Merge branch 'main' into release/10.1.x

CHANGELOG.md

@@ -1,5 +1,21 @@
 # ChangeLog
 
+## [10.1.6] - 2023-02-20
+### Added
+- Add check for unknown '/key' option value
+- Outline: add job limits, archive timeout values
+- GetThis: add support to '/sample' for path matching expressions
+
+### Changed
+- Increase supported maximum path length
+- WolfLauncher: Add critical log when task are killed
+
+### Fixed
+- WolfLauncher: fix missing 'upload' configuration element
+- USNInfo: fix shadow copy volume selection
+- Outcome: fix sometimes missing command metadata
+- Configuration: fix unexpected xml elements handling
+
 ## [10.1.5] - 2023-01-17
 ### Added
 - Print configured archive and command timeouts in parameters summary

src/Orc/Mothership_Run.cpp

@@ -298,8 +298,8 @@ HRESULT Main::LaunchWMI()
 {
     HRESULT hr = E_FAIL;
 
-    WCHAR szMyselfName[MAX_PATH];
-    hr = GetProcessModuleFullPath(szMyselfName, MAX_PATH);
+    WCHAR szMyselfName[ORC_MAX_PATH];
+    hr = GetProcessModuleFullPath(szMyselfName, ORC_MAX_PATH);
     if (FAILED(hr))
     {
         Log::Error("Failed to obtain own process full path [{}]", SystemError(hr));
@@ -428,8 +428,8 @@ HRESULT Main::LaunchSelf()
         }
     }
 
-    WCHAR szMyselfName[MAX_PATH];
-    hr = GetProcessModuleFullPath(szMyselfName, MAX_PATH);
+    WCHAR szMyselfName[ORC_MAX_PATH];
+    hr = GetProcessModuleFullPath(szMyselfName, ORC_MAX_PATH);
     if (FAILED(hr))
     {
         Log::Error("Failed to obtain own process full path [{}]", SystemError(hr));

src/OrcCommand/Command/GetSamples/GetSamples_Config.cpp

@@ -322,8 +322,8 @@ HRESULT Main::CheckConfiguration()
 
     if (config.tmpdirOutput.Path.empty())
     {
-        WCHAR szTempDir[MAX_PATH];
-        if (FAILED(hr = UtilGetTempDirPath(szTempDir, MAX_PATH)))
+        WCHAR szTempDir[ORC_MAX_PATH];
+        if (FAILED(hr = UtilGetTempDirPath(szTempDir, ORC_MAX_PATH)))
         {
             Log::Error("Failed to determine default temp folder [{}]", SystemError(hr));
             return hr;

src/OrcCommand/Command/GetSectors/GetSectors_Run.cpp

@@ -93,11 +93,11 @@ HRESULT Main::Run()
 std::wstring Main::getBootDiskName()
 {
     DWORD ret = 0;
-    WCHAR systemDirectory[MAX_PATH];
+    WCHAR systemDirectory[ORC_MAX_PATH];
 
     // We assume the windows directory is on the boot disk
-    ret = GetWindowsDirectoryW(systemDirectory, MAX_PATH);
-    if (ret == 0 || ret >= MAX_PATH)
+    ret = GetWindowsDirectoryW(systemDirectory, ORC_MAX_PATH);
+    if (ret == 0 || ret >= ORC_MAX_PATH)
     {
         Log::Error("Failed GetWindowsDirectory [{}]", LastWin32Error());
         return {};

src/OrcCommand/Command/GetThis/GetThis_Config.cpp

@@ -372,11 +372,26 @@ HRESULT Main::GetConfigurationFromArgcArgv(int argc, LPCWSTR argv[])
                         }
                         else
                         {
-                            SampleSpec aSpec;
-                            auto filespec = make_shared<FileFind::SearchTerm>(wstring(pEquals + 1));
-                            aSpec.Terms.push_back(filespec);
-                            aSpec.Content.Type = ContentType::INVALID;
-                            config.listofSpecs.push_back(aSpec);
+                            std::wstring_view match(pEquals + 1);
+                            if (match.size() > 1 && match[0] == L'\\')
+                            {
+                                auto spec = make_shared<FileFind::SearchTerm>();
+                                spec->Required = FileFind::SearchTerm::Criteria::PATH_MATCH;
+                                spec->Path = match;
+
+                                SampleSpec aSpec;
+                                aSpec.Terms.push_back(spec);
+                                aSpec.Content.Type = ContentType::INVALID;
+                                config.listofSpecs.push_back(aSpec);
+                            }
+                            else
+                            {
+                                SampleSpec aSpec;
+                                auto filespec = make_shared<FileFind::SearchTerm>(std::wstring(pEquals + 1));
+                                aSpec.Terms.push_back(filespec);
+                                aSpec.Content.Type = ContentType::INVALID;
+                                config.listofSpecs.push_back(aSpec);
+                            }
                         }
                     }
                     else if (BooleanOption(argv[i] + 1, L"FlushRegistry", config.bFlushRegistry))

src/OrcCommand/Command/NTFSInfo/NTFSInfo_Config.cpp

@@ -202,8 +202,8 @@ HRESULT Main::GetConfigurationFromConfig(const ConfigItem& configitem)
 
     if (configitem[NTFSINFO_COMPUTER])
     {
-        WCHAR szComputerName[MAX_PATH];
-        DWORD dwComputerLen = MAX_PATH;
+        WCHAR szComputerName[ORC_MAX_PATH];
+        DWORD dwComputerLen = ORC_MAX_PATH;
 
         if (auto actualLen =
                 ExpandEnvironmentStringsW(configitem[NTFSINFO_COMPUTER].c_str(), szComputerName, dwComputerLen);

src/OrcCommand/Command/NTFSInfo/NTFSInfo_Run.cpp

@@ -124,8 +124,8 @@ HRESULT Main::RunThroughUSNJournal()
 
         if (config.outFileInfo.Type == OutputSpec::Kind::Directory)
         {
-            WCHAR szOutputFile[MAX_PATH];
-            StringCchPrintf(szOutputFile, MAX_PATH, L"NTFSInfo_%s_.csv", loc->GetIdentifier().c_str());
+            WCHAR szOutputFile[ORC_MAX_PATH];
+            StringCchPrintf(szOutputFile, ORC_MAX_PATH, L"NTFSInfo_%s_.csv", loc->GetIdentifier().c_str());
             if (nullptr == (pFileInfoWriter = TableOutput::GetWriter(szOutputFile, config.outFileInfo)))
             {
                 Log::Error("Failed to create output file information file");

src/OrcCommand/Command/ToolEmbed/ToolEmbed_Config.cpp

@@ -362,9 +362,9 @@ HRESULT Main::GetConfigurationFromArgcArgv(int argc, LPCWSTR argv[])
 
                     if (std::regex_match(strParameter, s, r))
                     {
-                        WCHAR szFile[MAX_PATH];
+                        WCHAR szFile[ORC_MAX_PATH];
 
-                        if (FAILED(hr = ExpandFilePath(s[1].str().c_str(), szFile, MAX_PATH)))
+                        if (FAILED(hr = ExpandFilePath(s[1].str().c_str(), szFile, ORC_MAX_PATH)))
                         {
                             Log::Error(L"Invalid file to embed specified: {}", strParameter);
                             return E_INVALIDARG;
@@ -477,8 +477,8 @@ HRESULT Main::CheckConfiguration()
             if (!config.strInputFile.empty())
             {
                 // /dump= requires the use of absolute paths
-                WCHAR szFullPath[MAX_PATH] = {0};
-                if (!GetFullPathName(config.strInputFile.c_str(), MAX_PATH, szFullPath, NULL))
+                WCHAR szFullPath[ORC_MAX_PATH] = {0};
+                if (!GetFullPathName(config.strInputFile.c_str(), ORC_MAX_PATH, szFullPath, NULL))
                 {
                     Log::Error(L"Failed to compute full path name for: '{}'", config.strInputFile);
                     return E_INVALIDARG;

src/OrcCommand/Command/ToolEmbed/ToolEmbed_Run.cpp

@@ -120,9 +120,9 @@ HRESULT Main::Run_Embed()
 HRESULT Main::Run_Dump()
 {
     HRESULT hr = E_FAIL;
-    WCHAR szPreviousCurDir[MAX_PATH];
+    WCHAR szPreviousCurDir[ORC_MAX_PATH];
 
-    GetCurrentDirectory(MAX_PATH, szPreviousCurDir);
+    GetCurrentDirectory(ORC_MAX_PATH, szPreviousCurDir);
     BOOST_SCOPE_EXIT((&szPreviousCurDir)) { SetCurrentDirectory(szPreviousCurDir); }
     BOOST_SCOPE_EXIT_END;
 
@@ -176,9 +176,9 @@ HRESULT Main::Run_FromDump()
 {
     HRESULT hr = E_FAIL;
 
-    WCHAR szPreviousCurDir[MAX_PATH];
+    WCHAR szPreviousCurDir[ORC_MAX_PATH];
 
-    GetCurrentDirectory(MAX_PATH, szPreviousCurDir);
+    GetCurrentDirectory(ORC_MAX_PATH, szPreviousCurDir);
     BOOST_SCOPE_EXIT((&szPreviousCurDir)) { SetCurrentDirectory(szPreviousCurDir); }
     BOOST_SCOPE_EXIT_END;
 

src/OrcCommand/Command/USNInfo/USNInfo.h

@@ -35,6 +35,8 @@ class ORCUTILS_API Main : public UtilitiesMain
         {
             output.supportedTypes = static_cast<OutputSpec::Kind>(
                 OutputSpec::Kind::TableFile | OutputSpec::Kind::Directory | OutputSpec::Kind::Archive);
+
+            bAddShadows = boost::logic::indeterminate;
         };
 
         OutputSpec output;

src/OrcCommand/Command/WolfLauncher/ConfigFile_WOLFLauncher.cpp

@@ -193,5 +193,8 @@ HRESULT Orc::Config::Wolf::root(ConfigItem& item)
         return hr;
     if (FAILED(hr = item.AddAttribute(L"werdontshowui", WOLFLAUNCHER_WERDONTSHOWUI, ConfigItem::OPTION)))
         return hr;
+    if (FAILED(hr = item.AddChild(L"upload", Orc::Config::Common::upload, WOLFLAUNCHER_UPLOAD)))
+        return hr;
+
     return S_OK;
 }

src/OrcCommand/Command/WolfLauncher/ConfigFile_WOLFLauncher.h

@@ -74,7 +74,8 @@ constexpr auto WOLFLAUNCHER_CHILDDEBUG = 6L;
 constexpr auto WOLFLAUNCHER_GLOBAL_CMD_TIMEOUT = 7L;
 constexpr auto WOLFLAUNCHER_GLOBAL_ARCHIVE_TIMEOUT = 8L;
 constexpr auto WOLFLAUNCHER_WERDONTSHOWUI = 9L;
-constexpr auto WOLFLAUNCHER_PRIORITY = 10L;
+constexpr auto WOLFLAUNCHER_UPLOAD = 10L;
+constexpr auto WOLFLAUNCHER_PRIORITY = 11L;
 
 constexpr auto WOLFLAUNCHER_WOLF = 0L;
 

src/OrcCommand/Command/WolfLauncher/WolfExecution.h

@@ -78,6 +78,10 @@ class WolfExecution
         CBinaryBuffer Certificate;
     };
 
+    std::chrono::milliseconds CmdTimeOut() const { return m_CmdTimeOut; }
+    std::chrono::milliseconds ArchiveTimeOut() const { return m_ArchiveTimeOut; }
+    const JobRestrictions& GetJobRestrictions() const { return m_Restrictions; }
+
 private:
     void WolfExecution::ArchiveNotificationHandler(const ArchiveNotification::Notification& notfication);
     CommandMessage::Message SetCommandFromConfigItem(const ConfigItem& item);
@@ -127,7 +131,6 @@ class WolfExecution
     std::vector<CommandMessage::Message> m_Commands;
 
     std::map<std::wstring, std::shared_ptr<WolfTask>> m_TasksByKeyword;
-    std::map<DWORD, std::shared_ptr<WolfTask>> m_TasksByPID;
     DWORD m_dwLongerTaskKeyword = 0L;
 
     CommandMessage::PriorityMessageBuffer m_cmdAgentBuffer;

src/OrcCommand/Command/WolfLauncher/WolfExecution_Config.cpp

@@ -595,7 +595,7 @@ HRESULT WolfExecution::SetRestrictionsFromConfig(const ConfigItem& item)
 
         if (arch == PROCESSOR_ARCHITECTURE_INTEL && li.QuadPart > MAXDWORD)
         {
-            Log::Warn(
+            Log::Critical(
                 L"Specified size is too big for elapsed time restriction '{}'", item[WOLFLAUNCHER_ELAPSEDTIME].c_str());
         }
         // Elapsed time is expressed in minutes

src/OrcCommand/Command/WolfLauncher/WolfExecution_Execute.cpp

@@ -196,9 +196,9 @@ HRESULT WolfExecution::BuildFullArchiveName()
     {
         // A full path was specified, using it
         m_strArchiveFullPath = m_strArchiveName;
-        WCHAR szFileName[MAX_PATH];
+        WCHAR szFileName[ORC_MAX_PATH];
 
-        if (FAILED(hr = GetFileNameForFile(m_strArchiveFullPath.c_str(), szFileName, MAX_PATH)))
+        if (FAILED(hr = GetFileNameForFile(m_strArchiveFullPath.c_str(), szFileName, ORC_MAX_PATH)))
         {
             Log::Error("Unable to extract archive file name [{}]", SystemError(hr));
             return hr;
@@ -450,39 +450,27 @@ HRESULT WolfExecution::CreateArchiveAgent()
 
 HRESULT WolfExecution::NotifyTask(const CommandNotification::Ptr& item)
 {
-    HRESULT hr = E_FAIL;
-
-    std::shared_ptr<WolfTask> task;
-
+    auto taskiter = m_TasksByKeyword.find(item->GetKeyword());
+    if (taskiter == m_TasksByKeyword.end())
     {
-        auto taskiter = m_TasksByPID.find(static_cast<DWORD>(item->GetProcessID()));
-
-        if (taskiter != m_TasksByPID.end())
-        {
-            task = taskiter->second;
-        }
+        Log::Error(L"Cannot find task by keyword: {}", item->GetKeyword());
+        return E_FAIL;
     }
 
+    auto task = taskiter->second;
     if (task == nullptr)
     {
-        auto taskiter = m_TasksByKeyword.find(item->GetKeyword());
-
-        if (taskiter != m_TasksByKeyword.end())
-        {
-            task = taskiter->second;
-        }
+        Log::Error(L"Failed to retrieve task: {}", item->GetKeyword());
+        return E_FAIL;
     }
 
-    if (task != nullptr)
+    std::vector<CommandMessage::Message> actions;
+    task->ApplyNotification(item, actions);
+    for (const auto& item : actions)
     {
-        std::vector<CommandMessage::Message> actions;
-        task->ApplyNotification(item, actions);
-
-        for (const auto& item : actions)
-        {
-            Concurrency::send(m_cmdAgentBuffer, item);
-        }
+        Concurrency::send(m_cmdAgentBuffer, item);
     }
+
     return S_OK;
 }
 
@@ -506,16 +494,8 @@ HRESULT WolfExecution::CreateCommandAgent(
             {
                 switch (item->GetEvent())
                 {
-                    case CommandNotification::Started: {
-                        auto taskiter = m_TasksByKeyword.find(item->GetKeyword());
-                        if (taskiter != m_TasksByKeyword.end())
-                            m_TasksByPID[static_cast<DWORD>(item->GetProcessID())] = taskiter->second;
-                        else
-                        {
-                            Log::Error(L"New task '{}' could not be found", item->GetKeyword());
-                        }
-                    }
-                    break;
+                    case CommandNotification::Started:
+                        break;
                     case CommandNotification::Terminated:
                         break;
                     case CommandNotification::Running:
@@ -530,16 +510,16 @@ HRESULT WolfExecution::CreateCommandAgent(
                         Log::Debug("No tasks are currently running");
                         break;
                     case CommandNotification::JobProcessLimit:
-                        Log::Warn("JOB: Process number limit");
+                        Log::Critical("JOB: Process number limit");
                         break;
                     case CommandNotification::JobMemoryLimit:
-                        Log::Warn(L"JOB: Memory limit");
+                        Log::Critical(L"JOB: Memory limit");
                         break;
                     case CommandNotification::JobTimeLimit:
-                        Log::Warn(L"JOB: CPU Time limit");
+                        Log::Critical(L"JOB: CPU Time limit");
                         break;
                     case CommandNotification::AllTerminated:
-                        Log::Warn("JOB: Job was autoritatively terminated");
+                        Log::Debug("JOB: Job was authoritatively terminated");
                         break;
                     case CommandNotification::Done: {
                         GetSystemTimeAsFileTime(&m_FinishTime);
@@ -579,7 +559,7 @@ HRESULT WolfExecution::CreateCommandAgent(
                             commandSetOutcome.SetJobStatistics(statistics);
                         }
 
-                        for (const auto& [keyword, task] : m_TasksByPID)
+                        for (const auto& [keyword, task] : m_TasksByKeyword)
                         {
                             if (task == nullptr)
                             {
@@ -701,6 +681,10 @@ HRESULT WolfExecution::EnqueueCommands()
 
     for (const auto& command : m_Commands)
     {
+        if (command->IsOptional())
+        {
+            continue;
+        }
 
         if (m_TasksByKeyword.find(command->Keyword()) != m_TasksByKeyword.end())
         {
@@ -711,25 +695,23 @@ HRESULT WolfExecution::EnqueueCommands()
             m_TasksByKeyword[command->Keyword()] =
                 std::make_shared<WolfTask>(GetKeyword(), command->Keyword(), m_journal);
         }
-        if (!command->IsOptional())
+
         {
+            auto&& lock = m_outcome.Lock();
+            auto& outcomeCommand = m_outcome.GetCommandSet(m_commandSet).GetCommand(command->Keyword());
+            for (const auto& parameter : command->GetParameters())
             {
-                auto&& lock = m_outcome.Lock();
-                auto& outcomeCommand = m_outcome.GetCommandSet(m_commandSet).GetCommand(command->Keyword());
-                for (const auto& parameter : command->GetParameters())
+                if (::HasFileOutput(parameter.Kind))
                 {
-                    if (::HasFileOutput(parameter.Kind))
-                    {
-                        Outcome::Command::Output outputFile;
-                        outputFile.SetName(parameter.Name);
-                        outputFile.SetType(::ToOutputFileType(parameter.Kind));
-                        outcomeCommand.GetOutput().emplace_back(std::move(outputFile));
-                    }
+                    Outcome::Command::Output outputFile;
+                    outputFile.SetName(parameter.Name);
+                    outputFile.SetType(::ToOutputFileType(parameter.Kind));
+                    outcomeCommand.GetOutput().emplace_back(std::move(outputFile));
                 }
             }
-
-            Concurrency::send(m_cmdAgentBuffer, command);
         }
+
+        Concurrency::send(m_cmdAgentBuffer, command);
     }
 
     return S_OK;