Skip to content

Commit

Permalink
query: subscribe: utils: Provide an option to turn on/off for expandi…
Browse files Browse the repository at this point in the history
…ng SID

Signed-off-by: Hiroshi Hatake <[email protected]>
  • Loading branch information
cosmo0920 committed Jul 25, 2024
1 parent dace409 commit 004c57e
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 5 deletions.
4 changes: 3 additions & 1 deletion ext/winevt/winevt_c.h
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
DWORD *error_code);
WCHAR* get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote);
VALUE get_values(EVT_HANDLE handle);
VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers, BOOL expandSID);
LocaleInfo* get_locale_info_from_rb_str(VALUE rb_locale_str);

#ifdef __cplusplus
Expand Down Expand Up @@ -101,6 +101,7 @@ struct WinevtQuery
LONG timeout;
BOOL renderAsXML;
BOOL preserveQualifiers;
BOOL expandSID;
LocaleInfo *localeInfo;
EVT_HANDLE remoteHandle;
};
Expand All @@ -122,6 +123,7 @@ struct WinevtSubscribe
DWORD currentRate;
BOOL renderAsXML;
BOOL preserveQualifiers;
BOOL expandSID;
LocaleInfo* localeInfo;
EVT_HANDLE remoteHandle;
};
Expand Down
46 changes: 45 additions & 1 deletion ext/winevt/winevt_query.c
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
winevtQuery->preserveQualifiers = FALSE;
winevtQuery->localeInfo = &default_locale;
winevtQuery->remoteHandle = hRemoteHandle;
winevtQuery->expandSID = TRUE;

ALLOCV_END(wchannelBuf);
ALLOCV_END(wpathBuf);
Expand Down Expand Up @@ -274,7 +275,8 @@ rb_winevt_query_render(VALUE self, EVT_HANDLE event)
if (winevtQuery->renderAsXML) {
return render_to_rb_str(event, EvtRenderEventXml);
} else {
return render_system_event(event, winevtQuery->preserveQualifiers);
return render_system_event(event, winevtQuery->preserveQualifiers,
winevtQuery->expandSID);
}
}

Expand Down Expand Up @@ -535,6 +537,40 @@ rb_winevt_query_get_locale(VALUE self)
}
}

/*
* This method specifies whether expanding SID or not.
*
* @param rb_expand_sid_p [Boolean]
*/
static VALUE
rb_winevt_query_set_expand_sid(VALUE self, VALUE rb_expand_sid_p)
{
struct WinevtQuery* winevtQuery;

TypedData_Get_Struct(
self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);

winevtQuery->expandSID = RTEST(rb_expand_sid_p);

return Qnil;
}

/*
* This method returns whether expanding SID or not.
*
* @return [Boolean]
*/
static VALUE
rb_winevt_query_expand_sid_p(VALUE self)
{
struct WinevtQuery* winevtQuery;

TypedData_Get_Struct(
self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);

return winevtQuery->expandSID ? Qtrue : Qfalse;
}

/*
* This method cancels channel query.
*
Expand Down Expand Up @@ -683,6 +719,14 @@ Init_winevt_query(VALUE rb_cEventLog)
* @since 0.8.0
*/
rb_define_method(rb_cQuery, "locale=", rb_winevt_query_set_locale, 1);
/*
* @since 0.10.3
*/
rb_define_method(rb_cQuery, "expand_sid?", rb_winevt_query_expand_sid_p, 0);
/*
* @since 0.10.3
*/
rb_define_method(rb_cQuery, "expand_sid=", rb_winevt_query_set_expand_sid, 1);
/*
* @since 0.9.1
*/
Expand Down
46 changes: 45 additions & 1 deletion ext/winevt/winevt_subscribe.c
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ rb_winevt_subscribe_initialize(VALUE self)
winevtSubscribe->readExistingEvents = TRUE;
winevtSubscribe->preserveQualifiers = FALSE;
winevtSubscribe->localeInfo = &default_locale;
winevtSubscribe->expandSID = TRUE;

return Qnil;
}
Expand Down Expand Up @@ -417,7 +418,8 @@ rb_winevt_subscribe_render(VALUE self, EVT_HANDLE event)
if (winevtSubscribe->renderAsXML) {
return render_to_rb_str(event, EvtRenderEventXml);
} else {
return render_system_event(event, winevtSubscribe->preserveQualifiers);
return render_system_event(event, winevtSubscribe->preserveQualifiers,
winevtSubscribe->expandSID);
}
}

Expand Down Expand Up @@ -674,6 +676,40 @@ rb_winevt_subscribe_get_locale(VALUE self)
}
}

/*
* This method specifies whether expanding SID or not.
*
* @param rb_expand_sid_p [Boolean]
*/
static VALUE
rb_winevt_subscribe_set_expand_sid(VALUE self, VALUE rb_expand_sid_p)
{
struct WinevtSubscribe* winevtSubscribe;

TypedData_Get_Struct(
self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

winevtSubscribe->expandSID = RTEST(rb_expand_sid_p);

return Qnil;
}

/*
* This method returns whether expanding SID or not.
*
* @return [Boolean]
*/
static VALUE
rb_winevt_subscribe_expand_sid_p(VALUE self)
{
struct WinevtSubscribe* winevtSubscribe;

TypedData_Get_Struct(
self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

return winevtSubscribe->expandSID ? Qtrue : Qfalse;
}

/*
* This method cancels channel subscription.
*
Expand Down Expand Up @@ -771,6 +807,14 @@ Init_winevt_subscribe(VALUE rb_cEventLog)
*/
rb_define_method(
rb_cSubscribe, "locale=", rb_winevt_subscribe_set_locale, 1);
/*
* @since 0.10.3
*/
rb_define_method(rb_cSubscribe, "expand_sid?", rb_winevt_subscribe_expand_sid_p, 0);
/*
* @since 0.10.3
*/
rb_define_method(rb_cSubscribe, "expand_sid=", rb_winevt_subscribe_set_expand_sid, 1);
/*
* @since 0.9.1
*/
Expand Down
5 changes: 3 additions & 2 deletions ext/winevt/winevt_utils.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -646,7 +646,7 @@ static int ExpandSIDWString(PSID sid, CHAR **out_expanded)
}

VALUE
render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers, BOOL expandSID_p)
{
DWORD status = ERROR_SUCCESS;
EVT_HANDLE hContext = NULL;
Expand Down Expand Up @@ -837,7 +837,8 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
if (EvtVarTypeNull != pRenderedValues[EvtSystemUserID].Type) {
if (ConvertSidToStringSid(pRenderedValues[EvtSystemUserID].SidVal, &pwsSid)) {
CHAR *expandSID;
if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
if (expandSID_p &&
ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
&expandSID) == 0) {
rbstr = rb_utf8_str_new_cstr(expandSID);
} else {
Expand Down

0 comments on commit 004c57e

Please sign in to comment.