Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

225 lines
5.8 KiB

/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
DATA.C
Abstract:
This file contains all the global data elements of the eventlog service.
Author:
Rajen Shah (rajens) 10-Jul-1991
[Environment:]
User Mode - Win32, except for NTSTATUS returned by some functions.
Revision History:
10-Jul-1991 RajenS
created
--*/
//
// INCLUDES
//
#include <eventp.h>
#include <elfcfg.h>
#if DBG
//
// Always write errors to the debugger on checked builds
//
DWORD ElfDebugLevel = DEBUG_ERROR;
#endif // DBG
//
// Handles used for the LPC port.
//
HANDLE ElfConnectionPortHandle;
HANDLE ElfCommunicationPortHandle;
// The heads of various linked lists
//
LIST_ENTRY LogFilesHead; // Log files
RTL_CRITICAL_SECTION LogFileCritSec; // Accessing log files
LIST_ENTRY LogModuleHead; // Modules registered for logging
RTL_CRITICAL_SECTION LogModuleCritSec; // Accessing log files
LIST_ENTRY LogHandleListHead; // Context-handles for log handles
RTL_CRITICAL_SECTION LogHandleCritSec; // Accessing log handles
LIST_ENTRY QueuedEventListHead; // Deferred events to write
RTL_CRITICAL_SECTION QueuedEventCritSec; // Accessing the deferred events
LIST_ENTRY QueuedMessageListHead; // Deferred messagebox
RTL_CRITICAL_SECTION QueuedMessageCritSec; // Accessing the deferred mb's
//
// Service-related global data
//
SERVICE_STATUS_HANDLE ElfServiceStatusHandle;
//
// The following resource is used to serialize access to the resources
// of the Eventlog service at the highest level. It is used to make sure
// that the threads that write/read/clear the log file(s) do not step over
// the threads that monitor the registry and deal with service control
// operations.
//
// The threads that operate on the log file(s) have Shared access to the
// resource, since they are further serialized on the file that they are
// working on.
//
// The threads that will modify the internal data structures, or the state
// of the service, need Exclusive access to the resource so that we can
// control access to the data structures and log files.
//
RTL_RESOURCE GlobalElfResource;
//
// This is used by the Backup API to signify which 4K block of the log it's
// currently reading. This is used to prevent a writer from overwriting this
// block while it is reading it. The event is used to let a writer block if
// it was going to overwrite the current backup block, and get pulsed when
// the backup thread moves to the next block.
PVOID ElfBackupPointer;
HANDLE ElfBackupEvent;
//
// Handle for the LPC thread
//
HANDLE LPCThreadHandle;
//
// Handle for the MessageBox thread
//
HANDLE MBThreadHandle;
//
// Handle and ID for the registry monitor thread
//
HANDLE RegistryThreadHandle;
DWORD RegistryThreadId;
//
// Bitmask of things that have been allocated and/or started by the
// service. When the service terminates, this is what needs to be
// cleaned.
//
ULONG EventFlags; // Keep track of what is allocated
//
// Record used to indicate the end of the event records in the file.
//
ELF_EOF_RECORD EOFRecord = { ELFEOFRECORDSIZE,
0x11111111,
0x22222222,
0x33333333,
0x44444444,
FILEHEADERBUFSIZE,
FILEHEADERBUFSIZE,
1,
1,
ELFEOFRECORDSIZE
};
//
// Default module to use if no match is found, APPLICATION
//
PLOGMODULE ElfDefaultLogModule;
//
// Module for the eventlog service itself
//
PLOGMODULE ElfModule;
//
// Module for security
//
PLOGMODULE ElfSecModule;
//
// Handle (key) to the event log node in the registry.
// This is set up by the service main function.
//
HANDLE hEventLogNode;
//
// Handle (key) to the ComputerName node in the registry.
// This is set up by the service main function.
//
HANDLE hComputerNameNode;
//
// Used to create a unigue module name for backup logs
//
DWORD BackupModuleNumber;
//
// NT well-known SIDs
//
PSVCS_GLOBAL_DATA ElfGlobalData;
//
// Shutdown Flag
//
BOOL EventlogShutdown;
HANDLE ElfGlobalSvcRefHandle;
//
// This is the string used as the title of the log full message box.
// GlobalMessageBoxTitle will either point to the default string or
// to the string allocated in the format Message function.
//
LPWSTR GlobalMessageBoxTitle;
BOOL bGlobalMessageBoxTitleNeedFree = FALSE;
//SS:start of changes for clustering
BOOL gbClustering=FALSE; //the cluster service has registered for replication of events
RTL_CRITICAL_SECTION gClPropCritSec; // for using the global glClPackedEventInfo structure
HMODULE ghClusDll=NULL;
PROPAGATEEVENTSPROC gpfnPropagateEvents=NULL;
BINDTOCLUSTERPROC gpfnBindToCluster=NULL;
UNBINDFROMCLUSTERPROC gpfnUnbindFromCluster=NULL;
HANDLE ghCluster=NULL;
//SS: end of changes for clustering
// changes to support various auditing dcrs
int giWarningLevel = 0; // level at which the warning is to be given
IELF_HANDLE gElfSecurityHandle = 0;
// When reading through the registry during an update, it is possible that a key may
// be only partially written due to a race condition. If an attempt to read fails, then
// the read will be retried after a delay. This variable is intended to prevent multiple
// delays
DWORD g_dwLastDelayTickCount = 0;