archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/netapi/netlib/eventlog.c

777 lines
19 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. eventlog.c
  9. Abstract:
  11. This module provides support routines for eventlogging.
  13. Author:
  15. Madan Appiah (madana) 27-Jul-1992
  17. Environment:
  19. Contains NT specific code.
  21. Revision History:
  23. --*/
  25. #include <nt.h>
  26. #include <ntrtl.h>
  27. #include <nturtl.h>
  29. #include <windef.h> // DWORD.
  30. #include <winbase.h> // event log apis
  31. #include <winerror.h> // NO_ERROR
  32. #include <lmcons.h> // NET_API_STATUS.
  33. #include <lmalert.h> // Alert defines
  34. #include <netlib.h> // These routines
  35. #include <netlogon.h> // needed by logonp.h
  36. #include <logonp.h> // NetpLogon routines
  37. #include <tstr.h> // ultow()
  39. //
  40. // Structure describing the entire list of logged events.
  41. //
  43. typedef struct _NL_EVENT_LIST {
  44. CRITICAL_SECTION EventListCritSect;
  45. LIST_ENTRY EventList;
  47. // Number of milli-seconds to keep EventList entry for.
  48. ULONG DuplicateEventlogTimeout;
  50. // Event source
  51. LPWSTR Source;
  52. } NL_EVENT_LIST, *PNL_EVENT_LIST;
  54. //
  55. // Structure describing an event that has already been logged.
  56. //
  58. typedef struct _NL_EVENT_ENTRY {
  59. LIST_ENTRY Next;
  60. LARGE_INTEGER FirstLogTime;
  61. DWORD EventId;
  62. DWORD EventType;
  63. DWORD EventCategory;
  64. LPBYTE RawDataBuffer;
  65. DWORD RawDataSize;
  66. LPWSTR *StringArray;
  67. DWORD StringCount;
  68. DWORD EventsLogged; // total times event encountered.
  69. } NL_EVENT_ENTRY, *PNL_EVENT_ENTRY;
  73. DWORD
  74. NetpWriteEventlogEx(
  75. LPWSTR Source,
  76. DWORD EventID,
  77. DWORD EventType,
  78. DWORD EventCategory,
  79. DWORD NumStrings,
  80. LPWSTR *Strings,
  81. DWORD DataLength,
  82. LPVOID Data
  83. )
  84. /*++
  86. Routine Description:
  88. This function writes the specified (EventID) log at the end of the
  89. eventlog.
  91. Arguments:
  93. Source - Points to a null-terminated string that specifies the name
  94. of the module referenced. The node must exist in the
  95. registration database, and the module name has the
  96. following format:
  98. \EventLog\System\Lanmanworkstation
  100. EventID - The specific event identifier. This identifies the
  101. message that goes with this event.
  103. EventType - Specifies the type of event being logged. This
  104. parameter can have one of the following
  106. values:
  108. Value Meaning
  110. EVENTLOG_ERROR_TYPE Error event
  111. EVENTLOG_WARNING_TYPE Warning event
  112. EVENTLOG_INFORMATION_TYPE Information event
  114. NumStrings - Specifies the number of strings that are in the array
  115. at 'Strings'. A value of zero indicates no strings
  116. are present.
  118. Strings - Points to a buffer containing an array of null-terminated
  119. strings that are merged into the message before
  120. displaying to the user. This parameter must be a valid
  121. pointer (or NULL), even if cStrings is zero.
  123. DataLength - Specifies the number of bytes of event-specific raw
  124. (binary) data to write to the log. If cbData is
  125. zero, no event-specific data is present.
  127. Data - Buffer containing the raw data. This parameter must be a
  128. valid pointer (or NULL), even if cbData is zero.
  131. Return Value:
  133. Returns the WIN32 extended error obtained by GetLastError().
  135. NOTE : This function works slow since it calls the open and close
  136. eventlog source everytime.
  138. --*/
  139. {
  140. HANDLE EventlogHandle;
  141. DWORD ReturnCode;
  144. //
  145. // open eventlog section.
  146. //
  148. EventlogHandle = RegisterEventSourceW(
  149. NULL,
  150. Source
  151. );
  153. if (EventlogHandle == NULL) {
  155. ReturnCode = GetLastError();
  156. goto Cleanup;
  157. }
  160. //
  161. // Log the error code specified
  162. //
  164. if( !ReportEventW(
  165. EventlogHandle,
  166. (WORD)EventType,
  167. (WORD)EventCategory, // event category
  168. EventID,
  169. NULL,
  170. (WORD)NumStrings,
  171. DataLength,
  172. Strings,
  173. Data
  174. ) ) {
  176. ReturnCode = GetLastError();
  177. goto Cleanup;
  178. }
  180. ReturnCode = NO_ERROR;
  182. Cleanup:
  184. if( EventlogHandle != NULL ) {
  186. DeregisterEventSource(EventlogHandle);
  187. }
  189. return ReturnCode;
  190. }
  194. DWORD
  195. NetpWriteEventlog(
  196. LPWSTR Source,
  197. DWORD EventID,
  198. DWORD EventType,
  199. DWORD NumStrings,
  200. LPWSTR *Strings,
  201. DWORD DataLength,
  202. LPVOID Data
  203. )
  204. {
  205. return NetpWriteEventlogEx(
  206. Source,
  207. EventID,
  208. EventType,
  209. 0,
  210. NumStrings,
  211. Strings,
  212. DataLength,
  213. Data
  214. );
  215. }
  218. DWORD
  219. NetpRaiseAlert(
  220. IN LPWSTR ServiceName,
  221. IN DWORD alert_no,
  222. IN LPWSTR *string_array
  223. )
  224. /*++
  226. Routine Description:
  228. Raise NETLOGON specific Admin alerts.
  230. Arguments:
  232. alert_no - The alert to be raised, text in alertmsg.h
  234. string_array - array of strings terminated by NULL string.
  236. Return Value:
  238. None.
  240. --*/
  241. {
  242. NET_API_STATUS NetStatus;
  243. LPWSTR *SArray;
  244. PCHAR Next;
  245. PCHAR End;
  247. char message[ALERTSZ + sizeof(ADMIN_OTHER_INFO)];
  248. PADMIN_OTHER_INFO admin = (PADMIN_OTHER_INFO) message;
  250. //
  251. // Build the variable data
  252. //
  253. admin->alrtad_errcode = alert_no;
  254. admin->alrtad_numstrings = 0;
  256. Next = (PCHAR) ALERT_VAR_DATA(admin);
  257. End = Next + ALERTSZ;
  259. //
  260. // now take care of (optional) char strings
  261. //
  263. for( SArray = string_array; *SArray != NULL; SArray++ ) {
  264. DWORD StringLen;
  266. StringLen = (wcslen(*SArray) + 1) * sizeof(WCHAR);
  268. if( Next + StringLen < End ) {
  270. //
  271. // copy next string.
  272. //
  274. RtlCopyMemory(Next, *SArray, StringLen);
  275. Next += StringLen;
  276. admin->alrtad_numstrings++;
  277. } else {
  278. return ERROR_BUFFER_OVERFLOW;
  279. }
  280. }
  282. //
  283. // Call alerter.
  284. //
  286. NetStatus = NetAlertRaiseEx(
  287. ALERT_ADMIN_EVENT,
  288. message,
  289. (DWORD)((PCHAR)Next - (PCHAR)message),
  290. ServiceName );
  292. return NetStatus;
  293. }
  295. HANDLE
  296. NetpEventlogOpen (
  297. IN LPWSTR Source,
  298. IN ULONG DuplicateEventlogTimeout
  299. )
  300. /*++
  302. Routine Description:
  304. This routine open a context that keeps track of events that have been logged
  305. in the recent past.
  307. Arguments:
  309. Source - Name of the service opening the eventlog
  311. DuplicateEventlogTimeout - Number of milli-seconds to keep EventList entry for.
  313. Return Value:
  315. Handle to be passed to related routines.
  317. NULL: if memory could not be allocated.
  319. --*/
  320. {
  321. PNL_EVENT_LIST EventList;
  322. LPBYTE Where;
  324. //
  325. // Allocate a buffer to keep the context in.
  326. //
  328. EventList = LocalAlloc( 0,
  329. sizeof(NL_EVENT_LIST) +
  330. wcslen(Source) * sizeof(WCHAR) + sizeof(WCHAR) );
  332. if ( EventList == NULL ) {
  333. return NULL;
  334. }
  337. //
  338. // Initialize the critical section
  339. //
  341. try {
  342. InitializeCriticalSection( &EventList->EventListCritSect );
  343. } except( EXCEPTION_EXECUTE_HANDLER ) {
  344. LocalFree( EventList );
  345. return NULL;
  346. }
  348. //
  349. // Initialize the buffer
  350. //
  352. InitializeListHead( &EventList->EventList );
  353. EventList->DuplicateEventlogTimeout = DuplicateEventlogTimeout;
  355. //
  356. // Copy the service name into the buffer
  357. //
  358. Where = (LPBYTE)(EventList + 1);
  359. wcscpy( (LPWSTR)Where, Source );
  360. EventList->Source = (LPWSTR) Where;
  362. return EventList;
  363. }
  367. DWORD
  368. NetpEventlogWriteEx (
  369. IN HANDLE NetpEventHandle,
  370. IN DWORD EventType,
  371. IN DWORD EventCategory,
  372. IN DWORD EventId,
  373. IN DWORD StringCount,
  374. IN DWORD RawDataSize,
  375. IN LPWSTR *StringArray,
  376. IN LPVOID pvRawDataBuffer OPTIONAL
  377. )
  378. /*++
  380. Routine Description:
  382. Stub routine for calling writing Event Log and skipping duplicates
  384. Arguments:
  386. NetpEventHandle - Handle from NetpEventlogOpen
  388. EventId - event log ID.
  390. EventType - Type of event.
  392. RawDataBuffer - Data to be logged with the error.
  394. numbyte - Size in bytes of "RawDataBuffer"
  396. StringArray - array of null-terminated strings.
  398. StringCount - number of zero terminated strings in "StringArray". The following
  399. flags can be OR'd in to the count:
  401. NETP_LAST_MESSAGE_IS_NTSTATUS
  402. NETP_LAST_MESSAGE_IS_NETSTATUS
  403. NETP_ALLOW_DUPLICATE_EVENTS
  404. NETP_RAISE_ALERT_TOO
  406. Return Value:
  408. Win 32 status of the operation.
  410. ERROR_ALREAY_EXISTS: Success status indicating the message was already logged
  412. --*/
  413. {
  414. DWORD ErrorCode;
  415. DWORD AlertErrorCode = NO_ERROR;
  416. WCHAR ErrorNumberBuffer[25];
  417. PLIST_ENTRY ListEntry;
  418. ULONG StringIndex;
  419. BOOLEAN AllowDuplicateEvents;
  420. BOOLEAN RaiseAlertToo;
  421. PNL_EVENT_ENTRY EventEntry;
  422. PNL_EVENT_LIST EventList = (PNL_EVENT_LIST)NetpEventHandle;
  423. LPBYTE RawDataBuffer = (LPBYTE)pvRawDataBuffer;
  425. //
  426. // Remove sundry flags
  427. //
  429. EnterCriticalSection( &EventList->EventListCritSect );
  430. AllowDuplicateEvents = (StringCount & NETP_ALLOW_DUPLICATE_EVENTS) != 0;
  431. StringCount &= ~NETP_ALLOW_DUPLICATE_EVENTS;
  432. RaiseAlertToo = (StringCount & NETP_RAISE_ALERT_TOO) != 0;
  433. StringCount &= ~NETP_RAISE_ALERT_TOO;
  435. //
  436. // If an NT status code was passed in,
  437. // convert it to a net status code.
  438. //
  440. if ( StringCount & NETP_LAST_MESSAGE_IS_NTSTATUS ) {
  441. StringCount &= ~NETP_LAST_MESSAGE_IS_NTSTATUS;
  443. //
  444. // Do the "better" error mapping when eventviewer ParameterMessageFile
  445. // can be a list of files. Then, add netmsg.dll to the list.
  446. //
  447. // StringArray[((StringCount&NETP_STRING_COUNT_MASK)-1] = (LPWSTR) NetpNtStatusToApiStatus( (NTSTATUS) StringArray[(StringCount&NETP_STRING_COUNT_MASK)-1] );
  448. StringArray[(StringCount&NETP_STRING_COUNT_MASK)-1] = (LPWSTR) (ULONG_PTR) RtlNtStatusToDosError( (NTSTATUS) ((ULONG_PTR)StringArray[(StringCount&NETP_STRING_COUNT_MASK)-1]) );
  450. StringCount |= NETP_LAST_MESSAGE_IS_NETSTATUS;
  451. }
  453. //
  454. // If a net/windows status code was passed in,
  455. // convert to the the %%N format the eventviewer knows.
  456. //
  458. if ( StringCount & NETP_LAST_MESSAGE_IS_NETSTATUS ) {
  459. StringCount &= ~NETP_LAST_MESSAGE_IS_NETSTATUS;
  461. wcscpy( ErrorNumberBuffer, L"%%" );
  462. ultow( (ULONG) ((ULONG_PTR)StringArray[(StringCount&NETP_STRING_COUNT_MASK)-1]), ErrorNumberBuffer+2, 10 );
  463. StringArray[(StringCount&NETP_STRING_COUNT_MASK)-1] = ErrorNumberBuffer;
  465. }
  467. //
  468. // Check to see if this problem has already been reported.
  469. //
  471. if ( !AllowDuplicateEvents ) {
  472. for ( ListEntry = EventList->EventList.Flink ;
  473. ListEntry != &EventList->EventList ;
  474. ) {
  476. EventEntry =
  477. CONTAINING_RECORD( ListEntry, NL_EVENT_ENTRY, Next );
  478. // Entry might be freed (or moved) below
  479. ListEntry = ListEntry->Flink;
  481. //
  482. // If the entry is too old,
  483. // ditch it.
  484. //
  486. if ( NetpLogonTimeHasElapsed( EventEntry->FirstLogTime,
  487. EventList->DuplicateEventlogTimeout ) ) {
  488. // NlPrint((NL_MISC, "Ditched a duplicate event. %ld\n", EventEntry->EventId ));
  489. RemoveEntryList( &EventEntry->Next );
  490. LocalFree( EventEntry );
  491. continue;
  492. }
  494. //
  495. // Compare this event to the one being logged.
  496. //
  498. if ( EventEntry->EventId == EventId &&
  499. EventEntry->EventType == EventType &&
  500. EventEntry->EventCategory == EventCategory &&
  501. EventEntry->RawDataSize == RawDataSize &&
  502. EventEntry->StringCount == StringCount ) {
  504. if ( RawDataSize != 0 &&
  505. !RtlEqualMemory( EventEntry->RawDataBuffer, RawDataBuffer, RawDataSize ) ) {
  506. continue;
  507. }
  509. for ( StringIndex=0; StringIndex < StringCount; StringIndex ++ ) {
  510. if ( EventEntry->StringArray[StringIndex] == NULL) {
  511. if ( StringArray[StringIndex] != NULL ) {
  512. break;
  513. }
  514. } else {
  515. if ( StringArray[StringIndex] == NULL ) {
  516. break;
  517. }
  518. if ( wcscmp( EventEntry->StringArray[StringIndex],
  519. StringArray[StringIndex] ) != 0 ) {
  520. break;
  521. }
  522. }
  523. }
  525. //
  526. // If the event has already been logged,
  527. // skip this one.
  528. //
  530. if ( StringIndex == StringCount ) {
  531. RemoveEntryList( &EventEntry->Next );
  532. InsertHeadList( &EventList->EventList, &EventEntry->Next );
  534. ErrorCode = ERROR_ALREADY_EXISTS;
  536. //
  537. // update count of events logged.
  538. //
  540. EventEntry->EventsLogged ++;
  541. goto Cleanup;
  542. }
  544. }
  546. }
  547. }
  549. //
  550. // Raise an alert if one is needed.
  551. //
  553. if ( RaiseAlertToo ) {
  554. ASSERT( StringArray[StringCount] == NULL );
  555. if ( StringArray[StringCount] == NULL ) {
  556. AlertErrorCode = NetpRaiseAlert( EventList->Source, EventId, StringArray );
  557. }
  558. }
  560. //
  561. // write event
  562. //
  564. ErrorCode = NetpWriteEventlogEx(
  565. EventList->Source,
  566. EventId,
  567. EventType,
  568. EventCategory,
  569. StringCount,
  570. StringArray,
  571. RawDataSize,
  572. RawDataBuffer);
  575. if( ErrorCode != NO_ERROR ) {
  576. goto Cleanup;
  577. }
  579. //
  580. // Save the event for later
  581. // (Only cache events while the service is starting or running.)
  582. //
  584. if ( !AllowDuplicateEvents ) {
  585. ULONG EventEntrySize;
  587. //
  588. // Compute the size of the allocated block.
  589. //
  590. EventEntrySize = sizeof(NL_EVENT_ENTRY) + RawDataSize;
  592. for ( StringIndex=0; StringIndex < StringCount; StringIndex ++ ) {
  593. EventEntrySize += sizeof(LPWSTR);
  594. if ( StringArray[StringIndex] != NULL ) {
  595. EventEntrySize += wcslen(StringArray[StringIndex]) * sizeof(WCHAR) + sizeof(WCHAR);
  596. }
  597. }
  599. //
  600. // Allocate a block for the entry
  601. //
  603. EventEntry = LocalAlloc( 0, EventEntrySize );
  605. //
  606. // Copy the description of this event into the allocated block.
  607. //
  609. if ( EventEntry != NULL ) {
  610. LPBYTE Where;
  612. EventEntry->EventId = EventId;
  613. EventEntry->EventType = EventType;
  614. EventEntry->EventCategory = EventCategory;
  615. EventEntry->RawDataSize = RawDataSize;
  616. EventEntry->StringCount = StringCount;
  617. EventEntry->EventsLogged = 1;
  618. GetSystemTimeAsFileTime( (PFILETIME)&EventEntry->FirstLogTime );
  620. Where = (LPBYTE)(EventEntry+1);
  622. EventEntry->StringArray = (LPWSTR *)Where;
  623. Where += StringCount * sizeof(LPWSTR);
  625. for ( StringIndex=0; StringIndex < StringCount; StringIndex ++ ) {
  626. if ( StringArray[StringIndex] == NULL ) {
  627. EventEntry->StringArray[StringIndex] = NULL;
  628. } else {
  629. EventEntry->StringArray[StringIndex] = (LPWSTR) Where;
  630. wcscpy( (LPWSTR)Where, StringArray[StringIndex] );
  631. Where += wcslen( StringArray[StringIndex] ) * sizeof(WCHAR) + sizeof(WCHAR);
  632. }
  633. }
  635. if ( RawDataSize != 0 ) {
  636. EventEntry->RawDataBuffer = Where;
  637. RtlCopyMemory( Where, RawDataBuffer, RawDataSize );
  638. }
  640. InsertHeadList( &EventList->EventList, &EventEntry->Next );
  642. }
  645. }
  647. Cleanup:
  648. LeaveCriticalSection( &EventList->EventListCritSect );
  649. return (ErrorCode == NO_ERROR) ? AlertErrorCode : ErrorCode;
  650. }
  653. DWORD
  654. NetpEventlogWrite (
  655. IN HANDLE NetpEventHandle,
  656. IN DWORD EventId,
  657. IN DWORD EventType,
  658. IN LPBYTE RawDataBuffer OPTIONAL,
  659. IN DWORD RawDataSize,
  660. IN LPWSTR *StringArray,
  661. IN DWORD StringCount
  662. )
  663. {
  665. return NetpEventlogWriteEx (
  666. NetpEventHandle,
  667. EventType, // wType
  668. 0, // wCategory
  669. EventId, // dwEventID
  670. StringCount,
  671. RawDataSize,
  672. StringArray,
  673. RawDataBuffer
  674. );
  676. }
  678. VOID
  679. NetpEventlogClearList (
  680. IN HANDLE NetpEventHandle
  681. )
  682. /*++
  684. Routine Description:
  686. This routine clears the list of events that have already been logged.
  688. Arguments:
  690. NetpEventHandle - Handle from NetpEventlogOpen
  692. Return Value:
  694. None.
  696. --*/
  697. {
  698. PNL_EVENT_LIST EventList = (PNL_EVENT_LIST)NetpEventHandle;
  700. EnterCriticalSection(&EventList->EventListCritSect);
  701. while (!IsListEmpty(&EventList->EventList)) {
  703. PNL_EVENT_ENTRY EventEntry = CONTAINING_RECORD(EventList->EventList.Flink, NL_EVENT_ENTRY, Next);
  704. RemoveEntryList( &EventEntry->Next );
  705. LocalFree( EventEntry );
  706. }
  707. LeaveCriticalSection(&EventList->EventListCritSect);
  708. }
  710. VOID
  711. NetpEventlogSetTimeout (
  712. IN HANDLE NetpEventHandle,
  713. IN ULONG DuplicateEventlogTimeout
  714. )
  715. /*++
  717. Routine Description:
  719. This routine sets a new timeout for logged events
  721. Arguments:
  723. NetpEventHandle - Handle from NetpEventlogOpen
  725. DuplicateEventlogTimeout - Number of milli-seconds to keep EventList entry for.
  727. Return Value:
  729. None.
  731. --*/
  732. {
  733. PNL_EVENT_LIST EventList = (PNL_EVENT_LIST)NetpEventHandle;
  735. EventList->DuplicateEventlogTimeout = DuplicateEventlogTimeout;
  736. }
  738. VOID
  739. NetpEventlogClose (
  740. IN HANDLE NetpEventHandle
  741. )
  742. /*++
  744. Routine Description:
  746. This routine closes the handle returned from NetpEventlogOpen
  748. Arguments:
  750. NetpEventHandle - Handle from NetpEventlogOpen
  752. Return Value:
  754. None.
  756. --*/
  757. {
  758. PNL_EVENT_LIST EventList = (PNL_EVENT_LIST)NetpEventHandle;
  760. //
  761. // Clear the list of logged events.
  762. //
  764. NetpEventlogClearList( NetpEventHandle );
  766. //
  767. // Delete the critsect
  768. //
  770. DeleteCriticalSection( &EventList->EventListCritSect );
  772. //
  773. // Free the allocated buffer.
  774. //
  776. LocalFree( EventList );
  777. }