|
|
/*++
Copyright (c) 1998 Microsoft Corporation
Module Name:
logging.c
Abstract:
Commands to control how logging information is performed.
Revision History:
--*/
#include "precomp.h"
#pragma hdrstop
static CONST WCHAR g_pszRegValTracingFile[] = L"EnableFileTracing";static CONST WCHAR g_pszRegKeyTracing[] = L"SOFTWARE\\Microsoft\\Tracing";static CONST WCHAR g_pwszAll[] = L"*";static CONST WCHAR g_pwszLogPath[] = L"LoggingPath";static CONST WCHAR g_pwszEnableLog[] = L"EnableLogging";static CONST WCHAR g_pwszSecurity[] = L"Security";static CONST WCHAR g_pwszOakleyPath[] = L"\\debug\\oakley.log";static CONST WCHAR g_pwszWppActive[] = L"Active";static CONST WCHAR g_pwszWppControlFlags[] = L"ControlFlags";static CONST WCHAR g_pwszWppControlLevel[] = L"ControlLevel";static CONST WCHAR g_pwszWppGuid[] = L"Guid";static CONST WCHAR g_pwszWppLogFileName[] = L"LogFileName";static CONST WCHAR g_pwszWppPath[] = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Tracing\\Microsoft\\RemoteAccess\\";static CONST WCHAR g_pwszModemSubkey[] = L"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}";static CONST WCHAR g_pwszCmLogAllKey[] = L"Software\\Microsoft\\Connection Manager\\UserInfo";static CONST WCHAR g_pwszCmLogCurKey[] = L"Software\\Microsoft\\Connection Manager\\SingleUserInfo";
DWORDTraceOpenRoot( OUT PHKEY phKey);
DWORDTraceOpenKey( IN HKEY hkRoot, IN LPCWSTR pszKey, OUT PHKEY phKey);
DWORDTraceCloseKey( IN HKEY hKey);
DWORDTraceWrite( IN HKEY hkComp, IN DWORD dwEnable);
DWORDTraceRead( IN HKEY hkComp, IN LPDWORD lpdwEnable);
DWORDTraceShow( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceDumpComponent( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceEnableDisable( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceClearTracingCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData);
BOOLTraceClearTracing();
DWORDTraceCollectTracingLogsCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData);
BOOLTraceCollectTracingLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable);
DWORDWriteTracingLogsTocCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData);
BOOLTraceEnableDisableTracing( IN BOOL fEnable);
BOOLTraceShowTracing();
DWORDTraceClearModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
BOOLTraceClearModem( IN BOOL fEnable);
DWORDTraceCollectModemLogsCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
BOOLTraceCollectModemLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable);
DWORDTraceEnableDisableModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceShowModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceClearCmCb( IN LPCWSTR pwszName, IN HKEY hKey, IN HANDLE hData);
BOOLTraceClearCm( IN BOOL fEnable);
DWORDTraceCollectCmLogsEnumCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData);
DWORDTraceCollectCmLogsCb( IN LPCWSTR pwszName, IN HKEY hKey, IN HANDLE hData);
BOOLTraceCollectCmLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable);
DWORDTraceEnableDisableCmCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
DWORDTraceShowCmCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
BOOLTraceClearIpsecLogs( IN BOOL fEnable);
BOOLTraceCollectIpsecLogs( IN REPORT_INFO* pInfo);
BOOLTraceEnableDisableIpsec( IN BOOL fEnable);
BOOLTraceClearAuditing( IN BOOL fEnable);
BOOLWriteWppTracingState( IN WPP_LOG_INFO* pWppLog);
BOOLReadWppTracingState( IN WPP_LOG_INFO* pWppLog);
BOOLStartWppTracing( IN WPP_LOG_INFO* pWppLog);
BOOLTraceEnableDisableRasL2tp( IN BOOL fEnable);
BOOLTraceEnableDisableRasPptp( IN BOOL fEnable);
BOOLPrintRasEventLogsCb( IN PEVENTLOGRECORD pevlr, IN HANDLE hModule, IN HANDLE hData);
VOIDPrintRasEventLogs( IN REPORT_INFO* pInfo);
BOOLPrintSecurityEventLogsCb( IN PEVENTLOGRECORD pevlr, IN HANDLE hModule, IN HANDLE hData);
VOIDPrintSecurityEventLogs( IN REPORT_INFO* pInfo);
DWORDDiagGetStateCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData);
//
// Opens the root tracing registry key
//
DWORDTraceOpenRoot( OUT PHKEY phKey){ DWORD dwErr = NO_ERROR;
dwErr = RegOpenKeyExW( g_pServerInfo->hkMachine, g_pszRegKeyTracing, 0, KEY_ALL_ACCESS, phKey);
return dwErr;}
DWORDTraceOpenKey( IN HKEY hkRoot, IN LPCWSTR pszKey, OUT PHKEY phKey){ return RegOpenKeyExW( hkRoot, pszKey, 0, KEY_ALL_ACCESS, phKey);}
DWORDTraceCloseKey( IN HKEY hKey){ return RegCloseKey(hKey);}
DWORDTraceWrite( IN HKEY hkComp, IN DWORD dwEnable){ return RutlRegWriteDword( hkComp, (PWCHAR)g_pszRegValTracingFile, dwEnable);}
DWORDTraceRead( IN HKEY hkComp, IN LPDWORD lpdwEnable){ return RutlRegReadDword( hkComp, (PWCHAR)g_pszRegValTracingFile, lpdwEnable);}
DWORDTraceShow( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ DWORD dwErr = NO_ERROR, dwEnabled = 0;
do { // Get the enabling of the current component
//
dwErr = TraceRead(hKey, &dwEnabled); BREAK_ON_DWERR(dwErr);
// Display the status
//
DisplayMessage( g_hModule, MSG_TRACE_SHOW, pszName, (dwEnabled) ? TOKEN_ENABLED : TOKEN_DISABLED);
} while (FALSE);
return dwErr;}
DWORDTraceDumpComponent( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ PWCHAR pszComp = NULL, pszEnable = NULL, pszQuote = NULL; DWORD dwErr = NO_ERROR, dwEnabled = 0; DWORD* pdwShowDisable = (DWORD*)hData;
do { dwErr = TraceRead(hKey, &dwEnabled); BREAK_ON_DWERR(dwErr);
pszQuote = MakeQuotedString(pszName);
pszComp = RutlAssignmentFromTokens( g_hModule, TOKEN_COMPONENT, pszQuote); pszEnable = RutlAssignmentFromTokens( g_hModule, TOKEN_STATE, (dwEnabled) ? TOKEN_ENABLED : TOKEN_DISABLED); if (pszQuote == NULL || pszComp == NULL || pszEnable == NULL) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
if (dwEnabled || (pdwShowDisable && *pdwShowDisable)) { DisplayMessage( g_hModule, MSG_TRACE_DUMP, DMP_TRACE_SET, pszComp, pszEnable); }
} while (FALSE); //
// Cleanup
//
{ RutlFree(pszComp); RutlFree(pszEnable); RutlFree(pszQuote); }
return dwErr;}
//
// Dumps configuration
//
DWORDTraceDumpConfig(){ PWCHAR pszComp = NULL, pszEnable = NULL; DWORD dwErr = NO_ERROR; HKEY hkRoot = NULL;
do { pszComp = RutlAssignmentFromTokens( g_hModule, TOKEN_COMPONENT, g_pwszAll); pszEnable = RutlAssignmentFromTokens( g_hModule, TOKEN_STATE, TOKEN_DISABLED); if (pszComp == NULL || pszEnable == NULL) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
DisplayMessage( g_hModule, MSG_TRACE_DUMP, DMP_TRACE_SET, pszComp, pszEnable);
dwErr = TraceOpenRoot(&hkRoot); BREAK_ON_DWERR(dwErr);
dwErr = RutlRegEnumKeys( hkRoot, TraceDumpComponent, NULL); BREAK_ON_DWERR(dwErr);
} while (FALSE); //
// Cleanup
//
{ RutlFree(pszComp); RutlFree(pszEnable); if (hkRoot) { RegCloseKey(hkRoot); } }
return NO_ERROR;}
DWORDTraceEnableDisable( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ DWORD dwErr = NO_ERROR, dwEnabled = 0; PDWORD pdwEnable = (PDWORD)hData;
do { if (!pdwEnable) { dwErr = ERROR_INVALID_PARAMETER; break; } //
// Get the enabling of the current component
//
dwErr = TraceWrite(hKey, *pdwEnable); BREAK_ON_DWERR(dwErr);
} while (FALSE);
return dwErr;}
DWORDHandleTraceSet( IN LPCWSTR pwszMachine, IN OUT LPWSTR* ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL* pbDone){ DWORD dwErr = NO_ERROR, dwEnable; PWCHAR pszComponent = NULL; HKEY hkRoot = NULL, hkComp = NULL; TOKEN_VALUE rgEnumState[] = { {TOKEN_ENABLED, 1}, {TOKEN_DISABLED, 0} }; RASMON_CMD_ARG pArgs[] = { { RASMONTR_CMD_TYPE_STRING, {TOKEN_COMPONENT, TRUE, FALSE}, NULL, 0, NULL }, { RASMONTR_CMD_TYPE_ENUM, {TOKEN_STATE, TRUE, FALSE}, rgEnumState, sizeof(rgEnumState)/sizeof(*rgEnumState), NULL } };
do { // Parse the command line
//
dwErr = RutlParse( ppwcArguments, dwCurrentIndex, dwArgCount, pbDone, pArgs, sizeof(pArgs)/sizeof(*pArgs)); BREAK_ON_DWERR( dwErr );
pszComponent = RASMON_CMD_ARG_GetPsz(&pArgs[0]); if (!pszComponent) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
dwEnable = RASMON_CMD_ARG_GetDword(&pArgs[1]);
dwErr = TraceOpenRoot(&hkRoot); BREAK_ON_DWERR(dwErr);
if (wcscmp(pszComponent, g_pwszAll) == 0) { dwErr = RutlRegEnumKeys( hkRoot, TraceEnableDisable, (HANDLE)&dwEnable); BREAK_ON_DWERR(dwErr); } else { dwErr = TraceOpenKey(hkRoot, pszComponent, &hkComp); if (dwErr) { dwErr = ERROR_INVALID_SYNTAX; break; }
TraceWrite(hkComp, dwEnable); BREAK_ON_DWERR(dwErr); }
} while (FALSE); //
// Cleanup
//
{ RutlFree(pszComponent); if (hkRoot) { RegCloseKey(hkRoot); } if (hkComp) { RegCloseKey(hkComp); } }
return dwErr;}
DWORDHandleTraceShow( IN LPCWSTR pwszMachine, IN OUT LPWSTR* ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL* pbDone){ DWORD dwErr = NO_ERROR; PWCHAR pszComponent = NULL; HKEY hkRoot = NULL, hkComp = NULL; RASMON_CMD_ARG pArgs[] = { { RASMONTR_CMD_TYPE_STRING, {TOKEN_COMPONENT, FALSE, FALSE}, NULL, 0, NULL } };
do { // Parse the command line
//
dwErr = RutlParse( ppwcArguments, dwCurrentIndex, dwArgCount, pbDone, pArgs, sizeof(pArgs)/sizeof(*pArgs)); BREAK_ON_DWERR( dwErr );
pszComponent = RASMON_CMD_ARG_GetPsz(&pArgs[0]);
dwErr = TraceOpenRoot(&hkRoot); BREAK_ON_DWERR(dwErr);
if (pszComponent) { dwErr = TraceOpenKey(hkRoot, pszComponent, &hkComp); if (dwErr) { dwErr = ERROR_INVALID_SYNTAX; break; }
TraceShow(pszComponent, hkComp, NULL); BREAK_ON_DWERR(dwErr); } else { dwErr = RutlRegEnumKeys( hkRoot, TraceShow, NULL); BREAK_ON_DWERR(dwErr); }
} while (FALSE); //
// Cleanup
//
{ RutlFree(pszComponent); if (hkRoot) { RegCloseKey(hkRoot); } if (hkComp) { RegCloseKey(hkComp); } }
return dwErr;}
DWORDTraceClearTracingCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { UINT ulTry = 0;
while (ulTry++ < 10) { if (DeleteFile(pwszFQFileName)) { pTrace->fOneOk = TRUE; break; } else if (GetLastError() == ERROR_SHARING_VIOLATION) { //
// Wait a little for logging to get disabled
//
Sleep(10); } } }
return NO_ERROR;}
BOOLTraceClearTracing( IN BOOL fEnable){ BOOL fRet = FALSE; PWCHAR pwszTracingPath = NULL; TRACING_DATA Trace;
do { //
// Disable tracing
//
TraceEnableDisableTracing(FALSE);
pwszTracingPath = GetTracingDir(); if (!pwszTracingPath) { break; }
Trace.fOneOk = FALSE;
RutlEnumFiles( pwszTracingPath, (PWCHAR)g_pwszLogSrchStr, TraceClearTracingCb, &Trace);
fRet = Trace.fOneOk; //
// Enable tracing
//
if (fEnable) { TraceEnableDisableTracing(TRUE); }
} while (FALSE); //
// Clean up
//
RutlFree(pwszTracingPath);
return fRet;}
DWORDTraceCollectTracingLogsCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
if (pInfo) { UINT ulTry = 0; DWORD dwErr = NO_ERROR;
BufferWriteFileStrW(pInfo->pBuff, g_pwszAnNameStart); BufferWriteFileStrW(pInfo->pBuff, pwszFileName); BufferWriteFileStrW(pInfo->pBuff, g_pwszAnNameMiddle); BufferWriteFileStrW(pInfo->pBuff, pwszFileName); WriteLinkBackToToc(pInfo->pBuff); BufferWriteFileStrW(pInfo->pBuff, g_pwszAnNameEnd); BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart);
while (ulTry++ < 10) { dwErr = PrintFile( pInfo, pwszFQFileName, TRUE, ParseRasLogForTime); if (!dwErr) { pTrace->fOneOk = TRUE; break; } else if (ERROR_SHARING_VIOLATION == dwErr) { //
// Wait a little for logging to get disabled
//
Sleep(10); } }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd); } }
return NO_ERROR;}
BOOLTraceCollectTracingLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable){ BOOL fRet = FALSE; PWCHAR pwszTracingPath = NULL; TRACING_DATA Trace;
do { //
// Disable tracing
//
TraceEnableDisableTracing(FALSE);
pwszTracingPath = GetTracingDir(); if (!pwszTracingPath) { break; }
Trace.fOneOk = FALSE; Trace.pInfo = pInfo;
RutlEnumFiles( pwszTracingPath, (PWCHAR)g_pwszLogSrchStr, TraceCollectTracingLogsCb, &Trace);
fRet = Trace.fOneOk; //
// Enable tracing
//
if (fEnable) { TraceEnableDisableTracing(TRUE); }
} while (FALSE); //
// Clean up
//
RutlFree(pwszTracingPath);
return fRet;}
DWORDWriteTracingLogsTocCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
if (pInfo) { BufferWriteFileStrW(pInfo->pBuff, g_pwszLiStart); BufferWriteFileStrW(pInfo->pBuff, g_pwszAnStart); BufferWriteFileStrW(pInfo->pBuff, pwszFileName); BufferWriteFileStrW(pInfo->pBuff, g_pwszAnMiddle); BufferWriteFileStrW(pInfo->pBuff, pwszFileName); BufferWriteFileStrW(pInfo->pBuff, g_pwszAnEnd); BufferWriteFileStrW(pInfo->pBuff, g_pwszLiEnd);
pTrace->fOneOk = TRUE; } }
return NO_ERROR;}
BOOLWriteTracingLogsToc( IN REPORT_INFO* pInfo){ BOOL fRet = FALSE; PWCHAR pwszTracingPath = NULL; TRACING_DATA Trace;
do { pwszTracingPath = GetTracingDir(); if (!pwszTracingPath) { break; }
Trace.fOneOk = FALSE; Trace.pInfo = pInfo;
RutlEnumFiles( pwszTracingPath, (PWCHAR)g_pwszLogSrchStr, WriteTracingLogsTocCb, &Trace);
fRet = Trace.fOneOk;
} while (FALSE); //
// Clean up
//
RutlFree(pwszTracingPath);
return fRet;}
BOOLTraceEnableDisableTracing( IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hkRoot = NULL; DWORD dwEnable = fEnable ? 1 : 0;
if (!TraceOpenRoot(&hkRoot) && !RutlRegEnumKeys(hkRoot, TraceEnableDisable, &dwEnable) ) { fRet = TRUE; } //
// Clean up
//
if (hkRoot) { RegCloseKey(hkRoot); }
return fRet;}
BOOLTraceShowTracing(){ BOOL fRet = FALSE; HKEY hkRoot = NULL;
if (!TraceOpenRoot(&hkRoot) && !RutlRegEnumKeys(hkRoot, TraceShow, NULL)) { fRet = TRUE; } //
// Clean up
//
if (hkRoot) { RegCloseKey(hkRoot); }
return fRet;}
DWORDTraceClearModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { PWCHAR pwszPath = NULL;
if (!RutlRegReadString(hKey, g_pwszLogPath, &pwszPath) && DeleteFile(pwszPath)) { pTrace->fOneOk = TRUE; }
RutlFree(pwszPath); }
return NO_ERROR;}
BOOLTraceClearModem( IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_pwszModemSubkey, 0, KEY_READ, &hKey) ) { break; } //
// Disable all modem logging
//
TraceEnableDisableModem(FALSE);
Trace.fOneOk = FALSE;
RutlRegEnumKeys(hKey, TraceClearModemCb, &Trace);
fRet = Trace.fOneOk; //
// Enable all modem logging
//
if (fEnable) { TraceEnableDisableModem(TRUE); }
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceCollectModemLogsCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
if (pInfo) { PWCHAR pwszPath = NULL;
if (!RutlRegReadString(hKey, g_pwszLogPath, &pwszPath) && !PrintFile(pInfo, pwszPath, TRUE, ParseModemLogForTime)) { pTrace->fOneOk = TRUE; }
RutlFree(pwszPath); } }
return NO_ERROR;}
BOOLTraceCollectModemLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_pwszModemSubkey, 0, KEY_READ, &hKey) ) { break; } //
// Disable all modem logging
//
TraceEnableDisableModem(FALSE);
Trace.fOneOk = FALSE; Trace.pInfo = pInfo;
RutlRegEnumKeys(hKey, TraceCollectModemLogsCb, &Trace);
fRet = Trace.fOneOk; //
// Enable all modem logging
//
if (fEnable) { TraceEnableDisableModem(TRUE); }
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceEnableDisableModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { DWORD dwEnable = pTrace->fData ? 1 : 0;
if (!RegSetValueEx( hKey, g_pwszLogging, 0, REG_BINARY, (LPBYTE)&dwEnable, 1) ) { pTrace->fOneOk = TRUE; } }
return NO_ERROR;}
BOOLTraceEnableDisableModem( IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_pwszModemSubkey, 0, KEY_READ | KEY_WRITE, &hKey) ) { break; }
Trace.fOneOk = FALSE; Trace.fData = fEnable;
RutlRegEnumKeys(hKey, TraceEnableDisableModemCb, &Trace);
fRet = Trace.fOneOk;
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceShowModemCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { DWORD dwEnabled = 0;
if (!RutlRegReadDword( hKey, g_pwszLogging, &dwEnabled) && dwEnabled ) { pTrace->fOneOk = TRUE; } }
return NO_ERROR;}
BOOLTraceShowModem(){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_pwszModemSubkey, 0, KEY_READ, &hKey) ) { break; }
Trace.fOneOk = FALSE;
RutlRegEnumKeys(hKey, TraceShowModemCb, &Trace);
fRet = Trace.fOneOk;
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceDumpModem(){ BOOL fEnabled; DWORD dwErr = NO_ERROR; PWCHAR pwszEnable = NULL;
do { fEnabled = TraceShowModem();
pwszEnable = RutlAssignmentFromTokens( g_hModule, TOKEN_STATE, (fEnabled) ? TOKEN_ENABLED : TOKEN_DISABLED); if (!pwszEnable) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
DisplayMessage( g_hModule, MSG_TRACE_DUMP2, DMP_RASDIAG_SET_MODEMTRACE, pwszEnable);
} while (FALSE); //
// Cleanup
//
RutlFree(pwszEnable);
return dwErr;}
DWORDTraceClearCmCb( IN LPCWSTR pwszName, IN HKEY hKey, IN HANDLE hData){ PWCHAR pwszSearch = NULL, pwszLoggingPath = NULL; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
do { if (!pTrace) { break; }
if (GetCMLoggingSearchPath( pTrace->hKey, pwszName, &pwszLoggingPath, &pwszSearch)) { RutlEnumFiles( pwszLoggingPath, pwszSearch, TraceClearTracingCb, pTrace); }
} while (FALSE); //
// Clean up
//
RutlFree(pwszSearch); RutlFree(pwszLoggingPath);
return NO_ERROR;}
BOOLTraceClearCm( IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { //
// Disable CM logging
//
TraceEnableDisableCm(FALSE); //
// Open for ALLUSERS
//
Trace.hKey = HKEY_LOCAL_MACHINE; Trace.fOneOk = FALSE;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogAllKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceClearCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
RegCloseKey(hKey); hKey = NULL; //
// Open for CurrentUser
//
Trace.hKey = HKEY_CURRENT_USER;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogCurKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceClearCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk; //
// Enable CM logging
//
if (fEnable) { TraceEnableDisableCm(TRUE); }
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceCollectCmLogsEnumCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
if (pInfo) { if (!PrintFile(pInfo, pwszFQFileName, TRUE, ParseCmLogForTime)) { pTrace->fOneOk = TRUE; } } }
return NO_ERROR;}
DWORDTraceCollectCmLogsCb( IN LPCWSTR pwszName, IN HKEY hKey, IN HANDLE hData){ PWCHAR pwszSearch = NULL, pwszLoggingPath = NULL; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace && GetCMLoggingSearchPath( pTrace->hKey, pwszName, &pwszLoggingPath, &pwszSearch)) { RutlEnumFiles( pwszLoggingPath, pwszSearch, TraceCollectCmLogsEnumCb, pTrace); } //
// Clean up
//
RutlFree(pwszSearch); RutlFree(pwszLoggingPath);
return NO_ERROR;}
BOOLTraceCollectCmLogs( IN REPORT_INFO* pInfo, IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { //
// Disable CM logging
//
TraceEnableDisableCm(FALSE);
Trace.fOneOk = FALSE; Trace.hKey = HKEY_LOCAL_MACHINE; Trace.pInfo = pInfo; //
// Open for ALLUSERS
//
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogAllKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceCollectCmLogsCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
RegCloseKey(hKey); hKey = NULL; //
// Open for CurrentUser
//
Trace.hKey = HKEY_CURRENT_USER;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogCurKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceCollectCmLogsCb, &Trace) ) { break; }
fRet = Trace.fOneOk; //
// Enable CM logging
//
if (fEnable) { TraceEnableDisableCm(TRUE); }
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
DWORDTraceEnableDisableCmCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { DWORD dwEnable = pTrace->fData ? 1 : 0;
if (!RutlRegWriteDword( hKey, g_pwszEnableLog, dwEnable)) { pTrace->fOneOk = TRUE; } }
return NO_ERROR;}
BOOLTraceEnableDisableCm( IN BOOL fEnable){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { Trace.fOneOk = FALSE; Trace.fData = fEnable;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogAllKey, 0, KEY_READ | KEY_WRITE, &hKey) || RutlRegEnumKeys( hKey, TraceEnableDisableCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
RegCloseKey(hKey); hKey = NULL;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogCurKey, 0, KEY_READ | KEY_WRITE, &hKey) || RutlRegEnumKeys( hKey, TraceEnableDisableCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
//
//
//
DWORDTraceShowCmCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ DWORD dwValueData = 0; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace && !RutlRegReadDword( hKey, g_pwszEnableLog, &dwValueData) && dwValueData ) { //
// Success
//
pTrace->fOneOk = TRUE; }
return NO_ERROR;}
//
//
//
BOOLTraceShowCm(){ BOOL fRet = FALSE; HKEY hKey = NULL; TRACING_DATA Trace;
do { Trace.fOneOk = FALSE;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogAllKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceShowCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
RegCloseKey(hKey); hKey = NULL;
if (RegOpenKeyEx( HKEY_CURRENT_USER, g_pwszCmLogCurKey, 0, KEY_READ, &hKey) || RutlRegEnumKeys( hKey, TraceShowCmCb, &Trace) ) { break; }
fRet = Trace.fOneOk;
} while (FALSE); //
// Clean up
//
if (hKey) { RegCloseKey(hKey); }
return fRet;}
//
//
//
DWORDTraceDumpCm(){ BOOL fEnabled; DWORD dwErr = NO_ERROR; PWCHAR pwszEnable = NULL;
do { fEnabled = TraceShowCm();
pwszEnable = RutlAssignmentFromTokens( g_hModule, TOKEN_STATE, (fEnabled) ? TOKEN_ENABLED : TOKEN_DISABLED); if (!pwszEnable) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
DisplayMessage( g_hModule, MSG_TRACE_DUMP2, DMP_RASDIAG_SET_CMTRACE, pwszEnable);
} while (FALSE); //
// Cleanup
//
RutlFree(pwszEnable);
return dwErr;}
//
// Clear the IPSec logs of any data
//
// .Net bug# 509365 No option to delete Oakley Log via RAS Diagnostics U.I.
//
BOOLTraceClearIpsecLogs( IN BOOL fEnable){ BOOL fRet = FALSE; WCHAR wszWindir[MAX_PATH + 1] = L"\0", wszPath[MAX_PATH + 1] = L"\0";
do { //
// Disable IPSec logging
//
TraceEnableDisableIpsec(FALSE);
if (!GetSystemWindowsDirectory(wszWindir, MAX_PATH)) { break; }
_snwprintf(wszPath, MAX_PATH, L"%s%s", wszWindir, g_pwszOakleyPath);
{ UINT ulTry = 0;
while (ulTry++ < 10) { if (DeleteFile(wszPath)) { fRet = TRUE; break; } else if (GetLastError() == ERROR_SHARING_VIOLATION) { //
// Wait a little for logging to get disabled
//
Sleep(10); } } }
} while (FALSE);
if (fEnable) { //
// Re-enable IPSec logging
//
TraceEnableDisableIpsec(TRUE); }
return fRet;}
//
//
//
BOOLTraceCollectIpsecLogs( IN REPORT_INFO* pInfo){ BOOL fRet = FALSE; DWORD dwWindir = 0, dwIpsec = 0; WCHAR wszWindir[MAX_PATH + 1] = L"\0"; PWCHAR pwszIpsecLog = NULL;
do { //
// Whistler .NET BUG: 492081
//
if (!GetSystemWindowsDirectory(wszWindir, MAX_PATH)) { break; }
dwWindir = lstrlen(wszWindir); if (!dwWindir) { break; }
dwIpsec = lstrlen(g_pwszOakleyPath);
pwszIpsecLog = RutlAlloc( (dwWindir + dwIpsec + 1) * sizeof(WCHAR), FALSE); if (!pwszIpsecLog) { break; }
lstrcpyn(pwszIpsecLog, wszWindir, dwWindir + 1); wcsncat(pwszIpsecLog, g_pwszOakleyPath, dwIpsec + 1);
if (!PrintFile(pInfo, pwszIpsecLog, TRUE, ParseIpsecLogForTime)) { fRet = TRUE; }
} while (FALSE); //
// Clean up
//
RutlFree(pwszIpsecLog);
return fRet;}
//
//
//
BOOLTraceEnableDisableIpsec( IN BOOL fEnable){ BOOL fRet = FALSE; IKE_CONFIG IKEConfig; WPP_LOG_INFO WppLog;
static GUID c_RasIpsecGuid = IPSEC_GUID; static CONST WCHAR c_pwszIpsecPath[] = L"\\TRACING\\IPSEC.BIN"; static CONST WCHAR c_pwszIpsecSession[] = L"IPSEC";
do { //
// .Net bug# 515191 RAS Diag clears all oakley regkeys when
// enabling/disabling IPSec Logging
//
if (!GetConfigurationVariables(NULL, &IKEConfig)) { IKEConfig.dwEnableLogging = fEnable ? 1 : 0;
if (!SetConfigurationVariables(NULL, IKEConfig)) { fRet = TRUE; } } //
// Enable or disable IPSEC WPP tracing
//
ZeroMemory(&WppLog, sizeof(WPP_LOG_INFO)); WppLog.dwEnableFlag = 0x2ff; WppLog.dwEnableLevel = 2; WppLog.ControlGuid = c_RasIpsecGuid;
lstrcpyn(WppLog.wszLogFileName, c_pwszIpsecPath, MAX_PATH + 1); lstrcpyn(WppLog.wszSessionName, c_pwszIpsecSession, MAX_PATH + 1);
if (!InitWppData(&WppLog)) { break; }
if (fEnable) { if (!StartWppTracing(&WppLog)) { break; } } else { if (!StopWppTracing(&WppLog)) { break; } }
fRet = TRUE;
} while (FALSE); //
// Clean up
//
CleanupWppData(&WppLog);
return fRet;}
//
//
//
BOOLTraceClearAuditing( IN BOOL fEnable){ BOOL fRet = FALSE; HANDLE hLog = NULL;
do { hLog = OpenEventLog(NULL, g_pwszSecurity); if (!hLog) { break; }
if (ClearEventLog(hLog, NULL)) { fRet = TRUE; } //
// Enable auditing with no feedback
//
if (fEnable) { TraceEnableDisableAuditing(FALSE, fEnable); }
} while (FALSE); //
// Clean up
//
if (hLog) { CloseEventLog(hLog); }
return fRet;}
//
//
//
BOOLTraceEnableDisableAuditing( IN BOOL fShowOnly, IN BOOL fEnable){ BOOL fRet = FALSE; UINT i; NTSTATUS ntstatus; LSA_HANDLE policy_handle = NULL; OBJECT_ATTRIBUTES obj_attr; PPOLICY_AUDIT_EVENTS_INFO info = NULL; SECURITY_QUALITY_OF_SERVICE sqos;
do { InitializeObjectAttributes(&obj_attr, NULL, 0L, 0L, NULL);
sqos.Length = sizeof(sqos); sqos.ImpersonationLevel = SecurityIdentification; sqos.ContextTrackingMode = SECURITY_STATIC_TRACKING; sqos.EffectiveOnly = FALSE;
obj_attr.SecurityQualityOfService = &sqos;
ntstatus = LsaOpenPolicy( NULL, &obj_attr, POLICY_VIEW_AUDIT_INFORMATION | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN, &policy_handle); if (!NT_SUCCESS(ntstatus)) { break; }
ntstatus = LsaQueryInformationPolicy( policy_handle, PolicyAuditEventsInformation, (PVOID*)&info); if (!NT_SUCCESS(ntstatus) || (!info)) { break; }
for (i = 0; i < info->MaximumAuditEventCount; i++) { if(i == AuditCategoryAccountLogon || i == AuditCategoryLogon) { if (fShowOnly) { if(i == AuditCategoryAccountLogon || i == AuditCategoryLogon) { if ((info->EventAuditingOptions[i] & POLICY_AUDIT_EVENT_FAILURE) && (info->EventAuditingOptions[i] & POLICY_AUDIT_EVENT_SUCCESS) ) { fRet = TRUE; } } } else { if(fEnable) { info->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_FAILURE| POLICY_AUDIT_EVENT_SUCCESS; } else { info->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_NONE; } } } } //
// See if we are only trying to detect what is enabled
//
if (fShowOnly) { break; }
ntstatus = LsaSetInformationPolicy( policy_handle, PolicyAuditEventsInformation, (PVOID)info); if (NT_SUCCESS(ntstatus)) { fRet = TRUE; } else { fRet = FALSE; }
} while (FALSE); //
// Clean up
//
if (info) { LsaFreeMemory(info); } if (policy_handle) { LsaClose(policy_handle); }
return fRet;}
//
//
//
DWORDTraceDumpAuditing(){ BOOL fEnabled; DWORD dwErr = NO_ERROR; PWCHAR pwszEnable = NULL;
do { fEnabled = TraceEnableDisableAuditing(TRUE, FALSE);
pwszEnable = RutlAssignmentFromTokens( g_hModule, TOKEN_STATE, (fEnabled) ? TOKEN_ENABLED : TOKEN_DISABLED); if (!pwszEnable) { dwErr = ERROR_NOT_ENOUGH_MEMORY; break; }
DisplayMessage( g_hModule, MSG_TRACE_DUMP2, DMP_RASDIAG_SET_AUDITING, pwszEnable);
} while (FALSE); //
// Cleanup
//
RutlFree(pwszEnable);
return dwErr;}
//
// .Net bug# 522035 RAS Diag: include new WPP tracing logs from RASL2TP and
// RASPPTP
//
// Init the EVENT_TRACE_PROPERTIES struct
//
BOOLInitWppData( IN WPP_LOG_INFO* pWppLog){ BOOL fRet = FALSE; ULONG ulSize = sizeof(EVENT_TRACE_PROPERTIES) + ((MAX_PATH + 1) * 2 * sizeof(WCHAR));
do { if (!pWppLog) { break; }
//
// Allocate and init the WPP structure
//
pWppLog->pProperties = RutlAlloc(ulSize, TRUE); if (!pWppLog->pProperties) { break; }
pWppLog->pProperties->Wnode.BufferSize = ulSize; pWppLog->pProperties->Wnode.Flags = WNODE_FLAG_TRACED_GUID; pWppLog->pProperties->MaximumFileSize = 5; pWppLog->pProperties->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL; pWppLog->pProperties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES); pWppLog->pProperties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + ((MAX_PATH + 1) * sizeof(WCHAR));
lstrcpyn( (PWCHAR )((PBYTE )pWppLog->pProperties + pWppLog->pProperties->LoggerNameOffset), pWppLog->wszSessionName, MAX_PATH + 1);
if ((pWppLog->wszLogFileName)[0] != L'\0') { WCHAR wszWindir[MAX_PATH + 1] = L"\0", wszPath[MAX_PATH + 1] = L"\0"; //
// Get the name of the tracing directory
//
if (!GetSystemWindowsDirectory(wszWindir, MAX_PATH)) { break; }
_snwprintf( wszPath, MAX_PATH, L"%s%s", wszWindir, pWppLog->wszLogFileName);
lstrcpyn( (PWCHAR )((PBYTE )pWppLog->pProperties + pWppLog->pProperties->LogFileNameOffset), wszPath, MAX_PATH + 1); } //
// Attempt to read in any existing settings from the registry, this
// could overwrite some of the defaults above.
//
ReadWppTracingState(pWppLog);
fRet = TRUE;
} while (FALSE);
return fRet;}
//
// Free the Wpp data struct
//
VOIDCleanupWppData( IN WPP_LOG_INFO* pWppLog){ if (pWppLog) { RutlFree(pWppLog->pProperties); ZeroMemory(pWppLog, sizeof(WPP_LOG_INFO)); }
return;}
DWORDClearWppTracingCb( IN LPCWSTR pwszFQFileName, IN LPCWSTR pwszFileName, IN HANDLE hData){ TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { UINT ulTry = 0;
while (ulTry++ < 10) { if (DeleteFile(pwszFQFileName)) { pTrace->fOneOk = TRUE; break; } else if (GetLastError() == ERROR_SHARING_VIOLATION) { //
// Wait a little for logging to get disabled
//
Sleep(10); } } }
return NO_ERROR;}
BOOLClearWppTracing( IN BOOL fEnable){ BOOL fRet = FALSE; PWCHAR pwszTracingPath = NULL; TRACING_DATA Trace;
static CONST WCHAR pwszWppExt[] = L".BIN";
do { //
// Disable tracing
//
TraceEnableDisableAllWpp(FALSE);
pwszTracingPath = GetTracingDir(); if (!pwszTracingPath) { break; }
Trace.fOneOk = FALSE;
RutlEnumFiles( pwszTracingPath, (PWCHAR)pwszWppExt, ClearWppTracingCb, &Trace);
fRet = Trace.fOneOk; //
// Enable tracing
//
if (fEnable) { TraceEnableDisableAllWpp(TRUE); }
} while (FALSE); //
// Clean up
//
RutlFree(pwszTracingPath);
return fRet;}
//
// Wpp does not currently (01/26/02) persist tracing state across a reboot.
// When a machine comes back up, even if it was enabled before the reboot,
// it returns to a disabled state. Thus we must track the state ourselves in
// the registry.
//
BOOLWriteWppTracingState( IN WPP_LOG_INFO* pWppLog){ BOOL fRet = FALSE; HKEY hkKey = NULL; WCHAR wszPath[MAX_PATH + 1] = L"\0", wszGuid[MAX_PATH + 1] = L"\0";
do { if ((!pWppLog) || (!pWppLog->pProperties)) { break; }
_snwprintf( wszPath, MAX_PATH, L"%s%s", g_pwszWppPath, pWppLog->wszSessionName); //
// Create the new key if need be
//
if (RegCreateKeyExW( HKEY_LOCAL_MACHINE, wszPath, 0, NULL, 0, KEY_WRITE, NULL, &hkKey, NULL) ) { break; } //
// Write out the tracing data
//
RutlRegWriteDword(hkKey, g_pwszWppActive, pWppLog->dwActive); RutlRegWriteDword(hkKey, g_pwszWppControlFlags, pWppLog->dwEnableFlag); RutlRegWriteDword(hkKey, g_pwszWppControlLevel, pWppLog->dwEnableLevel);
RutlConvertGuidToString(&(pWppLog->ControlGuid), wszGuid); RutlRegWriteString(hkKey, g_pwszWppGuid, wszGuid);
RutlRegWriteString( hkKey, g_pwszWppLogFileName, (PWCHAR )((PBYTE )pWppLog->pProperties + pWppLog->pProperties->LogFileNameOffset));
fRet = TRUE;
} while (FALSE); //
// Clean up
//
if (hkKey) { RegCloseKey(hkKey); }
return fRet;}
//
// Open the WPP registry location and read out any config values
//
BOOLReadWppTracingState( IN WPP_LOG_INFO* pWppLog){ BOOL fRet = FALSE; HKEY hkKey = NULL; WCHAR wszPath[MAX_PATH + 1] = L"\0"; PWCHAR pwszGuid = NULL, pwszLogFileName = NULL;
do { if ((!pWppLog) || (!pWppLog->pProperties)) { break; }
_snwprintf( wszPath, MAX_PATH, L"%s%s", g_pwszWppPath, pWppLog->wszSessionName); //
// Open the key
//
if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, wszPath, 0, KEY_READ, &hkKey) ) { break; } //
// Read in the tracing data
//
RutlRegReadDword(hkKey, g_pwszWppActive, &(pWppLog->dwActive)); RutlRegReadDword( hkKey, g_pwszWppControlFlags, &(pWppLog->dwEnableFlag)); RutlRegReadDword( hkKey, g_pwszWppControlLevel, &(pWppLog->dwEnableLevel));
if (!RutlRegReadString(hkKey, g_pwszWppGuid, &pwszGuid)) { RutlConvertStringToGuid( pwszGuid, lstrlen(pwszGuid) * sizeof(WCHAR), &(pWppLog->ControlGuid)); }
if (!RutlRegReadString(hkKey, g_pwszWppLogFileName, &pwszLogFileName)) { lstrcpyn( (PWCHAR )((PBYTE )pWppLog->pProperties + pWppLog->pProperties->LogFileNameOffset), pwszLogFileName, MAX_PATH + 1); }
fRet = TRUE;
} while (FALSE); //
// Clean up
//
RutlFree(pwszLogFileName); RutlFree(pwszGuid); if (hkKey) { RegCloseKey(hkKey); }
return fRet;}
//
// Start a Wpp tracing session
//
BOOLStartWppTracing( IN WPP_LOG_INFO* pWppLog){ DWORD dwErr; TRACEHANDLE hSession = 0;
if ((!pWppLog) || (!pWppLog->pProperties)) { return FALSE; } //
// Start a tracing session
//
if (StartTrace(&hSession, pWppLog->wszSessionName, pWppLog->pProperties)) { return FALSE; } //
// Enable a tracing session
//
if (EnableTrace( TRUE, pWppLog->dwEnableFlag, pWppLog->dwEnableLevel, &(pWppLog->ControlGuid), hSession) ) { return FALSE; } //
// Save off the state in the registry
//
pWppLog->dwActive = 1; if (!WriteWppTracingState(pWppLog)) { return FALSE; }
return TRUE;}
//
// Stop a Wpp tracing session
//
BOOLStopWppTracing( IN WPP_LOG_INFO* pWppLog){ TRACEHANDLE hSession = 0;
if ((!pWppLog) || (!pWppLog->pProperties)) { return FALSE; } //
// Query WPP to see if a tracing session is active
//
if (ControlTrace( hSession, pWppLog->wszSessionName, pWppLog->pProperties, EVENT_TRACE_CONTROL_QUERY) ) { return FALSE; } //
// One is active, get it's handle
//
hSession = pWppLog->pProperties->Wnode.HistoricalContext; //
// Disable the session
//
if (EnableTrace(FALSE, 0, 0, &(pWppLog->ControlGuid), hSession)) { return FALSE; } //
// Stop the tracing
//
if (ControlTrace( hSession, pWppLog->wszSessionName, pWppLog->pProperties, EVENT_TRACE_CONTROL_STOP) ) { return FALSE; } //
// Save off the state in the registry
//
pWppLog->dwActive = 0; if (!WriteWppTracingState(pWppLog)) { return FALSE; }
return TRUE;}
//
// Enum any existing RAS WPP registry entries
//
DWORDEnumWppTracing( IN RAS_REGKEY_ENUM_FUNC_CB pCallback, IN HANDLE hData){ HKEY hKey = NULL; DWORD dwErr = NO_ERROR;
if (!pCallback) { return ERROR_INVALID_PARAMETER; }
dwErr = RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_pwszWppPath, 0, KEY_READ, &hKey); if (!dwErr) { dwErr = RutlRegEnumKeys(hKey, pCallback, hData); RegCloseKey(hKey); }
return dwErr;}
//
// Enable or disable RASL2TP WPP tracing
//
BOOLTraceEnableDisableRasL2tp( IN BOOL fEnable){ BOOL fRet = FALSE; WPP_LOG_INFO WppLog;
static GUID c_RasL2tpGuid = RASL2TP_GUID; static CONST WCHAR c_pwszL2tpPath[] = L"\\TRACING\\RASL2TP.BIN"; static CONST WCHAR c_pwszL2tpSession[] = L"RASL2TP";
do { ZeroMemory(&WppLog, sizeof(WPP_LOG_INFO)); WppLog.dwEnableFlag = 0x2ff; WppLog.dwEnableLevel = 2; WppLog.ControlGuid = c_RasL2tpGuid;
lstrcpyn(WppLog.wszLogFileName, c_pwszL2tpPath, MAX_PATH + 1); lstrcpyn(WppLog.wszSessionName, c_pwszL2tpSession, MAX_PATH + 1);
if (!InitWppData(&WppLog)) { break; }
if (fEnable) { if (!StartWppTracing(&WppLog)) { break; } } else { if (!StopWppTracing(&WppLog)) { break; } }
fRet = TRUE;
} while (FALSE); //
// Clean up
//
CleanupWppData(&WppLog);
return fRet;}
//
// Enable or disable RASPPTP WPP tracing
//
BOOLTraceEnableDisableRasPptp( IN BOOL fEnable){ BOOL fRet = FALSE; WPP_LOG_INFO WppLog;
static GUID c_RasPptpGuid = RASPPTP_GUID; static CONST WCHAR c_pwszPptpPath[] = L"\\TRACING\\RASPPTP.BIN"; static CONST WCHAR c_pwszPptpSession[] = L"RASPPTP";
do { ZeroMemory(&WppLog, sizeof(WPP_LOG_INFO)); WppLog.dwEnableFlag = 0x2ff; WppLog.dwEnableLevel = 2; WppLog.ControlGuid = c_RasPptpGuid;
lstrcpyn(WppLog.wszLogFileName, c_pwszPptpPath, MAX_PATH + 1); lstrcpyn(WppLog.wszSessionName, c_pwszPptpSession, MAX_PATH + 1);
if (!InitWppData(&WppLog)) { break; }
if (fEnable) { if (!StartWppTracing(&WppLog)) { break; } } else { if (!StopWppTracing(&WppLog)) { break; } }
fRet = TRUE;
} while (FALSE); //
// Clean up
//
CleanupWppData(&WppLog);
return fRet;}
//
// Enable or disable All WPP tracing
//
BOOLTraceEnableDisableAllWpp( IN BOOL fEnable){ BOOL fRet = FALSE;
if (TraceEnableDisableRasL2tp(fEnable)) { fRet = TRUE; } if (TraceEnableDisableRasPptp(fEnable)) { fRet = TRUE; } if (TraceEnableDisableIpsec(fEnable)) { fRet = TRUE; }
return fRet;}
//
// Enable any WPP tracing sessions that were disabled because of reboot
//
DWORDDiagInitWppTracingCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ WPP_LOG_INFO WppLog;
ZeroMemory(&WppLog, sizeof(WPP_LOG_INFO)); WppLog.dwEnableFlag = 0x2ff; WppLog.dwEnableLevel = 2;
lstrcpyn(WppLog.wszSessionName, pszName, MAX_PATH + 1);
if ((InitWppData(&WppLog)) && (WppLog.dwActive) ) { StartWppTracing(&WppLog); } //
// Clean up
//
CleanupWppData(&WppLog);
return NO_ERROR;}
//
// NON-NETSH function - allow someone to turn on all of our WPP tracing based
// on our saved state in the registry
//
VOIDDiagInitWppTracing(){ EnumWppTracing(DiagInitWppTracingCb, NULL);
return;}
//
//
//
BOOLPrintRasEventLogsCb( IN PEVENTLOGRECORD pevlr, IN HANDLE hModule, IN HANDLE hData){ BOOL fRet = FALSE; DWORD dwId = pevlr->EventID; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
if (pInfo && (((dwId >= RASBASE ) && (dwId <= RASBASEEND)) || ((dwId >= ROUTEBASE ) && ( dwId <= ROUTEBASEEND)) || ((dwId >= ROUTER_LOG_BASE) && (dwId <= ROUTER_LOG_BASEEND))) ) { PWCHAR pwszErrorMsg = NULL;
pwszErrorMsg = FormatMessageFromMod(hModule, dwId); if (pwszErrorMsg) { PWCHAR pwszCategory = NULL, pwszExpanded = NULL;
pwszExpanded = CreateErrorString( pevlr->NumStrings, (PWCHAR)((LPBYTE)pevlr + pevlr->StringOffset), pwszErrorMsg); if (pwszExpanded) { WriteEventLogEntry(pInfo->pBuff, pevlr, pwszExpanded, NULL); RutlFree(pwszExpanded); pTrace->fOneOk = TRUE; }
FreeFormatMessageFromMod(pwszErrorMsg); fRet = TRUE; } } }
return fRet;}
//
//
//
VOIDPrintRasEventLogs( IN REPORT_INFO* pInfo){ TRACING_DATA Trace; static CONST WCHAR pwszSystem[] = L"System"; static CONST WCHAR pwszMsgDll[] = L"mprmsg.dll";
Trace.fOneOk = FALSE; Trace.pInfo = pInfo;
RutlEnumEventLogs( pwszSystem, pwszMsgDll, MAX_NUMBER_OF_LOGS, PrintRasEventLogsCb, &Trace);
if (!Trace.fOneOk) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_CONFIG_EVENTLOG); }
return;}
//
//
//
BOOLPrintSecurityEventLogsCb( IN PEVENTLOGRECORD pevlr, IN HANDLE hModule, IN HANDLE hData){ BOOL fRet = FALSE; PWCHAR pwszErrorMsg = NULL, pwszCategory = NULL, pwszExpanded = NULL; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
if (pTrace) { REPORT_INFO* pInfo = pTrace->pInfo;
pwszErrorMsg = FormatMessageFromMod(hModule, pevlr->EventID); if (pInfo && pwszErrorMsg) { if (pevlr->EventCategory) { pwszCategory = FormatMessageFromMod( hModule, (DWORD)pevlr->EventCategory); }
pwszExpanded = CreateErrorString( pevlr->NumStrings, (PWCHAR)((LPBYTE)pevlr + pevlr->StringOffset), pwszErrorMsg); if (pwszExpanded) { WriteEventLogEntry( pInfo->pBuff, pevlr, pwszExpanded, pwszCategory); RutlFree(pwszExpanded); pTrace->fOneOk = TRUE; }
FreeFormatMessageFromMod(pwszCategory); fRet = TRUE; }
FreeFormatMessageFromMod(pwszErrorMsg); }
return fRet;}
//
//
//
VOIDPrintSecurityEventLogs( IN REPORT_INFO* pInfo){ TRACING_DATA Trace;
static CONST WCHAR pwszMsgDll[] = L"msaudite.dll";
Trace.fOneOk = FALSE; Trace.pInfo = pInfo;
RutlEnumEventLogs( g_pwszSecurity, pwszMsgDll, MAX_NUMBER_OF_LOGS, PrintSecurityEventLogsCb, &Trace);
if (!Trace.fOneOk) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_CONFIG_SECEVENTLOG); }
return;}
//
//
//
DWORDTraceCollectAll( IN REPORT_INFO* pInfo){ BOOL fEnabled; DWORD dwErr = NO_ERROR;
do { fEnabled = DiagGetState(); //
// Collect RAS tracing logs into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszTraceCollectTracingLogs, MSG_RASDIAG_REPORT_TRACE);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_TRACE); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_TRACE); BREAK_ON_DWERR(dwErr); }
if (!TraceCollectTracingLogs(pInfo, fEnabled)) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_TRACE_LOGS_FAIL); } //
// Collect modem tracing logs into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszTraceCollectModemLogs, MSG_RASDIAG_REPORT_TRACE_MODEM);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_TRACE_MODEM); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_TRACE_MODEM); BREAK_ON_DWERR(dwErr); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart);
if (!TraceCollectModemLogs(pInfo, fEnabled)) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_MODEMTRACE_LOGS_FAIL); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd); //
// Collect CM tracing logs into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszTraceCollectCmLogs, MSG_RASDIAG_REPORT_TRACE_CM);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_TRACE_CM); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_TRACE_CM); BREAK_ON_DWERR(dwErr); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart);
if (!TraceCollectCmLogs(pInfo, fEnabled)) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_CM_LOGS_FAIL); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd); //
// Collect IPSec tracing logs into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszTraceCollectIpsecLogs, MSG_RASDIAG_REPORT_TRACE_IPSEC);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_TRACE_IPSEC); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_TRACE_IPSEC); BREAK_ON_DWERR(dwErr); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart);
if (!TraceCollectIpsecLogs(pInfo)) { BufferWriteMessage( pInfo->pBuff, g_hModule, EMSG_RASDIAG_SHOW_IPSEC_LOGS_FAIL); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd); //
// Collect RAS Events into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszPrintRasEventLogs, MSG_RASDIAG_REPORT_RASEVENT);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_RASEVENT); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_RASEVENT); BREAK_ON_DWERR(dwErr); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart); PrintRasEventLogs(pInfo); BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd); //
// Collect Security Events into report
//
WriteHtmlSection( pInfo->pBuff, g_pwszPrintSecurityEventLogs, MSG_RASDIAG_REPORT_SECEVENT);
if (pInfo->fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_REPORT_SECEVENT); PrintMessage(g_pwszDispNewLine); } else if (pInfo->pCallback) { dwErr = CopyAndCallCB(pInfo, MSG_RASDIAG_REPORT_SECEVENT); BREAK_ON_DWERR(dwErr); }
BufferWriteFileStrW(pInfo->pBuff, g_pwszPreStart); PrintSecurityEventLogs(pInfo); BufferWriteFileStrW(pInfo->pBuff, g_pwszPreEnd);
} while (FALSE);
return dwErr;}
//
//
//
VOIDTraceShowAll(){ if (!TraceShowTracing()) { DisplayMessage(g_hModule, EMSG_RASDIAG_TRACEALL_RAS_FAIL); }
if (TraceShowModem()) { DisplayMessage(g_hModule, MSG_RASDIAG_SHOW_MODEMTRACE_ENABLED); } else { DisplayMessage(g_hModule, EMSG_RASDIAG_SHOW_MODEMTRACE_DISABLED); }
if (TraceShowCm()) { DisplayMessage(g_hModule, MSG_RASDIAG_SHOW_CMTRACE_ENABLED); } else { DisplayMessage(g_hModule, EMSG_RASDIAG_SHOW_CMTRACE_DISABLED); }
if (TraceEnableDisableAuditing(TRUE, FALSE)) { DisplayMessage(g_hModule, MSG_RASDIAG_SHOW_AUDITING_ENABLED); } else { DisplayMessage(g_hModule, EMSG_RASDIAG_SHOW_AUDITING_DISABLED); }
return;}
//
// Clear all tracing files. All tracing must be disabled before the files can
// be 'cleared'. The state of tracing is read before the clear so it can be
// restored (only in the disabled case).
//
DWORDDiagClearAll( IN BOOL fDisplay){ BOOL fEnabled; DWORD dwErr = ERROR_OPEN_FAILED;
fEnabled = DiagGetState();
if (TraceClearTracing(fEnabled)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_CLEAR_TRACE_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_CLEAR_TRACE_FAIL); }
if (TraceClearModem(fEnabled)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_CLEAR_MODEMTRACE); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_CLEAR_MODEMTRACE_FAIL); }
if (TraceClearCm(fEnabled)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_CLEAR_CMTRACE); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_CLEAR_CMTRACE_FAIL); }
if (TraceClearAuditing(fEnabled)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_CLEAR_AUDITING); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_CLEAR_AUDITING_FAIL); } //
// .Net bug# 509365 No option to delete Oakley Log via RAS Diagnostics U.I.
//
TraceClearIpsecLogs(fEnabled); //
// .Net bug# 522035 RAS Diag: include new WPP tracing logs from RASL2TP and
// RASPPTP
//
ClearWppTracing(fEnabled);
return dwErr;}
//
// Callback for DiagGetState to detect if any tracing is turned off
//
DWORDDiagGetStateCb( IN LPCWSTR pszName, IN HKEY hKey, IN HANDLE hData){ DWORD dwEnabled = 0; TRACING_DATA* pTrace = (TRACING_DATA*)hData;
//
// Get the enabling of the current component
//
TraceRead(hKey, &dwEnabled); //
// If any of the keys are turned off, report failure
//
if (!dwEnabled && pTrace) { pTrace->fOneOk = FALSE; }
return NO_ERROR;}
//
// NON-NETSH function to detect whether *only* ras tracing is enabled/disabled.
// This is only used by people who loadlib on RASMONTR.
//
BOOLDiagGetState(){ BOOL fRet = FALSE; HKEY hkRoot = NULL; TRACING_DATA Trace;
Trace.fOneOk = TRUE;
if (!TraceOpenRoot(&hkRoot) && !RutlRegEnumKeys(hkRoot, DiagGetStateCb, &Trace) ) { fRet = Trace.fOneOk; } //
// Clean up
//
if (hkRoot) { RegCloseKey(hkRoot); }
return fRet;}
//
// enable/disable all tracing.
//
DWORDDiagSetAll( IN BOOL fEnable, IN BOOL fDisplay){ DWORD dwErr = ERROR_OPEN_FAILED;
if (TraceEnableDisableTracing(fEnable)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_TRACEALL_RAS_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_TRACEALL_RAS_FAIL); }
if (TraceEnableDisableModem(fEnable)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_SET_MODEMTRACE_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_SET_MODEMTRACE_FAIL); }
if (TraceEnableDisableCm(fEnable)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_SET_CMTRACE_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_SET_CMTRACE_FAIL); }
if (TraceEnableDisableAuditing(FALSE, fEnable)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_SET_AUDITING_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_SET_AUDITING_FAIL); }
if (TraceEnableDisableIpsec(fEnable)) { dwErr = NO_ERROR; if (fDisplay) { DisplayMessage(g_hModule, MSG_RASDIAG_SET_IPSEC_OK); } } else if (fDisplay) { DisplayMessage(g_hModule, EMSG_RASDIAG_SET_IPSEC_FAIL); } //
// .Net bug# 522035 RAS Diag: include new WPP tracing logs from RASL2TP and
// RASPPTP
//
TraceEnableDisableAllWpp(fEnable);
return dwErr;}
//
// NON-NETSH function to enable/disable *only* ras tracing.
// This is only used by people who loadlib on RASMONTR.
//
DWORDDiagSetAllRas( IN BOOL fEnable){ //
// .Net bug# 522035 RAS Diag: include new WPP tracing logs from RASL2TP and
// RASPPTP
//
if (TraceEnableDisableTracing(fEnable) && TraceEnableDisableAllWpp(fEnable)) { return NO_ERROR; } else { return ERROR_OPEN_FAILED; }}
|
