archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/server/events.cxx

814 lines
19 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1993.
  5. //
  6. // File: events.cxx
  7. //
  8. // Contents:
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 1-03-95 RichardW Created
  15. //
  16. //----------------------------------------------------------------------------
  18. #include "kdcsvr.hxx"
  19. #include <netlib.h>
  20. extern "C" {
  21. #include <lmserver.h>
  22. #include <srvann.h>
  23. }
  25. HANDLE hEventLog = (HANDLE)NULL;
  26. DWORD LoggingLevel = (1 << EVENTLOG_ERROR_TYPE) | (1 << EVENTLOG_WARNING_TYPE);
  27. WCHAR EventSourceName[] = TEXT("KDC");
  29. #define MAX_EVENT_STRINGS 8
  30. #define MAX_ETYPE_LONG 999
  31. #define MIN_ETYPE_LONG -999
  32. #define MAX_ETYPE_STRING 16 // 4wchar + , + 2 space
  33. #define WSZ_NO_KEYS L"< >"
  36. //+---------------------------------------------------------------------------
  37. //
  38. // Function: InitializeEvents
  39. //
  40. // Synopsis: Connects to event log service
  41. //
  42. // Arguments: (none)
  43. //
  44. // History: 1-03-95 RichardW Created
  45. //
  46. // Notes:
  47. //
  48. //----------------------------------------------------------------------------
  49. BOOL
  50. InitializeEvents(void)
  51. {
  52. TRACE(KDC, InitializeEvents, DEB_FUNCTION);
  53. //
  54. // Interval with which we'll log the same event twice
  55. //
  57. #define KDC_EVENT_LIFETIME (60*60*1000)
  59. hEventLog = NetpEventlogOpen(EventSourceName, KDC_EVENT_LIFETIME);
  60. if (hEventLog)
  61. {
  62. return(TRUE);
  63. }
  65. DebugLog((DEB_ERROR, "Could not open event log, error %d\n", GetLastError()));
  66. return(FALSE);
  67. }
  70. //+---------------------------------------------------------------------------
  71. //
  72. // Function: ReportServiceEvent
  73. //
  74. // Synopsis: Reports an event to the event log
  75. //
  76. // Arguments: [EventType] -- EventType (ERROR, WARNING, etc.)
  77. // [EventId] -- Event ID
  78. // [SizeOfRawData] -- Size of raw data
  79. // [RawData] -- Raw data
  80. // [NumberOfStrings] -- number of strings
  81. // ... -- PWSTRs to string data
  82. //
  83. // History: 1-03-95 RichardW Created
  84. //
  85. // Notes:
  86. //
  87. //----------------------------------------------------------------------------
  88. DWORD
  89. ReportServiceEvent(
  90. IN WORD EventType,
  91. IN DWORD EventId,
  92. IN DWORD SizeOfRawData,
  93. IN PVOID RawData,
  94. IN DWORD NumberOfStrings,
  95. ...
  96. )
  97. {
  98. TRACE(KDC, ReportServiceEvent, DEB_FUNCTION);
  100. va_list arglist;
  101. ULONG i;
  102. PWSTR Strings[ MAX_EVENT_STRINGS ];
  103. DWORD rv;
  105. if (!hEventLog)
  106. {
  107. DebugLog((DEB_ERROR, "Cannot log event, no handle!\n"));
  108. return((DWORD)-1);
  109. }
  111. //
  112. // Look at the strings, if they were provided
  113. //
  114. va_start( arglist, NumberOfStrings );
  116. if (NumberOfStrings > MAX_EVENT_STRINGS) {
  118. NumberOfStrings = MAX_EVENT_STRINGS;
  119. }
  121. for (i = 0; i<NumberOfStrings; i++) {
  123. Strings[ i ] = va_arg( arglist, PWSTR );
  124. }
  126. //
  127. // Report the event to the eventlog service
  128. //
  130. if ((rv = NetpEventlogWrite(
  131. hEventLog,
  132. EventId,
  133. EventType,
  134. (PBYTE) RawData,
  135. SizeOfRawData,
  136. (LPWSTR *) Strings,
  137. NumberOfStrings
  138. )) != ERROR_SUCCESS)
  139. {
  140. DebugLog((DEB_ERROR, "NetpEventlogWrite( 0x%x ) failed - %u\n", EventId, rv ));
  141. }
  143. return rv;
  144. }
  147. BOOL
  148. ShutdownEvents(void)
  149. {
  150. TRACE(KDC, ShutdownEvents, DEB_FUNCTION);
  152. NetpEventlogClose(hEventLog);
  154. return TRUE;
  155. }
  158. NTSTATUS
  159. KdcBuildEtypeStringFromStoredCredential(
  160. IN OPTIONAL PKERB_STORED_CREDENTIAL Cred,
  161. IN OUT PWSTR* EtypeString
  162. )
  163. {
  164. ULONG BuffSize;
  165. PWSTR Ret = NULL;
  166. SIZE_T Len = 0;
  167. WCHAR Buff[12];
  169. *EtypeString = NULL;
  172. if (Cred == NULL
  173. || ((Cred->CredentialCount + Cred->OldCredentialCount) == 0))
  174. {
  175. BuffSize = (ULONG) sizeof(WCHAR) * (ULONG) (wcslen(WSZ_NO_KEYS)+1);
  176. *EtypeString = (LPWSTR)MIDL_user_allocate(BuffSize);
  178. if (NULL == *EtypeString)
  179. {
  180. return STATUS_INSUFFICIENT_RESOURCES;
  181. }
  183. wcscpy(*EtypeString, WSZ_NO_KEYS);
  185. return STATUS_SUCCESS;
  186. }
  188. // Guess maximum buffer... Etypes are 4 chars at most
  189. BuffSize = ((Cred->CredentialCount + Cred->OldCredentialCount ) * MAX_ETYPE_STRING);
  190. Ret = (LPWSTR)MIDL_user_allocate(BuffSize + sizeof(WCHAR));
  191. if (NULL == Ret)
  192. {
  193. return STATUS_INSUFFICIENT_RESOURCES;
  194. }
  196. for (LONG Index = 0; Index < (Cred->CredentialCount + Cred->OldCredentialCount ); Index++)
  197. {
  198. if (Cred->Credentials[Index].Key.keytype > MAX_ETYPE_LONG ||
  199. Cred->Credentials[Index].Key.keytype < MIN_ETYPE_LONG)
  200. {
  201. DebugLog((DEB_ERROR, "Keytype too large for string conversion\n"));
  202. DsysAssert(FALSE);
  203. }
  204. else
  205. {
  206. _itow(Cred->Credentials[Index].Key.keytype, Buff, 10);
  207. wcscat(Ret, Buff);
  208. wcscat(Ret, L" ");
  209. }
  210. }
  212. //
  213. // stripping out trailing white spaces
  214. //
  216. Len = wcslen(Ret);
  218. while (Len && iswspace(Ret[Len - 1]))
  219. {
  220. Ret[(Len--) - 1] = L'\0';
  221. }
  223. *EtypeString = Ret;
  224. return STATUS_SUCCESS;
  225. }
  227. NTSTATUS
  228. KdcBuildEtypeStringFromCryptList(
  229. IN OPTIONAL PKERB_CRYPT_LIST CryptList,
  230. IN OUT LPWSTR * EtypeString
  231. )
  232. {
  233. SIZE_T Len = 0;
  234. ULONG BuffSize = 0;
  235. PWSTR Ret = NULL;
  236. WCHAR Buff[30];
  238. PKERB_CRYPT_LIST ListPointer = CryptList;
  240. *EtypeString = NULL;
  243. if (CryptList == NULL)
  244. {
  245. BuffSize = (ULONG) sizeof(WCHAR) * (ULONG) (wcslen(WSZ_NO_KEYS)+1);
  246. *EtypeString = (LPWSTR)MIDL_user_allocate(BuffSize);
  248. if (NULL == *EtypeString)
  249. {
  250. return STATUS_INSUFFICIENT_RESOURCES;
  251. }
  253. wcscpy(*EtypeString, WSZ_NO_KEYS);
  255. return STATUS_SUCCESS;
  256. }
  258. while (TRUE)
  259. {
  260. if (ListPointer->value > MAX_ETYPE_LONG || ListPointer->value < MIN_ETYPE_LONG)
  261. {
  262. DebugLog((DEB_ERROR, "Maximum etype exceeded\n"));
  263. return STATUS_INVALID_PARAMETER;
  264. }
  266. BuffSize += MAX_ETYPE_STRING;
  267. if (NULL == ListPointer->next)
  268. {
  269. break;
  270. }
  271. ListPointer = ListPointer->next;
  273. }
  275. Ret = (LPWSTR) MIDL_user_allocate(BuffSize + sizeof(WCHAR));
  276. if (NULL == Ret)
  277. {
  278. return STATUS_INSUFFICIENT_RESOURCES;
  279. }
  281. while (TRUE)
  282. {
  283. _itow(CryptList->value, Buff, 10);
  284. wcscat(Ret, Buff);
  285. wcscat(Ret, L" ");
  286. if (NULL == CryptList->next)
  287. {
  288. break;
  289. }
  291. CryptList = CryptList->next;
  293. }
  295. //
  296. // stripping out trailing white spaces
  297. //
  299. Len = wcslen(Ret);
  301. while (Len && iswspace(Ret[Len - 1]))
  302. {
  303. Ret[(Len--) - 1] = L'\0';
  304. }
  306. *EtypeString = Ret;
  308. return STATUS_SUCCESS;
  309. }
  311. void
  312. KdcReportKeyError(
  313. IN PUNICODE_STRING AccountName,
  314. IN OPTIONAL PUNICODE_STRING ServerName,
  315. IN ULONG DescriptionID, // uniquely descibe the location of key error
  316. IN ULONG EventId,
  317. IN OPTIONAL PKERB_CRYPT_LIST RequestEtypes,
  318. IN PKDC_TICKET_INFO AccountTicketInfo
  319. )
  320. {
  321. ULONG NumberOfStrings;
  322. NTSTATUS Status;
  323. PWSTR Strings[ MAX_EVENT_STRINGS ];
  324. PWSTR RequestEtypeString = NULL;
  325. PWSTR StoredEtypeString = NULL;
  326. DWORD rv;
  327. ULONG KdcEtypes[KERB_MAX_CRYPTO_SYSTEMS];
  328. ULONG KdcEtypeCount = 0;
  329. BOOL IsEtypeSupported = FALSE;
  330. WCHAR Description[16] = {0};
  332. if (!hEventLog)
  333. {
  334. DebugLog((DEB_ERROR, "Cannot log event, no handle!\n"));
  335. return;
  336. }
  338. _snwprintf(Description, RTL_NUMBER_OF(Description) - 1, L"%d", DescriptionID);
  340. Status = CDBuildIntegrityVect(
  341. &KdcEtypeCount,
  342. KdcEtypes
  343. );
  344. if (!NT_SUCCESS(Status))
  345. {
  346. return;
  347. }
  349. //
  350. // is there at least one etype in RequestEtypes supported?
  351. //
  353. for (ULONG i = 0; i < KdcEtypeCount; i++)
  354. {
  355. if ((AccountTicketInfo->UserAccountControl & USER_USE_DES_KEY_ONLY)
  356. && ((KdcEtypes[i] == KERB_ETYPE_RC4_LM)
  357. || (KdcEtypes[i]== KERB_ETYPE_RC4_MD4)
  358. || (KdcEtypes[i] == KERB_ETYPE_RC4_HMAC_OLD)
  359. || (KdcEtypes[i] == KERB_ETYPE_RC4_HMAC_OLD_EXP)
  360. || (KdcEtypes[i] == KERB_ETYPE_RC4_HMAC_NT)
  361. || (KdcEtypes[i] == KERB_ETYPE_RC4_HMAC_NT_EXP)
  362. || (KdcEtypes[i] == KERB_ETYPE_NULL)) )
  363. {
  364. continue;
  365. }
  367. for (PKERB_CRYPT_LIST cur = RequestEtypes; cur != NULL; cur = cur->next)
  368. {
  369. if ((LONG) KdcEtypes[i] == cur->value)
  370. {
  371. IsEtypeSupported = TRUE;
  372. break;
  373. }
  374. }
  375. }
  377. Status = KdcBuildEtypeStringFromCryptList(
  378. RequestEtypes,
  379. &RequestEtypeString
  380. );
  382. if (!NT_SUCCESS(Status))
  383. {
  384. DebugLog((DEB_ERROR, "KdcBuildEtypeFromCryptList failed\n"));
  385. goto cleanup;
  386. }
  388. Status = KdcBuildEtypeStringFromStoredCredential(
  389. AccountTicketInfo->Passwords,
  390. &StoredEtypeString
  391. );
  393. if (!NT_SUCCESS(Status))
  394. {
  395. DebugLog((DEB_ERROR, "KdcBuildEtypeFromStoredCredential failed\n"));
  396. goto cleanup;
  397. }
  399. if (EventId == KDCEVENT_NO_KEY_INTERSECTION_TGS)
  400. {
  401. if (!ARGUMENT_PRESENT(ServerName))
  402. {
  403. DebugLog((DEB_ERROR, "Invalid arg to KdcReportKeyError: missing ServerName!\n"));
  404. DsysAssert(FALSE);
  405. goto cleanup;
  406. }
  407. }
  408. else if (EventId != KDCEVENT_NO_KEY_INTERSECTION_AS)
  409. {
  410. DebugLog((DEB_ERROR, "Invalid arg to KdcReportKeyError: unexpected event id %#x!\n", EventId));
  411. DsysAssert(FALSE);
  412. goto cleanup;
  413. }
  415. Strings[0] = ServerName ? ServerName->Buffer : KDC_PRINCIPAL_NAME;
  416. Strings[1] = AccountName->Buffer;
  417. Strings[2] = Description;
  418. Strings[3] = RequestEtypeString;
  419. Strings[4] = StoredEtypeString;
  421. if (IsEtypeSupported)
  422. {
  423. //
  424. // these can be corrected by resetting/changing the passwords
  425. //
  427. Strings[5] = AccountTicketInfo->AccountName.Buffer;
  428. NumberOfStrings = 6;
  429. }
  430. else
  431. {
  432. //
  433. // these can not be corrected by resetting/changing the password
  434. //
  436. DebugLog((DEB_ERROR, "KdcReportKeyError etype not supported %ws\n", RequestEtypeString));
  438. if (EventId == KDCEVENT_NO_KEY_INTERSECTION_TGS)
  439. {
  440. EventId = KDCEVENT_UNSUPPORTED_ETYPE_REQUEST_TGS;
  441. }
  442. else if (EventId == KDCEVENT_NO_KEY_INTERSECTION_AS)
  443. {
  444. EventId = KDCEVENT_UNSUPPORTED_ETYPE_REQUEST_AS;
  445. }
  447. NumberOfStrings = 5;
  448. }
  450. if ((rv = NetpEventlogWrite(
  451. hEventLog,
  452. EventId,
  453. EVENTLOG_ERROR_TYPE,
  454. NULL,
  455. 0, // no raw data
  456. (LPWSTR *) Strings,
  457. NumberOfStrings
  458. )) != ERROR_SUCCESS)
  460. {
  461. DebugLog((DEB_ERROR, "KdcReportKeyError NetpEventlogWrite( 0x%x ) failed - %u\n", EventId, rv));
  462. }
  464. cleanup:
  466. if (NULL != RequestEtypeString)
  467. {
  468. MIDL_user_free(RequestEtypeString);
  469. }
  471. if (NULL != StoredEtypeString)
  472. {
  473. MIDL_user_free(StoredEtypeString);
  474. }
  475. }
  477. void
  478. KdcReportInvalidMessage(
  479. IN ULONG EventId,
  480. IN PCWSTR pMesageDescription
  481. )
  482. {
  483. ULONG NumberOfStrings;
  484. PWSTR Strings[ MAX_EVENT_STRINGS ] = {0};
  485. DWORD rv;
  487. if (!hEventLog)
  488. {
  489. DebugLog((DEB_ERROR, "KdcReportInvalidMessage cannot log event, no handle!\n"));
  490. return;
  491. }
  493. Strings[0] = (PWSTR) pMesageDescription;
  494. NumberOfStrings = 1;
  496. if ((rv = NetpEventlogWrite(
  497. hEventLog,
  498. EventId,
  499. EVENTLOG_ERROR_TYPE,
  500. NULL,
  501. 0, // no raw data
  502. (LPWSTR *) Strings,
  503. NumberOfStrings
  504. )) != ERROR_SUCCESS)
  506. {
  507. DebugLog((DEB_ERROR, "KdcReportInvalidMessage NetpEventlogWrite( 0x%x ) failed - %u\n", EventId, rv));
  508. }
  509. }
  511. void
  512. KdcReportBadClientCertificate(
  513. IN PUNICODE_STRING CName,
  514. IN PVOID ChainStatus,
  515. IN ULONG ChainStatusSize,
  516. IN DWORD Error
  517. )
  518. {
  520. LPWSTR UCName = NULL;
  521. LPWSTR UCRealm = NULL;
  522. PUNICODE_STRING Realm = SecData.KdcRealmName();
  523. LPWSTR MessageBuffer = NULL;
  524. DWORD MessageSize = 0;
  526. //
  527. // May not want this logged.
  528. //
  529. if (( KdcExtraLogLevel & LOG_PKI_ERRORS ) == 0)
  530. {
  531. return;
  532. }
  534. //
  535. // Put the strings together - Null terminate the buffers...
  536. //
  537. SafeAllocaAllocate(UCName, (CName->MaximumLength + sizeof(WCHAR)) );
  539. if (UCName == NULL)
  540. {
  541. goto Cleanup;
  542. }
  544. RtlZeroMemory(
  545. UCName,
  546. (CName->MaximumLength + sizeof(WCHAR))
  547. );
  549. RtlCopyMemory(
  550. UCName,
  551. CName->Buffer,
  552. CName->Length
  553. );
  555. SafeAllocaAllocate(UCRealm,(Realm->MaximumLength + sizeof(WCHAR)) );
  557. if (UCRealm == NULL)
  558. {
  559. goto Cleanup;
  560. }
  562. RtlZeroMemory(
  563. UCRealm,
  564. (Realm->MaximumLength + sizeof(WCHAR))
  565. );
  567. RtlCopyMemory(
  568. UCRealm,
  569. Realm->Buffer,
  570. Realm->Length
  571. );
  574. MessageSize = FormatMessageW(
  575. FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  576. NULL,
  577. Error,
  578. 0,
  579. (WCHAR*) &MessageBuffer,
  580. MessageSize,
  581. NULL
  582. );
  584. if ( MessageSize == 0)
  585. {
  586. goto Cleanup;
  587. }
  589. ReportServiceEvent(
  590. EVENTLOG_WARNING_TYPE,
  591. KDCEVENT_INVALID_CLIENT_CERTIFICATE,
  592. ChainStatusSize,
  593. ChainStatus,
  594. 3,
  595. UCRealm,
  596. UCName,
  597. MessageBuffer
  598. );
  599. Cleanup:
  601. SafeAllocaFree(UCName);
  602. SafeAllocaFree(UCRealm);
  604. if ( MessageBuffer )
  605. {
  606. LocalFree(MessageBuffer);
  607. }
  608. }
  610. VOID
  611. KdcReportPolicyErrorEvent(
  612. IN ULONG EventType,
  613. IN ULONG EventId,
  614. IN PUNICODE_STRING CName,
  615. IN PUNICODE_STRING SName,
  616. IN NTSTATUS NtStatus,
  617. IN ULONG RawDataSize,
  618. IN OPTIONAL PBYTE RawDataBuffer
  619. )
  620. {
  621. ULONG NumberOfStrings = 0;
  622. PWSTR Strings[ MAX_EVENT_STRINGS ] = {0};
  623. ULONG rv = 0;
  625. if (!hEventLog)
  626. {
  627. DebugLog((DEB_ERROR, "KdcReportPolicyEvent cannot log event, no handle!\n"));
  628. return;
  629. }
  631. //
  632. // may not want this logged
  633. //
  635. if (( KdcExtraLogLevel & LOG_POLICY_ERROR ) == 0)
  636. {
  637. return;
  638. }
  640. if ((EventId == KDCEVENT_POLICY_USER2USER_REQUIRED) && (NtStatus == STATUS_USER2USER_REQUIRED))
  641. {
  642. NumberOfStrings = 2;
  644. //
  645. // this is in the error path, validate buffers
  646. //
  648. if ((CName->Buffer == NULL) || (SName->Buffer == NULL))
  649. {
  650. goto Cleanup;
  651. }
  653. //
  654. // Put the strings together - Null terminate the buffers...
  655. //
  657. SafeAllocaAllocate(Strings[0], (CName->Length + sizeof(WCHAR)));
  659. if (Strings[0] == NULL)
  660. {
  661. goto Cleanup;
  662. }
  664. RtlZeroMemory(
  665. Strings[0],
  666. (CName->Length + sizeof(WCHAR))
  667. );
  669. RtlCopyMemory(
  670. Strings[0],
  671. CName->Buffer,
  672. CName->Length
  673. );
  675. SafeAllocaAllocate(Strings[1], (SName->Length + sizeof(WCHAR)));
  677. if (Strings[1] == NULL)
  678. {
  679. goto Cleanup;
  680. }
  682. RtlZeroMemory(
  683. Strings[1],
  684. (SName->Length + sizeof(WCHAR))
  685. );
  687. RtlCopyMemory(
  688. Strings[1],
  689. SName->Buffer,
  690. SName->Length
  691. );
  692. }
  693. else
  694. {
  695. D_DebugLog((DEB_ERROR, "KdcReportPolicyEvent unsupported event id %#x\n", EventId));
  696. goto Cleanup;
  697. }
  699. if ((rv = NetpEventlogWrite(
  700. hEventLog,
  701. EventId,
  702. EventType,
  703. NULL, // RawDataBuffer
  704. 0, // RawDataSize
  705. (PWSTR *) Strings,
  706. NumberOfStrings
  707. )) != ERROR_SUCCESS)
  709. {
  710. DebugLog((DEB_ERROR, "KdcReportPolicyEvent NetpEventlogWrite( event id %#x ) failed with %#x\n", EventId, rv));
  711. }
  713. Cleanup:
  715. for (ULONG i = 0; i <= NumberOfStrings; i++)
  716. {
  717. SafeAllocaFree(Strings[i]);
  718. }
  719. }
  724. #define S4U_EVENT_STRING_COUNT 3
  727. VOID
  728. KdcReportS4UGroupExpansionError(
  729. IN PUSER_INTERNAL6_INFORMATION UserInfo,
  730. IN PKDC_S4U_TICKET_INFO CallerInfo,
  731. IN DWORD Error
  732. )
  733. {
  734. KERBERR KerbErr;
  735. ULONG rv = 0;
  736. PWSTR CallerSName = NULL;
  737. PWSTR Client = NULL;
  738. PWSTR Strings[S4U_EVENT_STRING_COUNT];
  739. UNICODE_STRING CallerName ={0};
  741. if (!hEventLog)
  742. {
  743. DebugLog((DEB_ERROR, "KdcReportPolicyEvent cannot log event, no handle!\n"));
  744. return;
  745. }
  747. //
  748. // may not want this logged
  749. //
  750. if (( KdcExtraLogLevel & LOG_S4USELF_ACCESS_ERROR ) == 0)
  751. {
  752. return;
  753. }
  755. KerbErr = KerbConvertKdcNameToString(
  756. &CallerName,
  757. CallerInfo->RequestorServiceName,
  758. NULL
  759. );
  761. if (!KERB_SUCCESS( KerbErr ))
  762. {
  763. return;
  764. }
  766. CallerSName = CallerName.Buffer;
  768. //
  769. // Verify that the user info string is null terminated.
  770. //
  771. SafeAllocaAllocate(Client, (UserInfo->I1.UserName.Length + sizeof(WCHAR)));
  772. if (Client == NULL)
  773. {
  774. goto Cleanup;
  775. }
  777. RtlZeroMemory(
  778. Client,
  779. (UserInfo->I1.UserName.Length + sizeof(WCHAR))
  780. );
  782. RtlCopyMemory(
  783. Client,
  784. UserInfo->I1.UserName.Buffer,
  785. UserInfo->I1.UserName.Length
  786. );
  788. Strings[0] = CallerSName;
  789. Strings[1] = CallerInfo->RequestorServiceRealm.Buffer;
  790. Strings[2] = Client;
  793. if ((rv = NetpEventlogWrite(
  794. hEventLog,
  795. KDCEVENT_S4USELF_ACCESS_FAILED,
  796. EVENTLOG_WARNING_TYPE,
  797. (LPBYTE)&Error,
  798. sizeof(DWORD), // RawDataSize
  799. (PWSTR *) Strings,
  800. S4U_EVENT_STRING_COUNT
  801. )) != ERROR_SUCCESS)
  803. {
  804. D_DebugLog((DEB_ERROR, "KdcReportPolicyEvent NetpEventlogWrite( event id %#x ) failed with %#x\n", KDCEVENT_S4USELF_ACCESS_FAILED, rv));
  805. }
  807. Cleanup:
  809. KerbFreeString( &CallerName );
  810. if ( Client )
  811. {
  812. SafeAllocaFree( Client );
  813. }
  815. }