archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/csps/cryptoflex/slbiop/iop.cpp

762 lines
25 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // iop.cpp -- Definition of CIOP
  3. // (c) Copyright Schlumberger Technology Corp., unpublished work, created
  4. // 2000. This computer program includes Confidential, Proprietary
  5. // Information and is a Trade Secret of Schlumberger Technology Corp. All
  6. // use, disclosure, and/or reproduction is prohibited unless authorized
  7. // in writing. All Rights Reserved.
  9. #include <tchar.h>
  10. #include <string>
  12. #include <scuOsExc.h>
  13. #include <scuOsVersion.h>
  14. #include <scuArrayP.h>
  15. #include "iop.h"
  16. #include <aclapi.h>
  18. #include "LockWrap.h"
  20. using namespace std;
  22. namespace
  23. {
  24. char g_szSLBRegistryPath[] = "SOFTWARE\\Schlumberger";
  25. char g_szTerminalsName[] = "Smart Cards and Terminals";
  26. char g_szCardName[] = "Smart Cards";
  27. char g_szCrypto4KName[] = "Cryptoflex 4K";
  28. char g_szOldCrypto8KName[] = "Cryptoflex 8K (no RSA key generation)";
  29. char g_szNewCrypto8KName[] = "Cryptoflex 8K (with RSA key generation)";
  30. char g_szCrypto8KV2Name[] = "Cryptoflex 8K (V2)";
  31. char g_szAccessName[] = "Cyberflex Access 16K";
  32. char g_sze_gateName[] = "Schlumberger Cryptoflex e-gate";
  33. char g_szCrypto16KName[] = "Cryptoflex 16K";
  34. char g_szAccessCampus[] = "Schlumberger Cyberflex Access Campus";
  35. char g_szCryptoActivCard[] = "Schlumberger Cryptoflex ActivCard";
  37. string
  38. CardPath()
  39. {
  40. static string sPath = string(g_szSLBRegistryPath) +
  41. string("\\") + string(g_szTerminalsName) + string("\\") +
  42. string(g_szCardName);
  44. return sPath;
  45. }
  47. #if defined(SLBIOP_WAIT_FOR_RM_STARTUP)
  49. HANDLE GetSCResourceManagerStartedEvent(void)
  50. {
  51. typedef HANDLE (*LPCALAISACCESSEVENT)(void);
  53. HANDLE hReturn = NULL;
  55. try
  56. {
  57. HMODULE hWinScard = GetModuleHandle(TEXT("WINSCARD.DLL"));
  58. if (NULL != hWinScard)
  59. {
  60. LPCALAISACCESSEVENT pfCalais =
  61. (LPCALAISACCESSEVENT)GetProcAddress(hWinScard,
  62. "SCardAccessStartedEvent");
  63. if (NULL != pfCalais)
  64. {
  65. hReturn = (*pfCalais)();
  66. }
  67. }
  68. }
  69. catch (...)
  70. {
  71. hReturn = NULL;
  72. }
  74. return hReturn;
  76. }
  78. #endif // defined(SLBIOP_WAIT_FOR_RM_STARTUP)
  80. }
  82. namespace iop
  83. {
  86. CIOP::CIOP()
  87. : m_hContext(NULL)
  88. {
  89. // Ensure that resorce manager is running, then Establish context
  91. if (!CIOP::WaitForSCManager())
  92. throw Exception(ccResourceManagerDisabled);
  94. HRESULT hResult = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &m_hContext);
  95. if (SCARD_S_SUCCESS != hResult)
  96. throw scu::OsException(hResult);
  97. }
  99. CIOP::~CIOP()
  100. {
  101. SCardReleaseContext(m_hContext);
  102. }
  104. CSmartCard *
  105. CIOP::Connect(const char* szReaderName,
  106. bool fExclusiveMode)
  107. {
  108. HRESULT hResult = NOERROR;
  109. DWORD dwShare = (fExclusiveMode ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED);
  110. DWORD dwProtocol;
  111. SCARDHANDLE hCard;
  113. // Grab our Mutex. This is a hack around an RM bug.
  115. CIOPLock TempLock(szReaderName); // This is ok as long as one do not try to do SCard locking
  116. CIOPMutex tempMutex(&TempLock);
  118. // Connect to the reader
  120. hResult = SCardConnect(m_hContext, szReaderName, dwShare,
  121. SCARD_PROTOCOL_T0, &hCard, &dwProtocol);
  123. if (hResult != SCARD_S_SUCCESS)
  124. throw scu::OsException(hResult);
  126. // Get the ATR and determine card type
  128. DWORD dwBufferLen = 0;
  129. DWORD dwState;
  130. BYTE bATR[CSmartCard::cMaxAtrLength];
  131. DWORD dwATRLen = sizeof bATR / sizeof *bATR;
  133. hResult = SCardStatus(hCard,NULL, &dwBufferLen, &dwState,
  134. &dwProtocol, bATR, &dwATRLen);
  136. if (hResult != SCARD_S_SUCCESS)
  137. throw scu::OsException(hResult);
  139. // Create a SmartCard of the right type.
  140. CSmartCard *psc = CreateCard(bATR, dwATRLen, hCard, szReaderName, dwShare);
  142. return psc;
  143. }
  145. // This function creates a smart card of the appropriate type
  147. CSmartCard * CIOP::CreateCard(const BYTE* bATR,
  148. const DWORD dwLength,
  149. const SCARDHANDLE hCard,
  150. const char* szReaderName,
  151. const DWORD dwShareMode)
  152. {
  153. ////////////////////////////////////
  154. // Open path to registered keys //
  155. ////////////////////////////////////
  157. HKEY hkCardKey;
  158. HKEY hkTestKey;
  160. RegOpenKeyEx(HKEY_LOCAL_MACHINE, CardPath().c_str(), NULL,
  161. KEY_READ, &hkCardKey);
  163. //////////////////////////////////////////////
  164. // Enumerate subkeys to find an ATR match //
  165. //////////////////////////////////////////////
  167. FILETIME fileTime;
  168. char szATR[] = "ATR";
  169. char szMask[] = "ATR Mask";
  170. char szCardType[] = "Card Type";
  171. char sBuffer[MAX_PATH + 1];
  172. BYTE bATRtest[CSmartCard::cMaxAtrLength];
  173. BYTE bMask[CSmartCard::cMaxAtrLength];
  175. BYTE type;
  176. char szCardName[MAX_PATH + 1];
  177. DWORD dwBufferSize = sizeof(sBuffer);
  178. DWORD dwATRSize = sizeof bATRtest / sizeof *bATRtest;
  179. DWORD dwMaskSize = sizeof bMask / sizeof *bMask;
  180. DWORD dwTypeSize = 1;
  181. DWORD index = 0;
  184. LONG iRetVal = RegEnumKeyEx(hkCardKey, index, sBuffer,
  185. &dwBufferSize, NULL, NULL, NULL,
  186. &fileTime);
  188. while (iRetVal == ERROR_SUCCESS)
  189. {
  190. strcpy(szCardName, sBuffer);
  192. RegOpenKeyEx(hkCardKey, sBuffer, NULL, KEY_READ, &hkTestKey);
  193. RegQueryValueEx(hkTestKey, szATR, NULL, NULL, bATRtest, &dwATRSize);
  194. RegQueryValueEx(hkTestKey, szMask, NULL, NULL, bMask, &dwMaskSize);
  195. RegQueryValueEx(hkTestKey, szCardType, NULL, NULL, &type, &dwTypeSize);
  197. if (dwATRSize == dwLength)
  198. {
  199. scu::AutoArrayPtr<BYTE> aabMaskedATR(new BYTE[dwATRSize]);
  200. for (DWORD count = 0; count < dwATRSize; count++)
  201. aabMaskedATR[count] = bATR[count] & bMask[count];
  203. if (!memcmp(aabMaskedATR.Get(), bATRtest, dwATRSize))
  204. break;
  205. }
  207. index++;
  208. dwBufferSize = sizeof(sBuffer);
  209. dwATRSize = sizeof bATRtest / sizeof *bATRtest;
  210. dwMaskSize = sizeof bMask / sizeof *bMask;
  211. RegCloseKey(hkTestKey);
  212. iRetVal = RegEnumKeyEx(hkCardKey, index, sBuffer, &dwBufferSize, NULL, NULL, NULL, &fileTime);
  213. }
  215. // if loop was broken, iRetVal is still ERROR_SUCCESS, and type holds correct card to use
  216. CSmartCard *retVal = NULL;
  218. if (iRetVal == ERROR_SUCCESS)
  219. {
  220. switch (type)
  221. {
  222. case CRYPTO_CARD: retVal = new CCryptoCard(hCard,
  223. szReaderName,
  224. m_hContext,
  225. dwShareMode);
  226. break;
  227. case ACCESS_CARD: retVal = new CAccessCard(hCard,
  228. szReaderName,
  229. m_hContext,
  230. dwShareMode);
  231. break;
  232. default: throw Exception(ccUnknownCard);
  233. break;
  234. }
  235. }
  236. // loop wasn't broken, i.e., ATR not found. Try to make an Access Card.
  237. else
  238. retVal = new CAccessCard(hCard, szReaderName, m_hContext,
  239. dwShareMode);
  241. retVal->setCardName(szCardName);
  242. return retVal;
  243. }
  246. void
  247. CIOP::ListReaders(char* szReadersList, int &iSizeOfList)
  248. {
  249. DWORD dwSize = static_cast<DWORD>(iSizeOfList);
  250. LONG lRet;
  251. lRet = SCardListReaders(m_hContext, NULL, szReadersList, &dwSize);
  252. iSizeOfList = static_cast<int>(dwSize);
  253. if (SCARD_S_SUCCESS != lRet)
  254. throw scu::OsException(lRet);
  255. }
  257. void
  258. CIOP::ListKnownCards(char* szCardList, int& iSizeOfList)
  259. {
  260. ////////////////////////////////////
  261. // Open path to registered keys //
  262. ////////////////////////////////////
  264. LONG rv;
  265. HKEY hkCardKey;
  267. rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, CardPath().c_str(), NULL,
  268. KEY_READ, &hkCardKey);
  269. if(ERROR_SUCCESS != rv)
  270. throw scu::OsException(rv);
  272. ///////////////////////////////////////////
  273. // Enumerate subkeys to get card names //
  274. ///////////////////////////////////////////
  276. FILETIME fileTime;
  277. char sBuffer[1024];
  278. DWORD dwBufferSize = sizeof sBuffer / sizeof *sBuffer;
  279. int iTotalSize = 0;
  280. int index = 0;
  282. memset(sBuffer, 0, dwBufferSize);
  284. scu::AutoArrayPtr<char> aaszCardListBuffer(new char[iSizeOfList]);
  285. memset(aaszCardListBuffer.Get(), 0, iSizeOfList);
  287. rv = RegEnumKeyEx(hkCardKey, index++, sBuffer, &dwBufferSize,
  288. NULL, NULL, NULL, &fileTime);
  289. while (rv == ERROR_SUCCESS)
  290. {
  291. if (iTotalSize + dwBufferSize <= iSizeOfList - 2) // spare two chars for trailing nulls
  292. {
  293. strcpy((aaszCardListBuffer.Get() + iTotalSize), sBuffer);
  294. iTotalSize += dwBufferSize;
  296. aaszCardListBuffer[iTotalSize++] = 0;
  297. }
  298. else
  299. {
  300. iTotalSize += dwBufferSize + 1;
  301. }
  303. dwBufferSize = sizeof sBuffer / sizeof *sBuffer;
  304. memset(sBuffer, 0, dwBufferSize);
  306. rv = RegEnumKeyEx(hkCardKey, index++, sBuffer, &dwBufferSize,
  307. NULL, NULL, NULL, &fileTime);
  308. }
  310. bool fRetVal = (iTotalSize <= iSizeOfList - 1); // spare byte for final null terminator
  311. if (fRetVal)
  312. {
  313. aaszCardListBuffer[iTotalSize++] = 0;
  315. memcpy(szCardList, aaszCardListBuffer.Get(), iTotalSize);
  316. }
  317. else
  318. iTotalSize++; // spare byte for final null terminator
  320. iSizeOfList = iTotalSize;
  322. rv = RegCloseKey(hkCardKey);
  323. if (ERROR_SUCCESS != rv)
  324. throw scu::OsException(rv);
  325. }
  327. void
  328. CIOP::RegisterCard(const char* szCardName,
  329. const BYTE* bATR,
  330. BYTE bATRLength,
  331. const BYTE* bATRMask,
  332. BYTE bATRMaskLength,
  333. const BYTE* bProperties,
  334. cardType type)
  335. {
  336. HKEY hkCardKey;
  337. DWORD dwCreateFlag;
  338. BYTE bCardType = (BYTE)type;
  339. char szATR[] = "ATR";
  340. char szATRMask[] = "ATR Mask";
  341. char szCardType[] = "Card Type";
  342. char szProperties[] = "Properties";
  344. string sCardRegPath(CardPath());
  345. sCardRegPath.append("\\");
  346. sCardRegPath.append(szCardName);
  348. LONG rv = RegCreateKeyEx(HKEY_LOCAL_MACHINE,
  349. sCardRegPath.c_str(), NULL, NULL, NULL,
  350. KEY_ALL_ACCESS, NULL, &hkCardKey, &dwCreateFlag);
  352. if(ERROR_SUCCESS!=rv)
  353. throw scu::OsException(rv);
  355. if (dwCreateFlag == REG_CREATED_NEW_KEY)
  356. {
  357. rv = RegSetValueEx(hkCardKey, szATR, NULL, REG_BINARY, bATR,
  358. bATRLength);
  359. if (ERROR_SUCCESS==rv)
  360. {
  361. rv = RegSetValueEx(hkCardKey, szATRMask, NULL,
  362. REG_BINARY, bATRMask,
  363. bATRMaskLength);
  364. if (ERROR_SUCCESS==rv)
  365. {
  366. rv = RegSetValueEx(hkCardKey, szCardType, NULL,
  367. REG_BINARY, &bCardType, 1);
  368. if (ERROR_SUCCESS==rv)
  369. rv = RegSetValueEx(hkCardKey, szProperties, NULL,
  370. REG_BINARY, bProperties, 512);
  371. }
  372. }
  373. }
  375. LONG rv2 = RegCloseKey(hkCardKey);
  376. if (ERROR_SUCCESS!=rv) // an error occured earlier
  377. throw scu::OsException(rv);
  379. if (ERROR_SUCCESS != rv2)
  380. throw scu::OsException(rv2);
  383. // return (dwCreateFlag == REG_CREATED_NEW_KEY);
  384. }
  386. void
  387. CIOP::RegisterDefaultCards()
  388. {
  389. BYTE bMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
  390. BYTE bAccessMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00 };
  391. BYTE bOldCrypto8KMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00 };
  392. BYTE bCMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00 };
  393. BYTE bMaskLength = 9;
  394. BYTE bATRLength = 9;
  396. BYTE bProperties[512];
  397. memset(bProperties, 0, sizeof(bProperties));
  399. // Register Cryptoflex 16K
  400. BYTE b16KCryptoATR[] = { 0x3B, 0x95, 0x15, 0x40, 0xFF, 0x63,
  401. 0x01, 0x01, 0x00, 0x00 };
  402. BYTE b16KCryptoMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  403. 0xFF, 0xFF, 0x00, 0x00 };
  405. RegisterCard(g_szCrypto16KName, b16KCryptoATR,
  406. sizeof b16KCryptoATR / sizeof *b16KCryptoATR, b16KCryptoMask,
  407. sizeof b16KCryptoMask / sizeof *b16KCryptoMask,
  408. bProperties, CRYPTO_CARD);
  410. // Register e-gate
  411. BYTE be_gateATR[] = { 0x3B, 0x95, 0x00, 0x40, 0xFF, 0x62,
  412. 0x01, 0x01, 0x00, 0x00 };
  413. BYTE be_gateMask[] = { 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF,
  414. 0xFF, 0xFF, 0x00, 0x00 };
  416. RegisterCard(g_sze_gateName, be_gateATR,
  417. sizeof be_gateATR / sizeof *be_gateATR, be_gateMask,
  418. sizeof be_gateMask / sizeof *be_gateMask,
  419. bProperties, CRYPTO_CARD);
  421. // Register Cyberflex Access card
  422. BYTE bAccessATR[] = { 0x3B, 0x16, 0x94, 0x81, 0x10, 0x06, 0x01, 0x00, 0x00 };
  424. RegisterCard(g_szAccessName, bAccessATR, bATRLength, bAccessMask,
  425. bMaskLength, bProperties, ACCESS_CARD);
  427. // Register old Cryptoflex 8K card
  428. BYTE bOldCryptoATR[] = { 0x3B, 0x85, 0x40, 0x20, 0x68, 0x01, 0x01, 0x00, 0x00 };
  430. RegisterCard(g_szOldCrypto8KName, bOldCryptoATR, bATRLength, bOldCrypto8KMask,
  431. bMaskLength, bProperties, CRYPTO_CARD);
  433. // Register new Cryptoflex 8K card
  434. BYTE bNewCryptoATR[] = { 0x3B, 0x85, 0x40, 0x20, 0x68, 0x01, 0x01, 0x05, 0x01 };
  436. RegisterCard(g_szNewCrypto8KName, bNewCryptoATR, bATRLength, bMask,
  437. bMaskLength, bProperties, CRYPTO_CARD);
  439. // Register another new Cryptoflex 8K card
  440. BYTE bCrypto8KV2ATR[] = { 0x3B, 0x95, 0x15, 0x40, 0x00, 0x68, 0x01, 0x02, 0x00, 0x00 };
  441. BYTE bCrypto8KV2Mask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00 };
  443. RegisterCard(g_szCrypto8KV2Name, bCrypto8KV2ATR, sizeof(bCrypto8KV2ATR), bCrypto8KV2Mask,
  444. sizeof(bCrypto8KV2Mask), bProperties, CRYPTO_CARD);
  446. // Register Cryptoflex 4K card
  447. BYTE b4KCryptoATR[] = { 0x3B, 0xE2, 0x00, 0x00, 0x40, 0x20, 0x49, 0x00 };
  448. bATRLength = 8;
  449. bMaskLength = 8;
  451. RegisterCard(g_szCrypto4KName, b4KCryptoATR, bATRLength, bCMask,
  452. bMaskLength, bProperties, CRYPTO_CARD);
  454. // Register Cyberflex Access Campus
  455. BYTE be_AccessCampusATR[] = { 0x3B, 0x23, 0x00, 0x35, 0x13, 0x80 };
  456. BYTE be_AccessCampusMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
  458. RegisterCard(g_szAccessCampus, be_AccessCampusATR,
  459. sizeof be_AccessCampusATR / sizeof *be_AccessCampusATR,
  460. be_AccessCampusMask,
  461. sizeof be_AccessCampusMask / sizeof *be_AccessCampusMask,
  462. bProperties, ACCESS_CARD);
  464. // Register Cryptoflex ActivCard
  465. BYTE bCryptoActivCardATR[] = { 0x3B, 0x05, 0x68, 0x01, 0x01,
  466. 0x02, 0x05 };
  467. BYTE bCryptoActivCardMask[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  468. 0xFF, 0xFF };
  470. RegisterCard(g_szCryptoActivCard, bCryptoActivCardATR,
  471. sizeof(bCryptoActivCardATR), bCryptoActivCardMask,
  472. sizeof(bCryptoActivCardMask), bProperties, CRYPTO_CARD);
  474. }
  476. #if defined(SLBIOP_USE_SECURITY_ATTRIBUTES)
  477. void
  478. CIOP::InitIOPSecurityAttrs(CSecurityAttributes *psa)
  479. {
  481. DWORD dwRes;
  482. PSID pEveryoneSID = NULL, pAdminSID = NULL;
  483. PACL pACL = NULL;
  484. PSECURITY_DESCRIPTOR pSD = NULL;
  485. EXPLICIT_ACCESS ea;
  486. SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
  487. SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
  488. bool fErrorFound = false;
  490. // Create a well-known SID for the Everyone group.
  491. if(!AllocateAndInitializeSid(&SIDAuthWorld, 1,
  492. SECURITY_WORLD_RID,
  493. 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID))
  494. throw scu::OsException(GetLastError());
  496. // Initialize an EXPLICIT_ACCESS structure for an ACE.
  497. // The ACE will allow Everyone read access to the key.
  498. ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
  499. ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
  500. ea.grfAccessMode = SET_ACCESS;
  501. ea.grfInheritance= NO_INHERITANCE;
  502. ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
  503. ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
  504. ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID;
  506. #if 0
  507. // Create a SID for the BUILTIN\Administrators group.
  508. if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
  509. SECURITY_BUILTIN_DOMAIN_RID,
  510. DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
  511. 0, 0, &pAdminSID))
  512. throw scu::OsException(GetLastError());
  514. // Initialize an EXPLICIT_ACCESS structure for an ACE.
  515. // The ACE will allow the Administrators group full access to the key.
  516. ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
  517. ea.grfAccessMode = SET_ACCESS;
  518. ea.grfInheritance= NO_INHERITANCE;
  519. ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
  520. ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
  521. ea.Trustee.ptstrName = (LPTSTR) pAdminSID;
  522. #endif // 0
  523. // Create a new ACL that contains the new ACEs.
  524. dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
  525. if (ERROR_SUCCESS != dwRes)
  526. {
  527. fErrorFound = true;
  528. }
  529. else
  530. {
  531. // Initialize a security descriptor.
  532. pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
  533. if (pSD == NULL)
  534. {
  535. fErrorFound = true;
  536. }
  537. else if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
  538. {
  539. fErrorFound = true;
  540. }
  541. // Add the ACL to the security descriptor.
  542. else if (!SetSecurityDescriptorDacl(pSD,
  543. TRUE, // fDaclPresent flag
  544. pACL,
  545. FALSE)) // not a default DACL
  546. {
  547. fErrorFound = true;
  548. }
  549. else
  550. {
  551. if (!IsValidSecurityDescriptor(pSD))
  552. {
  553. fErrorFound = true;
  554. }
  555. else
  556. {
  557. // Initialize a security attributes structure.
  558. psa->sa.nLength = sizeof(SECURITY_ATTRIBUTES);
  559. psa->sa.lpSecurityDescriptor = pSD;
  560. psa->sa.bInheritHandle = FALSE;
  561. psa->pEveryoneSID = pEveryoneSID;
  562. psa->pACL = pACL;
  563. }
  564. }
  565. }
  567. DWORD dwLastError = GetLastError();
  569. if (true == fErrorFound)
  570. {
  571. if (NULL != pACL)
  572. {
  573. LocalFree(pACL);
  574. pACL = NULL;
  575. }
  576. if (NULL != pSD)
  577. {
  578. LocalFree(pSD);
  579. pSD = NULL;
  580. }
  581. if (NULL != pEveryoneSID)
  582. {
  583. FreeSid(pEveryoneSID);
  584. pEveryoneSID = NULL;
  585. }
  586. throw scu::OsException(dwLastError);
  587. }
  588. #if 0
  589. // Create a new ACL that contains the new ACEs.
  590. dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
  591. if (ERROR_SUCCESS != dwRes)
  592. throw scu::OsException(GetLastError());
  594. // Initialize a security descriptor.
  595. pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
  596. if (pSD == NULL)
  597. throw scu::OsException(GetLastError());
  599. if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
  600. throw scu::OsException(GetLastError());
  602. // Add the ACL to the security descriptor.
  603. if (!SetSecurityDescriptorDacl(pSD,
  604. TRUE, // fDaclPresent flag
  605. pACL,
  606. FALSE)) // not a default DACL
  607. throw scu::OsException(GetLastError());
  609. // Initialize a security attributes structure.
  610. psa->nLength = sizeof(SECURITY_ATTRIBUTES);
  611. psa->lpSecurityDescriptor = pSD;
  612. psa->bInheritHandle = FALSE;
  614. if (!IsValidSecurityDescriptor(pSD))
  615. throw scu::OsException(GetLastError());
  616. #endif
  617. }
  619. #endif // defined(SLBIOP_USE_SECURITY_ATTRIBUTES)
  622. bool CIOP::WaitForSCManager()
  623. {
  624. #if defined(SLBIOP_WAIT_FOR_RM_STARTUP)
  625. // Wait for the SCManager to start, time out at dwTimeout seconds.
  627. HANDLE hStarted = GetSCResourceManagerStartedEvent();
  628. if (hStarted)
  629. {
  630. if (WaitForSingleObject(hStarted, 60 * 1000) == WAIT_OBJECT_0)
  631. return true;
  632. }
  634. return false;
  636. #else // defined(SLBIOP_WAIT_FOR_RM_STARTUP)
  638. return true;
  640. #endif // defined(SLBIOP_WAIT_FOR_RM_STARTUP)
  642. }
  647. } // namespace iop
  650. STDAPI DllGetVersion(DLLVERSIONINFO *dvi)
  651. {
  652. dvi->dwBuildNumber = 0;
  653. dvi->dwMajorVersion = 0;
  654. dvi->dwMinorVersion = 9;
  656. return 0;
  657. }
  659. STDAPI DllRegisterServer()
  660. {
  661. // Ensure default cards are registered to the system
  662. HRESULT hResult = ERROR_SUCCESS;
  663. try
  664. {
  665. iop::CIOP::RegisterDefaultCards();
  666. }
  668. catch (scu::OsException const &rExc)
  669. {
  670. hResult = rExc.Cause();
  671. }
  673. return hResult;
  674. }
  676. STDAPI DllUnregisterServer()
  677. {
  678. HRESULT hResult = NOERROR;
  680. LONG rv;
  681. HKEY hkSLBKey;
  682. HKEY hkTerminalsKey;
  683. HKEY hkCardsKey;
  686. bool bSLBKey = false, bTerminalsKey = false, bCardsKey = false;
  688. try
  689. {
  690. rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, g_szSLBRegistryPath, NULL, KEY_ALL_ACCESS, &hkSLBKey);
  691. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  692. bSLBKey = true;
  694. RegOpenKeyEx(hkSLBKey, g_szTerminalsName, NULL, KEY_ALL_ACCESS, &hkTerminalsKey);
  695. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  696. bTerminalsKey = true;
  698. RegOpenKeyEx(hkTerminalsKey, g_szCardName, NULL, KEY_ALL_ACCESS, &hkCardsKey);
  699. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  700. bCardsKey = true;
  702. rv = RegDeleteKey(hkCardsKey, g_szCrypto4KName);
  703. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  705. rv = RegDeleteKey(hkCardsKey, g_szOldCrypto8KName);
  706. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  708. rv = RegDeleteKey(hkCardsKey, g_szNewCrypto8KName);
  709. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  711. rv = RegDeleteKey(hkCardsKey, g_szCrypto8KV2Name);
  712. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  714. rv = RegDeleteKey(hkCardsKey, g_szAccessName);
  715. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  717. rv = RegDeleteKey(hkCardsKey, g_sze_gateName);
  718. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  720. rv = RegDeleteKey(hkCardsKey, g_szCrypto16KName);
  721. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  723. rv = RegDeleteKey(hkCardsKey, g_szAccessCampus);
  724. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  726. rv = RegDeleteKey(hkCardsKey, g_szCryptoActivCard);
  727. if(rv!=ERROR_SUCCESS) hResult = E_UNEXPECTED;
  729. rv = RegCloseKey (hkCardsKey);
  730. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  731. bCardsKey = false;
  733. rv = RegDeleteKey(hkTerminalsKey, g_szCardName);
  734. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  735. bCardsKey = false;
  737. rv = RegCloseKey (hkTerminalsKey);
  738. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  739. bTerminalsKey = false;
  741. rv = RegDeleteKey(hkSLBKey, g_szTerminalsName);
  742. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  743. bCardsKey = false;
  745. rv = RegCloseKey(hkSLBKey);
  746. if(rv!=ERROR_SUCCESS) throw scu::OsException(rv);
  747. bSLBKey = false;
  748. }
  749. catch(...)
  750. {
  751. hResult = E_UNEXPECTED;
  752. }
  754. if(bCardsKey) RegCloseKey (hkCardsKey);
  755. if(bTerminalsKey) RegCloseKey (hkTerminalsKey);
  756. if(bSLBKey) RegCloseKey (hkSLBKey);
  758. return hResult;
  759. }