Protection Against Time Tampering

To configure or override the built-in time tampering detection function, you can use the information provided in this section.

Executables to Rebuild

>In case of standalone licensing (application linked to the standalone library or the integrated library), the client application needs to be rebuild.

>In case of network licensing, the License Manager executable needs to be rebuild.

Refer to How to Use the custom32.mak File?.

Description

Following are some of the configurable properties used by the built-in time tampering detection function of RMS.

>The action taken on time tampering detection

>The method of time tampering detection

>The default grace period

>The number or percentage of system files found to be tampered before concluding the system clock is tampered (for UNIX only).

>Using the VLSconfigureTimeTamper API function you can modify the configurable properties.

Function Prototype

void VLSconfigureTimeTamper
(
   VLSactionOnTmTamper* actionOnTmTamper,      
   VLStmTamperMethod*   tmTamperMethod,         
   int*                 gracePeriod,            
   int*                 percentViolations,     
   int*                 numViolationsForError   
);

Enumeration Data Type 

typedef enum {
   VLS_CONT_AFTER_TM_TAMPER,
   VLS_EXIT_AFTER_TM_TAMPER
}VLSactionOnTmTamper;  
typedef enum {
   VLS_ENABLE_DEFAULT_TM_TAMPER,
   VLS_DISABLE_DEFAULT_TM_TAMPER
}VLStmTamperMethod;

Parameter

Description

actionOnTmTamper

An OUT parameter.

Whether to exit from the License Manager (or your application, in case of standalone licensing) once the system clock tampering is detected.

[Default: VLS_CONT_AFTER_TM_TAMPER]
tmTamperMethod

An OUT parameter.

Whether to use the built-in system clock tampering detection function, or use the one provided by you.

[Default: VLS_ENABLE_DEFAULT_TM_TAMPER]
gracePeriod

An OUT parameter.

Useful only in case tmTamperMethod is VLS_ENABLE_DEFAULT_TM_TAMPER. If RMS finds the system clock has been set back by less than the gracePeriod seconds, it will not count the offending system file as a violation.

[Default: 86,400 seconds (1 day)]
percentViolations

An OUT parameter.

The percentage of the system files that must be found in violation of the grace period before concluding that the system clock has been set back. Pass the value of 0 for this parameter to ignore the functionality. Applicable only to UNIX systems.

[Default: 1% of the files to violate grace period]
numViolationsForError

An OUT parameter.

The number of system files that must be found in violation of the grace period, before concluding that the system clock has been set back. Applicable only to UNIX systems.

If both percentViolations and numViolationsForError are used, the lower evaluated value will be used.

If the tmTamperMethod parameter is returned as VLS_DISABLE_DEFAULT_TM_TAMPER, then you must override the VLSisClockSetBack function.

Function Prototype 

int VLSisClockSetBack(void);

Description

VLSisClockSetBack API checks the state of the system to detect tampering. This API is triggered in the following events:

>When network time-tamper-check enabled license is added on the RMS License Manager

>When time-tamper-check enabled feature is requested from RMS License Manager

>When requested handle is renewed

>When requested feature is released.

>When RMS License Manager is started/restarted

>When system is initialized

Returns

>Returns 0 (zero) if the clock is found in non-tampered state.

>Returns non-zero if the clock is found in tampered state.

Steps to Perform

1.Create the VLSconfigureTimeTamper function.

2. If the tmTamperMethod parameter is returned as VLS_DISABLE_DEFAULT_TM_TAMPER, then create the VLSisClockSetBack function.

3.Update the TIME_TAMPER_OBJS in the custom32.mak file.

4.Follow the build procedure specified in "Build Procedure" section.

Code Snippets

VLSconfigureTimeTamper:

void VLSconfigureTimeTamper
(
   VLSactionOnTmTamper*  actionOnTmTamper,         /* OUT */
   VLStmTamperMethod*    tmTamperMethod,           /* OUT */
   int*                  gracePeriod,              /* OUT */
   int*                  percentViolationAllowed,  /* OUT */
   int*                  numViolationForError      /* OUT */
)
{
   if (actionOnTmTamper != NULL)
   {
      *actionOnTmTamper = /* TODO: add value here */;
   }
   if (tmTamperMethod != NULL)
   {
      *tmTamperMethod = /* TODO: add method type here */;
   }
   if (gracePeriod != NULL)
   {
      *gracePeriod = /* TODO: add grace period in seconds here */;
   }
   if (percentViolationAllowed != NULL)
   {
      *percentViolationAllowed = /* TODO: add percentage of violations here */;
   }
   if (numViolationForError != NULL)
   {
      *numViolationForError = /* TODO: add number of violations here */;
   }
} /* VLSconfigureTimeTamper() */

VLSisClockSetBack

int VLSisClockSetBack(void)
{
   /* TODO: add the system clock tamper detection code here */
   return 0; /* no clock tamper detection */
} /* VLSisClockSetBack() */