archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/lsa/server/lsawmi.c

518 lines
12 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. LSAWMI.C
  9. Abstract:
  11. Implement LSA Server event tracing by using WMI trace infrastructure.
  13. Author:
  15. 16-March-1999 kumarp
  17. Revision History:
  20. --*/
  22. #include <lsapch2.h>
  23. #include <wmistr.h>
  24. #define INITGUID
  25. #include <lsawmi.h>
  29. //
  30. // Globals
  31. //
  32. ULONG LsapEventTraceFlag = FALSE;
  33. TRACEHANDLE LsapTraceRegistrationHandle = (TRACEHANDLE) 0;
  34. TRACEHANDLE LsapTraceLoggerHandle = (TRACEHANDLE) 0;
  38. //
  39. // Forward declaration
  40. //
  42. ULONG
  43. LsapTraceControlCallBack(
  44. IN WMIDPREQUESTCODE RequestCode,
  45. IN PVOID RequestContext,
  46. IN OUT ULONG *InOutBufferSize,
  47. IN OUT PVOID Buffer
  48. );
  50. LPWSTR
  51. LsapMakeNullTerminatedString(
  52. IN PUNICODE_STRING u
  53. );
  55. //
  56. // before you change the elements of the following structure,
  57. // read notes in lsawmi.h file
  58. //
  59. TRACE_GUID_REGISTRATION LsapTraceGuids[] =
  60. {
  61. {&LsapTraceEventGuid_QuerySecret, NULL},
  62. {&LsaTraceEventGuid_Close, NULL},
  63. {&LsaTraceEventGuid_OpenPolicy, NULL},
  64. {&LsaTraceEventGuid_QueryInformationPolicy, NULL},
  65. {&LsaTraceEventGuid_SetInformationPolicy, NULL},
  66. {&LsaTraceEventGuid_EnumerateTrustedDomains, NULL},
  67. {&LsaTraceEventGuid_LookupNames, NULL},
  68. {&LsaTraceEventGuid_LookupSids, NULL},
  69. {&LsaTraceEventGuid_OpenTrustedDomain, NULL},
  70. {&LsaTraceEventGuid_QueryInfoTrustedDomain, NULL},
  71. {&LsaTraceEventGuid_SetInformationTrustedDomain, NULL},
  72. {&LsaTraceEventGuid_QueryTrustedDomainInfoByName, NULL},
  73. {&LsaTraceEventGuid_SetTrustedDomainInfoByName, NULL},
  74. {&LsaTraceEventGuid_EnumerateTrustedDomainsEx, NULL},
  75. {&LsaTraceEventGuid_CreateTrustedDomainEx, NULL},
  76. {&LsaTraceEventGuid_QueryDomainInformationPolicy, NULL},
  77. {&LsaTraceEventGuid_SetDomainInformationPolicy, NULL},
  78. {&LsaTraceEventGuid_OpenTrustedDomainByName, NULL},
  79. {&LsaTraceEventGuid_QueryForestTrustInformation, NULL},
  80. {&LsaTraceEventGuid_SetForestTrustInformation, NULL},
  81. {&LsaTraceEventGuid_LookupIsolatedNameInTrustedDomains, NULL},
  82. };
  85. #define LsapTraceGuidCount (sizeof(LsapTraceGuids) / sizeof(TRACE_GUID_REGISTRATION))
  89. ULONG
  90. _stdcall
  91. LsapInitializeWmiTrace( LPVOID ThreadParams )
  92. /*++
  93. Routine Description:
  95. Register WMI Trace Guids.
  96. This routine is called during LSA initialization. LSA gets initialized
  97. before WMI therefore we call this from a seaprate thread. This
  98. thread can then wait on WMI.
  100. Parameters:
  102. ThreadParams - Currently ignored.
  104. Reture Values:
  106. NTSTATUS - Standard Nt Result Code
  108. --*/
  109. {
  110. ULONG Status = ERROR_SUCCESS;
  111. HMODULE hModule;
  112. TCHAR FileName[MAX_PATH+1];
  113. DWORD nLen = 0;
  115. #define RESOURCE_NAME TEXT("LsaMofResource")
  116. #define IMAGE_PATH TEXT("lsass.exe")
  118. LsapEnterFunc("LsapInitializeWmiTrace");
  120. hModule = GetModuleHandle(IMAGE_PATH);
  121. if (hModule != NULL) {
  122. nLen = GetModuleFileName(hModule, FileName, MAX_PATH);
  123. }
  124. if (nLen == 0) {
  125. lstrcpy(FileName, IMAGE_PATH);
  126. }
  128. //
  129. // Register Trace GUIDs
  130. //
  131. Status = RegisterTraceGuids(
  132. LsapTraceControlCallBack,
  133. NULL,
  134. &LsapTraceControlGuid,
  135. LsapTraceGuidCount,
  136. LsapTraceGuids,
  137. FileName,
  138. RESOURCE_NAME,
  139. &LsapTraceRegistrationHandle);
  141. #if DBG
  142. if (Status != ERROR_SUCCESS)
  143. {
  144. DebugLog(( DEB_ERROR, "LsapInitializeWmiTrace failed: 0x%x\n", Status));
  145. }
  146. #endif // DBG
  148. return Status;
  149. }
  152. ULONG
  153. LsapTraceControlCallBack(
  154. IN WMIDPREQUESTCODE RequestCode,
  155. IN PVOID RequestContext,
  156. IN OUT ULONG *InOutBufferSize,
  157. IN OUT PVOID Buffer
  158. )
  159. /*++
  161. Routine Description:
  163. Call back function called by the WMI module to enable or
  164. disable LSA tracing.
  166. Arguments:
  168. RequestCode - WMI_ENABLE_EVENTS or WMI_DISABLE_EVENTS
  170. RequestContext - currently ignored
  172. InOutBufferSize - size of data returned by this call back.
  173. Currently always set to 0.
  175. Buffer - pointer to data received. In case of WMI_ENABLE_EVENTS,
  176. this is a pointer to the trace handle.
  178. Return Value:
  180. Win32 error code.
  182. Notes:
  184. --*/
  185. {
  186. ULONG Status = ERROR_SUCCESS;
  188. LsapEnterFunc("LsapTraceControlCallBack");
  190. switch (RequestCode)
  191. {
  192. case WMI_ENABLE_EVENTS:
  193. {
  194. LsapTraceLoggerHandle = GetTraceLoggerHandle(Buffer);
  195. LsapEventTraceFlag = TRUE; // enable flag
  196. break;
  197. }
  199. case WMI_DISABLE_EVENTS:
  200. {
  201. LsapTraceLoggerHandle = (TRACEHANDLE) 0;
  202. LsapEventTraceFlag = FALSE; // disable flag
  203. break;
  204. }
  205. default:
  206. {
  207. Status = ERROR_INVALID_PARAMETER;
  208. break;
  209. }
  210. }
  212. *InOutBufferSize = 0;
  214. return Status;
  215. }
  217. NTSTATUS
  218. LsapStartWmiTraceInitThread(void)
  219. /*++
  221. Routine Description:
  223. Start the thread that registers WMI trace guids.
  225. Parameters:
  227. None
  229. Return Values:
  231. NTSTATUS - Standard Nt Result Code
  233. --*/
  234. {
  235. NTSTATUS Status=STATUS_SUCCESS;
  236. HANDLE ThreadHandle;
  237. ULONG ThreadId = 0;
  238. ULONG WinError;
  240. ThreadHandle = CreateThread(NULL,
  241. 0,
  242. LsapInitializeWmiTrace,
  243. NULL,
  244. 0,
  245. &ThreadId);
  247. if (NULL == ThreadHandle)
  248. {
  249. Status = STATUS_UNSUCCESSFUL;
  250. WinError = GetLastError();
  251. DebugLog((DEB_ERROR, "Failed to create thread for LsapInitializeWmiTrace: 0x%x", WinError));
  252. }
  253. else
  254. {
  255. CloseHandle(ThreadHandle);
  256. }
  258. return Status;
  259. }
  262. VOID
  263. LsapTraceEvent(
  264. IN ULONG WmiEventType,
  265. IN LSA_TRACE_EVENT_TYPE LsaTraceEventType
  266. )
  268. /*++
  270. Routine Description:
  272. This routine will do a WMI event trace.
  274. Parameters:
  276. WmiEventType - Event Type, valid values are:
  277. EVENT_TRACE_TYPE_START
  278. EVENT_TRACE_TYPE_END
  280. TraceGuid - Index in LsapTraceGuids[]
  282. Return Values:
  284. None.
  286. --*/
  287. {
  288. LsapTraceEventWithData(WmiEventType,
  289. LsaTraceEventType,
  290. 0,
  291. NULL);
  293. }
  295. VOID
  296. LsapTraceEventWithData(
  297. IN ULONG WmiEventType,
  298. IN LSA_TRACE_EVENT_TYPE LsaTraceEventType,
  299. IN ULONG ItemCount,
  300. IN PUNICODE_STRING Items OPTIONAL
  301. )
  303. /*++
  305. Routine Description:
  307. This routine will do a WMI event trace.
  309. Parameters:
  311. WmiEventType - Event Type, valid values are:
  312. EVENT_TRACE_TYPE_START
  313. EVENT_TRACE_TYPE_END
  314. EVENT_TRACE_TYPE_INFO
  316. TraceGuid - Index in LsapTraceGuids[]
  318. ItemCount - the number of elements in Items
  320. Items - an array of information. The unicode strings don't have
  321. to represent strings -- can be binary data whose length
  322. is denoted by the Length field.
  324. Return Values:
  326. None.
  328. --*/
  330. {
  331. #if DBG
  332. ULONG WinError;
  333. #endif
  335. WCHAR NullChar = UNICODE_NULL;
  336. PVOID BuffersToFree[10];
  337. ULONG BuffersToFreeCount = 0;
  338. ULONG i;
  340. struct
  341. {
  342. EVENT_TRACE_HEADER EventTrace;
  343. MOF_FIELD EventInfo[2];
  344. } Event;
  346. //
  347. // Theoretically, only test LsapEventTraceFlag would be enough, since
  348. // LsapEventTraceFlag will remain FALSE in Registry Mode, because
  349. // LsapInitializeTrace() will never been called in Registry Mode.
  350. // Thus nobody will change the value of LsapEventTraceFlag
  351. //
  352. if (!LsapEventTraceFlag) {
  353. return;
  354. }
  356. //
  357. // Fill the event information.
  358. //
  359. ZeroMemory(&Event, sizeof(Event));
  360. Event.EventTrace.GuidPtr = (ULONGLONG) LsapTraceGuids[LsaTraceEventType].Guid;
  361. Event.EventTrace.Class.Type = (UCHAR) WmiEventType;
  362. Event.EventTrace.Flags |= (WNODE_FLAG_USE_GUID_PTR | // GUID is actually a pointer
  363. WNODE_FLAG_TRACED_GUID); // denotes a trace
  364. Event.EventTrace.Size = sizeof(Event.EventTrace); // no other parameters/information
  367. if ( (LsaTraceEventType == LsaTraceEvent_LookupIsolatedNameInTrustedDomains) ) {
  369. //
  370. // Add the flag that indicates that there is more data
  371. //
  372. Event.EventTrace.Flags |= WNODE_FLAG_USE_MOF_PTR;
  374. //
  375. // Make sure enough space has been allocated on the stack for us
  376. //
  377. ASSERT(sizeof(Event.EventInfo) >= (sizeof(MOF_FIELD) * 2));
  378. ASSERT( (ItemCount == 2) && (Items != NULL) );
  380. //
  381. // Fill in the data requested
  382. //
  383. for (i = 0; i < ItemCount; i++) {
  385. LPWSTR String = NULL;
  386. ULONG Length;
  388. //
  389. // Re'alloc to get a NULL terminated string
  390. //
  391. String = LsapMakeNullTerminatedString(&Items[i]);
  392. if (NULL == String) {
  393. String = &NullChar;
  394. Length = sizeof(NullChar);
  395. } else {
  396. Length = Items[i].Length + sizeof(WCHAR);
  397. }
  398. Event.EventInfo[i].Length = Length;
  399. Event.EventInfo[i].DataPtr = (ULONGLONG)String;
  400. Event.EventTrace.Size += sizeof(Event.EventInfo[i]);
  402. if (&NullChar != String) {
  403. ASSERT(BuffersToFreeCount < sizeof(BuffersToFree)/sizeof(BuffersToFree[0]));
  404. BuffersToFree[BuffersToFreeCount++] = String;
  405. }
  406. }
  407. }
  409. #if DBG
  410. WinError =
  411. #endif
  412. TraceEvent(LsapTraceLoggerHandle, (PEVENT_TRACE_HEADER) &Event);
  414. #if DBG
  415. if (WinError != ERROR_SUCCESS)
  416. {
  417. DebugLog(( DEB_ERROR, "WMI TraceEvent failed, status %x\n", WinError));
  418. }
  419. #endif
  421. for (i = 0; i < BuffersToFreeCount; i++) {
  422. LsapFreeLsaHeap(BuffersToFree[i]);
  423. }
  425. }
  427. LPWSTR
  428. LsapGetClientNetworkAddress(
  429. VOID
  430. )
  431. /*++
  433. Routine Description:
  435. This routine returns a NULL terminated string that represents the network
  436. address of the client. If the address cannot be obtained, NULL is returned.
  437. If the return value is non-NULL, the string must be freed with
  438. RpcStringFreeW.
  441. Parameters:
  443. None.
  445. Return Values:
  447. See description.
  449. --*/
  450. {
  451. ULONG RpcStatus;
  452. RPC_BINDING_HANDLE ServerBinding = NULL;
  453. PWSTR StringBinding = NULL;
  454. LPWSTR NetworkAddr = NULL;
  456. RpcStatus = RpcBindingServerFromClient(NULL, &ServerBinding);
  458. if (RPC_S_OK == RpcStatus) {
  460. RpcStatus = RpcBindingToStringBindingW(ServerBinding, &StringBinding);
  462. if (RPC_S_OK == RpcStatus) {
  464. RpcStatus = RpcStringBindingParseW(StringBinding,
  465. NULL,
  466. NULL,
  467. &NetworkAddr,
  468. NULL,
  469. NULL
  470. );
  472. RpcStringFreeW(&StringBinding);
  473. }
  475. RpcBindingFree(&ServerBinding);
  477. }
  479. return NetworkAddr;
  480. }
  483. LPWSTR
  484. LsapMakeNullTerminatedString(
  485. IN PUNICODE_STRING u
  486. )
  487. /*++
  489. Routine Description:
  491. This routine returns a NULL terminated string composed of the data in
  492. u. The string must be freed with LsapFreeLsaHeap().
  494. If u->Length is 0, a non-NULL string with the NULL character as the first
  495. character is returned.
  497. Parameters:
  499. u -- a unicode string
  501. Return Values:
  503. See description.
  505. --*/
  506. {
  507. LPWSTR String = NULL;
  508. ULONG Length;
  509. if (u) {
  510. Length = u->Length + sizeof(WCHAR);
  511. String = LsapAllocateLsaHeap(Length);
  512. if (String != NULL) {
  513. RtlCopyMemory(String, u->Buffer, u->Length);
  514. String[u->Length / sizeof(WCHAR)] = UNICODE_NULL;
  515. }
  516. }
  517. return String;
  518. }