win32-eventlog 0.4.4 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/CHANGES +6 -0
  2. data/lib/win32/eventlog.rb +54 -36
  3. data/test/tc_eventlog.rb +1 -1
  4. data/win32-eventlog.gemspec +1 -1
  5. metadata +3 -3
data/CHANGES CHANGED
@@ -1,3 +1,9 @@
1
+ = 0.4.5 - 25-Aug-2007
2
+ * Fixed two potential issues where reading from remote event log sources
3
+ could fail either due to permissions (reading DLL's) or because local
4
+ registry entries didn't necessarily match the remote registry entries.
5
+ Thanks go to Andrew Garberoglio and Ivan Shiel for the spot.
6
+
1
7
  = 0.4.4 - 31-Jul-2007
2
8
  * The EventLogError class is now EventLog::Error.
3
9
  * The MCError class is now MC::Error.
data/lib/win32/eventlog.rb CHANGED
@@ -37,7 +37,7 @@ module Win32
37
37
  extend Windows::Error
38
38
  extend Windows::Registry
39
39
 
40
- VERSION = '0.4.4'
40
+ VERSION = '0.4.5'
41
41
 
42
42
  # Aliased read flags
43
43
  FORWARDS_READ = EVENTLOG_FORWARDS_READ
@@ -199,7 +199,7 @@ module Win32
199
199
  raise Error, error
200
200
  end
201
201
 
202
- hkey = hkey.unpack('L').first
202
+ hkey = hkey.unpack('L')[0]
203
203
 
204
204
  if hash['category_count']
205
205
  data = [hash['category_count']].pack('L')
@@ -322,7 +322,7 @@ module Win32
322
322
  raise 'GetEventLogInformation() failed: ' + get_last_error
323
323
  end
324
324
 
325
- buf[0,4].unpack('L').first != 0
325
+ buf[0,4].unpack('L')[0] != 0
326
326
  end
327
327
 
328
328
  # Returns the absolute record number of the oldest record. Note that
@@ -337,7 +337,7 @@ module Win32
337
337
  raise Error, error
338
338
  end
339
339
 
340
- rec.unpack('L').first
340
+ rec.unpack('L')[0]
341
341
  end
342
342
 
343
343
  # Returns the total number of records for the given event log.
@@ -351,7 +351,7 @@ module Win32
351
351
  raise Error, error
352
352
  end
353
353
 
354
- total.unpack('L').first
354
+ total.unpack('L')[0]
355
355
  end
356
356
 
357
357
  # Yields an EventLogStruct every time a record is written to the event
@@ -465,20 +465,29 @@ module Win32
465
465
  read = [0].pack('L')
466
466
  needed = [0].pack('L')
467
467
  array = []
468
+ lkey = HKEY_LOCAL_MACHINE
468
469
 
469
470
  unless flags
470
471
  flags = FORWARDS_READ | SEQUENTIAL_READ
471
472
  end
473
+
474
+ if @server
475
+ hkey = [0].pack('L')
476
+ if RegConnectRegistry(@server, HKEY_LOCAL_MACHINE, hkey) != 0
477
+ raise Error, get_last_error
478
+ end
479
+ lkey = hkey.unpack('L').first
480
+ end
472
481
 
473
482
  while ReadEventLog(@handle, flags, offset, buf, size, read, needed) ||
474
483
  GetLastError() == ERROR_INSUFFICIENT_BUFFER
475
484
 
476
485
  if GetLastError() == ERROR_INSUFFICIENT_BUFFER
477
- buf += 0.chr * needed.unpack('L').first
486
+ buf += 0.chr * needed.unpack('L')[0]
478
487
  ReadEventLog(@handle, flags, offset, buf, size, read, needed)
479
488
  end
480
489
 
481
- dwread = read.unpack('L').first
490
+ dwread = read.unpack('L')[0]
482
491
 
483
492
  while dwread > 0
484
493
  struct = EventLogStruct.new
@@ -486,17 +495,17 @@ module Win32
486
495
  computer = buf[56 + event_source.length + 1..-1].nstrip
487
496
 
488
497
  user = get_user(buf)
489
- strings, desc = get_description(buf, event_source)
498
+ strings, desc = get_description(buf, event_source, lkey)
490
499
 
491
500
  struct.source = event_source
492
501
  struct.computer = computer
493
- struct.record_number = buf[8,4].unpack('L').first
494
- struct.time_generated = Time.at(buf[12,4].unpack('L').first)
495
- struct.time_written = Time.at(buf[16,4].unpack('L').first)
496
- struct.event_id = buf[20,4].unpack('L').first & 0x0000FFFF
497
- struct.event_type = get_event_type(buf[24,2].unpack('S').first)
502
+ struct.record_number = buf[8,4].unpack('L')[0]
503
+ struct.time_generated = Time.at(buf[12,4].unpack('L')[0])
504
+ struct.time_written = Time.at(buf[16,4].unpack('L')[0])
505
+ struct.event_id = buf[20,4].unpack('L')[0] & 0x0000FFFF
506
+ struct.event_type = get_event_type(buf[24,2].unpack('S')[0])
498
507
  struct.user = user
499
- struct.category = buf[28,2].unpack('S').first
508
+ struct.category = buf[28,2].unpack('S')[0]
500
509
  struct.string_inserts = strings
501
510
  struct.description = desc
502
511
 
@@ -507,12 +516,12 @@ module Win32
507
516
  end
508
517
 
509
518
  if flags & EVENTLOG_BACKWARDS_READ > 0
510
- offset = buf[8,4].unpack('L').first - 1
519
+ offset = buf[8,4].unpack('L')[0] - 1
511
520
  else
512
- offset = buf[8,4].unpack('L').first + 1
521
+ offset = buf[8,4].unpack('L')[0] + 1
513
522
  end
514
523
 
515
- length = buf[0,4].unpack('L').first # Length
524
+ length = buf[0,4].unpack('L')[0] # Length
516
525
 
517
526
  dwread -= length
518
527
  buf = buf[length..-1]
@@ -635,26 +644,35 @@ module Win32
635
644
  buf = 0.chr * BUFFER_SIZE # 64k buffer
636
645
  read = [0].pack('L')
637
646
  needed = [0].pack('L')
647
+ lkey = HKEY_LOCAL_MACHINE
638
648
 
639
649
  flags = EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ
640
650
  ReadEventLog(@handle, flags, 0, buf, buf.size, read, needed)
651
+
652
+ if @server
653
+ hkey = [0].pack('L')
654
+ if RegConnectRegistry(@server, HKEY_LOCAL_MACHINE, hkey) != 0
655
+ raise Error, get_last_error
656
+ end
657
+ lkey = hkey.unpack('L').first
658
+ end
641
659
 
642
660
  event_source = buf[56..-1].nstrip
643
661
  computer = buf[56 + event_source.length + 1..-1].nstrip
644
- event_type = get_event_type(buf[24,2].unpack('S').first)
662
+ event_type = get_event_type(buf[24,2].unpack('S')[0])
645
663
  user = get_user(buf)
646
- desc = get_description(buf, event_source)
664
+ desc = get_description(buf, event_source, lkey)
647
665
 
648
666
  struct = EventLogStruct.new
649
667
  struct.source = event_source
650
668
  struct.computer = computer
651
- struct.record_number = buf[8,4].unpack('L').first
652
- struct.time_generated = Time.at(buf[12,4].unpack('L').first)
653
- struct.time_written = Time.at(buf[16,4].unpack('L').first)
654
- struct.event_id = buf[20,4].unpack('L').first & 0x0000FFFF
669
+ struct.record_number = buf[8,4].unpack('L')[0]
670
+ struct.time_generated = Time.at(buf[12,4].unpack('L')[0])
671
+ struct.time_written = Time.at(buf[16,4].unpack('L')[0])
672
+ struct.event_id = buf[20,4].unpack('L')[0] & 0x0000FFFF
655
673
  struct.event_type = event_type
656
674
  struct.user = user
657
- struct.category = buf[28,2].unpack('S').first
675
+ struct.category = buf[28,2].unpack('S')[0]
658
676
  struct.description = desc
659
677
 
660
678
  struct
@@ -664,9 +682,9 @@ module Win32
664
682
  # event description (String) based on data from the EVENTLOGRECORD
665
683
  # buffer.
666
684
  #
667
- def get_description(rec, event_source)
668
- str = rec[rec[36,4].unpack('L').first .. -1]
669
- num = rec[26,2].unpack('S').first # NumStrings
685
+ def get_description(rec, event_source, lkey)
686
+ str = rec[rec[36,4].unpack('L')[0] .. -1]
687
+ num = rec[26,2].unpack('S')[0] # NumStrings
670
688
  hkey = [0].pack('L')
671
689
  key = BASE_KEY + "#{@source}\\#{event_source}"
672
690
  buf = 0.chr * 1024
@@ -677,14 +695,14 @@ module Win32
677
695
  else
678
696
  va_list = str.split(0.chr)[0...num]
679
697
  va_list_ptr = va_list.map{ |x|
680
- [x + 0.chr].pack('P').unpack('L').first
698
+ [x + 0.chr].pack('P').unpack('L')[0]
681
699
  }.pack('L*')
682
700
  end
683
-
684
- if RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, hkey) == 0
701
+
702
+ if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
685
703
  value = 'EventMessageFile'
686
704
  file = 0.chr * MAX_SIZE
687
- hkey = hkey.unpack('L').first
705
+ hkey = hkey.unpack('L')[0]
688
706
  size = [file.length].pack('L')
689
707
 
690
708
  if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
@@ -695,8 +713,8 @@ module Win32
695
713
  exe = exe.nstrip
696
714
 
697
715
  exe.split(';').each{ |file|
698
- hmodule = LoadLibraryEx(file, 0, LOAD_LIBRARY_AS_DATAFILE)
699
- event_id = rec[20,4].unpack('L').first
716
+ hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
717
+ event_id = rec[20,4].unpack('L')[0]
700
718
  if hmodule != 0
701
719
  FormatMessage(
702
720
  FORMAT_MESSAGE_FROM_HMODULE |
@@ -723,7 +741,7 @@ module Win32
723
741
  # EVENTLOGRECORD buffer.
724
742
  #
725
743
  def get_user(buf)
726
- return nil if buf[40,4].unpack('L').first <= 0 # UserSidLength
744
+ return nil if buf[40,4].unpack('L')[0] <= 0 # UserSidLength
727
745
 
728
746
  name = 0.chr * MAX_SIZE
729
747
  name_size = [name.size].pack('L')
@@ -731,11 +749,11 @@ module Win32
731
749
  domain_size = [domain.size].pack('L')
732
750
  snu = 0.chr * 4
733
751
 
734
- offset = buf[44,4].unpack('L').first # UserSidOffset
752
+ offset = buf[44,4].unpack('L')[0] # UserSidOffset
735
753
 
736
754
  val = LookupAccountSid(
737
755
  @server,
738
- [buf].pack('P').unpack('L').first + offset,
756
+ [buf].pack('P').unpack('L')[0] + offset,
739
757
  name,
740
758
  name_size,
741
759
  domain,
data/test/tc_eventlog.rb CHANGED
@@ -23,7 +23,7 @@ class TC_EventLog < Test::Unit::TestCase
23
23
  end
24
24
 
25
25
  def test_version
26
- assert_equal('0.4.4', EventLog::VERSION)
26
+ assert_equal('0.4.5', EventLog::VERSION)
27
27
  end
28
28
 
29
29
  # Use the alias to validate it as well.
data/win32-eventlog.gemspec CHANGED
@@ -2,7 +2,7 @@ require "rubygems"
2
2
 
3
3
  spec = Gem::Specification.new do |gem|
4
4
  gem.name = "win32-eventlog"
5
- gem.version = "0.4.4"
5
+ gem.version = "0.4.5"
6
6
  gem.author = "Daniel J. Berger"
7
7
  gem.email = "djberg96@gmail.com"
8
8
  gem.homepage = "http://www.rubyforge.org/projects/win32utils"
metadata CHANGED
@@ -1,10 +1,10 @@
1
1
  --- !ruby/object:Gem::Specification
2
- rubygems_version: 0.9.2
2
+ rubygems_version: 0.9.4
3
3
  specification_version: 1
4
4
  name: win32-eventlog
5
5
  version: !ruby/object:Gem::Version
6
- version: 0.4.4
7
- date: 2007-07-31 00:00:00 -06:00
6
+ version: 0.4.5
7
+ date: 2007-08-25 00:00:00 -06:00
8
8
  summary: Interface for the MS Windows Event Log.
9
9
  require_paths:
10
10
  - lib