winevt_c 0.7.0 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1e26f9f7aef69fdf599f08c4c309fd1a60e00178d0a4db7a24b76cde7376254
-  data.tar.gz: 20e705a60f389912acd1594eecd0ea1a79230de00e887b0033016ccf72d8383f
+  metadata.gz: 4aea52298871b70f5fa9f0c01227cd4afb79a188b75e4870a680ed435b7d19fe
+  data.tar.gz: 26ac8f251f2dd6cf077f7481066d1305e023986438a0fbd50fe9fec9dd97c266
 SHA512:
-  metadata.gz: ec1d0dfbf4c1ec66619a709e012c76ab5487944f1c2970520b09ed46d9f3689d8ab5dcfc4499e34aeb2cde111f571e652cbf6bf337c20c5b7d5d836ef602d4ab
-  data.tar.gz: '01842dfd20afb70a08a928baf7d38c1c3c3df79a7ffd9303275d25623520b1f3e81adfcfcd43a730e8e36cb6931933c48871bd72bb3a21b9bbc33bde91bda366'
+  metadata.gz: 6e6683d23e26dfa60e4a4e31bb03a434f2e01025c1072de8930d8ca98b7090dd4128711540c65ba35b5d53ca142251bc5eb3881ad1df1af3679c5d84faa2b1f7
+  data.tar.gz: b83a9f1f27428c75f9735297fa19abae507240956a587df4b38c9f0b983f4f1ed82dc4c30ccd64fe4cb12ad7b8ae7b6a70bb89c50bd3e280a568c9eda768d7a2

data/example/enumerate_channels.rb

@@ -0,0 +1,13 @@
+require 'winevt'
+
+@channels = Winevt::EventLog::Channel.new
+@channels.force_enumerate = false
+result = []
+@channels.each do |channel|
+  result << channel
+end
+
+puts "length of channels: #{result.length}"
+result.each do |r|
+  puts r
+end

data/ext/winevt/winevt_c.h

@@ -47,6 +47,7 @@ VALUE rb_eWinevtQueryError;
 struct WinevtChannel
 {
   EVT_HANDLE channels;
+  BOOL force_enumerate;
 };
 
 struct WinevtBookmark

data/ext/winevt/winevt_channel.c

@@ -9,12 +9,16 @@
  *  require 'winevt'
  *  channels = []
  *  @channel = Winevt::EventLog::Channel.new
+ *  # If users want to retrive all channel name, it should be set as true.
+ *  @channel.force_enumerate = false
  *  @channel.each do |channel|
  *    channels << channel
  *  end
  *  print channels
  */
 
+DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate);
+DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate);
 static void channel_free(void* ptr);
 
 static const rb_data_type_t rb_winevt_channel_type = { "winevt/channel",
@@ -54,11 +58,121 @@ rb_winevt_channel_alloc(VALUE klass)
  *
  */
 static VALUE
-rb_winevt_channel_initialize(VALUE klass)
+rb_winevt_channel_initialize(VALUE self)
 {
+  struct WinevtChannel* winevtChannel;
+
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+
+  winevtChannel->force_enumerate = FALSE;
+
   return Qnil;
 }
 
+/*
+ * This method specifies whether forcing to enumerate channel which
+ * type is Debug and Analytical or not.
+ *
+ * @param rb_force_enumerate_p [Boolean]
+ * @since 0.7.1
+ */
+static VALUE
+rb_winevt_channel_set_force_enumerate(VALUE self, VALUE rb_force_enumerate_p)
+{
+  struct WinevtChannel* winevtChannel;
+
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+
+  winevtChannel->force_enumerate = RTEST(rb_force_enumerate_p);
+
+  return Qnil;
+}
+
+/*
+ * This method returns whether forcing to enumerate channel which type
+ * is Debug and Analytical or not.
+ *
+ * @return [Boolean]
+ * @since 0.7.1
+ */
+static VALUE
+rb_winevt_channel_get_force_enumerate(VALUE self)
+{
+  struct WinevtChannel* winevtChannel;
+
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+
+  return winevtChannel->force_enumerate ? Qtrue : Qfalse;
+}
+
+DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate)
+{
+  PEVT_VARIANT pProperty = NULL;
+  PEVT_VARIANT pTemp = NULL;
+  DWORD dwBufferSize = 0;
+  DWORD dwBufferUsed = 0;
+  DWORD status = ERROR_SUCCESS;
+
+  for (int Id = 0; Id < EvtChannelConfigPropertyIdEND; Id++) {
+    if  (!EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed)) {
+      status = GetLastError();
+      if (ERROR_INSUFFICIENT_BUFFER == status) {
+        dwBufferSize = dwBufferUsed;
+        pTemp = (PEVT_VARIANT)realloc(pProperty, dwBufferSize);
+        if (pTemp) {
+          pProperty = pTemp;
+          pTemp = NULL;
+          EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed);
+        } else {
+          free(pProperty);
+
+          status = ERROR_OUTOFMEMORY;
+          rb_raise(rb_eRuntimeError, "realloc failed with %ld\n", status);
+        }
+      }
+
+      if (ERROR_SUCCESS != (status = GetLastError())) {
+        free(pProperty);
+
+        rb_raise(rb_eRuntimeError, "EvtGetChannelConfigProperty failed with %ld\n", GetLastError());
+      }
+    }
+
+    status = check_subscribable_with_channel_config_type(Id, pProperty, force_enumerate);
+    if (status != ERROR_SUCCESS)
+      break;
+  }
+
+  free(pProperty);
+
+  return status;
+}
+
+#define EVENT_DEBUG_TYPE 2
+#define EVENT_ANALYTICAL_TYPE 3
+
+DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate)
+{
+  DWORD status = ERROR_SUCCESS;
+  switch(Id) {
+  case EvtChannelConfigType:
+    if (!force_enumerate &&
+        (pProperty->UInt32Val == EVENT_DEBUG_TYPE ||
+         pProperty->UInt32Val == EVENT_ANALYTICAL_TYPE)) {
+      return ERROR_INVALID_DATA;
+    }
+    break;
+  }
+
+  return status;
+}
+
+#undef EVENT_DEBUG_TYPE
+#undef EVENT_ANALYTICAL_TYPE
+
 /*
  * Enumerate Windows EventLog channels
  *
@@ -69,6 +183,7 @@ static VALUE
 rb_winevt_channel_each(VALUE self)
 {
   EVT_HANDLE hChannels;
+  EVT_HANDLE hChannelConfig = NULL;
   struct WinevtChannel* winevtChannel;
   char errBuf[256];
   LPWSTR buffer = NULL;
@@ -124,6 +239,23 @@ rb_winevt_channel_each(VALUE self)
         rb_raise(rb_eRuntimeError, errBuf);
       }
     }
+    hChannelConfig = EvtOpenChannelConfig(NULL, buffer, 0);
+    if (NULL == hChannelConfig) {
+      _snprintf_s(errBuf,
+                  _countof(errBuf),
+                  _TRUNCATE,
+                  "EvtOpenChannelConfig failed with %lu.\n",
+                  GetLastError());
+      free(buffer);
+      buffer = NULL;
+      bufferSize = 0;
+
+      rb_raise(rb_eRuntimeError, errBuf);
+    }
+
+    status = is_subscribable_channel_p(hChannelConfig, winevtChannel->force_enumerate);
+    if (status != ERROR_SUCCESS)
+      continue;
 
     utf8str = wstr_to_rb_str(CP_UTF8, buffer, -1);
 
@@ -151,4 +283,6 @@ Init_winevt_channel(VALUE rb_cEventLog)
   rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);
   rb_define_method(rb_cChannel, "initialize", rb_winevt_channel_initialize, 0);
   rb_define_method(rb_cChannel, "each", rb_winevt_channel_each, 0);
+  rb_define_method(rb_cChannel, "force_enumerate", rb_winevt_channel_get_force_enumerate, 0);
+  rb_define_method(rb_cChannel, "force_enumerate=", rb_winevt_channel_set_force_enumerate, 1);
 }

data/lib/winevt/version.rb

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.7.0"
+  VERSION = "0.7.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-02-14 00:00:00.000000000 Z
+date: 2020-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -119,6 +119,7 @@ files:
 - bin/console
 - bin/setup
 - example/bookmark.rb
+- example/enumerate_channels.rb
 - example/eventlog.rb
 - example/rate_limit.rb
 - example/tailing.rb