archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/schannel/lsa/events.c

814 lines
19 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1999
  6. //
  7. // File: events.c
  8. //
  9. // Contents: Schannel event log functions.
  10. //
  11. // Functions: SchInitializeEvents
  12. // SchReportEvent
  13. // SchShutdownEvents
  14. //
  15. // History: 03-05-99 jbanes Created
  16. //
  17. //------------------------------------------------------------------------
  18. #include "sslp.h"
  19. #include <lsapmsgs.h>
  20. #include <netlib.h>
  22. HANDLE g_hEventLog = NULL;
  23. HANDLE g_hDiscardDupEventLog = NULL;
  25. WCHAR EventSourceName[] = TEXT("Schannel");
  27. #define MAX_EVENT_STRINGS 8
  29. #define SCH_MESSAGE_FILENAME TEXT("%SystemRoot%\\system32\\lsasrv.dll")
  31. LPWSTR pszClientString = NULL;
  32. LPWSTR pszServerString = NULL;
  34. NTSTATUS
  35. SchGetMessageString(
  36. LPVOID Resource,
  37. DWORD Index,
  38. LPWSTR * pRetString);
  41. //+---------------------------------------------------------------------------
  42. //
  43. // Function: SchInitializeEvents
  44. //
  45. // Synopsis: Connects to event log service.
  46. //
  47. // Arguments: (none)
  48. //
  49. // History: 03-05-99 jbanes Created
  50. //
  51. // Notes:
  52. //
  53. //----------------------------------------------------------------------------
  54. BOOL
  55. SchInitializeEvents(void)
  56. {
  57. HKEY hKey;
  58. int err;
  59. DWORD disp;
  60. HMODULE hResource;
  62. //
  63. // Create registry entries, whether event logging is currently
  64. // enabled or not.
  65. //
  67. err = RegCreateKeyEx( HKEY_LOCAL_MACHINE,
  68. TEXT("System\\CurrentControlSet\\Services\\EventLog\\System\\Schannel"),
  69. 0,
  70. TEXT(""),
  71. REG_OPTION_NON_VOLATILE,
  72. KEY_WRITE,
  73. NULL,
  74. &hKey,
  75. &disp);
  76. if(err)
  77. {
  78. return(FALSE);
  79. }
  81. if (disp == REG_CREATED_NEW_KEY)
  82. {
  83. RegSetValueEx( hKey,
  84. TEXT("EventMessageFile"),
  85. 0,
  86. REG_EXPAND_SZ,
  87. (PBYTE)SCH_MESSAGE_FILENAME,
  88. sizeof(SCH_MESSAGE_FILENAME) );
  90. // RegSetValueEx( hKey,
  91. // TEXT("CategoryMessageFile"),
  92. // 0,
  93. // REG_EXPAND_SZ,
  94. // (PBYTE)SCH_MESSAGE_FILENAME,
  95. // sizeof(SCH_MESSAGE_FILENAME) );
  97. disp = 7;
  98. RegSetValueEx( hKey,
  99. TEXT("TypesSupported"),
  100. 0,
  101. REG_DWORD,
  102. (PBYTE) &disp,
  103. sizeof(DWORD) );
  105. // disp = CATEGORY_MAX_CATEGORY - 1;
  106. // RegSetValueEx( hKey,
  107. // TEXT("CategoryCount"),
  108. // 0,
  109. // REG_DWORD,
  110. // (PBYTE) &disp,
  111. // sizeof(DWORD) );
  113. RegFlushKey(hKey);
  114. }
  116. RegCloseKey(hKey);
  119. //
  120. // Read the event text strings from the resource file.
  121. //
  123. hResource = (HMODULE)LoadLibrary(TEXT("lsasrv.dll"));
  124. if(hResource == NULL)
  125. {
  126. return(FALSE);
  127. }
  129. SchGetMessageString(hResource,
  130. SSLEVENTTEXT_CLIENT,
  131. &pszClientString);
  133. SchGetMessageString(hResource,
  134. SSLEVENTTEXT_SERVER,
  135. &pszServerString);
  137. FreeLibrary(hResource);
  139. return(TRUE);
  140. }
  143. //+---------------------------------------------------------------------------
  144. //
  145. // Function: SchReportEvent
  146. //
  147. // Synopsis: Reports an event to the event log
  148. //
  149. // Arguments: [EventType] -- EventType (ERROR, WARNING, etc.)
  150. // [EventId] -- Event ID
  151. // [SizeOfRawData] -- Size of raw data
  152. // [RawData] -- Raw data
  153. // [NumberOfStrings] -- number of strings
  154. // ... -- PWSTRs to string data
  155. //
  156. // History: 03-05-99 jbanes Created
  157. //
  158. // Notes:
  159. //
  160. //----------------------------------------------------------------------------
  161. DWORD
  162. SchReportEvent(
  163. IN DWORD LogLevel,
  164. IN DWORD EventType,
  165. IN DWORD EventId,
  166. IN DWORD Category,
  167. IN DWORD SizeOfRawData,
  168. IN PVOID RawData,
  169. IN DWORD NumberOfStrings,
  170. ...
  171. )
  172. {
  173. va_list arglist;
  174. ULONG i;
  175. PWSTR Strings[ MAX_EVENT_STRINGS ];
  176. PSTR StringsA[ MAX_EVENT_STRINGS ];
  177. DWORD Status;
  178. BOOL fDiscardDuplicates = TRUE;
  179. BOOL fSuccess;
  182. //
  183. // Is this event supposed to be logged?
  184. //
  186. if ((g_dwEventLogging & LogLevel) == 0)
  187. {
  188. return ERROR_SUCCESS;
  189. }
  192. //
  193. // Open the event log if necessary.
  194. //
  196. if(g_dwEventLogging == DEFAULT_EVENT_LOGGING_SETTING)
  197. {
  198. // Only log identical event once per hour.
  199. if(g_hDiscardDupEventLog == NULL)
  200. {
  201. g_hDiscardDupEventLog = NetpEventlogOpen(EventSourceName, 60000*60);
  202. if(g_hDiscardDupEventLog == NULL)
  203. {
  204. Status = GetLastError();
  205. DebugLog((DEB_ERROR, "Could not open duplicate discard event log, error %d\n", Status));
  206. return Status;
  207. }
  208. }
  209. }
  210. else
  211. {
  212. // Log all events.
  213. if(g_hEventLog == NULL)
  214. {
  215. g_hEventLog = RegisterEventSource(NULL, EventSourceName);
  216. if(g_hEventLog == NULL)
  217. {
  218. Status = GetLastError();
  219. DebugLog((DEB_ERROR, "Could not open duplicate discard event log, error %d\n", Status));
  220. return Status;
  221. }
  222. }
  224. fDiscardDuplicates = FALSE;
  225. }
  228. //
  229. // Look at the strings, if they were provided
  230. //
  231. va_start( arglist, NumberOfStrings );
  233. if (NumberOfStrings > MAX_EVENT_STRINGS) {
  234. NumberOfStrings = MAX_EVENT_STRINGS;
  235. }
  237. for (i=0; i<NumberOfStrings; i++)
  238. {
  239. Strings[ i ] = va_arg( arglist, PWSTR );
  240. }
  243. //
  244. // Report the event to the eventlog service
  245. //
  247. if(fDiscardDuplicates)
  248. {
  249. fSuccess = NetpEventlogWriteEx(
  250. g_hDiscardDupEventLog,
  251. (WORD) EventType,
  252. (WORD) Category,
  253. EventId,
  254. (WORD)NumberOfStrings,
  255. SizeOfRawData,
  256. Strings,
  257. RawData);
  258. }
  259. else
  260. {
  261. fSuccess = ReportEvent(
  262. g_hEventLog,
  263. (WORD) EventType,
  264. (WORD) Category,
  265. EventId,
  266. NULL,
  267. (WORD)NumberOfStrings,
  268. SizeOfRawData,
  269. Strings,
  270. RawData);
  271. }
  273. if(!fSuccess)
  274. {
  275. Status = GetLastError();
  276. DebugLog((DEB_ERROR, "ReportEvent( %u ) failed - %u\n", EventId, Status));
  277. }
  278. else
  279. {
  280. Status = ERROR_SUCCESS;
  281. }
  283. return Status;
  284. }
  286. void
  287. SchShutdownEvents(void)
  288. {
  289. if(g_hDiscardDupEventLog != NULL)
  290. {
  291. NetpEventlogClose(g_hDiscardDupEventLog);
  292. g_hDiscardDupEventLog = NULL;
  293. }
  294. if(g_hEventLog != NULL)
  295. {
  296. DeregisterEventSource(g_hEventLog);
  297. g_hEventLog = NULL;
  298. }
  300. if(pszClientString)
  301. {
  302. LocalFree(pszClientString);
  303. pszClientString = NULL;
  304. }
  305. if(pszServerString)
  306. {
  307. LocalFree(pszServerString);
  308. pszServerString = NULL;
  309. }
  310. }
  313. void
  314. LogSchannelStartedEvent(void)
  315. {
  316. SchReportEvent( DEB_TRACE,
  317. EVENTLOG_INFORMATION_TYPE,
  318. SSLEVENT_SCHANNEL_STARTED,
  319. 0,
  320. 0,
  321. NULL,
  322. 0,
  323. NULL );
  324. }
  326. void
  327. LogGlobalAcquireContextFailedEvent(
  328. LPWSTR pwszName,
  329. DWORD Status)
  330. {
  331. WCHAR wszStatus[20];
  333. _ltow(Status, wszStatus, 16);
  335. SchReportEvent( DEB_ERROR,
  336. EVENTLOG_ERROR_TYPE,
  337. SSLEVENT_GLOBAL_ACQUIRE_CONTEXT_FAILED,
  338. 0,
  339. 0,
  340. NULL,
  341. 2,
  342. pwszName,
  343. wszStatus);
  344. }
  346. void
  347. LogCreateCredEvent(
  348. DWORD dwProtocol,
  349. PLSA_SCHANNEL_CRED pSchannelCred)
  350. {
  351. SchReportEvent(DEB_TRACE,
  352. EVENTLOG_INFORMATION_TYPE,
  353. SSLEVENT_CREATE_CRED,
  354. 0,
  355. sizeof(SCHANNEL_CRED),
  356. pSchannelCred,
  357. 1,
  358. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString);
  359. }
  361. void
  362. LogCredPropertiesEvent(
  363. DWORD dwProtocol,
  364. PCRYPT_KEY_PROV_INFO pProvInfo,
  365. PCCERT_CONTEXT pCertContext)
  366. {
  367. WCHAR wszType[20];
  368. WCHAR wszFlags[20];
  369. LPWSTR pwszKeySpec;
  371. if(!(g_dwEventLogging & DEB_TRACE))
  372. {
  373. return;
  374. }
  376. _ltow(pProvInfo->dwProvType, wszType, 10);
  377. _ltow(pProvInfo->dwFlags, wszFlags, 16);
  379. switch(pProvInfo->dwKeySpec)
  380. {
  381. case AT_KEYEXCHANGE:
  382. pwszKeySpec = L"key exchange";
  383. break;
  384. case AT_SIGNATURE:
  385. pwszKeySpec = L"signature";
  386. break;
  387. default:
  388. pwszKeySpec = L"unknown";
  389. }
  391. SchReportEvent( DEB_TRACE,
  392. EVENTLOG_INFORMATION_TYPE,
  393. SSLEVENT_CRED_PROPERTIES,
  394. 0,
  395. pCertContext->cbCertEncoded,
  396. pCertContext->pbCertEncoded,
  397. 6,
  398. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString,
  399. pProvInfo->pwszProvName,
  400. wszType,
  401. pProvInfo->pwszContainerName,
  402. pwszKeySpec,
  403. wszFlags);
  404. }
  406. void
  407. LogNoPrivateKeyEvent(
  408. DWORD dwProtocol)
  409. {
  410. SchReportEvent( DEB_ERROR,
  411. EVENTLOG_ERROR_TYPE,
  412. SSLEVENT_NO_PRIVATE_KEY,
  413. 0,
  414. 0,
  415. NULL,
  416. 1,
  417. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString);
  418. }
  420. void
  421. LogCredAcquireContextFailedEvent(
  422. DWORD dwProtocol,
  423. DWORD Status)
  424. {
  425. WCHAR wszStatus[20];
  427. _ltow(Status, wszStatus, 16);
  429. SchReportEvent( DEB_ERROR,
  430. EVENTLOG_ERROR_TYPE,
  431. SSLEVENT_CRED_ACQUIRE_CONTEXT_FAILED,
  432. 0,
  433. 0,
  434. NULL,
  435. 2,
  436. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString,
  437. wszStatus);
  438. }
  440. void
  441. LogCreateCredFailedEvent(
  442. DWORD dwProtocol)
  443. {
  444. SchReportEvent(DEB_ERROR,
  445. EVENTLOG_ERROR_TYPE,
  446. SSLEVENT_CREATE_CRED_FAILED,
  447. 0,
  448. 0,
  449. NULL,
  450. 1,
  451. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString);
  452. }
  454. void
  455. LogNoDefaultServerCredEvent(void)
  456. {
  457. SchReportEvent(DEB_ERROR,
  458. EVENTLOG_WARNING_TYPE,
  459. SSLEVENT_NO_DEFAULT_SERVER_CRED,
  460. 0,
  461. 0,
  462. NULL,
  463. 0,
  464. NULL);
  465. }
  468. void
  469. LogNoCiphersSupportedEvent(void)
  470. {
  471. SchReportEvent(DEB_ERROR,
  472. EVENTLOG_ERROR_TYPE,
  473. SSLEVENT_NO_CIPHERS_SUPPORTED,
  474. 0,
  475. 0,
  476. NULL,
  477. 0,
  478. NULL);
  479. }
  481. void
  482. LogCipherMismatchEvent(void)
  483. {
  484. SchReportEvent(DEB_ERROR,
  485. EVENTLOG_ERROR_TYPE,
  486. SSLEVENT_CIPHER_MISMATCH,
  487. 0,
  488. 0,
  489. NULL,
  490. 0,
  491. NULL);
  492. }
  494. void
  495. LogNoClientCertFoundEvent(void)
  496. {
  497. SchReportEvent(DEB_WARN,
  498. EVENTLOG_WARNING_TYPE,
  499. SSLEVENT_NO_CLIENT_CERT_FOUND,
  500. 0,
  501. 0,
  502. NULL,
  503. 0,
  504. NULL);
  505. }
  507. void
  508. LogBogusServerCertEvent(
  509. PCCERT_CONTEXT pCertContext,
  510. LPWSTR pwszServerName,
  511. DWORD Status)
  512. {
  513. WCHAR wszStatus[20];
  515. if(!(g_dwEventLogging & DEB_ERROR))
  516. {
  517. return;
  518. }
  520. switch(Status)
  521. {
  522. case SEC_E_CERT_EXPIRED:
  523. SchReportEvent( DEB_ERROR,
  524. EVENTLOG_ERROR_TYPE,
  525. SSLEVENT_EXPIRED_SERVER_CERT,
  526. 0,
  527. pCertContext->cbCertEncoded,
  528. pCertContext->pbCertEncoded,
  529. 0,
  530. NULL);
  531. break;
  533. case SEC_E_UNTRUSTED_ROOT:
  534. SchReportEvent( DEB_ERROR,
  535. EVENTLOG_ERROR_TYPE,
  536. SSLEVENT_UNTRUSTED_SERVER_CERT,
  537. 0,
  538. pCertContext->cbCertEncoded,
  539. pCertContext->pbCertEncoded,
  540. 0,
  541. NULL);
  542. break;
  544. case CRYPT_E_REVOKED:
  545. SchReportEvent( DEB_ERROR,
  546. EVENTLOG_ERROR_TYPE,
  547. SSLEVENT_REVOKED_SERVER_CERT,
  548. 0,
  549. pCertContext->cbCertEncoded,
  550. pCertContext->pbCertEncoded,
  551. 0,
  552. NULL);
  553. break;
  555. case SEC_E_WRONG_PRINCIPAL:
  556. SchReportEvent( DEB_ERROR,
  557. EVENTLOG_ERROR_TYPE,
  558. SSLEVENT_NAME_MISMATCHED_SERVER_CERT,
  559. 0,
  560. pCertContext->cbCertEncoded,
  561. pCertContext->pbCertEncoded,
  562. 1,
  563. pwszServerName);
  564. break;
  566. default:
  567. _ltow(Status, wszStatus, 16);
  569. SchReportEvent( DEB_ERROR,
  570. EVENTLOG_ERROR_TYPE,
  571. SSLEVENT_BOGUS_SERVER_CERT,
  572. 0,
  573. pCertContext->cbCertEncoded,
  574. pCertContext->pbCertEncoded,
  575. 1,
  576. wszStatus);
  577. }
  578. }
  580. void
  581. LogBogusClientCertEvent(
  582. PCCERT_CONTEXT pCertContext,
  583. DWORD Status)
  584. {
  585. WCHAR wszStatus[20];
  587. if(!(g_dwEventLogging & DEB_WARN))
  588. {
  589. return;
  590. }
  592. _ltow(Status, wszStatus, 16);
  594. SchReportEvent( DEB_WARN,
  595. EVENTLOG_WARNING_TYPE,
  596. SSLEVENT_BOGUS_CLIENT_CERT,
  597. 0,
  598. pCertContext->cbCertEncoded,
  599. pCertContext->pbCertEncoded,
  600. 1,
  601. wszStatus);
  602. }
  604. void
  605. LogFastMappingFailureEvent(
  606. PCCERT_CONTEXT pCertContext,
  607. DWORD Status)
  608. {
  609. WCHAR wszStatus[20];
  611. if(!(g_dwEventLogging & DEB_WARN))
  612. {
  613. return;
  614. }
  616. _ltow(Status, wszStatus, 16);
  618. SchReportEvent( DEB_WARN,
  619. EVENTLOG_WARNING_TYPE,
  620. SSLEVENT_FAST_MAPPING_FAILURE,
  621. 0,
  622. pCertContext->cbCertEncoded,
  623. pCertContext->pbCertEncoded,
  624. 1,
  625. wszStatus);
  626. }
  628. void
  629. LogCertMappingFailureEvent(
  630. DWORD Status)
  631. {
  632. WCHAR wszStatus[20];
  634. if(!(g_dwEventLogging & DEB_WARN))
  635. {
  636. return;
  637. }
  639. _ltow(Status, wszStatus, 16);
  641. SchReportEvent( DEB_WARN,
  642. EVENTLOG_WARNING_TYPE,
  643. SSLEVENT_CERT_MAPPING_FAILURE,
  644. 0,
  645. 0,
  646. NULL,
  647. 1,
  648. wszStatus);
  649. }
  651. void
  652. LogHandshakeInfoEvent(
  653. DWORD dwProtocol,
  654. PCipherInfo pCipherInfo,
  655. PHashInfo pHashInfo,
  656. PKeyExchangeInfo pExchangeInfo,
  657. DWORD dwExchangeStrength)
  658. {
  659. WCHAR wszCipherStrength[20];
  660. WCHAR wszExchangeStrength[20];
  661. LPWSTR pwszProtocol;
  662. LPWSTR pwszCipher;
  663. LPWSTR pwszHash;
  664. LPWSTR pwszExchange;
  666. if(!(g_dwEventLogging & DEB_TRACE))
  667. {
  668. return;
  669. }
  671. switch(dwProtocol)
  672. {
  673. case SP_PROT_PCT1_SERVER:
  674. case SP_PROT_PCT1_CLIENT:
  675. pwszProtocol = L"PCT";
  676. break;
  677. case SP_PROT_SSL2_SERVER:
  678. case SP_PROT_SSL2_CLIENT:
  679. pwszProtocol = L"SSL 2.0";
  680. break;
  681. case SP_PROT_SSL3_SERVER:
  682. case SP_PROT_SSL3_CLIENT:
  683. pwszProtocol = L"SSL 3.0";
  684. break;
  685. case SP_PROT_TLS1_SERVER:
  686. case SP_PROT_TLS1_CLIENT:
  687. pwszProtocol = L"TLS (SSL 3.1)";
  688. break;
  689. default:
  690. pwszProtocol = L"unknown";
  691. }
  693. switch(pCipherInfo->aiCipher)
  694. {
  695. case CALG_RC4:
  696. pwszCipher = L"RC4";
  697. break;
  698. case CALG_3DES:
  699. pwszCipher = L"Triple-DES";
  700. break;
  701. case CALG_RC2:
  702. pwszCipher = L"RC2";
  703. break;
  704. case CALG_DES:
  705. pwszCipher = L"DES";
  706. break;
  707. case CALG_SKIPJACK:
  708. pwszCipher = L"Skipjack";
  709. break;
  710. default:
  711. pwszCipher = L"unknown";
  712. }
  714. _ltow(pCipherInfo->dwStrength, wszCipherStrength, 10);
  716. switch(pHashInfo->aiHash)
  717. {
  718. case CALG_MD5:
  719. pwszHash = L"MD5";
  720. break;
  721. case CALG_SHA:
  722. pwszHash = L"SHA";
  723. break;
  724. default:
  725. pwszHash = L"unknown";
  726. }
  728. switch(pExchangeInfo->aiExch)
  729. {
  730. case CALG_RSA_SIGN:
  731. case CALG_RSA_KEYX:
  732. pwszExchange = L"RSA";
  733. break;
  734. case CALG_KEA_KEYX:
  735. pwszExchange = L"KEA";
  736. break;
  737. case CALG_DH_EPHEM:
  738. pwszExchange = L"Ephemeral DH";
  739. break;
  740. default:
  741. pwszExchange = L"unknown";
  742. }
  744. _ltow(dwExchangeStrength, wszExchangeStrength, 10);
  746. SchReportEvent( DEB_TRACE,
  747. EVENTLOG_INFORMATION_TYPE,
  748. SSLEVENT_HANDSHAKE_INFO,
  749. 0,
  750. 0,
  751. NULL,
  752. 7,
  753. (dwProtocol & SP_PROT_SERVERS) ? pszServerString : pszClientString,
  754. pwszProtocol,
  755. pwszCipher,
  756. wszCipherStrength,
  757. pwszHash,
  758. pwszExchange,
  759. wszExchangeStrength);
  760. }
  762. NTSTATUS
  763. SchGetMessageString(
  764. LPVOID Resource,
  765. DWORD Index,
  766. LPWSTR * pRetString)
  767. {
  768. DWORD Length;
  770. *pRetString = NULL;
  772. Length = FormatMessage(FORMAT_MESSAGE_FROM_HMODULE |
  773. FORMAT_MESSAGE_ALLOCATE_BUFFER,
  774. Resource,
  775. Index,
  776. 0, // Use caller's language
  777. (LPWSTR)pRetString,
  778. 0,
  779. NULL);
  781. if(Length == 0 || *pRetString == NULL)
  782. {
  783. return(STATUS_RESOURCE_DATA_NOT_FOUND);
  784. }
  786. //
  787. // Note that we are retrieving a message from a message file.
  788. // This message will have a cr/lf tacked on the end of it
  789. // (0x0d 0x0a) that we don't want to be part of our returned
  790. // strings. However, we do need to null terminate our string
  791. // so we will convert the 0x0d into a null terminator.
  792. //
  793. // Also note that FormatMessage() returns a character count,
  794. // not a byte count. So, we have to do some adjusting to make
  795. // the string lengths correct.
  796. //
  798. ASSERT(Length >= 2); // We always expect cr/lf on our strings
  800. //
  801. // Adjust character count
  802. //
  804. Length -= 1; // For the lf - we'll convert the cr.
  806. //
  807. // Set null terminator
  808. //
  810. (*pRetString)[Length - 1] = 0;
  812. return(STATUS_SUCCESS);
  813. }