archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/csps/cryptoflex/slbcsp/cardctx.cpp

369 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // CardCtx.cpp -- Card ConTeXt class definition
  3. // (c) Copyright Schlumberger Technology Corp., unpublished work, created
  4. // 1999. This computer program includes Confidential, Proprietary
  5. // Information and is a Trade Secret of Schlumberger Technology Corp. All
  6. // use, disclosure, and/or reproduction is prohibited unless authorized
  7. // in writing. All Rights Reserved.
  9. // Don't allow the min & max macros in WINDEF.H to be defined so the
  10. // min/max methods declared in limits are accessible.
  11. #define NOMINMAX
  13. #include "NoWarning.h"
  14. #include "ForceLib.h"
  16. #include <limits>
  17. #include <algorithm>
  18. #include <numeric>
  20. #include <scuOsExc.h>
  21. #include <scuCast.h>
  22. #include "HCardCtx.h"
  23. #include "LoginCtx.h"
  24. #include "Procedural.h"
  25. #include "HAdptvCntr.h"
  26. #include "Guarded.h"
  27. #include <scarderr.h> // always last for now
  29. using namespace std;
  30. using namespace cci;
  33. /////////////////////////// LOCAL/HELPER /////////////////////////////////
  34. namespace
  35. {
  36. class StaleContainerKeyAccumulator
  37. : public binary_function<vector<AdaptiveContainerRegistrar::EnrolleeType>,
  38. AdaptiveContainerRegistrar::RegistryType::CollectionType::value_type,
  39. vector<AdaptiveContainerRegistrar::EnrolleeType> >
  40. {
  41. public:
  43. explicit
  44. StaleContainerKeyAccumulator(HCardContext const &rhcardctx)
  45. : m_rhcardctx(rhcardctx)
  46. {}
  49. result_type
  50. operator()(first_argument_type &rvStaleCntrs,
  51. second_argument_type const &rvt) const
  52. {
  53. if (rvt.second->CardContext(false) == m_rhcardctx)
  54. rvStaleCntrs.push_back(rvt.second);
  56. return rvStaleCntrs;
  57. }
  59. private:
  61. HCardContext const &m_rhcardctx;
  62. };
  64. void
  65. ClearAdaptiveContainerCache(AdaptiveContainerRegistrar::EnrolleeType enrollee,
  66. HCardContext hcardctx)
  67. {
  68. if (enrollee->CardContext(false) == hcardctx)
  69. {
  70. enrollee->ClearCache();
  71. }
  72. }
  74. void
  75. DeleteAdaptiveContainerCache(AdaptiveContainerRegistrar::EnrolleeType enrollee,
  76. HCardContext hcardctx)
  77. {
  78. if (enrollee->CardContext(false) == hcardctx)
  79. enrollee->DeleteCache();
  80. }
  82. void
  83. DeactivateLoginContext(auto_ptr<LoginContext> const &raplc)
  84. {
  85. raplc->Deactivate();
  86. }
  87. }
  89. /////////////////////////// PUBLIC /////////////////////////////////
  91. // Types
  92. // C'tors/D'tors
  93. CardContext::CardContext(std::string const &rsReaderName)
  94. : RCObject(),
  95. Lockable(),
  96. Securable(),
  97. CachingObject(),
  98. CardContextRegistrar(rsReaderName),
  99. m_stkapGuards(),
  100. m_aptwCard(),
  101. m_cSecurers(0),
  102. m_card(CCard(rsReaderName)),
  103. m_mloginctx(),
  104. m_nMrkLastWrite()
  105. {}
  107. CardContext::~CardContext() throw()
  108. {}
  111. // Operators
  112. // Operations
  113. void
  114. CardContext::ClearLogin(LoginIdentity const &rlid)
  115. {
  116. Guarded<CardContext *> guard(this);
  118. auto_ptr<LoginContext> &raplc = m_mloginctx[rlid];
  120. if (raplc.get())
  121. raplc = auto_ptr<LoginContext>(0);
  122. }
  124. void
  125. CardContext::Login(LoginIdentity const &rlid,
  126. LoginTask &rlt,
  127. bool fForceLogin)
  128. {
  129. Guarded<CardContext *> guard(this);
  131. auto_ptr<LoginContext> &raplc = m_mloginctx[rlid];
  133. if (!raplc.get())
  134. raplc = auto_ptr<LoginContext>(new LoginContext(HCardContext(this),
  135. rlid));
  137. if (fForceLogin || !raplc->IsActive())
  138. raplc->Activate(rlt);
  139. }
  141. void
  142. CardContext::Logout()
  143. {
  144. ForEachMappedValue(m_mloginctx.begin(), m_mloginctx.end(),
  145. DeactivateLoginContext);
  146. }
  148. // Access
  149. CCard
  150. CardContext::Card()
  151. {
  152. return m_card;
  153. }
  155. // Predicates
  156. // Static Variables
  158. /////////////////////////// PROTECTED /////////////////////////////////
  160. // C'tors/D'tors
  161. // Operators
  162. // Operations
  163. void
  164. CardContext::DiscardHook()
  165. {
  166. DeleteCache();
  167. RemoveReference();
  168. }
  170. CardContext *
  171. CardContext::DoInstantiation(std::string const &rsReaderName)
  172. {
  173. return new CardContext(rsReaderName);
  174. }
  176. void
  177. CardContext::EnrollHook()
  178. {
  179. AddReference();
  180. }
  182. // Access
  183. // Predicates
  184. bool
  185. CardContext::KeepEnrolled()
  186. {
  187. return (m_card && m_card->IsAvailable())
  188. ? true
  189. : false;
  190. }
  192. // Static Variables
  195. /////////////////////////// PRIVATE /////////////////////////////////
  197. // C'tors/D'tors
  198. // Operators
  199. // Operations
  200. void
  201. CardContext::Abandon()
  202. {
  203. // Simplifying assumptions: (1) Abandon is only called by the
  204. // Secured destructor, (2) once the object is constructed, Secure
  205. // and Abandon are the only routines that access the count, and
  206. // (3) Abandon is called by a thread within the scope of a Retain
  207. // (e.g. using Retained) which the Secured class enforces.
  208. // Because of (1) and (2), an underflow check on the count is not
  209. // necessary since Secure will have already been called. Because
  210. // of (3), protection against race conditions accessing count
  211. // isn't necessary since Retain acts as a lock.
  212. --m_cSecurers;
  213. if (0 == m_cSecurers)
  214. {
  215. // Security: markers are moved to the card. Updating them
  216. // requires authentication by the user pin.
  217. // Notify any changes to this card during this transaction
  218. // before letting someone else have access and before loggin
  219. // out.
  220. try
  221. {
  222. UpdateMarkers();
  223. }
  224. catch(...)
  225. {
  226. // do not leave the card in authenticated state
  227. Logout();
  228. throw;
  229. }
  231. Logout();
  232. }
  233. }
  235. // Optionally clear the cached info
  236. void
  237. CardContext::ClearCache()
  238. {
  239. // Security: markers reside on the card. We trade off performance for
  240. // security because any update of the marker requires
  241. // authentication by the user pin. On the other hand, reading
  242. // markers from the card is considerably slower than reading from
  243. // memory.
  245. if(!Card()->IsMarkerOnCard() || m_nMrkLastWrite != Card()->MarkerOnCard())
  246. {
  247. ForEachEnrollee(AdaptiveContainerRegistrar::Registry(),
  248. ProcedureBind2nd(PointerProcedure(ClearAdaptiveContainerCache),
  249. HCardContext(this)));
  250. Card()->InvalidateCache();
  251. }
  252. }
  254. // Delete any cached info, never to be refreshed
  255. void
  256. CardContext::DeleteCache()
  257. {
  258. m_mloginctx.clear();
  260. Guarded<Lockable *> guard(&AdaptiveContainerRegistrar::Registry()); // serialize registry access
  262. AdaptiveContainerRegistrar::ConstRegistryType &rRegistry =
  263. AdaptiveContainerRegistrar::Registry();
  265. AdaptiveContainerRegistrar::ConstRegistryType::CollectionType
  266. &rcollection = rRegistry();
  268. HCardContext hcardctx(this);
  270. // Any containers associated with this card should be marked stale
  271. // now because on Whistler (W2K Upgrade) trying to access them
  272. // later when another context has a begin transaction on the same
  273. // reader will cause a wait. On earlier platforms, the RM would
  274. // return an error (e.g. card removed) when attempting to access
  275. // the container.
  276. vector<AdaptiveContainerRegistrar::EnrolleeType>
  277. vStaleCntrs(accumulate(rcollection.begin(), rcollection.end(),
  278. vector<AdaptiveContainerRegistrar::EnrolleeType>(),
  279. StaleContainerKeyAccumulator(hcardctx)));
  280. for (vector<AdaptiveContainerRegistrar::EnrolleeType>::iterator iCurrent(vStaleCntrs.begin());
  281. iCurrent != vStaleCntrs.end(); ++iCurrent)
  282. {
  283. (*iCurrent)->NullifyCard();
  284. }
  285. }
  287. void
  288. CardContext::Relinquish()
  289. {
  290. // Simplifying assumptions: (1) Relinquish is only called by the
  291. // Retained destructor and (2) once the object is constructed,
  292. // Retain and Relinquish are the only routines that access the
  293. // m_stkapGuards and m_aptwCard. Because of (1) and (2), an
  294. // underflow check on m_stkRetainedCardContexts is not necessary
  295. // since Retain will have already been called.
  297. // Protect against exceptions by fist assigning the newly acquired
  298. // "locks" to temporary variables until all the actions necessary
  299. // are successfully completed before assigning transfering
  300. // ownership of the locks to the associated member variables.
  301. auto_ptr<Guarded<CardContext *> > apgcardctx(m_stkapGuards.front());
  302. m_stkapGuards.pop_front();
  304. if (m_stkapGuards.empty())
  305. {
  306. try
  307. {
  308. m_aptwCard = auto_ptr<CTransactionWrap>(0);
  309. }
  310. catch (...)
  311. {
  312. }
  313. }
  314. }
  316. void
  317. CardContext::Retain()
  318. {
  319. // Simplifying assumptions: (1) Retain is only called by the
  320. // Retained constructor and (2) once the object is constructed,
  321. // Retain and Relinquish are the only routines that access the
  322. // m_stkapGuards and m_aptwCard. Because of (1) and (2), an
  323. // underflow check on m_stkRetainedCardContexts is not necessary
  324. // since Retain will have already been called.
  326. // Protect against exceptions by fist assigning the newly acquired
  327. // "locks" to temporary variables until all the actions necessary
  328. // are successfully completed before assigning transfering
  329. // ownership of the locks to the associated member variables.
  330. auto_ptr<Guarded<CardContext *> > apgcardctx(new Guarded<CardContext *>(this));
  331. auto_ptr<CTransactionWrap> aptwCard;
  333. if (m_stkapGuards.empty())
  334. {
  335. aptwCard = auto_ptr<CTransactionWrap>(new CTransactionWrap(m_card));
  336. ClearCache();
  337. }
  339. m_stkapGuards.push_front(apgcardctx);
  340. if (aptwCard.get())
  341. m_aptwCard = aptwCard;
  342. }
  344. void
  345. CardContext::UpdateMarkers()
  346. {
  347. // Security: there is only one marker and it resides on the
  348. // card. The marker indicates if any data on the card changed.
  349. m_nMrkLastWrite = Card()->MarkerOnCard();
  350. }
  352. void
  353. CardContext::Secure()
  354. {
  355. // Simplifying assumptions: (1) Secure is always called by a thread
  356. // within the scope of a Retain (e.g. using Retained). The
  357. // Secured template enforces this allowing Retain to act as a lock
  358. // to prevent race conditions updating m_cSecurers. (2) Once the
  359. // object is constructed, Secure and Abandon are the only routines
  360. // that access m_cSecurers.
  361. if (0 >= (m_cSecurers + 1))
  362. throw scu::OsException(ERROR_INVALID_HANDLE_STATE);
  364. ++m_cSecurers;
  365. }
  367. // Access
  368. // Predicates
  369. // Static Variables