|
|
/*++
Copyright (c) 1997 Microsoft Corporation
Module Name : cal.cxx
Abstract: Control licensing policy enforcement for W3 server
Author:
Philippe Choquier (Phillich)
Environment: Win32 - User Mode
Project: Internet Server DLL
--*/
#include "w3p.hxx"
#include <stdio.h>
#include <limits.h>
#include <ole2.h>
#include <imd.h>
#include <mb.hxx>
#include <inetinfo.h>
#include <issched.hxx>
#include <acache.hxx>
#include <mbstring.h>
extern "C" {#include <ntlsapi.h>
#include <gntlsapi.h>
#include <llsapi.h>
}
#define NO_CAL_FOR_LOCAL_ACCESS
#define MULTI_CAL_PER_USER
typedef LS_STATUS_CODE (LS_API_ENTRY * IISPNT_LICENSE_REQUEST_A)( LPSTR ProductName, LPSTR Version, LS_HANDLE *LicenseHandle, NT_LS_DATA *NtData);
typedef NTSTATUS (NTAPI *IISPNT_LLS_PRODUCT_ENUM_W)( IN LLS_HANDLE Handle, IN DWORD Level, // Levels 0,1 supported
OUT LPBYTE* bufptr, IN DWORD prefmaxlen, OUT LPDWORD EntriesRead, OUT LPDWORD TotalEntries, IN OUT LPDWORD ResumeHandle );
typedef NTSTATUS (NTAPI *IISPNT_LLS_LOCAL_SERVICE_ENUM_W)( LLS_HANDLE Handle, DWORD Level, LPBYTE* bufptr, DWORD PrefMaxLen, LPDWORD EntriesRead, LPDWORD TotalEntries, LPDWORD ResumeHandle );
#define CAL_NB_PERIOD 5
#define BUFSTR_DEFAULT_SIZE 40
#define CAL_MAX_KEY_SIZE 256
#define IIS_LSAPI_NAME "IIS"
#define IIS_LSAPI_VERSION "5.0"
#define CAL_MIN_PERIOD (1000) // in ms
#define CAL_PRODUCT L"Windows NT Server"
#define CAL_KEYNAME L"FilePrint"
#define CAL_DEFAULT_MAX_LICENSES 10
typedef struct _CAL_ITERATOR { LIST_ENTRY* m_pNextEntry; LIST_ENTRY* m_pHeadEntry;} CAL_ITERATOR;
BOOLCalExemptAddRef( LPSTR ProductName, LPSTR Version, DWORD *LicenseHandle, NT_LS_DATA *NtData );
class CBufStr {
public: CBufStr() { m_pDynStr = 0; m_dwSize = 0; m_achFixedSize[0] = '\0'; } ~CBufStr() { if ( m_pDynStr ) LocalFree( m_pDynStr ); } BOOL Copy( LPSTR pS, DWORD dwL ); VOID Reset() { m_dwSize = 0 ; if ( m_pDynStr ) m_pDynStr[0] = '\0'; else m_achFixedSize[0]='\0'; } LPCSTR QueryStr() const { return m_pDynStr ? (LPCSTR)m_pDynStr : (LPCSTR)m_achFixedSize; } UINT QueryCCH() const { return m_dwSize; }
private: CHAR m_achFixedSize[BUFSTR_DEFAULT_SIZE]; DWORD m_dwMaxDynSize; DWORD m_dwSize; LPSTR m_pDynStr;} ;
class CCalEntry : public HT_ELEMENT {
public:
CCalEntry() { m_cRefs = 1; } ~CCalEntry( VOID) { if ( m_fAcquireLicenses ) AdjustLicences( 0 ); } LPCSTR QueryKey(VOID) const { return m_strKey.QueryStr(); } DWORD QueryKeyLen(VOID) const { return m_strKey.QueryCCH(); }
LONG Reference( VOID) { return InterlockedIncrement( &m_cRefs); } LONG Dereference( VOID) { return InterlockedDecrement( &m_cRefs); }
BOOL IsMatch( IN LPCSTR pszKey, IN DWORD cchKey) const { return cchKey == m_strKey.QueryCCH() ? !memcmp( pszKey, m_strKey.QueryStr(), cchKey) : FALSE; } VOID Print( VOID) const;
VOID IncrCnx() { if ( ++m_cCurrentCnx > m_acMaxCnxPerPeriod[m_iPeriod] ) m_acMaxCnxPerPeriod[m_iPeriod] = m_cCurrentCnx; } VOID DecrCnx() { InterlockedDecrement( &m_cCurrentCnx ); } BOOL Init( LPSTR pszKey, UINT cKey, UINT cPrefix, BOOL fSsl ); DWORD NeedLicenses(); BOOL AcquireLicenses( HANDLE hAccessToken, DWORD dwN ); BOOL AdvancePeriod(); VOID AdjustLicences( LONG cNew );
public: static VOID InitCache( VOID ); static VOID FreeCache( VOID ); static CCalEntry * Alloc( VOID ); static VOID Free( CCalEntry * pssc ); LIST_ENTRY m_ListEntry; LIST_ENTRY m_FreeListEntry; static LIST_ENTRY m_FreeListHead;
private: LONG m_cRefs; CBufStr m_strKey; UINT m_cKeyPrefix; // size of string before UserName in m_strKey
BOOL m_fAcquireLicenses; // FALSE if (SSL or Admin) and do not call LCM to get licenses
LONG m_acMaxCnxPerPeriod[CAL_NB_PERIOD]; UINT m_iPeriod; LONG m_cCurrentCnx; LONG m_cCurrentLicenses;#if defined(MULTI_CAL_PER_USER)
BUFFER m_bufLicenseHandles;#else
LS_HANDLE m_hLicenseHandle;#endif
DWORD m_dwExemptHandle;} ;
class CCalHashTable : public HASH_TABLE {
public: CCalHashTable( IN DWORD nBuckets, IN LPCSTR pszIdentifier, IN DWORD dwHashTableFlags ) : HASH_TABLE( nBuckets, pszIdentifier, dwHashTableFlags ) { INITIALIZE_CRITICAL_SECTION( &cs ); InitializeListHead( &m_ListHead ); } ~CCalHashTable() { CCalEntry* pE; while ( !IsListEmpty( &m_ListHead )) { pE = CONTAINING_RECORD( m_ListHead.Flink, CCalEntry, m_ListEntry );
RemoveEntryList( &pE->m_ListEntry );
//
// Make sure that the base class hash table object has the last remaining
// reference to this CCalEntry, so that when the destructor for the base class
// object is called, the CCalEntry object will get cleaned up
//
DBG_REQUIRE( pE->Dereference() == 1 );
} DeleteCriticalSection( &cs ); } VOID Lock() { EnterCriticalSection( &cs ); } VOID Unlock() { LeaveCriticalSection( &cs ); } BOOL Insert( CCalEntry* pE ) { if ( HASH_TABLE::Insert( (HT_ELEMENT*)pE, FALSE ) ) { InsertTailList( &m_ListHead, &pE->m_ListEntry ); return TRUE; } return FALSE; } BOOL Delete( CCalEntry* pE ) { RemoveEntryList( &pE->m_ListEntry ); return HASH_TABLE::Delete( (HT_ELEMENT*)pE ); } DWORD InitializeIter( CAL_ITERATOR* pI ) { pI->m_pHeadEntry = &m_ListHead; pI->m_pNextEntry = m_ListHead.Flink; return 0; } DWORD NextIter( CAL_ITERATOR* pI, CCalEntry** pE ) { if ( pI->m_pHeadEntry != pI->m_pNextEntry ) { *pE = CONTAINING_RECORD( pI->m_pNextEntry, CCalEntry, m_ListEntry ); pI->m_pNextEntry = pI->m_pNextEntry->Flink; return 0; } return ERROR_NO_MORE_ITEMS; } DWORD TerminateIter( CAL_ITERATOR* ) { return 0; }private: CRITICAL_SECTION cs; LIST_ENTRY m_ListHead;} ;
VOIDWINAPICalScavenger( LPVOID );
//
// Globals
//
CCalHashTable* phtAuth;CCalHashTable* phtSsl;DWORD g_dwAuthScavengerWorkItem = NULL;DWORD g_dwSslScavengerWorkItem = NULL;PSID psidAdmins;DWORD g_cSslLicences = 0; // current count of SSL licences
DWORD g_cMaxLicenses = 0; // max count of licenses
W3_SERVER_STATISTICS* g_pStats;DWORD g_CnxPerLicense;LIST_ENTRY CCalEntry::m_FreeListHead;
IISPNT_LICENSE_REQUEST_A pfnNtLicenseRequestA = NULL;PNT_LS_FREE_HANDLE pfnNtLSFreeHandle = NULL;HINSTANCE g_hLSAPI = NULL;PGNT_LICENSE_EXEMPTION_A pfnGntLicenseExemptionA = NULL;PGNT_LS_FREE_HANDLE pfnGntLsFreeHandle = NULL;PGNT_LICENSE_REQUEST_A pfnGntLicenseRequestA = NULL;HINSTANCE g_hGNTLSAPI = NULL;BOOL g_fEnableCal;BOOL g_fEnableMtsNotification;BOOL g_fUseMtsLicense;
////////////////
VOIDCCalEntry::Print( ) const/*++
Routine Description:
Print content of entry for debugging purpose
Arguments:
None
Return Value:
Nothing
--*/{}
DWORDInitializeCal( W3_SERVER_STATISTICS* pStats, DWORD dwVcPerLicense, DWORD dwAuthReserve, DWORD dwSslReserve )/*++
Routine Description:
Initialize Cal operations
Arguments:
pStats - ptr to stat object to update for Cal counters
Return Value:
NT Status - 0 if no error otherwise error code
--*/{ SID_IDENTIFIER_AUTHORITY siaNt = SECURITY_NT_AUTHORITY; DWORD dwStatus = 0; DWORD dwAuthPeriod; DWORD dwSslPeriod; HKEY hkey; CCalEntry::InitCache(); phtAuth = NULL; phtSsl = NULL; g_dwAuthScavengerWorkItem = NULL; g_dwSslScavengerWorkItem = NULL; g_hLSAPI = NULL; psidAdmins = NULL; pfnGntLicenseExemptionA = NULL; pfnGntLsFreeHandle = NULL; g_hGNTLSAPI = NULL; g_fEnableCal = FALSE; g_fEnableMtsNotification = FALSE; g_fUseMtsLicense = FALSE;
//
// If not on server, returns status OK but all cal requests will return
// immediatly w/o license checking.
//
if ( !InetIsNtServer( IISGetPlatformType() ) ) { return 0; }
if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, W3_PARAMETERS_KEY, 0, KEY_READ, &hkey ) == NO_ERROR ) { g_fEnableCal = !!ReadRegistryDword( hkey, "EnableCal", TRUE );
g_fEnableMtsNotification = !!ReadRegistryDword( hkey, "EnableMtsNotification", FALSE );
g_fUseMtsLicense = !!ReadRegistryDword( hkey, "UseMtsLicense", FALSE );
RegCloseKey( hkey ); }
if ( !g_fEnableCal ) { return 0; }
if ( g_hLSAPI = LoadLibrary( "NTLSAPI.DLL") ) { pfnNtLicenseRequestA = (IISPNT_LICENSE_REQUEST_A)GetProcAddress( g_hLSAPI, "NtLicenseRequestA" ); pfnNtLSFreeHandle = (PNT_LS_FREE_HANDLE)GetProcAddress( g_hLSAPI, "NtLSFreeHandle" ); if ( !pfnNtLicenseRequestA || !pfnNtLSFreeHandle ) { dwStatus = GetLastError(); } } else { dwStatus = GetLastError(); }
if ( dwStatus == 0 ) { // optional MTX ( Viper ) DLL
if ( g_fEnableMtsNotification && (g_hGNTLSAPI = LoadLibrary( "NTLSAPIX.DLL")) ) { pfnGntLicenseExemptionA = (PGNT_LICENSE_EXEMPTION_A)GetProcAddress( g_hGNTLSAPI, "NtLicenseExemptionA" ); pfnGntLicenseRequestA = (PGNT_LICENSE_REQUEST_A)GetProcAddress( g_hGNTLSAPI, "NtLicenseRequestA" ); pfnGntLsFreeHandle = (PGNT_LS_FREE_HANDLE)GetProcAddress( g_hGNTLSAPI, "NtLSFreeHandle" ); if ( !pfnGntLicenseExemptionA || !pfnGntLicenseRequestA || !pfnGntLsFreeHandle ) { pfnGntLicenseExemptionA = NULL; pfnGntLsFreeHandle = NULL; pfnGntLicenseRequestA = NULL; FreeLibrary( g_hGNTLSAPI ); g_hGNTLSAPI = NULL; }
if ( g_hGNTLSAPI && g_fUseMtsLicense ) { pfnNtLicenseRequestA = pfnGntLicenseRequestA; pfnNtLSFreeHandle = pfnGntLsFreeHandle; } } }
if ( dwStatus == 0 ) { phtAuth = new CCalHashTable( 253, "IIS AUTH CAL", 0 ); phtSsl = new CCalHashTable( 253, "IIS SSL CAL", 0 );
if ( !phtAuth || !phtSsl ) { dwStatus = ERROR_NOT_ENOUGH_MEMORY; } }
if ( dwStatus == 0 ) { if ( (dwAuthPeriod = (1000 * dwAuthReserve) / (CAL_NB_PERIOD)) < CAL_MIN_PERIOD ) { dwAuthPeriod = CAL_MIN_PERIOD; }
if ( (dwSslPeriod = (1000 * dwSslReserve) / (CAL_NB_PERIOD)) < CAL_MIN_PERIOD ) { dwSslPeriod = CAL_MIN_PERIOD; } }
// initialize scavenger
if ( dwStatus == 0 ) { if ( !(g_dwAuthScavengerWorkItem = ScheduleWorkItem( CalScavenger, phtAuth, dwAuthPeriod, TRUE )) ) { dwStatus = GetLastError(); } }
if ( dwStatus == 0 ) { if ( !(g_dwSslScavengerWorkItem = ScheduleWorkItem( CalScavenger, phtSsl, dwSslPeriod, TRUE )) ) { dwStatus = GetLastError(); } }
if ( dwStatus == 0 ) { if ( !AllocateAndInitializeSid( &siaNt, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0,0,0,0,0,0, &psidAdmins ) ) { dwStatus = GetLastError(); } }
if ( dwStatus == 0 ) { // g_pStats = pStats;
g_pStats = g_pW3Stats; // input parameter is wrong
g_CnxPerLicense = dwVcPerLicense;
// get #licenses from lsapi
g_cMaxLicenses = CAL_DEFAULT_MAX_LICENSES; g_cSslLicences = 0;
//
// sample code for LLSAPI in net\svcdlls\lls\test\llscmd
//
LLS_HANDLE lsh; PLLS_CONNECT_INFO_0 pllsConnectInfo0; DWORD dwEntries; DWORD dwTotalEntries; DWORD dwResumeHandle = 0; HINSTANCE hLLS; PLLS_CONNECT_W pfnLlsConnectW = NULL; PLLS_CLOSE pfnLlsClose = NULL; PLLS_FREE_MEMORY pfnLlsFreeMemory = NULL; IISPNT_LLS_PRODUCT_ENUM_W pfnLlsProductEnumW = NULL; IISPNT_LLS_LOCAL_SERVICE_ENUM_W pfnLlsLocalServiceEnumW = NULL; LPBYTE pBuff;
if ( hLLS = LoadLibrary( "LLSRPC.DLL") ) { pfnLlsConnectW = (PLLS_CONNECT_W)GetProcAddress( hLLS, "LlsConnectW" ); pfnLlsProductEnumW = (IISPNT_LLS_PRODUCT_ENUM_W)GetProcAddress( hLLS, "LlsProductEnumW" ); pfnLlsLocalServiceEnumW = (IISPNT_LLS_LOCAL_SERVICE_ENUM_W)GetProcAddress( hLLS, "LlsLocalServiceEnumW" ); pfnLlsFreeMemory = (PLLS_FREE_MEMORY)GetProcAddress( hLLS, "LlsFreeMemory" ); pfnLlsClose = (PLLS_CLOSE)GetProcAddress( hLLS, "LlsClose" );
if ( pfnLlsConnectW && pfnLlsLocalServiceEnumW && pfnLlsFreeMemory && pfnLlsClose && pfnLlsConnectW( NULL, &lsh ) == STATUS_SUCCESS ) { if ( pfnLlsLocalServiceEnumW( lsh, 0, &pBuff, 4096, &dwEntries, &dwTotalEntries, &dwResumeHandle ) == STATUS_SUCCESS ) { PLLS_LOCAL_SERVICE_INFO_0 pllsLocalServiceInfo0; UINT i;
pllsLocalServiceInfo0 = (PLLS_LOCAL_SERVICE_INFO_0)pBuff;
for ( i = 0 ; i < dwEntries ; ++i, ++pllsLocalServiceInfo0 ) { if ( !memcmp( pllsLocalServiceInfo0->KeyName, CAL_KEYNAME, sizeof(CAL_KEYNAME)-sizeof(WCHAR) ) ) { if ( pllsLocalServiceInfo0->Mode == LLS_LICENSE_MODE_PER_SEAT ) { g_cMaxLicenses = INT_MAX - 1; } else { g_cMaxLicenses = pllsLocalServiceInfo0->ConcurrentLimit; } break; } }
if ( i == dwEntries ) { dwStatus = ERROR_MOD_NOT_FOUND; }
pfnLlsFreeMemory( pBuff ); }
pfnLlsClose( lsh ); }
FreeLibrary( hLLS ); } else { dwStatus = GetLastError(); } }
if ( dwStatus ) { TerminateCal(); }
return dwStatus;}
VOIDTerminateCal( VOID )/*++
Routine Description:
Terminate Cal operations
Arguments:
None
Return Value:
Nothing
--*/{ if ( g_dwAuthScavengerWorkItem != NULL ) { RemoveWorkItem( g_dwAuthScavengerWorkItem ); g_dwAuthScavengerWorkItem = NULL; }
if ( g_dwSslScavengerWorkItem != NULL ) { RemoveWorkItem( g_dwSslScavengerWorkItem ); g_dwSslScavengerWorkItem = NULL; }
CCalEntry::FreeCache();
if( psidAdmins != NULL ) { FreeSid( psidAdmins ); psidAdmins = NULL; }
if ( phtAuth != NULL ) { delete phtAuth; phtAuth = NULL; }
if ( phtSsl != NULL ) { delete phtSsl; phtSsl = NULL; }
if ( g_hLSAPI ) { FreeLibrary( g_hLSAPI ); }
if ( g_hGNTLSAPI ) { FreeLibrary( g_hGNTLSAPI ); }}
// can SetLastError( ERROR_ACCESS_DENIED )
BOOL CalConnect( LPSTR pszIpAddr, UINT cIpAddr, BOOL fSsl, LPSTR pszUserName, UINT cUserName, HANDLE hAccessToken, LPVOID* ppCtx )/*++
Routine Description:
Grant or deny access to server. Return a license context to be destroyed by CalDisconnect
Arguments:
psIpAddr - IP address cIpAddr - length of IP address ( w/o '\0' ) fSsl - TRUE if SSL connection, otherwise FALSE pszUserName - user name, can be empty for SSL connection cUserName - length of pszUserName hAccessToken - impersonation access token for user, can be NULL for SSL connection ppCtx - updated with ptr to license context, to e destroyed by CalDisconnect
Return Value:
TRUE if acces granted, otherwise FALSE
--*/{ CHAR achKey[CAL_MAX_KEY_SIZE]; CCalEntry* pCal; DWORD dwL; BOOL fSt = TRUE; CCalHashTable* pht; CHAR * pchUser;
if ( g_hLSAPI == NULL || ( cIpAddr == sizeof("127.0.0.1")-1 && !memcmp( "127.0.0.1", pszIpAddr, cIpAddr ) ) ) { *ppCtx = NULL; return TRUE; }
// build key
memcpy( achKey, pszIpAddr, cIpAddr ); achKey[ cIpAddr++ ] = '|'; achKey[ cIpAddr++ ] = fSsl ? 'S' : ' '; achKey[ cIpAddr++ ] = '|';
//
// If there's a domain, strip it and just use the username - this
// allows users with the same name from different domains access
// to the same CAL but that's such a corner case we'll live with it
//
if ( pchUser = strchr( pszUserName, '\\' )) { pchUser++; cUserName -= DIFF( pchUser - pszUserName ); } else { pchUser = pszUserName; } memcpy( achKey + cIpAddr, pchUser, cUserName + 1 );
//
// Convert the name to lower case for later equivalency checking
// Note we don't handle the corner case of users with the same
// name but in different domains
//
IISstrlwr( (PUCHAR) achKey + cIpAddr );
pht = fSsl ? phtSsl : phtAuth;
// find or create entry
pht->Lock();
if ( !(pCal = (CCalEntry*)pht->Lookup( achKey, cIpAddr + cUserName )) ) { pCal = CCalEntry::Alloc();
if (pCal == NULL) { pht->Unlock(); return FALSE; }
pCal->Init( achKey, cIpAddr + cUserName, cIpAddr, fSsl ); if ( !pht->Insert( pCal ) ) { CCalEntry::Free( pCal ); pht->Unlock(); return FALSE; } } else { //
// CCalHashTable::Lookup() calls CCalEntry::Reference()
//
pCal->Dereference(); }
// check if license necessary
if ( dwL = pCal->NeedLicenses() ) { fSt = pCal->AcquireLicenses( hAccessToken, dwL ); } if ( fSt ) { pCal->IncrCnx(); *ppCtx = pCal; } else { *ppCtx = NULL; }
pht->Unlock();
return fSt;}
BOOL CalDisconnect( LPVOID pCtx )/*++
Routine Description:
Destroy a license context created by CalConnect
Arguments:
pCtx - ptr to license context created by CalConnect
Return Value:
TRUE if success, otherwise FALSE
--*/{ if ( g_hLSAPI != NULL && pCtx ) { CCalEntry* pCal = (CCalEntry*)pCtx;
// decr #cnx
pCal->DecrCnx(); }
return TRUE;}
VOIDWINAPICalScavenger( LPVOID pV )/*++
Routine Description:
Ages licence contexts, reclaiming licenses as no longer necessary
Arguments:
pV - ptr to CCalHashTable to process
Return Value:
Nothing
--*/{ CAL_ITERATOR it; CCalEntry* pCal; CCalHashTable* pH = (CCalHashTable*)pV;
// iterate through list of entries
pH->Lock();
// update # of licenses, free license & entry if necessary
if ( pH->InitializeIter( &it ) == 0 ) { while ( pH->NextIter( &it, &pCal) == 0 ) { if ( !pCal->AdvancePeriod() ) { pH->Delete( pCal ); CCalEntry::Free( pCal ); } }
pH->TerminateIter( &it ); }
pH->Unlock();}
VOID CCalEntry::InitCache( VOID )/*++
Routine Description:
Initialize allocation cache for CCalEntry
Arguments:
None
Return Value:
Nothing
--*/{ InitializeListHead( &m_FreeListHead ); }
VOID CCalEntry::FreeCache( VOID )/*++
Routine Description:
Free all entries in allocation cache for CCalEntry
Arguments:
None
Return Value:
Nothing
--*/{ LIST_ENTRY * pEntry; CCalEntry * pssc;
while ( !IsListEmpty( &m_FreeListHead )) { pssc = CONTAINING_RECORD( m_FreeListHead.Flink, CCalEntry, m_FreeListEntry );
RemoveEntryList( &pssc->m_FreeListEntry );
delete pssc; }}
//
// Allocates or frees a context from cache, creating as necessary. The
// lock needs to be taken before calling these
//
CCalEntry * CCalEntry::Alloc( VOID )/*++
Routine Description:
Allocate CCalEntry using allocation cache if not empty
Arguments:
None
Return Value:
CCalEntry or NULL if error
--*/{ CCalEntry * pssc = NULL;
if ( !IsListEmpty( &m_FreeListHead )) { LIST_ENTRY * pEntry = m_FreeListHead.Flink;
RemoveEntryList( pEntry );
pssc = CONTAINING_RECORD( pEntry, CCalEntry, m_FreeListEntry ); } else { pssc = new CCalEntry; }
if ( pssc ) { pssc->Reference(); }
return pssc;}
VOID CCalEntry::Free( CCalEntry * pssc )/*++
Routine Description:
Put a CCalEntry on the allocation cache
Arguments:
pssc - CCalEntry to put on allocation cache
Return Value:
Nothing
--*/{ if ( pssc ) { InsertHeadList( &m_FreeListHead, &pssc->m_FreeListEntry ); }}
BOOL CBufStr::Copy( LPSTR pS, DWORD dwL )/*++
Routine Description:
Copy a buffer to a buffered string
Arguments:
pS - ptr to string dwL - length of string ( w/o '\0' )
Return Value:
TRUE if success, otherwise FALSE
--*/{ if ( !m_pDynStr ) { if ( dwL >= BUFSTR_DEFAULT_SIZE ) {alloc_dyn: if ( !(m_pDynStr = (LPSTR)LocalAlloc( LMEM_FIXED, dwL + 1 )) ) { return FALSE; } memcpy( m_pDynStr, pS, dwL + 1 ); m_dwMaxDynSize = dwL; } else { memcpy( m_achFixedSize, pS, dwL + 1 ); } } else { if ( dwL > m_dwMaxDynSize ) { LocalFree( m_pDynStr ); goto alloc_dyn; } memcpy( m_pDynStr, pS, dwL + 1 ); }
m_dwSize = dwL; return TRUE;}
BOOL CCalEntry::Init( LPSTR pszKey, UINT cKey, UINT cPrefix, BOOL fSsl )/*++
Routine Description:
Initialize a CCalEntry
Arguments:
pszKey - key for hash table insertion cKey - length of pszKey ( w/o '\0' ) cPrefix - # of chars in pszKey before user name fSsl - TRUE if SSL connection, otherwise FALSE
Return Value:
TRUE if success, otherwise FALSE
--*/{ m_cKeyPrefix = cPrefix; m_fAcquireLicenses = !fSsl; m_iPeriod = 0; m_cCurrentCnx = 0; m_cCurrentLicenses = 0; memset( m_acMaxCnxPerPeriod, '\0', sizeof(m_acMaxCnxPerPeriod) ); m_dwExemptHandle = INVALID_CAL_EXEMPT_HANDLE;
return m_strKey.Copy( pszKey, cKey );}
DWORD CCalEntry::NeedLicenses( )/*++
Routine Description:
Check if new connection on this entry will require a license
Arguments:
None
Return Value:
Number of licenses to acquire to accept new connection
--*/{ if ( m_fAcquireLicenses ) {#if defined(MULTI_CAL_PER_USER)
LONG cN = (m_cCurrentCnx+g_CnxPerLicense)/g_CnxPerLicense; return cN > m_cCurrentLicenses ? cN - m_cCurrentLicenses : 0;#else
return m_cCurrentLicenses ? 0 : 1;#endif
} else { LONG cN = (m_cCurrentCnx+g_CnxPerLicense)/g_CnxPerLicense; return cN > m_cCurrentLicenses ? cN - m_cCurrentLicenses : 0; }}
BOOL CCalEntry::AcquireLicenses( HANDLE hAccessToken, DWORD dwN )/*++
Routine Description:
Acquire licenses for this entry
Arguments:
hAccessToken - access token associated with the user name for authenticated cnx can be NULL for SSL connection. dwN - # of licenses to acquire
Return Value:
TRUE if success, otherwise FALSE
--*/{ LS_HANDLE hLicense; LS_STATUS_CODE dwLsStatus = 0;
if ( m_fAcquireLicenses ) { dwN = 1;
NT_LS_DATA ls;
ls.DataType = NT_LS_USER_NAME; ls.Data = (LPVOID)(m_strKey.QueryStr() + m_cKeyPrefix); ls.IsAdmin = FALSE;ckagain: if ( ( dwLsStatus = pfnNtLicenseRequestA( IIS_LSAPI_NAME, IIS_LSAPI_VERSION, &hLicense, &ls ) ) ) { // check if admin
if ( ls.IsAdmin == FALSE && CheckTokenMembership( hAccessToken, psidAdmins, &ls.IsAdmin )) { if ( ls.IsAdmin ) { goto ckagain; } }
g_pStats->IncrTotalFailedCalAuth(); SetLastError( ERROR_ACCESS_DENIED );
return FALSE; } #if defined(MULTI_CAL_PER_USER)
if ( m_bufLicenseHandles.Resize( (m_cCurrentLicenses+dwN)*sizeof(LS_HANDLE) ) ) { *(LS_HANDLE*)((LPBYTE)m_bufLicenseHandles.QueryPtr()+m_cCurrentLicenses*sizeof(LS_HANDLE)) = hLicense; } else { if ( dwLsStatus = pfnNtLSFreeHandle( hLicense ) ) { DBGPRINTF((DBG_CONTEXT, "Status 0x%x returned from releasing license associated with CCalEntry 0x%p\n", dwLsStatus, this)); }
return FALSE; }#else
m_hLicenseHandle = hLicense;#endif
//
// If this is the 1st license for this entry,
// signal to MTX this user name is exempt of further licensing checks
// if we are using MTS license service then no need to call CalExemptAddRef
if ( !m_cCurrentLicenses && !g_fUseMtsLicense ) { CalExemptAddRef( IIS_LSAPI_NAME, IIS_LSAPI_VERSION, &m_dwExemptHandle, &ls ); }
m_cCurrentLicenses += dwN; while ( dwN-- ) { g_pStats->IncrCurrentCalAuth(); } } else { if ( g_cSslLicences + dwN > g_cMaxLicenses ) { g_pStats->IncrTotalFailedCalSsl(); SetLastError( ERROR_ACCESS_DENIED ); return FALSE; } g_cSslLicences += dwN; m_cCurrentLicenses += dwN; while ( dwN-- ) { g_pStats->IncrCurrentCalSsl(); } } return TRUE;}
BOOL CCalEntry::AdvancePeriod( )/*++
Routine Description:
Adjust number of licenses by aging # of connections in cache
Arguments:
None
Return Value:
TRUE if entry still needed ( license to be held in cache ), FALSE if entry can be deleted.
--*/{ LONG iM = 0; UINT i;
for ( i = 0 ; i < CAL_NB_PERIOD ; ++i ) { if ( m_acMaxCnxPerPeriod[i] > iM ) { iM = m_acMaxCnxPerPeriod[i]; } } if ( ++m_iPeriod == CAL_NB_PERIOD ) { m_iPeriod = 0; } m_acMaxCnxPerPeriod[m_iPeriod] = m_cCurrentCnx;
if ( m_fAcquireLicenses ) { AdjustLicences( (iM+g_CnxPerLicense-1)/g_CnxPerLicense ); } else { LONG cNewLicenses = (iM+g_CnxPerLicense-1)/g_CnxPerLicense; // update global ssl count
while ( cNewLicenses < m_cCurrentLicenses ) { g_pStats->DecrCurrentCalSsl(); --m_cCurrentLicenses; --g_cSslLicences; } }
return iM;}
VOIDCCalEntry::AdjustLicences( LONG cNew )/*++
Routine Description:
Adjust number of licenses in this entry
Arguments:
cNew - new number of licenses
Return Value:
None
--*/{ LS_STATUS_CODE dwLSStatus;
#if defined(MULTI_CAL_PER_USER)
while ( m_cCurrentLicenses > cNew ) { if ( dwLSStatus = pfnNtLSFreeHandle( *(LS_HANDLE*)((LPBYTE)m_bufLicenseHandles.QueryPtr()+ (m_cCurrentLicenses-1)*sizeof(LS_HANDLE)) ) ) { DBGPRINTF((DBG_CONTEXT,"Status 0x%x returned from releasing license associated with CAL 0x%p\n", dwLSStatus, this)); }
g_pStats->DecrCurrentCalAuth(); --m_cCurrentLicenses; }#else
if ( !iM && m_cCurrentLicenses ) { if ( dwLSStatus = pfnNtLSFreeHandle( m_hLicenseHandle ) ) { DBGPRINTF((DBG_CONTEXT,"Status 0x%x returned from releasing license associated with CAL 0x%p\n", dwLSStatus, this)); }
g_pStats->DecrCurrentCalAuth(); m_cCurrentLicenses = 0; }#endif
//
// We don't hold any license, so if we called CalExemptAddRef
// then call release now.
//
if ( !m_cCurrentLicenses && m_dwExemptHandle != INVALID_CAL_EXEMPT_HANDLE ) { CalExemptRelease( m_dwExemptHandle ); m_dwExemptHandle = INVALID_CAL_EXEMPT_HANDLE; }}
BOOLCalExemptAddRef( LPSTR pszAcct, LPDWORD pdwHnd )/*++
Routine Description:
Flag an account name as exempt of further license check for the MTX licensing package.
Arguments:
pszAcct - account name to be exempted pdwHnd - updated with handle to exempted context, to be released with CalExemptRelease
Return Value:
TRUE if success, otherwise FALSE LastError can be set to ERROR_MOD_NOT_FOUND if MTX licensing package not found
--*/{ NT_LS_DATA ls;
ls.DataType = NT_LS_USER_NAME; ls.Data = pszAcct; ls.IsAdmin = FALSE;
return CalExemptAddRef( IIS_LSAPI_NAME, IIS_LSAPI_VERSION, pdwHnd, &ls );}
BOOLCalExemptAddRef( LPSTR ProductName, LPSTR Version, DWORD *LicenseHandle, NT_LS_DATA *NtData )/*++
Routine Description:
Flag an account name as exempt of further license check for the MTX licensing package.
Arguments:
ProductName - product name for license usage tracking purpose Version - product version for license usage tracking purpose LicenseHandle - updated with handle to exempted context, to be released with CalExemptRelease NtData - ptr to license data ( user name )
Return Value:
TRUE if success, otherwise FALSE LastError can be set to ERROR_MOD_NOT_FOUND if MTX licensing package not found
--*/{ if ( pfnGntLicenseExemptionA ) { DWORD dwS = pfnGntLicenseExemptionA( ProductName, Version, (LS_HANDLE*)LicenseHandle, NtData ); if ( dwS ) { SetLastError( dwS ); return FALSE; }
return TRUE; }
SetLastError( ERROR_MOD_NOT_FOUND ); return FALSE;}
BOOLCalExemptRelease( DWORD dwHnd )/*++
Routine Description:
Release a reference returned by CalExemptAddRef
Arguments:
dwHnd - handle to exempted context as returned by CalExemptAddRef
Return Value:
TRUE if success, otherwise FALSE LastError can be set to ERROR_MOD_NOT_FOUND if MTX licensing package not found
--*/{ if ( pfnGntLsFreeHandle ) { DWORD dwS = pfnGntLsFreeHandle( (LS_HANDLE)dwHnd ); if ( dwS ) { SetLastError( dwS ); return FALSE; }
return TRUE; }
SetLastError( ERROR_MOD_NOT_FOUND ); return FALSE;}
|
