win32-eventlog 0.4.4 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/CHANGES +6 -0
  2. data/lib/win32/eventlog.rb +54 -36
  3. data/test/tc_eventlog.rb +1 -1
  4. data/win32-eventlog.gemspec +1 -1
  5. metadata +3 -3
data/CHANGES CHANGED
@@ -1,3 +1,9 @@
1
+ = 0.4.5 - 25-Aug-2007
2
+ * Fixed two potential issues where reading from remote event log sources
3
+ could fail either due to permissions (reading DLL's) or because local
4
+ registry entries didn't necessarily match the remote registry entries.
5
+ Thanks go to Andrew Garberoglio and Ivan Shiel for the spot.
6
+
1
7
  = 0.4.4 - 31-Jul-2007
2
8
  * The EventLogError class is now EventLog::Error.
3
9
  * The MCError class is now MC::Error.
data/lib/win32/eventlog.rb CHANGED
@@ -37,7 +37,7 @@ module Win32
37
37
  extend Windows::Error
38
38
  extend Windows::Registry
39
39
 
40
- VERSION = '0.4.4'
40
+ VERSION = '0.4.5'
41
41
 
42
42
  # Aliased read flags
43
43
  FORWARDS_READ = EVENTLOG_FORWARDS_READ
@@ -199,7 +199,7 @@ module Win32
199
199
  raise Error, error
200
200
  end
201
201
 
202
- hkey = hkey.unpack('L').first
202
+ hkey = hkey.unpack('L')[0]
203
203
 
204
204
  if hash['category_count']
205
205
  data = [hash['category_count']].pack('L')
@@ -322,7 +322,7 @@ module Win32
322
322
  raise 'GetEventLogInformation() failed: ' + get_last_error
323
323
  end
324
324
 
325
- buf[0,4].unpack('L').first != 0
325
+ buf[0,4].unpack('L')[0] != 0
326
326
  end
327
327
 
328
328
  # Returns the absolute record number of the oldest record. Note that
@@ -337,7 +337,7 @@ module Win32
337
337
  raise Error, error
338
338
  end
339
339
 
340
- rec.unpack('L').first
340
+ rec.unpack('L')[0]
341
341
  end
342
342
 
343
343
  # Returns the total number of records for the given event log.
@@ -351,7 +351,7 @@ module Win32
351
351
  raise Error, error
352
352
  end
353
353
 
354
- total.unpack('L').first
354
+ total.unpack('L')[0]
355
355
  end
356
356
 
357
357
  # Yields an EventLogStruct every time a record is written to the event
@@ -465,20 +465,29 @@ module Win32
465
465
  read = [0].pack('L')
466
466
  needed = [0].pack('L')
467
467
  array = []
468
+ lkey = HKEY_LOCAL_MACHINE
468
469
 
469
470
  unless flags
470
471
  flags = FORWARDS_READ | SEQUENTIAL_READ
471
472
  end
473
+
474
+ if @server
475
+ hkey = [0].pack('L')
476
+ if RegConnectRegistry(@server, HKEY_LOCAL_MACHINE, hkey) != 0
477
+ raise Error, get_last_error
478
+ end
479
+ lkey = hkey.unpack('L').first
480
+ end
472
481
 
473
482
  while ReadEventLog(@handle, flags, offset, buf, size, read, needed) ||
474
483
  GetLastError() == ERROR_INSUFFICIENT_BUFFER
475
484
 
476
485
  if GetLastError() == ERROR_INSUFFICIENT_BUFFER
477
- buf += 0.chr * needed.unpack('L').first
486
+ buf += 0.chr * needed.unpack('L')[0]
478
487
  ReadEventLog(@handle, flags, offset, buf, size, read, needed)
479
488
  end
480
489
 
481
- dwread = read.unpack('L').first
490
+ dwread = read.unpack('L')[0]
482
491
 
483
492
  while dwread > 0
484
493
  struct = EventLogStruct.new
@@ -486,17 +495,17 @@ module Win32
486
495
  computer = buf[56 + event_source.length + 1..-1].nstrip
487
496
 
488
497
  user = get_user(buf)
489
- strings, desc = get_description(buf, event_source)
498
+ strings, desc = get_description(buf, event_source, lkey)
490
499
 
491
500
  struct.source = event_source
492
501
  struct.computer = computer
493
- struct.record_number = buf[8,4].unpack('L').first
494
- struct.time_generated = Time.at(buf[12,4].unpack('L').first)
495
- struct.time_written = Time.at(buf[16,4].unpack('L').first)
496
- struct.event_id = buf[20,4].unpack('L').first & 0x0000FFFF
497
- struct.event_type = get_event_type(buf[24,2].unpack('S').first)
502
+ struct.record_number = buf[8,4].unpack('L')[0]
503
+ struct.time_generated = Time.at(buf[12,4].unpack('L')[0])
504
+ struct.time_written = Time.at(buf[16,4].unpack('L')[0])
505
+ struct.event_id = buf[20,4].unpack('L')[0] & 0x0000FFFF
506
+ struct.event_type = get_event_type(buf[24,2].unpack('S')[0])
498
507
  struct.user = user
499
- struct.category = buf[28,2].unpack('S').first
508
+ struct.category = buf[28,2].unpack('S')[0]
500
509
  struct.string_inserts = strings
501
510
  struct.description = desc
502
511
 
@@ -507,12 +516,12 @@ module Win32
507
516
  end
508
517
 
509
518
  if flags & EVENTLOG_BACKWARDS_READ > 0
510
- offset = buf[8,4].unpack('L').first - 1
519
+ offset = buf[8,4].unpack('L')[0] - 1
511
520
  else
512
- offset = buf[8,4].unpack('L').first + 1
521
+ offset = buf[8,4].unpack('L')[0] + 1
513
522
  end
514
523
 
515
- length = buf[0,4].unpack('L').first # Length
524
+ length = buf[0,4].unpack('L')[0] # Length
516
525
 
517
526
  dwread -= length
518
527
  buf = buf[length..-1]
@@ -635,26 +644,35 @@ module Win32
635
644
  buf = 0.chr * BUFFER_SIZE # 64k buffer
636
645
  read = [0].pack('L')
637
646
  needed = [0].pack('L')
647
+ lkey = HKEY_LOCAL_MACHINE
638
648
 
639
649
  flags = EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ
640
650
  ReadEventLog(@handle, flags, 0, buf, buf.size, read, needed)
651
+
652
+ if @server
653
+ hkey = [0].pack('L')
654
+ if RegConnectRegistry(@server, HKEY_LOCAL_MACHINE, hkey) != 0
655
+ raise Error, get_last_error
656
+ end
657
+ lkey = hkey.unpack('L').first
658
+ end
641
659
 
642
660
  event_source = buf[56..-1].nstrip
643
661
  computer = buf[56 + event_source.length + 1..-1].nstrip
644
- event_type = get_event_type(buf[24,2].unpack('S').first)
662
+ event_type = get_event_type(buf[24,2].unpack('S')[0])
645
663
  user = get_user(buf)
646
- desc = get_description(buf, event_source)
664
+ desc = get_description(buf, event_source, lkey)
647
665
 
648
666
  struct = EventLogStruct.new
649
667
  struct.source = event_source
650
668
  struct.computer = computer
651
- struct.record_number = buf[8,4].unpack('L').first
652
- struct.time_generated = Time.at(buf[12,4].unpack('L').first)
653
- struct.time_written = Time.at(buf[16,4].unpack('L').first)
654
- struct.event_id = buf[20,4].unpack('L').first & 0x0000FFFF
669
+ struct.record_number = buf[8,4].unpack('L')[0]
670
+ struct.time_generated = Time.at(buf[12,4].unpack('L')[0])
671
+ struct.time_written = Time.at(buf[16,4].unpack('L')[0])
672
+ struct.event_id = buf[20,4].unpack('L')[0] & 0x0000FFFF
655
673
  struct.event_type = event_type
656
674
  struct.user = user
657
- struct.category = buf[28,2].unpack('S').first
675
+ struct.category = buf[28,2].unpack('S')[0]
658
676
  struct.description = desc
659
677
 
660
678
  struct
@@ -664,9 +682,9 @@ module Win32
664
682
  # event description (String) based on data from the EVENTLOGRECORD
665
683
  # buffer.
666
684
  #
667
- def get_description(rec, event_source)
668
- str = rec[rec[36,4].unpack('L').first .. -1]
669
- num = rec[26,2].unpack('S').first # NumStrings
685
+ def get_description(rec, event_source, lkey)
686
+ str = rec[rec[36,4].unpack('L')[0] .. -1]
687
+ num = rec[26,2].unpack('S')[0] # NumStrings
670
688
  hkey = [0].pack('L')
671
689
  key = BASE_KEY + "#{@source}\\#{event_source}"
672
690
  buf = 0.chr * 1024
@@ -677,14 +695,14 @@ module Win32
677
695
  else
678
696
  va_list = str.split(0.chr)[0...num]
679
697
  va_list_ptr = va_list.map{ |x|
680
- [x + 0.chr].pack('P').unpack('L').first
698
+ [x + 0.chr].pack('P').unpack('L')[0]
681
699
  }.pack('L*')
682
700
  end
683
-
684
- if RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, hkey) == 0
701
+
702
+ if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
685
703
  value = 'EventMessageFile'
686
704
  file = 0.chr * MAX_SIZE
687
- hkey = hkey.unpack('L').first
705
+ hkey = hkey.unpack('L')[0]
688
706
  size = [file.length].pack('L')
689
707
 
690
708
  if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
@@ -695,8 +713,8 @@ module Win32
695
713
  exe = exe.nstrip
696
714
 
697
715
  exe.split(';').each{ |file|
698
- hmodule = LoadLibraryEx(file, 0, LOAD_LIBRARY_AS_DATAFILE)
699
- event_id = rec[20,4].unpack('L').first
716
+ hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
717
+ event_id = rec[20,4].unpack('L')[0]
700
718
  if hmodule != 0
701
719
  FormatMessage(
702
720
  FORMAT_MESSAGE_FROM_HMODULE |
@@ -723,7 +741,7 @@ module Win32
723
741
  # EVENTLOGRECORD buffer.
724
742
  #
725
743
  def get_user(buf)
726
- return nil if buf[40,4].unpack('L').first <= 0 # UserSidLength
744
+ return nil if buf[40,4].unpack('L')[0] <= 0 # UserSidLength
727
745
 
728
746
  name = 0.chr * MAX_SIZE
729
747
  name_size = [name.size].pack('L')
@@ -731,11 +749,11 @@ module Win32
731
749
  domain_size = [domain.size].pack('L')
732
750
  snu = 0.chr * 4
733
751
 
734
- offset = buf[44,4].unpack('L').first # UserSidOffset
752
+ offset = buf[44,4].unpack('L')[0] # UserSidOffset
735
753
 
736
754
  val = LookupAccountSid(
737
755
  @server,
738
- [buf].pack('P').unpack('L').first + offset,
756
+ [buf].pack('P').unpack('L')[0] + offset,
739
757
  name,
740
758
  name_size,
741
759
  domain,
data/test/tc_eventlog.rb CHANGED
@@ -23,7 +23,7 @@ class TC_EventLog < Test::Unit::TestCase
23
23
  end
24
24
 
25
25
  def test_version
26
- assert_equal('0.4.4', EventLog::VERSION)
26
+ assert_equal('0.4.5', EventLog::VERSION)
27
27
  end
28
28
 
29
29
  # Use the alias to validate it as well.
data/win32-eventlog.gemspec CHANGED
@@ -2,7 +2,7 @@ require "rubygems"
2
2
 
3
3
  spec = Gem::Specification.new do |gem|
4
4
  gem.name = "win32-eventlog"
5
- gem.version = "0.4.4"
5
+ gem.version = "0.4.5"
6
6
  gem.author = "Daniel J. Berger"
7
7
  gem.email = "djberg96@gmail.com"
8
8
  gem.homepage = "http://www.rubyforge.org/projects/win32utils"
metadata CHANGED
@@ -1,10 +1,10 @@
1
1
  --- !ruby/object:Gem::Specification
2
- rubygems_version: 0.9.2
2
+ rubygems_version: 0.9.4
3
3
  specification_version: 1
4
4
  name: win32-eventlog
5
5
  version: !ruby/object:Gem::Version
6
- version: 0.4.4
7
- date: 2007-07-31 00:00:00 -06:00
6
+ version: 0.4.5
7
+ date: 2007-08-25 00:00:00 -06:00
8
8
  summary: Interface for the MS Windows Event Log.
9
9
  require_paths:
10
10
  - lib