vlmcsd-svn977-2016-07-13-Hotbird64

pull/5/head svn977
Wind4 8 years ago
parent f72621f166
commit 8d3bfb8d55

@ -34,7 +34,7 @@ ifneq (,$(findstring darwin,$(TARGETPLATFORM)))
UNIX := 1
endif
ifneq (,$(findstring androideabi,$(TARGETPLATFORM)))
ifneq (,$(findstring android,$(TARGETPLATFORM)))
ANDROID := 1
UNIX := 1
ELF := 1
@ -139,6 +139,12 @@ ifeq ($(NOLIBS),1)
NOLPTHREAD=1
endif
ifneq ($(NOLIBS),1)
ifeq ($(MINGW),1)
BASELDFLAGS += -lws2_32 -liphlpapi
endif
endif
ifneq ($(NO_DNS),1)
ifneq ($(ANDROID),1)
ifneq ($(NOLRESOLV),1)
@ -198,7 +204,7 @@ else
STRIPFLAGS += -s
endif
LIBRARY_CFLAGS = -DSIMPLE_SOCKETS -DNO_TIMEOUT -DNO_SIGHUP -DNO_CL_PIDS -DNO_EXTENDED_PRODUCT_LIST -DNO_BASIC_PRODUCT_LIST -DNO_LOG -DNO_RANDOM_EPID -DNO_INI_FILE -DNO_INI_FILE -DNO_HELP -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_USER_SWITCH -DNO_VERBOSE_LOG -DNO_LIMIT -DNO_VERSION_INFORMATION
LIBRARY_CFLAGS = -DSIMPLE_SOCKETS -DNO_TIMEOUT -DNO_SIGHUP -DNO_CL_PIDS -DNO_EXTENDED_PRODUCT_LIST -DNO_BASIC_PRODUCT_LIST -DNO_LOG -DNO_RANDOM_EPID -DNO_INI_FILE -DNO_INI_FILE -DNO_HELP -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_USER_SWITCH -DNO_VERBOSE_LOG -DNO_LIMIT -DNO_VERSION_INFORMATION -DNO_PRIVATE_IP_DETECT
ifeq ($(FEATURES), embedded)
BASECFLAGS += -DNO_HELP -DNO_USER_SWITCH -DNO_BASIC_PRODUCT_LIST -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_VERBOSE_LOG -DNO_VERSION_INFORMATION
@ -218,6 +224,10 @@ ifdef INI
BASECFLAGS += -DINI_FILE=\"$(INI)\"
endif
ifeq ($(NO_GETIFADDRS), 1)
BASECFLAGS += -DNO_GETIFADDRS
endif
ifeq ($(THREADS), 1)
BASECFLAGS += -DUSE_THREADS
endif
@ -340,6 +350,26 @@ else
SRCS += network.c rpc.c
endif
ifeq ($(GETIFADDRS),musl)
ifneq ($(NO_GETIFADDRS),1)
BASECFLAGS += -DGETIFADDRS_MUSL
VLMCSD_SRCS += getifaddrs-musl.c
MULTI_SRCS += getifaddrs-musl.c
VLMCS_SRCS += getifaddrs-musl.c
DLL_SRCS += getifaddrs-musl.c
MULTI_OBJS += getifaddrs-musl.o
endif
endif
ifeq ($(ANDROID),1)
ifneq ($(NO_GETIFADDRS),1)
VLMCSD_SRCS += ifaddrs-android.c
MULTI_SRCS += ifaddrs-android.c
DLL_SRCS += ifaddrs-android.c
MULTI_OBJS += ifaddrs-android.o
endif
endif
ifeq "$(WIN)" "1"
VLMCSD_SRCS += ntservice.c
MULTI_SRCS += ntservice.c
@ -614,7 +644,7 @@ help:
@echo " -DNO_LIMIT Don't support limiting concurrent clients in $(PROGRAM_NAME)."
@echo " -DNO_SIGHUP Don't support SIGHUP handling in $(PROGRAM_NAME)."
@echo " -DNO_VERSION_INFORMATION Don't support displaying version information in $(PROGRAM_NAME) and $(CLIENT_NAME). Removes -V option."
@echo " -DENABLE_DEPRECATED_OPTIONS Enable command line options that provide compatibility with previous versions of $(PROGRAM_NAME)."
@echo " -DNO_PRIVATE_IP_DETECT Don't support protection against clients with public IP addresses in $(PROGRAM_NAME)"
@echo ""
@echo "Troubleshooting options"
@echo " CAT=1 Combine all sources in a single in-memory file and compile directly to target."
@ -627,6 +657,8 @@ help:
@echo " NO_TIMEOUT=1 Do not set timeouts for sockets (for systems that don't support it)."
@echo " CHILD_HANDLER=1 Install a handler for SIGCHLD (for systems that don't support SA_NOCLDWAIT)."
@echo " NO_DNS=1 Compile $(CLIENT_NAME) without support for detecting KMS servers via DNS."
@echo " NO_GETIFADDRS=1 Compile $(PROGRAM_NAME) without using getifaddrs()."
@echo " GETIFADDRS=musl Compile $(PROGRAM_NAME) with its own implementation of getifaddrs() based on musl."
@echo " DNS_PARSER=internal Use $(CLIENT_NAME) internal DNS parsing routines. No effect on MingW (native Windows)."
@echo ""
@echo "Other useful CFLAGS"

@ -82,26 +82,6 @@
/*
* -------------------------------
* Backward compatibility
* -------------------------------
*/
#if !defined(ENABLE_DEPRECATED_OPTIONS)
/*
* comment out the following line if you want vlmcsd no to support command line options
* that have been present in previous versions of vlmcsd and are now obsolete
*/
//#define ENABLE_DEPRECATED_OPTIONS
#endif // ENABLE_DEPRECATED_OPTIONS
/*
* ----------------------------------------------------------------------------------------
* Troubleshooting options. Please note that disabling features may also help troubleshooting.
@ -556,6 +536,19 @@
#ifndef NO_PRIVATE_IP_DETECT
/*
* Disables the ability to protect vlmcsd against KMS requests from public IP addresses.
* Removes -o from the command line.
*/
//#define NO_PRIVATE_IP_DETECT
#endif // NO_PRIVATE_IP_DETECT
#ifndef NO_SOCKETS
/*
* Disables standalone startup of vlmcsd. If you use this config directive, you must start vlmcsd from an internet
@ -634,7 +627,6 @@
/* Don't change anything BELOW this line */

@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.25.0.git
# Thu Jun 16 21:09:56 2016
# Sat Jun 18 02:37:59 2016
#
CONFIG_HAVE_DOT_CONFIG=y
@ -614,8 +614,8 @@ CONFIG_FEATURE_DMESG_PRETTY=y
# CONFIG_HWCLOCK is not set
# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
# CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
CONFIG_IPCRM=y
CONFIG_IPCS=y
# CONFIG_IPCRM is not set
# CONFIG_IPCS is not set
# CONFIG_LOSETUP is not set
# CONFIG_LSPCI is not set
# CONFIG_LSUSB is not set
@ -778,12 +778,12 @@ CONFIG_PING=y
CONFIG_PING6=y
CONFIG_FEATURE_FANCY_PING=y
CONFIG_WGET=y
CONFIG_FEATURE_WGET_STATUSBAR=y
# CONFIG_FEATURE_WGET_STATUSBAR is not set
CONFIG_FEATURE_WGET_AUTHENTICATION=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
CONFIG_FEATURE_WGET_TIMEOUT=y
CONFIG_FEATURE_WGET_OPENSSL=y
CONFIG_FEATURE_WGET_SSL_HELPER=y
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_FEATURE_WGET_SSL_HELPER is not set
# CONFIG_WHOIS is not set
CONFIG_FEATURE_IPV6=y
# CONFIG_FEATURE_UNIX_LOCAL is not set

Binary file not shown.

@ -0,0 +1,263 @@
#define _GNU_SOURCE
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include "ifaddrs-musl.h"
//#include <syscall.h>
#include <net/if.h>
#include <netinet/in.h>
#include "netlink-musl.h"
#define IFADDRS_HASH_SIZE 64
/* getifaddrs() reports hardware addresses with PF_PACKET that implies
* struct sockaddr_ll. But e.g. Infiniband socket address length is
* longer than sockaddr_ll.ssl_addr[8] can hold. Use this hack struct
* to extend ssl_addr - callers should be able to still use it. */
struct sockaddr_ll_hack {
unsigned short sll_family, sll_protocol;
int sll_ifindex;
unsigned short sll_hatype;
unsigned char sll_pkttype, sll_halen;
unsigned char sll_addr[24];
};
union sockany {
struct sockaddr sa;
struct sockaddr_ll_hack ll;
struct sockaddr_in v4;
struct sockaddr_in6 v6;
};
struct ifaddrs_storage {
struct ifaddrs ifa;
struct ifaddrs_storage *hash_next;
union sockany addr, netmask, ifu;
unsigned int index;
char name[IFNAMSIZ+1];
};
struct ifaddrs_ctx {
struct ifaddrs_storage *first;
struct ifaddrs_storage *last;
struct ifaddrs_storage *hash[IFADDRS_HASH_SIZE];
};
void freeifaddrs(struct ifaddrs *ifp)
{
struct ifaddrs *n;
while (ifp) {
n = ifp->ifa_next;
free(ifp);
ifp = n;
}
}
static int __netlink_enumerate(int fd, unsigned int seq, int type, int af,
int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx)
{
struct nlmsghdr *h;
union {
uint8_t buf[8192];
struct {
struct nlmsghdr nlh;
struct rtgenmsg g;
} req;
struct nlmsghdr reply;
} u;
int r, ret;
memset(&u.req, 0, sizeof(u.req));
u.req.nlh.nlmsg_len = sizeof(u.req);
u.req.nlh.nlmsg_type = type;
u.req.nlh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST;
u.req.nlh.nlmsg_seq = seq;
u.req.g.rtgen_family = af;
r = send(fd, &u.req, sizeof(u.req), 0);
if (r < 0) return r;
while (1) {
r = recv(fd, u.buf, sizeof(u.buf), MSG_DONTWAIT);
if (r <= 0) return -1;
for (h = &u.reply; NLMSG_OK(h, (void*)&u.buf[r]); h = NLMSG_NEXT(h)) {
if (h->nlmsg_type == NLMSG_DONE) return 0;
if (h->nlmsg_type == NLMSG_ERROR) return -1;
ret = cb(ctx, h);
if (ret) return ret;
}
}
}
int __rtnetlink_enumerate(int link_af, int addr_af, int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx)
{
int fd, r;
fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (fd < 0) return -1;
r = __netlink_enumerate(fd, 1, RTM_GETLINK, link_af, cb, ctx);
if (!r) r = __netlink_enumerate(fd, 2, RTM_GETADDR, addr_af, cb, ctx);
close(fd);
return r;
}
static void copy_addr(struct sockaddr **r, int af, union sockany *sa, void *addr, size_t addrlen, int ifindex)
{
uint8_t *dst;
int len;
switch (af) {
case AF_INET:
dst = (uint8_t*) &sa->v4.sin_addr;
len = 4;
break;
case AF_INET6:
dst = (uint8_t*) &sa->v6.sin6_addr;
len = 16;
if (IN6_IS_ADDR_LINKLOCAL(addr) || IN6_IS_ADDR_MC_LINKLOCAL(addr))
sa->v6.sin6_scope_id = ifindex;
break;
default:
return;
}
if (addrlen < len) return;
sa->sa.sa_family = af;
memcpy(dst, addr, len);
*r = &sa->sa;
}
static void gen_netmask(struct sockaddr **r, int af, union sockany *sa, int prefixlen)
{
uint8_t addr[16] = {0};
int i;
if (prefixlen > 8*sizeof(addr)) prefixlen = 8*sizeof(addr);
i = prefixlen / 8;
memset(addr, 0xff, i);
if (i < sizeof(addr)) addr[i++] = 0xff << (8 - (prefixlen % 8));
copy_addr(r, af, sa, addr, sizeof(addr), 0);
}
static void copy_lladdr(struct sockaddr **r, union sockany *sa, void *addr, size_t addrlen, int ifindex, unsigned short hatype)
{
if (addrlen > sizeof(sa->ll.sll_addr)) return;
sa->ll.sll_family = AF_PACKET;
sa->ll.sll_ifindex = ifindex;
sa->ll.sll_hatype = hatype;
sa->ll.sll_halen = addrlen;
memcpy(sa->ll.sll_addr, addr, addrlen);
*r = &sa->sa;
}
static int netlink_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
{
struct ifaddrs_ctx *ctx = pctx;
struct ifaddrs_storage *ifs, *ifs0;
struct ifinfomsg *ifi = NLMSG_DATA(h);
struct ifaddrmsg *ifa = NLMSG_DATA(h);
struct rtattr *rta;
int stats_len = 0;
if (h->nlmsg_type == RTM_NEWLINK) {
for (rta = NLMSG_RTA(h, sizeof(*ifi)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
if (rta->rta_type != IFLA_STATS) continue;
stats_len = RTA_DATALEN(rta);
break;
}
} else {
for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0; ifs0 = ifs0->hash_next)
if (ifs0->index == ifa->ifa_index)
break;
if (!ifs0) return 0;
}
ifs = calloc(1, sizeof(struct ifaddrs_storage) + stats_len);
if (ifs == 0) return -1;
if (h->nlmsg_type == RTM_NEWLINK) {
ifs->index = ifi->ifi_index;
ifs->ifa.ifa_flags = ifi->ifi_flags;
for (rta = NLMSG_RTA(h, sizeof(*ifi)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
switch (rta->rta_type) {
case IFLA_IFNAME:
if (RTA_DATALEN(rta) < sizeof(ifs->name)) {
memcpy(ifs->name, RTA_DATA(rta), RTA_DATALEN(rta));
ifs->ifa.ifa_name = ifs->name;
}
break;
case IFLA_ADDRESS:
copy_lladdr(&ifs->ifa.ifa_addr, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifi->ifi_index, ifi->ifi_type);
break;
case IFLA_BROADCAST:
copy_lladdr(&ifs->ifa.ifa_broadaddr, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifi->ifi_index, ifi->ifi_type);
break;
case IFLA_STATS:
ifs->ifa.ifa_data = (void*)(ifs+1);
memcpy(ifs->ifa.ifa_data, RTA_DATA(rta), RTA_DATALEN(rta));
break;
}
}
if (ifs->ifa.ifa_name) {
unsigned int bucket = ifs->index % IFADDRS_HASH_SIZE;
ifs->hash_next = ctx->hash[bucket];
ctx->hash[bucket] = ifs;
}
} else {
ifs->ifa.ifa_name = ifs0->ifa.ifa_name;
ifs->ifa.ifa_flags = ifs0->ifa.ifa_flags;
for (rta = NLMSG_RTA(h, sizeof(*ifa)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
switch (rta->rta_type) {
case IFA_ADDRESS:
/* If ifa_addr is already set we, received an IFA_LOCAL before
* so treat this as destination address */
if (ifs->ifa.ifa_addr)
copy_addr(&ifs->ifa.ifa_dstaddr, ifa->ifa_family, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
else
copy_addr(&ifs->ifa.ifa_addr, ifa->ifa_family, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
break;
case IFA_BROADCAST:
copy_addr(&ifs->ifa.ifa_broadaddr, ifa->ifa_family, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
break;
case IFA_LOCAL:
/* If ifa_addr is set and we get IFA_LOCAL, assume we have
* a point-to-point network. Move address to correct field. */
if (ifs->ifa.ifa_addr) {
ifs->ifu = ifs->addr;
ifs->ifa.ifa_dstaddr = &ifs->ifu.sa;
memset(&ifs->addr, 0, sizeof(ifs->addr));
}
copy_addr(&ifs->ifa.ifa_addr, ifa->ifa_family, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
break;
case IFA_LABEL:
if (RTA_DATALEN(rta) < sizeof(ifs->name)) {
memcpy(ifs->name, RTA_DATA(rta), RTA_DATALEN(rta));
ifs->ifa.ifa_name = ifs->name;
}
break;
}
}
if (ifs->ifa.ifa_addr)
gen_netmask(&ifs->ifa.ifa_netmask, ifa->ifa_family, &ifs->netmask, ifa->ifa_prefixlen);
}
if (ifs->ifa.ifa_name) {
if (!ctx->first) ctx->first = ifs;
if (ctx->last) ctx->last->ifa.ifa_next = &ifs->ifa;
ctx->last = ifs;
} else {
free(ifs);
}
return 0;
}
int getifaddrs(struct ifaddrs **ifap)
{
struct ifaddrs_ctx _ctx, *ctx = &_ctx;
int r;
memset(ctx, 0, sizeof *ctx);
r = __rtnetlink_enumerate(AF_UNSPEC, AF_UNSPEC, netlink_msg_to_ifaddr, ctx);
if (r == 0) *ifap = &ctx->first->ifa;
else freeifaddrs(&ctx->first->ifa);
return r;
}

@ -0,0 +1,600 @@
/*
Copyright (c) 2013, Kenneth MacKay
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "ifaddrs-android.h"
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
typedef struct NetlinkList
{
struct NetlinkList *m_next;
struct nlmsghdr *m_data;
unsigned int m_size;
} NetlinkList;
static int netlink_socket(void)
{
int l_socket = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if(l_socket < 0)
{
return -1;
}
struct sockaddr_nl l_addr;
memset(&l_addr, 0, sizeof(l_addr));
l_addr.nl_family = AF_NETLINK;
if(bind(l_socket, (struct sockaddr *)&l_addr, sizeof(l_addr)) < 0)
{
close(l_socket);
return -1;
}
return l_socket;
}
static int netlink_send(int p_socket, int p_request)
{
char l_buffer[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))];
memset(l_buffer, 0, sizeof(l_buffer));
struct nlmsghdr *l_hdr = (struct nlmsghdr *)l_buffer;
struct rtgenmsg *l_msg = (struct rtgenmsg *)NLMSG_DATA(l_hdr);
l_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*l_msg));
l_hdr->nlmsg_type = p_request;
l_hdr->nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST;
l_hdr->nlmsg_pid = 0;
l_hdr->nlmsg_seq = p_socket;
l_msg->rtgen_family = AF_UNSPEC;
struct sockaddr_nl l_addr;
memset(&l_addr, 0, sizeof(l_addr));
l_addr.nl_family = AF_NETLINK;
return (sendto(p_socket, l_hdr, l_hdr->nlmsg_len, 0, (struct sockaddr *)&l_addr, sizeof(l_addr)));
}
static int netlink_recv(int p_socket, void *p_buffer, size_t p_len)
{
struct msghdr l_msg;
struct iovec l_iov = { p_buffer, p_len };
struct sockaddr_nl l_addr;
//int l_result;
for(;;)
{
l_msg.msg_name = (void *)&l_addr;
l_msg.msg_namelen = sizeof(l_addr);
l_msg.msg_iov = &l_iov;
l_msg.msg_iovlen = 1;
l_msg.msg_control = NULL;
l_msg.msg_controllen = 0;
l_msg.msg_flags = 0;
int l_result = recvmsg(p_socket, &l_msg, 0);
if(l_result < 0)
{
if(errno == EINTR)
{
continue;
}
return -2;
}
if(l_msg.msg_flags & MSG_TRUNC)
{ // buffer was too small
return -1;
}
return l_result;
}
}
static struct nlmsghdr *getNetlinkResponse(int p_socket, int *p_size, int *p_done)
{
size_t l_size = 4096;
void *l_buffer = NULL;
for(;;)
{
free(l_buffer);
l_buffer = malloc(l_size);
int l_read = netlink_recv(p_socket, l_buffer, l_size);
*p_size = l_read;
if(l_read == -2)
{
free(l_buffer);
return NULL;
}
if(l_read >= 0)
{
pid_t l_pid = getpid();
struct nlmsghdr *l_hdr;
for(l_hdr = (struct nlmsghdr *)l_buffer; NLMSG_OK(l_hdr, (unsigned int)l_read); l_hdr = (struct nlmsghdr *)NLMSG_NEXT(l_hdr, l_read))
{
if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
{
continue;
}
if(l_hdr->nlmsg_type == NLMSG_DONE)
{
*p_done = 1;
break;
}
if(l_hdr->nlmsg_type == NLMSG_ERROR)
{
free(l_buffer);
return NULL;
}
}
return l_buffer;
}
l_size *= 2;
}
}
static NetlinkList *newListItem(struct nlmsghdr *p_data, unsigned int p_size)
{
NetlinkList *l_item = malloc(sizeof(NetlinkList));
l_item->m_next = NULL;
l_item->m_data = p_data;
l_item->m_size = p_size;
return l_item;
}
static void freeResultList(NetlinkList *p_list)
{
NetlinkList *l_cur;
while(p_list)
{
l_cur = p_list;
p_list = p_list->m_next;
free(l_cur->m_data);
free(l_cur);
}
}
static NetlinkList *getResultList(int p_socket, int p_request)
{
if(netlink_send(p_socket, p_request) < 0)
{
return NULL;
}
NetlinkList *l_list = NULL;
NetlinkList *l_end = NULL;
int l_size;
int l_done = 0;
while(!l_done)
{
struct nlmsghdr *l_hdr = getNetlinkResponse(p_socket, &l_size, &l_done);
if(!l_hdr)
{ // error
freeResultList(l_list);
return NULL;
}
NetlinkList *l_item = newListItem(l_hdr, l_size);
if(!l_list)
{
l_list = l_item;
}
else
{
l_end->m_next = l_item;
}
l_end = l_item;
}
return l_list;
}
static size_t maxSize(size_t a, size_t b)
{
return (a > b ? a : b);
}
static size_t calcAddrLen(sa_family_t p_family, int p_dataSize)
{
switch(p_family)
{
case AF_INET:
return sizeof(struct sockaddr_in);
case AF_INET6:
return sizeof(struct sockaddr_in6);
case AF_PACKET:
return maxSize(sizeof(struct sockaddr_ll), offsetof(struct sockaddr_ll, sll_addr) + p_dataSize);
default:
return maxSize(sizeof(struct sockaddr), offsetof(struct sockaddr, sa_data) + p_dataSize);
}
}
static void makeSockaddr(sa_family_t p_family, struct sockaddr *p_dest, void *p_data, size_t p_size)
{
switch(p_family)
{
case AF_INET:
memcpy(&((struct sockaddr_in*)p_dest)->sin_addr, p_data, p_size);
break;
case AF_INET6:
memcpy(&((struct sockaddr_in6*)p_dest)->sin6_addr, p_data, p_size);
break;
case AF_PACKET:
memcpy(((struct sockaddr_ll*)p_dest)->sll_addr, p_data, p_size);
((struct sockaddr_ll*)p_dest)->sll_halen = p_size;
break;
default:
memcpy(p_dest->sa_data, p_data, p_size);
break;
}
p_dest->sa_family = p_family;
}
static void addToEnd(struct ifaddrs **p_resultList, struct ifaddrs *p_entry)
{
if(!*p_resultList)
{
*p_resultList = p_entry;
}
else
{
struct ifaddrs *l_cur = *p_resultList;
while(l_cur->ifa_next)
{
l_cur = l_cur->ifa_next;
}
l_cur->ifa_next = p_entry;
}
}
static void interpretLink(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
{
struct ifinfomsg *l_info = (struct ifinfomsg *)NLMSG_DATA(p_hdr);
size_t l_nameSize = 0;
size_t l_addrSize = 0;
size_t l_dataSize = 0;
size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));
struct rtattr *l_rta;
for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
{
//void *l_rtaData = RTA_DATA(l_rta);
size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
switch(l_rta->rta_type)
{
case IFLA_ADDRESS:
case IFLA_BROADCAST:
l_addrSize += NLMSG_ALIGN(calcAddrLen(AF_PACKET, l_rtaDataSize));
break;
case IFLA_IFNAME:
l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);
break;
case IFLA_STATS:
l_dataSize += NLMSG_ALIGN(l_rtaSize);
break;
default:
break;
}
}
struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize + l_dataSize);
memset(l_entry, 0, sizeof(struct ifaddrs));
l_entry->ifa_name = "";
char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs);
char *l_addr = l_name + l_nameSize;
char *l_data = l_addr + l_addrSize;
l_entry->ifa_flags = l_info->ifi_flags;
l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));
for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
{
void *l_rtaData = RTA_DATA(l_rta);
size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
switch(l_rta->rta_type)
{
case IFLA_ADDRESS:
case IFLA_BROADCAST:
{
size_t l_addrLen = calcAddrLen(AF_PACKET, l_rtaDataSize);
makeSockaddr(AF_PACKET, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize);
((struct sockaddr_ll *)l_addr)->sll_ifindex = l_info->ifi_index;
((struct sockaddr_ll *)l_addr)->sll_hatype = l_info->ifi_type;
if(l_rta->rta_type == IFLA_ADDRESS)
{
l_entry->ifa_addr = (struct sockaddr *)l_addr;
}
else
{
l_entry->ifa_broadaddr = (struct sockaddr *)l_addr;
}
l_addr += NLMSG_ALIGN(l_addrLen);
break;
}
case IFLA_IFNAME:
strncpy(l_name, l_rtaData, l_rtaDataSize);
l_name[l_rtaDataSize] = '\0';
l_entry->ifa_name = l_name;
break;
case IFLA_STATS:
memcpy(l_data, l_rtaData, l_rtaDataSize);
l_entry->ifa_data = l_data;
break;
default:
break;
}
}
addToEnd(p_resultList, l_entry);
p_links[l_info->ifi_index - 1] = l_entry;
}
static void interpretAddr(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
{
struct ifaddrmsg *l_info = (struct ifaddrmsg *)NLMSG_DATA(p_hdr);
size_t l_nameSize = 0;
size_t l_addrSize = 0;
int l_addedNetmask = 0;
size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));
struct rtattr *l_rta;
for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
{
//void *l_rtaData = RTA_DATA(l_rta);
size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
if(l_info->ifa_family == AF_PACKET)
{
continue;
}
switch(l_rta->rta_type)
{
case IFA_ADDRESS:
case IFA_LOCAL:
if((l_info->ifa_family == AF_INET || l_info->ifa_family == AF_INET6) && !l_addedNetmask)
{ // make room for netmask
l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));
l_addedNetmask = 1;
}
case IFA_BROADCAST:
l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));
break;
case IFA_LABEL:
l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);
break;
default:
break;
}
}
struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize);
memset(l_entry, 0, sizeof(struct ifaddrs));
l_entry->ifa_name = p_links[l_info->ifa_index - 1]->ifa_name;
char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs);
char *l_addr = l_name + l_nameSize;
l_entry->ifa_flags = l_info->ifa_flags | p_links[l_info->ifa_index - 1]->ifa_flags;
l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));
for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
{
void *l_rtaData = RTA_DATA(l_rta);
size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
switch(l_rta->rta_type)
{
case IFA_ADDRESS:
case IFA_BROADCAST:
case IFA_LOCAL:
{
size_t l_addrLen = calcAddrLen(l_info->ifa_family, l_rtaDataSize);
makeSockaddr(l_info->ifa_family, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize);
if(l_info->ifa_family == AF_INET6)
{
if(IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)l_rtaData) || IN6_IS_ADDR_MC_LINKLOCAL((struct in6_addr *)l_rtaData))
{
((struct sockaddr_in6 *)l_addr)->sin6_scope_id = l_info->ifa_index;
}
}
if(l_rta->rta_type == IFA_ADDRESS)
{ // apparently in a point-to-point network IFA_ADDRESS contains the dest address and IFA_LOCAL contains the local address
if(l_entry->ifa_addr)
{
l_entry->ifa_dstaddr = (struct sockaddr *)l_addr;
}
else
{
l_entry->ifa_addr = (struct sockaddr *)l_addr;
}
}
else if(l_rta->rta_type == IFA_LOCAL)
{
if(l_entry->ifa_addr)
{
l_entry->ifa_dstaddr = l_entry->ifa_addr;
}
l_entry->ifa_addr = (struct sockaddr *)l_addr;
}
else
{
l_entry->ifa_broadaddr = (struct sockaddr *)l_addr;
}
l_addr += NLMSG_ALIGN(l_addrLen);
break;
}
case IFA_LABEL:
strncpy(l_name, l_rtaData, l_rtaDataSize);
l_name[l_rtaDataSize] = '\0';
l_entry->ifa_name = l_name;
break;
default:
break;
}
}
if(l_entry->ifa_addr && (l_entry->ifa_addr->sa_family == AF_INET || l_entry->ifa_addr->sa_family == AF_INET6))
{
unsigned l_maxPrefix = (l_entry->ifa_addr->sa_family == AF_INET ? 32 : 128);
unsigned l_prefix = (l_info->ifa_prefixlen > l_maxPrefix ? l_maxPrefix : l_info->ifa_prefixlen);
char l_mask[16] = {0};
unsigned i;
for(i=0; i<(l_prefix/8); ++i)
{
l_mask[i] = 0xff;
}
l_mask[i] = 0xff << (8 - (l_prefix % 8));
makeSockaddr(l_entry->ifa_addr->sa_family, (struct sockaddr *)l_addr, l_mask, l_maxPrefix / 8);
l_entry->ifa_netmask = (struct sockaddr *)l_addr;
}
addToEnd(p_resultList, l_entry);
}
static void interpret(int p_socket, NetlinkList *p_netlinkList, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
{
pid_t l_pid = getpid();
for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next)
{
unsigned int l_nlsize = p_netlinkList->m_size;
struct nlmsghdr *l_hdr;
for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))
{
if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
{
continue;
}
if(l_hdr->nlmsg_type == NLMSG_DONE)
{
break;
}
if(l_hdr->nlmsg_type == RTM_NEWLINK)
{
interpretLink(l_hdr, p_links, p_resultList);
}
else if(l_hdr->nlmsg_type == RTM_NEWADDR)
{
interpretAddr(l_hdr, p_links, p_resultList);
}
}
}
}
static unsigned countLinks(int p_socket, NetlinkList *p_netlinkList)
{
unsigned l_links = 0;
pid_t l_pid = getpid();
for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next)
{
unsigned int l_nlsize = p_netlinkList->m_size;
struct nlmsghdr *l_hdr;
for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))
{
if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
{
continue;
}
if(l_hdr->nlmsg_type == NLMSG_DONE)
{
break;
}
if(l_hdr->nlmsg_type == RTM_NEWLINK)
{
++l_links;
}
}
}
return l_links;
}
int getifaddrs(struct ifaddrs **ifap)
{
if(!ifap)
{
return -1;
}
*ifap = NULL;
int l_socket = netlink_socket();
if(l_socket < 0)
{
return -1;
}
NetlinkList *l_linkResults = getResultList(l_socket, RTM_GETLINK);
if(!l_linkResults)
{
close(l_socket);
return -1;
}
NetlinkList *l_addrResults = getResultList(l_socket, RTM_GETADDR);
if(!l_addrResults)
{
close(l_socket);
freeResultList(l_linkResults);
return -1;
}
unsigned l_numLinks = countLinks(l_socket, l_linkResults) + countLinks(l_socket, l_addrResults);
struct ifaddrs *l_links[l_numLinks];
memset(l_links, 0, l_numLinks * sizeof(struct ifaddrs *));
interpret(l_socket, l_linkResults, l_links, ifap);
interpret(l_socket, l_addrResults, l_links, ifap);
freeResultList(l_linkResults);
freeResultList(l_addrResults);
close(l_socket);
return 0;
}
void freeifaddrs(struct ifaddrs *ifa)
{
struct ifaddrs *l_cur;
while(ifa)
{
l_cur = ifa;
ifa = ifa->ifa_next;
free(l_cur);
}
}

@ -0,0 +1,58 @@
/*
* Copyright (c) 1995, 1999
* Berkeley Software Design, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* BSDI ifaddrs.h,v 2.5 2000/02/23 14:51:59 dab Exp
*/
#if !__ANDROID__
#error ifaddrs-android only works with Android
#endif
#ifndef _IFADDRS_H_
#define _IFADDRS_H_
struct ifaddrs {
struct ifaddrs *ifa_next;
char *ifa_name;
unsigned int ifa_flags;
struct sockaddr *ifa_addr;
struct sockaddr *ifa_netmask;
struct sockaddr *ifa_dstaddr;
void *ifa_data;
};
/*
* This may have been defined in <net/if.h>. Note that if <net/if.h> is
* to be included it must be included before this header file.
*/
#ifndef ifa_broadaddr
#define ifa_broadaddr ifa_dstaddr /* broadcast address interface */
#endif
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int getifaddrs(struct ifaddrs **ifap);
extern void freeifaddrs(struct ifaddrs *ifa);
__END_DECLS
#endif

@ -0,0 +1,43 @@
#ifndef _IFADDRS_H
#define _IFADDRS_H
#ifdef __cplusplus
extern "C" {
#endif
#if !__linux__
#error ifaddrs-musl.h only works with a Linux kernel
#endif
#if __ANDROID__
#error ifaddrs-musl.h does not work with Android
#endif
#include <features.h>
#include <netinet/in.h>
#include <sys/socket.h>
struct ifaddrs {
struct ifaddrs *ifa_next;
char *ifa_name;
unsigned ifa_flags;
struct sockaddr *ifa_addr;
struct sockaddr *ifa_netmask;
union {
struct sockaddr *ifu_broadaddr;
struct sockaddr *ifu_dstaddr;
} ifa_ifu;
void *ifa_data;
};
#define ifa_broadaddr ifa_ifu.ifu_broadaddr
#define ifa_dstaddr ifa_ifu.ifu_dstaddr
void freeifaddrs(struct ifaddrs *ifp);
int getifaddrs(struct ifaddrs **ifap);
#ifdef __cplusplus
}
#endif
#endif

@ -30,8 +30,8 @@ rm *.o
strip -s --strip-unneeded --remove-section=.eh_frame_hdr --remove-section=.eh_frame --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag vlmcs-* vlmcsd-* vlmcsdmulti-*
sstrip -z vlmcs-* vlmcsd-* vlmcsdmulti-*
sudo cp -af vlmcsd-FreeBSD-10.3-x86-gcc /usr/local/sbin/vlmcsd
sudo cp -af vlmcs-FreeBSD-10.3-x86-gcc /usr/local/bin/vlmcs
sudo cp -af vlmcsd-FreeBSD-10.3-x64-gcc /usr/local/sbin/vlmcsd
sudo cp -af vlmcs-FreeBSD-10.3-x64-gcc /usr/local/bin/vlmcs
# Copy everything to distribution server
scp -p vlmcsdmulti-* vlmcsd-Free* vlmcs-* root@ubuntu64:x/binaries/FreeBSD/intel/

@ -18,6 +18,9 @@ export MULTI_NAME=vlmcsdmulti-FreeBSD-10.1-x64-glibc
make $MAKEFLAGS CFLAGS="$CF -m64" LDFLAGS="$LF" CAT=2 allmulti
cp -af $PROGRAM_NAME /usr/local/sbin/vlmcsd
cp -af $CLIENT_NAME /usr/local/bin/vlmcs
export PROGRAM_NAME=vlmcsd-FreeBSD-10.1-x86-glibc
export CLIENT_NAME=vlmcs-FreeBSD-10.1-x86-glibc
export MULTI_NAME=vlmcsdmulti-FreeBSD-10.1-x86-glibc
@ -26,9 +29,6 @@ make $MAKEFLAGS CFLAGS="$CF -m32" LDFLAGS="$LF" CAT=2 allmulti
sstrip -z vlmcs-* vlmcsd-* vlmcsdmulti-*
cp -af $PROGRAM_NAME /usr/local/sbin/vlmcsd
cp -af $CLIENT_NAME /usr/local/bin/vlmcs
# Copy man pages
mkdir -p /usr/local/man/man1 2>/dev/null
mkdir -p /usr/local/man/man5 2>/dev/null

@ -78,7 +78,7 @@ export THREADS=1
export CFLAGS="$SMALLCC"
export CC=i686-w64-mingw32-gcc
export PLATFORMFLAGS="-march=i686 -mtune=generic -fwhole-program -pipe"
export LDFLAGS="-lws2_32 -Wl,--gc-sections,--force-exe-suffix,--large-address-aware,--nxcompat,--dynamicbase,--tsaware,--no-seh,--disable-long-section-names"
export LDFLAGS="-Wl,--gc-sections,--force-exe-suffix,--large-address-aware,--nxcompat,--dynamicbase,--tsaware,--no-seh,--disable-long-section-names"
export FEATURES=full
make $MAKEFLAGS CRYPTO=windows CAT=2 all $MULTI_NAME
@ -139,7 +139,7 @@ export THREADS=1
export CFLAGS="$SMALLCC"
export CC=x86_64-w64-mingw32-gcc
export PLATFORMFLAGS="-march=nocona -mtune=generic -fwhole-program -pipe"
export LDFLAGS="-lws2_32 -Wl,--gc-sections,--force-exe-suffix,--nxcompat,--dynamicbase,--tsaware,--no-seh,--high-entropy-va,--disable-long-section-names"
export LDFLAGS="-Wl,--gc-sections,--force-exe-suffix,--nxcompat,--dynamicbase,--tsaware,--no-seh,--high-entropy-va,--disable-long-section-names"
make $MAKEFLAGS CAT=2 CRYPTO=windows all $MULTI_NAME
@ -202,7 +202,7 @@ export LDFLAGS="-fwhole-program -Wl,-z,norelro"
export THREADS=0
#export TERMINAL_WIDTH=80
make $MAKEFLAGS NO_DNS=1 SAFE_MODE=1 allmulti
make $MAKEFLAGS GETIFADDRS=musl NO_DNS=1 SAFE_MODE=1 allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -214,7 +214,7 @@ export PROGRAM_NAME=binaries/Linux/mips/little-endian/static/vlmcsd-mips1el-toma
export MULTI_NAME=binaries/Linux/mips/little-endian/static/vlmcsdmulti-mips1el-tomato-uclibc-static
export LDFLAGS="$LDFLAGS -static"
make NO_DNS=1 SAFE_MODE=1 $REUSEOBJFLAGS allmulti
make NO_DNS=1 SAFE_MODE=1 GETIFADDRS=musl $REUSEOBJFLAGS allmulti
if [ $? != 0 ]; then
echo Error creating $MULTI_NAME
@ -1727,7 +1727,7 @@ export LDFLAGS="-Wl,-z,norelro -fwhole-program"
export THREADS=0
export NOPROCFS=1
make $MAKEFLAGS SAFE_MODE=1 allmulti
make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1740,7 +1740,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="-Wl,-z,norelro -fwhole-program -static"
make $REUSEOBJFLAGS SAFE_MODE=1 allmulti
make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1817,7 +1817,7 @@ export THREADS=0
export CRYPTO=internal
export NOPROCFS=1
make $MAKEFLAGS SAFE_MODE=1 allmulti
make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1830,7 +1830,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="-Wl,-z,norelro -fwhole-program -static"
make $REUSEOBJFLAGS SAFE_MODE=1 allmulti
make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1906,7 +1906,7 @@ export LDFLAGS="$SMALLLD"
export THREADS=0
export CRYPTO=internal
make $MAKEFLAGS allmulti
make $MAKEFLAGS GETIFADDRS=musl allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1918,7 +1918,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="$SMALLLD -static"
make $REUSEOBJFLAGS allmulti
make $REUSEOBJFLAGS GETIFADDRS=musl allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1942,7 +1942,7 @@ export LDFLAGS="$SMALLLD"
export THREADS=0
export CRYPTO=internal
make NOLRESOLV=1 $MAKEFLAGS allmulti
make NOLRESOLV=1 GETIFADDRS=musl $MAKEFLAGS allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -1954,7 +1954,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="$SMALLLD -static"
make NOLRESOLV=1 $REUSEOBJFLAGS allmulti
make NOLRESOLV=1 GETIFADDRS=musl $REUSEOBJFLAGS allmulti
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@ -2665,7 +2665,7 @@ export LDFLAGS="-fwhole-program"
export THREADS=0
export CRYPTO=internal
make $MAKEFLAGS CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
make $MAKEFLAGS GETIFADDRS=musl CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
if [ $? != 0 ]; then
echo Error creating $PROGRAM_NAME, $MULTI_NAME and/or $CLIENT_NAME
@ -2677,7 +2677,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="-fwhole-program -static"
make $REUSEOBJFLAGS CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
make $REUSEOBJFLAGS GETIFADDRS=musl CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
if [ $? != 0 ]; then
echo Error creating $PROGRAM_NAME, $MULTI_NAME and/or $CLIENT_NAME
@ -2765,7 +2765,7 @@ export CFLAGS="$SMALLCC"
export LDFLAGS="-Wl,-z,norelo"
export THREADS=0
make $MAKEFLAGS SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME, $MULTI_NAME and/or $PROGRAM_NAME
@ -2777,7 +2777,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
export LDFLAGS="-Wl,-z,norelo -static"
make $REUSEOBJFLAGS SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
if [ $? != 0 ]; then
echo Error creating $CLIENT_NAME, $MULTI_NAME and/or $PROGRAM_NAME

@ -11,17 +11,17 @@ CFMSRPC="-Wno-missing-braces -Wno-unused-variable $CF" # -fno-common -fno-stack-
PF32=""
PF64="-mpreferred-stack-boundary=4 -march=nocona -mtune=generic"
LFCYG32="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
LFWIN32="-fwhole-program -lws2_32 -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
LFWIN32="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
LFCYG64="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
LFWIN64="-fwhole-program -lws2_32 -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
LFWIN64="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
MAKEFLAGS="-j$NUMCPU -B"
REUSEFLAGS="-j$NUMCPU"
make $MAKEFLAGS cygkms32.dll FEATURES=minimum THREADS=1 DLL_NAME=cygkms32.dll DNS_PARSER=internal CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF -flto=jobserver -fvisibility=hidden" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
make $MAKEFLAGS cygkms64.dll FEATURES=minimum THREADS=1 DLL_NAME=cygkms64.dll DNS_PARSER=internal CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF -flto=jobserver -fvisibility=hidden" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
make $MAKEFLAGS all vlmcsdmulti-cygwin-x86 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x86 PROGRAM_NAME=vlmcsd-cygwin-x86 MULTI_NAME=vlmcsdmulti-cygwin-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
make $MAKEFLAGS all vlmcsdmulti-cygwin-x64 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x64 PROGRAM_NAME=vlmcsd-cygwin-x64 MULTI_NAME=vlmcsdmulti-cygwin-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
make $MAKEFLAGS allmulti THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x86 PROGRAM_NAME=vlmcsd-cygwin-x86 MULTI_NAME=vlmcsdmulti-cygwin-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
make $MAKEFLAGS allmulti THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x64 PROGRAM_NAME=vlmcsd-cygwin-x64 MULTI_NAME=vlmcsdmulti-cygwin-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
make $MAKEFLAGS MSRPC=1 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-msrpc-x86 PROGRAM_NAME=vlmcsd-cygwin-msrpc-x86 MULTI_NAME=vlmcsdmulti-cygwin-msrpc-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF -fasynchronous-unwind-tables" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32"
make $MAKEFLAGS MSRPC=1 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-msrpc-x64 PROGRAM_NAME=vlmcsd-cygwin-msrpc-x64 MULTI_NAME=vlmcsdmulti-cygwin-msrpc-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CFMSRPC" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64"
unset CAT
@ -50,7 +50,7 @@ rm -f *_all.* *.o 2> /dev/null &
echo ""
echo "Copying MingW binaries from distribution server"
scp -p root@ubuntu64:x/binaries/Windows/intel/* .
scp -p root@ubuntu64:x/binaries/Windows/intel/*Windows* root@ubuntu64:x/binaries/Windows/intel/libkms* .
echo ""
echo "Installing binaries"

@ -9,6 +9,10 @@
#error MSRPC is only available with native Windows or Cygwin
#endif
#if _WIN32 && !defined(NO_PRIVATE_IP_DETECT)
#include <winsock2.h>
#endif
#include "msrpc-server.h"
#include "output.h"
#include "kms.h"
@ -157,6 +161,56 @@ RPC_STATUS getClientIp(const RPC_BINDING_HANDLE clientBinding, RPC_CSTR *ipAddre
#endif // NO_LOG
#ifndef NO_PRIVATE_IP_DETECT
static int_fast8_t IsPrivateIPAddress(char* ipAddress)
{
int family = strchr(ipAddress,'.') ? AF_INET : AF_INET6;
switch(family)
{
case AF_INET:
{
int i;
char* current;
char* next;
uint32_t ip;
for (ip = 0, i = 0, current = ipAddress; i < 4; i++, current = next + 1)
{
ip = (ip << 8) | strtoul(current, &next, 10);
if (*next != '.') break;
}
if
(
(ip & 0xff000000) == 0x7f000000 || // 127.x.x.x localhost
(ip & 0xffff0000) == 0xc0a80000 || // 192.168.x.x private routeable
(ip & 0xffff0000) == 0xa9fe0000 || // 169.254.x.x link local
(ip & 0xff000000) == 0x0a000000 || // 10.x.x.x private routeable
(ip & 0xfff00000) == 0xac100000 // 172.16-31.x.x private routeable
)
{
return TRUE;
}
break;
}
case AF_INET6:
{
if (!strcmp(ipAddress, "::1")) return TRUE;
if (strchr(ipAddress, ':') - ipAddress != 4) break;
int16_t firstWord;
hex2bin((BYTE*)&firstWord, ipAddress, 2);
if ((BE16(firstWord) & 0xe000) != 0x2000) return TRUE;
}
}
return FALSE;
}
#endif // NO_PRIVATE_IP_DETECT
/*
* This is the callback function for the RPC request as defined in KMSServer.idl
@ -177,6 +231,27 @@ int ProcessActivationRequest(handle_t IDL_handle, int requestSize, unsigned char
# endif // NO_LOG
# ifndef NO_PRIVATE_IP_DETECT
if (result && (PublicIPProtectionLevel & 2))
{
# ifndef NO_LOG
logger ("Cannot verify that client has a private IP address\n");
# endif
return RPC_S_ACCESS_DENIED;
}
if (!result && (PublicIPProtectionLevel & 2) && !IsPrivateIPAddress((char*)clientIpAddress))
{
# ifndef NO_LOG
logger("Client with public IP address rejected\n");
# endif
RpcStringFreeA(&clientIpAddress);
return RPC_S_ACCESS_DENIED;
}
# endif // NO_PRIVATE_IP_DETECT
// Discard any packet smaller than a v4 request
if (requestSize < (int)sizeof(REQUEST_V4))
{

@ -0,0 +1,107 @@
#ifndef NETLINK_MUSL_H
#define NETLINK_MUSL_H
#if !__linux__
#error netlink-musl.h only works with a linux kernel
#endif
#if __ANDROID__
#error netlink-musl.h does not work with Android
#endif
#include <stdint.h>
/* linux/netlink.h */
#define NETLINK_ROUTE 0
struct nlmsghdr {
uint32_t nlmsg_len;
uint16_t nlmsg_type;
uint16_t nlmsg_flags;
uint32_t nlmsg_seq;
uint32_t nlmsg_pid;
};
#define NLM_F_REQUEST 1
#define NLM_F_MULTI 2
#define NLM_F_ACK 4
#define NLM_F_ROOT 0x100
#define NLM_F_MATCH 0x200
#define NLM_F_ATOMIC 0x400
#define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH)
#define NLMSG_NOOP 0x1
#define NLMSG_ERROR 0x2
#define NLMSG_DONE 0x3
#define NLMSG_OVERRUN 0x4
/* linux/rtnetlink.h */
#define RTM_NEWLINK 16
#define RTM_GETLINK 18
#define RTM_NEWADDR 20
#define RTM_GETADDR 22
struct rtattr {
unsigned short rta_len;
unsigned short rta_type;
};
struct rtgenmsg {
unsigned char rtgen_family;
};
struct ifinfomsg {
unsigned char ifi_family;
unsigned char __ifi_pad;
unsigned short ifi_type;
int ifi_index;
unsigned ifi_flags;
unsigned ifi_change;
};
/* linux/if_link.h */
#define IFLA_ADDRESS 1
#define IFLA_BROADCAST 2
#define IFLA_IFNAME 3
#define IFLA_STATS 7
/* linux/if_addr.h */
struct ifaddrmsg {
uint8_t ifa_family;
uint8_t ifa_prefixlen;
uint8_t ifa_flags;
uint8_t ifa_scope;
uint32_t ifa_index;
};
#define IFA_ADDRESS 1
#define IFA_LOCAL 2
#define IFA_LABEL 3
#define IFA_BROADCAST 4
/* musl */
#define NETLINK_ALIGN(len) (((len)+3) & ~3)
#define NLMSG_DATA(nlh) ((void*)((char*)(nlh)+sizeof(struct nlmsghdr)))
#define NLMSG_DATALEN(nlh) ((nlh)->nlmsg_len-sizeof(struct nlmsghdr))
#define NLMSG_DATAEND(nlh) ((char*)(nlh)+(nlh)->nlmsg_len)
#define NLMSG_NEXT(nlh) (struct nlmsghdr*)((char*)(nlh)+NETLINK_ALIGN((nlh)->nlmsg_len))
#define NLMSG_OK(nlh,end) ((char*)(end)-(char*)(nlh) >= sizeof(struct nlmsghdr))
#define RTA_DATA(rta) ((void*)((char*)(rta)+sizeof(struct rtattr)))
#define RTA_DATALEN(rta) ((rta)->rta_len-sizeof(struct rtattr))
#define RTA_DATAEND(rta) ((char*)(rta)+(rta)->rta_len)
#define RTA_NEXT(rta) (struct rtattr*)((char*)(rta)+NETLINK_ALIGN((rta)->rta_len))
#define RTA_OK(nlh,end) ((char*)(end)-(char*)(rta) >= sizeof(struct rtattr))
#define NLMSG_RTA(nlh,len) ((void*)((char*)(nlh)+sizeof(struct nlmsghdr)+NETLINK_ALIGN(len)))
#define NLMSG_RTAOK(rta,nlh) RTA_OK(rta,NLMSG_DATAEND(nlh))
int __rtnetlink_enumerate(int link_af, int addr_af, int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx);
#endif // NETLINK_MUSL_H

@ -9,14 +9,34 @@
#define _GNU_SOURCE
#endif
#include "types.h"
#if HAVE_GETIFADDR && _WIN32
#include <iphlpapi.h>
#endif
#include <string.h>
#ifndef _WIN32
#include <signal.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <netinet/in.h>
#endif // WIN32
#include <sys/types.h>
#if HAVE_GETIFADDR
#if __ANDROID__
#include "ifaddrs-android.h"
#elif defined(GETIFADDRS_MUSL)
#include "ifaddrs-musl.h"
#else // getifaddrs from OS
#include <ifaddrs.h>
#endif // getifaddrs from OS
#endif // HAVE_GETIFADDR
#endif // !WIN32
#include "network.h"
#include "endian.h"
@ -147,6 +167,69 @@ int_fast8_t isDisconnected(const SOCKET s)
}
#if !defined(NO_PRIVATE_IP_DETECT)
// Check, if a sockaddr is a private IPv4 or IPv6 address
static int_fast8_t isPrivateIPAddress(struct sockaddr* addr, socklen_t* length)
{
union v6addr
{
uint8_t bytes[16];
uint16_t words[8];
uint32_t dwords[4];
uint64_t qwords[2];
};
if (addr == NULL) return FALSE;
switch (addr->sa_family)
{
case AF_INET6:
{
union v6addr* ipv6addr = (union v6addr*)&((struct sockaddr_in6*)addr)->sin6_addr;
if
(
(ipv6addr->qwords[0] != 0 || BE64(ipv6addr->qwords[1]) != 1) && // ::1 IPv6 localhost
(BE16(ipv6addr->words[0]) & 0xe000) == 0x2000 // !2000::/3
)
{
return FALSE;
}
if (length) *length = sizeof(struct sockaddr_in6);
break;
}
case AF_INET:
{
uint32_t ipv4addr = BE32(((struct sockaddr_in*)addr)->sin_addr.s_addr);
if
(
(ipv4addr & 0xff000000) != 0x7f000000 && // 127.x.x.x localhost
(ipv4addr & 0xffff0000) != 0xc0a80000 && // 192.168.x.x private routeable
(ipv4addr & 0xffff0000) != 0xa9fe0000 && // 169.254.x.x link local
(ipv4addr & 0xff000000) != 0x0a000000 && // 10.x.x.x private routeable
(ipv4addr & 0xfff00000) != 0xac100000 // 172.16-31.x.x private routeable
)
{
return FALSE;
}
if (length) *length = sizeof(struct sockaddr_in);
break;
}
default:
return FALSE;
}
return TRUE;
}
#endif // !defined(NO_PRIVATE_IP_DETECT)
// Connect to TCP address addr (e.g. "kms.example.com:1688") and return an
// open socket for the connection if successful or INVALID_SOCKET otherwise
SOCKET connectToAddress(const char *const addr, const int AddressFamily, int_fast8_t showHostName)
@ -290,6 +373,147 @@ int listenOnAllAddresses()
#else // !SIMPLE_SOCKETS
#if HAVE_GETIFADDR && !defined(NO_PRIVATE_IP_DETECT)
// Get list of private IP addresses.
// Returns 0 on success or an errno error code on failure
void getPrivateIPAddresses(int* numAddresses, char*** ipAddresses)
{
# if _WIN32
PIP_ADAPTER_ADDRESSES firstAdapter, currentAdapter;
DWORD dwRetVal = NO_ERROR;
ULONG outBufLen = 16384;
ULONG flags = GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_SKIP_FRIENDLY_NAME;
firstAdapter = (PIP_ADAPTER_ADDRESSES)vlmcsd_malloc(outBufLen);
if ((dwRetVal = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, firstAdapter, &outBufLen)) == ERROR_BUFFER_OVERFLOW)
{
free(firstAdapter);
firstAdapter = (PIP_ADAPTER_ADDRESSES)vlmcsd_malloc(outBufLen);
dwRetVal = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, firstAdapter, &outBufLen);
}
if (dwRetVal != NO_ERROR)
{
printerrorf("FATAL: Could not get network address list: %s\n", vlmcsd_strerror(dwRetVal));
exit(dwRetVal);
}
for (currentAdapter = firstAdapter, *numAddresses = 0; currentAdapter != NULL; currentAdapter = currentAdapter->Next)
{
PIP_ADAPTER_UNICAST_ADDRESS_XP currentAddress;
int length;
if (currentAdapter->OperStatus != IfOperStatusUp) continue;
for (currentAddress = currentAdapter->FirstUnicastAddress; currentAddress != NULL; currentAddress = currentAddress->Next)
{
if (isPrivateIPAddress(currentAddress->Address.lpSockaddr, &length)) (*numAddresses)++;
}
}
*ipAddresses = (char**)vlmcsd_malloc(*numAddresses * sizeof(char*));
for (currentAdapter = firstAdapter, *numAddresses = 0; currentAdapter != NULL; currentAdapter = currentAdapter->Next)
{
PIP_ADAPTER_UNICAST_ADDRESS_XP currentAddress;
int length;
if (currentAdapter->OperStatus != IfOperStatusUp) continue;
for (currentAddress = currentAdapter->FirstUnicastAddress; currentAddress != NULL; currentAddress = currentAddress->Next)
{
if (!isPrivateIPAddress(currentAddress->Address.lpSockaddr, &length)) continue;
char *ipAddress = (char*)vlmcsd_malloc(64);
int error = getnameinfo(currentAddress->Address.lpSockaddr, currentAddress->Address.iSockaddrLength, ipAddress, 64, NULL, 0, NI_NUMERICHOST);
if (error)
{
printerrorf("WARNING: Could not get IP address from interface list: %s\n", gai_strerror(error));
*ipAddress = 0;
}
(*ipAddresses)[(*numAddresses)++] = ipAddress;
}
}
free(firstAdapter);
# else // !_WIN32
struct ifaddrs *addrs, *addr;
if (getifaddrs(&addrs))
{
printerrorf("FATAL: Could not get network address list: %s\n", vlmcsd_strerror(errno));
exit(errno);
}
socklen_t length;
for (addr = addrs, *numAddresses = 0; addr != NULL; addr = addr->ifa_next)
{
if (!isPrivateIPAddress(addr->ifa_addr, &length)) continue;
(*numAddresses)++;
}
*ipAddresses = (char**)vlmcsd_malloc(*numAddresses * sizeof(char*));
for (addr = addrs, *numAddresses = 0; addr != NULL; addr = addr->ifa_next)
{
if (!isPrivateIPAddress(addr->ifa_addr, &length)) continue;
char *ipAddress = (char*)vlmcsd_malloc(64);
int error = getnameinfo(addr->ifa_addr, length, ipAddress, 64, NULL, 0, NI_NUMERICHOST);
if (error)
{
printerrorf("WARNING: Could not get IP address from interface list: %s\n", gai_strerror(error));
*ipAddress = 0;
}
# if __UCLIBC__ || __gnu_hurd__
size_t adrlen = strlen(ipAddress);
if
(
addr->ifa_addr->sa_family == AF_INET6 &&
adrlen > 5 &&
!strchr(ipAddress, '%') &&
(BE16(*(uint16_t*)&((struct sockaddr_in6*)addr->ifa_addr)->sin6_addr) & 0xffc0) == 0xfe80
)
{
size_t ifnamelen = strlen(addr->ifa_name);
char* workaroundIpAddress = (char*)vlmcsd_malloc(adrlen + ifnamelen + 2);
strcpy(workaroundIpAddress, ipAddress);
strcat(workaroundIpAddress, "%");
strcat(workaroundIpAddress, addr->ifa_name);
(*ipAddresses)[(*numAddresses)++] = workaroundIpAddress;
free(ipAddress);
}
else
{
(*ipAddresses)[(*numAddresses)++] = ipAddress;
}
# else // !__UCLIBC__
(*ipAddresses)[(*numAddresses)++] = ipAddress;
# endif // !__UCLIBC__
}
freeifaddrs(addrs);
# endif // !_WIN32
}
#endif // HAVE_GETIFADDR && !defined(NO_PRIVATE_IP_DETECT)
// Create a Listening socket for addrinfo sa and return socket s
// szHost and szPort are for logging only
static int listenOnAddress(const struct addrinfo *const ai, SOCKET *s)
@ -576,8 +800,25 @@ static void serveClient(const SOCKET s_client, const DWORD RpcAssocGroup)
logger(fIP, connection_type, cAccepted, ipstr);
#endif // NO_LOG
# if !defined(NO_PRIVATE_IP_DETECT)
if (!(PublicIPProtectionLevel & 2) || isPrivateIPAddress((struct sockaddr*)&addr, NULL))
{
rpcServer(s_client, RpcAssocGroup, ipstr);
}
# ifndef NO_LOG
else
{
logger("Client with public IP address rejected\n");
}
# endif // NO_LOG
# else // defined(NO_PRIVATE_IP_DETECT)
rpcServer(s_client, RpcAssocGroup, ipstr);
# endif // defined(NO_PRIVATE_IP_DETECT)
# ifndef NO_LOG
logger(fIP, connection_type, cClosed, ipstr);
# endif // NO_LOG

@ -28,6 +28,10 @@ int listenOnAllAddresses();
BOOL addListeningSocket(const char *const addr);
__pure int_fast8_t checkProtocolStack(const int addressfamily);
#if HAVE_GETIFADDR
void getPrivateIPAddresses(int* numAddresses, char*** ipAddresses);
#endif // HAVE_GETIFADDR
#endif // NO_SOCKETS
int runServer();

@ -51,11 +51,14 @@ static void vlogger(const char *message, va_list args)
char mbstr[24];
#endif
strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X", localtime(&now));
if (LogDateAndTime)
strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X: ", localtime(&now));
else
*mbstr = 0;
#ifndef USE_THREADS
fprintf(log, "%s: ", mbstr);
fprintf(log, "%s", mbstr);
vfprintf(log, message, args);
fflush(log);
@ -63,12 +66,11 @@ static void vlogger(const char *message, va_list args)
// We write everything to a string before we really log inside the critical section
// so formatting the output can be concurrent
strcat(mbstr, ": ");
int len = strlen(mbstr);
vsnprintf(mbstr + len, sizeof(mbstr) - len, message, args);
lock_mutex(&logmutex);
fputs(mbstr, log);
fprintf(log, "%s", mbstr);
fflush(log);
unlock_mutex(&logmutex);
@ -616,6 +618,17 @@ void printServerFlags()
" NO_FREEBIND"
# endif //!HAVE_FREEBIND
# if !HAVE_GETIFADDR
" !HAVE_GETIFADDR"
# endif // !HAVE_GETIFADDR
# if HAVE_GETIFADDR && defined(GETIFADDRS_MUSL)
" GETIFADDRS=musl"
# endif // HAVE_GETIFADDR && defined(GETIFADDRS_MUSL)
# if defined(NO_PRIVATE_IP_DETECT)
" NO_PRIVATE_IP_DETECT"
# endif // defined(NO_PRIVATE_IP_DETECT)
);
}
#endif // NO_VERSION_INFORMATION

@ -24,6 +24,10 @@ int_fast8_t UseRpcBTFN = TRUE;
const char *defaultport = "1688";
#endif // NO_SOCKETS
#if !defined(NO_PRIVATE_IP_DETECT)
uint32_t PublicIPProtectionLevel = 0;
#endif
KmsResponseParam_t KmsResponseParameters[MAX_KMSAPPS];
#if !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
@ -43,6 +47,7 @@ uint32_t MaxTasks = SEM_VALUE_MAX;
#endif // !defined(NO_LIMIT) && !defined (NO_SOCKETS) && !__minix__
#ifndef NO_LOG
int_fast8_t LogDateAndTime = TRUE;
char *fn_log = NULL;
int_fast8_t logstdout = 0;
#ifndef NO_VERBOSE_LOG

@ -102,6 +102,10 @@ extern int_fast8_t UseRpcBTFN;
extern const char *defaultport;
#endif // NO_SOCKETS
#if !defined(NO_PRIVATE_IP_DETECT)
extern uint32_t PublicIPProtectionLevel;
#endif
#if !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
extern int_fast8_t IsRestarted;
#endif // !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
@ -115,6 +119,7 @@ extern uint32_t MaxTasks;
#endif // !defined(NO_LIMIT) && !defined (NO_SOCKETS) && !__minix__
#ifndef NO_LOG
extern int_fast8_t LogDateAndTime;
extern char *fn_log;
extern int_fast8_t logstdout;
#ifndef NO_VERBOSE_LOG

@ -47,6 +47,10 @@
#define HAVE_FREEBIND 1
#endif
#if !defined(NO_GETIFADDRS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS) && !defined(NO_SOCKETS) && !defined(NO_PRIVATE_IP_DETECT)
#define HAVE_GETIFADDR 1
#endif
#ifndef alloca
#ifdef __GNUC__
#define alloca(x) __builtin_alloca(x)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 16:39:15 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
.mso www.tmac
.TH VLMCSD 8 "June 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD 8 "July 2016" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -39,6 +39,31 @@ If no port is specified, vlmcsd uses the default port according to a preceding \
.IP
If you specify a link local IPv6 address (fe80::/10, usually starting with fe80::), it must be followed by a percent sign (%) and a scope id (=network interface name or number) on most unixoid OSses including Linux, Android, MacOS X and iOS, e.g. fe80::1234:56ff:fe78:9abc\fB%eth0\fR or [fe80::1234:56ff:fe78:9abc\fB%2\fR]:1688. Windows (including cygwin) does not require a scope id unless the same link local address is used on more than one network interface. Windows does not accept a name and the scope id must be a number.
.IP "\fB-o \fIlevel\fR"
Sets the \fIlevel\fR of protection against activations from public IP addresses. The default is \fB-o0\fR for no protection.
\fB-o1\fR causes vlmcsd not to listen on all IP addresses but on private IP addresses only. IPv4 addresses in the 100.64.0.0/10 range (see RFC6598) are not treated as private since they can be reached from other users of your ISP. Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd treats all IPv6 addresses not within 2000::/3 as private addresses.
If \fB-o1\fR is combined with \fB-L\fR, it will listen on all private IP addresses plus the ones specified by one or more \fB-L\fR statements. If \fB-o1\fR is combined with \fB-P\fR, only the last \fB-P\fR statement will be used.
Using \fB-o1\fR does not protect you if you enable NAT port forwarding on your router to your vlmcsd machine. It is identical to using multiple -L statements with all of your private IP addresses. What \fB-o1\fR does for you, is automatically enumerating your private IP addresses.
\fB-o2\fR does not affect the interfaces, vlmcsd is listening on. When a clients connects, vlmcsd immediately drops the connection if the client has a public IP address. Unlike \fB-o1\fR clients will be able to establish a TCP connection but it will be closed without a single byte sent over the connection. This protects against clients with public IP addresses even if NAT port forwarding is used. While \fB-o2\fR offers a higher level of protection than \fB-o1\fR, the client sees that the KMS TCP port (1688 by default) is actually accepting connections.
\fB-o3\fR combines \fB-o1\fR and \fB-o2\fR. vlmcsd listens on private interfaces only and if a public client manages to connect anyway due to NAT port forwarding, it will be immediately dropped.
If you use any form of TCP level port forwarding (e.g. \fBnc\fR(1), \fBnetcat\fR(1), \fBssh\fR(1) port forwarding or similar) to redirect KMS requests to vlmcsd, there will be no protection even if you use \fB-o2\fR or \fB-o3\fR. This is due to the simple fact that vlmcsd sees the IP address of the redirector and not the IP address of the client.
\fB-o1\fR (and thus \fB-o3\fR) is not (yet) available in some scenarios:
.RS 12
FreeBSD: There is a longtime unfixed
.URL https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881 bug ""
in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit FreeBSD kernel, you must run the 64-bit version of vlmcsd if you use \fB-o1\fR or \fB-o3\fR. The 32-bit version causes undefined behavior up to crashing vlmcsd. Other BSDs (NetBSD, OpenBSD, Dragonfly and Mac OS X) work correctly.
If vlmcsd was started by an internet superserver or was compiled to use Microsoft RPC (Windows only) or simple sockets, \fB-o1\fR and \fB-o3\fR are not available by design.
.RE
.IP "\fB-P\fR \fIport"
Use TCP \fIport\fR for all subsequent \fB-L\fR statements that do not include an optional port. If you use \fB-P\fR and \fB-L\fR, \fB-P\fR must be specified before \fB-L\fR.
@ -70,6 +95,9 @@ type tail -f \fIfile\fR.
.IP
If you use the special \fIfilename\fR "syslog", vlmcsd uses \fBsyslog\fR(3) for logging. If your system has no syslog service (/dev/log) installed, logging output will go to /dev/console. Syslog logging is not available in the native Windows version. The Cygwin version does support syslog logging.
.IP "\fB-T0\fR and \fB-T1\fR"
Disable (\fB-T0\fR) or enable (\fB-T1\fR) the inclusion of date and time in each line of the log. The default is \fB-T1\fR. \fB-T0\fR is useful if you log to \fBstdout\fR(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance \fBsystemd-journald\fR(8). If you log to \fBsyslog\fR(3), \fB-T1\fR is ignored and date and time will never be included in the output sent to \fBsyslog\fR(3).
.IP "\fB-D\fR"
Normally vlmcsd daemonizes and runs in background (except the native Windows version). If \fB-D\fR is specified, vlmcsd does not daemonize and runs in foreground. This is useful for testing and allows you to simply press <Ctrl-C> to exit vlmcsd.
.PP
@ -225,7 +253,7 @@ Office, Project and Visio must be volume license versions.
.IP "\fBvlmcsd.ini\fR(5)"
.SH EXAMPLES
.IP "\fBvlmcsd -f\fR"
.IP "\fBvlmcsd -De\fR"
Starts \fBvlmcsd\fR in foreground. Useful if you use it for the first time and want to see what's happening when a client requests activation.
.IP "\fBvlmcsd -l /var/log/vlmcsd.log\fR"

@ -84,55 +84,114 @@ OPTIONS
accept a name and the scope id must be a number.
-o level
Sets the level of protection against activations from public IP
addresses. The default is -o0 for no protection.
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
range (see RFC6598) are not treated as private since they can be
reached from other users of your ISP. Private IPv4 addresses are
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
2000::/3 as private addresses.
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
used.
Using -o1 does not protect you if you enable NAT port forwarding
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
What -o1 does for you, is automatically enumerating your private
IP addresses.
-o2 does not affect the interfaces, vlmcsd is listening on. When
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
able to establish a TCP connection but it will be closed without
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
the client sees that the KMS TCP port (1688 by default) is actu
ally accepting connections.
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
only and if a public client manages to connect anyway due to NAT
port forwarding, it will be immediately dropped.
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
client.
-o1 (and thus -o3) is not (yet) available in some scenarios:
FreeBSD: There is a longtime unfixed bug ⟨https://
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
32-bit ABI of the 64-bit kernel. If you have a 64-bit Free
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD, Dragonfly and Mac OS X) work correctly.
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
sockets, -o1 and -o3 are not available by design.
-P port
Use TCP port for all subsequent -L statements that do not
Use TCP port for all subsequent -L statements that do not
include an optional port. If you use -P and -L, -P must be spec
ified before -L.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -140,103 +199,113 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
@ -246,14 +315,14 @@ OPTIONS
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -262,14 +331,14 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
@ -282,118 +351,118 @@ OPTIONS
- the file specified by -i does not contain the application-guid
for the KMS request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
identically to -r2. This is simply due to the fact that vlmcsd
identically to -r2. This is simply due to the fact that vlmcsd
is started upon a connection request and does not stay in memory
after servicing a KMS request.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. Use
this mode with "care". However since Microsoft currently does
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. Use
this mode with "care". However since Microsoft currently does
not seem to do any verification of the ePID, you currently don't
need to pay attention to ePIDs at all.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -401,20 +470,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -423,50 +492,50 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows
Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows
Server 2012 R2, Office 2010, Project 2010, Visio 2010, Office 2013,
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows
Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows
Server 2012 R2, Office 2010, Project 2010, Visio 2010, Office 2013,
Project 2013, Visio 2013, Office 2016, Project 2016, Visio 2016.
Office, Project and Visio must be volume license versions.
@ -477,25 +546,25 @@ FILES
EXAMPLES
vlmcsd -f
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -503,18 +572,18 @@ EXAMPLES
BUGS
An ePID specified in an ini file must not contain spaces.
The maximum number of -L options in the command line or listen state
The maximum number of -L options in the command line or listen state
ments in the inifile is the platform default for FD_SETSIZE. This is 64
on Windows and 1024 on most Unixes.
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -523,4 +592,4 @@ SEE ALSO
Hotbird64 June 2016 VLMCSD(8)
Hotbird64 July 2016 VLMCSD(8)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -163,6 +163,80 @@ same link local address is used on more than one network
interface. Windows does not accept a name and the scope id
must be a number.</p>
<p style="margin-left:11%;"><b>-o</b> <i>level</i></p>
<p style="margin-left:22%;">Sets the <i>level</i> of
protection against activations from public IP addresses. The
default is <b>-o0</b> for no protection.</p>
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
causes vlmcsd not to listen on all IP addresses but on
private IP addresses only. IPv4 addresses in the
100.64.0.0/10 range (see RFC6598) are not treated as private
since they can be reached from other users of your ISP.
Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
treats all IPv6 addresses not within 2000::/3 as private
addresses.</p>
<p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
is combined with <b>-L</b>, it will listen on all private IP
addresses plus the ones specified by one or more <b>-L</b>
statements. If <b>-o1</b> is combined with <b>-P</b>, only
the last <b>-P</b> statement will be used.</p>
<p style="margin-left:22%; margin-top: 1em">Using
<b>-o1</b> does not protect you if you enable NAT port
forwarding on your router to your vlmcsd machine. It is
identical to using multiple -L statements with all of your
private IP addresses. What <b>-o1</b> does for you, is
automatically enumerating your private IP addresses.</p>
<p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
not affect the interfaces, vlmcsd is listening on. When a
clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike <b>-o1</b>
clients will be able to establish a TCP connection but it
will be closed without a single byte sent over the
connection. This protects against clients with public IP
addresses even if NAT port forwarding is used. While
<b>-o2</b> offers a higher level of protection than
<b>-o1</b>, the client sees that the KMS TCP port (1688 by
default) is actually accepting connections.</p>
<p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
private interfaces only and if a public client manages to
connect anyway due to NAT port forwarding, it will be
immediately dropped.</p>
<p style="margin-left:22%; margin-top: 1em">If you use any
form of TCP level port forwarding (e.g. <b>nc</b>(1),
<b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
to redirect KMS requests to vlmcsd, there will be no
protection even if you use <b>-o2</b> or <b>-o3</b>. This is
due to the simple fact that vlmcsd sees the IP address of
the redirector and not the IP address of the client.</p>
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
thus <b>-o3</b>) is not (yet) available in some
scenarios:</p>
<p style="margin-left:29%; margin-top: 1em">FreeBSD: There
is a longtime unfixed
<a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
FreeBSD kernel, you must run the 64-bit version of vlmcsd if
you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
undefined behavior up to crashing vlmcsd. Other BSDs
(NetBSD, OpenBSD, Dragonfly and Mac OS X) work
correctly.</p>
<p style="margin-left:29%; margin-top: 1em">If vlmcsd was
started by an internet superserver or was compiled to use
Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
and <b>-o3</b> are not available by design.</p>
<p style="margin-left:11%;"><b>-P</b> <i>port</i></p>
<p style="margin-left:22%;">Use TCP <i>port</i> for all
@ -286,6 +360,18 @@ service (/dev/log) installed, logging output will go to
Windows version. The Cygwin version does support syslog
logging.</p>
<p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>
<p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
(<b>-T1</b>) the inclusion of date and time in each line of
the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
you log to <b>stdout</b>(3) which is redirected to another
logging mechanism that already includes date and time in its
output, for instance <b>systemd-journald</b>(8). If you log
to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
will never be included in the output sent to
<b>syslog</b>(3).</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
@ -777,7 +863,7 @@ and Visio must be volume license versions.</p>
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
-f</b></p>
-De</b></p>
<p style="margin-left:22%;">Starts <b>vlmcsd</b> in
foreground. Useful if you use it for the first time and want

Binary file not shown.

@ -84,55 +84,114 @@ OPTIONS
accept a name and the scope id must be a number.
-o level
Sets the level of protection against activations from public IP
addresses. The default is -o0 for no protection.
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
range (see RFC6598) are not treated as private since they can be
reached from other users of your ISP. Private IPv4 addresses are
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
2000::/3 as private addresses.
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
used.
Using -o1 does not protect you if you enable NAT port forwarding
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
What -o1 does for you, is automatically enumerating your private
IP addresses.
-o2 does not affect the interfaces, vlmcsd is listening on. When
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
able to establish a TCP connection but it will be closed without
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
the client sees that the KMS TCP port (1688 by default) is actu
ally accepting connections.
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
only and if a public client manages to connect anyway due to NAT
port forwarding, it will be immediately dropped.
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
client.
-o1 (and thus -o3) is not (yet) available in some scenarios:
FreeBSD: There is a longtime unfixed bug ⟨https://
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
32-bit ABI of the 64-bit kernel. If you have a 64-bit Free
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD, Dragonfly and Mac OS X) work correctly.
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
sockets, -o1 and -o3 are not available by design.
-P port
Use TCP port for all subsequent -L statements that do not
Use TCP port for all subsequent -L statements that do not
include an optional port. If you use -P and -L, -P must be spec
ified before -L.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -140,103 +199,113 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
@ -246,14 +315,14 @@ OPTIONS
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -262,14 +331,14 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
@ -282,118 +351,118 @@ OPTIONS
- the file specified by -i does not contain the application-guid
for the KMS request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
identically to -r2. This is simply due to the fact that vlmcsd
identically to -r2. This is simply due to the fact that vlmcsd
is started upon a connection request and does not stay in memory
after servicing a KMS request.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. Use
this mode with "care". However since Microsoft currently does
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. Use
this mode with "care". However since Microsoft currently does
not seem to do any verification of the ePID, you currently don't
need to pay attention to ePIDs at all.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -401,20 +470,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -423,50 +492,50 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows
Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows
Server 2012 R2, Office 2010, Project 2010, Visio 2010, Office 2013,
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows
Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows
Server 2012 R2, Office 2010, Project 2010, Visio 2010, Office 2013,
Project 2013, Visio 2013, Office 2016, Project 2016, Visio 2016.
Office, Project and Visio must be volume license versions.
@ -477,25 +546,25 @@ FILES
EXAMPLES
vlmcsd -f
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -503,18 +572,18 @@ EXAMPLES
BUGS
An ePID specified in an ini file must not contain spaces.
The maximum number of -L options in the command line or listen state
The maximum number of -L options in the command line or listen state
ments in the inifile is the platform default for FD_SETSIZE. This is 64
on Windows and 1024 on most Unixes.
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -523,4 +592,4 @@ SEE ALSO
Hotbird64 June 2016 VLMCSD(8)
Hotbird64 July 2016 VLMCSD(8)

@ -72,19 +72,11 @@
#include "ntservice.h"
#include "helpers.h"
#ifdef ENABLE_DEPRECATED_OPTIONS
static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:SsfeDd46VvIqkZ";
#else // !ENABLE_DEPRECATED_OPTIONS
static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:SseDdVvqkZ";
#endif // !ENABLE_DEPRECATED_OPTIONS
static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:o:T:SseDdVvqkZ";
#if !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
static uint_fast8_t maxsockets = 0;
#ifdef ENABLE_DEPRECATED_OPTIONS
static int_fast8_t v6required = 0;
static int_fast8_t v4required = 0;
#endif // ENABLE_DEPRECATED_OPTIONS
#endif // !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
#ifdef _NTSERVICE
@ -115,7 +107,7 @@ static IniFileParameter_t IniFileParameterList[] =
{ "RandomizationLevel", INI_PARAM_RANDOMIZATION_LEVEL },
{ "LCID", INI_PARAM_LCID },
# endif // NO_RANDOM_EPID
# if !defined(NO_SOCKETS) && (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS))
# if !defined(NO_SOCKETS) && (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR))
{ "Port", INI_PARAM_PORT },
# endif // defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)
# if !defined(NO_SOCKETS) && !defined(USE_MSRPC)
@ -141,6 +133,7 @@ static IniFileParameter_t IniFileParameterList[] =
{ "PIDFile", INI_PARAM_PID_FILE },
# endif // NO_PID_FILE
# ifndef NO_LOG
{ "LogDateAndTime", INI_PARAM_LOG_DATE_AND_TIME },
{ "LogFile", INI_PARAM_LOG_FILE },
# ifndef NO_VERBOSE_LOG
{ "LogVerbose", INI_PARAM_LOG_VERBOSE },
@ -154,6 +147,9 @@ static IniFileParameter_t IniFileParameterList[] =
{ "user", INI_PARAM_UID },
{ "group", INI_PARAM_GID},
# endif // !defined(NO_USER_SWITCH) && !defined(_WIN32)
# if !defined(NO_PRIVATE_IP_DETECT)
{"PublicIPProtectionLevel", INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL },
# endif
};
#endif // NO_INI_FILE
@ -279,6 +275,13 @@ static __noreturn void usage()
" -r 0|1|2\t\tset ePID randomization level (default 1)\n"
" -C <LCID>\t\tuse fixed <LCID> in random ePIDs\n"
#endif // NO_RANDOM_EPID
#if !defined(NO_PRIVATE_IP_DETECT)
#if HAVE_GETIFADDR
" -o 0|1|2|3\t\tset protection level against clients with public IP addresses (default 0)\n"
#else // !HAVE_GETIFADDR
" -o 0|2\t\tset protection level against clients with public IP addresses (default 0)\n"
#endif // !HAVE_GETIFADDR
#endif // !defined(NO_PRIVATE_IP_DETECT)
#ifndef NO_SOCKETS
#if !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
" -L <address>[:<port>]\tlisten on IP address <address> with optional <port>\n"
@ -335,6 +338,7 @@ static __noreturn void usage()
" -l syslog log to syslog\n"
#endif // _WIN32
" -l <file> log to <file>\n"
" -T0, -T1\t\tdisable/enable logging with time and date (default -T1)\n"
#ifndef NO_VERBOSE_LOG
" -v\t\t\tlog verbose\n"
" -q\t\t\tdon't log verbose (default)\n"
@ -520,13 +524,13 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
# endif // NO_RANDOM_EPID
# if (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)) && !defined(NO_SOCKETS)
# if (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR)) && !defined(NO_SOCKETS)
case INI_PARAM_PORT:
defaultport = allocateStringArgument(iniarg);
break;
# endif // (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)) && !defined(NO_SOCKETS
# endif // (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR)) && !defined(NO_SOCKETS)
# if !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
@ -561,6 +565,10 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
fn_log = allocateStringArgument(iniarg);
break;
case INI_PARAM_LOG_DATE_AND_TIME:
success = getIniFileArgumentBool(&LogDateAndTime, iniarg);
break;
# ifndef NO_VERBOSE_LOG
case INI_PARAM_LOG_VERBOSE:
success = getIniFileArgumentBool(&logverbose, iniarg);
@ -614,6 +622,23 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
# endif // HAVE_FREEBIND
# if !defined(NO_PRIVATE_IP_DETECT)
case INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL:
success = getIniFileArgumentInt(&PublicIPProtectionLevel, iniarg, 0, 3);
# if !HAVE_GETIFADDR
if (PublicIPProtectionLevel & 1)
{
IniFileErrorMessage = "Must be 0 or 2";
success = FALSE;
}
# endif // !HAVE_GETIFADDR
break;
# endif // !defined(NO_PRIVATE_IP_DETECT)
default:
return FALSE;
}
@ -1085,29 +1110,14 @@ static void parseGeneralArguments() {
#ifndef NO_SOCKETS
#ifndef USE_MSRPC
#ifdef ENABLE_DEPRECATED_OPTIONS
#ifndef SIMPLE_SOCKETS
case '4':
case '6':
printerrorf("Warning: Option -%c is deprecated. Use -L instead.\n", o);
/* no break */
#endif // SIMPLE_SOCKETS
#endif // ENABLE_DEPRECATED_OPTIONS
case 'P':
if (o == 'P') defaultport = optarg;
#ifdef SIMPLE_SOCKETS
ignoreIniFileParameter(INI_PARAM_PORT);
#else // !SIMPLE_SOCKETS
#if !defined(SIMPLE_SOCKETS) && !defined(USE_MSRPC)
ignoreIniFileParameter(INI_PARAM_LISTEN);
#endif // !SIMPLE_SOCKETS
break;
#else // USE_MSRPC
case 'P':
#else
defaultport = optarg;
ignoreIniFileParameter(INI_PARAM_PORT);
#endif // !SIMPLE_SOCKETS
break;
#endif // USE_MSRPC
#if !defined(NO_LIMIT) && !__minix__
@ -1145,6 +1155,12 @@ static void parseGeneralArguments() {
#endif
#ifndef NO_LOG
case 'T':
if (!getArgumentBool(&LogDateAndTime, optarg)) usage();
ignoreIniFileParameter(INI_PARAM_LOG_DATE_AND_TIME);
break;
case 'l':
fn_log = getCommandLineArg(optarg);
ignoreIniFileParameter(INI_PARAM_LOG_FILE);
@ -1160,6 +1176,18 @@ static void parseGeneralArguments() {
#endif // NO_VERBOSE_LOG
#endif // NO_LOG
#if !defined(NO_PRIVATE_IP_DETECT)
case 'o':
ignoreIniFileParameter(INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL);
PublicIPProtectionLevel = getOptionArgumentInt(o, 0, 3);
#if !HAVE_GETIFADDR
if (PublicIPProtectionLevel & 1) usage();
#endif // !HAVE_GETIFADDR
break;
#endif // !defined(NO_PRIVATE_IP_DETECT)
#ifndef NO_SOCKETS
#if !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
case 'L':
@ -1174,32 +1202,6 @@ static void parseGeneralArguments() {
#endif // HAVE_FREEBIND
#endif // !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
#if defined(ENABLE_DEPRECATED_OPTIONS)
case 'f':
#if !defined(_WIN32) || !defined(NO_LOG)
printerrorf
(
"Warning: Option -f is deprecated. Use -"
#ifdef _WIN32
"e"
#else // !_WIN32
"de"
#endif // !_WIN32
" instead.\n"
);
#ifndef _WIN32
nodaemon = 1;
#endif // _WIN32
#ifndef NO_LOG
logstdout = 1;
#endif
#if defined(_PEDANTIC) && defined(_WIN32) && defined(NO_LOG)
printerrorf("Warning: Option -f has no effect in a Windows version of vlmcsd that has been compiled with logging disabled.\n");
#endif // defined(_PEDANTIC) && defined(_WIN32) && defined(NO_LOG)
#endif // !defined(_WIN32) || !defined(NO_LOG)
break;
#endif // ENABLE_DEPRECATED_OPTIONS
#ifdef _NTSERVICE
case 'U':
ServiceUser = optarg;
@ -1232,17 +1234,14 @@ static void parseGeneralArguments() {
break;
#ifndef NO_LOG
case 'e':
logstdout = 1;
break;
#endif // NO_LOG
#endif // NO_SOCKETS
#if !defined(_WIN32) && defined(ENABLE_DEPRECATED_OPTIONS)
case 'I': // Backward compatibility with svn681 and earlier
break;
#endif // !defined(_WIN32) && defined(ENABLE_DEPRECATED_OPTIONS)
#ifndef NO_RANDOM_EPID
case 'r':
RandomizationLevel = (int_fast8_t)getOptionArgumentInt(o, 0, 2);
@ -1505,7 +1504,14 @@ static void allocateSemaphore(void)
int setupListeningSockets()
{
int o;
# if HAVE_GETIFADDR
char** privateIPList;
int numPrivateIPs = 0;
if (PublicIPProtectionLevel & 1) getPrivateIPAddresses(&numPrivateIPs, &privateIPList);
uint_fast8_t allocsockets = maxsockets ? (maxsockets + numPrivateIPs) : ((PublicIPProtectionLevel & 1) ? numPrivateIPs : 2);
# else // !HAVE_GETIFADDR
uint_fast8_t allocsockets = maxsockets ? maxsockets : 2;
# endif // !HAVE_GETIFADDR
SocketList = (SOCKET*)vlmcsd_malloc((size_t)allocsockets * sizeof(SOCKET));
@ -1517,42 +1523,16 @@ int setupListeningSockets()
for (opterr = 0; ( o = getopt(global_argc, (char* const*)global_argv, optstring) ) > 0; ) switch (o)
{
# ifdef ENABLE_DEPRECATED_OPTIONS
case '4':
if (!haveIPv4Stack)
{
printerrorf("Fatal: Your system does not support %s.\n", cIPv4);
return !0;
}
v4required = 1;
break;
case '6':
if (!haveIPv6Stack)
{
printerrorf("Fatal: Your system does not support %s.\n", cIPv6);
return !0;
}
v6required = 1;
break;
# endif // ENABLE_DEPRECATED_OPTIONS
case 'P':
defaultport = optarg;
break;
case 'L':
case 'P':
defaultport = optarg;
break;
addListeningSocket(optarg);
break;
case 'L':
addListeningSocket(optarg);
break;
default:
break;
default:
break;
}
@ -1569,17 +1549,31 @@ int setupListeningSockets()
}
# endif
# if HAVE_GETIFADDR
if (PublicIPProtectionLevel & 1)
{
int i;
for (i = 0; i < numPrivateIPs; i++)
{
addListeningSocket(privateIPList[i]);
free(privateIPList[i]);
}
free(privateIPList);
}
# endif // HAVE_GETIFADDR
// if -L hasn't been specified on the command line, use default sockets (all IP addresses)
// maxsocket results from first pass parsing the arguments
if (!maxsockets)
{
# ifdef ENABLE_DEPRECATED_OPTIONS
if (haveIPv6Stack && (v6required || !v4required)) addListeningSocket("::");
if (haveIPv4Stack && (v4required || !v6required)) addListeningSocket("0.0.0.0");
# else // !ENABLE_DEPRECATED_OPTIONS
# if HAVE_GETIFADDR
if (!(PublicIPProtectionLevel & 1) && haveIPv6Stack) addListeningSocket("::");
if (!(PublicIPProtectionLevel & 1) && haveIPv4Stack) addListeningSocket("0.0.0.0");
# else // !HAVE_GETIFADDR
if (haveIPv6Stack) addListeningSocket("::");
if (haveIPv4Stack) addListeningSocket("0.0.0.0");
# endif // !ENABLE_DEPRECATED_OPTIONS
# endif // !HAVE_GETIFADDR
}
if (!numsockets)

@ -48,6 +48,8 @@ int server_main(int argc, CARGV argv);
#define INI_PARAM_RPC_NDR64 15
#define INI_PARAM_RPC_BTFN 16
#define INI_PARAM_FREEBIND 17
#define INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL 18
#define INI_PARAM_LOG_DATE_AND_TIME 19
#define INI_FILE_PASS_1 1
#define INI_FILE_PASS_2 2

@ -35,6 +35,10 @@
# Command line: -L
;Listen = [::]:1688
# Listen on all private IP addresses and reject incoming requests from public IP addresses
# Command line: -o
# PublicIPProtectionLevel = 3
# Allow binding to foreign IP addresses
# Command line: -F0 and -F1
;FreeBind = true
@ -67,6 +71,10 @@
# Command line: -l (-e and -f also override this directive)
;LogFile = /var/log/vlmcsd.log
# Don't include date and time in logs (default is true)
# Command line: -T0 and -T1
;LogDateAndTime = false
# Create a verbose log
# Command line: -v and -q
;LogVerbose = true

@ -1,4 +1,4 @@
.TH VLMCSD.INI 5 "June 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD.INI 5 "July 2016" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -53,6 +53,19 @@ Can only be used if vlmcsd has been compiled to use simple sockets or on Windows
.IP "\fBFreeBind\fR"
Can be TRUE or FALSE. If TRUE, you can use the \fBListen\fR keyword with IP addresses that are currently not defined on your system. \fBvlmcsd\fR(8) will start listening on these IP addresses as soon as they become available. This keyword is only available under Linux and FreeBSD because no other OS currently supports that feature. FreeBSD supports this only for IPv4 and requires the PRIV_NETINET_BINDANY privilege which is normally assigned to proccesses of the root user.
.IP "\fBPublicIPProtectionLevel\fR"
Set the level of protection against KMS activations from public IP addresses.
0 = No protection (default)
.br
1\ =\ Listen on private IP addresses only (plus those specified by one or more \fBListen\fR statements)
.br
2\ =\ Disconnect clients with public IP addresses without activating
.br
3\ =\ Combines 1 and 2
For details on public IP protection levels see \fBvlmcsd\fR(8) command line option \fB-o\fR.
.IP "\fBUseNDR64\fR"
Can be TRUE or FALSE. Specifies whether you want to use the NDR64 transfer syntax. See options \fB-n0\fR and \fB-n1\fR in \fBvlmcsd\fR(8). The default is TRUE.
@ -80,6 +93,9 @@ Write a pid file. The \fIargument\fR is the full pathname of a pid file. The pid
.IP "\fBLogFile\fR"
Write a log file. The \fIargument\fR is the full pathname of a log file. On a unixoid OS and with Cygwin you can use the special filename 'syslog' to log to the syslog facility. This is the same as specifying \fB-l\fR on the command line.
.IP "\fBLogDateAndTime\fR"
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, logging output does not include date and time. This is useful if you log to \fBstdout\fR(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance \fBsystemd-journald\fR(8). If you log to \fBsyslog\fR(3), \fBLogDateAndTime\fR is ignored and date and time will never be included in the output sent to \fBsyslog\fR(3). Using the command line you control this setting with options \fB-T0\fR and \fB-T1\fR.
.IP "\fBLogVerbose\fR"
Set this to either TRUE or FALSE. The default is FALSE. If set to TRUE, more details of each activation will be logged. You use \fB-v\fR and \fB-q\fR in the command line to control this setting. \fBLogVerbose\fR has an effect only if you specify a log file or redirect logging to \fBstdout\fR(3).
@ -87,7 +103,7 @@ Set this to either TRUE or FALSE. The default is FALSE. If set to TRUE, more det
This is the same as specifying \fB-A\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 2 hours. Example: ActivationInterval = 1h
.IP "\fBRenewalInterval\fR"
This is the same as specifying \fB-R\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 7 days. Example: ActivationInterval = 3h. Please note that the KMS client decides itself when to renew activation. Even though vlmcsd sends the renewal interval you specify, it is no more than some kind of recommendation to the client. Older KMS clients did follow the recommendation from a KMS server or emulator. Newer clients do not.
This is the same as specifying \fB-R\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 7 days. Example: RenewalInterval = 3d. Please note that the KMS client decides itself when to renew activation. Even though vlmcsd sends the renewal interval you specify, it is no more than some kind of recommendation to the client. Older KMS clients did follow the recommendation from a KMS server or emulator. Newer clients do not.
.IP "\fBUser\fR"
Run vlmcsd as another, preferrably less privileged, user. The \fIargument\fR can be a user name or a numeric user id. You must have the required privileges (capabilities on Linux) to change the security context of a process without providing any credentials (a password in most cases). On most unixoid OSses 'root' is the only user who has these privileges in the default configuration. This setting is not available in the native Windows version of vlmcsd. See \fB-u\fR in \fBvlmcsd\fR(8). This setting cannot be changed on the fly by sending SIGHUP to vlmcsd.

@ -108,6 +108,21 @@ KEYWORDS
proccesses of the root user.
PublicIPProtectionLevel
Set the level of protection against KMS activations from public
IP addresses.
0 = No protection (default)
1 = Listen on private IP addresses only (plus those specified by
one or more Listen statements)
2 = Disconnect clients with public IP addresses without activat
ing
3 = Combines 1 and 2
For details on public IP protection levels see vlmcsd(8) command
line option -o.
UseNDR64
Can be TRUE or FALSE. Specifies whether you want to use the
NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
@ -173,56 +188,67 @@ KEYWORDS
same as specifying -l on the command line.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: Activation
Interval = 3h. Please note that the KMS client decides itself
when to renew activation. Even though vlmcsd sends the renewal
interval you specify, it is no more than some kind of recommen
dation to the client. Older KMS clients did follow the recommen
dation from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
SPECIAL KEYWORDS
Any valid GUID is being treated as a special keyword in the ini file.
It is used to select a specfic ePID and HwId for an application GUID.
The argument has the form ePID [ / HwId ]. KMS currently knows only 3
Any valid GUID is being treated as a special keyword in the ini file.
It is used to select a specfic ePID and HwId for an application GUID.
The argument has the form ePID [ / HwId ]. KMS currently knows only 3
application GUIDs:
55c92734-d682-4d71-983e-d6ec3f16059f (Windows)
@ -236,25 +262,25 @@ SPECIAL KEYWORDS
59a52881-a989-479d-af46-f275c6370663 = 55041-00096-216-598637-03-17418-6002.0000-3312013
0ff1ce15-a989-479d-af46-f275c6370663 = 55041-00206-234-742099-03-9217-6002.0000-2942013
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "ratiborus virtual machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "ratiborus virtual machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -268,7 +294,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -277,4 +303,4 @@ SEE ALSO
Hotbird64 June 2016 VLMCSD.INI(5)
Hotbird64 July 2016 VLMCSD.INI(5)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -208,6 +208,25 @@ feature. FreeBSD supports this only for IPv4 and requires
the PRIV_NETINET_BINDANY privilege which is normally
assigned to proccesses of the root user.</p>
<p style="margin-left:11%;"><b>PublicIPProtectionLevel</b></p>
<p style="margin-left:22%;">Set the level of protection
against KMS activations from public IP addresses.</p>
<p style="margin-left:22%; margin-top: 1em">0 = No
protection (default) <br>
1&nbsp;=&nbsp;Listen on private IP addresses only (plus
those specified by one or more <b>Listen</b> statements)
<br>
2&nbsp;=&nbsp;Disconnect clients with public IP addresses
without activating <br>
3&nbsp;=&nbsp;Combines 1 and 2</p>
<p style="margin-left:22%; margin-top: 1em">For details on
public IP protection levels see <b>vlmcsd</b>(8) command
line option <b>-o</b>.</p>
<p style="margin-left:11%;"><b>UseNDR64</b></p>
<p style="margin-left:22%;">Can be TRUE or FALSE. Specifies
@ -296,6 +315,19 @@ unixoid OS and with Cygwin you can use the special filename
&rsquo;syslog&rsquo; to log to the syslog facility. This is
the same as specifying <b>-l</b> on the command line.</p>
<p style="margin-left:11%;"><b>LogDateAndTime</b></p>
<p style="margin-left:22%;">Can be TRUE or FALSE. The
default is TRUE. If set to FALSE, logging output does not
include date and time. This is useful if you log to
<b>stdout</b>(3) which is redirected to another logging
mechanism that already includes date and time in its output,
for instance <b>systemd-journald</b>(8). If you log to
<b>syslog</b>(3), <b>LogDateAndTime</b> is ignored and date
and time will never be included in the output sent to
<b>syslog</b>(3). Using the command line you control this
setting with options <b>-T0</b> and <b>-T1</b>.</p>
<p style="margin-left:11%;"><b>LogVerbose</b></p>
<p style="margin-left:22%;">Set this to either TRUE or
@ -316,8 +348,8 @@ details. The default is 2 hours. Example: ActivationInterval
<p style="margin-left:22%;">This is the same as specifying
<b>-R</b> on the command line. See <b>vlmcsd</b>(8) for
details. The default is 7 days. Example: ActivationInterval
= 3h. Please note that the KMS client decides itself when to
details. The default is 7 days. Example: RenewalInterval =
3d. Please note that the KMS client decides itself when to
renew activation. Even though vlmcsd sends the renewal
interval you specify, it is no more than some kind of
recommendation to the client. Older KMS clients did follow

Binary file not shown.

@ -108,6 +108,21 @@ KEYWORDS
proccesses of the root user.
PublicIPProtectionLevel
Set the level of protection against KMS activations from public
IP addresses.
0 = No protection (default)
1 = Listen on private IP addresses only (plus those specified by
one or more Listen statements)
2 = Disconnect clients with public IP addresses without activat
ing
3 = Combines 1 and 2
For details on public IP protection levels see vlmcsd(8) command
line option -o.
UseNDR64
Can be TRUE or FALSE. Specifies whether you want to use the
NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
@ -173,56 +188,67 @@ KEYWORDS
same as specifying -l on the command line.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: Activation
Interval = 3h. Please note that the KMS client decides itself
when to renew activation. Even though vlmcsd sends the renewal
interval you specify, it is no more than some kind of recommen
dation to the client. Older KMS clients did follow the recommen
dation from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
SPECIAL KEYWORDS
Any valid GUID is being treated as a special keyword in the ini file.
It is used to select a specfic ePID and HwId for an application GUID.
The argument has the form ePID [ / HwId ]. KMS currently knows only 3
Any valid GUID is being treated as a special keyword in the ini file.
It is used to select a specfic ePID and HwId for an application GUID.
The argument has the form ePID [ / HwId ]. KMS currently knows only 3
application GUIDs:
55c92734-d682-4d71-983e-d6ec3f16059f (Windows)
@ -236,25 +262,25 @@ SPECIAL KEYWORDS
59a52881-a989-479d-af46-f275c6370663 = 55041-00096-216-598637-03-17418-6002.0000-3312013
0ff1ce15-a989-479d-af46-f275c6370663 = 55041-00206-234-742099-03-9217-6002.0000-2942013
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "ratiborus virtual machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "ratiborus virtual machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -268,7 +294,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -277,4 +303,4 @@ SEE ALSO
Hotbird64 June 2016 VLMCSD.INI(5)
Hotbird64 July 2016 VLMCSD.INI(5)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.
Loading…
Cancel
Save