|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996-1996
//
// File: init.cpp
//
// Contents:
// All hydra license server initialization code.
//
// History:
// Feb. 4, 98 HueiWang Created
// Note:
//---------------------------------------------------------------------------
#include "pch.cpp"
#include "globals.h"
#include "init.h"
#include "misc.h"
#include "tlscert.h"
#include "pid.h"
#include "upgdb.h"
#include "lkplite.h"
#include "gencert.h"
#define WHISTLER_CAL L"SYSTEM\\CurrentControlSet\\Services\\TermService\\Parameters\\WhistlerCAL"
//
// file scope define
//
#define DEFAULT_CSP MS_DEF_PROV
#define PROVIDER_TYPE PROV_RSA_FULL
DWORDTLSStartupLSDB( IN BOOL bCheckDBStatus, IN DWORD dwMaxDbHandles, IN BOOL bStartEmptyIfError, IN LPTSTR pszChkPointDirPath, IN LPTSTR pszTempDirPath, IN LPTSTR pszLogDirPath, IN LPTSTR pszDbFile, IN LPTSTR pszUserName, IN LPTSTR pszPassword);
DWORDTLSLoadRuntimeParameters();
DWORDTLSStartLSDbWorkspaceEngine( BOOL, BOOL, BOOL, BOOL);
////////////////////////////////////////////////////////////////////////////
//
//
// Global Variables
//
//
////////////////////////////////////////////////////////////////////////////
static BOOL g_ValidDatabase=FALSE;
#if DBG
voidEnsureExclusiveAccessToDbFile( LPTSTR szDatabaseFile )/*++
--*/{ HANDLE hFile = NULL; DWORD dwErrCode;
hFile = CreateFile( szDatabaseFile, GENERIC_WRITE | GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );
if( INVALID_HANDLE_VALUE == hFile ) { dwErrCode = GetLastError();
if( ERROR_FILE_NOT_FOUND != dwErrCode ) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("EnsureExclusiveAccessToDbFile() failed with %d\n"), dwErrCode ); } else if( ERROR_SHARING_VIOLATION == dwErrCode ) { // special attention...
TLSASSERT( FALSE ); } else { TLSASSERT( FALSE ); } } else { CloseHandle( hFile ); }
return;}#endif
////////////////////////////////////////////////////////////////////////////
BOOLTLSGenerateLSDBBackupFileName( IN LPCTSTR pszPath, IN OUT LPTSTR pszTempFile )/*++
--*/{ DWORD dwTempRandom;
if (lstrlen(pszPath)+13 > MAX_PATH) { // path too long
return FALSE; }
//
// Generate a temporary file name.
//
dwTempRandom = GetTempFileName( pszPath, _TEXT("TLS"), 0, pszTempFile );
if(dwTempRandom == 0) { //
// GetTempFileName failed
// Generate a backup file name based on current time,
// possibility of collision is high
//
SYSTEMTIME LocalTime;
if (lstrlen(pszPath)+25 > MAX_PATH) { // path too long
return FALSE; }
GetLocalTime(&LocalTime);
wsprintf( pszTempFile, _TEXT("%s\\LSDBBackup.%02d%02d%02d%02d%02d%02d"), pszPath, LocalTime.wYear, LocalTime.wMonth, LocalTime.wDay, LocalTime.wHour, LocalTime.wMinute, LocalTime.wSecond ); }
return TRUE;}
/////////////////////////////////////////////////////////////////////////////
BOOLCanIssuePermLicense(){#ifndef ENFORCE_LICENSING
return TRUE;#else
if(g_bHasHydraCert == TRUE || (g_pbServerSPK != NULL && g_cbServerSPK != 0)) { return TRUE; }
return FALSE;#endif
}
/////////////////////////////////////////////////////////////////////////////
voidGetServiceLastShutdownTime( OUT FILETIME* ft )/*++
--*/{ *ft = g_ftLastShutdownTime; return;}
//---------------------------------------------------------------------
voidSetServiceLastShutdownTime(){ GetSystemTimeAsFileTime(&g_ftLastShutdownTime);} //---------------------------------------------------------------------
voidGetJobObjectDefaults( PDWORD pdwInterval, PDWORD pdwRetries, PDWORD pdwRestartTime )/*++
--*/{ *pdwInterval = g_dwTlsJobInterval; *pdwRetries = g_dwTlsJobRetryTimes; *pdwRestartTime = g_dwTlsJobRestartTime;}
/////////////////////////////////////////////////////////////////////////////
DWORDGetLicenseServerRole(){ return g_SrvRole;}
/////////////////////////////////////////////////////////////////////////////
void ServerShutdown(){#if ENFORCE_LICENSING
if(g_hCaStore) { CertCloseStore( g_hCaStore, CERT_CLOSE_STORE_FORCE_FLAG ); }
if(g_hCaRegKey) { RegCloseKey(g_hCaRegKey); }#endif
if(g_SignKey) { CryptDestroyKey(g_SignKey); }
if(g_ExchKey) { CryptDestroyKey(g_ExchKey); }
TLServerLastRun lastRun;
memset(&lastRun, 0, sizeof(TLServerLastRun)); lastRun.dwVersion = LSERVER_LSA_LASTRUN_VER_CURRENT; lastRun.ftLastShutdownTime = g_ftLastShutdownTime;
// if unclean shutdown or can't get next ID, set to 0
if( g_ValidDatabase == FALSE || TLSDBGetMaxKeyPackId(g_DbWorkSpace, (DWORD *)&g_NextKeyPackId) == FALSE || TLSDBGetMaxLicenseId(g_DbWorkSpace, (DWORD *)&g_NextLicenseId) == FALSE ) { g_NextKeyPackId = 0; g_NextLicenseId = 0; }
lastRun.dwMaxKeyPackId = g_NextKeyPackId; lastRun.dwMaxLicenseId = g_NextLicenseId;
StoreKey( LSERVER_LSA_LASTRUN, (PBYTE)&lastRun, sizeof(TLServerLastRun) );
LSShutdownCertutilLib();
if( g_SelfSignCertContext != NULL ) { CertFreeCertificateContext(g_SelfSignCertContext); }
if(g_LicenseCertContext) { CertFreeCertificateContext(g_LicenseCertContext); }
TLSDestroyCryptContext(g_hCryptProv); g_hCryptProv=NULL;
//
// shutdown Work manager
//
TLSWorkManagerShutdown();
#ifndef _NO_ODBC_JET
if(g_DbWorkSpace != NULL) { ReleaseWorkSpace(&g_DbWorkSpace); }#endif
CloseWorkSpacePool();
FreeMemory(g_pbSecretKey); FreeMemory(g_pbSignatureEncodedCert); FreeMemory(g_pbExchangeEncodedCert); //FreeMemory(g_pbDomainSid);
FreeMemory(g_pCertExtensions);
FreeMemory(g_pszServerUniqueId); FreeMemory(g_pszServerPid); FreeMemory(g_pbServerSPK);
if(g_szDomainGuid != NULL) { RpcStringFree(&g_szDomainGuid); }
return;}
/////////////////////////////////////////////////////////////////////////////
DWORD StartServerInitThread( void* p )/*
*/{ DWORD dwStatus = ERROR_SUCCESS; BOOL bDebug = (p) ? TRUE : FALSE; HKEY hKey = NULL; PTLSLSASERVERID pTlsLsaServerIds=NULL; DWORD cbTlsLsaServerIds=0;
do {
TLSInit();
//
// Load various run time parameters
//
dwStatus = TLSLoadRuntimeParameters();
if(dwStatus != ERROR_SUCCESS) { break; }
//
// Retrive License Server's IDs
//
dwStatus = RetrieveKey( LSERVER_LSA_LSERVERID, (PBYTE *)&pTlsLsaServerIds, &cbTlsLsaServerIds );
if(dwStatus != ERROR_SUCCESS) { //
// First time, generate various license server ID
//
dwStatus = TLSGeneratePid( &g_pszServerPid, &g_cbServerPid, &g_pszServerUniqueId, &g_cbServerUniqueId );
if(dwStatus != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_GENERATE_IDS );
break; }
//
// Store this into LSA
//
dwStatus = ServerIdsToLsaServerId( (PBYTE)g_pszServerUniqueId, g_cbServerUniqueId, (PBYTE)g_pszServerPid, g_cbServerPid, g_pbServerSPK, g_cbServerSPK, NULL, 0, &pTlsLsaServerIds, &cbTlsLsaServerIds ); if(dwStatus != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_STORE_IDS );
break; }
dwStatus = StoreKey( LSERVER_LSA_LSERVERID, (PBYTE)pTlsLsaServerIds, cbTlsLsaServerIds );
if(dwStatus != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_STORE_IDS );
break; } } else { dwStatus = LsaServerIdToServerIds( pTlsLsaServerIds, cbTlsLsaServerIds, (PBYTE *)&g_pszServerUniqueId, &g_cbServerUniqueId, (PBYTE *)&g_pszServerPid, &g_cbServerPid, &g_pbServerSPK, &g_cbServerSPK, &g_pCertExtensions, &g_cbCertExtensions );
if(dwStatus != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_RETRIEVE_IDS );
break; }
if( g_pszServerUniqueId == NULL || g_cbServerUniqueId == 0 || g_pszServerPid == NULL || g_cbServerPid == 0 ) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_INTERNAL );
break; } }
//
// License Server common secret key for encoding/decoding
// client HWID
//
LicenseGetSecretKey(&g_cbSecretKey, NULL); if((g_pbSecretKey = (PBYTE)AllocateMemory(g_cbSecretKey)) == NULL) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_ALLOCATE_MEMORY );
break; } if(LicenseGetSecretKey( &g_cbSecretKey, g_pbSecretKey ) != LICENSE_STATUS_OK) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, dwStatus = TLS_E_RETRIEVE_KEY );
break; }
//--------------------------------------------------------------
//
// Check if our database file is in import directory
//
//--------------------------------------------------------------
dwStatus = TLSStartLSDbWorkspaceEngine( bDebug == FALSE, FALSE, // check DB file on export directory
FALSE, // check file time on DB file
TRUE // log low license count warning.
); if(dwStatus != ERROR_SUCCESS) { break; }
dwStatus = ERROR_SUCCESS; g_ValidDatabase = TRUE;
//
// load all policy module, ignore error
//
ServiceLoadAllPolicyModule( HKEY_LOCAL_MACHINE, LSERVER_POLICY_REGBASE );
//
// Upgrade - make two copies of certificate
//
dwStatus = RegOpenKeyEx( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY, 0, KEY_ALL_ACCESS, &hKey );
if(hKey != NULL) { RegCloseKey(hKey); }
if(dwStatus != ERROR_SUCCESS) { dwStatus = ERROR_SUCCESS;
// we are not register yet...
break; }
//
// Verify first backup copy of certificate exists
//
hKey = NULL; dwStatus = RegOpenKeyEx( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1, 0, KEY_ALL_ACCESS, &hKey ); if(hKey != NULL) { RegCloseKey(hKey); }
if(dwStatus == ERROR_FILE_NOT_FOUND) { dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1 );
if(dwStatus != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1 ); } }
//
// Verify second backup copy of certificate exists
//
hKey = NULL; dwStatus = RegOpenKeyEx( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2, 0, KEY_ALL_ACCESS, &hKey ); if(hKey != NULL) { RegCloseKey(hKey); }
if(dwStatus == ERROR_FILE_NOT_FOUND) { dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2 );
if(dwStatus != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2 ); } }
dwStatus = ERROR_SUCCESS; } while(FALSE); if(pTlsLsaServerIds != NULL) { LocalFree(pTlsLsaServerIds); }
ExitThread(dwStatus);
return dwStatus;}
/////////////////////////////////////////////////////////////////////////////
HANDLE ServerInit( BOOL bDebug ){ HANDLE hThread; DWORD dump;
hThread=(HANDLE)CreateThread( NULL, 0, StartServerInitThread, LongToPtr(bDebug), 0, &dump ); return hThread;}
/////////////////////////////////////////////////////////////////////////////
DWORDTLSRestoreLicenseServerCertificate( LPCTSTR pszSourceRegKey, LPCTSTR pszTargetRegKey )/*++
--*/{ DWORD dwStatus = ERROR_SUCCESS;
// first delete the certificate key, ignore error
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, pszTargetRegKey );
// copy from backup
dwStatus = TLSTreeCopyRegKey( HKEY_LOCAL_MACHINE, pszSourceRegKey, HKEY_LOCAL_MACHINE, pszTargetRegKey );
if(dwStatus == ERROR_FILE_NOT_FOUND) { // source registry key does not exist
dwStatus = TLS_E_NO_CERTIFICATE; }
return dwStatus;}
////////////////////////////////////////////////////////////////////////////////
DWORDTLSLoadVerifyLicenseServerCertificates()/*++
--*/{ DWORD dwStatus;
#if ENFORCE_LICENSING
// load certificate from normal place
dwStatus = TLSLoadCHEndosedCertificate( &g_cbSignatureEncodedCert, &g_pbSignatureEncodedCert, &g_cbExchangeEncodedCert, &g_pbExchangeEncodedCert ); if(dwStatus == ERROR_SUCCESS) { if(g_hCaStore != NULL) { CertCloseStore( g_hCaStore, CERT_CLOSE_STORE_FORCE_FLAG ); }
if(g_hCaRegKey != NULL) { RegCloseKey(g_hCaRegKey); }
//
// license server is registered, verify certificate
//
g_hCaStore = CertOpenRegistryStore( HKEY_LOCAL_MACHINE, LSERVER_CERTIFICATE_REG_CA_SIGNATURE, g_hCryptProv, &g_hCaRegKey ); if(g_hCaStore != NULL) { //
// Go thru license server's certficiate to validate
//
dwStatus = TLSValidateServerCertficates( g_hCryptProv, g_hCaStore, g_pbSignatureEncodedCert, g_cbSignatureEncodedCert, g_pbExchangeEncodedCert, g_cbExchangeEncodedCert, &g_ftCertExpiredTime );
if(dwStatus != ERROR_SUCCESS) { //
// Invalid certificate in registry
//
dwStatus = TLS_E_INVALID_CERTIFICATE; } } else { //
// Can't open registry key, startup as non-register
// server.
//
//TLSLogEvent(
// EVENTLOG_ERROR_TYPE,
// TLS_E_SERVICEINIT,
// TLS_E_OPEN_CERTSTORE,
// dwStatus = GetLastError()
// );
dwStatus = TLS_E_NO_CERTIFICATE; } }
if(dwStatus == ERROR_SUCCESS) { if(g_LicenseCertContext != NULL) { CertFreeCertificateContext(g_LicenseCertContext); }
g_LicenseCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, g_pbSignatureEncodedCert, g_cbSignatureEncodedCert );
//if(!g_LicenseCertContext)
//{
// TLSLogEvent(
// EVENTLOG_ERROR_TYPE,
// TLS_E_SERVICEINIT,
// TLS_E_CREATE_CERTCONTEXT,
// GetLastError()
// );
//}
}
if(dwStatus != ERROR_SUCCESS) { g_bHasHydraCert = FALSE; } else { g_bHasHydraCert = TRUE; } #else
dwStatus = TLS_E_NO_CERTIFICATE;
#endif
return dwStatus;} ///////////////////////////////////////////////////////////////////////
BOOL TLSLoadServerCertificate()/*++
Abstract:
Load license server certificate
--*/{ BOOL bSuccess = FALSE; DWORD dwStatus; PBYTE pbSelfSignedCert = NULL; DWORD cbSelfSignedCert = 0; BOOL bSelfSignedCreated = FALSE; g_ftCertExpiredTime.dwLowDateTime = 0xFFFFFFFF; g_ftCertExpiredTime.dwHighDateTime = 0xFFFFFFFF;
#if ENFORCE_LICENSING
dwStatus = TLSLoadVerifyLicenseServerCertificates(); //
// failed to load server certificate, try backup copy,
// if either one success, make sure we have all three copy up
// to date.
//
if(dwStatus == TLS_E_INVALID_CERTIFICATE || dwStatus == TLS_E_NO_CERTIFICATE) { dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1, LSERVER_SERVER_CERTIFICATE_REGKEY ); if(dwStatus == ERROR_SUCCESS) { dwStatus = TLSLoadVerifyLicenseServerCertificates(); if(dwStatus == ERROR_SUCCESS) { //
// Log event indicate we are using backup certificate
//
LPCTSTR pString[1]; pString[0]= g_szComputerName;
TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_W_CORRUPTTRYBACKUPCERTIFICATE, 1, pString );
//
// make sure second copy is same as first copy.
//
TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2 ); } } }
if(dwStatus == TLS_E_INVALID_CERTIFICATE || dwStatus == TLS_E_NO_CERTIFICATE) { dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2, LSERVER_SERVER_CERTIFICATE_REGKEY ); if(dwStatus == ERROR_SUCCESS) { dwStatus = TLSLoadVerifyLicenseServerCertificates(); if(dwStatus == ERROR_SUCCESS) { //
// Log event indicate we are using backup certificate
//
LPCTSTR pString[1]; pString[0]= g_szComputerName;
TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_W_CORRUPTTRYBACKUPCERTIFICATE, 1, pString );
//
// make sure our first copy is up to date
//
TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1 ); } } }
//
// Everything failed, log an event state that license server
// will startup in un-registered mode
//
if(dwStatus == TLS_E_INVALID_CERTIFICATE) { LPCTSTR pString[1];
pString[0] = g_szComputerName;
TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_W_STARTUPCORRUPTEDCERT, 1, pString ); } else if(CanIssuePermLicense() == FALSE) { // we are not registered yet
LPCTSTR pString[1]; pString[0] = g_szComputerName;
TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_W_STARTUPNOCERT, 1, pString ); }
if( dwStatus != ERROR_SUCCESS ) { //
// if all failed, re-generate and start up as un-register
// license server
//
bSuccess = FALSE;
//
// wipe out all certificates and re-generate everything,
// don't re-generate key if we are not registered yet.
//
if(g_pbServerSPK == NULL || g_cbServerSPK == 0) { TLSReGenerateKeys(FALSE); } } else { bSuccess = TRUE; }
#endif
if(bSuccess == FALSE) { bSuccess = (TLSLoadSelfSignCertificates( g_hCryptProv,#if ENFORCE_LICENSING
g_pbServerSPK, g_cbServerSPK,#else
NULL, 0,#endif
&g_cbSignatureEncodedCert, &g_pbSignatureEncodedCert, &g_cbExchangeEncodedCert, &g_pbExchangeEncodedCert ) == ERROR_SUCCESS);
#ifndef ENFORCE_LICENSING
//
// non enforce license version
g_bHasHydraCert = TRUE; #endif
if(bSuccess == TRUE) { if(g_LicenseCertContext != NULL) { CertFreeCertificateContext(g_LicenseCertContext); }
g_LicenseCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, g_pbSignatureEncodedCert, g_cbSignatureEncodedCert );
if(!g_LicenseCertContext) { bSuccess = FALSE;
//
// For self-signed cert, this is critical error, for
// cert. in registry store, it must have been thru validation
// so still critical error.
//
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_CREATE_CERTCONTEXT, GetLastError() ); } else { // we have created a self-signed certificate.
bSelfSignedCreated = TRUE; } } }
//
// Create a self-signed certificate for old client,
//
if( bSuccess == TRUE ) { if( g_SelfSignCertContext != NULL ) { CertFreeCertificateContext( g_SelfSignCertContext ); g_SelfSignCertContext = NULL; }
if( bSelfSignedCreated == FALSE ) { //
// Create a self-signed certificate just for old client
//
dwStatus = TLSCreateSelfSignCertificate( g_hCryptProv, AT_SIGNATURE, #if ENFORCE_LICENSING
g_pbServerSPK, g_cbServerSPK, #else
NULL, 0, #endif
0, NULL, &cbSelfSignedCert, &pbSelfSignedCert );
if( dwStatus == ERROR_SUCCESS ) { g_SelfSignCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, pbSelfSignedCert, cbSelfSignedCert ); if( g_SelfSignCertContext == NULL ) { bSuccess = FALSE; TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_CREATE_CERTCONTEXT, GetLastError() ); } } } else { // we already have self-signed certificate created.
g_SelfSignCertContext = CertDuplicateCertificateContext( g_LicenseCertContext ); if( g_SelfSignCertContext == NULL ) { TLSASSERT(FALSE); //
// impossible, CertDuplicateCertificateContext() simply increase
// reference count
//
bSuccess = FALSE; TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_CREATE_CERTCONTEXT, GetLastError() ); } } }
FreeMemory(pbSelfSignedCert); return bSuccess;}
//---------------------------------------------------------------------
DWORDServiceInitCrypto( IN BOOL bCreateNewKeys, IN LPCTSTR pszKeyContainer, OUT HCRYPTPROV* phCryptProv, OUT HCRYPTKEY* phSignKey, OUT HCRYPTKEY* phExchKey )/*
*/{ DWORD dwStatus=ERROR_SUCCESS;
PBYTE pbSignKey=NULL; DWORD cbSignKey=0; PBYTE pbExchKey=NULL; DWORD cbExchKey=0;
if(bCreateNewKeys == FALSE) { //
// Load key from LSA
//
dwStatus = TLSLoadSavedCryptKeyFromLsa( &pbSignKey, &cbSignKey, &pbExchKey, &cbExchKey ); }
if(bCreateNewKeys == TRUE || dwStatus == ERROR_FILE_NOT_FOUND) { dwStatus = TLSCryptGenerateNewKeys( &pbSignKey, &cbSignKey, &pbExchKey, &cbExchKey );
if(dwStatus == ERROR_SUCCESS) { // Save Key to LSA
dwStatus = TLSSaveCryptKeyToLsa( pbSignKey, cbSignKey, pbExchKey, cbExchKey ); } }
if(dwStatus == ERROR_SUCCESS) { //
// Initialize a clean crypto.
//
dwStatus = TLSInitCryptoProv( pszKeyContainer, pbSignKey, cbSignKey, pbExchKey, cbExchKey, phCryptProv, phSignKey, phExchKey ); }
if(pbSignKey) { LocalFree(pbSignKey); }
if(pbExchKey) { LocalFree(pbExchKey); }
return dwStatus;}
/////////////////////////////////////////////////////////////////////////////
DWORD InitCryptoAndCertificate(){ DWORD status=ERROR_SUCCESS; DWORD dwServiceState; DWORD dwCryptoState;
//
// Initialize single global Cryptographic Provider
//
status = ServiceInitCrypto( FALSE, NULL, &g_hCryptProv, &g_SignKey, &g_ExchKey ); if(status != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_INIT_CRYPTO, status );
status = TLS_E_SERVICE_STARTUP; goto cleanup; }
LSInitCertutilLib( NULL );
if(!TLSLoadServerCertificate()) { status = TLS_E_SERVICE_STARTUP; TLSLogErrorEvent(TLS_E_LOAD_CERTIFICATE); goto cleanup; }
//
if(!g_pbExchangeEncodedCert || !g_pbSignatureEncodedCert) { TLSLogErrorEvent(status = TLS_E_INTERNAL); }
cleanup:
return status;}
//////////////////////////////////////////////////////////////////
DWORDTLSReGenKeysAndReloadServerCert( BOOL bReGenKey )/*++
--*/{ DWORD dwStatus;
dwStatus = TLSReGenerateKeys(bReGenKey); //
// always try reload certificate since TLSReGenerateKeys()
// will wipe out our keys.
//
if(TLSLoadServerCertificate() == TRUE) { if(!g_pbExchangeEncodedCert || !g_pbSignatureEncodedCert) { TLSLogErrorEvent(dwStatus = TLS_E_INTERNAL); } } else { TLSLogErrorEvent(dwStatus = TLS_E_LOAD_CERTIFICATE); }
return dwStatus;}
////////////////////////////////////////////////////////////////////
DWORDTLSReGenerateKeys( BOOL bReGenKey )
/*++
Always restore state back to clean install, bReGenKeyOnly not supported.
--*/{ HCRYPTPROV hCryptProv = NULL; HCRYPTKEY hSignKey = NULL; HCRYPTKEY hExchKey = NULL; DWORD dwStatus = ERROR_SUCCESS;
PTLSLSASERVERID pTlsLsaServerIds=NULL; DWORD cbTlsLsaServerIds=0;
//
// Create a new clean crypto.
//
dwStatus = ServiceInitCrypto( bReGenKey, NULL, &hCryptProv, &hSignKey, &hExchKey );
if(dwStatus != ERROR_SUCCESS) { return dwStatus; }
//
// Cleanup our certificate registry.
//
TLSUninstallLsCertificate();
//
// Cleanup in-memory certificates, keys...
//
if(g_SignKey) { CryptDestroyKey(g_SignKey); g_SignKey = NULL; }
if(g_ExchKey) { CryptDestroyKey(g_ExchKey); g_ExchKey = NULL; }
if( g_SelfSignCertContext != NULL ) { CertFreeCertificateContext( g_SelfSignCertContext ); g_SelfSignCertContext = NULL; }
if( g_LicenseCertContext != NULL ) { CertFreeCertificateContext(g_LicenseCertContext); g_LicenseCertContext = NULL; }
if(g_hCryptProv != NULL) { TLSDestroyCryptContext(g_hCryptProv); }
g_hCryptProv=NULL;
FreeMemory(g_pbSignatureEncodedCert); g_pbSignatureEncodedCert = NULL; g_cbSignatureEncodedCert = 0;
FreeMemory(g_pbExchangeEncodedCert); g_pbExchangeEncodedCert = NULL; g_cbExchangeEncodedCert = 0;
//
// Always back to clean state.
//
FreeMemory(g_pCertExtensions); g_pCertExtensions = NULL; g_cbCertExtensions = 0;
FreeMemory(g_pbServerSPK); g_pbServerSPK = NULL; g_cbServerSPK = 0;
//
// Store this into LSA
//
dwStatus = ServerIdsToLsaServerId( (PBYTE)g_pszServerUniqueId, g_cbServerUniqueId, (PBYTE)g_pszServerPid, g_cbServerPid, NULL, 0, NULL, 0, &pTlsLsaServerIds, &cbTlsLsaServerIds ); if(dwStatus != ERROR_SUCCESS) { assert(FALSE); goto cleanup; }
dwStatus = StoreKey( LSERVER_LSA_LSERVERID, (PBYTE)pTlsLsaServerIds, cbTlsLsaServerIds );
if(dwStatus != ERROR_SUCCESS) { assert(FALSE); goto cleanup; }
//
// Re-generate in-memory certificates...
//
g_hCryptProv = hCryptProv; g_SignKey = hSignKey; g_ExchKey = hExchKey;
cleanup:
FreeMemory(pTlsLsaServerIds); return dwStatus;}
//////////////////////////////////////////////////////////////////
DWORDTLSReGenSelfSignCert( IN HCRYPTPROV hCryptProv, IN PBYTE pbSPK, IN DWORD cbSPK, IN DWORD dwNumExtensions, IN PCERT_EXTENSION pCertExtensions )/*++
--*/{ DWORD dwStatus; PTLSLSASERVERID pbLsaServerId = NULL; DWORD cbLsaServerId = 0;
PBYTE pbSignCert = NULL; DWORD cbSignCert = 0; PBYTE pbExchCert = NULL; DWORD cbExchCert = 0; DWORD dwVerifyResult; PCCERT_CONTEXT hLicenseCertContext = NULL; LPTSTR pszSPK = NULL;
if(hCryptProv == NULL || pbSPK == NULL || cbSPK == 0) { dwStatus = ERROR_INVALID_PARAMETER; goto cleanup; } //
// Verify SPK, current SPK is base 24 encoded string
//
pszSPK = (LPTSTR)AllocateMemory(cbSPK + sizeof(TCHAR)); if(pszSPK == NULL) { dwStatus = TLS_E_ALLOCATE_MEMORY; goto cleanup; } memcpy( pszSPK, pbSPK, cbSPK );
//
// Verify SPK
//
dwVerifyResult = LKPLITE_SPK_VALID; dwStatus = LKPLiteVerifySPK( g_pszServerPid, pszSPK, &dwVerifyResult );
if(dwStatus != ERROR_SUCCESS || dwVerifyResult != LKPLITE_SPK_VALID) { if(dwVerifyResult == LKPLITE_SPK_INVALID) { dwStatus = TLS_E_INVALID_SPK; } else if(dwVerifyResult == LKPLITE_SPK_INVALID_SIGN) { dwStatus = TLS_E_SPK_INVALID_SIGN; }
goto cleanup; }
//
// Write SPK to LSA
//
dwStatus = ServerIdsToLsaServerId( (PBYTE)g_pszServerUniqueId, g_cbServerUniqueId, (PBYTE)g_pszServerPid, g_cbServerPid, pbSPK, cbSPK, pCertExtensions, dwNumExtensions, &pbLsaServerId, &cbLsaServerId );
if(dwStatus != ERROR_SUCCESS) { goto cleanup; }
//
// Save data to LSA
//
dwStatus = StoreKey( LSERVER_LSA_LSERVERID, (PBYTE) pbLsaServerId, cbLsaServerId );
if(dwStatus != ERROR_SUCCESS) { goto cleanup; }
//
// Re-generate our certificatge
//
dwStatus = TLSCreateSelfSignCertificate( hCryptProv, AT_SIGNATURE, pbSPK, cbSPK, dwNumExtensions, pCertExtensions, &cbSignCert, &pbSignCert );
if(dwStatus != ERROR_SUCCESS) { goto cleanup; }
hLicenseCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, pbSignCert, cbSignCert );
if( hLicenseCertContext == NULL ) { dwStatus = GetLastError(); goto cleanup; }
dwStatus = TLSCreateSelfSignCertificate( hCryptProv, AT_KEYEXCHANGE, pbSPK, cbSPK, dwNumExtensions, pCertExtensions, &cbExchCert, &pbExchCert ); if(dwStatus != ERROR_SUCCESS) { goto cleanup; }
//
// Certificate generated is Perm. self-signed certificate,
// don't store in registry.
//
//
// Make a copy of SPK
//
g_pbServerSPK = (PBYTE)AllocateMemory(cbSPK); if(g_pbServerSPK == NULL) { dwStatus = GetLastError(); goto cleanup; }
memcpy( g_pbServerSPK, pbSPK, cbSPK );
g_cbServerSPK = cbSPK;
if( g_SelfSignCertContext != NULL ) { CertFreeCertificateContext(g_SelfSignCertContext); }
g_SelfSignCertContext = CertDuplicateCertificateContext(hLicenseCertContext); if( g_SelfSignCertContext == NULL ) { TLSASSERT( g_SelfSignCertContext != NULL ); dwStatus = GetLastError(); goto cleanup; }
//
// Everything is OK, switch to new certificate
//
FreeMemory(g_pbSignatureEncodedCert); g_pbSignatureEncodedCert = pbSignCert; g_cbSignatureEncodedCert = cbSignCert;
if(g_LicenseCertContext != NULL) { CertFreeCertificateContext(g_LicenseCertContext); }
//
// use duplicate instead of direct assign
//
g_LicenseCertContext = CertDuplicateCertificateContext(hLicenseCertContext); TLSASSERT(g_LicenseCertContext != NULL);
FreeMemory(g_pbExchangeEncodedCert); g_pbExchangeEncodedCert = pbExchCert; g_cbExchangeEncodedCert = cbExchCert;
pbSignCert = NULL; pbExchCert = NULL;
//
// Mark we have Perm. self-signed cert.
//
g_bHasHydraCert = FALSE;
cleanup:
if( hLicenseCertContext != NULL ) { CertFreeCertificateContext( hLicenseCertContext ); }
FreeMemory(pszSPK); FreeMemory(pbLsaServerId); FreeMemory(pbSignCert); FreeMemory(pbExchCert);
return dwStatus;}
//------------------------------------------------
voidCleanSetupLicenseServer()/*++
--*/{ DWORD dwStatus; //
// Wipe out SPK in LSA
//
dwStatus = StoreKey( LSERVER_LSA_LSERVERID, (PBYTE) NULL, 0 );
dwStatus = StoreKey( LSERVER_LSA_LASTRUN, (PBYTE) NULL, 0 );
dwStatus = StoreKey( LSERVER_LSA_PRIVATEKEY_EXCHANGE, (PBYTE) NULL, 0 );
dwStatus = StoreKey( LSERVER_LSA_PRIVATEKEY_SIGNATURE, (PBYTE) NULL, 0 );
dwStatus = TLSUninstallLsCertificate();
return;}
//-----------------------------------------------
//
//
DWORDTLSStartupLSDB( IN BOOL bCheckDBStatus, IN DWORD dwMaxDbHandles, IN BOOL bStartEmptyIfError, IN BOOL bLogWarning, IN LPTSTR pszChkPointDirPath, IN LPTSTR pszTempDirPath, IN LPTSTR pszLogDirPath, IN LPTSTR pszDbFile, IN LPTSTR pszUserName, IN LPTSTR pszPassword )/*++
Abstract:
Initialize License Server's DB workspace handle list.
Parameters:
pszChkPointDirPath : ESE check point directory. pszTempDirPath : ESE temp. directory. pszLogDirPath : ESE log file directory. pszDbPath : License Server database file path. pszDbFile : License Server database file name (no path). pszUserName : Database file user name. pszPassword : Database file password.
Returns:
ERROR_SUCCESS or error code.
--*/{ BOOL bSuccess = TRUE; DWORD status = ERROR_SUCCESS; BOOL bEmptyDatabase = FALSE; BOOL bRemoveAvailableLicense = FALSE; if( __TlsDbWorkSpace::g_JbInstance.IsValid() == FALSE ) { //
// Initialize Jet Instance
//
bSuccess = TLSJbInstanceInit( __TlsDbWorkSpace::g_JbInstance, pszChkPointDirPath, pszTempDirPath, pszLogDirPath ); if(bSuccess == FALSE) { status = GetLastError(); TLSASSERT(FALSE); goto cleanup; } }
//
// Upgrade the database
//
status = TLSUpgradeDatabase( __TlsDbWorkSpace::g_JbInstance, pszDbFile, pszUserName, pszPassword );
if( status == TLS_E_BETADATABSE || status == TLS_E_INCOMPATIBLEDATABSE || (TLS_ERROR(status) == TRUE && bStartEmptyIfError == TRUE) ) { if(status == TLS_E_BETADATABSE) { CleanSetupLicenseServer(); }
//
// bad database, try to save a copy of it and
// restart from scratch
//
TLSLogInfoEvent(status);
TCHAR szTmpFileName[2*MAX_PATH+1];
bSuccess = TLSGenerateLSDBBackupFileName( pszTempDirPath, szTmpFileName );
if (bSuccess) { bSuccess = MoveFileEx( pszDbFile, szTmpFileName, MOVEFILE_REPLACE_EXISTING | MOVEFILE_COPY_ALLOWED ); }
if(bSuccess == TRUE) { LPCTSTR pString[1];
pString[0] = szTmpFileName; TLSLogEventString( EVENTLOG_INFORMATION_TYPE, TLS_I_RENAME_DBFILE, sizeof(pString)/sizeof(pString[0]), pString );
status = TLSUpgradeDatabase( __TlsDbWorkSpace::g_JbInstance, pszDbFile, pszUserName, pszPassword ); } else { //
// Can't rename this file, log an error and exit.
//
LPCTSTR pString[1];
pString[0] = pszDbFile; TLSLogEventString( EVENTLOG_ERROR_TYPE, TLS_E_RENAME_DBFILE, sizeof(pString)/sizeof(pString[0]), pString );
status = TLS_E_RENAME_DBFILE; } }
if(TLS_ERROR(status) == TRUE) { goto cleanup; }
if(status == TLS_I_CREATE_EMPTYDATABASE) { // we startup from scratch, ignore ID checking
bEmptyDatabase = TRUE; } else if(status == TLS_W_NOTOWNER_DATABASE) { #if ENFORCE_LICENSING
// not owner of database or database version mismatch, we need to kill all the
// available licenses
bRemoveAvailableLicense = TRUE; #endif
}
status = ERROR_SUCCESS;
//
// Allocate one handle to verify database
//
bSuccess = InitializeWorkSpacePool( 1, pszDbFile, pszUserName, pszPassword, pszChkPointDirPath, pszTempDirPath, pszLogDirPath, TRUE ); if(bSuccess == FALSE) { status = GetLastError(); TLSASSERT(FALSE); goto cleanup; }
if((g_DbWorkSpace = AllocateWorkSpace(g_GeneralDbTimeout)) == NULL) {
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, status = TLS_E_ALLOCATE_HANDLE );
goto cleanup; }
//
// Initialize next keypack id and license id
//
if(TLSDBGetMaxKeyPackId(g_DbWorkSpace, (DWORD *)&g_NextKeyPackId) == FALSE) { status=GetLastError();
if(IS_JB_ERROR(status)) { LPTSTR pString = NULL; TLSGetESEError( GET_JB_ERROR_CODE(status), &pString );
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_JB_BASE, GET_JB_ERROR_CODE(status), (pString != NULL) ? pString : _TEXT("") );
if(pString != NULL) { LocalFree(pString); } } else { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, status ); }
goto cleanup; }
if(!TLSDBGetMaxLicenseId(g_DbWorkSpace, (DWORD *)&g_NextLicenseId)) { status=GetLastError();
if(IS_JB_ERROR(status)) { LPTSTR pString = NULL; TLSGetESEError( GET_JB_ERROR_CODE(status), &pString );
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_JB_BASE, GET_JB_ERROR_CODE(status), (pString != NULL) ? pString : _TEXT("") );
if(pString != NULL) { LocalFree(pString); } } else { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, status ); }
goto cleanup; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Next KeyPack ID - %d, Next License ID - %d\n"), g_NextKeyPackId, g_NextLicenseId );
//
// Verify database status with last run status
//
{ LPTLServerLastRun lpLastRun = NULL; DWORD cbByte=0; PBYTE pbByte=NULL;
status = RetrieveKey( LSERVER_LSA_LASTRUN, &pbByte, &cbByte );
lpLastRun = (LPTLServerLastRun)pbByte;
if( status == ERROR_SUCCESS && lpLastRun != NULL ) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Last run status : Next KeyPack ID - %d, Next License ID - %d\n"), lpLastRun->dwMaxKeyPackId, lpLastRun->dwMaxLicenseId );
//
// Verify no 'copy' database
//
if( bCheckDBStatus == TRUE && bEmptyDatabase == FALSE && bRemoveAvailableLicense == FALSE && lpLastRun->dwMaxKeyPackId != 0 && lpLastRun->dwMaxLicenseId != 0 ) { // enforce version will remove all available licenses
#if ENFORCE_LICENSING
if( lpLastRun->dwMaxKeyPackId != g_NextKeyPackId || lpLastRun->dwMaxLicenseId != g_NextLicenseId) { TLSLogWarningEvent(TLS_W_INCONSISTENT_STATUS); bRemoveAvailableLicense = TRUE; }
#endif
} else { g_ftLastShutdownTime = lpLastRun->ftLastShutdownTime; } }
if(pbByte) { LocalFree(pbByte); }
//
// overwrite last run status to 0 so if we crash,
// check won't get kick it
//
TLServerLastRun LastRun;
memset(&LastRun, 0, sizeof(LastRun)); LastRun.ftLastShutdownTime = g_ftLastShutdownTime; StoreKey( LSERVER_LSA_LASTRUN, (PBYTE)&LastRun, sizeof(TLServerLastRun) ); }
g_NextKeyPackId++; g_NextLicenseId++;
//
// remove available licenses
if(bRemoveAvailableLicense == TRUE) { status = TLSRemoveLicensesFromInvalidDatabase( g_DbWorkSpace );
if(status != ERROR_SUCCESS) { goto cleanup; } } //
// Insert a keypack for Terminal Service Certificate.
//
status = TLSAddTermServCertificatePack(g_DbWorkSpace, bLogWarning); if(status != ERROR_SUCCESS && status != TLS_E_DUPLICATE_RECORD) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, status = TLS_E_UPGRADE_DATABASE );
goto cleanup; }
//
// Allocate rest of the workspace handle
//
bSuccess = InitializeWorkSpacePool( dwMaxDbHandles, pszDbFile, pszUserName, pszPassword, NULL, NULL, NULL, FALSE );
//
if(bSuccess == FALSE && GetNumberOfWorkSpaceHandle() < DB_MIN_HANDLE_NEEDED) { status = GetLastError(); }
// This is a temporary workaround to change keypack version in the database from 5.1 to 5.2 to accomodate for
// Beta 3 and interim builds of LS. Only in the absence of Registry key we will convert the 5.1 keypacks to 5.2
HKEY hKey = NULL; status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, WHISTLER_CAL, 0, KEY_ALL_ACCESS, &hKey);
if (status == ERROR_SUCCESS) { RegCloseKey(hKey); } else { status = UpgradeKeyPackVersion(g_DbWorkSpace); }
cleanup:
return status;}
///////////////////////////////////////////////////////////////
DWORDTLSStartLSDbWorkspaceEngine( BOOL bChkDbStatus, BOOL bIgnoreRestoreFile, BOOL bIgnoreFileTimeChk, BOOL bLogWarning )/*++
bChkDbStatus : Match next LKP ID and License ID with LSAbIgnoreRestoreFile : FALSE if try to open DB file under EXPORT, TRUE otherwisebLogWarning : TRUE if log low license count warning, FALSE otherwise. note, this parameter is ignore in enforce build.
--*/{ TCHAR szDbRestoreFile[MAX_PATH+1]; WIN32_FIND_DATA RestoreFileAttr; WIN32_FIND_DATA LsDbFileAttr; BOOL bSuccess = TRUE; DWORD dwStatus = ERROR_SUCCESS;
TCHAR szDbBackupFile[MAX_PATH+1]; TCHAR szDbRestoreTmpFile[MAX_PATH+1];
if(bIgnoreRestoreFile == TRUE) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Ignore restore file\n") ); goto open_existing; }
//----------------------------------------------------------
//
// Check database file in the export directory.
//
//----------------------------------------------------------
if(MAX_PATH < (_tcslen(g_szDatabaseDir)+_tcslen(TLSBACKUP_EXPORT_DIR)+ _tcslen(g_szDatabaseFname) + 1)) { dwStatus = E_OUTOFMEMORY; goto open_existing; } _tcscpy(szDbRestoreFile, g_szDatabaseDir); _tcscat(szDbRestoreFile, TLSBACKUP_EXPORT_DIR); _tcscat(szDbRestoreFile, _TEXT("\\")); _tcscat(szDbRestoreFile, g_szDatabaseFname);
bSuccess = FileExists( szDbRestoreFile, &RestoreFileAttr );
if(bSuccess == FALSE) { goto open_existing; }
bSuccess = FileExists( g_szDatabaseFile, &LsDbFileAttr );
if(bSuccess == FALSE) {
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("No existing database file, use restored file...\n") );
//
// Database file does not exist, move the restored file over and open it.
//
bSuccess = MoveFileEx( szDbRestoreFile, g_szDatabaseFile, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH );
if(bSuccess == FALSE) {
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Failed to move restore to existing db file - %d\n"), GetLastError() );
// can't move restore file, don't use the restore file,
// startup with empty database
dwStatus = GetLastError();
LPCTSTR pString[1]; pString[0] = szDbRestoreFile;
TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_E_DBRESTORE_MOVEFILE, 1, pString ); } else { TLSLogInfoEvent(TLS_I_USE_DBRESTOREFILE); }
#if DBG
EnsureExclusiveAccessToDbFile( g_szDatabaseFile ); #endif
goto open_existing; }
//
// Compare file's last modification time, if existing database file is newer
// than restore one, log event and continue opening existing file
//
if( bIgnoreFileTimeChk == FALSE ) { if(CompareFileTime(&(RestoreFileAttr.ftLastWriteTime), &(LsDbFileAttr.ftLastWriteTime)) <= 0 ) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Restore file is too old...\n"), GetLastError() );
//TLSLogInfoEvent(TLS_I_DBRESTORE_OLD);
goto open_existing; } }
//
// make a backup copy of existing database file.
//
bSuccess = TLSGenerateLSDBBackupFileName( g_szDatabaseDir, szDbBackupFile );
if (bSuccess) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Existing database file has been backup to %s\n"), szDbBackupFile ); bSuccess = MoveFileEx( g_szDatabaseFile, szDbBackupFile, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH ); }
if(bSuccess == FALSE) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Failed to backup existing database file - %d\n"), GetLastError() );
//
// Can't save a copy of existing database file
// Log an error and continue to open using existing database
//
LPCTSTR pString[1];
pString[0] = g_szDatabaseFile; TLSLogEventString( EVENTLOG_WARNING_TYPE, TLS_W_DBRESTORE_SAVEEXISTING, 1, pString );
goto open_existing; }
//
// Rename restore file and then try to open the restore file.
//
bSuccess = MoveFileEx( szDbRestoreFile, g_szDatabaseFile, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH );
if(bSuccess == TRUE) { #if DBG
EnsureExclusiveAccessToDbFile( g_szDatabaseFile ); #endif
//
// Open the restore database file
//
dwStatus = TLSStartupLSDB( bChkDbStatus, g_dwMaxDbHandles, FALSE, bLogWarning, g_szDatabaseDir, g_szDatabaseDir, g_szDatabaseDir, g_szDatabaseFile, g_szDbUser, g_szDbPwd );
if(dwStatus == ERROR_SUCCESS) { //
// Log event indicating we open the restore file, existing
// database file has been saved as ...
//
LPCTSTR pString[1];
pString[0] = szDbBackupFile; TLSLogEventString( EVENTLOG_INFORMATION_TYPE, TLS_I_OPENRESTOREDBFILE, 1, pString );
return dwStatus; } } //
// Can't open the restore db file or MoveFileEx() failed
//
bSuccess = TLSGenerateLSDBBackupFileName( g_szDatabaseDir, szDbRestoreTmpFile );
if (bSuccess) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Backup restore file to %s\n"), szDbRestoreTmpFile );
bSuccess = MoveFileEx( g_szDatabaseFile, szDbRestoreTmpFile, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH ); }
if(bSuccess == FALSE) { // failed to backup restore db file, delete it
bSuccess = DeleteFile(g_szDatabaseFile); TLSLogErrorEvent(TLS_E_RESTOREDBFILE_OPENFAIL); } else { LPCTSTR pString[1]; pString[0] = szDbRestoreTmpFile; TLSLogEventString( EVENTLOG_ERROR_TYPE, TLS_E_RESTOREDBFILE_OPENFAIL_SAVED, 1, pString ); }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Restore original database file %s to %s\n"), szDbBackupFile, g_szDatabaseFile );
//
// Restore the existing database file
//
bSuccess = MoveFileEx( szDbBackupFile, g_szDatabaseFile, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH );
if(bSuccess == FALSE) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("failed to restore original DB file - %d\n"), GetLastError() );
TLSASSERT(FALSE); // this is really bad, continue with empty database file.
}
#if DBG
EnsureExclusiveAccessToDbFile( g_szDatabaseFile ); #endif
open_existing:
return TLSStartupLSDB( bChkDbStatus, g_dwMaxDbHandles, TRUE, bLogWarning, g_szDatabaseDir, g_szDatabaseDir, g_szDatabaseDir, g_szDatabaseFile, g_szDbUser, g_szDbPwd );}
///////////////////////////////////////////////////////////////
DWORDTLSLoadRuntimeParameters()/*++
--*/{ HKEY hKey = NULL; DWORD dwStatus = ERROR_SUCCESS; DWORD dwKeyType; TCHAR szDbPath[MAX_PATH+1];; TCHAR szDbFileName[MAX_PATH+1]; DWORD dwBuffer;
DWORD cbByte = 0; PBYTE pbByte = NULL;
//-------------------------------------------------------------------
//
// Open HKLM\system\currentcontrolset\sevices\termservlicensing\parameters
//
//-------------------------------------------------------------------
dwStatus =RegCreateKeyEx( HKEY_LOCAL_MACHINE, LSERVER_REGISTRY_BASE _TEXT(SZSERVICENAME) _TEXT("\\") LSERVER_PARAMETERS, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL );
if(dwStatus != ERROR_SUCCESS) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_ACCESS_REGISTRY, dwStatus );
dwStatus = TLS_E_INIT_GENERAL; goto cleanup; }
//-------------------------------------------------------------------
//
// Get database file location and file name
//
//-------------------------------------------------------------------
dwBuffer = sizeof(szDbPath) / sizeof(szDbPath[0]);
dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_DBPATH, NULL, NULL, (LPBYTE)szDbPath, &dwBuffer ); if(dwStatus != ERROR_SUCCESS) { //
// need to startup so use default value,
//
_tcscpy( szDbPath, LSERVER_DEFAULT_DBPATH ); }
//
// Get database file name
//
dwBuffer = sizeof(szDbFileName) / sizeof(szDbFileName[0]); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_DBFILE, NULL, NULL, (LPBYTE)szDbFileName, &dwBuffer ); if(dwStatus != ERROR_SUCCESS) { //
// Use default value.
//
_tcscpy( szDbFileName, LSERVER_DEFAULT_EDB ); }
_tcscpy(g_szDatabaseFname, szDbFileName);
//
// Always expand DB Path.
//
dwStatus = ExpandEnvironmentStrings( szDbPath, g_szDatabaseDir, sizeof(g_szDatabaseDir) / sizeof(g_szDatabaseDir[0]) );
if(dwStatus == 0) { // can't expand environment variable, error out.
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_LOCALDATABASEFILE, dwStatus = GetLastError() );
goto cleanup; }
if(g_szDatabaseDir[_tcslen(g_szDatabaseDir) - 1] != _TEXT('\\')) { // JetBlue needs this.
_tcscat(g_szDatabaseDir, _TEXT("\\")); }
//
// Full path to database file
//
_tcscpy(g_szDatabaseFile, g_szDatabaseDir); _tcscat(g_szDatabaseFile, szDbFileName);
//
// Database file user and password
//
dwBuffer = sizeof(g_szDbUser) / sizeof(g_szDbUser[0]); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_USER, NULL, NULL, (LPBYTE)g_szDbUser, &dwBuffer );
// password is rendomly generated
dwStatus = RetrieveKey( LSERVER_LSA_PASSWORD_KEYNAME, &pbByte, &cbByte );
// backward compatibilty
if(dwStatus != ERROR_SUCCESS) { //
// Load password from registry or default to 'default' password
//
dwBuffer = sizeof(g_szDbPwd) / sizeof(g_szDbPwd[0]); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_PWD, NULL, NULL, (LPBYTE)g_szDbPwd, &dwBuffer ); } else { //
// save info into global variable
//
memset(g_szDbPwd, 0, sizeof(g_szDbPwd)); memcpy((PBYTE)g_szDbPwd, pbByte, min(cbByte, sizeof(g_szDbPwd)));
}
if(pbByte != NULL) { LocalFree(pbByte); }
//--------------------------------------------------------------------
//
// Work Object Parameters
//
//--------------------------------------------------------------------
dwBuffer = sizeof(g_dwTlsJobInterval);
dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_WORKINTERVAL, NULL, NULL, (LPBYTE)&g_dwTlsJobInterval, &dwBuffer );
if(dwStatus != ERROR_SUCCESS) { g_dwTlsJobInterval = DEFAULT_JOB_INTERVAL; }
dwBuffer = sizeof(g_dwTlsJobRetryTimes); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_RETRYTIMES, NULL, NULL, (LPBYTE)&g_dwTlsJobRetryTimes, &dwBuffer );
if(dwStatus != ERROR_SUCCESS) { g_dwTlsJobRetryTimes = DEFAULT_JOB_RETRYTIMES; }
dwBuffer=sizeof(g_dwTlsJobRestartTime); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_WORKRESTART, NULL, NULL, (LPBYTE)&g_dwTlsJobRestartTime, &dwBuffer );
if(dwStatus != ERROR_SUCCESS) { g_dwTlsJobRestartTime = DEFAULT_JOB_INTERVAL; }
//---------------------------------------------------
//
// load low license warning count
//
//---------------------------------------------------
dwBuffer = sizeof(g_LowLicenseCountWarning); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_LOWLICENSEWARNING, NULL, &dwKeyType, NULL, &dwBuffer );
if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_LOWLICENSEWARNING, NULL, &dwKeyType, (LPBYTE)&g_LowLicenseCountWarning, &dwBuffer ); } //---------------------------------------------------
//
// Temp. license grace period
//
//---------------------------------------------------
dwBuffer = sizeof(g_GracePeriod); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_GRACEPERIOD, NULL, &dwKeyType, NULL, &dwBuffer ); if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_GRACEPERIOD, NULL, &dwKeyType, (LPBYTE)&g_GracePeriod, &dwBuffer ); }
if(g_GracePeriod > GRACE_PERIOD) { // grace period can be greated than this.
g_GracePeriod = GRACE_PERIOD; }
//
// Are we allow to issue temp. license
//
dwBuffer = sizeof(g_IssueTemporayLicense); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ISSUETEMPLICENSE, NULL, &dwKeyType, NULL, &dwBuffer );
if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ISSUETEMPLICENSE, NULL, &dwKeyType, (LPBYTE)&g_IssueTemporayLicense, &dwBuffer ); }
//------------------------------------------------------
//
// Timeout value if can't allocate a DB handle
//
//------------------------------------------------------
//
// Timeout for allocating a write handle
//
dwBuffer = sizeof(g_GeneralDbTimeout); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_DBTIMEOUT, NULL, &dwKeyType, NULL, &dwBuffer );
if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_DBTIMEOUT, NULL, &dwKeyType, (LPBYTE)&g_GeneralDbTimeout, &dwBuffer ); }
//
// Timeout for read handle
//
dwBuffer = sizeof(g_EnumDbTimeout); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_EDBTIMEOUT, NULL, &dwKeyType, NULL, &dwBuffer );
if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_EDBTIMEOUT, NULL, &dwKeyType, (LPBYTE)&g_EnumDbTimeout, &dwBuffer ); }
//------------------------------------------------------
//
// Number of database handles
//
//------------------------------------------------------
dwBuffer = sizeof(g_dwMaxDbHandles); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_MAXDBHANDLES, NULL, &dwKeyType, NULL, &dwBuffer );
if(dwStatus == ERROR_SUCCESS && dwKeyType == REG_DWORD) { dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_MAXDBHANDLES, NULL, &dwKeyType, (LPBYTE)&g_dwMaxDbHandles, &dwBuffer );
if(g_dwMaxDbHandles > DB_MAX_CONNECTIONS-1) { g_dwMaxDbHandles = DEFAULT_DB_CONNECTIONS; } }
//------------------------------------------------------
//
// Load parameters for ESENT, all parameter must be set
// and confirm to ESENT document, any error, we just
// revert back to some value we know it works.
//
//------------------------------------------------------
dwBuffer = sizeof(g_EsentMaxCacheSize); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ESENTMAXCACHESIZE, NULL, NULL, (LPBYTE)&g_EsentMaxCacheSize, &dwBuffer );
if(dwStatus == ERROR_SUCCESS) { dwBuffer = sizeof(g_EsentStartFlushThreshold); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ESENTSTARTFLUSH, NULL, NULL, (LPBYTE)&g_EsentStartFlushThreshold, &dwBuffer );
if(dwStatus == ERROR_SUCCESS) { dwBuffer = sizeof(g_EsentStopFlushThreadhold); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ESENTSTOPFLUSH, NULL, NULL, (LPBYTE)&g_EsentStopFlushThreadhold, &dwBuffer ); } } if( dwStatus != ERROR_SUCCESS || g_EsentStartFlushThreshold > g_EsentStopFlushThreadhold || g_EsentStopFlushThreadhold > g_EsentMaxCacheSize || g_EsentMaxCacheSize < LSERVER_PARAMETERS_ESENTMAXCACHESIZE_MIN || g_EsentStartFlushThreshold < LSERVER_PARAMETERS_ESENTSTARTFLUSH_MIN || g_EsentStopFlushThreadhold < LSERVER_PARAMETERS_ESENTSTOPFLUSH_MIN || g_EsentMaxCacheSize > LSERVER_PARAMETERS_ESENTMAXCACHESIZE_MAX || g_EsentStartFlushThreshold > LSERVER_PARAMETERS_ESENTSTARTFLUSH_MAX || g_EsentStopFlushThreadhold > LSERVER_PARAMETERS_ESENTSTOPFLUSH_MAX ) { // pre-define number to let ESENT picks its number
if( g_EsentMaxCacheSize != LSERVER_PARAMETERS_USE_ESENTDEFAULT ) { g_EsentMaxCacheSize = LSERVER_PARAMETERS_ESENTMAXCACHESIZE_DEFAULT; g_EsentStartFlushThreshold = LSERVER_PARAMETERS_ESENTSTARTFLUSH_DEFAULT; g_EsentStopFlushThreadhold = LSERVER_PARAMETERS_ESENTSTOPFLUSH_DEFAULT; } }
dwBuffer = sizeof(g_EsentMaxVerPages); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ESENTMAXVERPAGES, NULL, NULL, (LPBYTE)&g_EsentMaxVerPages, &dwBuffer );
if ((dwStatus != ERROR_SUCCESS) || (g_EsentMaxVerPages > LSERVER_PARAMETERS_ESENTMAXVERPAGES_MAX) || (g_EsentMaxVerPages < LSERVER_PARAMETERS_ESENTMAXVERPAGES_MIN)) { g_EsentMaxVerPages = LSERVER_PARAMETERS_USE_ESENTDEFAULT; }
//------------------------------------------------------
//
// Determine role of server in enterprise
//
//------------------------------------------------------
dwBuffer = sizeof(g_SrvRole); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_ROLE, NULL, NULL, (LPBYTE)&g_SrvRole, &dwBuffer );
if(g_SrvRole & TLSERVER_ENTERPRISE_SERVER) { dwBuffer = sizeof(g_szScope)/sizeof(g_szScope[0]); memset(g_szScope, 0, sizeof(g_szScope));
dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_SCOPE, NULL, &dwKeyType, (LPBYTE)g_szScope, &dwBuffer );
if(dwStatus != ERROR_SUCCESS) { // no scope is set, default to local machine name
// consider using domain name ???
LoadResourceString( IDS_SCOPE_ENTERPRISE, g_szScope, sizeof(g_szScope)/sizeof(g_szScope[0]) ); }
g_pszScope = g_szScope; } else { //
// Use the workgroup or domain name as scope
//
LPWSTR pszScope;
if(GetMachineGroup(NULL, &pszScope) == FALSE) { TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_SERVICEINIT, TLS_E_RETRIEVEGROUPNAME );
goto cleanup; }
g_pszScope = pszScope; }
//------------------------------------------------------
//
// Reissuance Parameters
//
//------------------------------------------------------
dwBuffer = sizeof(g_dwReissueLeaseMinimum); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_LEASE_MIN, NULL, NULL, (LPBYTE)&g_dwReissueLeaseMinimum, &dwBuffer );
if (dwStatus == ERROR_SUCCESS) { g_dwReissueLeaseMinimum = min(g_dwReissueLeaseMinimum, PERMANENT_LICENSE_LEASE_EXPIRE_MIN); } else { g_dwReissueLeaseMinimum = PERMANENT_LICENSE_LEASE_EXPIRE_MIN; }
dwBuffer = sizeof(g_dwReissueLeaseRange); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_LEASE_RANGE, NULL, NULL, (LPBYTE)&g_dwReissueLeaseRange, &dwBuffer );
if (dwStatus == ERROR_SUCCESS) { g_dwReissueLeaseRange = min(g_dwReissueLeaseRange, PERMANENT_LICENSE_LEASE_EXPIRE_RANGE);
g_dwReissueLeaseRange = max(g_dwReissueLeaseRange, 1); } else { g_dwReissueLeaseRange = PERMANENT_LICENSE_LEASE_EXPIRE_RANGE; }
dwBuffer = sizeof(g_dwReissueLeaseLeeway); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_LEASE_LEEWAY, NULL, NULL, (LPBYTE)&g_dwReissueLeaseLeeway, &dwBuffer );
if (dwStatus == ERROR_SUCCESS) { g_dwReissueLeaseLeeway = min(g_dwReissueLeaseLeeway, PERMANENT_LICENSE_LEASE_EXPIRE_LEEWAY); } else { g_dwReissueLeaseLeeway = PERMANENT_LICENSE_LEASE_EXPIRE_LEEWAY; }
dwBuffer = sizeof(g_dwReissueExpireThreadSleep); dwStatus = RegQueryValueEx( hKey, LSERVER_PARAMETERS_EXPIRE_THREAD_SLEEP, NULL, NULL, (LPBYTE)&g_dwReissueExpireThreadSleep, &dwBuffer );
if (dwStatus == ERROR_SUCCESS) { g_dwReissueExpireThreadSleep = min(g_dwReissueExpireThreadSleep, EXPIRE_THREAD_SLEEP_TIME); } else { g_dwReissueExpireThreadSleep = EXPIRE_THREAD_SLEEP_TIME; }
dwStatus = ERROR_SUCCESS;
cleanup: if(hKey != NULL) { RegCloseKey(hKey); }
return dwStatus;}
///////////////////////////////////////////////////////////////
DWORDTLSPrepareForBackupRestore(){ DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("TLSPrepareForBackupRestore...\n") );
//
// Pretend we are shutting down.
//
// ServiceSignalShutdown();
//
// first stop workmanager thread
//
TLSWorkManagerShutdown();
//
// Close all workspace and DB handle
//
#ifndef _NO_ODBC_JET
if(g_DbWorkSpace != NULL) { ReleaseWorkSpace(&g_DbWorkSpace); }#endif
CloseWorkSpacePool();
return ERROR_SUCCESS;}
///////////////////////////////////////////////////////////////
DWORDTLSRestartAfterBackupRestore( BOOL bRestartAfterbackup )/*++
bRestartAfterbackup : TRUE if restart after backup, FALSE if restart after restore.
--*/{ DWORD dwStatus; BOOL bIgnoreRestoreFile; BOOL bIgnoreFileTimeChecking; BOOL bLogWarning;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("TLSRestartAfterBackupRestore...\n") );
//
// Reset shutdown event
//
// ServiceResetShutdownEvent();
//
// Startup DB engine.
//
bIgnoreRestoreFile = bRestartAfterbackup; bIgnoreFileTimeChecking = (bRestartAfterbackup == FALSE); // on restore, we need to ignore file time checking
bLogWarning = bIgnoreFileTimeChecking; // log warning after restart from restore
dwStatus = TLSStartLSDbWorkspaceEngine( TRUE, bIgnoreRestoreFile, bIgnoreFileTimeChecking, bLogWarning );
if(dwStatus == ERROR_SUCCESS) { dwStatus = TLSWorkManagerInit(); }
// backup/restore always shutdown namedpipe thread
InitNamedPipeThread();
TLSASSERT(dwStatus == ERROR_SUCCESS);
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_INIT, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("\tTLSRestartAfterBackupRestore() returns %d\n"), dwStatus );
return dwStatus;}
|
