Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

358 lines
8.4 KiB

  1. /*++
  2. Copyright (c) 1998 Microsoft Corporation
  3. Module Name:
  4. NLTRACE.C
  5. Abstract:
  6. Implement Netlogon Server event tracing by using WMI trace infrastructure.
  7. Author:
  8. 16-Mar-1999 KahrenT
  9. Note:
  10. This code has been stolen from \nt\private\ds\src\newsam2\server\samtrace.c
  11. Revision History:
  12. --*/
  13. #include "logonsrv.h"
  14. #define RESOURCE_NAME __TEXT("MofResource")
  15. #define IMAGE_PATH __TEXT("netlogon.dll")
  16. ULONG NlpEventTraceFlag = FALSE;
  17. TRACEHANDLE NlpTraceRegistrationHandle = (TRACEHANDLE) 0;
  18. TRACEHANDLE NlpTraceLoggerHandle = (TRACEHANDLE) 0;
  19. //
  20. // Forward declaration
  21. //
  22. ULONG
  23. NlpTraceControlCallBack(
  24. IN WMIDPREQUESTCODE RequestCode,
  25. IN PVOID RequestContext,
  26. IN OUT ULONG *InOutBufferSize,
  27. IN OUT PVOID Buffer
  28. );
  29. //
  30. // The following table contains the address of event trace GUID.
  31. // We should always update NLPTRACE_GUID (enum type defined in logonsrv.h)
  32. // whenever we add new event trace GUID for NetLogon
  33. //
  34. TRACE_GUID_REGISTRATION NlpTraceGuids[] =
  35. {
  36. {&NlpServerAuthGuid, NULL},
  37. {&NlpSecureChannelSetupGuid, NULL}
  38. };
  39. #define NlpGuidCount (sizeof(NlpTraceGuids) / sizeof(TRACE_GUID_REGISTRATION))
  40. ULONG
  41. _stdcall
  42. NlpInitializeTrace(
  43. PVOID Param
  44. )
  45. /*++
  46. Routine Description:
  47. Register WMI Trace Guids. Note that there is no
  48. need to wait for WMI service because it has been
  49. brought into ntos kernel.
  50. Parameters:
  51. None.
  52. Reture Values:
  53. None.
  54. --*/
  55. {
  56. ULONG Status = ERROR_SUCCESS;
  57. HMODULE hModule;
  58. TCHAR FileName[MAX_PATH+1];
  59. DWORD nLen = 0;
  60. //
  61. // Get the name of the image file
  62. //
  63. hModule = GetModuleHandle(IMAGE_PATH);
  64. if (hModule != NULL) {
  65. nLen = GetModuleFileName(hModule, FileName, MAX_PATH);
  66. }
  67. if (nLen == 0) {
  68. lstrcpy(FileName, IMAGE_PATH);
  69. }
  70. //
  71. // Register Trace GUIDs
  72. //
  73. Status = RegisterTraceGuids(
  74. NlpTraceControlCallBack,
  75. NULL,
  76. &NlpControlGuid,
  77. NlpGuidCount,
  78. NlpTraceGuids,
  79. FileName,
  80. RESOURCE_NAME,
  81. &NlpTraceRegistrationHandle);
  82. if ( Status != ERROR_SUCCESS ) {
  83. NlPrint((NL_CRITICAL, "NlpInitializeTrace Failed %d\n", Status));
  84. } else {
  85. NlPrint((NL_MISC, "NlpInitializeTrace succeeded %d\n", Status));
  86. }
  87. return Status;
  88. UNREFERENCED_PARAMETER( Param );
  89. }
  90. ULONG
  91. NlpTraceControlCallBack(
  92. IN WMIDPREQUESTCODE RequestCode,
  93. IN PVOID RequestContext,
  94. IN OUT ULONG *InOutBufferSize,
  95. IN OUT PVOID Buffer
  96. )
  97. /*++
  98. Routine Description:
  99. Parameters:
  100. Return Values:
  101. --*/
  102. {
  103. PWNODE_HEADER Wnode = (PWNODE_HEADER) Buffer;
  104. ULONG Status = ERROR_SUCCESS;
  105. ULONG RetSize;
  106. switch (RequestCode)
  107. {
  108. case WMI_ENABLE_EVENTS:
  109. {
  110. NlpTraceLoggerHandle = GetTraceLoggerHandle(Buffer);
  111. NlpEventTraceFlag = 1; // enable flag
  112. RetSize = 0;
  113. break;
  114. }
  115. case WMI_DISABLE_EVENTS:
  116. {
  117. NlpTraceLoggerHandle = (TRACEHANDLE) 0;
  118. NlpEventTraceFlag = 0; // disable flag
  119. RetSize = 0;
  120. break;
  121. }
  122. default:
  123. {
  124. RetSize = 0;
  125. Status = ERROR_INVALID_PARAMETER;
  126. break;
  127. }
  128. }
  129. *InOutBufferSize = RetSize;
  130. return Status;
  131. UNREFERENCED_PARAMETER( RequestContext );
  132. }
  133. VOID
  134. NlpTraceEvent(
  135. IN ULONG WmiEventType,
  136. IN ULONG TraceGuid
  137. )
  138. /*++
  139. Routine Description:
  140. This routine will do a WMI event trace. No parameters will be output.
  141. Parameters:
  142. WmiEventType - Event Type, valid values are:
  143. EVENT_TRACE_TYPE_START
  144. EVENT_TRACE_TYPE_END
  145. TraceGuid - Index in NlpTraceGuids[]
  146. Return Values:
  147. None.
  148. --*/
  149. {
  150. ULONG WinError = ERROR_SUCCESS;
  151. EVENT_TRACE_HEADER EventTrace;
  152. if (NlpEventTraceFlag) {
  153. //
  154. // Fill the event information.
  155. //
  156. memset(&EventTrace, 0, sizeof(EVENT_TRACE_HEADER));
  157. EventTrace.GuidPtr = (ULONGLONG) NlpTraceGuids[TraceGuid].Guid;
  158. EventTrace.Class.Type = (UCHAR) WmiEventType;
  159. EventTrace.Flags |= (WNODE_FLAG_USE_GUID_PTR | // GUID is actually a pointer
  160. WNODE_FLAG_TRACED_GUID); // denotes a trace
  161. EventTrace.Size = sizeof(EVENT_TRACE_HEADER); // no other parameters/information
  162. WinError = TraceEvent(NlpTraceLoggerHandle, &EventTrace);
  163. if ( WinError != ERROR_SUCCESS ) {
  164. NlPrint(( NL_CRITICAL, "NlpTraceEvent Error 0x%x for TraceGuid %d\n",
  165. WinError, TraceGuid ));
  166. }
  167. }
  168. return;
  169. }
  170. typedef struct _NL_SERVERAUTH_EVENT_INFO {
  171. EVENT_TRACE_HEADER EventTrace;
  172. MOF_FIELD eventInfo[5]; // the current limit is 8 MOF fields
  173. } NL_SERVERAUTH_EVENT_INFO, *PNL_SERVERAUTH_EVENT_INFO;
  174. VOID
  175. NlpTraceServerAuthEvent(
  176. IN ULONG WmiEventType,
  177. IN LPWSTR ComputerName,
  178. IN LPWSTR AccountName,
  179. IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
  180. IN PULONG NegotiatedFlags,
  181. IN NTSTATUS Status
  182. )
  183. /*++
  184. Routine Description:
  185. This routine will do a WMI event trace on the trusted side DC for a secure
  186. channel setup initiated by the trusting side.
  187. Parameters:
  188. WmiEventType -- Event Type, valid values are:
  189. EVENT_TRACE_TYPE_START
  190. EVENT_TRACE_TYPE_END
  191. ComputerName -- Name of the trusting side computer setting up the secure channel
  192. AccountName -- Name of the Account used by ComputerName
  193. SecureChannelType -- The type of the account being used by ComputerName
  194. NegotiatedFlags -- Specifies flags indicating what features ComputerName or we support.
  195. If WmiEventType is EVENT_TRACE_TYPE_START, this is flags supplied by ComputerName
  196. If WmiEventType is EVENT_TRACE_TYPE_END, this is flags returned by us
  197. Status -- The status of the authentication performed by the trusted side (us).
  198. Ignored if this is a start of the event.
  199. Return Values:
  200. None
  201. --*/
  202. {
  203. //
  204. // Log event only if tracing is turned on
  205. //
  206. if ( NlpEventTraceFlag ) {
  207. ULONG WinError = ERROR_SUCCESS;
  208. NL_SERVERAUTH_EVENT_INFO EventTraceInfo;
  209. //
  210. // Fill the event information.
  211. //
  212. RtlZeroMemory( &EventTraceInfo, sizeof(EventTraceInfo) );
  213. EventTraceInfo.EventTrace.GuidPtr = (ULONGLONG) NlpTraceGuids[NlpGuidServerAuth].Guid;
  214. EventTraceInfo.EventTrace.Class.Type = (UCHAR) WmiEventType;
  215. EventTraceInfo.EventTrace.Flags |= (WNODE_FLAG_USE_GUID_PTR |
  216. WNODE_FLAG_USE_MOF_PTR |
  217. WNODE_FLAG_TRACED_GUID);
  218. EventTraceInfo.EventTrace.Size = sizeof(EVENT_TRACE_HEADER);
  219. //
  220. // Build ComputerName (ItemWString)
  221. //
  222. EventTraceInfo.eventInfo[0].DataPtr = (ULONGLONG) ComputerName;
  223. EventTraceInfo.eventInfo[0].Length = (wcslen(ComputerName) + 1) * sizeof(WCHAR);
  224. EventTraceInfo.EventTrace.Size += sizeof(MOF_FIELD);
  225. //
  226. // Build AccountName (ItemWString)
  227. //
  228. EventTraceInfo.eventInfo[1].DataPtr = (ULONGLONG) AccountName;
  229. EventTraceInfo.eventInfo[1].Length = (wcslen(AccountName) + 1) * sizeof(WCHAR);
  230. EventTraceInfo.EventTrace.Size += sizeof(MOF_FIELD);
  231. //
  232. // Build SecureChannelType (ItemULongX)
  233. //
  234. EventTraceInfo.eventInfo[2].DataPtr = (ULONGLONG) &SecureChannelType;
  235. EventTraceInfo.eventInfo[2].Length = sizeof(SecureChannelType);
  236. EventTraceInfo.EventTrace.Size += sizeof(MOF_FIELD);
  237. //
  238. // Build NegotiatedFlags (ItemULongX)
  239. //
  240. EventTraceInfo.eventInfo[3].DataPtr = (ULONGLONG) NegotiatedFlags;
  241. EventTraceInfo.eventInfo[3].Length = sizeof(*NegotiatedFlags);
  242. EventTraceInfo.EventTrace.Size += sizeof(MOF_FIELD);
  243. //
  244. // Build Status (ItemULongX)
  245. //
  246. if ( WmiEventType == EVENT_TRACE_TYPE_END ) {
  247. EventTraceInfo.eventInfo[4].DataPtr = (ULONGLONG) &Status;
  248. EventTraceInfo.eventInfo[4].Length = sizeof(Status);
  249. EventTraceInfo.EventTrace.Size += sizeof(MOF_FIELD);
  250. }
  251. WinError = TraceEvent(NlpTraceLoggerHandle, (PEVENT_TRACE_HEADER)&EventTraceInfo);
  252. if ( WinError != ERROR_SUCCESS ) {
  253. NlPrint(( NL_CRITICAL, "NlpTraceServerAuthEvent: TraceEvent failed 0x%lx\n",
  254. WinError ));
  255. }
  256. }
  257. }