/*++ Copyright (c) 1990 Microsoft Corporation Module Name: DATA.C Abstract: This file contains all the global data elements of the eventlog service. Author: Rajen Shah (rajens) 10-Jul-1991 [Environment:] User Mode - Win32, except for NTSTATUS returned by some functions. Revision History: 10-Jul-1991 RajenS created --*/ // // INCLUDES // #include #include #if DBG // // Always write errors to the debugger on checked builds // DWORD ElfDebugLevel = DEBUG_ERROR; #endif // DBG // // Handles used for the LPC port. // HANDLE ElfConnectionPortHandle; HANDLE ElfCommunicationPortHandle; // The heads of various linked lists // LIST_ENTRY LogFilesHead; // Log files RTL_CRITICAL_SECTION LogFileCritSec; // Accessing log files LIST_ENTRY LogModuleHead; // Modules registered for logging RTL_CRITICAL_SECTION LogModuleCritSec; // Accessing log files LIST_ENTRY LogHandleListHead; // Context-handles for log handles RTL_CRITICAL_SECTION LogHandleCritSec; // Accessing log handles LIST_ENTRY QueuedEventListHead; // Deferred events to write RTL_CRITICAL_SECTION QueuedEventCritSec; // Accessing the deferred events LIST_ENTRY QueuedMessageListHead; // Deferred messagebox RTL_CRITICAL_SECTION QueuedMessageCritSec; // Accessing the deferred mb's // // Service-related global data // SERVICE_STATUS_HANDLE ElfServiceStatusHandle; // // The following resource is used to serialize access to the resources // of the Eventlog service at the highest level. It is used to make sure // that the threads that write/read/clear the log file(s) do not step over // the threads that monitor the registry and deal with service control // operations. // // The threads that operate on the log file(s) have Shared access to the // resource, since they are further serialized on the file that they are // working on. // // The threads that will modify the internal data structures, or the state // of the service, need Exclusive access to the resource so that we can // control access to the data structures and log files. // RTL_RESOURCE GlobalElfResource; // // This is used by the Backup API to signify which 4K block of the log it's // currently reading. This is used to prevent a writer from overwriting this // block while it is reading it. The event is used to let a writer block if // it was going to overwrite the current backup block, and get pulsed when // the backup thread moves to the next block. PVOID ElfBackupPointer; HANDLE ElfBackupEvent; // // Handle for the LPC thread // HANDLE LPCThreadHandle; // // Handle for the MessageBox thread // HANDLE MBThreadHandle; // // Handle and ID for the registry monitor thread // HANDLE RegistryThreadHandle; DWORD RegistryThreadId; // // Bitmask of things that have been allocated and/or started by the // service. When the service terminates, this is what needs to be // cleaned. // ULONG EventFlags; // Keep track of what is allocated // // Record used to indicate the end of the event records in the file. // ELF_EOF_RECORD EOFRecord = { ELFEOFRECORDSIZE, 0x11111111, 0x22222222, 0x33333333, 0x44444444, FILEHEADERBUFSIZE, FILEHEADERBUFSIZE, 1, 1, ELFEOFRECORDSIZE }; // // Default module to use if no match is found, APPLICATION // PLOGMODULE ElfDefaultLogModule; // // Module for the eventlog service itself // PLOGMODULE ElfModule; // // Module for security // PLOGMODULE ElfSecModule; // // Handle (key) to the event log node in the registry. // This is set up by the service main function. // HANDLE hEventLogNode; // // Handle (key) to the ComputerName node in the registry. // This is set up by the service main function. // HANDLE hComputerNameNode; // // Used to create a unigue module name for backup logs // DWORD BackupModuleNumber; // // NT well-known SIDs // PSVCS_GLOBAL_DATA ElfGlobalData; // // Shutdown Flag // BOOL EventlogShutdown; HANDLE ElfGlobalSvcRefHandle; // // This is the string used as the title of the log full message box. // GlobalMessageBoxTitle will either point to the default string or // to the string allocated in the format Message function. // LPWSTR GlobalMessageBoxTitle; BOOL bGlobalMessageBoxTitleNeedFree = FALSE; //SS:start of changes for clustering BOOL gbClustering=FALSE; //the cluster service has registered for replication of events RTL_CRITICAL_SECTION gClPropCritSec; // for using the global glClPackedEventInfo structure HMODULE ghClusDll=NULL; PROPAGATEEVENTSPROC gpfnPropagateEvents=NULL; BINDTOCLUSTERPROC gpfnBindToCluster=NULL; UNBINDFROMCLUSTERPROC gpfnUnbindFromCluster=NULL; HANDLE ghCluster=NULL; //SS: end of changes for clustering // changes to support various auditing dcrs int giWarningLevel = 0; // level at which the warning is to be given IELF_HANDLE gElfSecurityHandle = 0; // When reading through the registry during an update, it is possible that a key may // be only partially written due to a race condition. If an attempt to read fails, then // the read will be retried after a delay. This variable is intended to prevent multiple // delays DWORD g_dwLastDelayTickCount = 0;