Skip Menu |

This queue is for tickets about the Win32-EventLog CPAN distribution.

Report information
The Basics
Id: 22827
Status: new
Priority: 0/
Queue: Win32-EventLog
People
Owner: Nobody in particular
Requestors: yves [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Unimportant
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sun Nov 05 13:39:42 2006 yves [...] cpan.org - Ticket created
Subject: [PATCH] Win32::EventLog doesn't populate the user field of reported events
Hi Jan, Attached is a simple patch to add the user SIDP parameter to the ReportEventA() call in the Report() XS routine. Currently all event log entries are created with a NULL user which results in the event logs user column having N/A in the user column. I guess we could cache the SID or something, but I wasnt sure how to do so from XS and I figured if you wanted such behviour you would know how to do it, so I didn't even try. :-) Cheers, Yves
Subject: add_user.patch
--- EventLog\EventLog.xs 2005-09-17 22:36:34.000000000 +0200 +++ ..\EventLog.xs 2006-11-05 19:32:06.145379800 +0100 @@ -224,6 +224,49 @@ hLog = RegisterEventSourceA(server, source); if (hLog != NULL) { + BOOL fSuccess = FALSE; + HANDLE hToken = NULL; + PTOKEN_USER ptiUser = NULL; + DWORD cbti = 0; + PSID sid = NULL; + + do { + /* + Rough translation of a MS-KB article, but I lost which it was + This code is also loose on the internet in various forms. + */ + if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken)) + break; /* we shouldnt get here */ + + if (GetLastError() != ERROR_NO_TOKEN) + break; + + /* Retry against process token if no thread token exists. */ + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) + break; + + /* Obtain the size of the user information in the token. */ + if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti)) + /* Call should have failed due to zero-length buffer. */ + break; + else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) + break; + + // Allocate buffer for user information in the token. + Newc( 3101, ptiUser, cbti, char, TOKEN_USER ); + if (!ptiUser) + break; + + // Retrieve the user information from the token. + if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti)) + break; + + sid = ptiUser->User.Sid; + + } while (0); + if (hToken) CloseHandle(hToken); + if (ptiUser) Safefree(ptiUser); + data = SvPV(ST(6), dataLength); New(3101, array, items - 7, char*); for (index = 0; index < items - 7; ++index) { @@ -235,7 +278,7 @@ (WORD)SvIV(ST(2)), /* event type to log */ (WORD)SvIV(ST(3)), /* event category */ SvIV(ST(4)), /* event identifier */ - NULL, /* user security identifier (optional) */ + sid, /* user security identifier (optional) */ (WORD)(items - 7), /* number of strings to merge with message */ dataLength, /* size of raw (binary) data (in bytes) */ (const char**)array, /* array of strings to merge with message */
  Fri Jun 20 21:31:51 2008 JDB [...] cpan.org - Queue changed from libwin32 to Win32-EventLog