Merge pull request #46 from fluent-plugins-nursery/expand-sid-with-ac…

…tual-user-name-and-domain Expand SID with actual user name and domain
fluent-plugins-nursery · Aug 1, 2024 · fe12efd · fe12efd
2 parents 9dd9c81 + 89c429e
commit fe12efd
Show file tree

Hide file tree

Showing 7 changed files with 323 additions and 22 deletions.
diff --git a/appveyor.yml b/appveyor.yml
@@ -38,11 +38,16 @@ for:
   matrix:
     only:
       - ruby_version: "31-x64"
+      - ruby_version: "27-x64"
+      - ruby_version: "27"
+      - ruby_version: "26-x64"
+      - ruby_version: "26"
   install:
+    - ps: if ($ENV:ruby_version -ne "31-x64") { .\ruby_install.ps1 }
     - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
     - ruby --version
     - gem --version
     - bundle --version
-    - ridk.cmd install 1 3
+    - ps: if ($ENV:ruby_version -eq "31-x64") { ridk.ps1 install 1 3 }
     - ridk.cmd exec bundle install
     - ridk.cmd exec bundle exec rake compile
diff --git a/ext/winevt/extconf.rb b/ext/winevt/extconf.rb
@@ -14,6 +14,9 @@
 have_func("EvtQuery", "winevt.h")
 have_library("advapi32")
 have_library("ole32")
+if have_macro("RB_ALLOCV")
+  $CFLAGS << " -DHAVE_RB_ALLOCV=1 "
+end
 
 $LDFLAGS << " -lwevtapi -ladvapi32 -lole32"
 $CFLAGS << " -Wall -std=c99 -fPIC -fms-extensions "

diff --git a/ext/winevt/winevt_c.h b/ext/winevt/winevt_c.h
@@ -16,6 +16,11 @@
 #endif /* WIN32_WINNT */
 #define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
 
+#if !defined(HAVE_RB_ALLOCV)
+#define ALLOCV     RB_ALLOCV
+#define ALLOCV_N   RB_ALLOCV_N
+#endif
+
 #include <time.h>
 #include <winevt.h>
 #define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
@@ -33,6 +38,9 @@ typedef struct {
 extern "C" {
 #endif /* __cplusplus */
 
+#define WINEVT_UTILS_ERROR_NONE_MAPPED -1
+#define WINEVT_UTILS_ERROR_OTHERS      -2
+
 VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
 #if defined(__cplusplus)
 [[ noreturn ]]
@@ -46,7 +54,7 @@ EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
                              DWORD *error_code);
 WCHAR* get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote);
 VALUE get_values(EVT_HANDLE handle);
-VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
+VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers, BOOL preserveSID);
 LocaleInfo* get_locale_info_from_rb_str(VALUE rb_locale_str);
 
 #ifdef __cplusplus
@@ -101,6 +109,7 @@ struct WinevtQuery
   LONG timeout;
   BOOL renderAsXML;
   BOOL preserveQualifiers;
+  BOOL preserveSID;
   LocaleInfo *localeInfo;
   EVT_HANDLE remoteHandle;
 };
@@ -122,6 +131,7 @@ struct WinevtSubscribe
   DWORD currentRate;
   BOOL renderAsXML;
   BOOL preserveQualifiers;
+  BOOL preserveSID;
   LocaleInfo* localeInfo;
   EVT_HANDLE remoteHandle;
 };

diff --git a/ext/winevt/winevt_query.c b/ext/winevt/winevt_query.c
@@ -153,6 +153,7 @@ rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
   winevtQuery->preserveQualifiers = FALSE;
   winevtQuery->localeInfo = &default_locale;
   winevtQuery->remoteHandle = hRemoteHandle;
+  winevtQuery->preserveSID = TRUE;
 
   ALLOCV_END(wchannelBuf);
   ALLOCV_END(wpathBuf);
@@ -274,7 +275,8 @@ rb_winevt_query_render(VALUE self, EVT_HANDLE event)
   if (winevtQuery->renderAsXML) {
     return render_to_rb_str(event, EvtRenderEventXml);
   } else {
-    return render_system_event(event, winevtQuery->preserveQualifiers);
+    return render_system_event(event, winevtQuery->preserveQualifiers,
+                               winevtQuery->preserveSID);
   }
 }
 
@@ -535,6 +537,40 @@ rb_winevt_query_get_locale(VALUE self)
   }
 }
 
+/*
+ * This method specifies whether preserving SID or not.
+ *
+ * @param rb_preserve_sid_p [Boolean]
+ */
+static VALUE
+rb_winevt_query_set_preserve_sid(VALUE self, VALUE rb_preserve_sid_p)
+{
+  struct WinevtQuery* winevtQuery;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  winevtQuery->preserveSID = RTEST(rb_preserve_sid_p);
+
+  return Qnil;
+}
+
+/*
+ * This method returns whether preserving SID or not.
+ *
+ * @return [Boolean]
+ */
+static VALUE
+rb_winevt_query_preserve_sid_p(VALUE self)
+{
+  struct WinevtQuery* winevtQuery;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  return winevtQuery->preserveSID ? Qtrue : Qfalse;
+}
+
 /*
  * This method cancels channel query.
  *
@@ -683,6 +719,14 @@ Init_winevt_query(VALUE rb_cEventLog)
    * @since 0.8.0
    */
   rb_define_method(rb_cQuery, "locale=", rb_winevt_query_set_locale, 1);
+  /*
+   * @since 0.10.3
+   */
+  rb_define_method(rb_cQuery, "preserve_sid?", rb_winevt_query_preserve_sid_p, 0);
+  /*
+   * @since 0.10.3
+   */
+  rb_define_method(rb_cQuery, "preserve_sid=", rb_winevt_query_set_preserve_sid, 1);
   /*
    * @since 0.9.1
    */

diff --git a/ext/winevt/winevt_subscribe.c b/ext/winevt/winevt_subscribe.c
@@ -110,6 +110,7 @@ rb_winevt_subscribe_initialize(VALUE self)
   winevtSubscribe->readExistingEvents = TRUE;
   winevtSubscribe->preserveQualifiers = FALSE;
   winevtSubscribe->localeInfo = &default_locale;
+  winevtSubscribe->preserveSID = TRUE;
 
   return Qnil;
 }
@@ -417,7 +418,8 @@ rb_winevt_subscribe_render(VALUE self, EVT_HANDLE event)
   if (winevtSubscribe->renderAsXML) {
     return render_to_rb_str(event, EvtRenderEventXml);
   } else {
-    return render_system_event(event, winevtSubscribe->preserveQualifiers);
+    return render_system_event(event, winevtSubscribe->preserveQualifiers,
+                               winevtSubscribe->preserveSID);
   }
 }
 
@@ -674,6 +676,40 @@ rb_winevt_subscribe_get_locale(VALUE self)
   }
 }
 
+/*
+ * This method specifies whether preserving SID or not.
+ *
+ * @param rb_preserve_sid_p [Boolean]
+ */
+static VALUE
+rb_winevt_subscribe_set_preserve_sid(VALUE self, VALUE rb_preserve_sid_p)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+
+  winevtSubscribe->preserveSID = RTEST(rb_preserve_sid_p);
+
+  return Qnil;
+}
+
+/*
+ * This method returns whether preserving SID or not.
+ *
+ * @return [Boolean]
+ */
+static VALUE
+rb_winevt_subscribe_preserve_sid_p(VALUE self)
+{
+  struct WinevtSubscribe* winevtSubscribe;
+
+  TypedData_Get_Struct(
+    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
+
+  return winevtSubscribe->preserveSID ? Qtrue : Qfalse;
+}
+
 /*
  * This method cancels channel subscription.
  *
@@ -771,6 +807,14 @@ Init_winevt_subscribe(VALUE rb_cEventLog)
    */
   rb_define_method(
     rb_cSubscribe, "locale=", rb_winevt_subscribe_set_locale, 1);
+  /*
+   * @since 0.10.3
+   */
+  rb_define_method(rb_cSubscribe, "preserve_sid?", rb_winevt_subscribe_preserve_sid_p, 0);
+  /*
+   * @since 0.10.3
+   */
+  rb_define_method(rb_cSubscribe, "preserve_sid=", rb_winevt_subscribe_set_preserve_sid, 1);
   /*
    * @since 0.9.1
    */