  147. BOOL gbClustering=FALSE; //the cluster service has registered for replication of events
  148. RTL_CRITICAL_SECTION gClPropCritSec; // for using the global glClPackedEventInfo structure
  149. HMODULE ghClusDll=NULL;
  150. PROPAGATEEVENTSPROC gpfnPropagateEvents=NULL;
  151. BINDTOCLUSTERPROC gpfnBindToCluster=NULL;
  152. UNBINDFROMCLUSTERPROC gpfnUnbindFromCluster=NULL;
  153. HANDLE ghCluster=NULL;
  154. //SS: end of changes for clustering
  155. // changes to support various auditing dcrs
  156. int giWarningLevel = 0; // level at which the warning is to be given
  157. IELF_HANDLE gElfSecurityHandle = 0;
  158. // When reading through the registry during an update, it is possible that a key may
  159. // be only partially written due to a race condition. If an attempt to read fails, then
  160. // the read will be retried after a delay. This variable is intended to prevent multiple
  161. // delays
  162. DWORD g_dwLastDelayTickCount = 0;