Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

8033 lines
225 KiB

//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996-1996
//
// File: tlsrpc.c
//
// Contents: Various RPC function to accept client request
//
// History: 12-09-98 HueiWang Created
//
//---------------------------------------------------------------------------
#include "pch.cpp"
#include "server.h"
#include "gencert.h"
#include "kp.h"
#include "keypack.h"
#include "clilic.h"
#include "postjob.h"
#include "srvlist.h"
#include "utils.h"
#include "misc.h"
#include "licreq.h"
#include "server.h"
#include "init.h"
#include "globals.h"
#include "db.h"
#include "tlscert.h"
#include "permlic.h"
#include "remotedb.h"
#include <winsta.h>
BOOL g_bLockValid = FALSE;
CCMutex g_AdminLock;
CCMutex g_RpcLock;
CCEvent g_ServerShutDown(TRUE, FALSE);
extern PSECURITY_DESCRIPTOR g_pSecDes;
/****************************************************************************/
// TSLSRPCAccessCheck
//
// Check if this RPC caller havs access right or not
/****************************************************************************/
BOOL TSLSRPCAccessCheck()
{
RPC_STATUS rpcStatus;
HANDLE hClientToken = NULL;
DWORD dwStatus = ERROR_SUCCESS;
GENERIC_MAPPING GenericMapping = { STANDARD_RIGHTS_READ,
STANDARD_RIGHTS_EXECUTE,
STANDARD_RIGHTS_WRITE,
STANDARD_RIGHTS_ALL };
BYTE PrivilegeSetBuffer[sizeof(PRIVILEGE_SET) + 3*sizeof(LUID_AND_ATTRIBUTES)];
PPRIVILEGE_SET PrivilegeSet = (PPRIVILEGE_SET) PrivilegeSetBuffer;
ULONG PrivilegeSetLength = sizeof(PrivilegeSetBuffer);
ACCESS_MASK AccessGranted = 0;
BOOL AccessStatus = FALSE;
if(g_pSecDes == NULL)
return TRUE;
// Check the access right of this rpc call
rpcStatus = RpcImpersonateClient(0);
if (RPC_S_OK != rpcStatus)
{
dwStatus = E_FAIL;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("RpcImpersonateClient() failed\n")
);
goto cleanup;
}
// get the impersonated token
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hClientToken))
{
dwStatus = GetLastError();
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("OpenThreadToken() failed\n")
);
RpcRevertToSelf();
goto cleanup;
}
RpcRevertToSelf();
if (!AccessCheck(g_pSecDes,
hClientToken,
STANDARD_RIGHTS_READ,
&GenericMapping,
PrivilegeSet,
&PrivilegeSetLength,
&AccessGranted,
&AccessStatus))
{
dwStatus = GetLastError();
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("AccessCheck() failed\n")
);
goto cleanup;
}
cleanup:
if (hClientToken != NULL)
{
CloseHandle(hClientToken);
}
return AccessStatus;
}
/////////////////////////////////////////////////////////////////////////////////
DWORD
SecureModeCheck()
{
DWORD dwStatus = ERROR_SUCCESS;
BOOL AccessStatus = FALSE;
BOOL fInDomain = FALSE;
WCHAR *StringBinding = NULL;
WCHAR *ServerAddress = NULL;
RPC_BINDING_HANDLE ServerBinding = 0;
POLICY_TS_MACHINE groupPolicy;
RegGetMachinePolicy(&groupPolicy);
BOOL bSecureLicensing = FALSE;
if( groupPolicy.fPolicySecureLicensing == 1 && groupPolicy.fSecureLicensing == 1)
{
bSecureLicensing = TRUE;
}
if(bSecureLicensing == TRUE)
{
dwStatus = TLSInDomain(&fInDomain, NULL);
if(dwStatus == ERROR_SUCCESS && fInDomain == TRUE)
{
// Check this rpc access right
AccessStatus = TSLSRPCAccessCheck();
if (!AccessStatus)
{
// Determine client address.
dwStatus = RpcBindingServerFromClient(0, &ServerBinding);
if(dwStatus != RPC_S_OK)
{
return TLS_E_ACCESS_DENIED;
}
dwStatus = RpcBindingToStringBinding(ServerBinding, &StringBinding);
if( dwStatus != RPC_S_OK)
{
return TLS_E_ACCESS_DENIED;
}
dwStatus = RpcStringBindingParse(StringBinding, NULL, NULL, &ServerAddress, NULL, NULL);
if( dwStatus != RPC_S_OK)
{
return TLS_E_ACCESS_DENIED;
}
{
LPCTSTR rgString[] = {ServerAddress};
TLSLogEventString(
EVENTLOG_ERROR_TYPE,
TLS_E_LICENSE_ISSUANCE_ACCESS_DENIED,
1,
rgString);
}
return TLS_E_ACCESS_DENIED;
}
else
{
return ERROR_SUCCESS;
}
}
else
{
return ERROR_SUCCESS;
}
}
else
{
return ERROR_SUCCESS;
}
}
BOOL
VerifyLicenseRequest(
PTLSLICENSEREQUEST pLicenseRequest
)
/*++
--*/
{
BOOL bValid = FALSE;
if(pLicenseRequest == NULL)
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("VerifyLicenseRequest() invalid input\n")
);
goto cleanup;
}
if( pLicenseRequest->cbEncryptedHwid == 0 ||
pLicenseRequest->pbEncryptedHwid == NULL)
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("VerifyLicenseRequest() invalid HWID\n")
);
goto cleanup;
}
if( pLicenseRequest->ProductInfo.cbCompanyName == 0 ||
pLicenseRequest->ProductInfo.pbCompanyName == NULL )
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("VerifyLicenseRequest() invalid company name\n")
);
goto cleanup;
}
if( pLicenseRequest->ProductInfo.cbProductID == 0 ||
pLicenseRequest->ProductInfo.pbProductID == NULL )
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("VerifyLicenseRequest() invalid product id\n")
);
goto cleanup;
}
bValid = TRUE;
cleanup:
return bValid;
}
/////////////////////////////////////////////////////////////////////////////
BOOL
WaitForMyTurnOrShutdown(
HANDLE hHandle,
DWORD dwWaitTime
)
/*
*/
{
//
// Shutdown event is first one in the wait list
// reason is when service thread signal shutdow, at the same time,
// there might be a RPC call entering WaitForMultipleObjects() call and
// it will return WAIT_OBJECT_0 and continue on, this is not desirable
// since we want it to return can't get handle and exit RPC call immediately
//
HANDLE waitHandles[2]={g_ServerShutDown.hEvent, hHandle};
DWORD dwStatus;
//
// Could be return shutting down...
//
dwStatus=WaitForMultipleObjects(
sizeof(waitHandles)/sizeof(waitHandles[0]),
waitHandles,
FALSE,
dwWaitTime
);
return (dwStatus == WAIT_OBJECT_0 + 1) || (dwStatus == WAIT_ABANDONED_0 + 1);
}
//////////////////////////////////////////////////////
HANDLE
GetServiceShutdownHandle()
{
return g_ServerShutDown.hEvent;
}
void
ServiceSignalShutdown()
{
g_ServerShutDown.SetEvent();
}
void
ServiceResetShutdownEvent()
{
g_ServerShutDown.ResetEvent();
}
BOOL
IsServiceShuttingdown()
{
if(g_bLockValid == FALSE)
return TRUE;
else
return (WaitForSingleObject(g_ServerShutDown.hEvent, 0) == WAIT_OBJECT_0);
}
//////////////////////////////////////////////////////
BOOL
AcquireRPCExclusiveLock(
IN DWORD dwWaitTime
)
/*++
Abstract:
Acquire exclusive lock for RPC interface.
Parameter:
dwWaitTime : Wait time.
Return:
TRUE/FALSE
--*/
{
return WaitForMyTurnOrShutdown(
g_RpcLock.hMutex,
dwWaitTime
);
}
//////////////////////////////////////////////////////
void
ReleaseRPCExclusiveLock()
{
g_RpcLock.Unlock();
}
//////////////////////////////////////////////////////
BOOL
AcquireAdministrativeLock(
IN DWORD dwWaitTime
)
/*++
Abstract:
Acquire lock for administrative action.
Parameter:
dwWaitTime : Time to wait for the lock.
Returns:
TRUE/FALSE.
--*/
{
return WaitForMyTurnOrShutdown(
g_AdminLock.hMutex,
dwWaitTime
);
}
//////////////////////////////////////////////////////
void
ReleaseAdministrativeLock()
/*++
--*/
{
g_AdminLock.Unlock();
}
//-----------------------------------------------------------------------
DWORD
TLSVerifyHydraCertificate(
PBYTE pHSCert,
DWORD cbHSCert
)
/*
*/
{
DWORD dwStatus;
dwStatus = TLSVerifyProprietyChainedCertificate(
g_hCryptProv,
pHSCert,
cbHSCert
);
if(dwStatus != ERROR_SUCCESS)
{
Hydra_Server_Cert hCert;
memset(&hCert, 0, sizeof(Hydra_Server_Cert));
dwStatus=UnpackHydraServerCertificate(pHSCert, cbHSCert, &hCert);
if(dwStatus == LICENSE_STATUS_OK)
{
dwStatus=LicenseVerifyServerCert(&hCert);
if(hCert.PublicKeyData.pBlob)
free(hCert.PublicKeyData.pBlob);
if(hCert.SignatureBlob.pBlob)
free(hCert.SignatureBlob.pBlob);
}
}
return dwStatus;
}
//-------------------------------------------------------------------------
//
// General RPC routines
//
void * __RPC_USER
MIDL_user_allocate(size_t size)
{
void* ptr=AllocateMemory(size);
// DBGPrintf(0xFFFFFFFF, _TEXT("Allocate 0x%08x, size %d\n"), ptr, size);
return ptr;
}
void __RPC_USER
MIDL_user_free(void *pointer)
{
FreeMemory(pointer);
}
//-------------------------------------------------------------------------
BOOL
ValidContextHandle(
IN PCONTEXT_HANDLE phContext
)
/*++
Description:
Verify client context handle.
Arguments:
phContext - client context handle return from TLSRpcConnect().
Return:
TRUE/FALSE
++*/
{
#if DBG
BOOL bValid;
LPCLIENTCONTEXT lpClientContext = (LPCLIENTCONTEXT)phContext;
bValid = (lpClientContext->m_PreDbg[0] == 0xcdcdcdcd && lpClientContext->m_PreDbg[1] == 0xcdcdcdcd &&
lpClientContext->m_PostDbg[0] == 0xcdcdcdcd && lpClientContext->m_PostDbg[1] == 0xcdcdcdcd);
if(!bValid)
{
DBGPrintf(
DBG_ERROR,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("ValidContextHandle : Bad client context\n")
);
TLSASSERT(FALSE);
}
return bValid;
#else
return TRUE;
#endif
}
//-------------------------------------------------------------------------
void
__RPC_USER PCONTEXT_HANDLE_rundown(
PCONTEXT_HANDLE phContext
)
/*++
Description:
Client context handle cleanup, called when client disconnect normally
or abnormally, see context handle rundown routine help on RPC
Argument:
phContext - client context handle.
Returns:
None
++*/
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("PCONTEXT_HANDLE_rundown...\n")
);
TLSASSERT(phContext != NULL);
if(g_bLockValid == FALSE)
{
return;
}
//
// If service is shutting down, exit right away without freeing up memory,
//
// Durning shutdown, RPC wait until all call completed but it does not wait
// until all open connection has 'rundown' if client is still in enumeration,
// this will cause ReleaseWorkSpace() to assert. Instead of using one more
// HANDLE to wait until all open connection has been rundown, we return right
// away to speed up shutdown time
//
if( phContext && ValidContextHandle(phContext) )
{
LPCLIENTCONTEXT lpClientContext = (LPCLIENTCONTEXT)phContext;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("Disconnect from %s\n"),
lpClientContext->m_Client
);
assert(lpClientContext->m_RefCount == 0);
if( IsServiceShuttingdown() == FALSE )
{
switch(lpClientContext->m_ContextType)
{
case CONTEXTHANDLE_LICENSE_ENUM_TYPE:
{
PTLSDbWorkSpace pDbWkSpace = (PTLSDbWorkSpace)lpClientContext->m_ContextHandle;
if( IsValidAllocatedWorkspace(pDbWkSpace) == TRUE )
{
ReleaseWorkSpace(&pDbWkSpace);
}
}
break;
case CONTEXTHANDLE_KEYPACK_ENUM_TYPE:
{
LPENUMHANDLE hEnum=(LPENUMHANDLE)lpClientContext->m_ContextHandle;
if( IsValidAllocatedWorkspace(hEnum->pbWorkSpace) == TRUE )
{
TLSDBLicenseKeyPackEnumEnd(hEnum);
}
lpClientContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
lpClientContext->m_ContextHandle=NULL;
}
break;
case CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE:
{
LPTERMSERVCERTREQHANDLE lpHandle=(LPTERMSERVCERTREQHANDLE)lpClientContext->m_ContextHandle;
midl_user_free(lpHandle->pCertRequest);
midl_user_free(lpHandle->pbChallengeData);
FreeMemory(lpHandle);
}
break;
case CONTEXTHANDLE_CHALLENGE_SERVER_TYPE:
case CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE:
case CONTEXTHANDLE_CHALLENGE_TERMSRV_TYPE:
{
PTLSCHALLENGEDATA pChallengeData = (PTLSCHALLENGEDATA) lpClientContext->m_ContextHandle;
if(pChallengeData)
{
FreeMemory(pChallengeData->pbChallengeData);
FreeMemory(pChallengeData);
}
}
}
}
else
{
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("PCONTEXT_HANDLE_rundown while shutting down...\n")
);
}
if( lpClientContext->m_Client )
{
FreeMemory(lpClientContext->m_Client);
}
midl_user_free(lpClientContext);
}
return;
}
//----------------------------------------------------------------------------------
DWORD
GetClientPrivilege(
IN handle_t hRpcBinding
)
/*++
Description:
Return client's privilege level
Arguments:
hRpcBinding - Client's RPC binding handle.
Return:
Client's privilege level
++*/
{
DWORD dwStatus = CLIENT_ACCESS_USER;
BOOL bAdmin=FALSE;
RPC_STATUS rpc_status;
// If a value of zero is specified, the server impersonates the client that
// is being served by this server thread
rpc_status = RpcImpersonateClient(hRpcBinding);
if(rpc_status == RPC_S_OK)
{
IsAdmin(&bAdmin);
dwStatus = (bAdmin) ? CLIENT_ACCESS_ADMIN : CLIENT_ACCESS_USER;
rpc_status = RpcRevertToSelfEx(hRpcBinding);
}
return dwStatus;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcConnect(
/* [in] */ handle_t binding,
/* [out] */ PCONTEXT_HANDLE __RPC_FAR *pphContext
)
/*++
Description:
Connect client and allocate/return client context handle.
Arguments:
hRPCBinding - RPC binding handle
pphContext - client context handle.
Returns via dwErrCode.
RPC_S_ACCESS_DENIED or LSERVER_S_SUCCESS.
++*/
{
DWORD status=ERROR_SUCCESS;
DWORD dwPriv;
error_status_t t;
RPC_BINDING_HANDLE hClient=NULL;
WCHAR * pszRpcStrBinding=NULL;
LPTSTR pszClient=NULL;
if(RpcBindingServerFromClient(binding, &hClient) == RPC_S_OK)
{
status = RpcBindingToStringBinding( hClient, &pszRpcStrBinding );
RpcBindingFree(&hClient);
if (status != RPC_S_OK)
{
goto cleanup;
}
}
//
// need to load from resource file
//
pszClient = (LPTSTR)AllocateMemory(
(_tcslen((pszRpcStrBinding) ? pszRpcStrBinding : _TEXT("Unknown")) + 1) * sizeof(TCHAR)
);
if(pszClient == NULL)
{
status = ERROR_OUTOFMEMORY;
goto cleanup;
}
_tcscpy(pszClient,
(pszRpcStrBinding) ? pszRpcStrBinding : _TEXT("Unknown")
);
if(pszRpcStrBinding)
{
RpcStringFree(&pszRpcStrBinding);
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("Connect from client %s\n"),
pszClient
);
dwPriv=GetClientPrivilege(binding);
LPCLIENTCONTEXT lpContext;
lpContext=(LPCLIENTCONTEXT)midl_user_allocate(sizeof(CLIENTCONTEXT));
if(lpContext == NULL)
{
status = ERROR_OUTOFMEMORY;
goto cleanup;
}
#if DBG
lpContext->m_LastCall = RPC_CALL_CONNECT;
lpContext->m_PreDbg[0] = 0xcdcdcdcd;
lpContext->m_PreDbg[1] = 0xcdcdcdcd;
lpContext->m_PostDbg[0] = 0xcdcdcdcd;
lpContext->m_PostDbg[1] = 0xcdcdcdcd;
#endif
lpContext->m_Client = pszClient;
lpContext->m_RefCount = 0;
*pphContext=lpContext;
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
lpContext->m_ClientFlags = dwPriv;
cleanup:
if(status != ERROR_SUCCESS)
{
FreeMemory(pszClient);
}
t = TLSMapReturnCode(status);
return t;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcDisconnect(
/* [out][in] */ PPCONTEXT_HANDLE pphContext
)
/*++
Description:
Disconnect client and FreeMemory all memory allocated on the behalf of client
Arguments:
pphContext - pointer to client context handle
Returns:
LSERVER_S_SUCCESS or ERROR_INVALID_HANDLE
++*/
{
DWORD Status=ERROR_SUCCESS;
if( (pphContext == NULL) || (!ValidContextHandle(*pphContext)) || (*pphContext == NULL) )
{
Status = ERROR_INVALID_HANDLE;
}
else
{
PCONTEXT_HANDLE_rundown(*pphContext);
*pphContext = NULL;
}
return TLSMapReturnCode(Status);
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetVersion(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ PDWORD pdwVersion
)
/*++
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwVersion == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetVersion\n"),
lpContext->m_Client
);
if(TLSIsBetaNTServer() == TRUE)
{
*pdwVersion = TLS_CURRENT_VERSION;
}
else
{
*pdwVersion = TLS_CURRENT_VERSION_RTM;
}
if(g_SrvRole & TLSERVER_ENTERPRISE_SERVER)
{
*pdwVersion |= TLS_VERSION_ENTERPRISE_BIT;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("%s : TLSRpcGetVersion return 0x%08x\n"),
lpContext->m_Client,
*pdwVersion
);
InterlockedDecrement( &lpContext->m_RefCount );
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetSupportFlags(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out] */ DWORD *pdwSupportFlags
)
/*++
++*/
{
error_status_t status = RPC_S_OK;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetSupportFlags\n"),
lpContext->m_Client
);
if (NULL != pdwSupportFlags)
{
*pdwSupportFlags = ALL_KNOWN_SUPPORT_FLAGS;
}
else
{
status = ERROR_INVALID_PARAMETER;
}
InterlockedDecrement( &lpContext->m_RefCount );
return status;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcSendServerCertificate(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD cbCert,
/* [size_is][in] */ PBYTE pbCert,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
This routine is for License Server to identify hydra server, hydra server
need to send its certificate in order to gain certificate request privilege.
Arguments:
phContext - client context handle.
cbCert - size of hydra server certificate.
pbCert - hydra server's self-created certificate.
dwErrCode - return code.
Returns via dwErrCode
LSERVER_E_INVALID_DATA.
++*/
{
DWORD status=ERROR_SUCCESS;
BOOL fInDomain = FALSE;
WCHAR *StringBinding = NULL;
WCHAR *ServerAddress = NULL;
RPC_BINDING_HANDLE ServerBinding = 0;
status = SecureModeCheck();
if(dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
if(status != ERROR_SUCCESS )
{
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcSendServerCertificate\n"),
lpContext->m_Client
);
if(pbCert == NULL || cbCert == 0 ||
TLSVerifyHydraCertificate(pbCert, cbCert) != LICENSE_STATUS_OK)
{
DBGPrintf(
DBG_WARNING,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("TLSRpcSendServerCertificate : client %s send invalid certificate\n"),
lpContext->m_Client
);
status = TLS_E_INVALID_DATA;
}
else
{
lpContext->m_ClientFlags |= CLIENT_ACCESS_REQUEST;
}
// midl_user_free(pbCert);
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SEND_CERTIFICATE;
#endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetServerName(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [size_is][string][out][in] */ LPTSTR szMachineName,
/* [out][in] */ PDWORD cbSize,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Return server's machine name.
This function is deprecated. Use TLSRpcGetServerNameFixed.
Arguments:
phContext - Client context handle
szMachineName - return server's machine name, must be at least
MAX_COMPUTERNAME_LENGTH + 1 in length
Return:
TLS_E_INVALID_DATA - buffer size too small.
++*/
{
TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH+2];
DWORD dwBufferSize=MAX_COMPUTERNAME_LENGTH+1;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerName\n"),
lpContext->m_Client
);
if ((!(lpContext->m_ClientFlags & CLIENT_ACCESS_LSERVER)) && (lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_SERVER_TYPE))
{
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
return RPC_S_OK;
}
*dwErrCode = ERROR_SUCCESS;
if(!GetComputerName(szComputerName, &dwBufferSize))
{
*dwErrCode = GetLastError();
}
//
// return buffer must be big enough for NULL,
// dwBufferSize return does not include NULL.
//
if(*cbSize <= dwBufferSize)
{
DBGPrintf(
DBG_WARNING,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("TLSRpcGetServerName : Client %s invalid parameter\n"),
lpContext->m_Client
);
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
}
else
{
_tcsncpy(szMachineName, szComputerName, min(_tcslen(szComputerName), *cbSize));
szMachineName[min(_tcslen(szComputerName), *cbSize - 1)] = _TEXT('\0');
}
*cbSize = _tcslen(szComputerName) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME;
#endif
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetServerNameEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [size_is][string][out][in] */ LPTSTR szMachineName,
/* [out][in] */ PDWORD cbSize,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Return server's machine name.
This function is deprecated. Use TLSRpcGetServerNameFixed.
Arguments:
phContext - Client context handle
szMachineName - return server's machine name, must be at least
MAX_COMPUTERNAME_LENGTH + 1 in length
Return:
TLS_E_INVALID_DATA - buffer size too small.
++*/
{
TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH+2];
DWORD dwBufferSize=MAX_COMPUTERNAME_LENGTH+1;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerNameEx\n"),
lpContext->m_Client
);
*dwErrCode = ERROR_SUCCESS;
if(!GetComputerName(szComputerName, &dwBufferSize))
{
*dwErrCode = GetLastError();
}
//
// return buffer must be big enough for NULL,
// dwBufferSize return does not include NULL.
//
if(*cbSize <= dwBufferSize)
{
DBGPrintf(
DBG_WARNING,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("TLSRpcGetServerNameEx : Client %s invalid parameter\n"),
lpContext->m_Client
);
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
}
else
{
_tcsncpy(szMachineName, szComputerName, min(_tcslen(szComputerName), *cbSize));
szMachineName[min(_tcslen(szComputerName), *cbSize - 1)] = _TEXT('\0');
}
*cbSize = _tcslen(szComputerName) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME;
#endif
return RPC_S_OK;
}
//---------------------------------------------------------------------------
error_status_t
TLSRpcGetServerNameFixed(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][out] */ LPTSTR *pszMachineName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Return server's machine name.
Arguments:
phContext - Client context handle
pszMachineName - return server's machine name
Return:
++*/
{
TCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD cchComputerName = sizeof(szComputerName) / sizeof(TCHAR);
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if((lpContext == NULL) || (NULL == pszMachineName) || (NULL == pdwErrCode))
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerNameFixed\n"),
lpContext->m_Client
);
*pszMachineName = NULL;
if(!GetComputerName(szComputerName, &cchComputerName))
{
*pdwErrCode = GetLastError();
}
else
{
*pszMachineName = (LPTSTR) MIDL_user_allocate((cchComputerName+1) * sizeof(TCHAR));
if (NULL != *pszMachineName)
{
_tcscpy(*pszMachineName,szComputerName);
*pdwErrCode = ERROR_SUCCESS;
}
else
{
*pdwErrCode = TLSMapReturnCode(TLS_E_ALLOCATE_MEMORY);
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERNAME;
#endif
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetServerScope(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [size_is][string][out][in] */ LPTSTR szScopeName,
/* [out][in] */ PDWORD cbSize,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Return License Server's scope
This function is deprecated. Use TLSRpcGetServerScopeFixed.
Arguments:
phContext - Client context
szScopeName - return server's scope, must be at least
MAX_COMPUTERNAME_LENGTH in length
Return:
LSERVER_S_SUCCESS or error code from WideCharToMultiByte()
TLS_E_INVALID_DATA - buffer size too small.
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerScope\n"),
lpContext->m_Client
);
*dwErrCode = ERROR_SUCCESS;
if(*cbSize <= _tcslen(g_pszScope))
{
*dwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
}
else
{
_tcsncpy(szScopeName, g_pszScope, min(_tcslen(g_pszScope), *cbSize));
szScopeName[min(_tcslen(g_pszScope), *cbSize-1)] = _TEXT('\0');
}
*cbSize = _tcslen(g_pszScope) + 1; // include NULL terminate string
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERSCOPE;
#endif
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetServerScopeFixed(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][out] */ LPTSTR *pszScopeName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Return License Server's scope
Arguments:
phContext - Client context
szScopeName - return server's scope
Return:
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if((lpContext == NULL) || (NULL == pszScopeName) || (NULL == pdwErrCode))
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerScopeFixed\n"),
lpContext->m_Client
);
*pszScopeName = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszScope)+1) * sizeof(TCHAR));
if (NULL != *pszScopeName)
{
_tcscpy(*pszScopeName, g_pszScope);
}
*pdwErrCode = ERROR_SUCCESS;
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_SERVERSCOPE;
#endif
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetInfo(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD cbHSCert,
/* [size_is][in] */ PBYTE pHSCert,
/* [ref][out] */ DWORD __RPC_FAR *pcbLSCert,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pLSCert,
/* [ref][out] */ DWORD __RPC_FAR *pcbLSSecretKey,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pLSSecretKey,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Routine to exchange Hydra server's certificate and License server's
certificate/private key for signing client machine's hardware ID.
Arguments:
phContext - client context handle
cbHSCert - size of Hydra Server's certificate
pHSCert - Hydra Server's certificate
pcbLSCert - return size of License Server's certificate
pLSCert - return License Server's certificate
pcbLSSecretKey - return size of License Server's private key.
pLSSecretKey - retrun License Server's private key
Return Value:
LSERVER_S_SUCCESS success
LSERVER_E_INVALID_DATA Invalid hydra server certificate
LSERVER_E_OUTOFMEMORY Can't allocate required memory
TLS_E_INTERNAL Internal error occurred in License Server
++*/
{
return TLSMapReturnCode(TLS_E_NOTSUPPORTED);;
}
//-------------------------------------------------------------------------------
#define RANDOM_CHALLENGE_DATA _TEXT("TEST")
DWORD
TLSGenerateChallengeData(
IN DWORD ClientInfo,
OUT PDWORD pcbChallengeData,
IN OUT PBYTE* pChallengeData
)
{
DWORD hr=ERROR_SUCCESS;
if( pcbChallengeData == NULL || pChallengeData == NULL )
{
SetLastError(hr=E_INVALIDARG);
return hr;
}
*pcbChallengeData = (_tcslen(RANDOM_CHALLENGE_DATA) + 1) * sizeof(WCHAR);
*pChallengeData=(PBYTE)midl_user_allocate(*pcbChallengeData);
if(*pChallengeData)
{
memcpy(*pChallengeData, RANDOM_CHALLENGE_DATA, *pcbChallengeData);
}
else
{
SetLastError(hr=ERROR_OUTOFMEMORY);
}
return hr;
}
//++----------------------------------------------------------------------------
DWORD
TLSVerifyChallengeDataGetWantedLicenseLevel(
IN const CHALLENGE_CONTEXT ChallengeContext,
IN const DWORD cbChallengeData,
IN const PBYTE pbChallengeData,
OUT WORD* pwLicenseDetail
)
/*++
--*/
{
DWORD dwStatus = ERROR_SUCCESS;
if(pwLicenseDetail == NULL)
{
return E_INVALIDARG;
}
DWORD dwChallengeDataSize = (_tcslen(RANDOM_CHALLENGE_DATA) + 1) * sizeof(WCHAR);
PPlatformChallengeResponseData pChallengeResponse;
if( cbChallengeData < dwChallengeDataSize || pbChallengeData == NULL )
{
//
// Assume old client, new client always send back our challenge data
//
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE;
}
else if( cbChallengeData == dwChallengeDataSize &&
_tcsicmp( (LPCTSTR)pbChallengeData, RANDOM_CHALLENGE_DATA ) == 0 )
{
//
// old client, set license chain to LICENSE_DETAIL_SIMPLE
//
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE;
}
else
{
BOOL bValidStruct = TRUE;
//
// we still don't have a good challenge so ignore actual verification
//
pChallengeResponse = (PPlatformChallengeResponseData) pbChallengeData;
bValidStruct = (pChallengeResponse->wVersion == CURRENT_PLATFORMCHALLENGE_VERSION);
if( bValidStruct == TRUE )
{
bValidStruct = (pChallengeResponse->cbChallenge + offsetof(PlatformChallengeResponseData, pbChallenge) == cbChallengeData);
}
if (bValidStruct == TRUE )
{
if( pChallengeResponse->wClientType == WIN32_PLATFORMCHALLENGE_TYPE ||
pChallengeResponse->wClientType == WIN16_PLATFORMCHALLENGE_TYPE ||
pChallengeResponse->wClientType == WINCE_PLATFORMCHALLENGE_TYPE ||
pChallengeResponse->wClientType == OTHER_PLATFORMCHALLENGE_TYPE )
{
bValidStruct = TRUE;
}
else
{
bValidStruct = FALSE;
}
}
if( bValidStruct == TRUE )
{
if( pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_SIMPLE ||
pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_MODERATE ||
pChallengeResponse->wLicenseDetailLevel == LICENSE_DETAIL_DETAIL )
{
bValidStruct = TRUE;
}
else
{
bValidStruct = FALSE;
}
}
//
// For now, we simply let it go thru, assert or deny request once
// we settle down of challenge
//
if( bValidStruct == FALSE )
{
// bad data, assume old client
*pwLicenseDetail = LICENSE_DETAIL_SIMPLE;
}
//else if( pChallengeResponse->wClientType == WINCE_PLATFORMCHALLENGE_TYPE )
//{
//
// UN-comment this to limit WINCE to get a self-signed certificate
//
// *pwLicenseDetail = LICENSE_DETAIL_SIMPLE;
//}
else
{
*pwLicenseDetail = pChallengeResponse->wLicenseDetailLevel;
}
}
return dwStatus;
}
//++----------------------------------------------------------------------------
error_status_t
TLSRpcIssuePlatformChallenge(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwClientInfo,
/* [ref][out] */ PCHALLENGE_CONTEXT pChallengeContext,
/* [out] */ PDWORD pcbChallengeData,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pChallengeData,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Issue a platform challenge to hydra client.
Arguments:
phContext - client context handle
dwClientInfo - client info.
pChallengeContext - pointer to client challenge context.
pcbChallengeData - size of challenge data.
pChallengeData - random client challenge data.
Returns via dwErrCode:
LSERVER_S_SUCCESS
LSERVER_E_OUTOFMEMORY Out of memory
LSERVER_E_INVALID_DATA Invalid client info.
LSERVER_E_SERVER_BUSY Server is busy
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pcbChallengeData == NULL || pChallengeData == NULL)
{
return RPC_S_INVALID_ARG;
}
LPCLIENTCHALLENGECONTEXT lpChallenge=NULL;
DWORD status=ERROR_SUCCESS;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcIssuePlatformChallenge\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
do {
status=TLSGenerateChallengeData(
dwClientInfo,
pcbChallengeData,
pChallengeData
);
if(status != ERROR_SUCCESS)
{
break;
}
*pChallengeContext = dwClientInfo;
} while (FALSE);
if(status != ERROR_SUCCESS)
{
if(*pChallengeData)
{
midl_user_free(*pChallengeData);
*pChallengeData = NULL;
}
*pcbChallengeData=0;
}
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_ISSUEPLATFORMCHLLENGE;
#endif
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcRequestNewLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [string][in] */ LPTSTR szMachineName,
/* [string][in] */ LPTSTR szUserName,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallenge,
/* [in] */ BOOL bAcceptTemporaryLicense,
/* [out] */ PDWORD pcbLicense,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Routine to issue new license to hydra client based on product requested,
it returns existing license if client already has a license and the
license is not expired/returned/revoked, if request product has not been
installed, it will issue a temporary license, if license found is temporary
or expired, it will tried to upgrade/re-issue a new license with latest
version of requested product, if the existing license is temporary and
no license can be issued, it returns LSERVER_E_LICENSE_EXPIRED
Arguments:
phContext - client context handle.
ChallengeContext - client challenge context handle, return from
call TLSRpcIssuePlatformChallenge()
pRequest - product license request.
pMachineName - client's machine name.
pUserName - client user name.
cbChallengeResponse - size of the client's response to license server's
platform challenge.
pbChallenge - client's response to license server's platform challenge
bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE otherwise.
pcbLicense - size of return license.
ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_OUTOFMEMORY
LSERVER_E_SERVER_BUSY Server is busy to process request.
LSERVER_E_INVALID_DATA Invalid platform challenge response.
LSERVER_E_NO_LICENSE No license available.
LSERVER_E_NO_PRODUCT Request product is not installed on server.
LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server
LSERVER_E_LICENSE_REVOKED Old license found and has been revoked
LSERVER_E_LICENSE_EXPIRED Request product's license has expired
LSERVER_E_CORRUPT_DATABASE Corrupted database.
LSERVER_E_INTERNAL_ERROR Internal error in license server
LSERVER_I_PROXIMATE_LICENSE Closest match license returned.
LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued
LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.
++*/
{
DWORD dwSupportFlags = 0;
return TLSRpcRequestNewLicenseEx(
phContext,
&dwSupportFlags,
ChallengeContext,
pRequest,
szMachineName,
szUserName,
cbChallengeResponse,
pbChallenge,
bAcceptTemporaryLicense,
1, // dwQuantity
pcbLicense,
ppbLicense,
pdwErrCode
);
}
error_status_t
TLSRpcRequestNewLicenseEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in, out] */ DWORD *pdwSupportFlags,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [string][in] */ LPTSTR szMachineName,
/* [string][in] */ LPTSTR szUserName,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallenge,
/* [in] */ BOOL bAcceptTemporaryLicense,
/* [in] */ DWORD dwQuantity,
/* [out] */ PDWORD pcbLicense,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Routine to issue new license to hydra client based on product requested
and input support flags.
*pdwSupportFlags == 0:
it returns existing license if client already has a license and the
license is not expired/returned/revoked, if request product has not
been installed, it will issue a temporary license, if license found is
temporary or expired, it will tried to upgrade/re-issue a new license
with latest version of requested product, if the existing license is
temporary and no license can be issued, it returns
LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON:
For non-per-seat licenses, it behaves as if the flag wasn't set.
For per-seat licenses, if bAcceptTemporaryLicense is TRUE, it always
returns a temporary license. If bAcceptTemporaryLicense if FALSE, it
returns LSERVER_E_NO_LICENSE.
Arguments:
phContext - client context handle.
pdwSupportFlags - on input, abilities supported by TS. on output,
abilities supported by both TS and LS
ChallengeContext - client challenge context handle, return from
call TLSRpcIssuePlatformChallenge()
pRequest - product license request.
pMachineName - client's machine name.
pUserName - client user name.
cbChallengeResponse - size of the client's response to license server's
platform challenge.
pbChallenge - client's response to license server's platform challenge
bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE
otherwise.
dwQuantity - number of licenses to allocate
pcbLicense - size of return license.
ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_OUTOFMEMORY
LSERVER_E_SERVER_BUSY Server is busy to process request.
LSERVER_E_INVALID_DATA Invalid platform challenge response.
LSERVER_E_NO_LICENSE No license available.
LSERVER_E_NO_PRODUCT Request product is not installed on server.
LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server
LSERVER_E_LICENSE_REVOKED Old license found and has been revoked
LSERVER_E_LICENSE_EXPIRED Request product's license has expired
LSERVER_E_CORRUPT_DATABASE Corrupted database.
LSERVER_E_INTERNAL_ERROR Internal error in license server
LSERVER_I_PROXIMATE_LICENSE Closest match license returned.
LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued
LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.
++*/
{
return TLSRpcRequestNewLicenseExEx(
phContext,
pdwSupportFlags,
ChallengeContext,
pRequest,
szMachineName,
szUserName,
cbChallengeResponse,
pbChallenge,
bAcceptTemporaryLicense,
FALSE, // bAcceptFewerLicense
&dwQuantity,
pcbLicense,
ppbLicense,
pdwErrCode
);
}
error_status_t
TLSRpcRequestNewLicenseExEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in, out] */ DWORD *pdwSupportFlags,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [string][in] */ LPTSTR szMachineName,
/* [string][in] */ LPTSTR szUserName,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallenge,
/* [in] */ BOOL bAcceptTemporaryLicense,
/* [in] */ BOOL bAcceptFewerLicenses,
/* [in,out] */ DWORD *pdwQuantity,
/* [out] */ PDWORD pcbLicense,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *ppbLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Routine to issue new license to hydra client based on product requested
and input support flags.
*pdwSupportFlags == 0:
it returns existing license if client already has a license and the
license is not expired/returned/revoked, if request product has not
been installed, it will issue a temporary license, if license found is
temporary or expired, it will tried to upgrade/re-issue a new license
with latest version of requested product, if the existing license is
temporary and no license can be issued, it returns
LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON:
For non-per-seat licenses, it behaves as if the flag wasn't set.
For per-seat licenses, if bAcceptTemporaryLicense is TRUE, it always
returns a temporary license. If bAcceptTemporaryLicense if FALSE, it
returns LSERVER_E_NO_LICENSE.
Arguments:
phContext - client context handle.
pdwSupportFlags - on input, abilities supported by TS. on output,
abilities supported by both TS and LS
ChallengeContext - client challenge context handle, return from
call TLSRpcIssuePlatformChallenge()
pRequest - product license request.
pMachineName - client's machine name.
pUserName - client user name.
cbChallengeResponse - size of the client's response to license server's
platform challenge.
pbChallenge - client's response to license server's platform challenge
bAcceptTemporaryLicense - TRUE if client wants temp. license FALSE
otherwise.
bAcceptFewerLicenses - TRUE if succeeding with fewer licenses than
requested is acceptable
pdwQuantity - on input, number of licenses to allocate. on output,
number of licenses actually allocated
pcbLicense - size of return license.
ppLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_OUTOFMEMORY
LSERVER_E_SERVER_BUSY Server is busy to process request.
LSERVER_E_INVALID_DATA Invalid platform challenge response.
LSERVER_E_NO_LICENSE No license available.
LSERVER_E_NO_PRODUCT Request product is not installed on server.
LSERVER_E_LICENSE_REJECTED License request is rejected by cert. server
LSERVER_E_LICENSE_REVOKED Old license found and has been revoked
LSERVER_E_LICENSE_EXPIRED Request product's license has expired
LSERVER_E_CORRUPT_DATABASE Corrupted database.
LSERVER_E_INTERNAL_ERROR Internal error in license server
LSERVER_I_PROXIMATE_LICENSE Closest match license returned.
LSERVER_I_TEMPORARY_LICENSE Temporary license has been issued
LSERVER_I_LICENSE_UPGRADED Old license has been upgraded.
++*/
{
PMHANDLE hClient;
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL)
{
return RPC_S_INVALID_ARG;
}
TCHAR szUnknown[LSERVER_MAX_STRING_SIZE+1];
TCHAR szClientMachineName[LSERVER_MAX_STRING_SIZE];
TCHAR szClientUserName[LSERVER_MAX_STRING_SIZE];
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+1];
TCHAR szProductId[LSERVER_MAX_STRING_SIZE+1];
TLSForwardNewLicenseRequest Forward;
TLSDBLICENSEREQUEST LsLicenseRequest;
CTLSPolicy* pPolicy=NULL;
PMLICENSEREQUEST PMLicenseRequest;
PPMLICENSEREQUEST pAdjustedRequest;
BOOL bForwardRequest = TRUE;
#ifdef DBG
DWORD dwStartTime=GetTickCount();
#endif
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcRequestNewLicense\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if ((NULL == pdwQuantity) || (0 == *pdwQuantity))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
status = SecureModeCheck();
if(status != ERROR_SUCCESS )
{
goto cleanup;
}
if(VerifyLicenseRequest(pRequest) == FALSE)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
if(NULL == pdwSupportFlags)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
*pdwSupportFlags &= ALL_KNOWN_SUPPORT_FLAGS;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER)
{
//
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE;
}
Forward.m_ChallengeContext = ChallengeContext;
Forward.m_pRequest = pRequest;
Forward.m_szMachineName = szMachineName;
Forward.m_szUserName = szUserName;
Forward.m_cbChallengeResponse = cbChallengeResponse;
Forward.m_pbChallengeResponse = pbChallenge;
memset(szCompanyName, 0, sizeof(szCompanyName));
memset(szProductId, 0, sizeof(szProductId));
memcpy(
szCompanyName,
pRequest->ProductInfo.pbCompanyName,
min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR))
);
memcpy(
szProductId,
pRequest->ProductInfo.pbProductID,
min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR))
);
//
// Acquire policy module, a default policy module will
// be returned.
//
pPolicy = AcquirePolicyModule(
szCompanyName, //(LPCTSTR)pRequest->ProductInfo.pbCompanyName,
szProductId, //(LPCTSTR)pRequest->ProductInfo.pbProductID
FALSE
);
if(pPolicy == NULL)
{
status = TLS_E_INTERNAL;
goto cleanup;
}
hClient = GenerateClientId();
//
// return error if string is too big.
//
LoadResourceString(
IDS_UNKNOWN_STRING,
szUnknown,
sizeof(szUnknown)/sizeof(szUnknown[0])
);
_tcsncpy(szClientMachineName,
(szMachineName) ? szMachineName : szUnknown,
LSERVER_MAX_STRING_SIZE
);
szClientMachineName[LSERVER_MAX_STRING_SIZE-1] = 0;
_tcsncpy(szClientUserName,
(szUserName) ? szUserName : szUnknown,
LSERVER_MAX_STRING_SIZE
);
szClientUserName[LSERVER_MAX_STRING_SIZE-1] = 0;
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest(
LICENSETYPE_LICENSE,
pRequest,
szClientMachineName,
szClientUserName,
*pdwSupportFlags,
&PMLicenseRequest
);
//
// Inform Policy module start of new license request
//
status = pPolicy->PMLicenseRequest(
hClient,
REQUEST_NEW,
(PVOID) &PMLicenseRequest,
(PVOID *) &pAdjustedRequest
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
if(pAdjustedRequest != NULL)
{
if(_tcsicmp(PMLicenseRequest.pszCompanyName,pAdjustedRequest->pszCompanyName) != 0)
{
// try to steal license from other company???
TLSLogEvent(
EVENTLOG_ERROR_TYPE,
TLS_E_POLICYERROR,
status = TLS_E_POLICYMODULEERROR,
pPolicy->GetCompanyName(),
pPolicy->GetProductId()
);
goto cleanup;
}
}
else
{
pAdjustedRequest = &PMLicenseRequest;
}
//
// form DB request structure
//
status = TLSFormDBRequest(
pRequest->pbEncryptedHwid,
pRequest->cbEncryptedHwid,
pAdjustedRequest->dwProductVersion,
pAdjustedRequest->pszCompanyName,
pAdjustedRequest->pszProductId,
pAdjustedRequest->dwLanguageId,
pAdjustedRequest->dwPlatformId,
pAdjustedRequest->pszMachineName,
pAdjustedRequest->pszUserName,
&LsLicenseRequest
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
LsLicenseRequest.pPolicy = pPolicy;
LsLicenseRequest.hClient = hClient;
LsLicenseRequest.pPolicyLicenseRequest = pAdjustedRequest;
LsLicenseRequest.pClientLicenseRequest = &PMLicenseRequest;
status = TLSVerifyChallengeDataGetWantedLicenseLevel(
ChallengeContext,
cbChallengeResponse,
pbChallenge,
&LsLicenseRequest.wLicenseDetail
);
if( status == ERROR_SUCCESS )
{
status = TLSNewLicenseRequest(
bForwardRequest,
pdwSupportFlags,
&Forward,
&LsLicenseRequest,
bAcceptTemporaryLicense,
pAdjustedRequest->fTemporary,
TRUE, // bFindLostLicense
bAcceptFewerLicenses,
pdwQuantity,
pcbLicense,
ppbLicense
);
}
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ISSUENEWLICENSE;
#endif
#ifdef DBG
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("\t%s : TLSRpcRequestNewLicense() takes %dms\n"),
lpContext->m_Client,
GetTickCount() - dwStartTime
);
#endif
if(pdwErrCode)
{
*pdwErrCode = TLSMapReturnCode(status);
}
if(pPolicy)
{
pPolicy->PMLicenseRequest(
hClient,
REQUEST_COMPLETE,
UlongToPtr(status),
NULL
);
ReleasePolicyModule(pPolicy);
}
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcUpgradeLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallenge,
/* [in] */ DWORD cbOldLicense,
/* [size_is][in] */ PBYTE pbOldLicense,
/* [out] */ PDWORD pcbNewLicense,
/* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbNewLicense,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Update an old license.
Arguments:
Return Value:
LSERVER_S_SUCCESS
TLS_E_INTERNAL
LSERVER_E_INTERNAL_ERROR
LSERVER_E_INVALID_DATA old license is invalid.
LSERVER_E_NO_LICENSE no available license
LSERVER_E_NO_PRODUCT request product not install in current server.
LSERVER_E_CORRUPT_DATABASE Corrupted database.
LSERVER_E_LICENSE_REJECTED License request rejected by cert. server.
LSERVER_E_SERVER_BUSY
++*/
{
DWORD dwSupportFlags = 0;
return TLSRpcUpgradeLicenseEx(
phContext,
&dwSupportFlags,
pRequest,
ChallengeContext,
cbChallengeResponse,
pbChallenge,
cbOldLicense,
pbOldLicense,
1, // dwQuantity
pcbNewLicense,
ppbNewLicense,
dwErrCode
);
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcUpgradeLicenseEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in,out] */ DWORD *pdwSupportFlags,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallenge,
/* [in] */ DWORD cbOldLicense,
/* [size_is][in] */ PBYTE pbOldLicense,
/* [in] */ DWORD dwQuantity,
/* [out] */ PDWORD pcbNewLicense,
/* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbNewLicense,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Update an old license. Behavior varies depending on product requested,
the old license, and input support flags.
*pdwSupportFlags == 0:
it returns existing license if client already has a current-version
license and the license is not expired/returned/revoked. if requested
product has not been installed, it will issue a temporary license (if
the client doesn't already have one). if old license is temporary
or expired, it will try to upgrade/re-issue a new license
with latest version of requested product. if the existing license is
temporary and no license can be issued, it returns
LSERVER_E_LICENSE_EXPIRED
*pdwSupportFlags & SUPPORT_PER_SEAT_POST_LOGON:
For non-per-seat licenses, it behaves as if the flag wasn't set.
For per-seat licenses, if the old license isn't current-version
temporary, it also behaves as if the flag wasn't set.
Otherwise, it checks that the temporary license was marked as having
been authenticated. If so, it tries to issue a permanent license.
If a license can't be issued, or if he temporary license wasn't marked,
it returns the old license.
Arguments:
phContext - client context handle.
pdwSupportFlags - on input, abilities supported by TS. on output,
abilities supported by both TS and LS
pRequest - product license request.
ChallengeContext - client challenge context handle, return from
call TLSRpcIssuePlatformChallenge()
cbChallengeResponse - size of the client's response to license server's
platform challenge.
pbChallenge - client's response to license server's platform challenge
cbOldLicense - size of old license.
pbOldLicense - old license
dwQuantity - number of licenses to allocate
pcbNewLicense - size of return license.
ppbNewLicense - return license, could be old license
Return Value:
LSERVER_S_SUCCESS
TLS_E_INTERNAL
LSERVER_E_INTERNAL_ERROR
LSERVER_E_INVALID_DATA old license is invalid.
LSERVER_E_NO_LICENSE no available license
LSERVER_E_NO_PRODUCT request product not install in current server.
LSERVER_E_CORRUPT_DATABASE Corrupted database.
LSERVER_E_LICENSE_REJECTED License request rejected by cert. server.
LSERVER_E_SERVER_BUSY
++*/
{
DWORD status = ERROR_SUCCESS;
BOOL bTemporaryLicense;
PMUPGRADEREQUEST pmRequestUpgrade;
PMLICENSEREQUEST pmLicenseRequest;
PPMLICENSEREQUEST pmAdjustedRequest;
PPMLICENSEDPRODUCT ppmLicensedProduct=NULL;
DWORD dwNumLicensedProduct=0;
PLICENSEDPRODUCT pLicensedProduct=NULL;
TLSDBLICENSEREQUEST LsLicenseRequest;
PMHANDLE hClient;
CTLSPolicy* pPolicy=NULL;
DWORD dwNumPermLicense;
DWORD dwNumTempLicense;
TLSForwardUpgradeLicenseRequest Forward;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
UCHAR ucMarked;
if(lpContext == NULL || pRequest == NULL || pcbNewLicense == NULL || ppbNewLicense == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
LICENSEDCLIENT license;
LICENSEPACK keypack;
DWORD index;
BOOL bForwardRequest = TRUE;
BOOL bRetry = TRUE;
BOOL bRetryOld = FALSE;
DWORD dwOriginalVersion = pRequest->ProductInfo.dwVersion;
BOOL fInDomain = FALSE;
WCHAR *StringBinding = NULL;
WCHAR *ServerAddress = NULL;
RPC_BINDING_HANDLE ServerBinding = 0;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcUpgradeLicense\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if (1 != dwQuantity)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
if(VerifyLicenseRequest(pRequest) == FALSE)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
if(NULL == pdwSupportFlags)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
*pdwSupportFlags &= ALL_KNOWN_SUPPORT_FLAGS;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER)
{
//
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE;
}
status = SecureModeCheck();
if(status != ERROR_SUCCESS )
{
goto cleanup;
}
//
// Convert blob to licensed product structure
//
status = LSVerifyDecodeClientLicense(
pbOldLicense,
cbOldLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
NULL
);
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory(
dwNumLicensedProduct * sizeof(LICENSEDPRODUCT)
);
if(pLicensedProduct == NULL)
{
status = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
status = LSVerifyDecodeClientLicense(
pbOldLicense,
cbOldLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
if(status != LICENSE_STATUS_OK)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
//
// Verify licensed product array.
//
for(index = 1; index < dwNumLicensedProduct; index++)
{
//
// licensed product array always sorted in decending order
//
//
// Product ID in original request in licensed product must
// be the same otherwise invalid license.
//
if((pLicensedProduct+index)->cbOrgProductID != (pLicensedProduct+index-1)->cbOrgProductID)
{
status = TLS_E_INVALID_LICENSE;
break;
}
if( memcmp(
(pLicensedProduct+index)->pbOrgProductID,
(pLicensedProduct+index-1)->pbOrgProductID,
(pLicensedProduct+index)->cbOrgProductID) != 0 )
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
if( ((pLicensedProduct+index)->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) )
{
//
// only latest licensed version can be temporary
//
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
}
//
// Find the policy module
//
hClient = GenerateClientId();
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+1];
TCHAR szProductId[LSERVER_MAX_STRING_SIZE+1];
memset(szCompanyName, 0, sizeof(szCompanyName));
memset(szProductId, 0, sizeof(szProductId));
memcpy(
szCompanyName,
pRequest->ProductInfo.pbCompanyName,
min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR))
);
memcpy(
szProductId,
pRequest->ProductInfo.pbProductID,
min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR))
);
//
// Acquire policy module, a default policy module will
// be returned.
//
pPolicy = AcquirePolicyModule(
szCompanyName, // (LPCTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbCompanyName,
szProductId, // (LPCTSTR) pLicensedProduct->pbOrgProductID
FALSE
);
if(pPolicy == NULL)
{
//
// Must have a policy module, default policy module always there
//
status = TLS_E_INTERNAL;
goto cleanup;
}
BOOL bPreventLicenseUpgrade = FALSE;
BOOL bDeleteExpired = FALSE;
POLICY_TS_MACHINE groupPolicy;
RegGetMachinePolicy(&groupPolicy);
if( groupPolicy.fPolicyPreventLicenseUpgrade == 1 && groupPolicy.fPreventLicenseUpgrade == 1)
{
bPreventLicenseUpgrade = TRUE;
}
// If (1) Licensed version is greater than requested version, (2) it is permanent
if( ((pLicensedProduct->pLicensedVersion->wMajorVersion == HIWORD(pRequest->ProductInfo.dwVersion)) ?
(pLicensedProduct->pLicensedVersion->wMinorVersion - LOWORD(pRequest->ProductInfo.dwVersion)) :
(pLicensedProduct->pLicensedVersion->wMajorVersion - HIWORD(pRequest->ProductInfo.dwVersion))) > 0 &&
(pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) == 0 )
{
// If reissuance of the greater expired permanent license fails, fall back to issuing the requested permanent license.
bRetryOld = TRUE;
DWORD dwNewVersion = MAKELONG(pLicensedProduct->pLicensedVersion->wMinorVersion, pLicensedProduct->pLicensedVersion->wMajorVersion);
pRequest->ProductInfo.dwVersion = dwNewVersion;
}
RetryPermanent:
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest(
LICENSETYPE_LICENSE,
pRequest,
pLicensedProduct->szLicensedClient,
pLicensedProduct->szLicensedUser,
*pdwSupportFlags,
&pmLicenseRequest
);
//
// generate PMUPGRADEREQUEST and pass it to Policy Module
//
memset(&pmRequestUpgrade, 0, sizeof(pmRequestUpgrade));
ppmLicensedProduct = (PPMLICENSEDPRODUCT)AllocateMemory(sizeof(PMLICENSEDPRODUCT)*dwNumLicensedProduct);
if(ppmLicensedProduct == NULL)
{
status = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
for(index=0; index < dwNumLicensedProduct; index++)
{
ppmLicensedProduct[index].pbData =
pLicensedProduct[index].pbPolicyData;
ppmLicensedProduct[index].cbData =
pLicensedProduct[index].cbPolicyData;
ppmLicensedProduct[index].bTemporary =
((pLicensedProduct[index].pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) != 0);
// treat license issued from beta server as temporary
if(ppmLicensedProduct[index].bTemporary == FALSE && TLSIsBetaNTServer() == FALSE)
{
if(IS_LICENSE_ISSUER_RTM(pLicensedProduct[index].pLicensedVersion->dwFlags) == FALSE)
{
ppmLicensedProduct[index].bTemporary = TRUE;
}
}
ppmLicensedProduct[index].ucMarked = 0;
if (0 == index)
{
// for first license, check markings on license
status = TLSCheckLicenseMarkRequest(
TRUE, // forward request if necessary
pLicensedProduct,
cbOldLicense,
pbOldLicense,
&(ppmLicensedProduct[index].ucMarked)
);
ucMarked = ppmLicensedProduct[index].ucMarked;
}
ppmLicensedProduct[index].LicensedProduct.dwProductVersion =
pLicensedProduct[index].LicensedProduct.pProductInfo->dwVersion;
ppmLicensedProduct[index].LicensedProduct.pszProductId =
(LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbProductID);
ppmLicensedProduct[index].LicensedProduct.pszCompanyName =
(LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbCompanyName);
ppmLicensedProduct[index].LicensedProduct.dwLanguageId =
pLicensedProduct[index].LicensedProduct.dwLanguageID;
ppmLicensedProduct[index].LicensedProduct.dwPlatformId =
pLicensedProduct[index].LicensedProduct.dwPlatformID;
ppmLicensedProduct[index].LicensedProduct.pszMachineName =
pLicensedProduct[index].szLicensedClient;
ppmLicensedProduct[index].LicensedProduct.pszUserName =
pLicensedProduct[index].szLicensedUser;
}
pmRequestUpgrade.pbOldLicense = pbOldLicense;
pmRequestUpgrade.cbOldLicense = cbOldLicense;
pmRequestUpgrade.pUpgradeRequest = &pmLicenseRequest;
pmRequestUpgrade.dwNumProduct = dwNumLicensedProduct;
pmRequestUpgrade.pProduct = ppmLicensedProduct;
// If (1) there are 2 or more licenses and (2) licensed version is greater than requested version, modify the index appropriately to determine Marked state
index = 0;
DWORD dwLicensedVersion = MAKELONG(pLicensedProduct->pLicensedVersion->wMinorVersion, pLicensedProduct->pLicensedVersion->wMajorVersion);
if( dwNumLicensedProduct > 1 && (CompareTLSVersions(pRequest->ProductInfo.dwVersion, dwLicensedVersion) < 0 ) )
{
index = 1;
}
status = pPolicy->PMLicenseUpgrade(
hClient,
REQUEST_UPGRADE,
(PVOID)&pmRequestUpgrade,
(PVOID *) &pmAdjustedRequest,
index
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
if(pmAdjustedRequest != NULL)
{
if(_tcsicmp(
pmLicenseRequest.pszCompanyName,
pmAdjustedRequest->pszCompanyName
) != 0)
{
//
// Try to steal license from other company???
//
TLSLogEvent(
EVENTLOG_ERROR_TYPE,
TLS_E_POLICYERROR,
status = TLS_E_POLICYMODULEERROR,
pPolicy->GetCompanyName(),
pPolicy->GetProductId()
);
goto cleanup;
}
}
else
{
pmAdjustedRequest = &pmLicenseRequest;
}
for(index =0; index < dwNumLicensedProduct; index++)
{
DWORD tExpireDate;
FileTimeToLicenseDate(&(pLicensedProduct[index].NotAfter),
&tExpireDate);
if( CompareTLSVersions(pmAdjustedRequest->dwProductVersion, pLicensedProduct[index].LicensedProduct.pProductInfo->dwVersion) <= 0 &&
!(pLicensedProduct[index].pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) &&
_tcscmp(pmAdjustedRequest->pszProductId, (LPTSTR)(pLicensedProduct[index].LicensedProduct.pProductInfo->pbProductID)) == 0 &&
tExpireDate-g_dwReissueLeaseLeeway >= ((DWORD)time(NULL)) )
{
if( TLSIsBetaNTServer() == TRUE ||
IS_LICENSE_ISSUER_RTM(pLicensedProduct[index].pLicensedVersion->dwFlags) == TRUE )
{
//
// Blob already contain perm. license that is >= version
// requested.
//
*ppbNewLicense = (PBYTE)midl_user_allocate(cbOldLicense);
if(*ppbNewLicense != NULL)
{
memcpy(*ppbNewLicense, pbOldLicense, cbOldLicense);
*pcbNewLicense = cbOldLicense;
status = ERROR_SUCCESS;
}
else
{
status = TLS_E_ALLOCATE_MEMORY;
}
goto cleanup;
}
}
}
memset(&LsLicenseRequest, 0, sizeof(TLSDBLICENSEREQUEST));
status = TLSFormDBRequest(
pRequest->pbEncryptedHwid,
pRequest->cbEncryptedHwid,
pmAdjustedRequest->dwProductVersion,
pmAdjustedRequest->pszCompanyName,
pmAdjustedRequest->pszProductId,
pmAdjustedRequest->dwLanguageId,
pmAdjustedRequest->dwPlatformId,
pmAdjustedRequest->pszMachineName,
pmAdjustedRequest->pszUserName,
&LsLicenseRequest
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
LsLicenseRequest.pPolicy = pPolicy;
LsLicenseRequest.hClient = hClient;
LsLicenseRequest.pPolicyLicenseRequest = pmAdjustedRequest;
LsLicenseRequest.pClientLicenseRequest = &pmLicenseRequest;
memset(&keypack, 0, sizeof(keypack));
status = TLSVerifyChallengeDataGetWantedLicenseLevel(
ChallengeContext,
cbChallengeResponse,
pbChallenge,
&LsLicenseRequest.wLicenseDetail
);
if( status == ERROR_SUCCESS )
{
//
// if client challenge context handle is 0xFFFFFFFF,
// cbChallenge = 0 and pbChallenge is NULL.
// client is old version, don't verify challenge
//
Forward.m_pRequest = pRequest;
Forward.m_ChallengeContext = ChallengeContext;
Forward.m_cbChallengeResponse = cbChallengeResponse;
Forward.m_pbChallengeResponse = pbChallenge;
Forward.m_cbOldLicense = cbOldLicense;
Forward.m_pbOldLicense = pbOldLicense;
status = TLSUpgradeLicenseRequest(
bForwardRequest,
&Forward,
pdwSupportFlags,
&LsLicenseRequest,
pbOldLicense,
cbOldLicense,
dwNumLicensedProduct,
pLicensedProduct,
pmAdjustedRequest->fTemporary,
pcbNewLicense,
ppbNewLicense
);
if(status != ERROR_SUCCESS && bRetryOld == TRUE)
{
pRequest->ProductInfo.dwVersion = dwOriginalVersion;
bRetryOld = FALSE;
FreeMemory(ppmLicensedProduct);
goto RetryPermanent;
}
// If (1) PreventUpgradePolicy is not enabled (2) Requested version is 5.0 and (3) There is no .NET Permanent
else if(status != ERROR_SUCCESS && (bPreventLicenseUpgrade == FALSE ) && bRetry == TRUE &&
(HIWORD(pRequest->ProductInfo.dwVersion) == 5 && LOWORD(pRequest->ProductInfo.dwVersion) == 0) &&
!(((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) &&
(pLicensedProduct->pLicensedVersion->wMinorVersion == 1 || pLicensedProduct->pLicensedVersion->wMinorVersion == 2)) &&
((pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) == 0)))
{
// If (1) client license is 5.0 temporary unmarked then don't upgrade.
if( ((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) && (pLicensedProduct->pLicensedVersion->wMinorVersion == 0)) &&
((pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) && !(ucMarked & MARK_FLAG_USER_AUTHENTICATED)) &&
(dwNumLicensedProduct == 1) )
{
goto cleanup;
}
DWORD dwNewVersion = MAKELONG(2,5);
pRequest->ProductInfo.dwVersion = dwNewVersion;
bRetry = FALSE;
FreeMemory(ppmLicensedProduct);
goto RetryPermanent;
}
//If (1) PreventUpgradePolicy is enabled, (2) the Requested version is 5.0, (3) Client License is 5.1 or 5.2 temporary unmarked, reissue another 90 days.
else if(status != ERROR_SUCCESS && (bPreventLicenseUpgrade == TRUE ) && (bRetry == TRUE) &&
(HIWORD(pRequest->ProductInfo.dwVersion) == 5 && LOWORD(pRequest->ProductInfo.dwVersion) == 0) &&
((pLicensedProduct->pLicensedVersion->wMajorVersion == 5) &&
(pLicensedProduct->pLicensedVersion->wMinorVersion == 1 || pLicensedProduct->pLicensedVersion->wMinorVersion == 2)) &&
(pLicensedProduct->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY) && !(ucMarked & MARK_FLAG_USER_AUTHENTICATED))
{
DWORD dwNewVersion = MAKELONG(2,5);
pRequest->ProductInfo.dwVersion = dwNewVersion;
bRetry = FALSE;
FreeMemory(ppmLicensedProduct);
goto RetryPermanent;
}
}
cleanup:
FreeMemory(ppmLicensedProduct);
for(index =0; index < dwNumLicensedProduct; index++)
{
LSFreeLicensedProduct(pLicensedProduct+index);
}
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_UPGRADELICENSE;
#endif
*dwErrCode = TLSMapReturnCode(status);
if(pPolicy)
{
pPolicy->PMLicenseRequest(
hClient,
REQUEST_COMPLETE,
UlongToPtr (status),
NULL
);
ReleasePolicyModule(pPolicy);
}
return RPC_S_OK;
}
//-----------------------------------------------------------------------------
error_status_t
TLSRpcCheckLicenseMark(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ const DWORD cbLicense,
/* [in, size_is(cbLicense)] */ PBYTE pbLicense,
/* [out] */ UCHAR *pucMarkFlags,
/* [in, out, ref] */ PDWORD pdwErrCode
)
/*++
Description:
Check markings on the passed in license
Arguments:
phContext - client context handle
cbLicense - size of license to be checked
pbLicense - license to be checked
pucMarkFlags - markings on license
Return via pdwErrCode:
LSERVER_S_SUCCESS
LSERVER_E_INVALID_DATA Invalid parameter.
LSERVER_E_INVALID_LICENSE License passed in is bad
LSERVER_E_DATANOTFOUND license not found in database
LSERVER_E_CORRUPT_DATABASE Corrupt database
LSERVER_E_INTERNAL_ERROR Internal error in license server
Note:
This function forwards the request to the issuing license server. If
the issuer isn't available, or doesn't have the license in the database,
it searches in the local database for a license with the same HWID.
++*/
{
DWORD status = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD dwNumLicensedProduct = 0;
PLICENSEDPRODUCT pLicensedProduct=NULL;
DWORD index;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcCheckLicenseMark\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
status = SecureModeCheck();
if(status != ERROR_SUCCESS )
{
goto cleanup;
}
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LSERVER))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if (NULL == pucMarkFlags)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Convert blob to licensed product structure
//
status=LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
NULL // find size to allocate
);
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory(
dwNumLicensedProduct * sizeof(LICENSEDPRODUCT)
);
if(pLicensedProduct == NULL)
{
status = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
status=LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
if(status != LICENSE_STATUS_OK)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
status = TLSCheckLicenseMarkRequest(
FALSE, // don't forward the request
pLicensedProduct,
cbLicense,
pbLicense,
pucMarkFlags
);
cleanup:
for(index =0; index < dwNumLicensedProduct; index++)
{
LSFreeLicensedProduct(pLicensedProduct+index);
}
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status;
*pdwErrCode = TLSMapReturnCode(status);
InterlockedDecrement( &lpContext->m_RefCount );
return RPC_S_OK;
}
//-----------------------------------------------------------------------------
error_status_t
TLSRpcMarkLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ UCHAR ucMarkFlags,
/* [in] */ const DWORD cbLicense,
/* [in, size_is(cbLicense)] */ PBYTE pbLicense,
/* [in, out, ref] */ PDWORD pdwErrCode
)
/*++
Description:
Set markings on the passed in license
Arguments:
phContext - client context handle
ucMarkFlags - markings on license
cbLicense - size of license to be checked
pbLicense - license to be checked
Return via pdwErrCode:
LSERVER_S_SUCCESS
LSERVER_E_INVALID_DATA Invalid parameter.
LSERVER_E_INVALID_LICENSE License passed in is bad
LSERVER_E_DATANOTFOUND license not found in database
LSERVER_E_CORRUPT_DATABASE Corrupt database
LSERVER_E_INTERNAL_ERROR Internal error in license server
Note:
This function forwards the request to the issuing license server. The
issuer modifies the database entry of the license to set the markings.
++*/
{
DWORD status = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
BOOL bForwardRequest = TRUE;
DWORD dwNumLicensedProduct = 0;
PLICENSEDPRODUCT pLicensedProduct=NULL;
DWORD index;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcMarkLicense\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
status = SecureModeCheck();
if(status != ERROR_SUCCESS )
{
goto cleanup;
}
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER)
{
//
// do not forward any request or infinite loop might
// occur.
//
bForwardRequest = FALSE;
}
//
// Convert blob to licensed product structure
//
status=LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
NULL // find size to allocate
);
if(status != LICENSE_STATUS_OK || dwNumLicensedProduct == 0)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory(
dwNumLicensedProduct * sizeof(LICENSEDPRODUCT)
);
if(pLicensedProduct == NULL)
{
status = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
status=LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
if(status != LICENSE_STATUS_OK)
{
status = TLS_E_INVALID_LICENSE;
goto cleanup;
}
for(DWORD iarray = 0; iarray < dwNumLicensedProduct; iarray++ )
{
if ((NULL != pLicensedProduct+iarray) && (NULL != (pLicensedProduct+iarray)->pLicensedVersion) && ((pLicensedProduct+iarray)->pLicensedVersion->dwFlags & LICENSED_VERSION_TEMPORARY))
{
//
// Mark the first temporary license from the top
//
status = TLSMarkLicenseRequest(
bForwardRequest,
ucMarkFlags,
(pLicensedProduct+iarray),
cbLicense,
pbLicense
);
break;
}
}
cleanup:
for(index =0; index < dwNumLicensedProduct; index++)
{
LSFreeLicensedProduct(pLicensedProduct+index);
}
FreeMemory(pLicensedProduct);
lpContext->m_LastError=status;
*pdwErrCode = TLSMapReturnCode(status);
InterlockedDecrement( &lpContext->m_RefCount );
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcAllocateConcurrentLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][in] */ LPTSTR szHydraServer,
/* [in] */ TLSLICENSEREQUEST __RPC_FAR *pRequest,
/* [ref][out][in] */ LONG __RPC_FAR *pdwQuantity,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Allocate concurrent licenses base on product.
Arguments:
phContext - client context handle
szHydraServer - name of hydra server requesting concurrent licenses
pRequest - product to request for concurrent license.
dwQuantity - See note
Return via dwErrCode:
LSERVER_S_SUCCESS
LSERVER_E_INVALID_DATA Invalid parameter.
LSERVER_E_NO_PRODUCT request product not installed
LSERVER_E_NO_LICNESE no available license for request product
LSERVER_E_LICENSE_REVOKED Request license has been revoked
LSERVER_E_LICENSE_EXPIRED Request license has expired
LSERVER_E_CORRUPT_DATABASE Corrupt database
LSERVER_E_INTERNAL_ERROR Internal error in license server
Note:
dwQuantity
Input Output
------------------------- -----------------------------------------
0 Total number of concurrent license
issued to hydra server.
> 0, number of license Actual number of license allocated
requested
< 0, number of license Actual number of license returned, always
to return positive value.
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetLastError(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ PDWORD cbBufferSize,
/* [size_is][string][out][in] */ LPTSTR szBuffer,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Return error description text for client's last LSXXX call
This function is deprecated. Use TLSRpcGetLastErrorFixed.
Arguments:
IN phContext - Client context
IN cbBufferSize - max. size of szBuffer
IN OUT szBuffer - Pointer to a buffer to receive the
null-terminated character string containing
error description
Returns via dwErrCode:
LSERVER_S_SUCCESS
TLS_E_INTERNAL No error or can't find corresponding error
description.
Error code from WideCharToMultiByte().
++*/
{
DWORD status=ERROR_SUCCESS;
LPTSTR lpMsgBuf=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetLastError\n"),
lpContext->m_Client
);
DWORD dwRet;
dwRet=FormatMessage(
FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER,
NULL,
lpContext->m_LastError,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf,
0,
NULL
);
if(dwRet == 0)
{
status = GetLastError();
}
else
{
_tcsncpy(
szBuffer,
(LPTSTR)lpMsgBuf,
min(_tcslen((LPTSTR)lpMsgBuf), *cbBufferSize-1)
);
szBuffer[min(_tcslen((LPTSTR)lpMsgBuf), *cbBufferSize-1)] = _TEXT('\0');
*cbBufferSize = _tcslen(szBuffer) + 1;
}
if(lpMsgBuf)
LocalFree(lpMsgBuf);
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_LASTERROR;
#endif
lpContext->m_LastError=status;
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetLastErrorFixed(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][out] */ LPTSTR *pszBuffer,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Description:
Return error description text for client's last LSXXX call
Arguments:
IN phContext - Client context
OUT pszBuffer - Pointer to a buffer to receive the
null-terminated character string containing
error description
Returns via dwErrCode:
LSERVER_S_SUCCESS
TLS_E_INTERNAL No error or can't find corresponding error
description.
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetLastErrorFixed\n"),
lpContext->m_Client
);
if ((NULL == pszBuffer) || (NULL == pdwErrCode))
{
return RPC_S_INVALID_ARG;
}
DWORD dwRet;
dwRet=FormatMessage(
FORMAT_MESSAGE_FROM_HMODULE
| FORMAT_MESSAGE_FROM_SYSTEM
| FORMAT_MESSAGE_IGNORE_INSERTS
| FORMAT_MESSAGE_ALLOCATE_BUFFER,
NULL,
lpContext->m_LastError,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &pszBuffer,
0,
NULL
);
if(dwRet == 0)
{
status = GetLastError();
}
#if DBG
lpContext->m_LastCall = RPC_CALL_GET_LASTERROR;
#endif
lpContext->m_LastError=status;
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcKeyPackEnumBegin(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSearchParm,
/* [in] */ BOOL bMatchAll,
/* [ref][in] */ LPLSKeyPackSearchParm lpSearchParm,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Function to begin enumerate through all key pack installed on server
based on search criterial.
Arguments:
phContext - client context handle.
dwSearchParm - search criterial.
bMatchAll - match all search criterial.
lpSearchParm - search parameter.
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_SERVER_BUSY Server is too busy to process request
LSERVER_E_OUTOFMEMORY
TLS_E_INTERNAL
LSERVER_E_INTERNAL_ERROR
LSERVER_E_INVALID_DATA Invalid data in search parameter
LSERVER_E_INVALID_SEQUENCE Invalid calling sequence, likely, previous
enumeration has not ended.
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcKeyPackEnumBegin\n"),
lpContext->m_Client
);
//
// This will use cached db connection, in-consistency may occurred,
// visibility of changes in one connection may not appear right away
// on another connection handle, this is expected behavoir for Jet and
// so are we, user can always re-fresh.
//
do {
if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
break;
}
LPENUMHANDLE hEnum;
hEnum = TLSDBLicenseKeyPackEnumBegin(
bMatchAll,
dwSearchParm,
lpSearchParm
);
if(hEnum)
{
lpContext->m_ContextType = CONTEXTHANDLE_KEYPACK_ENUM_TYPE;
lpContext->m_ContextHandle = (PVOID)hEnum;
}
else
{
status = GetLastError();
}
} while(FALSE);
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMBEGIN;
#endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcKeyPackEnumNext(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out] */ LPLSKeyPack lpKeyPack,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Return next key pack that match search criterial
Arguments:
phContext - client context handle
lpKeyPack - key pack that match search criterial
Return Value:
LSERVER_S_SUCCESS
LSERVER_I_NO_MORE_DATA No more keypack match search criterial
TLS_E_INTERNAL General error in license server
LSERVER_E_INTERNAL_ERROR Internal error in license server
LSERVER_E_SERVER_BUSY License server is too busy to process request
LSERVER_E_OUTOFMEMORY Can't process request due to insufficient memory
LSERVER_E_INVALID_SEQUENCE Invalid calling sequence, must call
LSKeyPackEnumBegin().
++*/
{
DWORD status = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
BOOL bShowAll = FALSE;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcKeyPackEnumNext\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ClientFlags == CLIENT_ACCESS_LSERVER)
{
bShowAll = TRUE;
}
// this one might cause access violation
memset(lpKeyPack, 0, sizeof(LSKeyPack));
if(lpContext->m_ContextType != CONTEXTHANDLE_KEYPACK_ENUM_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
}
else
{
do {
LPENUMHANDLE hEnum=(LPENUMHANDLE)lpContext->m_ContextHandle;
status=TLSDBLicenseKeyPackEnumNext(
hEnum,
lpKeyPack,
bShowAll
);
} while(status == TLS_I_MORE_DATA);
}
lpContext->m_LastError=GetLastError();
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMNEXT;
#endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcKeyPackEnumEnd(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcKeyPackEnumEnd\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ContextType != CONTEXTHANDLE_KEYPACK_ENUM_TYPE)
{
SetLastError(status=ERROR_INVALID_HANDLE);
}
else
{
LPENUMHANDLE hEnum=(LPENUMHANDLE)lpContext->m_ContextHandle;
TLSDBLicenseKeyPackEnumEnd(hEnum);
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
lpContext->m_ContextHandle=NULL;
}
lpContext->m_LastError=GetLastError();
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKENUMEND;
#endif
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcKeyPackAdd(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ LPLSKeyPack lpKeypack,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Add a license key pack.
Arguments:
phContext - client context handle.
lpKeyPack - key pack to be added.
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_INTERNAL_ERROR
TLS_E_INTERNAL
LSERVER_E_SERVER_BUSY
LSERVER_E_DUPLICATE Product already installed.
LSERVER_E_INVALID_DATA
LSERVER_E_CORRUPT_DATABASE
Note:
Just return an error - unused
++*/
{
PTLSDbWorkSpace pDbWkSpace=NULL;
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcKeyPackAdd\n"),
lpContext->m_Client
);
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
}
else
{
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
status=TLS_E_ALLOCATE_HANDLE;
}
else
{
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
if(lpKeypack->ucKeyPackStatus == LSKEYPACKSTATUS_ADD_LICENSE ||
lpKeypack->ucKeyPackStatus == LSKEYPACKSTATUS_REMOVE_LICENSE)
{
status = ERROR_INVALID_PARAMETER;
}
else
{
status = TLSDBLicenseKeyPackAdd(
USEHANDLE(pDbWkSpace),
lpKeypack
);
}
if(status == ERROR_SUCCESS)
{
if( _tcsicmp( lpKeypack->szCompanyName, PRODUCT_INFO_COMPANY_NAME ) == 0 )
{
//
// check with known termsrv product ID.
//
if( _tcsnicmp( lpKeypack->szProductId,
TERMSERV_PRODUCTID_SKU,
_tcslen(TERMSERV_PRODUCTID_SKU)) == 0 )
{
TLSResetLogLowLicenseWarning(
lpKeypack->szCompanyName,
TERMSERV_PRODUCTID_SKU,
MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion),
FALSE
);
}
else if(_tcsnicmp( lpKeypack->szProductId,
TERMSERV_PRODUCTID_INTERNET_SKU,
_tcslen(TERMSERV_PRODUCTID_INTERNET_SKU)) == 0 )
{
TLSResetLogLowLicenseWarning(
lpKeypack->szCompanyName,
TERMSERV_PRODUCTID_INTERNET_SKU,
MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion),
FALSE
);
}
else
{
TLSResetLogLowLicenseWarning(
lpKeypack->szCompanyName,
lpKeypack->szProductId,
MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion),
FALSE
);
}
}
else
{
TLSResetLogLowLicenseWarning(
lpKeypack->szCompanyName,
lpKeypack->szProductId,
MAKELONG(lpKeypack->wMinorVersion, lpKeypack->wMajorVersion),
FALSE
);
}
}
if(TLS_ERROR(status))
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
}
}
//
// Post a sync work object
//
if( status == ERROR_SUCCESS )
{
if( lpKeypack->ucKeyPackType != LSKEYPACKTYPE_FREE )
{
if(TLSAnnounceLKPToAllRemoteServer(
lpKeypack->dwKeyPackId,
0
) != ERROR_SUCCESS)
{
TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED);
}
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKADD;
#endif
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcKeyPackSetStatus(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSetParm,
/* [ref][in] */ LPLSKeyPack lpKeyPack,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Routine to activate/deactivated a key pack.
Arguments:
phContext - client context handle
dwSetParam - type of key pack status to be set.
lpKeyPack - new key pack status.
Return Value:
LSERVER_S_SUCCESS
LSERVER_E_INTERNAL_ERROR
TLS_E_INTERNAL
LSERVER_E_INVALID_DATA
LSERVER_E_SERVER_BUSY
LSERVER_E_DATANOTFOUND Key pack is not in server
LSERVER_E_CORRUPT_DATABASE
++*/
{
PTLSDbWorkSpace pDbWkSpace=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcKeyPackSetStatus\n"),
lpContext->m_Client
);
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
}
else if( (dwSetParm & ~(LSKEYPACK_SET_KEYPACKSTATUS | LSKEYPACK_SET_ACTIVATEDATE | LSKEYPACK_SET_EXPIREDATE)) &&
!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ) )
{
status = TLS_E_INVALID_DATA;
}
else
{
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
status=TLS_E_ALLOCATE_HANDLE;
}
else
{
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
status=TLSDBLicenseKeyPackSetStatus(
USEHANDLE(pDbWkSpace),
dwSetParm,
lpKeyPack
);
if(TLS_ERROR(status))
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_KEYPACKSETSTATUS;
#endif
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcLicenseEnumBegin(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSearchParm,
/* [in] */ BOOL bMatchAll,
/* [ref][in] */ LPLSLicenseSearchParm lpSearchParm,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Description:
Begin enumeration of license issued based on search criterial
Arguments:
phContext - client context handle
dwSearchParm - license search criterial.
bMatchAll - match all search criterial
lpSearchParm - license(s) to be enumerated.
Return Value:
Same as LSKeyPackEnumBegin().
++*/
{
PTLSDbWorkSpace pDbWkSpace = NULL;
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLicenseEnumBegin\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
//
// This will use cached db connection, in-consistency may occurred,
// visibility of changes in one connection may not appear right away
// on another connection handle, this is expected behavoir for Jet and
// so are we, user can always re-fresh.
//
do {
if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
break;
}
pDbWkSpace = AllocateWorkSpace(g_EnumDbTimeout);
// allocate ODBC connections
if(pDbWkSpace == NULL)
{
status=TLS_E_ALLOCATE_HANDLE;
break;
}
LICENSEDCLIENT license;
ConvertLSLicenseToLicense(lpSearchParm, &license);
status = TLSDBLicenseEnumBegin(
pDbWkSpace,
bMatchAll,
dwSearchParm & LICENSE_TABLE_EXTERN_SEARCH_MASK,
&license
);
if(status == ERROR_SUCCESS)
{
lpContext->m_ContextType = CONTEXTHANDLE_LICENSE_ENUM_TYPE;
lpContext->m_ContextHandle = (PVOID)pDbWkSpace;
}
} while(FALSE);
if(status != ERROR_SUCCESS)
{
if(pDbWkSpace)
{
ReleaseWorkSpace(&pDbWkSpace);
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMBEGIN;
#endif
InterlockedDecrement( &lpContext->m_RefCount );
lpContext->m_LastError=status;
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcLicenseEnumNext(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out] */ LPLSLicense lpLicense,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Abstract:
Fetch next record match enumeration criterial.
Parameters:
phContext : Client context handle.
lpLicense : return next record that match enumeration criterial.
dwErrCode : error code.
Returns:
Function returns RPC status, dwErrCode return error code.
Note:
Must have call TLSRpcLicenseEnumBegin().
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLicenseEnumNext\n"),
lpContext->m_Client
);
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
}
else
{
PTLSDbWorkSpace pDbWkSpace=(PTLSDbWorkSpace)lpContext->m_ContextHandle;
LICENSEDCLIENT license;
memset(lpLicense, 0, sizeof(LSLicense));
status=TLSDBLicenseEnumNext(
pDbWkSpace,
&license
);
if(status == ERROR_SUCCESS)
{
ConvertLicenseToLSLicense(&license, lpLicense);
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMNEXT;
#endif
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcLicenseEnumNextEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out] */ LPLSLicenseEx lpLicense,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Abstract:
Fetch next record match enumeration criterial.
Parameters:
phContext : Client context handle.
lpLicense : return next record that match enumeration criterial.
dwErrCode : error code.
Returns:
Function returns RPC status, dwErrCode return error code.
Note:
Must have call TLSRpcLicenseEnumBegin().
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLicenseEnumNextEx\n"),
lpContext->m_Client
);
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
}
else
{
PTLSDbWorkSpace pDbWkSpace=(PTLSDbWorkSpace)lpContext->m_ContextHandle;
LICENSEDCLIENT license;
memset(lpLicense, 0, sizeof(LSLicenseEx));
status=TLSDBLicenseEnumNext(
pDbWkSpace,
&license
);
if(status == ERROR_SUCCESS)
{
ConvertLicenseToLSLicenseEx(&license, lpLicense);
}
}
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMNEXT;
#endif
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcLicenseEnumEnd(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
Abstract:
Terminate a enumeration.
Parameters:
phContext :
dwErrCode :
Returns:
Note
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLicenseEnumEnd\n"),
lpContext->m_Client
);
if(lpContext->m_ContextType != CONTEXTHANDLE_LICENSE_ENUM_TYPE)
{
SetLastError(status=ERROR_INVALID_HANDLE);
}
else
{
PTLSDbWorkSpace pDbWkSpace = (PTLSDbWorkSpace)lpContext->m_ContextHandle;
TLSDBLicenseEnumEnd(pDbWkSpace);
ReleaseWorkSpace(&pDbWkSpace);
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
}
#if DBG
lpContext->m_LastCall = RPC_CALL_LICENSEENUMEND;
#endif
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcLicenseSetStatus(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSetParam,
/* [in] */ LPLSLicense lpLicense,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetAvailableLicenses(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSearchParm,
/* [ref][in] */ LPLSKeyPack lplsKeyPack,
/* [ref][out] */ LPDWORD lpdwAvail,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
PTLSDbWorkSpace pDbWkSpace=NULL;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetAvailableLicenses\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
//
// Don't use global cached DB connection handle, it is possible
// to get in-consistent value using other DB handle, however, it is
// also possible that during the time that this function return and
// the time that client actually make the call to allocate license,
// all available licenses were allocated by other client.
//
pDbWkSpace = AllocateWorkSpace(g_GeneralDbTimeout);
if(pDbWkSpace == NULL)
{
status=TLS_E_ALLOCATE_HANDLE;
}
else
{
LICENSEPACK keypack;
memset(&keypack, 0, sizeof(keypack));
ConvertLsKeyPackToKeyPack(
lplsKeyPack,
&keypack,
NULL
);
status = TLSDBKeyPackGetAvailableLicenses(
pDbWkSpace,
dwSearchParm,
&keypack,
lpdwAvail
);
//FreeTlsLicensePack(&keypack);
ReleaseWorkSpace(&pDbWkSpace);
}
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetRevokeKeyPackList(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [out][in] */ PDWORD pcbNumberOfRange,
/* [size_is][out] */ LPLSRange __RPC_FAR *ppRevokeRange,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetRevokeLicenseList(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [out][in] */ PDWORD pcbNumberOfRange,
/* [size_is][out] */ LPLSRange __RPC_FAR *ppRevokeRange,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcReturnKeyPack(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwKeyPackId,
/* [in] */ DWORD dwReturnReason,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcReturnLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwKeyPackId,
/* [in] */ DWORD dwLicenseId,
/* [in] */ DWORD dwReturnReason,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcInstallCertificate(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwCertType,
/* [in] */ DWORD dwCertLevel,
/* [in] */ DWORD cbSignCert,
/* [size_is][in] */ PBYTE pbSignCert,
/* [in] */ DWORD cbExchCert,
/* [size_is][in] */ PBYTE pbExchCert,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcInstallCertificate\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
DWORD cbLsSignCert=0;
PBYTE pbLsSignCert=NULL;
DWORD cbLsExchCert=0;
PBYTE pbLsExchCert=NULL;
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(pbSignCert == NULL || pbExchCert == NULL)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Verify input data
//
status = TLSVerifyCertChainInMomory(
g_hCryptProv,
pbSignCert,
cbSignCert
);
if(status != ERROR_SUCCESS)
{
status = TLS_E_INVALID_DATA;
}
//
// Verify input data
//
status = TLSVerifyCertChainInMomory(
g_hCryptProv,
pbExchCert,
cbExchCert
);
if(status != ERROR_SUCCESS)
{
status = TLS_E_INVALID_DATA;
}
//
// Block RPC call to serialize install certificate
//
if(AcquireRPCExclusiveLock(INFINITE) == FALSE)
{
status=TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
if(AcquireAdministrativeLock(INFINITE) == TRUE)
{
if(dwCertLevel == 0)
{
status = TLSSaveRootCertificatesToStore(
g_hCryptProv,
cbSignCert,
pbSignCert,
cbExchCert,
pbExchCert
);
}
else
{
status = TLSSaveCertificatesToStore(
g_hCryptProv,
dwCertType,
dwCertLevel,
cbSignCert,
pbSignCert,
cbExchCert,
pbExchCert
);
if(status == ERROR_SUCCESS && dwCertType == CERTIFICATE_CA_TYPE)
{
if(cbSignCert)
{
status = IsCertificateLicenseServerCertificate(
g_hCryptProv,
AT_SIGNATURE,
cbSignCert,
pbSignCert,
&cbLsSignCert,
&pbLsSignCert
);
}
if(status == ERROR_SUCCESS && cbExchCert)
{
status = IsCertificateLicenseServerCertificate(
g_hCryptProv,
AT_KEYEXCHANGE,
cbExchCert,
pbExchCert,
&cbLsExchCert,
&pbLsExchCert
);
}
//
// Install what we have here.
//
if(status == ERROR_SUCCESS && (cbLsExchCert || pbLsExchCert))
{
status = TLSInstallLsCertificate(
cbLsSignCert,
pbLsSignCert,
cbLsExchCert,
pbLsExchCert
);
}
#ifdef ENFORCE_LICENSING
// enforce version, check what's installed and restore backup if necessary
// non-enforce, just install, we won't use it anyway.
if(status == ERROR_SUCCESS && (cbLsExchCert || pbLsExchCert))
{
// reload certificate
if(TLSLoadVerifyLicenseServerCertificates() != ERROR_SUCCESS)
{
status = TLS_E_INVALID_DATA;
// delete the primary certificate registry key
TLSRegDeleteKey(
HKEY_LOCAL_MACHINE,
LSERVER_SERVER_CERTIFICATE_REGKEY
);
//
// reload certificate, if anything goes wrong, we will goes
// back to unregister mode.
//
if(TLSLoadServerCertificate() == FALSE)
{
// critical error occurred
TLSLogErrorEvent(TLS_E_LOAD_CERTIFICATE);
// initiate self-shutdown
GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0);
}
}
else
{
DWORD dwStatus;
// make sure our backup is up to date.
dwStatus = TLSRestoreLicenseServerCertificate(
LSERVER_SERVER_CERTIFICATE_REGKEY,
LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1
);
if(dwStatus != ERROR_SUCCESS)
{
TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey(
HKEY_LOCAL_MACHINE,
LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP1
);
}
dwStatus = TLSRestoreLicenseServerCertificate(
LSERVER_SERVER_CERTIFICATE_REGKEY,
LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2
);
if(dwStatus != ERROR_SUCCESS)
{
TLSLogWarningEvent(TLS_W_BACKUPCERTIFICATE);
TLSRegDeleteKey(
HKEY_LOCAL_MACHINE,
LSERVER_SERVER_CERTIFICATE_REGKEY_BACKUP2
);
}
}
}
#endif
if(pbLsSignCert)
{
FreeMemory(pbLsSignCert);
}
if(pbLsExchCert)
{
FreeMemory(pbLsExchCert);
}
}
}
ReleaseAdministrativeLock();
}
else
{
status=TLS_E_ALLOCATE_HANDLE;
}
ReleaseRPCExclusiveLock();
cleanup:
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_INSTALL_SERV_CERT;
#endif
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
error_status_t
TLSRpcGetServerCertificate(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ BOOL bSignCert,
/* [size_is][size_is][out] */ LPBYTE __RPC_FAR *ppCertBlob,
/* [ref][out] */ LPDWORD lpdwCertBlobLen,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetServerCertificate\n"),
lpContext->m_Client
);
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
}
else if(!g_pbExchangeEncodedCert || !g_cbExchangeEncodedCert ||
!g_pbSignatureEncodedCert || !g_cbSignatureEncodedCert)
{
status = TLS_E_NO_CERTIFICATE;
}
else
{
if(AcquireAdministrativeLock(INFINITE) == TRUE)
{
status = TLSSaveCertAsPKCS7(
(bSignCert) ? g_pbSignatureEncodedCert : g_pbExchangeEncodedCert,
(bSignCert) ? g_cbSignatureEncodedCert : g_cbExchangeEncodedCert,
ppCertBlob,
lpdwCertBlobLen
);
// hack so that we can continue testing...
if(g_bHasHydraCert == FALSE)
{
if(g_pbServerSPK != NULL && g_cbServerSPK != 0)
{
status = TLS_W_SELFSIGN_CERTIFICATE;
}
else
{
status = TLS_W_TEMP_SELFSIGN_CERT;
}
}
ReleaseAdministrativeLock();
}
else
{
status = TLS_E_ALLOCATE_HANDLE;
}
}
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_GETSERV_CERT;
#endif
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
//-------------------------------------------------------------------------------
void
MyFreeLicenseKeyPack(
PLicense_KeyPack pLicenseKeyPack
)
/*
*/
{
DWORD i;
PKeyPack_Description pKpDesc;
if( pLicenseKeyPack->pDescription )
{
for( i = 0, pKpDesc = pLicenseKeyPack->pDescription;
i < pLicenseKeyPack->dwDescriptionCount;
i++, pKpDesc++ )
{
if(pKpDesc->pDescription)
LocalFree( pKpDesc->pDescription );
if(pKpDesc->pbProductName)
LocalFree( pKpDesc->pbProductName );
}
}
if(pLicenseKeyPack->pDescription)
LocalFree( pLicenseKeyPack->pDescription );
if(pLicenseKeyPack->pbManufacturer && pLicenseKeyPack->cbManufacturer != 0)
LocalFree( pLicenseKeyPack->pbManufacturer );
if(pLicenseKeyPack->pbManufacturerData && pLicenseKeyPack->cbManufacturerData != 0)
LocalFree( pLicenseKeyPack->pbManufacturerData );
if(pLicenseKeyPack->pbProductId && pLicenseKeyPack->cbProductId != 0)
LocalFree( pLicenseKeyPack->pbProductId );
return;
}
//---------------------------------------------------------------------
error_status_t
TLSRpcRegisterLicenseKeyPack(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [size_is][in] */ LPBYTE pbCHCertBlob,
/* [in] */ DWORD cbCHCertBlobSize,
/* [size_is][in] */ LPBYTE pbRootCertBlob,
/* [in] */ DWORD cbRootCertBlob,
/* [size_is][in] */ LPBYTE lpKeyPackBlob,
/* [in] */ DWORD dwKeyPackBlobLen,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*++
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || dwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
LSKeyPack keypack;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcRegisterLicenseKeyPack\n"),
lpContext->m_Client
);
PTLSDbWorkSpace pDbWkSpace;
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
status=TLS_E_ALLOCATE_HANDLE;
}
else
{
License_KeyPack pLicenseKeyPack;
LicensePackDecodeParm LkpDecodeParm;
memset(
&LkpDecodeParm,
0,
sizeof(LicensePackDecodeParm)
);
LkpDecodeParm.hCryptProv = g_hCryptProv;
LkpDecodeParm.pbDecryptParm = (PBYTE)g_pszServerPid;
LkpDecodeParm.cbDecryptParm = (lstrlen(g_pszServerPid) * sizeof(TCHAR));
LkpDecodeParm.cbClearingHouseCert = cbCHCertBlobSize;
LkpDecodeParm.pbClearingHouseCert = pbCHCertBlob;
LkpDecodeParm.pbRootCertificate = pbRootCertBlob;
LkpDecodeParm.cbRootCertificate = cbRootCertBlob;
//
// make code clean, always start a transaction
//
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
status = DecodeLicenseKeyPackEx(
&pLicenseKeyPack,
&LkpDecodeParm,
dwKeyPackBlobLen,
lpKeyPackBlob
);
if(status != LICENSE_STATUS_OK)
{
status = TLS_E_DECODE_KEYPACKBLOB;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_DETAILSIMPLE,
_TEXT("Can't decode key pack blob - %d...\n"),
status);
}
else
{
status=TLSDBRegisterLicenseKeyPack(
USEHANDLE(pDbWkSpace),
&pLicenseKeyPack,
&keypack
);
MyFreeLicenseKeyPack(&pLicenseKeyPack);
}
if(TLS_ERROR(status))
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
}
//
// Post a sync work object
//
if(status == ERROR_SUCCESS)
{
if(TLSAnnounceLKPToAllRemoteServer(
keypack.dwKeyPackId,
0
) != ERROR_SUCCESS)
{
TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED);
}
}
cleanup:
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_REGISTER_LICENSE_PACK;
#endif
InterlockedDecrement( &lpContext->m_RefCount );
*dwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcRequestTermServCert(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ LPTLSHYDRACERTREQUEST pRequest,
/* [ref][out][in] */ PDWORD pcbChallengeData,
/* [size_is][out] */ PBYTE* ppbChallengeData,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine to issue certificate to Terminal Server.
Parameter:
phContext : Client context handle.
pRequest : Terminal Server specific certificate request.
pcbChallengeData : size of Server randomly generated challenge data
to Terminal Server.
ppbChallengeData : Server randomly generated challenge data to Terminal
server.
pdwErrCode : Error code.
Returns:
Function always return RPC_S_OK, actual error code is returned in
pdwErrCode.
Note:
Routine does not actually issue a license to Terminal Server, Terminal
Server must call TLSRpcRetrieveTermServCert() to retrieve its own
license.
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
TLSASSERT(pdwErrCode != NULL);
if(lpContext == NULL)
{
if(pRequest != NULL)
{
midl_user_free(pRequest);
}
*ppbChallengeData = NULL;
*pcbChallengeData = 0;
*pdwErrCode = TLSMapReturnCode(TLS_E_INVALID_DATA);
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
LPTERMSERVCERTREQHANDLE lpHandle=NULL;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcRequestTermServCert\n"),
lpContext->m_Client
);
*ppbChallengeData = NULL;
*pcbChallengeData = 0;
// verify client handle
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE)
{
SetLastError(status=TLS_E_INVALID_SEQUENCE);
goto cleanup;
}
lpHandle = (LPTERMSERVCERTREQHANDLE)AllocateMemory(
sizeof(TERMSERVCERTREQHANDLE)
);
if(lpHandle == NULL)
{
SetLastError(status = ERROR_OUTOFMEMORY);
goto cleanup;
}
//
// Generate Challenge Data
//
lpHandle->pCertRequest = pRequest;
status = TLSGenerateChallengeData(
CLIENT_INFO_HYDRA_SERVER,
&lpHandle->cbChallengeData,
&lpHandle->pbChallengeData
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
// return challenge data
*pcbChallengeData = lpHandle->cbChallengeData;
*ppbChallengeData = (PBYTE)midl_user_allocate(*pcbChallengeData);
if(*ppbChallengeData == NULL)
{
SetLastError(status = ERROR_OUTOFMEMORY);
goto cleanup;
}
memcpy( *ppbChallengeData,
lpHandle->pbChallengeData,
lpHandle->cbChallengeData);
lpContext->m_ContextHandle = (HANDLE)lpHandle;
lpContext->m_ContextType = CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE;
cleanup:
if(status != ERROR_SUCCESS)
{
// frees up memory.
// Can't overwrite context type.
//lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
if(lpHandle != NULL)
{
FreeMemory(lpHandle->pbChallengeData);
FreeMemory(lpHandle);
}
if(*ppbChallengeData != NULL)
{
midl_user_free(*ppbChallengeData);
}
if(pRequest != NULL)
{
midl_user_free(pRequest);
}
*ppbChallengeData = NULL;
*pcbChallengeData = 0;
}
InterlockedDecrement( &lpContext->m_RefCount );
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_REQUEST_TERMSRV_CERT;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcRetrieveTermServCert(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD cbResponseData,
/* [size_is][in] */ PBYTE pbResponseData,
/* [ref][out][in] */ PDWORD pcbCert,
/* [size_is][out] */ PBYTE* ppbCert,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine to retrieve Terminal Server's license.
Parameters:
phContext : client context handle.
cbResponseData : size of Terminal Server responses data to
license server's challenge.
pbResponseData : Terminal Server responses data to license
server's challenge.
pcbCert : Size of Terminal Server's license in bytes.
ppbCert : Terminal Server's license.
pdwErrCode : error code if fail.
Returns:
Function returns RPC_S_OK, actual error code returns in
pdwErrCode.
Note:
Must have call TLSRpcRequestTermServCert().
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
LPTERMSERVCERTREQHANDLE lpHandle=NULL;
CTLSPolicy* pPolicy=NULL;
PMHANDLE hClient;
PBYTE pbPkcs7=NULL;
DWORD cbPkcs7=0;
TLSDBLICENSEREQUEST LicenseRequest;
DWORD dwQuantity = 1;
TLSPRODUCTINFO ProductInfo;
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE];
TCHAR szMachineName[MAXCOMPUTERNAMELENGTH];
TCHAR szUserName[MAXUSERNAMELENGTH];
PTLSDbWorkSpace pDbWkSpace;
PMLICENSEREQUEST PMLicenseRequest;
PPMLICENSEREQUEST pAdjustedRequest;
TLSDBLICENSEDPRODUCT LicensedProduct;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcRetrieveTermServCert\n"),
lpContext->m_Client
);
// verify client handle
InterlockedIncrement( &lpContext->m_RefCount );
if(lpContext->m_ContextType != CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE)
{
SetLastError(status = TLS_E_INVALID_SEQUENCE);
goto cleanup;
}
lpHandle = (LPTERMSERVCERTREQHANDLE)lpContext->m_ContextHandle;
if( lpHandle == NULL || lpHandle->pCertRequest == NULL ||
lpHandle->pCertRequest->pbEncryptedHwid == NULL ||
lpHandle->pCertRequest->cbEncryptedHwid == 0 )
{
SetLastError(status = TLS_E_INVALID_SEQUENCE);
goto cleanup;
}
//
// Verify challenge response data
//
//
// Request a license from specific key pack
//
memset(&LicenseRequest, 0, sizeof(TLSDBLICENSEREQUEST));
if(!LoadResourceString(
IDS_HS_COMPANYNAME,
szCompanyName,
sizeof(szCompanyName) / sizeof(szCompanyName[0])))
{
SetLastError(status = TLS_E_INTERNAL);
goto cleanup;
}
if(lpContext->m_Client == NULL)
{
if(!LoadResourceString(
IDS_HS_MACHINENAME,
LicenseRequest.szMachineName,
sizeof(LicenseRequest.szMachineName)/sizeof(LicenseRequest.szMachineName[0])))
{
SetLastError(status = TLS_E_INTERNAL);
goto cleanup;
}
if(!LoadResourceString(
IDS_HS_USERNAME,
LicenseRequest.szUserName,
sizeof(LicenseRequest.szUserName)/sizeof(LicenseRequest.szUserName[0])))
{
SetLastError(status = TLS_E_INTERNAL);
goto cleanup;
}
}
else
{
SAFESTRCPY(LicenseRequest.szMachineName, lpContext->m_Client);
SAFESTRCPY(LicenseRequest.szUserName, lpContext->m_Client);
}
LicenseRequest.dwProductVersion = HYDRACERT_PRODUCT_VERSION;
LicenseRequest.pszProductId = HYDRAPRODUCT_HS_CERTIFICATE_SKU;
LicenseRequest.pszCompanyName = szCompanyName;
LicenseRequest.dwLanguageID = GetSystemDefaultLangID(); // ignore
LicenseRequest.dwPlatformID = CLIENT_PLATFORMID_WINDOWS_NT_FREE; // WINDOWS
LicenseRequest.pbEncryptedHwid = lpHandle->pCertRequest->pbEncryptedHwid;
LicenseRequest.cbEncryptedHwid = lpHandle->pCertRequest->cbEncryptedHwid;
status=LicenseDecryptHwid(
&LicenseRequest.hWid,
LicenseRequest.cbEncryptedHwid,
LicenseRequest.pbEncryptedHwid,
g_cbSecretKey,
g_pbSecretKey
);
if(status != ERROR_SUCCESS)
{
status = ERROR_INVALID_PARAMETER;
goto cleanup;
}
LicenseRequest.pClientPublicKey = (PCERT_PUBLIC_KEY_INFO)lpHandle->pCertRequest->pSubjectPublicKeyInfo;
LicenseRequest.clientCertRdn.type = LSCERT_RDN_STRING_TYPE;
LicenseRequest.clientCertRdn.szRdn = lpHandle->pCertRequest->szSubjectRdn;
LicenseRequest.dwNumExtensions = lpHandle->pCertRequest->dwNumCertExtension;
LicenseRequest.pExtensions = (PCERT_EXTENSION)lpHandle->pCertRequest->pCertExtensions;
hClient = GenerateClientId();
pPolicy = AcquirePolicyModule(NULL, NULL, FALSE);
if(pPolicy == NULL)
{
SetLastError(status = TLS_E_INTERNAL);
goto cleanup;
}
PMLicenseRequest.dwProductVersion = LicenseRequest.dwProductVersion;
PMLicenseRequest.pszProductId = LicenseRequest.pszProductId;
PMLicenseRequest.pszCompanyName = LicenseRequest.pszCompanyName;
PMLicenseRequest.dwLanguageId = LicenseRequest.dwLanguageID;
PMLicenseRequest.dwPlatformId = LicenseRequest.dwPlatformID;
PMLicenseRequest.pszMachineName = LicenseRequest.szMachineName;
PMLicenseRequest.pszUserName = LicenseRequest.szUserName;
PMLicenseRequest.dwLicenseType = LICENSETYPE_LICENSE;
//
// Inform Policy module start of new license request
//
status = pPolicy->PMLicenseRequest(
hClient,
REQUEST_NEW,
(PVOID) &PMLicenseRequest,
(PVOID *) &pAdjustedRequest
);
if(status != ERROR_SUCCESS)
{
goto cleanup;
}
LicenseRequest.pPolicy = pPolicy;
LicenseRequest.hClient = hClient;
LicenseRequest.pPolicyLicenseRequest = pAdjustedRequest;
LicenseRequest.pClientLicenseRequest = &PMLicenseRequest;
// Call issue new license from sepcific keypack
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
status = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
status = TLSDBIssuePermanentLicense(
USEHANDLE(pDbWkSpace),
&LicenseRequest,
FALSE, // bLatestVersion
FALSE, // bAcceptFewerLicenses
&dwQuantity,
&LicensedProduct,
0
);
if(TLS_ERROR(status))
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
if(status == ERROR_SUCCESS)
{
LicensedProduct.pSubjectPublicKeyInfo = (PCERT_PUBLIC_KEY_INFO)lpHandle->pCertRequest->pSubjectPublicKeyInfo;
//
// Generate client certificate
//
status = TLSGenerateClientCertificate(
g_hCryptProv,
1,
&LicensedProduct,
LICENSE_DETAIL_DETAIL,
&pbPkcs7,
&cbPkcs7
);
if(TLS_ERROR(status) == TRUE)
{
goto cleanup;
}
status = TLSChainProprietyCertificate(
g_hCryptProv,
(CanIssuePermLicense() == FALSE),
pbPkcs7,
cbPkcs7,
ppbCert,
pcbCert
);
if(status == ERROR_SUCCESS)
{
if(CanIssuePermLicense() == FALSE)
{
status = TLS_W_SELFSIGN_CERTIFICATE;
}
}
}
cleanup:
FreeMemory(pbPkcs7);
if(pPolicy)
{
ReleasePolicyModule(pPolicy);
}
//
// Free up Hydra Certificate Request handle,
// all_nodes attribute so single free.
//
if(lpHandle)
{
if(lpHandle->pCertRequest)
{
midl_user_free(lpHandle->pCertRequest);
}
if(lpHandle->pbChallengeData)
{
midl_user_free(lpHandle->pbChallengeData);
}
FreeMemory(lpHandle);
}
if(lpContext->m_ContextType == CONTEXTHANDLE_HYDRA_REQUESTCERT_TYPE)
{
//
// force calling TLSRpcRequestTermServCert() again
//
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
lpContext->m_ContextHandle = NULL;
}
InterlockedDecrement( &lpContext->m_RefCount );
lpContext->m_LastError=status;
#if DBG
lpContext->m_LastCall = RPC_CALL_RETRIEVE_TERMSRV_CERT;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcAuditLicenseKeyPack(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwKeyPackId,
/* [in] */ FILETIME ftStartTime,
/* [in] */ FILETIME ftEndTime,
/* [in] */ BOOL bResetCounter,
/* [ref][out][in] */ LPTLSKeyPackAudit lplsAudit,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Not implemented yet!.
--*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcGetLSPKCS10CertRequest(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwCertType,
/* [ref][out][in] */ PDWORD pcbData,
/* [size_is][size_is][out] */ PBYTE __RPC_FAR *ppbData,
/* [ref][out][in] */ PDWORD dwErrCode
)
/*
Abstract:
Note:
No longer supported - doesn't make sense to give out our private key
*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
//////////////////////////////////////////////////////////////////////////////
//
// Replication function
//
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcBeginReplication(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][in] */ LPTSTR pszLsSetupId,
/* [string][in] */ LPTSTR pszLsServerName,
/* [in] */ DWORD cbDomainSid,
/* [size_is][in] */ PBYTE pbDomainSid,
/* [ref][out][in] */ FILETIME __RPC_FAR *pftLastBackupTime,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcEndReplication(
/* [in] */ PCONTEXT_HANDLE phContext
)
/*++
++*/
{
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcReplicateRecord(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][in] */ PTLSReplRecord pReplRecord,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcTableEnumBegin(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwSearchParam,
/* [ref][in] */ PTLSReplRecord pRecord,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcTableEnumNext(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [ref][out][in] */ PTLSReplRecord pRecord,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcTableEnumEnd(
/* [in] */ PCONTEXT_HANDLE phContext
)
/*++
++*/
{
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcInstallPolicyModule(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][in] */ LPTSTR pszCompanyName,
/* [string][in] */ LPTSTR pszProductId,
/* [string][in] */ LPTSTR pszPolicyDllName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
RpcRaiseException(RPC_S_CANNOT_SUPPORT); // doesn't return
return RPC_S_CANNOT_SUPPORT;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcAnnounceServer(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwAnnounceType,
/* [in] */ FILETIME __RPC_FAR *pLastStartupTime,
/* [string][in] */ LPTSTR pszSetupId,
/* [string][in] */ LPTSTR pszDomainName,
/* [string][in] */ LPTSTR pszLserverName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine for other license server to announce presence of
itself.
Parameters:
Returns:
Note:
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status = ERROR_SUCCESS;
BOOL bSuccess = TRUE;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcAnnounceServer\n"),
lpContext->m_Client
);
status = SecureModeCheck();
if(status != ERROR_SUCCESS )
{
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
InterlockedIncrement( &lpContext->m_RefCount );
//
// Verify it is a license server
//
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER)
{
status = TLS_E_ACCESS_DENIED;
}
if( status == ERROR_SUCCESS &&
(dwAnnounceType == TLSANNOUNCE_TYPE_STARTUP || dwAnnounceType == TLSANNOUNCE_TYPE_RESPONSE) )
{
status = TLSRegisterServerWithName(
pszSetupId,
pszDomainName,
pszLserverName
);
if(status == TLS_E_DUPLICATE_RECORD)
{
status = ERROR_SUCCESS;
}
}
if(status == ERROR_SUCCESS)
{
if(dwAnnounceType == TLSANNOUNCE_TYPE_STARTUP)
{
//
// Prevent loop back, use job to response announce
//
status = TLSStartAnnounceResponseJob(
pszSetupId,
pszDomainName,
pszLserverName,
&g_ftLastShutdownTime
);
}
if(status == ERROR_SUCCESS)
{
// Create a CSSync workobject to sync. local LKP
status = TLSPushSyncLocalLkpToServer(
pszSetupId,
pszDomainName,
pszLserverName,
pLastStartupTime
);
}
else
{
// reset error code, can't connect back to server -
// server might be available anymore.
status = ERROR_SUCCESS;
}
}
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ANNOUNCE_SERVER;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcLookupServer(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][in] */ LPTSTR pszLookupSetupId,
/* [size_is][string][out][in] */ LPTSTR pszLsSetupId,
/* [out][in] */ PDWORD pcbSetupId,
/* [size_is][string][out][in] */ LPTSTR pszDomainName,
/* [ref][out][in] */ PDWORD pcbDomainName,
/* [size_is][string][out][in] */ LPTSTR pszMachineName,
/* [ref][out][in] */ PDWORD pcbMachineName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Look up a license server via a license server's setupId.
This function is deprecated. Use TLSRpcLookupServerFixed.
Parameters:
Returns:
Note:
++*/
{
DWORD dwStatus = ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLookupServer\n"),
lpContext->m_Client
);
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS )
{
*pdwErrCode = TLSMapReturnCode(dwStatus);
return RPC_S_OK;
}
InterlockedIncrement( &lpContext->m_RefCount );
TLServerInfo ServerInfo;
if(_tcsicmp(pszLookupSetupId, g_pszServerPid) == 0)
{
_tcsncpy(
pszLsSetupId,
g_pszServerPid,
min(_tcslen(g_pszServerPid), *pcbSetupId)
);
if(*pcbSetupId <= _tcslen(g_pszServerPid))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszLsSetupId[min(_tcslen(g_pszServerPid), *pcbSetupId - 1)] = _TEXT('\0');
}
*pcbSetupId = _tcslen(g_pszServerPid) + 1;
//--------------------------------------------------------------
_tcsncpy(
pszDomainName,
g_szScope,
min(_tcslen(g_szScope), *pcbDomainName)
);
if(*pcbDomainName <= _tcslen(g_szScope))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszDomainName[min(_tcslen(g_szScope), *pcbDomainName - 1)] = _TEXT('\0');
}
*pcbDomainName = _tcslen(g_szScope) + 1;
//--------------------------------------------------------------
_tcsncpy(
pszMachineName,
g_szComputerName,
min(_tcslen(g_szComputerName), *pcbMachineName)
);
if(*pcbMachineName <= _tcslen(g_szComputerName))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszMachineName[min(_tcslen(g_szComputerName), *pcbMachineName - 1)] = _TEXT('\0');
}
*pcbMachineName = _tcslen(g_szComputerName) + 1;
}
else
{
dwStatus = TLSLookupRegisteredServer(
pszLookupSetupId,
NULL,
pszMachineName,
&ServerInfo
);
if(dwStatus == ERROR_SUCCESS)
{
_tcsncpy(
pszLsSetupId,
ServerInfo.GetServerId(),
min(_tcslen(ServerInfo.GetServerId()), *pcbSetupId)
);
if(*pcbSetupId <= _tcslen(ServerInfo.GetServerId()))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszLsSetupId[min(_tcslen(ServerInfo.GetServerId()), *pcbSetupId - 1)] = _TEXT('\0');
}
*pcbSetupId = _tcslen(ServerInfo.GetServerId()) + 1;
//--------------------------------------------------------------
_tcsncpy(
pszDomainName,
ServerInfo.GetServerDomain(),
min(_tcslen(ServerInfo.GetServerDomain()), *pcbDomainName)
);
if(*pcbDomainName <= _tcslen(ServerInfo.GetServerDomain()))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszDomainName[min(_tcslen(ServerInfo.GetServerDomain()), *pcbDomainName - 1)] = _TEXT('\0');
}
*pcbDomainName = _tcslen(ServerInfo.GetServerDomain()) + 1;
//--------------------------------------------------------------
_tcsncpy(
pszMachineName,
ServerInfo.GetServerName(),
min(_tcslen(ServerInfo.GetServerName()), *pcbMachineName)
);
if(*pcbMachineName <= _tcslen(ServerInfo.GetServerName()))
{
dwStatus = TLS_E_INVALID_DATA;
}
else
{
pszMachineName[min(_tcslen(ServerInfo.GetServerName()), *pcbMachineName - 1)] = _TEXT('\0');
}
*pcbMachineName = _tcslen(ServerInfo.GetServerName()) + 1;
}
}
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SERVERLOOKUP;
#endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcLookupServerFixed(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [string][in] */ LPTSTR szLookupSetupId,
/* [string][out] */ LPTSTR *pszLsSetupId,
/* [string][out] */ LPTSTR *pszDomainName,
/* [string][out] */ LPTSTR *pszMachineName,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Look up a license server via a license server's setupId.
Parameters:
Returns:
Note:
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcLookupServerFixed\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
TLServerInfo ServerInfo;
DWORD dwStatus = ERROR_SUCCESS;
if(_tcsicmp(szLookupSetupId, g_pszServerPid) == 0)
{
*pszLsSetupId = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszServerPid)+1)*sizeof(TCHAR));
if (NULL != *pszLsSetupId)
{
_tcscpy(
*pszLsSetupId,
g_pszServerPid
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
//--------------------------------------------------------------
*pszDomainName = (LPTSTR) MIDL_user_allocate((_tcslen(g_pszScope)+1)*sizeof(TCHAR));
if (NULL != *pszDomainName)
{
_tcscpy(
*pszDomainName,
g_pszScope
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
//--------------------------------------------------------------
*pszMachineName = (LPTSTR) MIDL_user_allocate((_tcslen(g_szComputerName)+1)*sizeof(TCHAR));
if (NULL != *pszMachineName)
{
_tcscpy(
*pszMachineName,
g_szComputerName
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
}
else
{
dwStatus = TLSLookupRegisteredServer(
szLookupSetupId,
NULL,
NULL,
&ServerInfo
);
if(dwStatus == ERROR_SUCCESS)
{
*pszLsSetupId = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerId())+1)*sizeof(TCHAR));
if (NULL != *pszLsSetupId)
{
_tcscpy(
*pszLsSetupId,
ServerInfo.GetServerId()
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
//--------------------------------------------------------------
*pszDomainName = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerDomain())+1)*sizeof(TCHAR));
if (NULL != *pszDomainName)
{
_tcscpy(
*pszDomainName,
ServerInfo.GetServerDomain()
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
//--------------------------------------------------------------
*pszMachineName = (LPTSTR) MIDL_user_allocate((_tcslen(ServerInfo.GetServerName())+1)*sizeof(TCHAR));
if (NULL != *pszMachineName)
{
_tcscpy(
*pszMachineName,
ServerInfo.GetServerName()
);
}
else
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
}
}
}
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SERVERLOOKUP;
#endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcAnnounceLicensePack(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ PTLSReplRecord pReplRecord,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine for one license server to announce it has particular
License Pack.
Parameters:
Returns:
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pReplRecord == NULL || pdwErrCode== NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD dwStatus=ERROR_SUCCESS;
PTLSDbWorkSpace pDbWkSpace=NULL;
TLSLICENSEPACK LicPack;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcAnnounceLicensePack\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS )
{
goto cleanup;
}
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER)
{
dwStatus = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(pReplRecord->dwUnionType != UNION_TYPE_LICENSEPACK)
{
dwStatus = TLS_E_INVALID_DATA;
goto cleanup;
}
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
dwStatus = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
LicPack = pReplRecord->w.ReplLicPack;
//
// TODO - verify input parameters
//
dwStatus = TLSDBRemoteKeyPackAdd(
USEHANDLE(pDbWkSpace),
&LicPack
);
if(TLS_ERROR(dwStatus) && dwStatus != TLS_E_DUPLICATE_RECORD)
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
cleanup:
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ANNOUNCELICENSEPACK;
#endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcReturnLicensedProduct(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ PTLSLicenseToBeReturn pClientLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pClientLicense == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD dwStatus=ERROR_SUCCESS;
CTLSPolicy* pPolicy=NULL;
PTLSDbWorkSpace pDbWorkSpace;
PMHANDLE hClient;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcReturnLicensedProduct\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS )
{
goto cleanup;
}
if(lpContext->m_ClientFlags != CLIENT_ACCESS_LSERVER)
{
dwStatus = TLS_E_ACCESS_DENIED;
goto cleanup;
}
pPolicy = AcquirePolicyModule(
pClientLicense->pszCompanyName,
pClientLicense->pszOrgProductId,
FALSE
);
if(pPolicy == NULL)
{
dwStatus = GetLastError();
goto cleanup;
}
hClient = GenerateClientId();
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
dwStatus=TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWorkSpace);
dwStatus = TLSReturnClientLicensedProduct(
USEHANDLE(pDbWkSpace),
hClient,
pPolicy,
pClientLicense
);
if(TLS_ERROR(dwStatus))
{
ROLLBACK_TRANSACTION(pDbWorkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWorkSpace);
}
if (dwStatus == ERROR_SUCCESS)
{
TLSAnnounceLKPToAllRemoteServer(pClientLicense->dwKeyPackId,0);
}
FREEDBHANDLE(pDbWorkSpace);
cleanup:
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNLICENSE;
#endif
*pdwErrCode = TLSMapReturnCode(dwStatus);
if(pPolicy)
{
pPolicy->PMLicenseRequest(
hClient,
REQUEST_COMPLETE,
UlongToPtr (dwStatus),
NULL
);
ReleasePolicyModule(pPolicy);
}
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcChallengeServer(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwClientType,
/* [in] */ PTLSCHALLENGEDATA pClientChallenge,
/* [out][in] */ PTLSCHALLENGERESPONSEDATA* pServerResponse,
/* [out][in] */ PTLSCHALLENGEDATA* pServerChallenge,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine for client to challenge server in order for client
confirm server's identity. License Server, in addition to response to
client's challenge, also generate random challenge data based on
client's self-declare type back to client.
Parameter:
phContext : Client's context handle.
dwClientType : Client self-pronounce type, valid values are ...
pClientChallenge : Client challenge data.
pServerResponse : Server's responses to client's challenge.
pServerChallenge : Server's challenge to client.
pdwErrCode : Error code if failed.
Returns:
Notes:
Private routine for LrWiz and License Server to identify itself.
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
PTLSCHALLENGEDATA pChallenge=NULL;
PTLSCHALLENGERESPONSEDATA pResponse = NULL;
HCRYPTPROV hProv = NULL;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcChallengeServer\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
//if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
//{
// status = TLS_E_ACCESS_DENIED;
// goto cleanup;
//}
if(lpContext->m_ContextType != CONTEXTHANDLE_EMPTY_TYPE)
{
status = TLS_E_INVALID_SEQUENCE;
goto cleanup;
}
//
// Input parameters...
//
if( pClientChallenge == NULL ||
pServerResponse == NULL ||
pServerChallenge == NULL )
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Verify Data send by client
//
if( pClientChallenge->dwVersion != TLS_CURRENT_CHALLENGE_VERSION ||
pClientChallenge->cbChallengeData == 0 ||
pClientChallenge->pbChallengeData == NULL )
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
pResponse = (PTLSCHALLENGERESPONSEDATA)midl_user_allocate(sizeof(TLSCHALLENGERESPONSEDATA));
if(pResponse == NULL)
{
status = GetLastError();
goto cleanup;
}
pChallenge = (PTLSCHALLENGEDATA)AllocateMemory(sizeof(TLSCHALLENGEDATA));
if(pChallenge == NULL)
{
status = GetLastError();
goto cleanup;
}
*pServerChallenge = (PTLSCHALLENGEDATA)midl_user_allocate(sizeof(TLSCHALLENGEDATA));
if(*pServerChallenge == NULL)
{
status = GetLastError();
goto cleanup;
}
//
// Generate Challenge response data
//
status = TLSGenerateChallengeResponseData(
g_hCryptProv,
dwClientType,
pClientChallenge,
&(pResponse->pbResponseData),
&(pResponse->cbResponseData)
);
*pServerResponse = pResponse;
if(status != ERROR_SUCCESS)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Generate Server side challenge data
//
pChallenge->dwVersion = TLS_CURRENT_CHALLENGE_VERSION;
if (CryptAcquireContext(&hProv,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT)) {
if (!CryptGenRandom(hProv,sizeof(pChallenge->dwRandom), (BYTE *) &pChallenge->dwRandom)) {
status = TLS_E_INTERNAL;
goto cleanup;
}
} else {
status = TLS_E_INTERNAL;
goto cleanup;
}
//
// This must range from 1 to 128, as it's used as an offset into the
// challenge data buffer
//
pChallenge->dwRandom %= RANDOM_CHALLENGE_DATASIZE;
pChallenge->dwRandom++;
status = TLSGenerateRandomChallengeData(
g_hCryptProv,
&(pChallenge->pbChallengeData),
&(pChallenge->cbChallengeData)
);
// base on type, mark this handle...
if(dwClientType == CLIENT_TYPE_LRWIZ)
{
lpContext->m_ContextType = CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE;
}
else
{
lpContext->m_ContextType = CONTEXTHANDLE_CHALLENGE_SERVER_TYPE;
}
(*pServerChallenge)->pbChallengeData = (PBYTE)midl_user_allocate(pChallenge->cbChallengeData);
if((*pServerChallenge)->pbChallengeData == NULL)
{
status = GetLastError();
goto cleanup;
}
(*pServerChallenge)->dwVersion = TLS_CURRENT_CHALLENGE_VERSION;
(*pServerChallenge)->dwRandom = pChallenge->dwRandom;
(*pServerChallenge)->cbChallengeData = pChallenge->cbChallengeData;
memcpy(
(*pServerChallenge)->pbChallengeData,
pChallenge->pbChallengeData,
pChallenge->cbChallengeData
);
lpContext->m_ContextHandle = (HANDLE)(pChallenge);
cleanup:
if(status != ERROR_SUCCESS)
{
if(pChallenge)
{
if(pChallenge->pbChallengeData)
{
FreeMemory(pChallenge->pbChallengeData);
}
if(pChallenge->pbReservedData)
{
FreeMemory(pChallenge->pbReservedData);
}
FreeMemory(pChallenge);
}
if(pResponse)
{
if(pResponse->pbResponseData)
{
FreeMemory(pResponse->pbResponseData);
}
if(pResponse->pbReservedData)
{
FreeMemory(pResponse->pbReservedData);
}
midl_user_free(pResponse);
}
}
if (hProv)
CryptReleaseContext(hProv,0);
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_CHALLENGESERVER;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcResponseServerChallenge(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ PTLSCHALLENGERESPONSEDATA pClientResponse,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Client's responses to Server challenge returned TLSRpcChallengeServer(),
must have call TLSRpcChallengeServer().
Parameter:
phContext:
pClientResponses: Client's response to server's challenge.
pdwErrCode : Return error code.
Returns:
Note:
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DWORD dwClientType;
PTLSCHALLENGEDATA pServerToClientChallenge;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcResponseServerChallenge\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
//if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
//{
// status = TLS_E_ACCESS_DENIED;
// goto cleanup;
//}
if( pClientResponse == NULL ||
pClientResponse->pbResponseData == NULL ||
pClientResponse->cbResponseData == 0 )
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
if(lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_SERVER_TYPE &&
lpContext->m_ContextType != CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE)
{
status = TLS_E_INVALID_SEQUENCE;
goto cleanup;
}
if(lpContext->m_ContextHandle == NULL)
{
status = TLS_E_INTERNAL;
goto cleanup;
}
if(lpContext->m_ContextType == CONTEXTHANDLE_CHALLENGE_LRWIZ_TYPE)
{
dwClientType = CLIENT_TYPE_LRWIZ;
}
else
{
dwClientType = CLIENT_TYPE_TLSERVER;
}
pServerToClientChallenge = (PTLSCHALLENGEDATA)lpContext->m_ContextHandle;
//
// base on client type, verify challenge response data
//
status = TLSVerifyChallengeResponse(
g_hCryptProv,
dwClientType,
pServerToClientChallenge,
pClientResponse
);
if(status != ERROR_SUCCESS)
{
status = TLS_E_INVALID_DATA;
}
else
{
if(dwClientType == CLIENT_TYPE_LRWIZ)
{
lpContext->m_ClientFlags |= CLIENT_ACCESS_LRWIZ;
}
else
{
lpContext->m_ClientFlags |= CLIENT_ACCESS_LSERVER;
}
}
if(pServerToClientChallenge != NULL)
{
FreeMemory(pServerToClientChallenge->pbChallengeData);
FreeMemory(pServerToClientChallenge);
}
lpContext->m_ContextHandle = NULL;
lpContext->m_ContextType = CONTEXTHANDLE_EMPTY_TYPE;
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RESPONSESERVERCHALLENGE;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcGetTlsPrivateData(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwPrivateDataType,
/* [switch_is][in] */ PTLSPrivateDataUnion pSearchData,
/* [ref][out][in] */ PDWORD pdwRetDataType,
/* [switch_is][out] */ PTLSPrivateDataUnion __RPC_FAR *ppPrivateData,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Retrieve license server's private data, this include Server's
unique ID, PID, and registered SPK if any.
Parameters:
phContext : Client's context handle.
dwPrivateDataType : Type of private data interested.
pSearchData : Type of data to search, currently ignore.
pdwRetDataType : Return data type.
ppPrivateData : License Server's private data.
pdwErrCode : Error Code.
Returns:
Note:
Only LrWiz and License Server can invoke this RPC call.
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL || pdwRetDataType == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DWORD cbSource=0;
PBYTE pbSource=NULL;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGetTlsPrivateData\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
//
// relax restriction on who can get private data
//
if( dwPrivateDataType != TLS_PRIVATEDATA_PID &&
dwPrivateDataType != TLS_PRIVATEDATA_UNIQUEID )
{
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
}
if( dwPrivateDataType < TLS_PRIVATEDATA_MIN ||
dwPrivateDataType > TLS_PRIVATEDATA_MAX )
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Not supported yet...
//
if(dwPrivateDataType == TLS_PRIVATEDATA_INSTALLED_CERT)
{
status = TLS_E_NOTSUPPORTED;
goto cleanup;
}
//
// Don't really need this but we might need to support
// re-generate of License Server ID
//
if(!AcquireAdministrativeLock(INFINITE))
{
status = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
switch(dwPrivateDataType)
{
case TLS_PRIVATEDATA_UNIQUEID:
pbSource = (PBYTE)g_pszServerUniqueId;
cbSource = g_cbServerUniqueId;
break;
case TLS_PRIVATEDATA_PID:
pbSource = (PBYTE)g_pszServerPid;
cbSource = g_cbServerPid;
break;
case TLS_PRIVATEDATA_SPK:
pbSource = g_pbServerSPK;
cbSource = g_cbServerSPK;
}
//
// Currently, what you ask is what you get.
//
*pdwRetDataType = dwPrivateDataType;
if( (dwPrivateDataType != TLS_PRIVATEDATA_SYSTEMLANGID) &&
(pbSource == NULL || cbSource == 0) )
{
status = TLS_E_RECORD_NOTFOUND;
}
else
{
*ppPrivateData = (PTLSPrivateDataUnion)midl_user_allocate(sizeof(TLSPrivateDataUnion));
if(*ppPrivateData != NULL)
{
memset(
*ppPrivateData,
0,
sizeof(TLSPrivateDataUnion)
);
if(*pdwRetDataType == TLS_PRIVATEDATA_SYSTEMLANGID)
{
(*ppPrivateData)->systemLangId = GetSystemDefaultLangID();
}
else if(*pdwRetDataType == TLS_PRIVATEDATA_SPK)
{
(*ppPrivateData)->SPK.cbSPK = cbSource;
(*ppPrivateData)->SPK.pbSPK = pbSource;
(*ppPrivateData)->SPK.pCertExtensions = g_pCertExtensions;
//(*ppPrivateData)->SPK.pCertExtensions = (PTLSCERT_EXTENSIONS)midl_user_allocate(g_cbCertExtensions);
//memcpy(
// (*ppPrivateData)->SPK.pCertExtensions,
// g_pCertExtensions,
// g_cbCertExtensions
// );
}
else
{
(*ppPrivateData)->BinaryData.cbData = cbSource;
(*ppPrivateData)->BinaryData.pbData = pbSource;
}
}
else
{
status = ERROR_OUTOFMEMORY;
}
}
ReleaseAdministrativeLock();
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_GETPRIVATEDATA;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcSetTlsPrivateData(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwPrivateDataType,
/* [switch_is][in] */ PTLSPrivateDataUnion pPrivateData,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine for LrWiz to set license server's private data.
Parameter:
phContext: Client context handle.
dwPrivateDataType : Type of private data to set.
pPrivateData : Private data to set/install.
pdwErrCode : Server return code.
Returns:
Note:
Only support installing of SPK/Extension at this time.
--*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pPrivateData == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DWORD dwSpkVerifyResult;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcDepositeSPK\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
//
// Only support SPK at this time
//
if(dwPrivateDataType != TLS_PRIVATEDATA_SPK)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// Lock all RPC calls related to issuing certificate
//
if(!AcquireRPCExclusiveLock(INFINITE))
{
status = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
do {
//if(g_pbServerSPK != NULL && g_cbServerSPK != 0)
//{
// status = TLS_E_SPKALREADYEXIST;
// break;
//}
if(AcquireAdministrativeLock(INFINITE))
{
status = TLSReGenSelfSignCert(
g_hCryptProv,
pPrivateData->SPK.pbSPK,
pPrivateData->SPK.cbSPK,
pPrivateData->SPK.pCertExtensions->cExtension,
pPrivateData->SPK.pCertExtensions->rgExtension
);
ReleaseAdministrativeLock();
}
else
{
status = TLS_E_ALLOCATE_HANDLE;
}
} while(FALSE);
ReleaseRPCExclusiveLock();
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_SETPRIVATEDATA;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcTriggerReGenKey(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ BOOL bRegenKey,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
Abstract:
Private routine to force license server to re-generate its
public/private key pair, all installed certificates/SPK are
deleted, User are required to re-register license server.
Parameters:
phContext : Client context handle.
bKeepSPKAndExtension : For future use only.
pdwErrCode : Return error code.
Returns:
++*/
{
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
DWORD status=ERROR_SUCCESS;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcTriggerReGenKey\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
LPCTSTR pString[1];
pString[0] = lpContext->m_Client;
TLSLogEventString(
EVENTLOG_INFORMATION_TYPE,
TLS_I_TRIGGER_REGENKEY,
1,
pString
);
//
// Block ALL RPC calls
//
if(!AcquireRPCExclusiveLock(INFINITE))
{
status=TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
do {
if(!AcquireAdministrativeLock(INFINITE))
{
status = TLS_E_ALLOCATE_HANDLE;
break;
}
status = TLSReGenKeysAndReloadServerCert(
bRegenKey
);
ReleaseAdministrativeLock();
} while(FALSE);
ReleaseRPCExclusiveLock();
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_TRIGGERREGENKEY;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcTelephoneRegisterLKP(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD cbData,
/* [size_is][in] */ PBYTE pbData,
/* [ref][out] */ PDWORD pdwErrCode
)
/*++
--*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL || pdwErrCode == NULL)
{
return RPC_S_INVALID_ARG;
}
PTLSDbWorkSpace pDbWkSpace;
LSKeyPack keypack;
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcTelephoneRegisterLKP\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_LRWIZ))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
status=TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWkSpace);
status = TLSDBTelephoneRegisterLicenseKeyPack(
USEHANDLE(pDbWkSpace),
g_pszServerPid,
pbData,
cbData,
&keypack
);
if(TLS_ERROR(status))
{
ROLLBACK_TRANSACTION(pDbWkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWkSpace);
}
FREEDBHANDLE(pDbWkSpace);
//
// Post a sync work object
//
if(status == ERROR_SUCCESS)
{
if(TLSAnnounceLKPToAllRemoteServer(
keypack.dwKeyPackId,
0
) != ERROR_SUCCESS)
{
TLSLogWarningEvent(TLS_W_ANNOUNCELKP_FAILED);
}
}
cleanup:
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_TELEPHONEREGISTERLKP;
#endif
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcAllocateInternetLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ const PTLSLICENSEREQUEST pRequest,
/* [string][in] */ LPTSTR pMachineName,
/* [string][in] */ LPTSTR pUserName,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallengeResponse,
/* [out] */ PDWORD pcbLicense,
/* [size_is][size_is][out] */ BYTE __RPC_FAR *__RPC_FAR *pbLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
--*/
{
return TLSRpcRequestNewLicense(
phContext,
ChallengeContext,
pRequest,
pMachineName,
pUserName,
cbChallengeResponse,
pbChallengeResponse,
FALSE,
pcbLicense,
pbLicense,
pdwErrCode
);
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcAllocateInternetLicenseEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ const CHALLENGE_CONTEXT ChallengeContext,
/* [in] */ const PTLSLICENSEREQUEST pRequest,
/* [string][in] */ LPTSTR pMachineName,
/* [string][in] */ LPTSTR pUserName,
/* [in] */ const DWORD cbChallengeResponse,
/* [size_is][in] */ const PBYTE pbChallengeResponse,
/* [ref][out] */ PTLSInternetLicense pInternetLicense,
/* [ref][out] */ PDWORD pdwErrCode
)
/*++
--*/
{
PBYTE pbLicense = NULL;
DWORD cbLicense = 0;
DWORD dwStatus = ERROR_SUCCESS;
DWORD index = 0;
PLICENSEDPRODUCT pLicensedProduct = NULL;
DWORD dwNumLicensedProduct = 0;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
if(lpContext == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto cleanup;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcAllocateInternetLicenseEx\n"),
lpContext->m_Client
);
//
// Internally forward the request.
//
dwStatus = TLSRpcAllocateInternetLicense(
phContext,
ChallengeContext,
pRequest,
pMachineName,
pUserName,
cbChallengeResponse,
pbChallengeResponse,
&cbLicense,
&pbLicense,
pdwErrCode
);
if(*pdwErrCode >= LSERVER_ERROR_BASE)
{
goto cleanup;
}
//
// decode the license.
//
dwStatus = LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
//
// Internet license can only have one licensed product
//
if(dwStatus != LICENSE_STATUS_OK || dwNumLicensedProduct == 0 || dwNumLicensedProduct > 1)
{
dwStatus = TLS_E_INTERNAL;
goto cleanup;
}
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory(
dwNumLicensedProduct * sizeof(LICENSEDPRODUCT)
);
if(pLicensedProduct == NULL)
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
dwStatus = LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
if(dwStatus != LICENSE_STATUS_OK)
{
dwStatus = TLS_E_INTERNAL;
goto cleanup;
}
//
// Sets up returns.
//
SAFESTRCPY(pInternetLicense->szServerId, pLicensedProduct->szIssuerId);
SAFESTRCPY(pInternetLicense->szServerName, pLicensedProduct->szIssuer);
pInternetLicense->ulSerialNumber = pLicensedProduct->ulSerialNumber;
pInternetLicense->dwQuantity = pLicensedProduct->dwQuantity;
cleanup:
if(NULL != lpContext)
{
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_ALLOCATEINTERNETLICNESEEX;
#endif
}
if(*pdwErrCode == ERROR_SUCCESS)
{
*pdwErrCode = TLSMapReturnCode(dwStatus);
}
if(pLicensedProduct != NULL)
{
for(index =0; index < dwNumLicensedProduct; index++)
{
LSFreeLicensedProduct(pLicensedProduct+index);
}
FreeMemory(pLicensedProduct);
}
if(pbLicense != NULL)
{
midl_user_free(pbLicense);
}
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcReturnInternetLicenseEx(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ const PTLSLICENSEREQUEST pRequest,
/* [in] */ const ULARGE_INTEGER __RPC_FAR *pulSerialNumber,
/* [in] */ DWORD dwQuantity,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
--*/
{
DWORD dwStatus = ERROR_SUCCESS;
TLSLicenseToBeReturn TobeReturn;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
PTLSDbWorkSpace pDbWorkSpace = NULL;
CTLSPolicy* pPolicy = NULL;
PMHANDLE hClient;
PMLICENSEREQUEST PMLicenseRequest;
PPMLICENSEREQUEST pAdjustedRequest;
TCHAR szCompanyName[LSERVER_MAX_STRING_SIZE+2];
TCHAR szProductId[LSERVER_MAX_STRING_SIZE+2];
if(VerifyLicenseRequest(pRequest) == FALSE)
{
SetLastError(dwStatus = TLS_E_INVALID_DATA);
goto cleanup;
}
if(lpContext == NULL || pdwErrCode == NULL)
{
SetLastError(dwStatus = ERROR_INVALID_PARAMETER);
goto cleanup;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcReturnInternetLicenseEx\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS )
{
goto cleanup;
}
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST))
{
dwStatus = TLS_E_ACCESS_DENIED;
goto cleanup;
}
memset(szCompanyName, 0, sizeof(szCompanyName));
memset(szProductId, 0, sizeof(szProductId));
memcpy(
szCompanyName,
pRequest->ProductInfo.pbCompanyName,
min(pRequest->ProductInfo.cbCompanyName, sizeof(szCompanyName)-sizeof(TCHAR))
);
memcpy(
szProductId,
pRequest->ProductInfo.pbProductID,
min(pRequest->ProductInfo.cbProductID, sizeof(szProductId)-sizeof(TCHAR))
);
//
// Allocate policy module, must have the right policy module to
// return license.
//
pPolicy = AcquirePolicyModule(
szCompanyName,
szProductId,
TRUE
);
if(pPolicy == NULL)
{
dwStatus = GetLastError();
goto cleanup;
}
hClient = GenerateClientId();
//
// Convert request to PMLICENSEREQUEST
//
TlsLicenseRequestToPMLicenseRequest(
LICENSETYPE_LICENSE,
pRequest,
_TEXT(""),
_TEXT(""),
0,
&PMLicenseRequest
);
//
// Ask policy module the actual product ID
//
dwStatus = pPolicy->PMLicenseRequest(
hClient,
REQUEST_NEW,
(PVOID) &PMLicenseRequest,
(PVOID *) &pAdjustedRequest
);
memset(&TobeReturn, 0, sizeof(TobeReturn));
TobeReturn.dwQuantity = dwQuantity;
TobeReturn.dwKeyPackId = pulSerialNumber->HighPart;
TobeReturn.dwLicenseId = pulSerialNumber->LowPart;
TobeReturn.dwPlatformID = pAdjustedRequest->dwPlatformId;
TobeReturn.cbEncryptedHwid = pRequest->cbEncryptedHwid;
TobeReturn.pbEncryptedHwid = pRequest->pbEncryptedHwid;
TobeReturn.dwProductVersion = pAdjustedRequest->dwProductVersion;
TobeReturn.pszOrgProductId = szProductId;
TobeReturn.pszCompanyName = szCompanyName;
TobeReturn.pszProductId = pAdjustedRequest->pszProductId;
//
// Allocate DB handle
//
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
dwStatus = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWorkSpace);
dwStatus = TLSReturnClientLicensedProduct(
USEHANDLE(pDbWkSpace),
hClient,
pPolicy,
&TobeReturn
);
if(TLS_ERROR(dwStatus))
{
ROLLBACK_TRANSACTION(pDbWorkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWorkSpace);
}
if(dwStatus == ERROR_SUCCESS)
{
TLSAnnounceLKPToAllRemoteServer(TobeReturn.dwKeyPackId,0);
}
FREEDBHANDLE(pDbWorkSpace);
cleanup:
if(NULL != lpContext)
{
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNINTERNETLICENSEEX;
#endif
}
*pdwErrCode = TLSMapReturnCode(dwStatus);
if(pPolicy)
{
pPolicy->PMLicenseRequest(
hClient,
REQUEST_COMPLETE,
UlongToPtr (dwStatus),
NULL
);
ReleasePolicyModule(pPolicy);
}
return RPC_S_OK;
}
////////////////////////////////////////////////////////////////////////////
error_status_t
TLSRpcReturnInternetLicense(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD cbLicense,
/* [size_is][in] */ PBYTE pbLicense,
/* [ref][out][in] */ PDWORD pdwErrCode
)
/*++
--*/
{
DWORD dwStatus = ERROR_SUCCESS;
DWORD index = 0;
PLICENSEDPRODUCT pLicensedProduct = NULL;
DWORD dwNumLicensedProduct = 0;
TLSLicenseToBeReturn TobeReturn;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
PTLSDbWorkSpace pDbWorkSpace = NULL;
CTLSPolicy* pPolicy = NULL;
PMHANDLE hClient;
if(lpContext == NULL || pdwErrCode == NULL)
{
SetLastError(dwStatus = ERROR_INVALID_PARAMETER);
goto cleanup;
}
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcReturnInternetLicense\n"),
lpContext->m_Client
);
InterlockedIncrement( &lpContext->m_RefCount );
dwStatus = SecureModeCheck();
if(dwStatus != ERROR_SUCCESS )
{
goto cleanup;
}
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_REQUEST))
{
dwStatus = TLS_E_ACCESS_DENIED;
goto cleanup;
}
// -------------------------------------------------------
// decode the license.
// -------------------------------------------------------
dwStatus = LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
// -------------------------------------------------------
// Internet license can only have one licensed product
// -------------------------------------------------------
if(dwStatus != LICENSE_STATUS_OK || dwNumLicensedProduct == 0 || dwNumLicensedProduct > 1)
{
dwStatus = TLS_E_INVALID_LICENSE;
goto cleanup;
}
pLicensedProduct = (PLICENSEDPRODUCT)AllocateMemory(
dwNumLicensedProduct * sizeof(LICENSEDPRODUCT)
);
if(pLicensedProduct == NULL)
{
dwStatus = TLS_E_ALLOCATE_MEMORY;
goto cleanup;
}
dwStatus = LSVerifyDecodeClientLicense(
pbLicense,
cbLicense,
g_pbSecretKey,
g_cbSecretKey,
&dwNumLicensedProduct,
pLicensedProduct
);
if(dwStatus != LICENSE_STATUS_OK)
{
dwStatus = TLS_E_INVALID_LICENSE;
goto cleanup;
}
TobeReturn.dwQuantity = pLicensedProduct->dwQuantity;
TobeReturn.dwKeyPackId = pLicensedProduct->ulSerialNumber.HighPart;
TobeReturn.dwLicenseId = pLicensedProduct->ulSerialNumber.LowPart;
TobeReturn.dwPlatformID = pLicensedProduct->LicensedProduct.dwPlatformID;
TobeReturn.cbEncryptedHwid = pLicensedProduct->LicensedProduct.cbEncryptedHwid;
TobeReturn.pbEncryptedHwid = pLicensedProduct->LicensedProduct.pbEncryptedHwid;
TobeReturn.dwProductVersion = MAKELONG(
pLicensedProduct->pLicensedVersion->wMinorVersion,
pLicensedProduct->pLicensedVersion->wMajorVersion
);
TobeReturn.pszOrgProductId = (LPTSTR) pLicensedProduct->pbOrgProductID;
TobeReturn.pszCompanyName = (LPTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbCompanyName;
TobeReturn.pszProductId = (LPTSTR) pLicensedProduct->LicensedProduct.pProductInfo->pbProductID;
TobeReturn.pszUserName = (LPTSTR) pLicensedProduct->szLicensedUser;
TobeReturn.pszMachineName = pLicensedProduct->szLicensedClient;
//
// Allocate policy module, must have the right policy module to
// return license.
//
pPolicy = AcquirePolicyModule(
TobeReturn.pszCompanyName,
TobeReturn.pszOrgProductId,
TRUE
);
if(pPolicy == NULL)
{
dwStatus = GetLastError();
goto cleanup;
}
hClient = GenerateClientId();
//
// Allocate DB handle
//
if(!ALLOCATEDBHANDLE(pDbWkSpace, g_GeneralDbTimeout))
{
dwStatus = TLS_E_ALLOCATE_HANDLE;
goto cleanup;
}
CLEANUPSTMT;
BEGIN_TRANSACTION(pDbWorkSpace);
dwStatus = TLSReturnClientLicensedProduct(
USEHANDLE(pDbWkSpace),
hClient,
pPolicy,
&TobeReturn
);
if(TLS_ERROR(dwStatus))
{
ROLLBACK_TRANSACTION(pDbWorkSpace);
}
else
{
COMMIT_TRANSACTION(pDbWorkSpace);
}
if(dwStatus == ERROR_SUCCESS)
{
TLSAnnounceLKPToAllRemoteServer(TobeReturn.dwKeyPackId,0);
}
FREEDBHANDLE(pDbWorkSpace);
cleanup:
if(NULL != lpContext)
{
lpContext->m_LastError=dwStatus;
InterlockedDecrement( &lpContext->m_RefCount );
#if DBG
lpContext->m_LastCall = RPC_CALL_RETURNINTERNETLICENSE;
#endif
}
*pdwErrCode = TLSMapReturnCode(dwStatus);
if(pLicensedProduct != NULL)
{
for(index =0; index < dwNumLicensedProduct; index++)
{
LSFreeLicensedProduct(pLicensedProduct+index);
}
FreeMemory(pLicensedProduct);
}
if(pPolicy)
{
pPolicy->PMLicenseRequest(
hClient,
REQUEST_COMPLETE,
UlongToPtr (dwStatus),
NULL
);
ReleasePolicyModule(pPolicy);
}
return RPC_S_OK;
}
void
FixupNameAttr(
DWORD dwNameAttrCount,
CERT_RDN_ATTR rgNameAttr[])
{
for (DWORD i = 0; i < dwNameAttrCount; i++)
{
if (rgNameAttr[i].Value.cbData == 0)
rgNameAttr[i].Value.pbData = NULL;
}
}
//----------------------------------------------------------------------------
error_status_t
TLSRpcGenerateCustomerCert(
/* [in] */ PCONTEXT_HANDLE phContext,
/* [in] */ DWORD dwCertEncodingType,
/* [in] */ DWORD dwNameAttrCount,
/* [in, size_is(dwNameAttrCount)] */ CERT_RDN_ATTR rgNameAttr[],
/* [out] */ DWORD *pcbCert,
/* [out, size_is(,*pcbCert)] */ BYTE **ppbCert,
/* [out] */ DWORD *pdwErrCode
)
/*++
Description:
This routine is for LRWiz to generate a certificate for a given customer
Arguments:
phContext - client context handle.
dwCertEncodingType - See CryptSignCertificate docs
dwNameAttrCount - Number of Name Attributes
rgNameAttr - Array of Name Attributes
pcbCert - Number of bytes in returned cert
ppbCert - Returned cert
pdwErrCode - Returned error value
Returns via pdwErrCode
++*/
{
DWORD status=ERROR_SUCCESS;
LPCLIENTCONTEXT lpContext = (LPCLIENTCONTEXT)phContext;
CERT_RDN rgRDN[] = {dwNameAttrCount, rgNameAttr};
CERT_NAME_INFO Name = {1, rgRDN};
CRYPT_ENCODE_PARA encodeParam;
CERT_REQUEST_INFO CertReqInfo;
PCERT_PUBLIC_KEY_INFO pPubKeyInfo=NULL;
DWORD cbPubKeyInfo=0;
CERT_SIGNED_CONTENT_INFO SignatureInfo;
LPBYTE pbRequest=NULL;
DWORD cbRequest=0;
if(lpContext == NULL || pdwErrCode == NULL)
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
// BUGBUG: Must check that caller is admin, through proper impersonation
if(!(lpContext->m_ClientFlags & CLIENT_ACCESS_ADMIN))
{
status = TLS_E_ACCESS_DENIED;
goto cleanup;
}
InterlockedIncrement( &lpContext->m_RefCount );
DBGPrintf(
DBG_INFORMATION,
DBG_FACILITY_RPC,
DBGLEVEL_FUNCTION_TRACE,
_TEXT("%s : TLSRpcGenerateCustomerCert\n"),
lpContext->m_Client
);
*pcbCert = 0;
*ppbCert = NULL;
FixupNameAttr(dwNameAttrCount,rgNameAttr);
memset(&CertReqInfo, 0, sizeof(CertReqInfo));
CertReqInfo.dwVersion = CERT_REQUEST_V1;
encodeParam.cbSize = sizeof(encodeParam);
encodeParam.pfnAlloc = MIDL_user_allocate;
encodeParam.pfnFree = MIDL_user_free;
if(!CryptEncodeObjectEx( CRYPT_ASN_ENCODING,
X509_NAME,
&Name,
CRYPT_ENCODE_ALLOC_FLAG,
&encodeParam,
&CertReqInfo.Subject.pbData,
&CertReqInfo.Subject.cbData))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// now get the public key out
//
if(!CryptExportPublicKeyInfo(g_hCryptProv,
dwCertEncodingType,
X509_ASN_ENCODING,
NULL,
&cbPubKeyInfo))
{
status = TLS_E_NO_CERTIFICATE;
goto cleanup;
}
pPubKeyInfo=(PCERT_PUBLIC_KEY_INFO) MIDL_user_allocate(cbPubKeyInfo);
if ( NULL == pPubKeyInfo )
{
status = ERROR_OUTOFMEMORY;
goto cleanup;
}
if(!CryptExportPublicKeyInfo(g_hCryptProv,
dwCertEncodingType,
X509_ASN_ENCODING,
pPubKeyInfo,
&cbPubKeyInfo))
{
status = TLS_E_NO_CERTIFICATE;
goto cleanup;
}
CertReqInfo.SubjectPublicKeyInfo = *pPubKeyInfo;
//
// Sign cert request
//
memset(&SignatureInfo, 0, sizeof(SignatureInfo));
SignatureInfo.SignatureAlgorithm.pszObjId = szOID_OIWSEC_sha1RSASign;
memset(&SignatureInfo.SignatureAlgorithm.Parameters, 0, sizeof(SignatureInfo.SignatureAlgorithm.Parameters));
if(!CryptEncodeObjectEx(CRYPT_ASN_ENCODING,
X509_CERT_REQUEST_TO_BE_SIGNED,
&CertReqInfo,
CRYPT_ENCODE_ALLOC_FLAG,
&encodeParam,
&SignatureInfo.ToBeSigned.pbData,
&SignatureInfo.ToBeSigned.cbData))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
if(!CryptSignCertificate( g_hCryptProv,
dwCertEncodingType,
CRYPT_ASN_ENCODING,
SignatureInfo.ToBeSigned.pbData,
SignatureInfo.ToBeSigned.cbData,
&SignatureInfo.SignatureAlgorithm,
NULL,
NULL,
&SignatureInfo.Signature.cbData))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
SignatureInfo.Signature.pbData = (BYTE *) MIDL_user_allocate(SignatureInfo.Signature.cbData);
if ( NULL == SignatureInfo.Signature.pbData )
{
status = ERROR_OUTOFMEMORY;
goto cleanup;
}
if(!CryptSignCertificate( g_hCryptProv,
dwCertEncodingType,
CRYPT_ASN_ENCODING,
SignatureInfo.ToBeSigned.pbData,
SignatureInfo.ToBeSigned.cbData,
&SignatureInfo.SignatureAlgorithm,
NULL,
SignatureInfo.Signature.pbData,
&SignatureInfo.Signature.cbData))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
//
// encode final signed request
//
if(!CryptEncodeObjectEx(CRYPT_ASN_ENCODING,
X509_CERT,
&SignatureInfo,
CRYPT_ENCODE_ALLOC_FLAG,
&encodeParam,
&pbRequest,
&cbRequest))
{
status = TLS_E_INVALID_DATA;
goto cleanup;
}
*pcbCert = cbRequest;
*ppbCert = pbRequest;
cleanup:
if(CertReqInfo.Subject.pbData != NULL)
{
MIDL_user_free(CertReqInfo.Subject.pbData);
}
if(pPubKeyInfo != NULL)
{
MIDL_user_free(pPubKeyInfo);
}
if(SignatureInfo.ToBeSigned.pbData != NULL)
{
MIDL_user_free(SignatureInfo.ToBeSigned.pbData);
}
if(SignatureInfo.Signature.pbData != NULL)
{
MIDL_user_free(SignatureInfo.Signature.pbData);
}
lpContext->m_LastError=status;
InterlockedDecrement( &lpContext->m_RefCount );
*pdwErrCode = TLSMapReturnCode(status);
return RPC_S_OK;
}