/****************************************************************************** * * Copyright (c) 2000 Microsoft Corporation * * Module Name: * evthandler.cpp * * Abstract: * CEventHandler class methods * * Revision History: * Brijesh Krishnaswami (brijeshk) 03/17/2000 * created * *****************************************************************************/ #include "precomp.h" #include "..\rstrcore\resource.h" #include "ntservmsg.h" #ifdef THIS_FILE #undef THIS_FILE #endif static char __szTraceSourceFile[] = __FILE__; #define THIS_FILE __szTraceSourceFile #define IDLE_STACKSIZE 32768 // 32K stack for idle thread CEventHandler *g_pEventHandler; BOOL CallerIsAdminOrSystem () { BOOL fAdminOrSystem = TRUE; // impersonation will fail if from service if (RPC_S_OK == RpcImpersonateClient (NULL)) { fAdminOrSystem = IsAdminOrSystem(); RpcRevertToSelf(); } return fAdminOrSystem; }; BOOL CallerIsAdminOrSystemOrPowerUsers() { BOOL fPowerUsers = TRUE; // impersonation will fail if from service if (RPC_S_OK == RpcImpersonateClient (NULL)) { fPowerUsers = IsAdminOrSystem() || IsPowerUsers(); RpcRevertToSelf(); } return fPowerUsers; } // constructor CEventHandler::CEventHandler() { m_hTimerQueue = m_hTimer = NULL; m_hIdle = NULL; m_fNoRpOnSystem = TRUE; m_fIdleSrvStarted = FALSE; m_ftFreeze.dwLowDateTime = 0; m_ftFreeze.dwHighDateTime = 0; m_nNestedCallCount = 0; m_hCOMDll = NULL; m_hIdleRequestHandle = NULL; m_hIdleStartHandle = NULL; m_hIdleStopHandle = NULL; m_fCreateRpASAP = FALSE; } // destructor CEventHandler::~CEventHandler() { } // the RPC API DWORD CEventHandler::DisableSRS(LPWSTR pszDrive) { DWORD dwRc = ERROR_SUCCESS; BOOL fHaveLock = FALSE; HANDLE hEventSource = NULL; tenter("CEventHandler::DisableSRS"); if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; trace(0, "DisableSRS: Caller is not admin or system -- Access denied"); goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr && g_pSRConfig); // if whole of SR is disabled, then // - set firstrun and cleanup flag to yes // - set stop event if (! pszDrive || IsSystemDrive(pszDrive)) { trace(0, "Disabling all of SR"); dwRc = SrStopMonitoring(g_pSRConfig->GetFilter()); if (dwRc != ERROR_SUCCESS) { trace(0, "! SrStopMonitoring : %ld", dwRc); goto done; } dwRc = g_pSRConfig->SetFirstRun(SR_FIRSTRUN_YES); if (dwRc != ERROR_SUCCESS) { trace(0, "! SetFirstRun : %ld", dwRc); goto done; } g_pDataStoreMgr->DestroyDataStore(NULL); if (dwRc != ERROR_SUCCESS) { trace(0, "! DestroyDataStore : %ld", dwRc); goto done; } // set the filter start to disabled only if this is a // real disable // if it's a reset, filter needs to start the next boot if (g_pSRConfig->GetResetFlag() == FALSE) { dwRc = SetServiceStartup(s_cszFilterName, SERVICE_DISABLED); if (ERROR_SUCCESS != dwRc) { trace(0, "! SetServiceStartup : %ld", dwRc); goto done; } // done, we are disabled dwRc = g_pSRConfig->SetDisableFlag(TRUE); if (dwRc != ERROR_SUCCESS) { trace(0, "! SetDisableFlag : %ld", dwRc); goto done; } } // set the stop event // this will bring us down gracefully SignalStop(); if (g_pSRConfig->m_dwTestBroadcast) PostTestMessage(g_pSRConfig->m_uiTMDisable, NULL, NULL); // write to event log hEventSource = RegisterEventSource(NULL, s_cszServiceName); if (hEventSource != NULL) { SRLogEvent (hEventSource, EVENTLOG_INFORMATION_TYPE, EVMSG_SYSDRIVE_DISABLED, NULL, 0, NULL, NULL, NULL); DeregisterEventSource(hEventSource); } trace(0, "SR disabled"); } else { trace(0, "Disabling drive %S", pszDrive); // first tell filter to stop monitoring, // then build _filelst.cfg and pass down dwRc = g_pDataStoreMgr->MonitorDrive(pszDrive, FALSE); if (ERROR_SUCCESS != dwRc) { trace(0, "! g_pDataStoreMgr->MonitorDrive for %s : %ld", pszDrive, dwRc); goto done; } } done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::EnableSRS(LPWSTR pszDrive) { tenter("CEventHandler::EnableSRS"); BOOL fHaveLock = FALSE; DWORD dwRc = ERROR_SUCCESS; if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; goto done; } LOCKORLEAVE(fHaveLock); trace(0, "EnableSRS"); ASSERT(g_pSRConfig); if (! pszDrive || IsSystemDrive(pszDrive)) { // // if safe mode, then don't // if (TRUE == g_pSRConfig->GetSafeMode()) { DebugTrace(0, "Cannot enable SR in safemode"); dwRc = ERROR_BAD_ENVIRONMENT; goto done; } // system drive g_pSRConfig->SetDisableFlag(FALSE); dwRc = SetServiceStartup(s_cszFilterName, SERVICE_BOOT_START); if (ERROR_SUCCESS != dwRc) { trace(0, "! SetServiceStartup : %ld", dwRc); goto done; } dwRc = SetServiceStartup(s_cszServiceName, SERVICE_AUTO_START); if (ERROR_SUCCESS != dwRc) { trace(0, "! SetServiceStartup : %ld", dwRc); goto done; } } else { ASSERT(g_pDataStoreMgr); // build _filelst.cfg and pass down dwRc = g_pDataStoreMgr->MonitorDrive(pszDrive, TRUE); if (ERROR_SUCCESS != dwRc) { trace(0, "! g_pDataStoreMgr->MonitorDrive for %s : %ld", pszDrive, dwRc); goto done; } } done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::DisableFIFOS(DWORD dwRPNum) { tenter("CEventHandler::DisableFIFOS"); BOOL fHaveLock = FALSE; DWORD dwRc = ERROR_SUCCESS; if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pSRConfig); g_pSRConfig->SetFifoDisabledNum(dwRPNum); trace(0, "Disabled FIFO from RP%ld", dwRPNum); done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::EnableFIFOS() { tenter("CEventHandler::EnableFIFOS"); BOOL fHaveLock = FALSE; DWORD dwRc = ERROR_SUCCESS; if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pSRConfig); g_pSRConfig->SetFifoDisabledNum(0); trace(0, "Reenabled FIFO"); done: UNLOCK(fHaveLock); tleave(); return dwRc; } // API and internal method to create a new restore point - // this will ask filter to create a restore point folder, // take the system snapshot, and write the restore point log BOOL CEventHandler::SRSetRestorePointS( PRESTOREPOINTINFOW pRPInfo, PSTATEMGRSTATUS pSmgrStatus ) { tenter("CEventHandler::SRSetRestorePointS"); DWORD dwRc = ERROR_SUCCESS; WCHAR szRPDir[MAX_RP_PATH]; DWORD dwRPNum = 1; BOOL fHaveLock = FALSE; HKEY hKey = NULL; CRestorePoint rpLast; BOOL fSnapshot = TRUE; DWORD dwSaveType; BOOL fUpdateMonitoredList = FALSE; DWORD dwSnapshotResult = ERROR_SUCCESS; BOOL fSerialized; if (! pRPInfo || ! pSmgrStatus) { trace(0, "Invalid arguments"); dwRc = ERROR_INVALID_DATA; goto done; } if (pRPInfo->dwRestorePtType > MAX_RPT) { trace(0, "Restore point type out of valid range"); dwRc = ERROR_INVALID_DATA; goto done; } if (pRPInfo->dwEventType < MIN_EVENT || pRPInfo->dwEventType > MAX_EVENT) { trace(0, "Event type out of valid range"); dwRc = ERROR_INVALID_DATA; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr && g_pSRConfig); // // special processing for FIRSTRUN checkpoint // if (pRPInfo->dwRestorePtType == FIRSTRUN) { // first remove the Run key if it exists // the function run from the Run entry in srclient.dll may not have been // able to delete itself if it was run in non-admin context // so we will make sure we delete it here HKEY hKey; if (ERROR_SUCCESS == RegOpenKey(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey)) { RegDeleteValue(hKey, L"SRFirstRun"); RegCloseKey(hKey); } // if this is really the first checkpoint // then allow it no matter who's trying to create it // if not, then bail if (m_fNoRpOnSystem == FALSE) { trace(0, "Trying to create FirstRun rp when an rp already exists"); dwRc = ERROR_ALREADY_EXISTS; goto done; } } else { // this is not FIRSTRUN, so check for privileges if (!CallerIsAdminOrSystemOrPowerUsers()) { dwRc = ERROR_ACCESS_DENIED; trace(0, "SRSetRestorePointS: Caller is not admin or system or power users -- Access denied"); goto done; } } // // if this is a restore restore point or system checkpoint, // then erase any nested rp context // this will make sure that restore can happen // even if some erratic client failed to call END_NESTED // if (pRPInfo->dwRestorePtType == RESTORE || pRPInfo->dwRestorePtType == CHECKPOINT || pRPInfo->dwRestorePtType == FIRSTRUN) { trace(0, "Resetting nested refcount to 0"); m_nNestedCallCount = 0; } // // get the current rp number // dwRPNum will be overwritten if a new restore point is created // after all the prelim checks // dwRPNum = (m_fNoRpOnSystem == FALSE) ? m_CurRp.GetNum() : 0; // // if this is a nested call // then don't create nested rps // if (pRPInfo->dwEventType == END_NESTED_SYSTEM_CHANGE) { // adjust refcount only if called for the current restore point if (pRPInfo->llSequenceNumber == 0 || pRPInfo->llSequenceNumber == dwRPNum) { dwRc = ERROR_SUCCESS; if (m_nNestedCallCount > 0) m_nNestedCallCount--; } else if (pRPInfo->llSequenceNumber < dwRPNum) { dwRc = ERROR_SUCCESS; trace(0, "END_NESTED called for older rp - not adjusting refcount"); } else { dwRc = ERROR_INVALID_DATA; trace(0, "END_NESTED called for non-existent rp - not adjusting refcount"); } if (pRPInfo->dwRestorePtType != CANCELLED_OPERATION) { goto done; } } else if (pRPInfo->dwEventType == BEGIN_NESTED_SYSTEM_CHANGE) { if (m_nNestedCallCount > 0) { dwRc = ERROR_SUCCESS; m_nNestedCallCount++; goto done; } } // check if this is a request to remove restore point // provided for backward compat only // new clients should use SRRemoveRestorePoint if (pRPInfo->dwEventType == END_SYSTEM_CHANGE || pRPInfo->dwEventType == END_NESTED_SYSTEM_CHANGE) { if (pRPInfo->dwRestorePtType == CANCELLED_OPERATION) { dwRc = SRRemoveRestorePointS((DWORD) pRPInfo->llSequenceNumber); goto done; } else { dwRc = ERROR_SUCCESS; goto done; } } // if this is safe mode, don't create restore point // // however, allow restore UI to be able to create a hidden restore point in safemode // if (g_pSRConfig->GetSafeMode() == TRUE) { if (pRPInfo->dwRestorePtType == CANCELLED_OPERATION) { // we need this rp only for undo in case of failure // so we don't need snapshot (snapshotting will fail in safemode) trace(0, "Restore rp - creating snapshot in safemode"); } else { trace(0, "Cannot create restore point in safemode"); dwRc = ERROR_BAD_ENVIRONMENT; goto done; } } // // if system drive is frozen, // then see if it can be thawed // if not, then cannot create rp // if (g_pDataStoreMgr->IsDriveFrozen(g_pSRConfig->GetSystemDrive())) { if (ERROR_SUCCESS != g_pDataStoreMgr->ThawDrives(TRUE)) { trace(0, "Cannot create rp when system drive is frozen"); dwRc = ERROR_DISK_FULL; goto done; } } if (hKey) RegCloseKey(hKey); // ask filter to create restore point // filter will return the restore point number - i for RPi - in dwRPNum dwRc = SrCreateRestorePoint( g_pSRConfig->GetFilter(), &dwRPNum ); if (ERROR_SUCCESS != dwRc) { trace(0, "! SrCreateRestorePoint : %ld", dwRc); goto done; } wsprintf( szRPDir, L"%s%ld", s_cszRPDir, dwRPNum ); // // update the current restore point object // write rp.log with cancelled restorepoint type // if (m_fNoRpOnSystem == FALSE) { rpLast.SetDir(m_CurRp.GetDir()); } m_CurRp.SetDir(szRPDir); dwSaveType = pRPInfo->dwRestorePtType; pRPInfo->dwRestorePtType = CANCELLED_OPERATION; m_CurRp.Load(pRPInfo); dwRc = m_CurRp.WriteLog(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! WriteLog : %ld", dwRc); goto done; } // create system snapshot // if there is no explicit regkey that disabled it if (fSnapshot) { WCHAR szFullPath[MAX_PATH]; CSnapshot Snapshot; if (m_hCOMDll == NULL) { m_hCOMDll = LoadLibrary(s_cszCOMDllName); if (NULL == m_hCOMDll) { dwRc = GetLastError(); trace(0, "LoadLibrary of %S failed ec=%d", s_cszCOMDllName, dwRc); goto done; } } // BUGBUG - this does not seem to make any difference // so remove it #if 0 if (FALSE == SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL)) { trace(0, "! SetThreadPriority first"); } #endif if (dwSaveType == RESTORE || dwSaveType == CANCELLED_OPERATION) { fSerialized = TRUE; trace(0, "Setting fSerialized to TRUE"); } else { fSerialized = FALSE; trace(0, "Setting fSerialized to FALSE"); } MakeRestorePath (szFullPath, g_pSRConfig->GetSystemDrive(), szRPDir); dwRc = Snapshot.CreateSnapshot(szFullPath, m_hCOMDll, m_fNoRpOnSystem ? NULL : rpLast.GetDir(), fSerialized); #if 0 if (FALSE == SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_NORMAL)) { trace(0, "! SetThreadPriority second"); } #endif dwSnapshotResult = dwRc; } // ask the datastoremgr to persist drivetable for old restore point // and reset per-rp flags for the new restore point dwRc = g_pDataStoreMgr->SwitchRestorePoint(m_fNoRpOnSystem ? NULL : &rpLast); if (dwRc != ERROR_SUCCESS) { trace(0, "! SwitchRestorePoint : %ld", dwRc); goto done; } m_fNoRpOnSystem = FALSE; // // restore point is fully created // write rp.log again // this time with the real restorepoint type // if (dwSnapshotResult == ERROR_SUCCESS) { pRPInfo->dwRestorePtType = dwSaveType; m_CurRp.Load(pRPInfo); dwRc = m_CurRp.WriteLog(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! WriteLog : %ld", dwRc); goto done; } trace(0, "****Created %S %S****", szRPDir, pRPInfo->szDescription); } else { trace(0, "****Cancelled %S - snapshot failed", szRPDir); } // if drives need to be thawed, then recreate blob // and deactivate thaw timer if ( TRUE == g_pDataStoreMgr->IsDriveFrozen(NULL) ) { if (ERROR_SUCCESS == g_pDataStoreMgr->ThawDrives(FALSE)) { m_ftFreeze.dwLowDateTime = 0; m_ftFreeze.dwHighDateTime = 0; fUpdateMonitoredList = TRUE; } else { dwRc = ERROR_DISK_FULL; goto done; } } // Also update the filter monitored list blob if this is an idle // time restore point or if this is the first run restore // point. We update the monitored list at first run since the // initial blob is created before the first user logs on to the // machine and before the first user's profile exists. So we want // to update rhe monitored list at first run since by now the // user's profile has been created. if (fUpdateMonitoredList || (pRPInfo->dwRestorePtType == CHECKPOINT) || (pRPInfo->dwRestorePtType == FIRSTRUN) ) { dwRc = SRUpdateMonitoredListS(NULL); } // // if rp creation succeeded, // and this is the outermost nested call // then bump refcount to 1 // if (dwRc == ERROR_SUCCESS && pRPInfo->dwEventType == BEGIN_NESTED_SYSTEM_CHANGE) { m_nNestedCallCount = 1; } // // send thaw complete test message // if (fUpdateMonitoredList) { if (g_pSRConfig->m_dwTestBroadcast) PostTestMessage(g_pSRConfig->m_uiTMThaw, NULL, NULL); } // if WMI is serialized, then check fifo conditions here // else this would happen in DoWMISnapshot if (fSerialized) { g_pDataStoreMgr->TriggerFreezeOrFifo(); } done: trace(0, "Nest level : %d", m_nNestedCallCount); if (dwSnapshotResult != ERROR_SUCCESS) dwRc = dwSnapshotResult; // populate return struct if (pSmgrStatus) { pSmgrStatus->nStatus = dwRc; pSmgrStatus->llSequenceNumber = (INT64) dwRPNum; } UNLOCK( fHaveLock ); tleave(); return ( dwRc == ERROR_SUCCESS ) ? TRUE : FALSE; } // this api is provided to remove a restore point // removing a restore point simply takes away the ability to restore // to this point - all the changes in this restore point are preserved DWORD CEventHandler::SRRemoveRestorePointS( DWORD dwRPNum) { tenter("CEventHandler::SRRemoveRestorePointS"); BOOL fHaveLock = FALSE; WCHAR szRPDir[MAX_PATH]; WCHAR szFullPath[MAX_PATH]; DWORD dwRc = ERROR_SUCCESS; CSnapshot Snapshot; CRestorePoint rp; CDataStore *pds = NULL; INT64 llOld, llNew; if (!CallerIsAdminOrSystemOrPowerUsers()) { dwRc = ERROR_ACCESS_DENIED; trace(0, "SRRemoveRestorePointS: Caller is not admin or system or power users -- Access denied"); goto done; } if (dwRPNum < 1) { dwRc = ERROR_INVALID_DATA; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pSRConfig); // if there is no rp, then no-op if (m_fNoRpOnSystem) { dwRc = ERROR_INVALID_DATA; goto done; } wsprintf(szRPDir, L"%s%ld", s_cszRPDir, dwRPNum); // read the restore point log rp.SetDir(szRPDir); dwRc = rp.ReadLog(); if (ERROR_SUCCESS != dwRc) { trace(0, "! rp.ReadLog : %ld", dwRc); dwRc = ERROR_INVALID_DATA; goto done; } // delete snapshot MakeRestorePath (szFullPath, g_pSRConfig->GetSystemDrive(), szRPDir); dwRc = Snapshot.DeleteSnapshot(szFullPath); if (dwRc != ERROR_SUCCESS) goto done; // cancel this restore point rp.Cancel(); // // adjust the restorepointsize file // and the in-memory counters in the service // pds = g_pDataStoreMgr->GetDriveTable()->FindSystemDrive(); if (! pds) { trace(0, "! FindSystemDrive"); goto done; } llOld = 0; dwRc = rp.ReadSize(g_pSRConfig->GetSystemDrive(), &llOld); if (dwRc != ERROR_SUCCESS) { trace(0, "! rp.ReadSize : %ld", dwRc); goto done; } llNew = 0; dwRc = pds->CalculateRpUsage(&rp, &llNew, TRUE, FALSE); if (dwRc != ERROR_SUCCESS) { trace(0, "! CalculateRpUsage : %ld", dwRc); goto done; } trace(0, "llOld = %I64d, llNew = %I64d", llOld, llNew); // // now update the correct variable in the correct object // pds->UpdateDataStoreUsage (llNew - llOld, rp.GetNum() == m_CurRp.GetNum()); done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::SRUpdateMonitoredListS( LPWSTR pszXMLFile) { tenter("CEventHandler::SRUpdateMonitoredListS"); DWORD dwRc = ERROR_INTERNAL_ERROR; BOOL fHaveLock = FALSE; if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr && g_pSRConfig); // convert xml to blob dwRc = XmlToBlob(pszXMLFile); if (ERROR_SUCCESS != dwRc) goto done; // reload to filter dwRc = SrReloadConfiguration(g_pSRConfig->GetFilter()); if (ERROR_SUCCESS != dwRc) { trace(0, "! SrReloadConfiguration : %ld", dwRc); goto done; } trace(0, "****Reloaded config file****"); done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::SRUpdateDSSizeS(LPWSTR pwszVolumeGuid, UINT64 ullSizeLimit) { tenter("CEventHandler::SRUpdateDSSizeS"); UINT64 ullTemp; DWORD dwRc = ERROR_SUCCESS; CDataStore *pds = NULL; BOOL fHaveLock = FALSE; BOOL fSystem; if (!CallerIsAdminOrSystem()) { dwRc = ERROR_ACCESS_DENIED; goto done; } LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr); pds = g_pDataStoreMgr->GetDriveTable()->FindDriveInTable(pwszVolumeGuid); if (! pds) { trace(0, "Volume not in drivetable : %S", pwszVolumeGuid); dwRc = ERROR_INVALID_DRIVE; goto done; } fSystem = pds->GetFlags() & SR_DRIVE_SYSTEM; if (ullSizeLimit < (g_pSRConfig ? g_pSRConfig->GetDSMin(fSystem) : (fSystem ? SR_DEFAULT_DSMIN:SR_DEFAULT_DSMIN_NONSYSTEM) * MEGABYTE)) { trace(0, "SRUpdateDSSizeS %I64d less than dwDSMin", ullSizeLimit); dwRc = ERROR_INVALID_PARAMETER; goto done; } ullTemp = pds->GetSizeLimit(); // save previous size pds->SetSizeLimit(0); // reset the datastore size pds->UpdateDiskFree (NULL); // calculate the default size if (ullSizeLimit > pds->GetSizeLimit()) { pds->SetSizeLimit (ullTemp); trace(0, "SRUpdateDSSizeS %I64d greater than limit", ullSizeLimit); dwRc = ERROR_INVALID_PARAMETER; goto done; } pds->SetSizeLimit(ullSizeLimit); g_pDataStoreMgr->GetDriveTable()->SaveDriveTable((CRestorePoint *) NULL); // // this might change fifo conditions // so check and trigger fifo if necessary // g_pDataStoreMgr->TriggerFreezeOrFifo(); done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::SRSwitchLogS() { tenter("CEventHandler::SRSwitchLogS"); DWORD dwRc = ERROR_SUCCESS; BOOL fHaveLock; LOCKORLEAVE(fHaveLock); ASSERT(g_pSRConfig); dwRc = SrSwitchAllLogs(g_pSRConfig->GetFilter()); if (ERROR_SUCCESS != dwRc) trace(0, "! SrSwitchLog : %ld", dwRc); done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::XmlToBlob(LPWSTR pszwXml) { tenter("CEventHandler::XmlToBlob"); DWORD dwRc = ERROR_INTERNAL_ERROR; WCHAR szwDat[MAX_PATH], szwXml[MAX_PATH]; CFLDatBuilder FLDatBuilder; ASSERT(g_pSRConfig); MakeRestorePath(szwDat, g_pSRConfig->GetSystemDrive(), s_cszFilelistDat); if (0 == ExpandEnvironmentStrings(s_cszWinRestDir, szwXml, sizeof(szwXml) / sizeof(WCHAR))) { dwRc = GetLastError(); trace(0, "! ExpandEnvironmentStrings"); goto done; } lstrcat(szwXml, s_cszFilelistXml); if ( ! pszwXml ) { pszwXml = szwXml; } if (FALSE == FLDatBuilder.BuildTree(pszwXml, szwDat)) { trace(0, "! FLDatBuilder.BuildTree"); goto done; } if (pszwXml && pszwXml != szwXml && 0 != lstrcmpi(pszwXml, szwXml)) { // copy the new filelist SetFileAttributes(szwXml, FILE_ATTRIBUTE_NORMAL); if (FALSE == CopyFile(pszwXml, szwXml, FALSE)) { dwRc = GetLastError(); trace(0, "! CopyFile : %ld", dwRc); goto done; } } // set filelist.xml to be S+H+R SetFileAttributes(szwXml, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY); dwRc = ERROR_SUCCESS; done: tleave(); return dwRc; } // SR ACTIONS DWORD CEventHandler::OnFirstRun() { tenter("CEventHandler::OnFirstRun"); DWORD dwRc = ERROR_SUCCESS; RESTOREPOINTINFO RPInfo; STATEMGRSTATUS SmgrStatus; LPSTR pszDat = NULL, pszXml = NULL; WCHAR szwDat[MAX_PATH], szwXml[MAX_PATH]; trace(0, "Firstrun detected"); dwRc = XmlToBlob(NULL); if (ERROR_SUCCESS != dwRc) goto done; // ask filter to start monitoring dwRc = SrStartMonitoring(g_pSRConfig->GetFilter()); if (ERROR_SUCCESS != dwRc) { trace(0, "! SrStartMonitoring : %ld", dwRc); goto done; } // change firstrun in the registry dwRc = g_pSRConfig->SetFirstRun(SR_FIRSTRUN_NO); if ( dwRc != ERROR_SUCCESS ) { trace(0, "! g_pSRConfig->SetFirstRun : %ld", dwRc); goto done; } // create firstrun restore point if (! g_pDataStoreMgr->IsDriveFrozen(g_pSRConfig->GetSystemDrive()) && g_pSRConfig->GetCreateFirstRunRp() != 0) { RPInfo.dwEventType = BEGIN_SYSTEM_CHANGE; RPInfo.dwRestorePtType = FIRSTRUN; if (ERROR_SUCCESS != SRLoadString(L"srrstr.dll", IDS_SYSTEM_CHECKPOINT_TEXT, RPInfo.szDescription, MAX_PATH)) { trace(0, "Using default hardcoded text"); lstrcpy(RPInfo.szDescription, s_cszSystemCheckpointName); } if ( FALSE == SRSetRestorePointS( &RPInfo, &SmgrStatus )) { // // even if this fails // keep the service running // trace(0, "Cannot create firstrun restore point : %ld", SmgrStatus.nStatus); } } // // in future re-enables, service should create firstrun rp // if (g_pSRConfig->m_dwCreateFirstRunRp == 0) g_pSRConfig->SetCreateFirstRunRp(TRUE); done: tleave(); return dwRc; } // stuff to do at boot // read in all the config values from registry // initialize communication with filter // call OnFirstRun if necessary // setup timer & idle detection // start RPC server DWORD CEventHandler::OnBoot() { BOOL fHaveLock = FALSE; DWORD dwRc = ERROR_INTERNAL_ERROR; BOOL fSendEnableMessage = FALSE; DWORD dwFlags; tenter("CEventHandler::OnBoot"); dwRc = m_DSLock.Init(); if (dwRc != ERROR_SUCCESS) { trace(0, "m_DSLock.Init() : %ld", dwRc); goto done; } LOCKORLEAVE(fHaveLock); // initialize the counter dwRc = m_Counter.Init(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! CCounter::Init : %ld", dwRc); goto done; } // read all values from registry // create global events g_pSRConfig = new CSRConfig; if ( ! g_pSRConfig ) { dwRc = ERROR_NOT_ENOUGH_MEMORY; trace(0, "Out of Memory"); goto done; } dwRc = g_pSRConfig->Initialize(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! g_pSRConfig->Initialize : %ld", dwRc); goto done; } trace(0, "SRBoottask: SRConfig initialized"); if ( g_pSRConfig->GetDisableFlag() == TRUE ) { // check if we're forced to enable if ( g_pSRConfig->GetDisableFlag_GroupPolicy() == FALSE ) { dwRc = EnableSRS(NULL); if (ERROR_SUCCESS != dwRc) { trace(0, "! EnableSRS : %ld", dwRc); goto done; } } else { // we are not forced to enable // so we don't need to check if group policy is not configured or is disabling us // since we are disabled anyway trace(0, "SR is disabled - stopping"); dwRc = ERROR_SERVICE_DISABLED; goto done; } } // open the filter handle // this will load the filter if not already loaded dwRc = g_pSRConfig->OpenFilter(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! g_pSRConfig->OpenFilter : %ld", dwRc); goto done; } trace(0, "SRBoottask: Filter handle opened"); // // we might do a firstrun if the datastore is corrupted // (_filelst.cfg missing) // in this case, the filter might be ON // turn off the filter // if ( g_pSRConfig->GetFirstRun() == SR_FIRSTRUN_YES ) { dwRc = SrStopMonitoring(g_pSRConfig->GetFilter()); trace(0, "SrStopMonitoring returned : %ld", dwRc); } // initialize the datastore g_pDataStoreMgr = new CDataStoreMgr; if ( ! g_pDataStoreMgr ) { trace(0, "Out of Memory"); dwRc = ERROR_NOT_ENOUGH_MEMORY; goto done; } dwRc = g_pDataStoreMgr->Initialize (g_pSRConfig->GetFirstRun() == SR_FIRSTRUN_YES); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! g_pDataStore.Initialize : %ld", dwRc); goto done; } trace(0, "SRBoottask: Datastore initialized"); // check if we are newly disabled from group policy if ( g_pSRConfig->GetDisableFlag_GroupPolicy() == TRUE && g_pSRConfig->GetDisableFlag() == FALSE ) { DisableSRS (NULL); dwRc = ERROR_SERVICE_DISABLED; goto done; } // check if this is first run if ( g_pSRConfig->GetFirstRun() == SR_FIRSTRUN_YES ) { fSendEnableMessage = TRUE; dwRc = OnFirstRun( ); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! OnFirstRun : %ld", dwRc); goto done; } trace(0, "SRBoottask: FirstRun completed"); } // remember the latest restore point RefreshCurrentRp(TRUE); if (ERROR_SUCCESS == g_pDataStoreMgr->GetFlags(g_pSRConfig->GetSystemDrive(), &dwFlags)) { if (dwFlags & SR_DRIVE_ERROR) { // a volume error happened in the last session // we should create a restore point at next idle time m_fCreateRpASAP = TRUE; trace(0, "Volume error occurred in last session - create rp at next idle"); } } else { trace(0, "! g_pDataStoreMgr->GetFlags()"); } // register filter ioctls if (! QueueUserWorkItem(PostFilterIo, (PVOID) MAX_IOCTLS, WT_EXECUTEDEFAULT)) { dwRc = GetLastError(); trace(0, "! QueueUserWorkItem : %ld", dwRc); goto done; } // start idle time detection // register idle callback if (FALSE == RegisterWaitForSingleObject(&m_hIdleRequestHandle, g_pSRConfig->m_hIdleRequestEvent, (WAITORTIMERCALLBACK) IdleRequestCallback, NULL, g_pSRConfig->m_dwIdleInterval*1000, WT_EXECUTEDEFAULT)) { dwRc = GetLastError(); trace(0, "! RegisterWaitForSingleObject : %ld", dwRc); goto done; } // now request for idle SetEvent(g_pSRConfig->m_hIdleRequestEvent); // // if there are no mounted drives // shell will give us all the notifications // so don't start timer thread // // BUGBUG - keep this? // don't start timer at all // if (FALSE == g_pDataStoreMgr->GetDriveTable()->AnyMountedDrives()) // { g_pSRConfig->m_dwTimerInterval = 0; // } // set up timer dwRc = InitTimer(); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! InitTimer : %ld", dwRc); goto done; } // start rpc server dwRc = RpcServerStart(); if (ERROR_SUCCESS != dwRc) { trace(0, "! RpcServerStart : %ld", dwRc); goto done; } // all initialization complete SetEvent( g_pSRConfig->m_hSRInitEvent ); if (fSendEnableMessage) { // write to event log HANDLE hEventSource = RegisterEventSource(NULL, s_cszServiceName); if (hEventSource != NULL) { SRLogEvent (hEventSource, EVENTLOG_INFORMATION_TYPE, EVMSG_SYSDRIVE_ENABLED, NULL, 0, NULL, NULL, NULL); DeregisterEventSource(hEventSource); } if (g_pSRConfig->m_dwTestBroadcast) PostTestMessage(g_pSRConfig->m_uiTMEnable, NULL, NULL); } done: UNLOCK(fHaveLock); tleave( ); return dwRc; } // method to shutdown the service gracefully void CEventHandler::OnStop() { DWORD dwRc; tenter("CEventHandler::OnStop"); if (g_pSRConfig == NULL) { trace(0, "g_pSRConfig = NULL"); goto Err; } // stop everything // BUGBUG - do we need to take the lock here? // since all the stops are blocking in themselves // and this has to preempt any running activity, // blocking here is not such a good idea // stop the rpc server RpcServerShutdown(); trace(0, "SRShutdowntask: RPC server shutdown"); // kill the timer and timer queue EndTimer(); trace(0, "SRShutdownTask: Timer stopped"); // // blocking calls to unregister idle event callbacks // if (m_hIdleRequestHandle != NULL) { if (FALSE == UnregisterWaitEx(m_hIdleRequestHandle, INVALID_HANDLE_VALUE)) { trace(0, "! UnregisterWaitEx : %ld", GetLastError()); } m_hIdleRequestHandle = NULL; } if (m_hIdleStartHandle != NULL) { if (FALSE == UnregisterWaitEx(m_hIdleStartHandle, INVALID_HANDLE_VALUE)) { trace(0, "! UnregisterWaitEx : %ld", GetLastError()); } m_hIdleStartHandle = NULL; } if (m_hIdleStopHandle != NULL) { if (FALSE == UnregisterWaitEx(m_hIdleStopHandle, INVALID_HANDLE_VALUE)) { trace(0, "! UnregisterWaitEx : %ld", GetLastError()); } m_hIdleStopHandle = NULL; } // we are done with the filter g_pSRConfig->CloseFilter(); trace(0, "Filter handle closed"); // wait for any queued user work items and pending IOCTLs to complete m_Counter.WaitForZero(); trace(0, "SRShutdownTask: Pending ioctls + work items completed"); // // free the COM+ db dll // if (NULL != m_hCOMDll) { _VERIFY(TRUE==FreeLibrary(m_hCOMDll)); m_hCOMDll = NULL; } // kill the datastoremgr if (g_pDataStoreMgr) { g_pDataStoreMgr->SignalStop(); delete g_pDataStoreMgr; g_pDataStoreMgr = NULL; } // kill SRConfig if (g_pSRConfig) { delete g_pSRConfig; g_pSRConfig = NULL; } Err: tleave(); return; } DWORD CEventHandler::OnFreeze( LPWSTR pszDrive ) { tenter("CEventHandler::OnFreeze"); DWORD dwRc = ERROR_INTERNAL_ERROR; BOOL fHaveLock; LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr); // // if drive is already frozen, no-op // if (g_pDataStoreMgr->IsDriveFrozen(pszDrive)) { dwRc = ERROR_SUCCESS; goto done; } dwRc = g_pDataStoreMgr->FreezeDrive( pszDrive ); if ( ERROR_SUCCESS != dwRc ) { trace(0, "! g_pDataStoreMgr->FreezeDrive : %ld", dwRc); } done: UNLOCK( fHaveLock ); tleave(); return dwRc; } DWORD CEventHandler::OnReset(LPWSTR pszDrive) { tenter("CEventHandler::OnReset"); BOOL fHaveLock; DWORD dwRc = ERROR_INTERNAL_ERROR; ASSERT(g_pSRConfig); LOCKORLEAVE(fHaveLock); g_pSRConfig->SetResetFlag(TRUE); dwRc = DisableSRS(pszDrive); if (ERROR_SUCCESS != dwRc) goto done; // if not system drive, enable this drive // else, the service will stop // and do a firstrun the next boot if (pszDrive && ! IsSystemDrive(pszDrive)) { dwRc = EnableSRS(pszDrive); } done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::OnFifo( LPWSTR pszDrive, DWORD dwTargetRp, int nTargetPercent, BOOL fIncludeCurrentRp, BOOL fFifoAtleastOneRp) { tenter("CEventHandler::OnFifo"); BOOL fHaveLock; DWORD dwRc = ERROR_INTERNAL_ERROR; LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr); dwRc = g_pDataStoreMgr->Fifo(pszDrive, dwTargetRp, nTargetPercent, fIncludeCurrentRp, fFifoAtleastOneRp); if (dwRc != ERROR_SUCCESS) { trace(0, "! g_pDataStoreMgr->Fifo : %ld", dwRc); } done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::OnCompress(LPWSTR pszDrive) { tenter("CEventHandler::OnCompress"); BOOL fHaveLock; DWORD dwRc = ERROR_INTERNAL_ERROR; LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr && g_pSRConfig); dwRc = g_pDataStoreMgr->Compress(pszDrive, g_pSRConfig->m_dwCompressionBurst); if (ERROR_SUCCESS != dwRc) { trace(0, "! g_pDataStoreMgr->Compress : %ld", dwRc); } done: UNLOCK(fHaveLock); tleave(); return dwRc; } DWORD CEventHandler::SRPrintStateS() { tenter("CEventHandler::SRPrintStateS"); BOOL fHaveLock; DWORD dwRc = ERROR_SUCCESS; HANDLE hFile = INVALID_HANDLE_VALUE; WCHAR wcsPath[MAX_PATH]; LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr); if (0 == ExpandEnvironmentStrings(L"%temp%\\sr.txt", wcsPath, MAX_PATH)) { dwRc = GetLastError(); trace(0, "! ExpandEnvironmentStrings : %ld", dwRc); goto done; } hFile = CreateFileW (wcsPath, // file name GENERIC_WRITE, // file access 0, // share mode NULL, // SD CREATE_ALWAYS, // how to create 0, // file attributes NULL); // handle to template file if (INVALID_HANDLE_VALUE == hFile) { dwRc = GetLastError(); trace(0, "! CreateFileW : %ld", dwRc); goto done; } trace(0, "**** SR State ****"); dwRc = g_pDataStoreMgr->GetDriveTable()->ForAllDrives(CDataStore::Print, (LONG_PTR) hFile); trace(0, "**** SR State ****"); done: if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); UNLOCK(fHaveLock); tleave(); return dwRc; } // timer // this needs to monitor datastore size and free disk space on all drives // and trigger fifo/freeze if needed DWORD CEventHandler::OnTimer( LPVOID lpParam, BOOL fTimeout) { DWORD dwRc = ERROR_SUCCESS; LPWSTR pszDrive = NULL; DWORD dwFlags; BOOL fHaveLock; SDriveTableEnumContext dtec = {NULL, 0}; tenter("CEventHandler::OnTimer"); // get the lock within 5 seconds // if we can't get the lock, then don't block // we shall come back 2 minutes later and try again // the wait times are such that idle callback has a somewhat // higher priority than timer to get the lock LOCKORLEAVE_EX(fHaveLock, 5000); // got the lock - no one else is doing anything ASSERT(g_pDataStoreMgr && g_pSRConfig); // trigger freeze or fifo on each drive // this will : // a. check free space and trigger freeze or fifo // b. check datastore usage percent and trigger fifo g_pDataStoreMgr->TriggerFreezeOrFifo(); done: UNLOCK(fHaveLock); tleave(); return dwRc; } // open filter handle and register ioctls DWORD WINAPI PostFilterIo(PVOID pNum) { tenter("CEventHandler::SendIOCTLs"); DWORD dwRc = ERROR_SUCCESS; INT index; ASSERT(g_pSRConfig && g_pEventHandler); // // if shutting down, don't bother to post // if (IsStopSignalled(g_pSRConfig->m_hSRStopEvent)) { trace(0, "Stop signalled - not posting io requests"); goto done; } // // bind the completion to a callback // if ( ! BindIoCompletionCallback(g_pSRConfig->GetFilter(), IoCompletionCallback, 0) ) { dwRc = GetLastError(); trace(0, "! BindIoCompletionCallback : %ld", dwRc); goto done; } // // post io completion requests // for (index = 0; index < (INT_PTR) pNum; index++) { CHAR pszEventName[MAX_PATH]; LPSR_OVERLAPPED pOverlap = NULL; DWORD nBytes =0 ; pOverlap = (LPSR_OVERLAPPED) SRMemAlloc( sizeof(SR_OVERLAPPED) ); if (! pOverlap) { trace(0, "! Out of memory"); dwRc = ERROR_NOT_ENOUGH_MEMORY; goto done; } // create an event, a handle, and put it in the completion port. memset( &pOverlap->m_overlapped, 0, sizeof(OVERLAPPED) ); pOverlap->m_dwRecordLength = sizeof(SR_NOTIFICATION_RECORD) + (SR_MAX_FILENAME_LENGTH*sizeof(WCHAR)); pOverlap->m_pRecord = (PSR_NOTIFICATION_RECORD) SRMemAlloc(pOverlap->m_dwRecordLength); ASSERT(g_pSRConfig); pOverlap->m_hDriver = g_pSRConfig->GetFilter(); // post ioctl - this should return ERROR_IO_PENDING dwRc = SrWaitForNotification( pOverlap->m_hDriver, pOverlap->m_pRecord , pOverlap->m_dwRecordLength, (LPOVERLAPPED) pOverlap ); if ( dwRc != 0 && dwRc != ERROR_IO_PENDING ) { trace(0, "! SrWaitForNotification : %ld", dwRc); goto done; } g_pEventHandler->GetCounter()->Up( ); // one more pending ioctl } trace(0, "Filter Io posted"); done: tleave(); return dwRc; } // FILTER NOTIFICATION HANDLERS // generic notification handler extern "C" void CALLBACK IoCompletionCallback( DWORD dwErrorCode, DWORD dwBytesTrns, LPOVERLAPPED pOverlapped ) { ULONG uError = 0; LPSR_OVERLAPPED pSROverlapped = (LPSR_OVERLAPPED) pOverlapped; BOOL fResubmit = FALSE; WCHAR szVolumeGuid[MAX_PATH], szTemp[MAX_PATH]; tenter("IoCompletionCallback"); if (! pSROverlapped || pSROverlapped->m_hDriver == INVALID_HANDLE_VALUE) { trace(0, "! Null overlapped or driver handle"); goto done; } trace(0, "Received filter notification : errorcode=%08x, type=%08x", dwErrorCode, pSROverlapped->m_pRecord->NotificationType); if ( dwErrorCode != 0 ) // we cancelled it { trace(0, "Cancelled operation"); goto done; } UnicodeStringToWchar(pSROverlapped->m_pRecord->VolumeName, szTemp); wsprintf(szVolumeGuid, L"\\\\?\\Volume%s\\", szTemp); // handle notification ASSERT(g_pEventHandler); ASSERT(g_pSRConfig); if (! g_pEventHandler || ! g_pSRConfig) { trace(0, "global is NULL"); goto done; } switch( pSROverlapped->m_pRecord->NotificationType ) { case SrNotificationVolumeFirstWrite: g_pEventHandler->OnFirstWrite_Notification(szVolumeGuid); break; case SrNotificationVolume25MbWritten: g_pEventHandler->OnSize_Notification(szVolumeGuid, pSROverlapped->m_pRecord->Context); break; case SrNotificationVolumeError: g_pEventHandler->OnVolumeError_Notification(szVolumeGuid, pSROverlapped->m_pRecord->Context); break; default: trace(0, "Unknown notification"); ASSERT(0); break; } // check for stop signal ASSERT(g_pSRConfig); if (IsStopSignalled(g_pSRConfig->m_hSRStopEvent)) goto done; // re-submit the ioctl to the driver memset( &pSROverlapped->m_overlapped, 0, sizeof(OVERLAPPED) ); pSROverlapped->m_dwRecordLength = sizeof(SR_NOTIFICATION_RECORD) + (SR_MAX_FILENAME_LENGTH*sizeof(WCHAR)); memset( pSROverlapped->m_pRecord, 0, pSROverlapped->m_dwRecordLength); pSROverlapped->m_hDriver = g_pSRConfig->GetFilter(); uError = SrWaitForNotification( pSROverlapped->m_hDriver, pSROverlapped->m_pRecord , pSROverlapped->m_dwRecordLength, (LPOVERLAPPED) pSROverlapped ); if ( uError != 0 && uError != ERROR_IO_PENDING ) { trace(0, "! SrWaitForNotification : %ld", uError); goto done; } fResubmit = TRUE; done: // if we didn't resubmit, there is one less io request pending if (FALSE == fResubmit && g_pEventHandler != NULL) g_pEventHandler->GetCounter()->Down(); tleave(); return; } // first write notification handler // this will be sent when the first monitored op happens on a new drive // or a newly created restore point // RESPONSE: update the drive table to indicate that this is a new drive // and/or that this drive is a participant in this restore point void CEventHandler::OnFirstWrite_Notification(LPWSTR pszGuid) { DWORD dwRc = ERROR_SUCCESS; WCHAR szMount[MAX_PATH]; BOOL fHaveLock; CDataStore *pdsNew = NULL, *pds=NULL; tenter("CEventHandler::OnFirstWrite_Notification"); trace(0, "First write on %S", pszGuid); LOCKORLEAVE(fHaveLock); ASSERT(g_pDataStoreMgr); ASSERT(g_pSRConfig); dwRc = g_pDataStoreMgr->GetDriveTable()->FindMountPoint(pszGuid, szMount); if (ERROR_BAD_PATHNAME == dwRc) { // the mountpoint path is too long for us to support // so disable the filter on this volume CDataStore ds(NULL); ds.LoadDataStore(NULL, pszGuid, NULL, 0, 0, 0); dwRc = SrDisableVolume(g_pSRConfig->GetFilter(), ds.GetNTName()); if (dwRc != ERROR_SUCCESS) { trace(0, "! SrDisableVolume : %ld", dwRc); } else { WCHAR wcsPath[MAX_PATH]; MakeRestorePath (wcsPath, pszGuid, L""); // delete the restore directory dwRc = Delnode_Recurse (wcsPath, TRUE, g_pDataStoreMgr->GetStopFlag()); if (dwRc != ERROR_SUCCESS) { trace(0, "! Delnode_Recurse : %ld", dwRc); } trace(0, "Mountpoint too long - disabled volume %S", pszGuid); } goto done; } if (ERROR_SUCCESS != dwRc) { trace(0, "! FindMountPoint on %S : %ld", pszGuid, dwRc); goto done; } pdsNew = g_pDataStoreMgr->GetDriveTable()->FindDriveInTable(pszGuid); dwRc = g_pDataStoreMgr->GetDriveTable()->AddDriveToTable(szMount, pszGuid); if (ERROR_SUCCESS != dwRc) { trace(0, "! AddDriveToTable on %S", pszGuid); goto done; } if (ERROR_SUCCESS != g_pDataStoreMgr->SetDriveParticipation (pszGuid, TRUE)) trace(0, "! SetDriveParticipation on %S", pszGuid); // // if less than 50mb free, or if SR is already frozen, then freeze // pds = g_pDataStoreMgr->GetDriveTable()->FindDriveInTable(pszGuid); if (pds) { // update the active bit too pds->SetActive(TRUE); // then check diskfree pds->UpdateDiskFree(NULL); if ( (pds->GetDiskFree() <= THRESHOLD_FREEZE_DISKSPACE * MEGABYTE) || (g_pDataStoreMgr->IsDriveFrozen(g_pSRConfig->GetSystemDrive())) ) { g_pDataStoreMgr->FreezeDrive(pszGuid); } } else { // // we just added the drive, so should never get here // ASSERT(0); } done: UNLOCK(fHaveLock); tleave(); return; } // 25MB notification handler // this will be sent when the filter has copied 25MB of data to the datastore // on some drive // RESPONSE: update the datastore size and check fifo conditions void CEventHandler::OnSize_Notification(LPWSTR pszGuid, ULONG ulRp) { tenter("CEventHandler::OnSize_Notification"); int nPercent = 0; BOOL fHaveLock; DWORD dwRc = ERROR_SUCCESS; LOCKORLEAVE(fHaveLock); trace(0, "25mb copied on drive %S", pszGuid); trace(0, "for RP%ld", ulRp); if ((DWORD) ulRp != m_CurRp.GetNum()) { trace(0, "This is an obsolete notification"); goto done; } ASSERT(g_pDataStoreMgr); g_pDataStoreMgr->UpdateDataStoreUsage(pszGuid, SR_NOTIFY_BYTE_COUNT); if ( ERROR_SUCCESS == g_pDataStoreMgr->GetUsagePercent(pszGuid, &nPercent) && nPercent >= THRESHOLD_FIFO_PERCENT ) { OnFifo(pszGuid, 0, // no target rp TARGET_FIFO_PERCENT, // target percent TRUE, // fifo current rp if necessary (freeze) FALSE); } done: UNLOCK(fHaveLock); tleave(); return; } // disk full notification handler // this will be sent when the filter encounters an error on a volume // ideally, this should never be sent // if diskfull, freeze SR on this drive // else disable SR on this drive void CEventHandler::OnVolumeError_Notification(LPWSTR pszGuid, ULONG ulError) { tenter("CEventHandler::OnVolumeError_Notification"); BOOL fHaveLock; DWORD dwRc = ERROR_SUCCESS; LOCKORLEAVE(fHaveLock); trace(0, "Volume Error on %S", pszGuid); trace(0, "Error : %ld", ulError); ASSERT(g_pDataStoreMgr); ASSERT(g_pSRConfig); if (ulError == ERROR_DISK_FULL) { // no more disk space - freeze // NOTE: we don't check to see if the drive is already // frozen here. If for some reason we are out of sync with // the driver, this will fix it g_pDataStoreMgr->FreezeDrive(pszGuid); } else { // fifo all restore points prior to the current one dwRc = g_pDataStoreMgr->Fifo(g_pSRConfig->GetSystemDrive(), 0, 0, FALSE, FALSE); if (dwRc != ERROR_SUCCESS) { trace(0, "! Fifo : %ld", dwRc); } // make the current rp a cancelled rp // so that UI will not display it if (! m_fNoRpOnSystem) { SRRemoveRestorePointS(m_CurRp.GetNum()); // m_CurRp.Cancel(); } // log the error in the drivetable dwRc = g_pDataStoreMgr->SetDriveError(pszGuid); if (dwRc != ERROR_SUCCESS) { trace(0, "! SetDriveError : %ld", dwRc); } } done: UNLOCK(fHaveLock); tleave(); return; } // disk space notifications sent by the shell DWORD WINAPI OnDiskFree_200(PVOID pszDrive) { // thaw ASSERT(g_pEventHandler); (g_pEventHandler->GetCounter())->Down(); return 0; } DWORD WINAPI OnDiskFree_80(PVOID pszDrive) { // fifo ASSERT(g_pEventHandler); g_pEventHandler->OnFifo((LPWSTR) pszDrive, 0, // no target rp TARGET_FIFO_PERCENT, // target percent TRUE, // fifo current rp if necessary (freeze) TRUE); // fifo atleast one restore point (g_pEventHandler->GetCounter())->Down(); return 0; } DWORD WINAPI OnDiskFree_50(PVOID pszDrive) { TENTER("OnDiskFree_50"); DWORD dwRc = ERROR_SUCCESS; // freeze ASSERT(g_pEventHandler); ASSERT(g_pDataStoreMgr); // // check if there is some rp directory // if none, then don't bother // CRestorePointEnum *prpe = new CRestorePointEnum((LPWSTR) pszDrive, FALSE, FALSE); // backward, include current CRestorePoint *prp = new CRestorePoint; if (!prpe || !prp) { trace(0, "Cannot allocate memory for restore point enum"); goto done; } dwRc = prpe->FindFirstRestorePoint(*prp); if (dwRc == ERROR_SUCCESS || dwRc == ERROR_FILE_NOT_FOUND) { g_pEventHandler->OnFreeze((LPWSTR) pszDrive); } else { trace(0, "Nothing in datastore -- so not freezing"); } if (prpe) delete prpe; if (prp) delete prp; (g_pEventHandler->GetCounter())->Down(); done: TLEAVE(); return 0; } // stop event management void CEventHandler::SignalStop() { if ( g_pSRConfig ) { SetEvent( g_pSRConfig->m_hSRStopEvent ); } } DWORD CEventHandler::WaitForStop() { if ( g_pSRConfig ) { WaitForSingleObject( g_pSRConfig->m_hSRStopEvent, INFINITE ); return g_pSRConfig->GetResetFlag() ? ERROR_NO_SHUTDOWN_IN_PROGRESS : ERROR_SHUTDOWN_IN_PROGRESS; } else return ERROR_INTERNAL_ERROR; } // // perform idle tasks // DWORD CEventHandler::OnIdle() { DWORD dwThawStatus = ERROR_NO_MORE_ITEMS; DWORD dwRc = ERROR_NO_MORE_ITEMS; BOOL fCreateAuto = FALSE; ULARGE_INTEGER *pulFreeze = NULL; tenter("CEventHandler::OnIdle"); trace(0, "Idleness detected"); ASSERT(g_pSRConfig); ASSERT(g_pDataStoreMgr); // // check thaw timer to see if // there are frozen drives // pulFreeze = (ULARGE_INTEGER *) &m_ftFreeze; if (pulFreeze->QuadPart != 0) { FILETIME ftNow; ULARGE_INTEGER *pulNow; GetSystemTimeAsFileTime(&ftNow); pulNow = (ULARGE_INTEGER *) &ftNow; // // if more than 15 minutes since freeze happened // try to thaw // if (pulNow->QuadPart - pulFreeze->QuadPart >= ((INT64) g_pSRConfig->m_dwThawInterval * 1000 * 1000 * 10)) { dwThawStatus = g_pDataStoreMgr->ThawDrives(TRUE); if (dwThawStatus != ERROR_SUCCESS) { trace(0, "Cannot thaw drives yet"); } } } else { fCreateAuto = IsTimeForAutoRp(); } // make periodic checkpoint if it is time to make an auto-rp or // time to thaw drives or // a volume error happened in the previous session if ( dwThawStatus == ERROR_SUCCESS || fCreateAuto == TRUE || m_fCreateRpASAP == TRUE ) { RESTOREPOINTINFO RPInfo; STATEMGRSTATUS SmgrStatus; RPInfo.dwEventType = BEGIN_SYSTEM_CHANGE; RPInfo.dwRestorePtType = m_fNoRpOnSystem ? FIRSTRUN : CHECKPOINT; if (ERROR_SUCCESS != SRLoadString(L"srrstr.dll", IDS_SYSTEM_CHECKPOINT_TEXT, RPInfo.szDescription, MAX_PATH)) { lstrcpy(RPInfo.szDescription, s_cszSystemCheckpointName); } SRSetRestorePointS(&RPInfo, &SmgrStatus); dwRc = SmgrStatus.nStatus; if (dwRc != ERROR_SUCCESS) goto done; m_fCreateRpASAP = FALSE; // we made a restore point and perhaps thawed some drives // let's not push it any further // compress on next idle opportunity } else { // if system is running on battery // skip these tasks if (g_pSRConfig->IsSystemOnBattery()) { trace(0, "System on battery -- skipping idle tasks"); goto done; } // fifo restore points older than a specified age // if the fifo age is set to 0, that means this feature // is turned off if (g_pSRConfig->m_dwRPLifeInterval > 0) { g_pDataStoreMgr->FifoOldRps(g_pSRConfig->m_dwRPLifeInterval); } // compress backed up files - pick any drive dwRc = OnCompress( NULL ); // // if we have more to compress, request idle again // if (dwRc == ERROR_OPERATION_ABORTED) { SetEvent(g_pSRConfig->m_hIdleRequestEvent); } } done: tleave(); return dwRc; } extern "C" void CALLBACK IdleRequestCallback(PVOID pContext, BOOLEAN fTimerFired) { BOOL fRegistered = FALSE; HANDLE *pWaitHandle = NULL; DWORD dwErr = ERROR_SUCCESS; BOOL fHaveLock = FALSE; tenter("CEventHandler::IdleRequestCallback"); ASSERT(g_pEventHandler); ASSERT(g_pSRConfig); if (g_pEventHandler == NULL || g_pSRConfig == NULL) { trace(0, "global is Null"); goto Err; } fHaveLock = g_pEventHandler->GetLock()->Lock(CLock::TIMEOUT); if (! fHaveLock) { trace(0, "Cannot get lock"); goto Err; } // // first off, if the stop event is triggered // and we are here for some reason, // bail blindly // if (IsStopSignalled(g_pSRConfig->m_hSRStopEvent)) { trace(0, "Stop event signalled - bailing out of idle"); goto Err; } // // idleness is requested or timer fired // re-register for idle again // if (fTimerFired) trace(0, "Timed out"); else trace(0, "Idle request event received"); // // if already registered for idle // then do nothing // if (g_pEventHandler->m_hIdleStartHandle != NULL) { trace(0, "Already registered for idle"); goto Err; } dwErr = RegisterIdleTask(ItSystemRestoreIdleTaskId, &(g_pSRConfig->m_hIdle), &(g_pSRConfig->m_hIdleStartEvent), &(g_pSRConfig->m_hIdleStopEvent)); if (dwErr != ERROR_SUCCESS) { trace(0, "! RegisterIdleTask : %ld", dwErr); } else { trace(0, "Registered for idle"); // // register idle callback // if (FALSE == RegisterWaitForSingleObject(&g_pEventHandler->m_hIdleStartHandle, g_pSRConfig->m_hIdleStartEvent, (WAITORTIMERCALLBACK) IdleStartCallback, NULL, INFINITE, WT_EXECUTEDEFAULT | WT_EXECUTEONLYONCE)) { dwErr = GetLastError(); trace(0, "! RegisterWaitForSingleObject for startidle: %ld", dwErr); goto Err; } if (FALSE == RegisterWaitForSingleObject(&g_pEventHandler->m_hIdleStopHandle, g_pSRConfig->m_hIdleStopEvent, (WAITORTIMERCALLBACK) IdleStopCallback, NULL, INFINITE, WT_EXECUTEDEFAULT | WT_EXECUTEONLYONCE)) { dwErr = GetLastError(); trace(0, "! RegisterWaitForSingleObject for stopidle: %ld", dwErr); goto Err; } } Err: if (g_pEventHandler) { if (fHaveLock) g_pEventHandler->GetLock()->Unlock(); } return; } extern "C" void CALLBACK IdleStartCallback(PVOID pContext, BOOLEAN fTimerFired) { DWORD dwErr = ERROR_SUCCESS; BOOL fHaveLock = FALSE; tenter("CEventHandler::IdleStartCallback"); ASSERT(g_pEventHandler); ASSERT(g_pSRConfig); if (g_pEventHandler == NULL || g_pSRConfig == NULL) { trace(0, "global is Null"); goto Err; } fHaveLock = g_pEventHandler->GetLock()->Lock(CLock::TIMEOUT); if (! fHaveLock) { trace(0, "Cannot get lock"); goto Err; } // // first off, if the stop event is triggered // and we are here for some reason, // bail blindly // if (IsStopSignalled(g_pSRConfig->m_hSRStopEvent)) { trace(0, "Stop event signalled - bailing out of idle"); goto Err; } // // idleness occurred // trace(0, "fTimerFired = %d", fTimerFired); g_pEventHandler->OnIdle(); dwErr = UnregisterIdleTask(g_pSRConfig->m_hIdle, g_pSRConfig->m_hIdleStartEvent, g_pSRConfig->m_hIdleStopEvent); if (dwErr != ERROR_SUCCESS) { trace(0, "! UnregisterIdleTask : %ld", dwErr); } else { trace(0, "Unregistered from idle"); } // // we are done - record this // since we registered for this callback only once, // we don't have to call UnregisterWait on this handle - // or so I hope // g_pEventHandler->m_hIdleStartHandle = NULL; Err: if (g_pEventHandler) { if (fHaveLock) g_pEventHandler->GetLock()->Unlock(); } return; } extern "C" void CALLBACK IdleStopCallback(PVOID pContext, BOOLEAN fTimerFired) { tenter("IdleStopCallback"); BOOL fHaveLock = FALSE; if (g_pEventHandler == NULL) { trace(0, "global is Null"); goto Err; } fHaveLock = g_pEventHandler->GetLock()->Lock(CLock::TIMEOUT); if (! fHaveLock) { trace(0, "Cannot get lock"); goto Err; } trace(0, "Idle Stop event signalled"); g_pEventHandler->m_hIdleStopHandle = NULL; Err: if (g_pEventHandler) { if (fHaveLock) g_pEventHandler->GetLock()->Unlock(); } tleave(); } // set up timer DWORD CEventHandler::InitTimer() { DWORD dwRc = ERROR_SUCCESS; tenter("CEventHandler::InitTimer"); ASSERT(g_pSRConfig); // // if the timer interval is specified as 0, // then don't create timer // if (g_pSRConfig->m_dwTimerInterval == 0) { trace(0, "Not starting timer"); goto done; } m_hTimerQueue = CreateTimerQueue(); if (! m_hTimerQueue) { dwRc = GetLastError(); trace(0, " ! CreateTimerQueue : %ld", dwRc); goto done; } if (FALSE == CreateTimerQueueTimer(&m_hTimer, m_hTimerQueue, TimerCallback, NULL, g_pSRConfig->m_dwTimerInterval * 1000, // milliseconds g_pSRConfig->m_dwTimerInterval * 1000, // periodic WT_EXECUTEINIOTHREAD)) { dwRc = GetLastError(); trace(0, "! CreateTimerQueueTimer : %ld", dwRc); goto done; } trace(0, "SRBoottask: Timer started"); done: tleave(); return dwRc; } // end timer BOOL CEventHandler::EndTimer() { DWORD dwRc; BOOL fRc = TRUE; tenter("CEventHandler::EndTimer"); if ( ! m_hTimerQueue ) { trace(0 , "! m_hTimerQueue = NULL"); goto done; } // delete timer queue should wait for current timer tasks to end if (FALSE == (fRc = DeleteTimerQueueEx( m_hTimerQueue, INVALID_HANDLE_VALUE ))) { trace(0, "! DeleteTimerQueueEx : %ld", GetLastError()); } m_hTimerQueue = NULL; m_hTimer = NULL; done: tleave( ); return fRc; } BOOL CEventHandler::IsTimeForAutoRp() { tenter("CEventHandler::IsTimeForAutoRp"); FILETIME *pftRp, ftNow; ULARGE_INTEGER *pulRp, *pulNow; BOOL fRc = FALSE; INT64 llInterval, llSession; ASSERT(g_pSRConfig && g_pDataStoreMgr); if (m_fNoRpOnSystem) { // if SR is frozen, we will create a restore point via the thaw codepath in OnIdle // we will get here ONLY if we get idle time before we have created the firstrun checkpoint - // we won't create an idle checkpoint before the firstrun checkpoint if we have a Run key waiting // to create one HKEY hKey; DWORD dwRet = RegOpenKey(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey); if (dwRet == ERROR_SUCCESS) { dwRet = RegQueryValueEx(hKey, L"SRFirstRun", NULL, NULL, NULL, NULL); RegCloseKey(hKey); } if (dwRet == ERROR_SUCCESS) { trace(0, "Run entry exists to create firstrun checkpoint - not creating idle checkpoint"); fRc = FALSE; goto done; } else { fRc = TRUE; goto done; } } // get the last restore point creation time and the current time pftRp = m_CurRp.GetTime(); GetSystemTimeAsFileTime(&ftNow); pulRp = (ULARGE_INTEGER *) pftRp; pulNow = (ULARGE_INTEGER *) &ftNow; // check the last restore point time with current time // if the difference is greater than GlobalInterval, it's time to make a new one // all comparisions in filetime units - i.e. 100's of nanoseconds // if GlobalInterval is 0, this is turned off llInterval = (INT64) g_pSRConfig->m_dwRPGlobalInterval * 10 * 1000 * 1000; if ( llInterval > 0 && pulNow->QuadPart - pulRp->QuadPart >= llInterval ) { trace(0, "24 hrs elapsed since last restore point"); fRc = TRUE; goto done; } // if the last restore point was more than 10hrs ago, // and the current session began more than 10hrs ago, // then we haven't made a restore point for the last 10hrs in the current session // again, it's time to make a new one // this will ensure that we keep making checkpoints every 10hrs of session time, // idleness permitting // if SessionInterval is 0, this is turned off // if system is on battery, skip creating session rp if (g_pSRConfig->IsSystemOnBattery()) { trace(0, "System on battery -- skipping session rp check"); goto done; } llSession = (INT64) GetTickCount() * 10 * 1000; llInterval = (INT64) g_pSRConfig->m_dwRPSessionInterval * 10 * 1000 * 1000; if ( llInterval > 0 && llSession >= llInterval && pulNow->QuadPart - pulRp->QuadPart >= llInterval ) { trace(0, "10 hrs elapsed in current session since last restore point"); fRc = TRUE; goto done; } // if we reach here, no restore point needs to be created now // fRc is already FALSE done: tleave(); return fRc; } void CEventHandler::RefreshCurrentRp(BOOL fScanAllDrives) { tenter("CEventHandler::RefreshCurrentRp"); DWORD dwErr; SDriveTableEnumContext dtec = {NULL, 0}; CDataStore *pds = NULL; ASSERT(g_pSRConfig && g_pDataStoreMgr); // // get the most recent valid restore point // cancelled restore points are considered valid as well // if rp.log is missing, we will enumerate back up to the point where it exists // and consider that the most recent restore point // CRestorePointEnum *prpe = new CRestorePointEnum(g_pSRConfig->GetSystemDrive(), FALSE, FALSE); if (!prpe) { trace(0, "Cannot allocate memory for restore point enum"); goto done; } dwErr = prpe->FindFirstRestorePoint(m_CurRp); while (dwErr == ERROR_FILE_NOT_FOUND) { fScanAllDrives = FALSE; dwErr = prpe->FindNextRestorePoint(m_CurRp); } if (dwErr == ERROR_SUCCESS) { trace(0, "Current Restore Point: %S", m_CurRp.GetDir()); m_fNoRpOnSystem = FALSE; // update the participate bits on each datastore - // we need to do this every time we come up // because we might have missed filter firstwrite // notifications if (fScanAllDrives) { dwErr = g_pDataStoreMgr->UpdateDriveParticipation(NULL, m_CurRp.GetDir()); if (dwErr != ERROR_SUCCESS) { trace(0, "UpdateDriveParticipation : %ld", dwErr); } } } else { trace(0, "No live restore points on system"); m_fNoRpOnSystem = TRUE; } // // if any drive is newly frozen, // record freeze time // if (m_ftFreeze.dwLowDateTime == 0 && m_ftFreeze.dwHighDateTime == 0 && g_pDataStoreMgr->IsDriveFrozen(NULL)) { GetSystemTimeAsFileTime(&m_ftFreeze); } else // not frozen { m_ftFreeze.dwLowDateTime = 0; m_ftFreeze.dwHighDateTime = 0; } prpe->FindClose (); delete prpe; done: tleave(); } // queue a work item to a thread from the thread pool // keep a count of all such queued items DWORD CEventHandler::QueueWorkItem(WORKITEMFUNC pFunc, PVOID pv) { m_Counter.Up(); if (! QueueUserWorkItem(pFunc, pv, WT_EXECUTELONGFUNCTION)) m_Counter.Down(); return GetLastError(); } // CALLBACK functions // calls through to eventhandler methods // timer extern "C" void CALLBACK TimerCallback( PVOID lpParam, BOOLEAN fTimeout) { if ( g_pEventHandler ) g_pEventHandler->OnTimer( lpParam, fTimeout ); }