RubyGems - winevt_c - Versions diffs - 0.7.2 → 0.9.0 - Mend

winevt_c 0.7.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

checksums.yaml +4 -4
data/README.md +55 -0
data/Rakefile +1 -1
data/example/eventlog.rb +7 -1
data/example/locale.rb +13 -0
data/example/rate_limit.rb +1 -1
data/example/tailing.rb +10 -2
data/ext/winevt/winevt.c +7 -0
data/ext/winevt/winevt_bookmark.c +2 -0
data/ext/winevt/winevt_c.h +46 -8
data/ext/winevt/winevt_channel.c +2 -0
data/ext/winevt/winevt_locale.c +92 -0
data/ext/winevt/winevt_locale_info.c +68 -0
data/ext/winevt/winevt_query.c +138 -9
data/ext/winevt/winevt_session.c +425 -0
data/ext/winevt/winevt_subscribe.c +136 -10
data/ext/winevt/winevt_utils.cpp +42 -8
data/lib/winevt.rb +1 -0
data/lib/winevt/session.rb +15 -0
data/lib/winevt/subscribe.rb +5 -2
data/lib/winevt/version.rb +1 -1
data/winevt_c.gemspec +1 -1
metadata +9 -4

data/ext/winevt/winevt_subscribe.c CHANGED

@@ -57,6 +57,9 @@ subscribe_free(void* ptr)
     }
   }
+  if (winevtSubscribe->remoteHandle)
+    EvtClose(winevtSubscribe->remoteHandle);
   xfree(ptr);
 }
@@ -89,6 +92,8 @@ rb_winevt_subscribe_initialize(VALUE self)
   winevtSubscribe->currentRate = 0;
   winevtSubscribe->renderAsXML = TRUE;
   winevtSubscribe->readExistingEvents = TRUE;
+  winevtSubscribe->preserveQualifiers = FALSE;
+  winevtSubscribe->localeInfo = &default_locale;
   return Qnil;
 }
@@ -130,23 +135,27 @@ rb_winevt_subscribe_read_existing_events_p(VALUE self)
 /*
  * Subscribe into a Windows EventLog channel.
  *
- * @overload subscribe(path, query, options={})
+ * @overload subscribe(path, query, bookmark=nil, session=nil)
  *   @param path [String] Subscribe Channel
  *   @param query [String] Query string for channel
- *   @option options [Bookmark] bookmark Bookmark class instance.
+ *   @param bookmark [Bookmark] bookmark Bookmark class instance.
+ *   @param session [Session] Session information for remoting access.
  * @return [Boolean]
  *
  */
 static VALUE
 rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
 {
-  VALUE rb_path, rb_query, rb_bookmark;
+  VALUE rb_path, rb_query, rb_bookmark, rb_session;
   EVT_HANDLE hSubscription = NULL, hBookmark = NULL;
   HANDLE hSignalEvent;
+  EVT_HANDLE hRemoteHandle = NULL;
   DWORD len, flags = 0L;
+  DWORD err = ERROR_SUCCESS;
   VALUE wpathBuf, wqueryBuf, wBookmarkBuf;
   PWSTR path, query, bookmarkXml;
   DWORD status = ERROR_SUCCESS;
+  struct WinevtSession* winevtSession;
   struct WinevtSubscribe* winevtSubscribe;
   hSignalEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
@@ -154,7 +163,7 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
   TypedData_Get_Struct(
     self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
-  rb_scan_args(argc, argv, "21", &rb_path, &rb_query, &rb_bookmark);
+  rb_scan_args(argc, argv, "22", &rb_path, &rb_query, &rb_bookmark, &rb_session);
   Check_Type(rb_path, T_STRING);
   Check_Type(rb_query, T_STRING);
@@ -177,6 +186,19 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
       raise_system_error(rb_eWinevtQueryError, status);
     }
   }
+  if (rb_obj_is_kind_of(rb_session, rb_cSession)) {
+    winevtSession = EventSession(rb_session);
+    hRemoteHandle = connect_to_remote(winevtSession->server,
+                                      winevtSession->domain,
+                                      winevtSession->username,
+                                      winevtSession->password,
+                                      winevtSession->flags);
+    err = GetLastError();
+    if (err != ERROR_SUCCESS) {
+      raise_system_error(rb_eRuntimeError, err);
+    }
+  }
   // path : To wide char
   len =
@@ -202,7 +224,7 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
   }
   hSubscription =
-    EvtSubscribe(NULL, hSignalEvent, path, query, hBookmark, NULL, NULL, flags);
+    EvtSubscribe(hRemoteHandle, hSignalEvent, path, query, hBookmark, NULL, NULL, flags);
   if (!hSubscription) {
     if (hBookmark != NULL) {
       EvtClose(hBookmark);
@@ -211,7 +233,11 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
       CloseHandle(hSignalEvent);
     }
     status = GetLastError();
-    raise_system_error(rb_eWinevtQueryError, status);
+    if (rb_obj_is_kind_of(rb_session, rb_cSession)) {
+      rb_raise(rb_eRemoteHandlerError, "Remoting subscription is not working. errCode: %ld\n", status);
+    } else {
+      raise_system_error(rb_eWinevtQueryError, status);
+    }
   }
   if (winevtSubscribe->subscription != NULL) {
@@ -224,6 +250,7 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
   winevtSubscribe->signalEvent = hSignalEvent;
   winevtSubscribe->subscription = hSubscription;
+  winevtSubscribe->remoteHandle = hRemoteHandle;
   if (hBookmark) {
     winevtSubscribe->bookmark = hBookmark;
   } else {
@@ -339,17 +366,17 @@ rb_winevt_subscribe_render(VALUE self, EVT_HANDLE event)
   if (winevtSubscribe->renderAsXML) {
     return render_to_rb_str(event, EvtRenderEventXml);
   } else {
-    return render_system_event(event);
+    return render_system_event(event, winevtSubscribe->preserveQualifiers);
   }
 }
 static VALUE
-rb_winevt_subscribe_message(EVT_HANDLE event)
+rb_winevt_subscribe_message(EVT_HANDLE event, LocaleInfo* localeInfo, EVT_HANDLE hRemote)
 {
   WCHAR* wResult;
   VALUE utf8str;
-  wResult = get_description(event);
+  wResult = get_description(event, localeInfo->langID, hRemote);
   utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
   free(wResult);
@@ -392,7 +419,8 @@ rb_winevt_subscribe_each_yield(VALUE self)
   for (int i = 0; i < winevtSubscribe->count; i++) {
     rb_yield_values(3,
                     rb_winevt_subscribe_render(self, winevtSubscribe->hEvents[i]),
-                    rb_winevt_subscribe_message(winevtSubscribe->hEvents[i]),
+                    rb_winevt_subscribe_message(winevtSubscribe->hEvents[i], winevtSubscribe->localeInfo,
+                                                winevtSubscribe->remoteHandle),
                     rb_winevt_subscribe_string_inserts(winevtSubscribe->hEvents[i]));
   }
@@ -517,6 +545,84 @@ rb_winevt_subscribe_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
   return Qnil;
 }
+/*
+ * This method specifies whether preserving qualifiers key or not.
+ *
+ * @since 0.7.3
+ * @param rb_preserve_qualifiers [Boolean]
+ */
+static VALUE
+rb_winevt_subscribe_set_preserve_qualifiers(VALUE self, VALUE rb_preserve_qualifiers)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+  winevtSubscribe->preserveQualifiers = RTEST(rb_preserve_qualifiers);
+  return Qnil;
+}
+/*
+ * This method returns whether preserving qualifiers or not.
+ *
+ * @since 0.7.3
+ * @return [Integer]
+ */
+static VALUE
+rb_winevt_subscribe_get_preserve_qualifiers_p(VALUE self)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+  return winevtSubscribe->preserveQualifiers ? Qtrue : Qfalse;
+}
+/*
+ * This method specifies locale with [String].
+ *
+ * @since 0.8.0
+ * @param rb_locale_str [String]
+ */
+static VALUE
+rb_winevt_subscribe_set_locale(VALUE self, VALUE rb_locale_str)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+  LocaleInfo* locale_info = &default_locale;
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+  locale_info = get_locale_info_from_rb_str(rb_locale_str);
+  winevtSubscribe->localeInfo = locale_info;
+  return Qnil;
+}
+/*
+ * This method obtains specified locale with [String].
+ *
+ * @since 0.8.0
+ */
+static VALUE
+rb_winevt_subscribe_get_locale(VALUE self)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+  if (winevtSubscribe->localeInfo->langCode) {
+    return rb_str_new2(winevtSubscribe->localeInfo->langCode);
+  } else {
+    return rb_str_new2(default_locale.langCode);
+  }
+}
 void
 Init_winevt_subscribe(VALUE rb_cEventLog)
 {
@@ -549,4 +655,24 @@ Init_winevt_subscribe(VALUE rb_cEventLog)
     rb_cSubscribe, "render_as_xml?", rb_winevt_subscribe_render_as_xml_p, 0);
   rb_define_method(
     rb_cSubscribe, "render_as_xml=", rb_winevt_subscribe_set_render_as_xml, 1);
+  /*
+   * @since 0.7.3
+   */
+  rb_define_method(
+    rb_cSubscribe, "preserve_qualifiers?", rb_winevt_subscribe_get_preserve_qualifiers_p, 0);
+  /*
+   * @since 0.7.3
+   */
+  rb_define_method(
+    rb_cSubscribe, "preserve_qualifiers=", rb_winevt_subscribe_set_preserve_qualifiers, 1);
+  /*
+   * @since 0.8.0
+   */
+  rb_define_method(
+    rb_cSubscribe, "locale", rb_winevt_subscribe_get_locale, 0);
+  /*
+   * @since 0.8.0
+   */
+  rb_define_method(
+    rb_cSubscribe, "locale=", rb_winevt_subscribe_set_locale, 1);
 }

data/ext/winevt/winevt_utils.cpp CHANGED

@@ -76,6 +76,28 @@ render_to_rb_str(EVT_HANDLE handle, DWORD flags)
   return result;
 }
+EVT_HANDLE
+connect_to_remote(LPWSTR computerName, LPWSTR domain, LPWSTR username, LPWSTR password,
+                  EVT_RPC_LOGIN_FLAGS flags)
+{
+  EVT_HANDLE hRemote = NULL;
+  EVT_RPC_LOGIN Credentials;
+  RtlZeroMemory(&Credentials, sizeof(EVT_RPC_LOGIN));
+  Credentials.Server = computerName;
+  Credentials.Domain = domain;
+  Credentials.User = username;
+  Credentials.Password = password;
+  Credentials.Flags = flags;
+  hRemote = EvtOpenSession(EvtRpcLogin, &Credentials, 0, 0);
+  SecureZeroMemory(&Credentials, sizeof(EVT_RPC_LOGIN));
+  return hRemote;
+}
 static std::wstring
 guid_to_wstr(const GUID& guid)
 {
@@ -433,7 +455,7 @@ cleanup:
 }
 WCHAR*
-get_description(EVT_HANDLE handle)
+get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote)
 {
 #define BUFSIZE 4096
   std::vector<WCHAR> buffer(BUFSIZE);
@@ -470,10 +492,10 @@ get_description(EVT_HANDLE handle)
   // Open publisher metadata
   hMetadata = EvtOpenPublisherMetadata(
-    nullptr,
+    hRemote,
     values[0].StringVal,
     nullptr,
-    MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT),
+    MAKELCID(langID, SORT_DEFAULT),
     0);
   if (hMetadata == nullptr) {
     // When winevt_c cannot open metadata, then give up to obtain
@@ -497,7 +519,7 @@ cleanup:
 }
 VALUE
-render_system_event(EVT_HANDLE hEvent)
+render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
 {
   DWORD status = ERROR_SUCCESS;
   EVT_HANDLE hContext = NULL;
@@ -572,11 +594,23 @@ render_system_event(EVT_HANDLE hEvent)
   }
   EventID = pRenderedValues[EvtSystemEventID].UInt16Val;
-  if (EvtVarTypeNull != pRenderedValues[EvtSystemQualifiers].Type) {
-    EventID = MAKELONG(pRenderedValues[EvtSystemEventID].UInt16Val,
-                       pRenderedValues[EvtSystemQualifiers].UInt16Val);
+  if (preserve_qualifiers) {
+    if (EvtVarTypeNull != pRenderedValues[EvtSystemQualifiers].Type) {
+      rb_hash_aset(hash, rb_str_new2("Qualifiers"),
+                   INT2NUM(pRenderedValues[EvtSystemQualifiers].UInt16Val));
+    } else {
+      rb_hash_aset(hash, rb_str_new2("Qualifiers"), rb_str_new2(""));
+    }
+    rb_hash_aset(hash, rb_str_new2("EventID"), INT2NUM(EventID));
+  } else {
+    if (EvtVarTypeNull != pRenderedValues[EvtSystemQualifiers].Type) {
+      EventID = MAKELONG(pRenderedValues[EvtSystemEventID].UInt16Val,
+                         pRenderedValues[EvtSystemQualifiers].UInt16Val);
+    }
+    rb_hash_aset(hash, rb_str_new2("EventID"), ULONG2NUM(EventID));
   }
-  rb_hash_aset(hash, rb_str_new2("EventID"), LONG2NUM(EventID));
   rb_hash_aset(hash,
                rb_str_new2("Version"),

data/lib/winevt.rb CHANGED

@@ -7,6 +7,7 @@ require "winevt/bookmark"
 require "winevt/query"
 require "winevt/subscribe"
 require "winevt/version"
+require "winevt/session"
 module Winevt
   # Your code goes here...

data/lib/winevt/session.rb ADDED

@@ -0,0 +1,15 @@
+module Winevt
+  class EventLog
+    class Session
+      alias_method :initialize_raw, :initialize
+      def initialize(server, domain = nil, username = nil, password = nil)
+        initialize_raw
+        self.server = server
+        self.domain = domain if domain.is_a?(String)
+        self.username = username if username.is_a?(String)
+        self.password = password if password.is_a?(String)
+      end
+    end
+  end
+end

data/lib/winevt/subscribe.rb CHANGED

@@ -3,8 +3,11 @@ module Winevt
     class Subscribe
       alias_method :subscribe_raw, :subscribe
-      def subscribe(path, query, bookmark = nil)
-        if bookmark.is_a?(Winevt::EventLog::Bookmark)
+      def subscribe(path, query, bookmark = nil, session = nil)
+        if bookmark.is_a?(Winevt::EventLog::Bookmark) &&
+           session.is_a?(Winevt::EventLog::Session)
+          subscribe_raw(path, query, bookmark.render, session)
+        elsif bookmark.is_a?(Winevt::EventLog::Bookmark)
           subscribe_raw(path, query, bookmark.render)
         else
           subscribe_raw(path, query)

data/lib/winevt/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.7.2"
+  VERSION = "0.9.0"
 end

data/winevt_c.gemspec CHANGED

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", [">= 1.16", "< 3"]
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rake-compiler", "~> 1.0"
-  spec.add_development_dependency "rake-compiler-dock", "~> 0.7.2"
+  spec.add_development_dependency "rake-compiler-dock", "~> 1.0.0"
   spec.add_development_dependency "test-unit", "~> 3.2"
   spec.add_development_dependency "yard", "~> 0.9"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.9.0
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-02-28 00:00:00.000000000 Z
+date: 2020-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -64,14 +64,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -121,6 +121,7 @@ files:
 - example/bookmark.rb
 - example/enumerate_channels.rb
 - example/eventlog.rb
+- example/locale.rb
 - example/rate_limit.rb
 - example/tailing.rb
 - ext/winevt/extconf.rb
@@ -128,12 +129,16 @@ files:
 - ext/winevt/winevt_bookmark.c
 - ext/winevt/winevt_c.h
 - ext/winevt/winevt_channel.c
+- ext/winevt/winevt_locale.c
+- ext/winevt/winevt_locale_info.c
 - ext/winevt/winevt_query.c
+- ext/winevt/winevt_session.c
 - ext/winevt/winevt_subscribe.c
 - ext/winevt/winevt_utils.cpp
 - lib/winevt.rb
 - lib/winevt/bookmark.rb
 - lib/winevt/query.rb
+- lib/winevt/session.rb
 - lib/winevt/subscribe.rb
 - lib/winevt/version.rb
 - winevt_c.gemspec