|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996-1996
//
// File: tlsrpc.c
//
// Contents: Various RPC function to accept client request
//
// History: 12-09-98 HueiWang Created
//
//---------------------------------------------------------------------------
#include "pch.cpp"
#include "server.h"
#include "gencert.h"
#include "kp.h"
#include "keypack.h"
#include "clilic.h"
#include "postjob.h"
#include "srvlist.h"
#include "utils.h"
#include "misc.h"
#include "licreq.h"
#include "server.h"
#include "init.h"
#include "globals.h"
#include "db.h"
#include "tlscert.h"
#include "permlic.h"
#include "remotedb.h"
#include <winsta.h>
BOOL g_bLockValid = FALSE;
CCMutex g_AdminLock;CCMutex g_RpcLock;CCEvent g_ServerShutDown(TRUE, FALSE);
extern PSECURITY_DESCRIPTOR g_pSecDes;
/****************************************************************************/// TSLSRPCAccessCheck
//
// Check if this RPC caller havs access right or not
/****************************************************************************/BOOL TSLSRPCAccessCheck(){ RPC_STATUS rpcStatus; HANDLE hClientToken = NULL; DWORD dwStatus = ERROR_SUCCESS; GENERIC_MAPPING GenericMapping = { STANDARD_RIGHTS_READ, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_WRITE, STANDARD_RIGHTS_ALL };
BYTE PrivilegeSetBuffer[sizeof(PRIVILEGE_SET) + 3*sizeof(LUID_AND_ATTRIBUTES)]; PPRIVILEGE_SET PrivilegeSet = (PPRIVILEGE_SET) PrivilegeSetBuffer; ULONG PrivilegeSetLength = sizeof(PrivilegeSetBuffer); ACCESS_MASK AccessGranted = 0; BOOL AccessStatus = FALSE;
if(g_pSecDes == NULL) return TRUE;
// Check the access right of this rpc call
rpcStatus = RpcImpersonateClient(0);
if (RPC_S_OK != rpcStatus) { dwStatus = E_FAIL; DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("RpcImpersonateClient() failed\n") );
goto cleanup; }
// get the impersonated token
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hClientToken)) { dwStatus = GetLastError(); DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("OpenThreadToken() failed\n") );
RpcRevertToSelf(); goto cleanup; }
RpcRevertToSelf(); if (!AccessCheck(g_pSecDes, hClientToken, STANDARD_RIGHTS_READ, &GenericMapping, PrivilegeSet, &PrivilegeSetLength, &AccessGranted, &AccessStatus)) { dwStatus = GetLastError(); DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("AccessCheck() failed\n") );
goto cleanup; } cleanup: if (hClientToken != NULL) { CloseHandle(hClientToken); }
return AccessStatus;}
/////////////////////////////////////////////////////////////////////////////////
DWORD SecureModeCheck(){ DWORD dwStatus = ERROR_SUCCESS; BOOL AccessStatus = FALSE; BOOL fInDomain = FALSE; WCHAR *StringBinding = NULL; WCHAR *ServerAddress = NULL; RPC_BINDING_HANDLE ServerBinding = 0;
POLICY_TS_MACHINE groupPolicy; RegGetMachinePolicy(&groupPolicy); BOOL bSecureLicensing = FALSE;
if( groupPolicy.fPolicySecureLicensing == 1 && groupPolicy.fSecureLicensing == 1) { bSecureLicensing = TRUE; }
if(bSecureLicensing == TRUE) { dwStatus = TLSInDomain(&fInDomain, NULL);
if(dwStatus == ERROR_SUCCESS && fInDomain == TRUE) { // Check this rpc access right
AccessStatus = TSLSRPCAccessCheck(); if (!AccessStatus) { // Determine client address.
dwStatus = RpcBindingServerFromClient(0, &ServerBinding); if(dwStatus != RPC_S_OK) { return TLS_E_ACCESS_DENIED; } dwStatus = RpcBindingToStringBinding(ServerBinding, &StringBinding); if( dwStatus != RPC_S_OK) { return TLS_E_ACCESS_DENIED; } dwStatus = RpcStringBindingParse(StringBinding, NULL, NULL, &ServerAddress, NULL, NULL);
if( dwStatus != RPC_S_OK) { return TLS_E_ACCESS_DENIED; }
{ LPCTSTR rgString[] = {ServerAddress};
TLSLogEventString( EVENTLOG_ERROR_TYPE, TLS_E_LICENSE_ISSUANCE_ACCESS_DENIED, 1, rgString); } return TLS_E_ACCESS_DENIED; } else { return ERROR_SUCCESS; } } else { return ERROR_SUCCESS; } } else { return ERROR_SUCCESS; }}
BOOL VerifyLicenseRequest( PTLSLICENSEREQUEST pLicenseRequest )/*++
--*/{ BOOL bValid = FALSE;
if(pLicenseRequest == NULL) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("VerifyLicenseRequest() invalid input\n") );
goto cleanup; }
if( pLicenseRequest->cbEncryptedHwid == 0 || pLicenseRequest->pbEncryptedHwid == NULL) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("VerifyLicenseRequest() invalid HWID\n") );
goto cleanup; }
if( pLicenseRequest->ProductInfo.cbCompanyName == 0 || pLicenseRequest->ProductInfo.pbCompanyName == NULL ) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("VerifyLicenseRequest() invalid company name\n") );
goto cleanup; }
if( pLicenseRequest->ProductInfo.cbProductID == 0 || pLicenseRequest->ProductInfo.pbProductID == NULL ) { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("VerifyLicenseRequest() invalid product id\n") );
goto cleanup; }
bValid = TRUE;
cleanup:
return bValid;}
/////////////////////////////////////////////////////////////////////////////
BOOL WaitForMyTurnOrShutdown( HANDLE hHandle, DWORD dwWaitTime )/*
*/{ //
// Shutdown event is first one in the wait list
// reason is when service thread signal shutdow, at the same time,
// there might be a RPC call entering WaitForMultipleObjects() call and
// it will return WAIT_OBJECT_0 and continue on, this is not desirable
// since we want it to return can't get handle and exit RPC call immediately
//
HANDLE waitHandles[2]={g_ServerShutDown.hEvent, hHandle}; DWORD dwStatus;
//
// Could be return shutting down...
//
dwStatus=WaitForMultipleObjects( sizeof(waitHandles)/sizeof(waitHandles[0]), waitHandles, FALSE, dwWaitTime );
return (dwStatus == WAIT_OBJECT_0 + 1) || (dwStatus == WAIT_ABANDONED_0 + 1);}
//////////////////////////////////////////////////////
HANDLEGetServiceShutdownHandle(){ return g_ServerShutDown.hEvent;}
void ServiceSignalShutdown(){ g_ServerShutDown.SetEvent();}
void ServiceResetShutdownEvent(){ g_ServerShutDown.ResetEvent();}
BOOLIsServiceShuttingdown(){ if(g_bLockValid == FALSE) return TRUE; else return (WaitForSingleObject(g_ServerShutDown.hEvent, 0) == WAIT_OBJECT_0);}
//////////////////////////////////////////////////////
BOOL AcquireRPCExclusiveLock( IN DWORD dwWaitTime )
/*++
Abstract:
Acquire exclusive lock for RPC interface.
Parameter:
dwWaitTime : Wait time.
Return:
TRUE/FALSE
--*/
{ return WaitForMyTurnOrShutdown( g_RpcLock.hMutex, dwWaitTime );}
//////////////////////////////////////////////////////
voidReleaseRPCExclusiveLock(){ g_RpcLock.Unlock();}
//////////////////////////////////////////////////////
BOOLAcquireAdministrativeLock( IN DWORD dwWaitTime )/*++
Abstract:
Acquire lock for administrative action.
Parameter:
dwWaitTime : Time to wait for the lock.
Returns:
TRUE/FALSE.
--*/
{ return WaitForMyTurnOrShutdown( g_AdminLock.hMutex, dwWaitTime );}
//////////////////////////////////////////////////////
voidReleaseAdministrativeLock()/*++
--*/{ g_AdminLock.Unlock();}
//-----------------------------------------------------------------------
DWORD TLSVerifyHydraCertificate( PBYTE pHSCert, DWORD cbHSCert )/*
*/{ DWORD dwStatus;
dwStatus = TLSVerifyProprietyChainedCertificate( g_hCryptProv, pHSCert, cbHSCert );
if(dwStatus != ERROR_SUCCESS) { Hydra_Server_Cert hCert;
memset(&hCert, 0, sizeof(Hydra_Server_Cert));
dwStatus=UnpackHydraServerCertificate(pHSCert, cbHSCert, &hCert); if(dwStatus == LICENSE_STATUS_OK) { dwStatus=LicenseVerifyServerCert(&hCert);
if(hCert.PublicKeyData.pBlob) free(hCert.PublicKeyData.pBlob);
if(hCert.SignatureBlob.pBlob) free(hCert.SignatureBlob.pBlob); } }
return dwStatus;}
//-------------------------------------------------------------------------
//
// General RPC routines
//
void * __RPC_USER MIDL_user_allocate(size_t size){ void* ptr=AllocateMemory(size);
// DBGPrintf(0xFFFFFFFF, _TEXT("Allocate 0x%08x, size %d\n"), ptr, size);
return ptr;}
void __RPC_USER MIDL_user_free(void *pointer){ FreeMemory(pointer);}
//-------------------------------------------------------------------------
BOOL ValidContextHandle( IN PCONTEXT_HANDLE phContext )/*++
Description:
Verify client context handle.
Arguments:
phContext - client context handle return from TLSRpcConnect().
Return:
TRUE/FALSE
++*/{#if DBG
BOOL bValid; LPCLIENTCONTEXT lpClientContext = (LPCLIENTCONTEXT)phContext;
bValid = (lpClientContext->m_PreDbg[0] == 0xcdcdcdcd && lpClientContext->m_PreDbg[1] == 0xcdcdcdcd && lpClientContext->m_PostDbg[0] == 0xcdcdcdcd && lpClientContext->m_PostDbg[1] == 0xcdcdcdcd); if(!bValid) { DBGPrintf( DBG_ERROR, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("ValidContextHandle : Bad client context\n") );
TLSASSERT(FALSE); }
return bValid;
#else
return TRUE;
#endif
}
//-------------------------------------------------------------------------
void __RPC_USER PCONTEXT_HANDLE_rundown( PCONTEXT_HANDLE phContext )/*++
Description:
Client context handle cleanup, called when client disconnect normally or abnormally, see context handle rundown routine help on RPC
Argument:
phContext - client context handle.
Returns:
None
++*/{ DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("PCONTEXT_HANDLE_rundown...\n") );
TLSASSERT(phContext != NULL);
if(g_bLockValid == FALSE) { return; } //
// If service is shutting down, exit right away without freeing up memory,
//
// Durning shutdown, RPC wait until all call completed but it does not wait
// until all open connection has 'rundown' if client is still in enumeration,
// this will cause ReleaseWorkSpace() to assert. Instead of using one more
// HANDLE to wait until all open connection has been rundown, we return right
// away to speed up shutdown time
//
if( phContext && ValidContextHandle(phContext) ) { LPCLIENTCONTEXT lpClientContext = (LPCLIENTCONTEXT)phContext;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("Disconnect from %s\n"), lpClientContext->m_Client );
assert(lpClientContext->m_RefCount == 0); if( IsServiceShuttingdown() == FALSE ) { switch(lpClientContext->m_ContextType) { case CONTEXTHANDLE_LICENSE_ENUM_TYPE: { PTLSDbWorkSpace pDbWkSpace = (PTLSDbWorkSpace)lpClientContext->m_ContextHandle;
if( IsValidAllocatedWorkspace(pDbWkSpace) == TRUE ) { ReleaseWorkSpace(&pDbWkSpace); } } break;
case CONTEXTHANDLE_KEYPACK_ENUM_TYPE: { LPENUMHANDLE hEnum=(LPENUMHANDLE)lpClientContext->m_ContextHandle;
if( IsValidAllocatedWorkspace(hEnum->pbWorkSpace) == TRUE ) { TLSDBLicenseKeyPackEnumEnd(hEnum); }
lpClientContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE; lpClientContext->m_ContextHandle=NULL; } break;
case CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE: { LPTERMSERVCERTREQHANDLE lpHandle=(LPTERMSERVCERTREQHANDLE)lpClientContext->m_ContextHandle; midl_user_free(lpHandle->pCertRequest); midl_user_free(lpHandle->pbChallengeData); FreeMemory(lpHandle); } break;
case CONTEXTHANDLE_CHALLENGE_SERVER_TYPE: case CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE: case CONTEXTHANDLE_CHALLENGE_TERMSRV_TYPE: { PTLSCHALLENGEDATA pChallengeData = (PTLSCHALLENGEDATA) lpClientContext->m_ContextHandle; if(pChallengeData) { FreeMemory(pChallengeData->pbChallengeData); FreeMemory(pChallengeData); } } } } else { DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("PCONTEXT_HANDLE_rundown while shutting down...\n") ); }
if( lpClientContext->m_Client ) { FreeMemory(lpClientContext->m_Client); }
midl_user_free(lpClientContext); }
return;}
//----------------------------------------------------------------------------------
DWORDGetClientPrivilege( IN handle_t hRpcBinding )
/*++
Description:
Return client's privilege level
Arguments: hRpcBinding - Client's RPC binding handle.
Return:
Client's privilege level
++*/{ DWORD dwStatus = CLIENT_ACCESS_USER; BOOL bAdmin=FALSE; RPC_STATUS rpc_status;
// If a value of zero is specified, the server impersonates the client that
// is being served by this server thread
rpc_status = RpcImpersonateClient(hRpcBinding);
if(rpc_status == RPC_S_OK) { IsAdmin(&bAdmin); dwStatus = (bAdmin) ? CLIENT_ACCESS_ADMIN : CLIENT_ACCESS_USER;
rpc_status = RpcRevertToSelfEx(hRpcBinding); }
return dwStatus;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcConnect( /* [in] */ handle_t binding, /* [out] */ PCONTEXT_HANDLE __RPC_FAR *pphContext )/*++
Description:
Connect client and allocate/return client context handle.
Arguments:
hRPCBinding - RPC binding handle pphContext - client context handle.
Returns via dwErrCode.
RPC_S_ACCESS_DENIED or LSERVER_S_SUCCESS.
++*/{ DWORD status=ERROR_SUCCESS; DWORD dwPriv; error_status_t t;
RPC_BINDING_HANDLE hClient=NULL; WCHAR * pszRpcStrBinding=NULL;
LPTSTR pszClient=NULL; if(RpcBindingServerFromClient(binding, &hClient) == RPC_S_OK) { status = RpcBindingToStringBinding( hClient, &pszRpcStrBinding ); RpcBindingFree(&hClient);
if (status != RPC_S_OK) { goto cleanup; } }
//
// need to load from resource file
//
pszClient = (LPTSTR)AllocateMemory( (_tcslen((pszRpcStrBinding) ? pszRpcStrBinding : _TEXT("Unknown")) + 1) * sizeof(TCHAR) );
if(pszClient == NULL) { status = ERROR_OUTOFMEMORY; goto cleanup; }
_tcscpy(pszClient, (pszRpcStrBinding) ? pszRpcStrBinding : _TEXT("Unknown") );
if(pszRpcStrBinding) { RpcStringFree(&pszRpcStrBinding); } DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("Connect from client %s\n"), pszClient );
dwPriv=GetClientPrivilege(binding);
LPCLIENTCONTEXT lpContext;
lpContext=(LPCLIENTCONTEXT)midl_user_allocate(sizeof(CLIENTCONTEXT)); if(lpContext == NULL) { status = ERROR_OUTOFMEMORY; goto cleanup; }
#if DBG
lpContext->m_LastCall = RPC_CALL_CONNECT; lpContext->m_PreDbg[0] = 0xcdcdcdcd; lpContext->m_PreDbg[1] = 0xcdcdcdcd; lpContext->m_PostDbg[0] = 0xcdcdcdcd; lpContext->m_PostDbg[1] = 0xcdcdcdcd; #endif
lpContext->m_Client = pszClient;
lpContext->m_RefCount = 0; *pphContext=lpContext; lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE; lpContext->m_ClientFlags = dwPriv;
cleanup:
if(status != ERROR_SUCCESS) { FreeMemory(pszClient); }
t = TLSMapReturnCode(status);
return t;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcDisconnect( /* [out][in] */ PPCONTEXT_HANDLE pphContext )/*++
Description:
Disconnect client and FreeMemory all memory allocated on the behalf of client
Arguments:
pphContext - pointer to client context handle
Returns:
LSERVER_S_SUCCESS or ERROR_INVALID_HANDLE
++*/{ DWORD Status=ERROR_SUCCESS;
if( (pphContext == NULL) || (!ValidContextHandle(*pphContext)) || (*pphContext == NULL) ) { Status = ERROR_INVALID_HANDLE; } else { PCONTEXT_HANDLE_rundown(*pphContext); *pphContext = NULL; } return TLSMapReturnCode(Status);}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetVersion( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ PDWORD pdwVersion )/*++
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwVersion == NULL) { return RPC_S_INVALID_ARG; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetVersion\n"), lpContext->m_Client );
if(TLSIsBetaNTServer() == TRUE) { *pdwVersion = TLS_CURRENT_VERSION; } else { *pdwVersion = TLS_CURRENT_VERSION_RTM; }
if(g_SrvRole & TLSERVER_ENTERPRISE_SERVER) { *pdwVersion |= TLS_VERSION_ENTERPRISE_BIT; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("%s : TLSRpcGetVersion return 0x%08x\n"), lpContext->m_Client, *pdwVersion );
InterlockedDecrement( &lpContext->m_RefCount ); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetSupportFlags( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out] */ DWORD *pdwSupportFlags )/*++
++*/{ error_status_t status = RPC_S_OK;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL) { return RPC_S_INVALID_ARG; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetSupportFlags\n"), lpContext->m_Client );
if (NULL != pdwSupportFlags) { *pdwSupportFlags = ALL_KNOWN_SUPPORT_FLAGS; } else { status = ERROR_INVALID_PARAMETER; }
InterlockedDecrement( &lpContext->m_RefCount ); return status;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcSendServerCertificate( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD cbCert, /* [size_is][in] */ PBYTE pbCert, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
This routine is for License Server to identify hydra server, hydra server need to send its certificate in order to gain certificate request privilege.
Arguments:
phContext - client context handle. cbCert - size of hydra server certificate. pbCert - hydra server's self-created certificate. dwErrCode - return code.
Returns via dwErrCode
LSERVER_E_INVALID_DATA.
++*/{ DWORD status=ERROR_SUCCESS;
BOOL fInDomain = FALSE; WCHAR *StringBinding = NULL; WCHAR *ServerAddress = NULL; RPC_BINDING_HANDLE ServerBinding = 0; status = SecureModeCheck();
if(dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
if(status != ERROR_SUCCESS ) { *dwErrCode = TLSMapReturnCode(status); return RPC_S_OK; }
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL) { return RPC_S_INVALID_ARG; } InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcSendServerCertificate\n"), lpContext->m_Client );
if(pbCert == NULL || cbCert == 0 || TLSVerifyHydraCertificate(pbCert, cbCert) != LICENSE_STATUS_OK) { DBGPrintf( DBG_WARNING, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("TLSRpcSendServerCertificate : client %s send invalid certificate\n"), lpContext->m_Client );
status = TLS_E_INVALID_DATA; } else { lpContext->m_ClientFlags |= CLIENT_ACCESS_REQUEST; }
// midl_user_free(pbCert);
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SEND_CERTIFICATE; #endif
*dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetServerName( /* [in] */ PCONTEXT_HANDLE phContext, /* [size_is][string][out][in] */ LPTSTR szMachineName, /* [out][in] */ PDWORD cbSize, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Return server's machine name.
This function is deprecated. Use TLSRpcGetServerNameFixed.
Arguments:
phContext - Client context handle szMachineName - return server's machine name, must be at least MAX_COMPUTERNAME_LENGTH + 1 in length
Return:
TLS_E_INVALID_DATA - buffer size too small.
++*/{ TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH+2]; DWORD dwBufferSize=MAX_COMPUTERNAME_LENGTH+1; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerName\n"), lpContext->m_Client );
if ((!(lpContext->m_ClientFlags & CLIENT_ACCESS_LSERVER)) && (lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_SERVER_TYPE))
{ *dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
return RPC_S_OK; }
*dwErrCode = ERROR_SUCCESS; if(!GetComputerName(szComputerName, &dwBufferSize)) { *dwErrCode = GetLastError(); }
//
// return buffer must be big enough for NULL,
// dwBufferSize return does not include NULL.
//
if(*cbSize <= dwBufferSize) { DBGPrintf( DBG_WARNING, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("TLSRpcGetServerName : Client %s invalid parameter\n"), lpContext->m_Client );
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA); } else { _tcsncpy(szMachineName, szComputerName, min(_tcslen(szComputerName), *cbSize)); szMachineName[min(_tcslen(szComputerName), *cbSize - 1)] = _TEXT('\0'); }
*cbSize = _tcslen(szComputerName) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME; #endif
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetServerNameEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [size_is][string][out][in] */ LPTSTR szMachineName, /* [out][in] */ PDWORD cbSize, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Return server's machine name.
This function is deprecated. Use TLSRpcGetServerNameFixed.
Arguments:
phContext - Client context handle szMachineName - return server's machine name, must be at least MAX_COMPUTERNAME_LENGTH + 1 in length
Return:
TLS_E_INVALID_DATA - buffer size too small.
++*/{ TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH+2]; DWORD dwBufferSize=MAX_COMPUTERNAME_LENGTH+1; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerNameEx\n"), lpContext->m_Client );
*dwErrCode = ERROR_SUCCESS; if(!GetComputerName(szComputerName, &dwBufferSize)) { *dwErrCode = GetLastError(); }
//
// return buffer must be big enough for NULL,
// dwBufferSize return does not include NULL.
//
if(*cbSize <= dwBufferSize) { DBGPrintf( DBG_WARNING, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("TLSRpcGetServerNameEx : Client %s invalid parameter\n"), lpContext->m_Client );
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA); } else { _tcsncpy(szMachineName, szComputerName, min(_tcslen(szComputerName), *cbSize)); szMachineName[min(_tcslen(szComputerName), *cbSize - 1)] = _TEXT('\0'); }
*cbSize = _tcslen(szComputerName) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME; #endif
return RPC_S_OK;}
//---------------------------------------------------------------------------
error_status_t TLSRpcGetServerNameFixed( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][out] */ LPTSTR *pszMachineName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Return server's machine name.
Arguments:
phContext - Client context handle pszMachineName - return server's machine name
Return:
++*/{ TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD cchComputerName = sizeof(szComputerName) / sizeof(TCHAR); LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if((lpContext == NULL) || (NULL == pszMachineName) || (NULL == pdwErrCode)) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerNameFixed\n"), lpContext->m_Client ); *pszMachineName = NULL;
if(!GetComputerName(szComputerName, &cchComputerName)) { *pdwErrCode = GetLastError(); } else { *pszMachineName = (LPTSTR) MIDL_user_allocate((cchComputerName+1) * sizeof(TCHAR));
if (NULL != *pszMachineName) { _tcscpy(*pszMachineName,szComputerName); *pdwErrCode = ERROR_SUCCESS; } else { *pdwErrCode = TLSMapReturnCode(TLS_E_ALLOCATE_MEMORY); } }
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME; #endif
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetServerScope( /* [in] */ PCONTEXT_HANDLE phContext, /* [size_is][string][out][in] */ LPTSTR szScopeName, /* [out][in] */ PDWORD cbSize, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Return License Server's scope
This function is deprecated. Use TLSRpcGetServerScopeFixed.
Arguments:
phContext - Client context szScopeName - return server's scope, must be at least MAX_COMPUTERNAME_LENGTH in length
Return:
LSERVER_S_SUCCESS or error code from WideCharToMultiByte() TLS_E_INVALID_DATA - buffer size too small.
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerScope\n"), lpContext->m_Client );
*dwErrCode = ERROR_SUCCESS; if(*cbSize <= _tcslen(g_pszScope)) { *dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA); } else { _tcsncpy(szScopeName, g_pszScope, min(_tcslen(g_pszScope), *cbSize)); szScopeName[min(_tcslen(g_pszScope), *cbSize-1)] = _TEXT('\0'); }
*cbSize = _tcslen(g_pszScope) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERSCOPE; #endif
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetServerScopeFixed( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][out] */ LPTSTR *pszScopeName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Return License Server's scope
Arguments:
phContext - Client context szScopeName - return server's scope
Return:
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if((lpContext == NULL) || (NULL == pszScopeName) || (NULL == pdwErrCode)) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerScopeFixed\n"), lpContext->m_Client );
*pszScopeName = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszScope)+1) * sizeof(TCHAR));
if (NULL != *pszScopeName) { _tcscpy(*pszScopeName, g_pszScope); }
*pdwErrCode = ERROR_SUCCESS;
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERSCOPE; #endif
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetInfo( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD cbHSCert, /* [size_is][in] */ PBYTE pHSCert, /* [ref][out] */ DWORD __RPC_FAR *pcbLSCert, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pLSCert, /* [ref][out] */ DWORD __RPC_FAR *pcbLSSecretKey, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pLSSecretKey, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Routine to exchange Hydra server's certificate and License server's certificate/private key for signing client machine's hardware ID.
Arguments:
phContext - client context handle cbHSCert - size of Hydra Server's certificate pHSCert - Hydra Server's certificate pcbLSCert - return size of License Server's certificate pLSCert - return License Server's certificate pcbLSSecretKey - return size of License Server's private key. pLSSecretKey - retrun License Server's private key
Return Value:
LSERVER_S_SUCCESS success LSERVER_E_INVALID_DATA Invalid hydra server certificate LSERVER_E_OUTOFMEMORY Can't allocate required memory TLS_E_INTERNAL Internal error occurred in License Server
++*/{ return TLSMapReturnCode(TLS_E_NOTSUPPORTED);;}
//-------------------------------------------------------------------------------
#define RANDOM_CHALLENGE_DATA _TEXT("TEST")
DWORDTLSGenerateChallengeData( IN DWORD ClientInfo, OUT PDWORD pcbChallengeData, IN OUT PBYTE* pChallengeData ){ DWORD hr=ERROR_SUCCESS;
if( pcbChallengeData == NULL || pChallengeData == NULL ) { SetLastError(hr=E_INVALIDARG); return hr; }
*pcbChallengeData = (_tcslen(RANDOM_CHALLENGE_DATA) + 1) * sizeof(WCHAR); *pChallengeData=(PBYTE)midl_user_allocate(*pcbChallengeData);
if(*pChallengeData) { memcpy(*pChallengeData, RANDOM_CHALLENGE_DATA, *pcbChallengeData); } else { SetLastError(hr=ERROR_OUTOFMEMORY); }
return hr;}
//++----------------------------------------------------------------------------
DWORDTLSVerifyChallengeDataGetWantedLicenseLevel( IN const CHALLENGE_CONTEXT ChallengeContext, IN const DWORD cbChallengeData, IN const PBYTE pbChallengeData, OUT WORD* pwLicenseDetail )/*++
--*/{ DWORD dwStatus = ERROR_SUCCESS;
if(pwLicenseDetail == NULL) { return E_INVALIDARG; }
DWORD dwChallengeDataSize = (_tcslen(RANDOM_CHALLENGE_DATA) + 1) * sizeof(WCHAR); PPlatformChallengeResponseData pChallengeResponse;
if( cbChallengeData < dwChallengeDataSize || pbChallengeData == NULL ) { //
// Assume old client, new client always send back our challenge data
//
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE; } else if( cbChallengeData == dwChallengeDataSize && _tcsicmp( (LPCTSTR)pbChallengeData, RANDOM_CHALLENGE_DATA ) == 0 ) { //
// old client, set license chain to LICENSE_DETAIL_SIMPLE
//
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE; } else { BOOL bValidStruct = TRUE;
//
// we still don't have a good challenge so ignore actual verification
//
pChallengeResponse = (PPlatformChallengeResponseData) pbChallengeData;
bValidStruct = (pChallengeResponse->wVersion == CURRENT_PLATFORMCHALLENGE_VERSION); if( bValidStruct == TRUE ) { bValidStruct = (pChallengeResponse->cbChallenge + offsetof(PlatformChallengeResponseData, pbChallenge) == cbChallengeData); }
if (bValidStruct == TRUE ) { if( pChallengeResponse->wClientType == WIN32_PLATFORMCHALLENGE_TYPE || pChallengeResponse->wClientType == WIN16_PLATFORMCHALLENGE_TYPE || pChallengeResponse->wClientType == WINCE_PLATFORMCHALLENGE_TYPE || pChallengeResponse->wClientType == OTHER_PLATFORMCHALLENGE_TYPE ) { bValidStruct = TRUE; } else { bValidStruct = FALSE; } } if( bValidStruct == TRUE ) { if( pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_SIMPLE || pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_MODERATE || pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_DETAIL ) { bValidStruct = TRUE; } else { bValidStruct = FALSE; } }
//
// For now, we simply let it go thru, assert or deny request once
// we settle down of challenge
//
if( bValidStruct == FALSE ) { // bad data, assume old client
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE; } //else if( pChallengeResponse->wClientType == WINCE_PLATFORMCHALLENGE_TYPE )
//{
//
// UN-comment this to limit WINCE to get a self-signed certificate
//
// *pwLicenseDetail = LICENSE_DETAIL_SIMPLE;
//}
else { *pwLicenseDetail = pChallengeResponse->wLicenseDetailLevel; } }
return dwStatus;}
//++----------------------------------------------------------------------------
error_status_t TLSRpcIssuePlatformChallenge( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwClientInfo, /* [ref][out] */ PCHALLENGE_CONTEXT pChallengeContext, /* [out] */ PDWORD pcbChallengeData, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pChallengeData, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Issue a platform challenge to hydra client.
Arguments:
phContext - client context handle dwClientInfo - client info. pChallengeContext - pointer to client challenge context. pcbChallengeData - size of challenge data. pChallengeData - random client challenge data.
Returns via dwErrCode:
LSERVER_S_SUCCESS LSERVER_E_OUTOFMEMORY Out of memory LSERVER_E_INVALID_DATA Invalid client info. LSERVER_E_SERVER_BUSY Server is busy
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pcbChallengeData == NULL || pChallengeData == NULL) { return RPC_S_INVALID_ARG; }
LPCLIENTCHALLENGECONTEXT lpChallenge=NULL; DWORD status=ERROR_SUCCESS;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcIssuePlatformChallenge\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
do { status=TLSGenerateChallengeData( dwClientInfo, pcbChallengeData, pChallengeData ); if(status != ERROR_SUCCESS) { break; }
*pChallengeContext = dwClientInfo; } while (FALSE);
if(status != ERROR_SUCCESS) { if(*pChallengeData) { midl_user_free(*pChallengeData); *pChallengeData = NULL; }
*pcbChallengeData=0; } lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_ISSUEPLATFORMCHLLENGE; #endif
InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcRequestNewLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [string][in] */ LPTSTR szMachineName, /* [string][in] */ LPTSTR szUserName, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallenge, /* [in] */ BOOL bAcceptTemporaryLicense, /* [out] */ PDWORD pcbLicense, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Routine to issue new license to hydra client based on product requested, it returns existing license if client already has a license and the license is not expired/returned/revoked, if request product has not been installed, it will issue a temporary license, if license found is temporary or expired, it will tried to upgrade/re-issue a new license with latest version of requested product, if the existing license is temporary and no license can be issued, it returns LSERVER_E_LICENSE_EXPIRED
Arguments:
phContext - client context handle. ChallengeContext - client challenge context handle, return from call TLSRpcIssuePlatformChallenge() pRequest - product license request. pMachineName - client's machine name. pUserName - client user name. cbChallengeResponse - size of the client's response to license server's platform challenge. pbChallenge - client's response to license server's platform challenge bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE otherwise. pcbLicense - size of return license. ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS LSERVER_E_OUTOFMEMORY LSERVER_E_SERVER_BUSY Server is busy to process request. LSERVER_E_INVALID_DATA Invalid platform challenge response. LSERVER_E_NO_LICENSE No license available. LSERVER_E_NO_PRODUCT Request product is not installed on server. LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server LSERVER_E_LICENSE_REVOKED Old license found and has been revoked LSERVER_E_LICENSE_EXPIRED Request product's license has expired LSERVER_E_CORRUPT_DATABASE Corrupted database. LSERVER_E_INTERNAL_ERROR Internal error in license server LSERVER_I_PROXIMATE_LICENSE Closest match license returned. LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.++*/{ DWORD dwSupportFlags = 0; return TLSRpcRequestNewLicenseEx( phContext, &dwSupportFlags, ChallengeContext, pRequest, szMachineName, szUserName, cbChallengeResponse, pbChallenge, bAcceptTemporaryLicense, 1, // dwQuantity
pcbLicense, ppbLicense, pdwErrCode );}
error_status_t TLSRpcRequestNewLicenseEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [in, out] */ DWORD *pdwSupportFlags, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [string][in] */ LPTSTR szMachineName, /* [string][in] */ LPTSTR szUserName, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallenge, /* [in] */ BOOL bAcceptTemporaryLicense, /* [in] */ DWORD dwQuantity, /* [out] */ PDWORD pcbLicense, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Routine to issue new license to hydra client based on product requested and input support flags.
*pdwSupportFlags == 0: it returns existing license if client already has a license and the license is not expired/returned/revoked, if request product has not been installed, it will issue a temporary license, if license found is temporary or expired, it will tried to upgrade/re-issue a new license with latest version of requested product, if the existing license is temporary and no license can be issued, it returns LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON: For non-per-seat licenses, it behaves as if the flag wasn't set. For per-seat licenses, if bAcceptTemporaryLicense is TRUE, it always returns a temporary license. If bAcceptTemporaryLicense if FALSE, it returns LSERVER_E_NO_LICENSE.
Arguments:
phContext - client context handle. pdwSupportFlags - on input, abilities supported by TS. on output, abilities supported by both TS and LS ChallengeContext - client challenge context handle, return from call TLSRpcIssuePlatformChallenge() pRequest - product license request. pMachineName - client's machine name. pUserName - client user name. cbChallengeResponse - size of the client's response to license server's platform challenge. pbChallenge - client's response to license server's platform challenge bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE otherwise. dwQuantity - number of licenses to allocate pcbLicense - size of return license. ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS LSERVER_E_OUTOFMEMORY LSERVER_E_SERVER_BUSY Server is busy to process request. LSERVER_E_INVALID_DATA Invalid platform challenge response. LSERVER_E_NO_LICENSE No license available. LSERVER_E_NO_PRODUCT Request product is not installed on server. LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server LSERVER_E_LICENSE_REVOKED Old license found and has been revoked LSERVER_E_LICENSE_EXPIRED Request product's license has expired LSERVER_E_CORRUPT_DATABASE Corrupted database. LSERVER_E_INTERNAL_ERROR Internal error in license server LSERVER_I_PROXIMATE_LICENSE Closest match license returned. LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.++*/{ return TLSRpcRequestNewLicenseExEx( phContext, pdwSupportFlags, ChallengeContext, pRequest, szMachineName, szUserName, cbChallengeResponse, pbChallenge, bAcceptTemporaryLicense, FALSE, // bAcceptFewerLicense
&dwQuantity, pcbLicense, ppbLicense, pdwErrCode );}
error_status_t TLSRpcRequestNewLicenseExEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [in, out] */ DWORD *pdwSupportFlags, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [string][in] */ LPTSTR szMachineName, /* [string][in] */ LPTSTR szUserName, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallenge, /* [in] */ BOOL bAcceptTemporaryLicense, /* [in] */ BOOL bAcceptFewerLicenses, /* [in,out] */ DWORD *pdwQuantity, /* [out] */ PDWORD pcbLicense, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Routine to issue new license to hydra client based on product requested and input support flags.
*pdwSupportFlags == 0: it returns existing license if client already has a license and the license is not expired/returned/revoked, if request product has not been installed, it will issue a temporary license, if license found is temporary or expired, it will tried to upgrade/re-issue a new license with latest version of requested product, if the existing license is temporary and no license can be issued, it returns LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON: For non-per-seat licenses, it behaves as if the flag wasn't set. For per-seat licenses, if bAcceptTemporaryLicense is TRUE, it always returns a temporary license. If bAcceptTemporaryLicense if FALSE, it returns LSERVER_E_NO_LICENSE.
Arguments:
phContext - client context handle. pdwSupportFlags - on input, abilities supported by TS. on output, abilities supported by both TS and LS ChallengeContext - client challenge context handle, return from call TLSRpcIssuePlatformChallenge() pRequest - product license request. pMachineName - client's machine name. pUserName - client user name. cbChallengeResponse - size of the client's response to license server's platform challenge. pbChallenge - client's response to license server's platform challenge bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE otherwise. bAcceptFewerLicenses - TRUE if succeeding with fewer licenses than requested is acceptable pdwQuantity - on input, number of licenses to allocate. on output, number of licenses actually allocated pcbLicense - size of return license. ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS LSERVER_E_OUTOFMEMORY LSERVER_E_SERVER_BUSY Server is busy to process request. LSERVER_E_INVALID_DATA Invalid platform challenge response. LSERVER_E_NO_LICENSE No license available. LSERVER_E_NO_PRODUCT Request product is not installed on server. LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server LSERVER_E_LICENSE_REVOKED Old license found and has been revoked LSERVER_E_LICENSE_EXPIRED Request product's license has expired LSERVER_E_CORRUPT_DATABASE Corrupted database. LSERVER_E_INTERNAL_ERROR Internal error in license server LSERVER_I_PROXIMATE_LICENSE Closest match license returned. LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.++*/{ PMHANDLE hClient; DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL) { return RPC_S_INVALID_ARG; }
TCHAR szUnknown[LSERVER_MAX_STRING_SIZE+1]; TCHAR szClientMachineName[LSERVER_MAX_STRING_SIZE]; TCHAR szClientUserName[LSERVER_MAX_STRING_SIZE]; TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+1]; TCHAR szProductId[LSERVER_MAX_STRING_SIZE+1];
TLSForwardNewLicenseRequest Forward; TLSDBLICENSEREQUEST LsLicenseRequest; CTLSPolicy* pPolicy=NULL;
PMLICENSEREQUEST PMLicenseRequest; PPMLICENSEREQUEST pAdjustedRequest; BOOL bForwardRequest = TRUE;
#ifdef DBG
DWORD dwStartTime=GetTickCount(); #endif
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcRequestNewLicense\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if ((NULL == pdwQuantity) || (0 == *pdwQuantity)) { status = TLS_E_INVALID_DATA; goto cleanup; }
status = SecureModeCheck();
if(status != ERROR_SUCCESS ) { goto cleanup; }
if(VerifyLicenseRequest(pRequest) == FALSE) { status = TLS_E_INVALID_DATA; goto cleanup; }
if(NULL == pdwSupportFlags) { status = TLS_E_INVALID_DATA; goto cleanup; }
*pdwSupportFlags &= ALL_KNOWN_SUPPORT_FLAGS;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER) { //
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE; }
Forward.m_ChallengeContext = ChallengeContext; Forward.m_pRequest = pRequest; Forward.m_szMachineName = szMachineName; Forward.m_szUserName = szUserName; Forward.m_cbChallengeResponse = cbChallengeResponse; Forward.m_pbChallengeResponse = pbChallenge;
memset(szCompanyName, 0, sizeof(szCompanyName)); memset(szProductId, 0, sizeof(szProductId));
memcpy( szCompanyName, pRequest->ProductInfo.pbCompanyName, min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR)) );
memcpy( szProductId, pRequest->ProductInfo.pbProductID, min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR)) );
//
// Acquire policy module, a default policy module will
// be returned.
//
pPolicy = AcquirePolicyModule( szCompanyName, //(LPCTSTR)pRequest->ProductInfo.pbCompanyName,
szProductId, //(LPCTSTR)pRequest->ProductInfo.pbProductID
FALSE );
if(pPolicy == NULL) { status = TLS_E_INTERNAL; goto cleanup; }
hClient = GenerateClientId();
//
// return error if string is too big.
//
LoadResourceString( IDS_UNKNOWN_STRING, szUnknown, sizeof(szUnknown)/sizeof(szUnknown[0]) );
_tcsncpy(szClientMachineName, (szMachineName) ? szMachineName : szUnknown, LSERVER_MAX_STRING_SIZE );
szClientMachineName[LSERVER_MAX_STRING_SIZE-1] = 0;
_tcsncpy(szClientUserName, (szUserName) ? szUserName : szUnknown, LSERVER_MAX_STRING_SIZE );
szClientUserName[LSERVER_MAX_STRING_SIZE-1] = 0;
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest( LICENSETYPE_LICENSE, pRequest, szClientMachineName, szClientUserName, *pdwSupportFlags, &PMLicenseRequest );
//
// Inform Policy module start of new license request
//
status = pPolicy->PMLicenseRequest( hClient, REQUEST_NEW, (PVOID) &PMLicenseRequest, (PVOID *) &pAdjustedRequest );
if(status != ERROR_SUCCESS) { goto cleanup; }
if(pAdjustedRequest != NULL) { if(_tcsicmp(PMLicenseRequest.pszCompanyName,pAdjustedRequest->pszCompanyName) != 0) { // try to steal license from other company???
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_POLICYERROR, status = TLS_E_POLICYMODULEERROR, pPolicy->GetCompanyName(), pPolicy->GetProductId() );
goto cleanup; } } else { pAdjustedRequest = &PMLicenseRequest; }
//
// form DB request structure
//
status = TLSFormDBRequest( pRequest->pbEncryptedHwid, pRequest->cbEncryptedHwid, pAdjustedRequest->dwProductVersion, pAdjustedRequest->pszCompanyName, pAdjustedRequest->pszProductId, pAdjustedRequest->dwLanguageId, pAdjustedRequest->dwPlatformId, pAdjustedRequest->pszMachineName, pAdjustedRequest->pszUserName, &LsLicenseRequest );
if(status != ERROR_SUCCESS) { goto cleanup; }
LsLicenseRequest.pPolicy = pPolicy; LsLicenseRequest.hClient = hClient; LsLicenseRequest.pPolicyLicenseRequest = pAdjustedRequest; LsLicenseRequest.pClientLicenseRequest = &PMLicenseRequest;
status = TLSVerifyChallengeDataGetWantedLicenseLevel( ChallengeContext, cbChallengeResponse, pbChallenge, &LsLicenseRequest.wLicenseDetail );
if( status == ERROR_SUCCESS ) { status = TLSNewLicenseRequest( bForwardRequest, pdwSupportFlags, &Forward, &LsLicenseRequest, bAcceptTemporaryLicense, pAdjustedRequest->fTemporary, TRUE, // bFindLostLicense
bAcceptFewerLicenses, pdwQuantity, pcbLicense, ppbLicense ); }
cleanup:
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ISSUENEWLICENSE; #endif
#ifdef DBG
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("\t%s : TLSRpcRequestNewLicense() takes %dms\n"), lpContext->m_Client, GetTickCount() - dwStartTime ); #endif
if(pdwErrCode) { *pdwErrCode = TLSMapReturnCode(status); }
if(pPolicy) { pPolicy->PMLicenseRequest( hClient, REQUEST_COMPLETE, UlongToPtr(status), NULL ); ReleasePolicyModule(pPolicy); }
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcUpgradeLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallenge, /* [in] */ DWORD cbOldLicense, /* [size_is][in] */ PBYTE pbOldLicense, /* [out] */ PDWORD pcbNewLicense, /* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbNewLicense, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Update an old license.
Arguments:
Return Value:
LSERVER_S_SUCCESS TLS_E_INTERNAL LSERVER_E_INTERNAL_ERROR LSERVER_E_INVALID_DATA old license is invalid. LSERVER_E_NO_LICENSE no available license LSERVER_E_NO_PRODUCT request product not install in current server. LSERVER_E_CORRUPT_DATABASE Corrupted database. LSERVER_E_LICENSE_REJECTED License request rejected by cert. server. LSERVER_E_SERVER_BUSY
++*/{ DWORD dwSupportFlags = 0;
return TLSRpcUpgradeLicenseEx( phContext, &dwSupportFlags, pRequest, ChallengeContext, cbChallengeResponse, pbChallenge, cbOldLicense, pbOldLicense, 1, // dwQuantity
pcbNewLicense, ppbNewLicense, dwErrCode );
}//-------------------------------------------------------------------------------
error_status_t TLSRpcUpgradeLicenseEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [in,out] */ DWORD *pdwSupportFlags, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallenge, /* [in] */ DWORD cbOldLicense, /* [size_is][in] */ PBYTE pbOldLicense, /* [in] */ DWORD dwQuantity, /* [out] */ PDWORD pcbNewLicense, /* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbNewLicense, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Update an old license. Behavior varies depending on product requested, the old license, and input support flags.
*pdwSupportFlags == 0: it returns existing license if client already has a current-version license and the license is not expired/returned/revoked. if requested product has not been installed, it will issue a temporary license (if the client doesn't already have one). if old license is temporary or expired, it will try to upgrade/re-issue a new license with latest version of requested product. if the existing license is temporary and no license can be issued, it returns LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON: For non-per-seat licenses, it behaves as if the flag wasn't set. For per-seat licenses, if the old license isn't current-version temporary, it also behaves as if the flag wasn't set. Otherwise, it checks that the temporary license was marked as having been authenticated. If so, it tries to issue a permanent license. If a license can't be issued, or if he temporary license wasn't marked, it returns the old license.
Arguments:
phContext - client context handle. pdwSupportFlags - on input, abilities supported by TS. on output, abilities supported by both TS and LS pRequest - product license request. ChallengeContext - client challenge context handle, return from call TLSRpcIssuePlatformChallenge() cbChallengeResponse - size of the client's response to license server's platform challenge. pbChallenge - client's response to license server's platform challenge cbOldLicense - size of old license. pbOldLicense - old license dwQuantity - number of licenses to allocate pcbNewLicense - size of return license. ppbNewLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS TLS_E_INTERNAL LSERVER_E_INTERNAL_ERROR LSERVER_E_INVALID_DATA old license is invalid. LSERVER_E_NO_LICENSE no available license LSERVER_E_NO_PRODUCT request product not install in current server. LSERVER_E_CORRUPT_DATABASE Corrupted database. LSERVER_E_LICENSE_REJECTED License request rejected by cert. server. LSERVER_E_SERVER_BUSY
++*/{ DWORD status = ERROR_SUCCESS; BOOL bTemporaryLicense; PMUPGRADEREQUEST pmRequestUpgrade; PMLICENSEREQUEST pmLicenseRequest; PPMLICENSEREQUEST pmAdjustedRequest; PPMLICENSEDPRODUCT ppmLicensedProduct=NULL; DWORD dwNumLicensedProduct=0; PLICENSEDPRODUCT pLicensedProduct=NULL; TLSDBLICENSEREQUEST LsLicenseRequest; PMHANDLE hClient; CTLSPolicy* pPolicy=NULL; DWORD dwNumPermLicense; DWORD dwNumTempLicense; TLSForwardUpgradeLicenseRequest Forward; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; UCHAR ucMarked;
if(lpContext == NULL || pRequest == NULL || pcbNewLicense == NULL || ppbNewLicense == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
LICENSEDCLIENT license; LICENSEPACK keypack; DWORD index; BOOL bForwardRequest = TRUE; BOOL bRetry = TRUE; BOOL bRetryOld = FALSE; DWORD dwOriginalVersion = pRequest->ProductInfo.dwVersion; BOOL fInDomain = FALSE; WCHAR *StringBinding = NULL; WCHAR *ServerAddress = NULL; RPC_BINDING_HANDLE ServerBinding = 0;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcUpgradeLicense\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if (1 != dwQuantity) { status = TLS_E_INVALID_DATA; goto cleanup; }
if(VerifyLicenseRequest(pRequest) == FALSE) { status = TLS_E_INVALID_DATA; goto cleanup; }
if(NULL == pdwSupportFlags) { status = TLS_E_INVALID_DATA; goto cleanup; }
*pdwSupportFlags &= ALL_KNOWN_SUPPORT_FLAGS;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER) { //
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE; }
status = SecureModeCheck();
if(status != ERROR_SUCCESS ) { goto cleanup; }
//
// Convert blob to licensed product structure
//
status = LSVerifyDecodeClientLicense( pbOldLicense, cbOldLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, NULL );
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory( dwNumLicensedProduct * sizeof(LICENSEDPRODUCT) ); if(pLicensedProduct == NULL) { status = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
status = LSVerifyDecodeClientLicense( pbOldLicense, cbOldLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
if(status != LICENSE_STATUS_OK) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
//
// Verify licensed product array.
//
for(index = 1; index < dwNumLicensedProduct; index++) { //
// licensed product array always sorted in decending order
//
//
// Product ID in original request in licensed product must
// be the same otherwise invalid license.
//
if((pLicensedProduct+index)->cbOrgProductID != (pLicensedProduct+index-1)->cbOrgProductID) { status = TLS_E_INVALID_LICENSE; break; }
if( memcmp( (pLicensedProduct+index)->pbOrgProductID, (pLicensedProduct+index-1)->pbOrgProductID, (pLicensedProduct+index)->cbOrgProductID) != 0 ) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
if( ((pLicensedProduct+index)->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) ) { //
// only latest licensed version can be temporary
//
status = TLS_E_INVALID_LICENSE; goto cleanup; } }
//
// Find the policy module
//
hClient = GenerateClientId();
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+1]; TCHAR szProductId[LSERVER_MAX_STRING_SIZE+1];
memset(szCompanyName, 0, sizeof(szCompanyName)); memset(szProductId, 0, sizeof(szProductId));
memcpy( szCompanyName, pRequest->ProductInfo.pbCompanyName, min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR)) );
memcpy( szProductId, pRequest->ProductInfo.pbProductID, min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR)) );
//
// Acquire policy module, a default policy module will
// be returned.
//
pPolicy = AcquirePolicyModule( szCompanyName, // (LPCTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbCompanyName,
szProductId, // (LPCTSTR) pLicensedProduct->pbOrgProductID
FALSE );
if(pPolicy == NULL) { //
// Must have a policy module, default policy module always there
//
status = TLS_E_INTERNAL; goto cleanup; } BOOL bPreventLicenseUpgrade = FALSE; BOOL bDeleteExpired = FALSE; POLICY_TS_MACHINE groupPolicy; RegGetMachinePolicy(&groupPolicy);
if( groupPolicy.fPolicyPreventLicenseUpgrade == 1 && groupPolicy.fPreventLicenseUpgrade == 1) { bPreventLicenseUpgrade = TRUE; }
// If (1) Licensed version is greater than requested version, (2) it is permanent
if( ((pLicensedProduct->pLicensedVersion->wMajorVersion == HIWORD(pRequest->ProductInfo.dwVersion)) ? (pLicensedProduct->pLicensedVersion->wMinorVersion - LOWORD(pRequest->ProductInfo.dwVersion)) : (pLicensedProduct->pLicensedVersion->wMajorVersion - HIWORD(pRequest->ProductInfo.dwVersion))) > 0 && (pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) == 0 ) { // If reissuance of the greater expired permanent license fails, fall back to issuing the requested permanent license.
bRetryOld = TRUE;
DWORD dwNewVersion = MAKELONG(pLicensedProduct->pLicensedVersion->wMinorVersion, pLicensedProduct->pLicensedVersion->wMajorVersion); pRequest->ProductInfo.dwVersion = dwNewVersion; }
RetryPermanent:
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest( LICENSETYPE_LICENSE, pRequest, pLicensedProduct->szLicensedClient, pLicensedProduct->szLicensedUser, *pdwSupportFlags, &pmLicenseRequest );
//
// generate PMUPGRADEREQUEST and pass it to Policy Module
//
memset(&pmRequestUpgrade, 0, sizeof(pmRequestUpgrade));
ppmLicensedProduct = (PPMLICENSEDPRODUCT)AllocateMemory(sizeof(PMLICENSEDPRODUCT)*dwNumLicensedProduct); if(ppmLicensedProduct == NULL) { status = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
for(index=0; index < dwNumLicensedProduct; index++) { ppmLicensedProduct[index].pbData = pLicensedProduct[index].pbPolicyData;
ppmLicensedProduct[index].cbData = pLicensedProduct[index].cbPolicyData;
ppmLicensedProduct[index].bTemporary = ((pLicensedProduct[index].pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) != 0);
// treat license issued from beta server as temporary
if(ppmLicensedProduct[index].bTemporary == FALSE && TLSIsBetaNTServer() == FALSE) { if(IS_LICENSE_ISSUER_RTM(pLicensedProduct[index].pLicensedVersion->dwFlags) == FALSE) { ppmLicensedProduct[index].bTemporary = TRUE; } }
ppmLicensedProduct[index].ucMarked = 0;
if (0 == index) { // for first license, check markings on license
status = TLSCheckLicenseMarkRequest( TRUE, // forward request if necessary
pLicensedProduct, cbOldLicense, pbOldLicense, &(ppmLicensedProduct[index].ucMarked) ); ucMarked = ppmLicensedProduct[index].ucMarked; }
ppmLicensedProduct[index].LicensedProduct.dwProductVersion = pLicensedProduct[index].LicensedProduct.pProductInfo->dwVersion;
ppmLicensedProduct[index].LicensedProduct.pszProductId = (LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbProductID);
ppmLicensedProduct[index].LicensedProduct.pszCompanyName = (LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbCompanyName);
ppmLicensedProduct[index].LicensedProduct.dwLanguageId = pLicensedProduct[index].LicensedProduct.dwLanguageID;
ppmLicensedProduct[index].LicensedProduct.dwPlatformId = pLicensedProduct[index].LicensedProduct.dwPlatformID;
ppmLicensedProduct[index].LicensedProduct.pszMachineName = pLicensedProduct[index].szLicensedClient;
ppmLicensedProduct[index].LicensedProduct.pszUserName = pLicensedProduct[index].szLicensedUser; }
pmRequestUpgrade.pbOldLicense = pbOldLicense; pmRequestUpgrade.cbOldLicense = cbOldLicense; pmRequestUpgrade.pUpgradeRequest = &pmLicenseRequest;
pmRequestUpgrade.dwNumProduct = dwNumLicensedProduct; pmRequestUpgrade.pProduct = ppmLicensedProduct;
// If (1) there are 2 or more licenses and (2) licensed version is greater than requested version, modify the index appropriately to determine Marked state
index = 0;
DWORD dwLicensedVersion = MAKELONG(pLicensedProduct->pLicensedVersion->wMinorVersion, pLicensedProduct->pLicensedVersion->wMajorVersion);
if( dwNumLicensedProduct > 1 && (CompareTLSVersions(pRequest->ProductInfo.dwVersion, dwLicensedVersion) < 0 ) ) { index = 1; }
status = pPolicy->PMLicenseUpgrade( hClient, REQUEST_UPGRADE, (PVOID)&pmRequestUpgrade, (PVOID *) &pmAdjustedRequest, index );
if(status != ERROR_SUCCESS) { goto cleanup; }
if(pmAdjustedRequest != NULL) { if(_tcsicmp( pmLicenseRequest.pszCompanyName, pmAdjustedRequest->pszCompanyName ) != 0) { //
// Try to steal license from other company???
//
TLSLogEvent( EVENTLOG_ERROR_TYPE, TLS_E_POLICYERROR, status = TLS_E_POLICYMODULEERROR, pPolicy->GetCompanyName(), pPolicy->GetProductId() );
goto cleanup; } } else { pmAdjustedRequest = &pmLicenseRequest; }
for(index =0; index < dwNumLicensedProduct; index++) { DWORD tExpireDate;
FileTimeToLicenseDate(&(pLicensedProduct[index].NotAfter), &tExpireDate);
if( CompareTLSVersions(pmAdjustedRequest->dwProductVersion, pLicensedProduct[index].LicensedProduct.pProductInfo->dwVersion) <= 0 && !(pLicensedProduct[index].pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) && _tcscmp(pmAdjustedRequest->pszProductId, (LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbProductID)) == 0 && tExpireDate-g_dwReissueLeaseLeeway >= ((DWORD)time(NULL)) ) { if( TLSIsBetaNTServer() == TRUE || IS_LICENSE_ISSUER_RTM(pLicensedProduct[index].pLicensedVersion->dwFlags) == TRUE ) { //
// Blob already contain perm. license that is >= version
// requested.
//
*ppbNewLicense = (PBYTE)midl_user_allocate(cbOldLicense); if(*ppbNewLicense != NULL) { memcpy(*ppbNewLicense, pbOldLicense, cbOldLicense); *pcbNewLicense = cbOldLicense; status = ERROR_SUCCESS; } else { status = TLS_E_ALLOCATE_MEMORY; }
goto cleanup; } } } memset(&LsLicenseRequest, 0, sizeof(TLSDBLICENSEREQUEST));
status = TLSFormDBRequest( pRequest->pbEncryptedHwid, pRequest->cbEncryptedHwid, pmAdjustedRequest->dwProductVersion, pmAdjustedRequest->pszCompanyName, pmAdjustedRequest->pszProductId, pmAdjustedRequest->dwLanguageId, pmAdjustedRequest->dwPlatformId, pmAdjustedRequest->pszMachineName, pmAdjustedRequest->pszUserName, &LsLicenseRequest );
if(status != ERROR_SUCCESS) { goto cleanup; }
LsLicenseRequest.pPolicy = pPolicy; LsLicenseRequest.hClient = hClient; LsLicenseRequest.pPolicyLicenseRequest = pmAdjustedRequest; LsLicenseRequest.pClientLicenseRequest = &pmLicenseRequest; memset(&keypack, 0, sizeof(keypack));
status = TLSVerifyChallengeDataGetWantedLicenseLevel( ChallengeContext, cbChallengeResponse, pbChallenge, &LsLicenseRequest.wLicenseDetail );
if( status == ERROR_SUCCESS ) {
//
// if client challenge context handle is 0xFFFFFFFF,
// cbChallenge = 0 and pbChallenge is NULL.
// client is old version, don't verify challenge
//
Forward.m_pRequest = pRequest; Forward.m_ChallengeContext = ChallengeContext; Forward.m_cbChallengeResponse = cbChallengeResponse; Forward.m_pbChallengeResponse = pbChallenge; Forward.m_cbOldLicense = cbOldLicense; Forward.m_pbOldLicense = pbOldLicense;
status = TLSUpgradeLicenseRequest( bForwardRequest, &Forward, pdwSupportFlags, &LsLicenseRequest, pbOldLicense, cbOldLicense, dwNumLicensedProduct, pLicensedProduct, pmAdjustedRequest->fTemporary, pcbNewLicense, ppbNewLicense );
if(status != ERROR_SUCCESS && bRetryOld == TRUE) { pRequest->ProductInfo.dwVersion = dwOriginalVersion; bRetryOld = FALSE; FreeMemory(ppmLicensedProduct); goto RetryPermanent; }
// If (1) PreventUpgradePolicy is not enabled (2) Requested version is 5.0 and (3) There is no .NET Permanent
else if(status != ERROR_SUCCESS && (bPreventLicenseUpgrade == FALSE ) && bRetry == TRUE && (HIWORD(pRequest->ProductInfo.dwVersion) == 5 && LOWORD(pRequest->ProductInfo.dwVersion) == 0) && !(((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) && (pLicensedProduct->pLicensedVersion->wMinorVersion == 1 || pLicensedProduct->pLicensedVersion->wMinorVersion == 2)) && ((pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) == 0))) { // If (1) client license is 5.0 temporary unmarked then don't upgrade.
if( ((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) && (pLicensedProduct->pLicensedVersion->wMinorVersion == 0)) && ((pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) && !(ucMarked & MARK_FLAG_USER_AUTHENTICATED)) && (dwNumLicensedProduct == 1) ) { goto cleanup; }
DWORD dwNewVersion = MAKELONG(2,5); pRequest->ProductInfo.dwVersion = dwNewVersion; bRetry = FALSE; FreeMemory(ppmLicensedProduct); goto RetryPermanent; }
//If (1) PreventUpgradePolicy is enabled, (2) the Requested version is 5.0, (3) Client License is 5.1 or 5.2 temporary unmarked, reissue another 90 days.
else if(status != ERROR_SUCCESS && (bPreventLicenseUpgrade == TRUE ) && (bRetry == TRUE) && (HIWORD(pRequest->ProductInfo.dwVersion) == 5 && LOWORD(pRequest->ProductInfo.dwVersion) == 0) && ((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) && (pLicensedProduct->pLicensedVersion->wMinorVersion == 1 || pLicensedProduct->pLicensedVersion->wMinorVersion == 2)) && (pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) && !(ucMarked & MARK_FLAG_USER_AUTHENTICATED)) { DWORD dwNewVersion = MAKELONG(2,5); pRequest->ProductInfo.dwVersion = dwNewVersion; bRetry = FALSE; FreeMemory(ppmLicensedProduct); goto RetryPermanent; } }
cleanup:
FreeMemory(ppmLicensedProduct);
for(index =0; index < dwNumLicensedProduct; index++) { LSFreeLicensedProduct(pLicensedProduct+index); }
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_UPGRADELICENSE; #endif
*dwErrCode = TLSMapReturnCode(status);
if(pPolicy) { pPolicy->PMLicenseRequest( hClient, REQUEST_COMPLETE, UlongToPtr (status), NULL ); ReleasePolicyModule(pPolicy); }
return RPC_S_OK;}
//-----------------------------------------------------------------------------
error_status_tTLSRpcCheckLicenseMark( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ const DWORD cbLicense, /* [in, size_is(cbLicense)] */ PBYTE pbLicense, /* [out] */ UCHAR *pucMarkFlags, /* [in, out, ref] */ PDWORD pdwErrCode )/*++
Description:
Check markings on the passed in license
Arguments:
phContext - client context handle cbLicense - size of license to be checked pbLicense - license to be checked pucMarkFlags - markings on license
Return via pdwErrCode: LSERVER_S_SUCCESS LSERVER_E_INVALID_DATA Invalid parameter. LSERVER_E_INVALID_LICENSE License passed in is bad LSERVER_E_DATANOTFOUND license not found in database LSERVER_E_CORRUPT_DATABASE Corrupt database LSERVER_E_INTERNAL_ERROR Internal error in license server
Note: This function forwards the request to the issuing license server. If the issuer isn't available, or doesn't have the license in the database, it searches in the local database for a license with the same HWID.
++*/{ DWORD status = ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD dwNumLicensedProduct = 0; PLICENSEDPRODUCT pLicensedProduct=NULL; DWORD index; DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcCheckLicenseMark\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
status = SecureModeCheck();
if(status != ERROR_SUCCESS ) { goto cleanup; }
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LSERVER)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if (NULL == pucMarkFlags) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// Convert blob to licensed product structure
//
status=LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, NULL // find size to allocate
);
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory( dwNumLicensedProduct * sizeof(LICENSEDPRODUCT) );
if(pLicensedProduct == NULL) { status = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
status=LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
if(status != LICENSE_STATUS_OK) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
status = TLSCheckLicenseMarkRequest( FALSE, // don't forward the request
pLicensedProduct, cbLicense, pbLicense, pucMarkFlags );
cleanup:
for(index =0; index < dwNumLicensedProduct; index++) { LSFreeLicensedProduct(pLicensedProduct+index); }
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status;
*pdwErrCode = TLSMapReturnCode(status);
InterlockedDecrement( &lpContext->m_RefCount );
return RPC_S_OK;}
//-----------------------------------------------------------------------------
error_status_tTLSRpcMarkLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ UCHAR ucMarkFlags, /* [in] */ const DWORD cbLicense, /* [in, size_is(cbLicense)] */ PBYTE pbLicense, /* [in, out, ref] */ PDWORD pdwErrCode )/*++
Description:
Set markings on the passed in license
Arguments:
phContext - client context handle ucMarkFlags - markings on license cbLicense - size of license to be checked pbLicense - license to be checked
Return via pdwErrCode: LSERVER_S_SUCCESS LSERVER_E_INVALID_DATA Invalid parameter. LSERVER_E_INVALID_LICENSE License passed in is bad LSERVER_E_DATANOTFOUND license not found in database LSERVER_E_CORRUPT_DATABASE Corrupt database LSERVER_E_INTERNAL_ERROR Internal error in license server
Note: This function forwards the request to the issuing license server. The issuer modifies the database entry of the license to set the markings.
++*/{ DWORD status = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
BOOL bForwardRequest = TRUE; DWORD dwNumLicensedProduct = 0; PLICENSEDPRODUCT pLicensedProduct=NULL; DWORD index; DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcMarkLicense\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
status = SecureModeCheck();
if(status != ERROR_SUCCESS ) { goto cleanup; }
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER) { //
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE; }
//
// Convert blob to licensed product structure
//
status=LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, NULL // find size to allocate
);
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory( dwNumLicensedProduct * sizeof(LICENSEDPRODUCT) );
if(pLicensedProduct == NULL) { status = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
status=LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
if(status != LICENSE_STATUS_OK) { status = TLS_E_INVALID_LICENSE; goto cleanup; }
for(DWORD iarray = 0; iarray < dwNumLicensedProduct; iarray++ ) { if ((NULL != pLicensedProduct+iarray) && (NULL != (pLicensedProduct+iarray)->pLicensedVersion) && ((pLicensedProduct+iarray)->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY)) { //
// Mark the first temporary license from the top
//
status = TLSMarkLicenseRequest( bForwardRequest, ucMarkFlags, (pLicensedProduct+iarray), cbLicense, pbLicense ); break; } } cleanup:
for(index =0; index < dwNumLicensedProduct; index++) { LSFreeLicensedProduct(pLicensedProduct+index); }
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status;
*pdwErrCode = TLSMapReturnCode(status);
InterlockedDecrement( &lpContext->m_RefCount );
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcAllocateConcurrentLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][in] */ LPTSTR szHydraServer, /* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest, /* [ref][out][in] */ LONG __RPC_FAR *pdwQuantity, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Allocate concurrent licenses base on product.
Arguments:
phContext - client context handle szHydraServer - name of hydra server requesting concurrent licenses pRequest - product to request for concurrent license. dwQuantity - See note
Return via dwErrCode: LSERVER_S_SUCCESS LSERVER_E_INVALID_DATA Invalid parameter. LSERVER_E_NO_PRODUCT request product not installed LSERVER_E_NO_LICNESE no available license for request product LSERVER_E_LICENSE_REVOKED Request license has been revoked LSERVER_E_LICENSE_EXPIRED Request license has expired LSERVER_E_CORRUPT_DATABASE Corrupt database LSERVER_E_INTERNAL_ERROR Internal error in license server
Note: dwQuantity Input Output ------------------------- ----------------------------------------- 0 Total number of concurrent license issued to hydra server. > 0, number of license Actual number of license allocated requested < 0, number of license Actual number of license returned, always to return positive value.
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetLastError( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ PDWORD cbBufferSize, /* [size_is][string][out][in] */ LPTSTR szBuffer, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Return error description text for client's last LSXXX call
This function is deprecated. Use TLSRpcGetLastErrorFixed.
Arguments:
IN phContext - Client context IN cbBufferSize - max. size of szBuffer IN OUT szBuffer - Pointer to a buffer to receive the null-terminated character string containing error description
Returns via dwErrCode: LSERVER_S_SUCCESS
TLS_E_INTERNAL No error or can't find corresponding error description.
Error code from WideCharToMultiByte().
++*/{ DWORD status=ERROR_SUCCESS; LPTSTR lpMsgBuf=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetLastError\n"), lpContext->m_Client );
DWORD dwRet; dwRet=FormatMessage( FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER, NULL, lpContext->m_LastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL ); if(dwRet == 0) { status = GetLastError(); } else { _tcsncpy( szBuffer, (LPTSTR)lpMsgBuf, min(_tcslen((LPTSTR)lpMsgBuf), *cbBufferSize-1) ); szBuffer[min(_tcslen((LPTSTR)lpMsgBuf), *cbBufferSize-1)] = _TEXT('\0'); *cbBufferSize = _tcslen(szBuffer) + 1; }
if(lpMsgBuf) LocalFree(lpMsgBuf);
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_LASTERROR; #endif
lpContext->m_LastError=status; *dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetLastErrorFixed( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][out] */ LPTSTR *pszBuffer, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Description:
Return error description text for client's last LSXXX call
Arguments:
IN phContext - Client context OUT pszBuffer - Pointer to a buffer to receive the null-terminated character string containing error description
Returns via dwErrCode: LSERVER_S_SUCCESS
TLS_E_INTERNAL No error or can't find corresponding error description.
++*/{ DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetLastErrorFixed\n"), lpContext->m_Client );
if ((NULL == pszBuffer) || (NULL == pdwErrCode)) { return RPC_S_INVALID_ARG; }
DWORD dwRet; dwRet=FormatMessage( FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER, NULL, lpContext->m_LastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &pszBuffer, 0, NULL ); if(dwRet == 0) { status = GetLastError(); }
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_LASTERROR; #endif
lpContext->m_LastError=status; *pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcKeyPackEnumBegin( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSearchParm, /* [in] */ BOOL bMatchAll, /* [ref][in] */ LPLSKeyPackSearchParm lpSearchParm, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Function to begin enumerate through all key pack installed on server based on search criterial.
Arguments:
phContext - client context handle. dwSearchParm - search criterial. bMatchAll - match all search criterial. lpSearchParm - search parameter.
Return Value:
LSERVER_S_SUCCESSLSERVER_E_SERVER_BUSY Server is too busy to process requestLSERVER_E_OUTOFMEMORYTLS_E_INTERNALLSERVER_E_INTERNAL_ERROR LSERVER_E_INVALID_DATA Invalid data in search parameterLSERVER_E_INVALID_SEQUENCE Invalid calling sequence, likely, previous enumeration has not ended.++*/{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcKeyPackEnumBegin\n"), lpContext->m_Client );
//
// This will use cached db connection, in-consistency may occurred,
// visibility of changes in one connection may not appear right away
// on another connection handle, this is expected behavoir for Jet and
// so are we, user can always re-fresh.
//
do { if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); break; }
LPENUMHANDLE hEnum;
hEnum = TLSDBLicenseKeyPackEnumBegin( bMatchAll, dwSearchParm, lpSearchParm ); if(hEnum) { lpContext->m_ContextType = CONTEXTHANDLE_KEYPACK_ENUM_TYPE; lpContext->m_ContextHandle = (PVOID)hEnum; } else { status = GetLastError(); } } while(FALSE);
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMBEGIN; #endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcKeyPackEnumNext( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out] */ LPLSKeyPack lpKeyPack, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Return next key pack that match search criterial
Arguments:
phContext - client context handle lpKeyPack - key pack that match search criterial
Return Value:
LSERVER_S_SUCCESS LSERVER_I_NO_MORE_DATA No more keypack match search criterial TLS_E_INTERNAL General error in license server LSERVER_E_INTERNAL_ERROR Internal error in license server LSERVER_E_SERVER_BUSY License server is too busy to process request LSERVER_E_OUTOFMEMORY Can't process request due to insufficient memory LSERVER_E_INVALID_SEQUENCE Invalid calling sequence, must call LSKeyPackEnumBegin().
++*/{ DWORD status = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
BOOL bShowAll = FALSE;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcKeyPackEnumNext\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER) { bShowAll = TRUE; }
// this one might cause access violation
memset(lpKeyPack, 0, sizeof(LSKeyPack));
if(lpContext->m_ContextType != CONTEXTHANDLE_KEYPACK_ENUM_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); } else { do { LPENUMHANDLE hEnum=(LPENUMHANDLE)lpContext->m_ContextHandle; status=TLSDBLicenseKeyPackEnumNext( hEnum, lpKeyPack, bShowAll ); } while(status == TLS_I_MORE_DATA); }
lpContext->m_LastError=GetLastError(); InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMNEXT; #endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcKeyPackEnumEnd( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcKeyPackEnumEnd\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ContextType != CONTEXTHANDLE_KEYPACK_ENUM_TYPE) { SetLastError(status=ERROR_INVALID_HANDLE); } else { LPENUMHANDLE hEnum=(LPENUMHANDLE)lpContext->m_ContextHandle;
TLSDBLicenseKeyPackEnumEnd(hEnum); lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE; lpContext->m_ContextHandle=NULL; }
lpContext->m_LastError=GetLastError(); InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMEND; #endif
*dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcKeyPackAdd( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ LPLSKeyPack lpKeypack, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Add a license key pack.
Arguments:
phContext - client context handle. lpKeyPack - key pack to be added. Return Value:
LSERVER_S_SUCCESS LSERVER_E_INTERNAL_ERROR TLS_E_INTERNAL LSERVER_E_SERVER_BUSY LSERVER_E_DUPLICATE Product already installed. LSERVER_E_INVALID_DATA LSERVER_E_CORRUPT_DATABASE
Note:
Just return an error - unused
++*/{ PTLSDbWorkSpace pDbWkSpace=NULL; DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; } InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcKeyPackAdd\n"), lpContext->m_Client );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; } else { if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { status=TLS_E_ALLOCATE_HANDLE; } else { CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
if(lpKeypack->ucKeyPackStatus == LSKEYPACKSTATUS_ADD_LICENSE || lpKeypack->ucKeyPackStatus == LSKEYPACKSTATUS_REMOVE_LICENSE) { status = ERROR_INVALID_PARAMETER; } else { status = TLSDBLicenseKeyPackAdd( USEHANDLE(pDbWkSpace), lpKeypack ); }
if(status == ERROR_SUCCESS) { if( _tcsicmp( lpKeypack->szCompanyName, PRODUCT_INFO_COMPANY_NAME ) == 0 ) { //
// check with known termsrv product ID.
//
if( _tcsnicmp( lpKeypack->szProductId, TERMSERV_PRODUCTID_SKU, _tcslen(TERMSERV_PRODUCTID_SKU)) == 0 ) { TLSResetLogLowLicenseWarning( lpKeypack->szCompanyName, TERMSERV_PRODUCTID_SKU, MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion), FALSE ); } else if(_tcsnicmp( lpKeypack->szProductId, TERMSERV_PRODUCTID_INTERNET_SKU, _tcslen(TERMSERV_PRODUCTID_INTERNET_SKU)) == 0 ) { TLSResetLogLowLicenseWarning( lpKeypack->szCompanyName, TERMSERV_PRODUCTID_INTERNET_SKU, MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion), FALSE ); } else { TLSResetLogLowLicenseWarning( lpKeypack->szCompanyName, lpKeypack->szProductId, MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion), FALSE ); } } else { TLSResetLogLowLicenseWarning( lpKeypack->szCompanyName, lpKeypack->szProductId, MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion), FALSE ); } }
if(TLS_ERROR(status)) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); } FREEDBHANDLE(pDbWkSpace); } }
//
// Post a sync work object
//
if( status == ERROR_SUCCESS ) { if( lpKeypack->ucKeyPackType != LSKEYPACKTYPE_FREE ) { if(TLSAnnounceLKPToAllRemoteServer( lpKeypack->dwKeyPackId, 0 ) != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED); } } }
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKADD; #endif
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t TLSRpcKeyPackSetStatus( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSetParm, /* [ref][in] */ LPLSKeyPack lpKeyPack, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Routine to activate/deactivated a key pack.
Arguments:
phContext - client context handle dwSetParam - type of key pack status to be set. lpKeyPack - new key pack status.
Return Value:
LSERVER_S_SUCCESS LSERVER_E_INTERNAL_ERROR TLS_E_INTERNAL LSERVER_E_INVALID_DATA LSERVER_E_SERVER_BUSY LSERVER_E_DATANOTFOUND Key pack is not in server LSERVER_E_CORRUPT_DATABASE
++*/{ PTLSDbWorkSpace pDbWkSpace=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcKeyPackSetStatus\n"), lpContext->m_Client );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; } else if( (dwSetParm & ~(LSKEYPACK_SET_KEYPACKSTATUS | LSKEYPACK_SET_ACTIVATEDATE | LSKEYPACK_SET_EXPIREDATE)) && !(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ) ) { status = TLS_E_INVALID_DATA; } else { if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { status=TLS_E_ALLOCATE_HANDLE; } else { CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
status=TLSDBLicenseKeyPackSetStatus( USEHANDLE(pDbWkSpace), dwSetParm, lpKeyPack ); if(TLS_ERROR(status)) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); }
FREEDBHANDLE(pDbWkSpace); } }
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKSETSTATUS; #endif
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcLicenseEnumBegin( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSearchParm, /* [in] */ BOOL bMatchAll, /* [ref][in] */ LPLSLicenseSearchParm lpSearchParm, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Description:
Begin enumeration of license issued based on search criterial
Arguments:
phContext - client context handle dwSearchParm - license search criterial. bMatchAll - match all search criterial lpSearchParm - license(s) to be enumerated.
Return Value:
Same as LSKeyPackEnumBegin().
++*/{ PTLSDbWorkSpace pDbWkSpace = NULL; DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLicenseEnumBegin\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
//
// This will use cached db connection, in-consistency may occurred,
// visibility of changes in one connection may not appear right away
// on another connection handle, this is expected behavoir for Jet and
// so are we, user can always re-fresh.
//
do { if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); break; }
pDbWkSpace = AllocateWorkSpace(g_EnumDbTimeout);
// allocate ODBC connections
if(pDbWkSpace == NULL) { status=TLS_E_ALLOCATE_HANDLE; break; }
LICENSEDCLIENT license;
ConvertLSLicenseToLicense(lpSearchParm, &license); status = TLSDBLicenseEnumBegin( pDbWkSpace, bMatchAll, dwSearchParm & LICENSE_TABLE_EXTERN_SEARCH_MASK, &license );
if(status == ERROR_SUCCESS) { lpContext->m_ContextType = CONTEXTHANDLE_LICENSE_ENUM_TYPE; lpContext->m_ContextHandle = (PVOID)pDbWkSpace; } } while(FALSE);
if(status != ERROR_SUCCESS) { if(pDbWkSpace) { ReleaseWorkSpace(&pDbWkSpace); } }
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMBEGIN; #endif
InterlockedDecrement( &lpContext->m_RefCount ); lpContext->m_LastError=status; *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcLicenseEnumNext( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out] */ LPLSLicense lpLicense, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Abstract:
Fetch next record match enumeration criterial.
Parameters:
phContext : Client context handle. lpLicense : return next record that match enumeration criterial. dwErrCode : error code.
Returns:
Function returns RPC status, dwErrCode return error code.
Note:
Must have call TLSRpcLicenseEnumBegin().
++*/{ DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLicenseEnumNext\n"), lpContext->m_Client );
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); } else { PTLSDbWorkSpace pDbWkSpace=(PTLSDbWorkSpace)lpContext->m_ContextHandle;
LICENSEDCLIENT license;
memset(lpLicense, 0, sizeof(LSLicense));
status=TLSDBLicenseEnumNext( pDbWkSpace, &license ); if(status == ERROR_SUCCESS) { ConvertLicenseToLSLicense(&license, lpLicense); } }
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMNEXT; #endif
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcLicenseEnumNextEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out] */ LPLSLicenseEx lpLicense, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Abstract:
Fetch next record match enumeration criterial.
Parameters:
phContext : Client context handle. lpLicense : return next record that match enumeration criterial. dwErrCode : error code.
Returns:
Function returns RPC status, dwErrCode return error code.
Note:
Must have call TLSRpcLicenseEnumBegin().
++*/{ DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; } InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLicenseEnumNextEx\n"), lpContext->m_Client );
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); } else { PTLSDbWorkSpace pDbWkSpace=(PTLSDbWorkSpace)lpContext->m_ContextHandle;
LICENSEDCLIENT license;
memset(lpLicense, 0, sizeof(LSLicenseEx));
status=TLSDBLicenseEnumNext( pDbWkSpace, &license ); if(status == ERROR_SUCCESS) { ConvertLicenseToLSLicenseEx(&license, lpLicense); } }
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMNEXT; #endif
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcLicenseEnumEnd( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ PDWORD dwErrCode )/*++
Abstract:
Terminate a enumeration.
Parameters:
phContext : dwErrCode :
Returns:
Note
++*/{ DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLicenseEnumEnd\n"), lpContext->m_Client );
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE) { SetLastError(status=ERROR_INVALID_HANDLE); } else { PTLSDbWorkSpace pDbWkSpace = (PTLSDbWorkSpace)lpContext->m_ContextHandle;
TLSDBLicenseEnumEnd(pDbWkSpace); ReleaseWorkSpace(&pDbWkSpace); lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE; }
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMEND; #endif
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcLicenseSetStatus( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSetParam, /* [in] */ LPLSLicense lpLicense, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetAvailableLicenses( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSearchParm, /* [ref][in] */ LPLSKeyPack lplsKeyPack, /* [ref][out] */ LPDWORD lpdwAvail, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ PTLSDbWorkSpace pDbWkSpace=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetAvailableLicenses\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
//
// Don't use global cached DB connection handle, it is possible
// to get in-consistent value using other DB handle, however, it is
// also possible that during the time that this function return and
// the time that client actually make the call to allocate license,
// all available licenses were allocated by other client.
//
pDbWkSpace = AllocateWorkSpace(g_GeneralDbTimeout); if(pDbWkSpace == NULL) { status=TLS_E_ALLOCATE_HANDLE; } else { LICENSEPACK keypack;
memset(&keypack, 0, sizeof(keypack));
ConvertLsKeyPackToKeyPack( lplsKeyPack, &keypack, NULL );
status = TLSDBKeyPackGetAvailableLicenses( pDbWkSpace, dwSearchParm, &keypack, lpdwAvail );
//FreeTlsLicensePack(&keypack);
ReleaseWorkSpace(&pDbWkSpace); } lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetRevokeKeyPackList( /* [in] */ PCONTEXT_HANDLE phContext, /* [out][in] */ PDWORD pcbNumberOfRange, /* [size_is][out] */ LPLSRange __RPC_FAR *ppRevokeRange, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetRevokeLicenseList( /* [in] */ PCONTEXT_HANDLE phContext, /* [out][in] */ PDWORD pcbNumberOfRange, /* [size_is][out] */ LPLSRange __RPC_FAR *ppRevokeRange, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcReturnKeyPack( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwKeyPackId, /* [in] */ DWORD dwReturnReason, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcReturnLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwKeyPackId, /* [in] */ DWORD dwLicenseId, /* [in] */ DWORD dwReturnReason, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcInstallCertificate( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwCertType, /* [in] */ DWORD dwCertLevel, /* [in] */ DWORD cbSignCert, /* [size_is][in] */ PBYTE pbSignCert, /* [in] */ DWORD cbExchCert, /* [size_is][in] */ PBYTE pbExchCert, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcInstallCertificate\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
DWORD cbLsSignCert=0; PBYTE pbLsSignCert=NULL;
DWORD cbLsExchCert=0; PBYTE pbLsExchCert=NULL;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(pbSignCert == NULL || pbExchCert == NULL) { status = TLS_E_INVALID_DATA; goto cleanup;
}
//
// Verify input data
//
status = TLSVerifyCertChainInMomory( g_hCryptProv, pbSignCert, cbSignCert ); if(status != ERROR_SUCCESS) { status = TLS_E_INVALID_DATA; }
//
// Verify input data
//
status = TLSVerifyCertChainInMomory( g_hCryptProv, pbExchCert, cbExchCert ); if(status != ERROR_SUCCESS) { status = TLS_E_INVALID_DATA; }
//
// Block RPC call to serialize install certificate
//
if(AcquireRPCExclusiveLock(INFINITE) == FALSE) { status=TLS_E_ALLOCATE_HANDLE; goto cleanup; }
if(AcquireAdministrativeLock(INFINITE) == TRUE) { if(dwCertLevel == 0) { status = TLSSaveRootCertificatesToStore( g_hCryptProv, cbSignCert, pbSignCert, cbExchCert, pbExchCert ); } else { status = TLSSaveCertificatesToStore( g_hCryptProv, dwCertType, dwCertLevel, cbSignCert, pbSignCert, cbExchCert, pbExchCert );
if(status == ERROR_SUCCESS && dwCertType == CERTIFICATE_CA_TYPE) { if(cbSignCert) { status = IsCertificateLicenseServerCertificate( g_hCryptProv, AT_SIGNATURE, cbSignCert, pbSignCert, &cbLsSignCert, &pbLsSignCert ); }
if(status == ERROR_SUCCESS && cbExchCert) { status = IsCertificateLicenseServerCertificate( g_hCryptProv, AT_KEYEXCHANGE, cbExchCert, pbExchCert, &cbLsExchCert, &pbLsExchCert );
}
//
// Install what we have here.
//
if(status == ERROR_SUCCESS && (cbLsExchCert || pbLsExchCert)) { status = TLSInstallLsCertificate( cbLsSignCert, pbLsSignCert, cbLsExchCert, pbLsExchCert ); }
#ifdef ENFORCE_LICENSING
// enforce version, check what's installed and restore backup if necessary
// non-enforce, just install, we won't use it anyway.
if(status == ERROR_SUCCESS && (cbLsExchCert || pbLsExchCert)) { // reload certificate
if(TLSLoadVerifyLicenseServerCertificates() != ERROR_SUCCESS) { status = TLS_E_INVALID_DATA;
// delete the primary certificate registry key
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY );
//
// reload certificate, if anything goes wrong, we will goes
// back to unregister mode.
//
if(TLSLoadServerCertificate() == FALSE) { // critical error occurred
TLSLogErrorEvent(TLS_E_LOAD_CERTIFICATE); // initiate self-shutdown
GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); } } else { DWORD dwStatus;
// make sure our backup is up to date.
dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1 ); if(dwStatus != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1 ); } dwStatus = TLSRestoreLicenseServerCertificate( LSERVER_SERVER_CERTIFICATE_REGKEY, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2 ); if(dwStatus != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey( HKEY_LOCAL_MACHINE, LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2 ); } } } #endif
if(pbLsSignCert) { FreeMemory(pbLsSignCert); }
if(pbLsExchCert) { FreeMemory(pbLsExchCert); } } } ReleaseAdministrativeLock(); } else { status=TLS_E_ALLOCATE_HANDLE; }
ReleaseRPCExclusiveLock();
cleanup:
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_INSTALL_SERV_CERT; #endif
InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
error_status_t TLSRpcGetServerCertificate( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ BOOL bSignCert, /* [size_is][size_is][out] */ LPBYTE __RPC_FAR *ppCertBlob, /* [ref][out] */ LPDWORD lpdwCertBlobLen, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS;
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetServerCertificate\n"), lpContext->m_Client );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; } else if(!g_pbExchangeEncodedCert || !g_cbExchangeEncodedCert || !g_pbSignatureEncodedCert || !g_cbSignatureEncodedCert) { status = TLS_E_NO_CERTIFICATE; } else { if(AcquireAdministrativeLock(INFINITE) == TRUE) { status = TLSSaveCertAsPKCS7( (bSignCert) ? g_pbSignatureEncodedCert : g_pbExchangeEncodedCert, (bSignCert) ? g_cbSignatureEncodedCert : g_cbExchangeEncodedCert, ppCertBlob, lpdwCertBlobLen );
// hack so that we can continue testing...
if(g_bHasHydraCert == FALSE) { if(g_pbServerSPK != NULL && g_cbServerSPK != 0) { status = TLS_W_SELFSIGN_CERTIFICATE; } else { status = TLS_W_TEMP_SELFSIGN_CERT; } } ReleaseAdministrativeLock(); } else { status = TLS_E_ALLOCATE_HANDLE; } }
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_GETSERV_CERT; #endif
InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
//-------------------------------------------------------------------------------
voidMyFreeLicenseKeyPack( PLicense_KeyPack pLicenseKeyPack )/*
*/{ DWORD i;
PKeyPack_Description pKpDesc;
if( pLicenseKeyPack->pDescription ) { for( i = 0, pKpDesc = pLicenseKeyPack->pDescription; i < pLicenseKeyPack->dwDescriptionCount; i++, pKpDesc++ ) { if(pKpDesc->pDescription) LocalFree( pKpDesc->pDescription );
if(pKpDesc->pbProductName) LocalFree( pKpDesc->pbProductName ); } }
if(pLicenseKeyPack->pDescription) LocalFree( pLicenseKeyPack->pDescription );
if(pLicenseKeyPack->pbManufacturer && pLicenseKeyPack->cbManufacturer != 0) LocalFree( pLicenseKeyPack->pbManufacturer );
if(pLicenseKeyPack->pbManufacturerData && pLicenseKeyPack->cbManufacturerData != 0) LocalFree( pLicenseKeyPack->pbManufacturerData );
if(pLicenseKeyPack->pbProductId && pLicenseKeyPack->cbProductId != 0) LocalFree( pLicenseKeyPack->pbProductId ); return;}
//---------------------------------------------------------------------
error_status_t TLSRpcRegisterLicenseKeyPack( /* [in] */ PCONTEXT_HANDLE phContext, /* [size_is][in] */ LPBYTE pbCHCertBlob, /* [in] */ DWORD cbCHCertBlobSize, /* [size_is][in] */ LPBYTE pbRootCertBlob, /* [in] */ DWORD cbRootCertBlob, /* [size_is][in] */ LPBYTE lpKeyPackBlob, /* [in] */ DWORD dwKeyPackBlobLen, /* [ref][out][in] */ PDWORD dwErrCode )/*++
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; LSKeyPack keypack;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcRegisterLicenseKeyPack\n"), lpContext->m_Client );
PTLSDbWorkSpace pDbWkSpace;
InterlockedIncrement( &lpContext->m_RefCount ); if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { status=TLS_E_ALLOCATE_HANDLE; } else { License_KeyPack pLicenseKeyPack; LicensePackDecodeParm LkpDecodeParm;
memset( &LkpDecodeParm, 0, sizeof(LicensePackDecodeParm) );
LkpDecodeParm.hCryptProv = g_hCryptProv; LkpDecodeParm.pbDecryptParm = (PBYTE)g_pszServerPid; LkpDecodeParm.cbDecryptParm = (lstrlen(g_pszServerPid) * sizeof(TCHAR)); LkpDecodeParm.cbClearingHouseCert = cbCHCertBlobSize; LkpDecodeParm.pbClearingHouseCert = pbCHCertBlob; LkpDecodeParm.pbRootCertificate = pbRootCertBlob; LkpDecodeParm.cbRootCertificate = cbRootCertBlob;
//
// make code clean, always start a transaction
//
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWkSpace);
status = DecodeLicenseKeyPackEx( &pLicenseKeyPack, &LkpDecodeParm, dwKeyPackBlobLen, lpKeyPackBlob );
if(status != LICENSE_STATUS_OK) { status = TLS_E_DECODE_KEYPACKBLOB; DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_DETAILSIMPLE, _TEXT("Can't decode key pack blob - %d...\n"), status); } else { status=TLSDBRegisterLicenseKeyPack( USEHANDLE(pDbWkSpace), &pLicenseKeyPack, &keypack );
MyFreeLicenseKeyPack(&pLicenseKeyPack); }
if(TLS_ERROR(status)) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); }
FREEDBHANDLE(pDbWkSpace); }
//
// Post a sync work object
//
if(status == ERROR_SUCCESS) { if(TLSAnnounceLKPToAllRemoteServer( keypack.dwKeyPackId, 0 ) != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED); } }
cleanup:
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_REGISTER_LICENSE_PACK; #endif
InterlockedDecrement( &lpContext->m_RefCount ); *dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcRequestTermServCert( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ LPTLSHYDRACERTREQUEST pRequest, /* [ref][out][in] */ PDWORD pcbChallengeData, /* [size_is][out] */ PBYTE* ppbChallengeData, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Private routine to issue certificate to Terminal Server.
Parameter:
phContext : Client context handle. pRequest : Terminal Server specific certificate request. pcbChallengeData : size of Server randomly generated challenge data to Terminal Server. ppbChallengeData : Server randomly generated challenge data to Terminal server.
pdwErrCode : Error code.
Returns:
Function always return RPC_S_OK, actual error code is returned in pdwErrCode.
Note:
Routine does not actually issue a license to Terminal Server, Terminal Server must call TLSRpcRetrieveTermServCert() to retrieve its own license.
--*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; TLSASSERT(pdwErrCode != NULL);
if(lpContext == NULL) { if(pRequest != NULL) { midl_user_free(pRequest); } *ppbChallengeData = NULL; *pcbChallengeData = 0; *pdwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA); return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; LPTERMSERVCERTREQHANDLE lpHandle=NULL;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcRequestTermServCert\n"), lpContext->m_Client );
*ppbChallengeData = NULL; *pcbChallengeData = 0;
// verify client handle
InterlockedIncrement( &lpContext->m_RefCount ); if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE) { SetLastError(status=TLS_E_INVALID_SEQUENCE); goto cleanup; }
lpHandle = (LPTERMSERVCERTREQHANDLE)AllocateMemory( sizeof(TERMSERVCERTREQHANDLE) ); if(lpHandle == NULL) { SetLastError(status = ERROR_OUTOFMEMORY); goto cleanup; }
//
// Generate Challenge Data
//
lpHandle->pCertRequest = pRequest; status = TLSGenerateChallengeData( CLIENT_INFO_HYDRA_SERVER, &lpHandle->cbChallengeData, &lpHandle->pbChallengeData );
if(status != ERROR_SUCCESS) { goto cleanup; }
// return challenge data
*pcbChallengeData = lpHandle->cbChallengeData; *ppbChallengeData = (PBYTE)midl_user_allocate(*pcbChallengeData); if(*ppbChallengeData == NULL) { SetLastError(status = ERROR_OUTOFMEMORY); goto cleanup; }
memcpy( *ppbChallengeData, lpHandle->pbChallengeData, lpHandle->cbChallengeData);
lpContext->m_ContextHandle = (HANDLE)lpHandle; lpContext->m_ContextType = CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE;
cleanup:
if(status != ERROR_SUCCESS) { // frees up memory.
// Can't overwrite context type.
//lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
if(lpHandle != NULL) { FreeMemory(lpHandle->pbChallengeData); FreeMemory(lpHandle); }
if(*ppbChallengeData != NULL) { midl_user_free(*ppbChallengeData); }
if(pRequest != NULL) { midl_user_free(pRequest); }
*ppbChallengeData = NULL; *pcbChallengeData = 0; }
InterlockedDecrement( &lpContext->m_RefCount ); lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_REQUEST_TERMSRV_CERT; #endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcRetrieveTermServCert( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD cbResponseData, /* [size_is][in] */ PBYTE pbResponseData, /* [ref][out][in] */ PDWORD pcbCert, /* [size_is][out] */ PBYTE* ppbCert, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Private routine to retrieve Terminal Server's license.
Parameters:
phContext : client context handle. cbResponseData : size of Terminal Server responses data to license server's challenge. pbResponseData : Terminal Server responses data to license server's challenge. pcbCert : Size of Terminal Server's license in bytes. ppbCert : Terminal Server's license. pdwErrCode : error code if fail.
Returns:
Function returns RPC_S_OK, actual error code returns in pdwErrCode.
Note:
Must have call TLSRpcRequestTermServCert().
--*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; LPTERMSERVCERTREQHANDLE lpHandle=NULL; CTLSPolicy* pPolicy=NULL; PMHANDLE hClient;
PBYTE pbPkcs7=NULL; DWORD cbPkcs7=0; TLSDBLICENSEREQUEST LicenseRequest; DWORD dwQuantity = 1; TLSPRODUCTINFO ProductInfo;
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE]; TCHAR szMachineName[MAXCOMPUTERNAMELENGTH]; TCHAR szUserName[MAXUSERNAMELENGTH];
PTLSDbWorkSpace pDbWkSpace;
PMLICENSEREQUEST PMLicenseRequest; PPMLICENSEREQUEST pAdjustedRequest;
TLSDBLICENSEDPRODUCT LicensedProduct;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcRetrieveTermServCert\n"), lpContext->m_Client );
// verify client handle
InterlockedIncrement( &lpContext->m_RefCount ); if(lpContext->m_ContextType != CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE) { SetLastError(status = TLS_E_INVALID_SEQUENCE); goto cleanup; }
lpHandle = (LPTERMSERVCERTREQHANDLE)lpContext->m_ContextHandle; if( lpHandle == NULL || lpHandle->pCertRequest == NULL || lpHandle->pCertRequest->pbEncryptedHwid == NULL || lpHandle->pCertRequest->cbEncryptedHwid == 0 ) { SetLastError(status = TLS_E_INVALID_SEQUENCE); goto cleanup; }
//
// Verify challenge response data
//
//
// Request a license from specific key pack
//
memset(&LicenseRequest, 0, sizeof(TLSDBLICENSEREQUEST));
if(!LoadResourceString( IDS_HS_COMPANYNAME, szCompanyName, sizeof(szCompanyName) / sizeof(szCompanyName[0]))) { SetLastError(status = TLS_E_INTERNAL); goto cleanup; }
if(lpContext->m_Client == NULL) { if(!LoadResourceString( IDS_HS_MACHINENAME, LicenseRequest.szMachineName, sizeof(LicenseRequest.szMachineName)/sizeof(LicenseRequest.szMachineName[0]))) { SetLastError(status = TLS_E_INTERNAL); goto cleanup; }
if(!LoadResourceString( IDS_HS_USERNAME, LicenseRequest.szUserName, sizeof(LicenseRequest.szUserName)/sizeof(LicenseRequest.szUserName[0]))) { SetLastError(status = TLS_E_INTERNAL); goto cleanup; } } else { SAFESTRCPY(LicenseRequest.szMachineName, lpContext->m_Client); SAFESTRCPY(LicenseRequest.szUserName, lpContext->m_Client); }
LicenseRequest.dwProductVersion = HYDRACERT_PRODUCT_VERSION; LicenseRequest.pszProductId = HYDRAPRODUCT_HS_CERTIFICATE_SKU; LicenseRequest.pszCompanyName = szCompanyName;
LicenseRequest.dwLanguageID = GetSystemDefaultLangID(); // ignore
LicenseRequest.dwPlatformID = CLIENT_PLATFORMID_WINDOWS_NT_FREE; // WINDOWS
LicenseRequest.pbEncryptedHwid = lpHandle->pCertRequest->pbEncryptedHwid; LicenseRequest.cbEncryptedHwid = lpHandle->pCertRequest->cbEncryptedHwid;
status=LicenseDecryptHwid( &LicenseRequest.hWid, LicenseRequest.cbEncryptedHwid, LicenseRequest.pbEncryptedHwid, g_cbSecretKey, g_pbSecretKey );
if(status != ERROR_SUCCESS) { status = ERROR_INVALID_PARAMETER; goto cleanup; }
LicenseRequest.pClientPublicKey = (PCERT_PUBLIC_KEY_INFO)lpHandle->pCertRequest->pSubjectPublicKeyInfo; LicenseRequest.clientCertRdn.type = LSCERT_RDN_STRING_TYPE; LicenseRequest.clientCertRdn.szRdn = lpHandle->pCertRequest->szSubjectRdn; LicenseRequest.dwNumExtensions = lpHandle->pCertRequest->dwNumCertExtension; LicenseRequest.pExtensions = (PCERT_EXTENSION)lpHandle->pCertRequest->pCertExtensions;
hClient = GenerateClientId(); pPolicy = AcquirePolicyModule(NULL, NULL, FALSE); if(pPolicy == NULL) { SetLastError(status = TLS_E_INTERNAL); goto cleanup; }
PMLicenseRequest.dwProductVersion = LicenseRequest.dwProductVersion; PMLicenseRequest.pszProductId = LicenseRequest.pszProductId; PMLicenseRequest.pszCompanyName = LicenseRequest.pszCompanyName; PMLicenseRequest.dwLanguageId = LicenseRequest.dwLanguageID; PMLicenseRequest.dwPlatformId = LicenseRequest.dwPlatformID; PMLicenseRequest.pszMachineName = LicenseRequest.szMachineName; PMLicenseRequest.pszUserName = LicenseRequest.szUserName; PMLicenseRequest.dwLicenseType = LICENSETYPE_LICENSE;
//
// Inform Policy module start of new license request
//
status = pPolicy->PMLicenseRequest( hClient, REQUEST_NEW, (PVOID) &PMLicenseRequest, (PVOID *) &pAdjustedRequest );
if(status != ERROR_SUCCESS) { goto cleanup; } LicenseRequest.pPolicy = pPolicy; LicenseRequest.hClient = hClient;
LicenseRequest.pPolicyLicenseRequest = pAdjustedRequest; LicenseRequest.pClientLicenseRequest = &PMLicenseRequest;
// Call issue new license from sepcific keypack
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { status = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWkSpace);
status = TLSDBIssuePermanentLicense( USEHANDLE(pDbWkSpace), &LicenseRequest, FALSE, // bLatestVersion
FALSE, // bAcceptFewerLicenses
&dwQuantity, &LicensedProduct, 0 ); if(TLS_ERROR(status)) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); }
FREEDBHANDLE(pDbWkSpace);
if(status == ERROR_SUCCESS) { LicensedProduct.pSubjectPublicKeyInfo = (PCERT_PUBLIC_KEY_INFO)lpHandle->pCertRequest->pSubjectPublicKeyInfo;
//
// Generate client certificate
//
status = TLSGenerateClientCertificate( g_hCryptProv, 1, &LicensedProduct, LICENSE_DETAIL_DETAIL, &pbPkcs7, &cbPkcs7 );
if(TLS_ERROR(status) == TRUE) { goto cleanup; }
status = TLSChainProprietyCertificate( g_hCryptProv, (CanIssuePermLicense() == FALSE), pbPkcs7, cbPkcs7, ppbCert, pcbCert );
if(status == ERROR_SUCCESS) { if(CanIssuePermLicense() == FALSE) { status = TLS_W_SELFSIGN_CERTIFICATE; } } }
cleanup:
FreeMemory(pbPkcs7);
if(pPolicy) { ReleasePolicyModule(pPolicy); }
//
// Free up Hydra Certificate Request handle,
// all_nodes attribute so single free.
//
if(lpHandle) { if(lpHandle->pCertRequest) { midl_user_free(lpHandle->pCertRequest); } if(lpHandle->pbChallengeData) { midl_user_free(lpHandle->pbChallengeData); }
FreeMemory(lpHandle); }
if(lpContext->m_ContextType == CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE) { //
// force calling TLSRpcRequestTermServCert() again
//
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE; lpContext->m_ContextHandle = NULL; }
InterlockedDecrement( &lpContext->m_RefCount );
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_RETRIEVE_TERMSRV_CERT; #endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcAuditLicenseKeyPack( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwKeyPackId, /* [in] */ FILETIME ftStartTime, /* [in] */ FILETIME ftEndTime, /* [in] */ BOOL bResetCounter, /* [ref][out][in] */ LPTLSKeyPackAudit lplsAudit, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Not implemented yet!.
--*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcGetLSPKCS10CertRequest( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwCertType, /* [ref][out][in] */ PDWORD pcbData, /* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbData, /* [ref][out][in] */ PDWORD dwErrCode )/*
Abstract:
Note:
No longer supported - doesn't make sense to give out our private key
*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
//////////////////////////////////////////////////////////////////////////////
//
// Replication function
//
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcBeginReplication( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][in] */ LPTSTR pszLsSetupId, /* [string][in] */ LPTSTR pszLsServerName, /* [in] */ DWORD cbDomainSid, /* [size_is][in] */ PBYTE pbDomainSid, /* [ref][out][in] */ FILETIME __RPC_FAR *pftLastBackupTime, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcEndReplication( /* [in] */ PCONTEXT_HANDLE phContext )/*++
++*/{ return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcReplicateRecord( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][in] */ PTLSReplRecord pReplRecord, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcTableEnumBegin( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwSearchParam, /* [ref][in] */ PTLSReplRecord pRecord, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcTableEnumNext( /* [in] */ PCONTEXT_HANDLE phContext, /* [ref][out][in] */ PTLSReplRecord pRecord, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcTableEnumEnd( /* [in] */ PCONTEXT_HANDLE phContext )/*++
++*/{ return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcInstallPolicyModule( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][in] */ LPTSTR pszCompanyName, /* [string][in] */ LPTSTR pszProductId, /* [string][in] */ LPTSTR pszPolicyDllName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcAnnounceServer( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwAnnounceType, /* [in] */ FILETIME __RPC_FAR *pLastStartupTime, /* [string][in] */ LPTSTR pszSetupId, /* [string][in] */ LPTSTR pszDomainName, /* [string][in] */ LPTSTR pszLserverName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Private routine for other license server to announce presence of itself.
Parameters:
Returns:
Note:
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status = ERROR_SUCCESS; BOOL bSuccess = TRUE; DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcAnnounceServer\n"), lpContext->m_Client );
status = SecureModeCheck();
if(status != ERROR_SUCCESS ) { *pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK; }
InterlockedIncrement( &lpContext->m_RefCount ); //
// Verify it is a license server
//
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER) { status = TLS_E_ACCESS_DENIED; }
if( status == ERROR_SUCCESS && (dwAnnounceType == TLSANNOUNCE_TYPE_STARTUP || dwAnnounceType == TLSANNOUNCE_TYPE_RESPONSE) ) { status = TLSRegisterServerWithName( pszSetupId, pszDomainName, pszLserverName ); if(status == TLS_E_DUPLICATE_RECORD) { status = ERROR_SUCCESS; } }
if(status == ERROR_SUCCESS) { if(dwAnnounceType == TLSANNOUNCE_TYPE_STARTUP) { //
// Prevent loop back, use job to response announce
//
status = TLSStartAnnounceResponseJob( pszSetupId, pszDomainName, pszLserverName, &g_ftLastShutdownTime ); }
if(status == ERROR_SUCCESS) { // Create a CSSync workobject to sync. local LKP
status = TLSPushSyncLocalLkpToServer( pszSetupId, pszDomainName, pszLserverName, pLastStartupTime ); } else { // reset error code, can't connect back to server -
// server might be available anymore.
status = ERROR_SUCCESS; } }
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ANNOUNCE_SERVER; #endif
*pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcLookupServer( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][in] */ LPTSTR pszLookupSetupId, /* [size_is][string][out][in] */ LPTSTR pszLsSetupId, /* [out][in] */ PDWORD pcbSetupId, /* [size_is][string][out][in] */ LPTSTR pszDomainName, /* [ref][out][in] */ PDWORD pcbDomainName, /* [size_is][string][out][in] */ LPTSTR pszMachineName, /* [ref][out][in] */ PDWORD pcbMachineName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Look up a license server via a license server's setupId.
This function is deprecated. Use TLSRpcLookupServerFixed.
Parameters:
Returns:
Note:
++*/{ DWORD dwStatus = ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLookupServer\n"), lpContext->m_Client );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS ) { *pdwErrCode = TLSMapReturnCode(dwStatus); return RPC_S_OK; }
InterlockedIncrement( &lpContext->m_RefCount );
TLServerInfo ServerInfo;
if(_tcsicmp(pszLookupSetupId, g_pszServerPid) == 0) { _tcsncpy( pszLsSetupId, g_pszServerPid, min(_tcslen(g_pszServerPid), *pcbSetupId) );
if(*pcbSetupId <= _tcslen(g_pszServerPid)) { dwStatus = TLS_E_INVALID_DATA; } else { pszLsSetupId[min(_tcslen(g_pszServerPid), *pcbSetupId - 1)] = _TEXT('\0'); } *pcbSetupId = _tcslen(g_pszServerPid) + 1;
//--------------------------------------------------------------
_tcsncpy( pszDomainName, g_szScope, min(_tcslen(g_szScope), *pcbDomainName) );
if(*pcbDomainName <= _tcslen(g_szScope)) { dwStatus = TLS_E_INVALID_DATA; } else { pszDomainName[min(_tcslen(g_szScope), *pcbDomainName - 1)] = _TEXT('\0'); } *pcbDomainName = _tcslen(g_szScope) + 1;
//--------------------------------------------------------------
_tcsncpy( pszMachineName, g_szComputerName, min(_tcslen(g_szComputerName), *pcbMachineName) );
if(*pcbMachineName <= _tcslen(g_szComputerName)) { dwStatus = TLS_E_INVALID_DATA; } else { pszMachineName[min(_tcslen(g_szComputerName), *pcbMachineName - 1)] = _TEXT('\0'); } *pcbMachineName = _tcslen(g_szComputerName) + 1;
} else { dwStatus = TLSLookupRegisteredServer( pszLookupSetupId, NULL, pszMachineName, &ServerInfo ); if(dwStatus == ERROR_SUCCESS) { _tcsncpy( pszLsSetupId, ServerInfo.GetServerId(), min(_tcslen(ServerInfo.GetServerId()), *pcbSetupId) );
if(*pcbSetupId <= _tcslen(ServerInfo.GetServerId())) { dwStatus = TLS_E_INVALID_DATA; } else { pszLsSetupId[min(_tcslen(ServerInfo.GetServerId()), *pcbSetupId - 1)] = _TEXT('\0'); }
*pcbSetupId = _tcslen(ServerInfo.GetServerId()) + 1;
//--------------------------------------------------------------
_tcsncpy( pszDomainName, ServerInfo.GetServerDomain(), min(_tcslen(ServerInfo.GetServerDomain()), *pcbDomainName) ); if(*pcbDomainName <= _tcslen(ServerInfo.GetServerDomain())) { dwStatus = TLS_E_INVALID_DATA; } else { pszDomainName[min(_tcslen(ServerInfo.GetServerDomain()), *pcbDomainName - 1)] = _TEXT('\0'); } *pcbDomainName = _tcslen(ServerInfo.GetServerDomain()) + 1;
//--------------------------------------------------------------
_tcsncpy( pszMachineName, ServerInfo.GetServerName(), min(_tcslen(ServerInfo.GetServerName()), *pcbMachineName) );
if(*pcbMachineName <= _tcslen(ServerInfo.GetServerName())) { dwStatus = TLS_E_INVALID_DATA; } else { pszMachineName[min(_tcslen(ServerInfo.GetServerName()), *pcbMachineName - 1)] = _TEXT('\0'); } *pcbMachineName = _tcslen(ServerInfo.GetServerName()) + 1; } }
lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SERVERLOOKUP; #endif
*pdwErrCode = TLSMapReturnCode(dwStatus); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcLookupServerFixed( /* [in] */ PCONTEXT_HANDLE phContext, /* [string][in] */ LPTSTR szLookupSetupId, /* [string][out] */ LPTSTR *pszLsSetupId, /* [string][out] */ LPTSTR *pszDomainName, /* [string][out] */ LPTSTR *pszMachineName, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Look up a license server via a license server's setupId.
Parameters:
Returns:
Note:
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcLookupServerFixed\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
TLServerInfo ServerInfo; DWORD dwStatus = ERROR_SUCCESS;
if(_tcsicmp(szLookupSetupId, g_pszServerPid) == 0) { *pszLsSetupId = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszServerPid)+1)*sizeof(TCHAR));
if (NULL != *pszLsSetupId) { _tcscpy( *pszLsSetupId, g_pszServerPid ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; }
//--------------------------------------------------------------
*pszDomainName = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszScope)+1)*sizeof(TCHAR));
if (NULL != *pszDomainName) { _tcscpy( *pszDomainName, g_pszScope ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; }
//--------------------------------------------------------------
*pszMachineName = (LPTSTR) MIDL_user_allocate((_tcslen(g_szComputerName)+1)*sizeof(TCHAR));
if (NULL != *pszMachineName) { _tcscpy( *pszMachineName, g_szComputerName ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; } } else { dwStatus = TLSLookupRegisteredServer( szLookupSetupId, NULL, NULL, &ServerInfo ); if(dwStatus == ERROR_SUCCESS) { *pszLsSetupId = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerId())+1)*sizeof(TCHAR));
if (NULL != *pszLsSetupId) { _tcscpy( *pszLsSetupId, ServerInfo.GetServerId() ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; }
//--------------------------------------------------------------
*pszDomainName = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerDomain())+1)*sizeof(TCHAR));
if (NULL != *pszDomainName) { _tcscpy( *pszDomainName, ServerInfo.GetServerDomain() ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; }
//--------------------------------------------------------------
*pszMachineName = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerName())+1)*sizeof(TCHAR));
if (NULL != *pszMachineName) { _tcscpy( *pszMachineName, ServerInfo.GetServerName() ); } else { dwStatus = TLS_E_ALLOCATE_MEMORY; } } }
lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SERVERLOOKUP; #endif
*pdwErrCode = TLSMapReturnCode(dwStatus); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcAnnounceLicensePack( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ PTLSReplRecord pReplRecord, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Private routine for one license server to announce it has particular License Pack.
Parameters:
Returns:
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pReplRecord == NULL || pdwErrCode== NULL) { return RPC_S_INVALID_ARG; }
DWORD dwStatus=ERROR_SUCCESS; PTLSDbWorkSpace pDbWkSpace=NULL; TLSLICENSEPACK LicPack;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcAnnounceLicensePack\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS ) { goto cleanup; }
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER) { dwStatus = TLS_E_ACCESS_DENIED; goto cleanup; }
if(pReplRecord->dwUnionType != UNION_TYPE_LICENSEPACK) { dwStatus = TLS_E_INVALID_DATA; goto cleanup; }
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { dwStatus = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWkSpace); LicPack = pReplRecord->w.ReplLicPack; //
// TODO - verify input parameters
//
dwStatus = TLSDBRemoteKeyPackAdd( USEHANDLE(pDbWkSpace), &LicPack );
if(TLS_ERROR(dwStatus) && dwStatus != TLS_E_DUPLICATE_RECORD) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); }
FREEDBHANDLE(pDbWkSpace); cleanup:
lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ANNOUNCELICENSEPACK; #endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcReturnLicensedProduct( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ PTLSLicenseToBeReturn pClientLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
++*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pClientLicense == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD dwStatus=ERROR_SUCCESS; CTLSPolicy* pPolicy=NULL; PTLSDbWorkSpace pDbWorkSpace; PMHANDLE hClient;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcReturnLicensedProduct\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS ) { goto cleanup; }
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER) { dwStatus = TLS_E_ACCESS_DENIED; goto cleanup; }
pPolicy = AcquirePolicyModule( pClientLicense->pszCompanyName, pClientLicense->pszOrgProductId, FALSE );
if(pPolicy == NULL) { dwStatus = GetLastError(); goto cleanup; }
hClient = GenerateClientId();
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { dwStatus=TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWorkSpace); dwStatus = TLSReturnClientLicensedProduct( USEHANDLE(pDbWkSpace), hClient, pPolicy, pClientLicense ); if(TLS_ERROR(dwStatus)) { ROLLBACK_TRANSACTION(pDbWorkSpace); } else { COMMIT_TRANSACTION(pDbWorkSpace); } if (dwStatus == ERROR_SUCCESS) { TLSAnnounceLKPToAllRemoteServer(pClientLicense->dwKeyPackId,0); }
FREEDBHANDLE(pDbWorkSpace);
cleanup:
lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNLICENSE; #endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
if(pPolicy) { pPolicy->PMLicenseRequest( hClient, REQUEST_COMPLETE, UlongToPtr (dwStatus), NULL ); ReleasePolicyModule(pPolicy); }
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcChallengeServer( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwClientType, /* [in] */ PTLSCHALLENGEDATA pClientChallenge, /* [out][in] */ PTLSCHALLENGERESPONSEDATA* pServerResponse, /* [out][in] */ PTLSCHALLENGEDATA* pServerChallenge, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Private routine for client to challenge server in order for client confirm server's identity. License Server, in addition to response to client's challenge, also generate random challenge data based on client's self-declare type back to client.
Parameter:
phContext : Client's context handle. dwClientType : Client self-pronounce type, valid values are ... pClientChallenge : Client challenge data. pServerResponse : Server's responses to client's challenge. pServerChallenge : Server's challenge to client. pdwErrCode : Error code if failed.
Returns:
Notes:
Private routine for LrWiz and License Server to identify itself.
--*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS;
PTLSCHALLENGEDATA pChallenge=NULL; PTLSCHALLENGERESPONSEDATA pResponse = NULL; HCRYPTPROV hProv = NULL;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcChallengeServer\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
//if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
//{
// status = TLS_E_ACCESS_DENIED;
// goto cleanup;
//}
if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE) { status = TLS_E_INVALID_SEQUENCE; goto cleanup; }
//
// Input parameters...
//
if( pClientChallenge == NULL || pServerResponse == NULL || pServerChallenge == NULL ) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// Verify Data send by client
//
if( pClientChallenge->dwVersion != TLS_CURRENT_CHALLENGE_VERSION || pClientChallenge->cbChallengeData == 0 || pClientChallenge->pbChallengeData == NULL ) { status = TLS_E_INVALID_DATA; goto cleanup; }
pResponse = (PTLSCHALLENGERESPONSEDATA)midl_user_allocate(sizeof(TLSCHALLENGERESPONSEDATA)); if(pResponse == NULL) { status = GetLastError(); goto cleanup; } pChallenge = (PTLSCHALLENGEDATA)AllocateMemory(sizeof(TLSCHALLENGEDATA)); if(pChallenge == NULL) { status = GetLastError(); goto cleanup; }
*pServerChallenge = (PTLSCHALLENGEDATA)midl_user_allocate(sizeof(TLSCHALLENGEDATA)); if(*pServerChallenge == NULL) { status = GetLastError(); goto cleanup; }
//
// Generate Challenge response data
//
status = TLSGenerateChallengeResponseData( g_hCryptProv, dwClientType, pClientChallenge, &(pResponse->pbResponseData), &(pResponse->cbResponseData) ); *pServerResponse = pResponse;
if(status != ERROR_SUCCESS) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// Generate Server side challenge data
//
pChallenge->dwVersion = TLS_CURRENT_CHALLENGE_VERSION;
if (CryptAcquireContext(&hProv,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT)) { if (!CryptGenRandom(hProv,sizeof(pChallenge->dwRandom), (BYTE *) &pChallenge->dwRandom)) { status = TLS_E_INTERNAL; goto cleanup; } } else { status = TLS_E_INTERNAL; goto cleanup; }
//
// This must range from 1 to 128, as it's used as an offset into the
// challenge data buffer
//
pChallenge->dwRandom %= RANDOM_CHALLENGE_DATASIZE; pChallenge->dwRandom++;
status = TLSGenerateRandomChallengeData( g_hCryptProv, &(pChallenge->pbChallengeData), &(pChallenge->cbChallengeData) );
// base on type, mark this handle...
if(dwClientType == CLIENT_TYPE_LRWIZ) { lpContext->m_ContextType = CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE; } else { lpContext->m_ContextType = CONTEXTHANDLE_CHALLENGE_SERVER_TYPE; }
(*pServerChallenge)->pbChallengeData = (PBYTE)midl_user_allocate(pChallenge->cbChallengeData); if((*pServerChallenge)->pbChallengeData == NULL) { status = GetLastError(); goto cleanup; }
(*pServerChallenge)->dwVersion = TLS_CURRENT_CHALLENGE_VERSION; (*pServerChallenge)->dwRandom = pChallenge->dwRandom; (*pServerChallenge)->cbChallengeData = pChallenge->cbChallengeData; memcpy( (*pServerChallenge)->pbChallengeData, pChallenge->pbChallengeData, pChallenge->cbChallengeData );
lpContext->m_ContextHandle = (HANDLE)(pChallenge);
cleanup:
if(status != ERROR_SUCCESS) { if(pChallenge) { if(pChallenge->pbChallengeData) { FreeMemory(pChallenge->pbChallengeData); } if(pChallenge->pbReservedData) { FreeMemory(pChallenge->pbReservedData); }
FreeMemory(pChallenge); }
if(pResponse) { if(pResponse->pbResponseData) { FreeMemory(pResponse->pbResponseData); }
if(pResponse->pbReservedData) { FreeMemory(pResponse->pbReservedData); } midl_user_free(pResponse); } }
if (hProv) CryptReleaseContext(hProv,0);
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_CHALLENGESERVER; #endif
*pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcResponseServerChallenge( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ PTLSCHALLENGERESPONSEDATA pClientResponse, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
Abstract:
Client's responses to Server challenge returned TLSRpcChallengeServer(), must have call TLSRpcChallengeServer().
Parameter:
phContext: pClientResponses: Client's response to server's challenge. pdwErrCode : Return error code.
Returns:
Note:
--*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; DWORD dwClientType; PTLSCHALLENGEDATA pServerToClientChallenge;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcResponseServerChallenge\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
//if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
//{
// status = TLS_E_ACCESS_DENIED;
// goto cleanup;
//}
if( pClientResponse == NULL || pClientResponse->pbResponseData == NULL || pClientResponse->cbResponseData == 0 ) { status = TLS_E_INVALID_DATA; goto cleanup; }
if(lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_SERVER_TYPE && lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE) { status = TLS_E_INVALID_SEQUENCE; goto cleanup; }
if(lpContext->m_ContextHandle == NULL) { status = TLS_E_INTERNAL; goto cleanup; }
if(lpContext->m_ContextType == CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE) { dwClientType = CLIENT_TYPE_LRWIZ; } else { dwClientType = CLIENT_TYPE_TLSERVER; }
pServerToClientChallenge = (PTLSCHALLENGEDATA)lpContext->m_ContextHandle;
//
// base on client type, verify challenge response data
//
status = TLSVerifyChallengeResponse( g_hCryptProv, dwClientType, pServerToClientChallenge, pClientResponse );
if(status != ERROR_SUCCESS) { status = TLS_E_INVALID_DATA; } else { if(dwClientType == CLIENT_TYPE_LRWIZ) { lpContext->m_ClientFlags |= CLIENT_ACCESS_LRWIZ; } else { lpContext->m_ClientFlags |= CLIENT_ACCESS_LSERVER; } }
if(pServerToClientChallenge != NULL) { FreeMemory(pServerToClientChallenge->pbChallengeData); FreeMemory(pServerToClientChallenge); } lpContext->m_ContextHandle = NULL; lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
cleanup:
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RESPONSESERVERCHALLENGE; #endif
*pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcGetTlsPrivateData( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwPrivateDataType, /* [switch_is][in] */ PTLSPrivateDataUnion pSearchData, /* [ref][out][in] */ PDWORD pdwRetDataType, /* [switch_is][out] */ PTLSPrivateDataUnion __RPC_FAR *ppPrivateData, /* [ref][out][in] */ PDWORD pdwErrCode )
/*++
Abstract:
Retrieve license server's private data, this include Server's unique ID, PID, and registered SPK if any.
Parameters:
phContext : Client's context handle. dwPrivateDataType : Type of private data interested. pSearchData : Type of data to search, currently ignore. pdwRetDataType : Return data type. ppPrivateData : License Server's private data. pdwErrCode : Error Code.
Returns:
Note:
Only LrWiz and License Server can invoke this RPC call.
--*/
{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || pdwErrCode == NULL || pdwRetDataType == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; DWORD cbSource=0; PBYTE pbSource=NULL;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGetTlsPrivateData\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
//
// relax restriction on who can get private data
//
if( dwPrivateDataType != TLS_PRIVATEDATA_PID && dwPrivateDataType != TLS_PRIVATEDATA_UNIQUEID ) { if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ)) { status = TLS_E_ACCESS_DENIED; goto cleanup; } }
if( dwPrivateDataType < TLS_PRIVATEDATA_MIN || dwPrivateDataType > TLS_PRIVATEDATA_MAX ) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// Not supported yet...
//
if(dwPrivateDataType == TLS_PRIVATEDATA_INSTALLED_CERT) { status = TLS_E_NOTSUPPORTED; goto cleanup; } //
// Don't really need this but we might need to support
// re-generate of License Server ID
//
if(!AcquireAdministrativeLock(INFINITE)) { status = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
switch(dwPrivateDataType) { case TLS_PRIVATEDATA_UNIQUEID: pbSource = (PBYTE)g_pszServerUniqueId; cbSource = g_cbServerUniqueId; break;
case TLS_PRIVATEDATA_PID: pbSource = (PBYTE)g_pszServerPid; cbSource = g_cbServerPid; break;
case TLS_PRIVATEDATA_SPK: pbSource = g_pbServerSPK; cbSource = g_cbServerSPK; }
//
// Currently, what you ask is what you get.
//
*pdwRetDataType = dwPrivateDataType;
if( (dwPrivateDataType != TLS_PRIVATEDATA_SYSTEMLANGID) && (pbSource == NULL || cbSource == 0) ) { status = TLS_E_RECORD_NOTFOUND; } else { *ppPrivateData = (PTLSPrivateDataUnion)midl_user_allocate(sizeof(TLSPrivateDataUnion)); if(*ppPrivateData != NULL) { memset( *ppPrivateData, 0, sizeof(TLSPrivateDataUnion) );
if(*pdwRetDataType == TLS_PRIVATEDATA_SYSTEMLANGID) { (*ppPrivateData)->systemLangId = GetSystemDefaultLangID(); } else if(*pdwRetDataType == TLS_PRIVATEDATA_SPK) { (*ppPrivateData)->SPK.cbSPK = cbSource; (*ppPrivateData)->SPK.pbSPK = pbSource; (*ppPrivateData)->SPK.pCertExtensions = g_pCertExtensions;
//(*ppPrivateData)->SPK.pCertExtensions = (PTLSCERT_EXTENSIONS)midl_user_allocate(g_cbCertExtensions);
//memcpy(
// (*ppPrivateData)->SPK.pCertExtensions,
// g_pCertExtensions,
// g_cbCertExtensions
// );
} else { (*ppPrivateData)->BinaryData.cbData = cbSource; (*ppPrivateData)->BinaryData.pbData = pbSource; } } else { status = ERROR_OUTOFMEMORY; } }
ReleaseAdministrativeLock();
cleanup: lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_GETPRIVATEDATA; #endif
*pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcSetTlsPrivateData( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwPrivateDataType, /* [switch_is][in] */ PTLSPrivateDataUnion pPrivateData, /* [ref][out][in] */ PDWORD pdwErrCode )
/*++
Abstract:
Private routine for LrWiz to set license server's private data.
Parameter:
phContext: Client context handle. dwPrivateDataType : Type of private data to set. pPrivateData : Private data to set/install. pdwErrCode : Server return code. Returns:
Note:
Only support installing of SPK/Extension at this time.
--*/{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pPrivateData == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS; DWORD dwSpkVerifyResult;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcDepositeSPK\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
//
// Only support SPK at this time
//
if(dwPrivateDataType != TLS_PRIVATEDATA_SPK) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// Lock all RPC calls related to issuing certificate
//
if(!AcquireRPCExclusiveLock(INFINITE)) { status = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
do { //if(g_pbServerSPK != NULL && g_cbServerSPK != 0)
//{
// status = TLS_E_SPKALREADYEXIST;
// break;
//}
if(AcquireAdministrativeLock(INFINITE)) { status = TLSReGenSelfSignCert( g_hCryptProv, pPrivateData->SPK.pbSPK, pPrivateData->SPK.cbSPK, pPrivateData->SPK.pCertExtensions->cExtension, pPrivateData->SPK.pCertExtensions->rgExtension ); ReleaseAdministrativeLock(); } else { status = TLS_E_ALLOCATE_HANDLE; } } while(FALSE);
ReleaseRPCExclusiveLock();
cleanup:
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SETPRIVATEDATA; #endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcTriggerReGenKey( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ BOOL bRegenKey, /* [ref][out][in] */ PDWORD pdwErrCode )
/*++
Abstract:
Private routine to force license server to re-generate its public/private key pair, all installed certificates/SPK are deleted, User are required to re-register license server.
Parameters:
phContext : Client context handle. bKeepSPKAndExtension : For future use only. pdwErrCode : Return error code.
Returns:
++*/
{ LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
DWORD status=ERROR_SUCCESS;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcTriggerReGenKey\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
LPCTSTR pString[1];
pString[0] = lpContext->m_Client; TLSLogEventString( EVENTLOG_INFORMATION_TYPE, TLS_I_TRIGGER_REGENKEY, 1, pString );
//
// Block ALL RPC calls
//
if(!AcquireRPCExclusiveLock(INFINITE)) { status=TLS_E_ALLOCATE_HANDLE; goto cleanup; }
do { if(!AcquireAdministrativeLock(INFINITE)) { status = TLS_E_ALLOCATE_HANDLE; break; } status = TLSReGenKeysAndReloadServerCert( bRegenKey ); ReleaseAdministrativeLock();
} while(FALSE);
ReleaseRPCExclusiveLock();
cleanup: lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_TRIGGERREGENKEY; #endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcTelephoneRegisterLKP( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD cbData, /* [size_is][in] */ PBYTE pbData, /* [ref][out] */ PDWORD pdwErrCode )
/*++
--*/
{ DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL) { return RPC_S_INVALID_ARG; }
PTLSDbWorkSpace pDbWkSpace; LSKeyPack keypack;
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcTelephoneRegisterLKP\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount ); if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { status=TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWkSpace);
status = TLSDBTelephoneRegisterLicenseKeyPack( USEHANDLE(pDbWkSpace), g_pszServerPid, pbData, cbData, &keypack );
if(TLS_ERROR(status)) { ROLLBACK_TRANSACTION(pDbWkSpace); } else { COMMIT_TRANSACTION(pDbWkSpace); }
FREEDBHANDLE(pDbWkSpace);
//
// Post a sync work object
//
if(status == ERROR_SUCCESS) { if(TLSAnnounceLKPToAllRemoteServer( keypack.dwKeyPackId, 0 ) != ERROR_SUCCESS) { TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED); } }
cleanup:
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_TELEPHONEREGISTERLKP; #endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcAllocateInternetLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ const PTLSLICENSEREQUEST pRequest, /* [string][in] */ LPTSTR pMachineName, /* [string][in] */ LPTSTR pUserName, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallengeResponse, /* [out] */ PDWORD pcbLicense, /* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pbLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
--*/{ return TLSRpcRequestNewLicense( phContext, ChallengeContext, pRequest, pMachineName, pUserName, cbChallengeResponse, pbChallengeResponse, FALSE, pcbLicense, pbLicense, pdwErrCode );
}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcAllocateInternetLicenseEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ const CHALLENGE_CONTEXT ChallengeContext, /* [in] */ const PTLSLICENSEREQUEST pRequest, /* [string][in] */ LPTSTR pMachineName, /* [string][in] */ LPTSTR pUserName, /* [in] */ const DWORD cbChallengeResponse, /* [size_is][in] */ const PBYTE pbChallengeResponse, /* [ref][out] */ PTLSInternetLicense pInternetLicense, /* [ref][out] */ PDWORD pdwErrCode )/*++
--*/{ PBYTE pbLicense = NULL; DWORD cbLicense = 0; DWORD dwStatus = ERROR_SUCCESS; DWORD index = 0; PLICENSEDPRODUCT pLicensedProduct = NULL; DWORD dwNumLicensedProduct = 0; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL) { SetLastError(ERROR_INVALID_PARAMETER); goto cleanup; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcAllocateInternetLicenseEx\n"), lpContext->m_Client );
//
// Internally forward the request.
//
dwStatus = TLSRpcAllocateInternetLicense( phContext, ChallengeContext, pRequest, pMachineName, pUserName, cbChallengeResponse, pbChallengeResponse, &cbLicense, &pbLicense, pdwErrCode );
if(*pdwErrCode >= LSERVER_ERROR_BASE) { goto cleanup; }
//
// decode the license.
//
dwStatus = LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
//
// Internet license can only have one licensed product
//
if(dwStatus != LICENSE_STATUS_OK || dwNumLicensedProduct == 0 || dwNumLicensedProduct > 1) { dwStatus = TLS_E_INTERNAL; goto cleanup; }
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory( dwNumLicensedProduct * sizeof(LICENSEDPRODUCT) ); if(pLicensedProduct == NULL) { dwStatus = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
dwStatus = LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
if(dwStatus != LICENSE_STATUS_OK) { dwStatus = TLS_E_INTERNAL; goto cleanup; }
//
// Sets up returns.
//
SAFESTRCPY(pInternetLicense->szServerId, pLicensedProduct->szIssuerId); SAFESTRCPY(pInternetLicense->szServerName, pLicensedProduct->szIssuer); pInternetLicense->ulSerialNumber = pLicensedProduct->ulSerialNumber; pInternetLicense->dwQuantity = pLicensedProduct->dwQuantity;
cleanup:
if(NULL != lpContext) { lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ALLOCATEINTERNETLICNESEEX; #endif
} if(*pdwErrCode == ERROR_SUCCESS) { *pdwErrCode = TLSMapReturnCode(dwStatus); }
if(pLicensedProduct != NULL) { for(index =0; index < dwNumLicensedProduct; index++) { LSFreeLicensedProduct(pLicensedProduct+index); }
FreeMemory(pLicensedProduct); }
if(pbLicense != NULL) { midl_user_free(pbLicense); }
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcReturnInternetLicenseEx( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ const PTLSLICENSEREQUEST pRequest, /* [in] */ const ULARGE_INTEGER __RPC_FAR *pulSerialNumber, /* [in] */ DWORD dwQuantity, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
--*/{ DWORD dwStatus = ERROR_SUCCESS; TLSLicenseToBeReturn TobeReturn; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; PTLSDbWorkSpace pDbWorkSpace = NULL; CTLSPolicy* pPolicy = NULL; PMHANDLE hClient;
PMLICENSEREQUEST PMLicenseRequest; PPMLICENSEREQUEST pAdjustedRequest;
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+2]; TCHAR szProductId[LSERVER_MAX_STRING_SIZE+2];
if(VerifyLicenseRequest(pRequest) == FALSE) { SetLastError(dwStatus = TLS_E_INVALID_DATA); goto cleanup; }
if(lpContext == NULL || pdwErrCode == NULL) { SetLastError(dwStatus = ERROR_INVALID_PARAMETER); goto cleanup; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcReturnInternetLicenseEx\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS ) { goto cleanup; }
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST)) { dwStatus = TLS_E_ACCESS_DENIED; goto cleanup; }
memset(szCompanyName, 0, sizeof(szCompanyName)); memset(szProductId, 0, sizeof(szProductId));
memcpy( szCompanyName, pRequest->ProductInfo.pbCompanyName, min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR)) );
memcpy( szProductId, pRequest->ProductInfo.pbProductID, min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR)) );
//
// Allocate policy module, must have the right policy module to
// return license.
//
pPolicy = AcquirePolicyModule( szCompanyName, szProductId, TRUE );
if(pPolicy == NULL) { dwStatus = GetLastError(); goto cleanup; }
hClient = GenerateClientId();
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest( LICENSETYPE_LICENSE, pRequest, _TEXT(""), _TEXT(""), 0, &PMLicenseRequest );
//
// Ask policy module the actual product ID
//
dwStatus = pPolicy->PMLicenseRequest( hClient, REQUEST_NEW, (PVOID) &PMLicenseRequest, (PVOID *) &pAdjustedRequest );
memset(&TobeReturn, 0, sizeof(TobeReturn));
TobeReturn.dwQuantity = dwQuantity; TobeReturn.dwKeyPackId = pulSerialNumber->HighPart; TobeReturn.dwLicenseId = pulSerialNumber->LowPart; TobeReturn.dwPlatformID = pAdjustedRequest->dwPlatformId; TobeReturn.cbEncryptedHwid = pRequest->cbEncryptedHwid; TobeReturn.pbEncryptedHwid = pRequest->pbEncryptedHwid; TobeReturn.dwProductVersion = pAdjustedRequest->dwProductVersion; TobeReturn.pszOrgProductId = szProductId; TobeReturn.pszCompanyName = szCompanyName; TobeReturn.pszProductId = pAdjustedRequest->pszProductId;
//
// Allocate DB handle
//
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { dwStatus = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWorkSpace);
dwStatus = TLSReturnClientLicensedProduct( USEHANDLE(pDbWkSpace), hClient, pPolicy, &TobeReturn ); if(TLS_ERROR(dwStatus)) { ROLLBACK_TRANSACTION(pDbWorkSpace); } else { COMMIT_TRANSACTION(pDbWorkSpace); }
if(dwStatus == ERROR_SUCCESS) { TLSAnnounceLKPToAllRemoteServer(TobeReturn.dwKeyPackId,0); }
FREEDBHANDLE(pDbWorkSpace); cleanup:
if(NULL != lpContext) { lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNINTERNETLICENSEEX; #endif
} *pdwErrCode = TLSMapReturnCode(dwStatus);
if(pPolicy) { pPolicy->PMLicenseRequest( hClient, REQUEST_COMPLETE, UlongToPtr (dwStatus), NULL ); ReleasePolicyModule(pPolicy); }
return RPC_S_OK;}
////////////////////////////////////////////////////////////////////////////
error_status_t TLSRpcReturnInternetLicense( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD cbLicense, /* [size_is][in] */ PBYTE pbLicense, /* [ref][out][in] */ PDWORD pdwErrCode )/*++
--*/{ DWORD dwStatus = ERROR_SUCCESS; DWORD index = 0; PLICENSEDPRODUCT pLicensedProduct = NULL; DWORD dwNumLicensedProduct = 0; TLSLicenseToBeReturn TobeReturn; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; PTLSDbWorkSpace pDbWorkSpace = NULL; CTLSPolicy* pPolicy = NULL; PMHANDLE hClient;
if(lpContext == NULL || pdwErrCode == NULL) { SetLastError(dwStatus = ERROR_INVALID_PARAMETER); goto cleanup; }
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcReturnInternetLicense\n"), lpContext->m_Client );
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS ) { goto cleanup; }
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST)) { dwStatus = TLS_E_ACCESS_DENIED; goto cleanup; } // -------------------------------------------------------
// decode the license.
// -------------------------------------------------------
dwStatus = LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
// -------------------------------------------------------
// Internet license can only have one licensed product
// -------------------------------------------------------
if(dwStatus != LICENSE_STATUS_OK || dwNumLicensedProduct == 0 || dwNumLicensedProduct > 1) { dwStatus = TLS_E_INVALID_LICENSE; goto cleanup; }
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory( dwNumLicensedProduct * sizeof(LICENSEDPRODUCT) ); if(pLicensedProduct == NULL) { dwStatus = TLS_E_ALLOCATE_MEMORY; goto cleanup; }
dwStatus = LSVerifyDecodeClientLicense( pbLicense, cbLicense, g_pbSecretKey, g_cbSecretKey, &dwNumLicensedProduct, pLicensedProduct );
if(dwStatus != LICENSE_STATUS_OK) { dwStatus = TLS_E_INVALID_LICENSE; goto cleanup; }
TobeReturn.dwQuantity = pLicensedProduct->dwQuantity; TobeReturn.dwKeyPackId = pLicensedProduct->ulSerialNumber.HighPart; TobeReturn.dwLicenseId = pLicensedProduct->ulSerialNumber.LowPart; TobeReturn.dwPlatformID = pLicensedProduct->LicensedProduct.dwPlatformID; TobeReturn.cbEncryptedHwid = pLicensedProduct->LicensedProduct.cbEncryptedHwid; TobeReturn.pbEncryptedHwid = pLicensedProduct->LicensedProduct.pbEncryptedHwid; TobeReturn.dwProductVersion = MAKELONG( pLicensedProduct->pLicensedVersion->wMinorVersion, pLicensedProduct->pLicensedVersion->wMajorVersion );
TobeReturn.pszOrgProductId = (LPTSTR) pLicensedProduct->pbOrgProductID; TobeReturn.pszCompanyName = (LPTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbCompanyName; TobeReturn.pszProductId = (LPTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbProductID; TobeReturn.pszUserName = (LPTSTR) pLicensedProduct->szLicensedUser; TobeReturn.pszMachineName = pLicensedProduct->szLicensedClient;
//
// Allocate policy module, must have the right policy module to
// return license.
//
pPolicy = AcquirePolicyModule( TobeReturn.pszCompanyName, TobeReturn.pszOrgProductId, TRUE );
if(pPolicy == NULL) { dwStatus = GetLastError(); goto cleanup; }
hClient = GenerateClientId();
//
// Allocate DB handle
//
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout)) { dwStatus = TLS_E_ALLOCATE_HANDLE; goto cleanup; }
CLEANUPSTMT; BEGIN_TRANSACTION(pDbWorkSpace);
dwStatus = TLSReturnClientLicensedProduct( USEHANDLE(pDbWkSpace), hClient, pPolicy, &TobeReturn ); if(TLS_ERROR(dwStatus)) { ROLLBACK_TRANSACTION(pDbWorkSpace); } else { COMMIT_TRANSACTION(pDbWorkSpace); } if(dwStatus == ERROR_SUCCESS) { TLSAnnounceLKPToAllRemoteServer(TobeReturn.dwKeyPackId,0); }
FREEDBHANDLE(pDbWorkSpace); cleanup:
if(NULL != lpContext) { lpContext->m_LastError=dwStatus; InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNINTERNETLICENSE; #endif
}
*pdwErrCode = TLSMapReturnCode(dwStatus);
if(pLicensedProduct != NULL) { for(index =0; index < dwNumLicensedProduct; index++) { LSFreeLicensedProduct(pLicensedProduct+index); }
FreeMemory(pLicensedProduct); }
if(pPolicy) { pPolicy->PMLicenseRequest( hClient, REQUEST_COMPLETE, UlongToPtr (dwStatus), NULL ); ReleasePolicyModule(pPolicy); }
return RPC_S_OK;}
voidFixupNameAttr( DWORD dwNameAttrCount, CERT_RDN_ATTR rgNameAttr[]){
for (DWORD i = 0; i < dwNameAttrCount; i++) { if (rgNameAttr[i].Value.cbData == 0) rgNameAttr[i].Value.pbData = NULL; }
}
//----------------------------------------------------------------------------
error_status_t TLSRpcGenerateCustomerCert( /* [in] */ PCONTEXT_HANDLE phContext, /* [in] */ DWORD dwCertEncodingType, /* [in] */ DWORD dwNameAttrCount, /* [in, size_is(dwNameAttrCount)] */ CERT_RDN_ATTR rgNameAttr[], /* [out] */ DWORD *pcbCert, /* [out, size_is(,*pcbCert)] */ BYTE **ppbCert, /* [out] */ DWORD *pdwErrCode )/*++
Description:
This routine is for LRWiz to generate a certificate for a given customer
Arguments:
phContext - client context handle. dwCertEncodingType - See CryptSignCertificate docs dwNameAttrCount - Number of Name Attributes rgNameAttr - Array of Name Attributes pcbCert - Number of bytes in returned cert ppbCert - Returned cert pdwErrCode - Returned error value
Returns via pdwErrCode
++*/{ DWORD status=ERROR_SUCCESS; LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext; CERT_RDN rgRDN[] = {dwNameAttrCount, rgNameAttr}; CERT_NAME_INFO Name = {1, rgRDN}; CRYPT_ENCODE_PARA encodeParam; CERT_REQUEST_INFO CertReqInfo; PCERT_PUBLIC_KEY_INFO pPubKeyInfo=NULL; DWORD cbPubKeyInfo=0; CERT_SIGNED_CONTENT_INFO SignatureInfo; LPBYTE pbRequest=NULL; DWORD cbRequest=0; if(lpContext == NULL || pdwErrCode == NULL) { status = TLS_E_INVALID_DATA; goto cleanup; }
// BUGBUG: Must check that caller is admin, through proper impersonation
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN)) { status = TLS_E_ACCESS_DENIED; goto cleanup; }
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf( DBG_INFORMATION, DBG_FACILITY_RPC, DBGLEVEL_FUNCTION_TRACE, _TEXT("%s : TLSRpcGenerateCustomerCert\n"), lpContext->m_Client );
*pcbCert = 0; *ppbCert = NULL;
FixupNameAttr(dwNameAttrCount,rgNameAttr);
memset(&CertReqInfo, 0, sizeof(CertReqInfo)); CertReqInfo.dwVersion = CERT_REQUEST_V1;
encodeParam.cbSize = sizeof(encodeParam); encodeParam.pfnAlloc = MIDL_user_allocate; encodeParam.pfnFree = MIDL_user_free;
if(!CryptEncodeObjectEx( CRYPT_ASN_ENCODING, X509_NAME, &Name, CRYPT_ENCODE_ALLOC_FLAG, &encodeParam, &CertReqInfo.Subject.pbData, &CertReqInfo.Subject.cbData)) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// now get the public key out
//
if(!CryptExportPublicKeyInfo(g_hCryptProv, dwCertEncodingType, X509_ASN_ENCODING, NULL, &cbPubKeyInfo)) { status = TLS_E_NO_CERTIFICATE; goto cleanup; }
pPubKeyInfo=(PCERT_PUBLIC_KEY_INFO) MIDL_user_allocate(cbPubKeyInfo);
if ( NULL == pPubKeyInfo ) { status = ERROR_OUTOFMEMORY;
goto cleanup; }
if(!CryptExportPublicKeyInfo(g_hCryptProv, dwCertEncodingType, X509_ASN_ENCODING, pPubKeyInfo, &cbPubKeyInfo)) { status = TLS_E_NO_CERTIFICATE; goto cleanup; }
CertReqInfo.SubjectPublicKeyInfo = *pPubKeyInfo;
//
// Sign cert request
//
memset(&SignatureInfo, 0, sizeof(SignatureInfo));
SignatureInfo.SignatureAlgorithm.pszObjId = szOID_OIWSEC_sha1RSASign;
memset(&SignatureInfo.SignatureAlgorithm.Parameters, 0, sizeof(SignatureInfo.SignatureAlgorithm.Parameters));
if(!CryptEncodeObjectEx(CRYPT_ASN_ENCODING, X509_CERT_REQUEST_TO_BE_SIGNED, &CertReqInfo, CRYPT_ENCODE_ALLOC_FLAG, &encodeParam, &SignatureInfo.ToBeSigned.pbData, &SignatureInfo.ToBeSigned.cbData)) { status = TLS_E_INVALID_DATA; goto cleanup; }
if(!CryptSignCertificate( g_hCryptProv, dwCertEncodingType, CRYPT_ASN_ENCODING, SignatureInfo.ToBeSigned.pbData, SignatureInfo.ToBeSigned.cbData, &SignatureInfo.SignatureAlgorithm, NULL, NULL, &SignatureInfo.Signature.cbData)) { status = TLS_E_INVALID_DATA; goto cleanup; }
SignatureInfo.Signature.pbData = (BYTE *) MIDL_user_allocate(SignatureInfo.Signature.cbData);
if ( NULL == SignatureInfo.Signature.pbData ) { status = ERROR_OUTOFMEMORY;
goto cleanup; }
if(!CryptSignCertificate( g_hCryptProv, dwCertEncodingType, CRYPT_ASN_ENCODING, SignatureInfo.ToBeSigned.pbData, SignatureInfo.ToBeSigned.cbData, &SignatureInfo.SignatureAlgorithm, NULL, SignatureInfo.Signature.pbData, &SignatureInfo.Signature.cbData)) { status = TLS_E_INVALID_DATA; goto cleanup; }
//
// encode final signed request
//
if(!CryptEncodeObjectEx(CRYPT_ASN_ENCODING, X509_CERT, &SignatureInfo, CRYPT_ENCODE_ALLOC_FLAG, &encodeParam, &pbRequest, &cbRequest)) { status = TLS_E_INVALID_DATA; goto cleanup; }
*pcbCert = cbRequest; *ppbCert = pbRequest;
cleanup: if(CertReqInfo.Subject.pbData != NULL) { MIDL_user_free(CertReqInfo.Subject.pbData); }
if(pPubKeyInfo != NULL) { MIDL_user_free(pPubKeyInfo); }
if(SignatureInfo.ToBeSigned.pbData != NULL) { MIDL_user_free(SignatureInfo.ToBeSigned.pbData); }
if(SignatureInfo.Signature.pbData != NULL) { MIDL_user_free(SignatureInfo.Signature.pbData); }
lpContext->m_LastError=status; InterlockedDecrement( &lpContext->m_RefCount );
*pdwErrCode = TLSMapReturnCode(status); return RPC_S_OK;}
|
