180 lines
5.3 KiB
C
180 lines
5.3 KiB
C
/*++
|
|
Copyright (c) 1990 Microsoft Corporation
|
|
|
|
Module Name:
|
|
DATA.C
|
|
|
|
Abstract:
|
|
This file contains all the global data elements of the eventlog service.
|
|
|
|
Author:
|
|
Rajen Shah (rajens) 10-Jul-1991
|
|
|
|
[Environment:]
|
|
User Mode - Win32, except for NTSTATUS returned by some functions.
|
|
|
|
Revision History:
|
|
10-Jul-1991 RajenS
|
|
created
|
|
--*/
|
|
|
|
// INCLUDES
|
|
#include <eventp.h>
|
|
#include <elfcfg.h>
|
|
|
|
|
|
#if DBG
|
|
// Debug flag used to control ElfDbgPrint
|
|
DWORD ElfDebug = 0;
|
|
#endif // DBG
|
|
|
|
// Handles used for the LPC port.
|
|
HANDLE ElfConnectionPortHandle;
|
|
HANDLE ElfCommunicationPortHandle;
|
|
|
|
// The heads of various linked lists
|
|
|
|
LIST_ENTRY LogFilesHead; // Log files
|
|
RTL_CRITICAL_SECTION LogFileCritSec; // Accessing log files
|
|
LIST_ENTRY LogModuleHead; // Modules registered for logging
|
|
RTL_CRITICAL_SECTION LogModuleCritSec; // Accessing log files
|
|
LIST_ENTRY LogHandleListHead; // Context-handles for log handles
|
|
RTL_CRITICAL_SECTION LogHandleCritSec; // Accessing log handles
|
|
LIST_ENTRY QueuedEventListHead; // Deferred events to write
|
|
RTL_CRITICAL_SECTION QueuedEventCritSec; // Accessing the deferred events
|
|
LIST_ENTRY QueuedMessageListHead; // Deferred messagebox
|
|
RTL_CRITICAL_SECTION QueuedMessageCritSec; // Accessing the deferred mb's
|
|
|
|
|
|
// Service-related global data
|
|
|
|
|
|
SERVICE_STATUS_HANDLE ElfServiceStatusHandle;
|
|
|
|
|
|
// The following resource is used to serialize access to the resources
|
|
// of the Eventlog service at the highest level. It is used to make sure
|
|
// that the threads that write/read/clear the log file(s) do not step over
|
|
// the threads that monitor the registry and deal with service control
|
|
// operations.
|
|
|
|
// The threads that operate on the log file(s) have Shared access to the
|
|
// resource, since they are further serialized on the file that they are
|
|
// working on.
|
|
|
|
// The threads that will modify the internal data structures, or the state
|
|
// of the service, need Exclusive access to the resource so that we can
|
|
// control access to the data structures and log files.
|
|
|
|
|
|
RTL_RESOURCE GlobalElfResource;
|
|
|
|
|
|
// This is used by the Backup API to signify which 4K block of the log it's
|
|
// currently reading. This is used to prevent a writer from overwriting this
|
|
// block while it is reading it. The event is used to let a writer block if
|
|
// it was going to overwrite the current backup block, and get pulsed when
|
|
// the backup thread moves to the next block.
|
|
|
|
PVOID ElfBackupPointer;
|
|
HANDLE ElfBackupEvent;
|
|
|
|
|
|
// Handle for the LPC thread
|
|
HANDLE LPCThreadHandle;
|
|
|
|
|
|
// Handle for the MessageBox thread
|
|
HANDLE MBThreadHandle;
|
|
|
|
|
|
// Handle and ID for the registry monitor thread
|
|
HANDLE RegistryThreadHandle;
|
|
DWORD RegistryThreadId;
|
|
|
|
|
|
// Bitmask of things that have been allocated and/or started by the
|
|
// service. When the service terminates, this is what needs to be
|
|
// cleaned.
|
|
|
|
ULONG EventFlags; // Keep track of what is allocated
|
|
|
|
|
|
// Record used to indicate the end of the event records in the file.
|
|
|
|
ELF_EOF_RECORD EOFRecord = {ELFEOFRECORDSIZE,
|
|
0x11111111,
|
|
0x22222222,
|
|
0x33333333,
|
|
0x44444444,
|
|
FILEHEADERBUFSIZE,
|
|
FILEHEADERBUFSIZE,
|
|
1,
|
|
1,
|
|
ELFEOFRECORDSIZE
|
|
};
|
|
|
|
|
|
// Default module to use if no match is found, APPLICATION
|
|
PLOGMODULE ElfDefaultLogModule;
|
|
|
|
|
|
// Module for the eventlog service itself
|
|
PLOGMODULE ElfModule;
|
|
|
|
|
|
// Handle (key) to the event log node in the registry.
|
|
// This is set up by the service main function.
|
|
HANDLE hEventLogNode;
|
|
|
|
|
|
// Used to create a unigue module name for backup logs
|
|
DWORD BackupModuleNumber;
|
|
|
|
|
|
// NT well-known SIDs
|
|
PSVCS_GLOBAL_DATA ElfGlobalData;
|
|
|
|
|
|
// Global anonymous logon sid - used in log ACL's. The only SID allocated
|
|
// specifically by the eventlog service, all others are passed in from
|
|
// the service controller in ElfGlobalData.
|
|
|
|
|
|
PSID AnonymousLogonSid;
|
|
|
|
|
|
// The local computer name. Used when we generate events ourself.
|
|
|
|
|
|
LPWSTR LocalComputerName;
|
|
ULONG ComputerNameLength;
|
|
|
|
|
|
// Shutdown Flag
|
|
|
|
BOOL EventlogShutdown;
|
|
|
|
HANDLE ElfGlobalSvcRefHandle;
|
|
|
|
|
|
// This is the string used in the title bar of the Message Box
|
|
// used to display log full messages.
|
|
// GlobalMessageBoxTitle will either point to the default string, or
|
|
// to the string allocated in the format Message function.
|
|
|
|
WCHAR DefaultMessageBoxTitle[] = L"Eventlog Service";
|
|
LPWSTR GlobalAllocatedMsgTitle;
|
|
LPWSTR GlobalMessageBoxTitle = DefaultMessageBoxTitle;
|
|
|
|
|
|
//SS:start of changes for clustering
|
|
BOOL gbClustering = FALSE; //the cluster service has registered for replication of events
|
|
PPACKEDEVENTINFO gpClPackedEventInfo = NULL; //pointer to preallocated memory for event propagation
|
|
RTL_CRITICAL_SECTION gClPropCritSec; // for using the global glClPackedEventInfo structure
|
|
HMODULE ghClusDll = NULL;
|
|
PROPAGATEEVENTSPROC gpfnPropagateEvents = NULL;
|
|
BINDTOCLUSTERPROC gpfnBindToCluster = NULL;
|
|
UNBINDFROMCLUSTERPROC gpfnUnbindFromCluster = NULL;
|
|
HANDLE ghCluster = NULL;
|
|
//SS: end of changes for clustering
|