1 /* |
1 /* |
2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
2 * Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies). |
3 * All rights reserved. |
3 * All rights reserved. |
4 * This component and the accompanying materials are made available |
4 * This component and the accompanying materials are made available |
5 * under the terms of "Eclipse Public License v1.0" |
5 * under the terms of "Eclipse Public License v1.0" |
6 * which accompanies this distribution, and is available |
6 * which accompanies this distribution, and is available |
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
34 #include "ikev1payload.h" |
34 #include "ikev1payload.h" |
35 #include "ikev1timeout.h" |
35 #include "ikev1timeout.h" |
36 #include "ikev1crack.h" |
36 #include "ikev1crack.h" |
37 #include "ikev1isakmpstream.h" |
37 #include "ikev1isakmpstream.h" |
38 #include "ikev1crypto.h" |
38 #include "ikev1crypto.h" |
|
39 #include "credentialcache.h" |
|
40 |
39 |
41 |
40 const TUint8 XAUTH_VID_DATA[8] = {0x09, 0x00, 0x26, 0x89, 0xdf, 0xd6, 0xb7, 0x12}; |
42 const TUint8 XAUTH_VID_DATA[8] = {0x09, 0x00, 0x26, 0x89, 0xdf, 0xd6, 0xb7, 0x12}; |
41 const TUint8 CISCO_UNITY_VID_DATA[16] = {0x12, 0xf5, 0xf2, 0x8c, 0x45, 0x71, 0x68, 0xa9, |
43 const TUint8 CISCO_UNITY_VID_DATA[16] = {0x12, 0xf5, 0xf2, 0x8c, 0x45, 0x71, 0x68, 0xa9, |
42 0x70, 0x2d, 0x9f, 0xe2, 0x74, 0xcc, 0x01, 0x00}; |
44 0x70, 0x2d, 0x9f, 0xe2, 0x74, 0xcc, 0x01, 0x00}; |
43 |
45 |
|
46 const TInt KCredentialTypeUnknown = 0; |
|
47 const TInt KCredentialTypeNew = 1; |
|
48 const TInt KCredentialTypeCached = 2; |
|
49 |
44 |
50 |
45 CTransNegotiation::CTransNegotiation( TInt aGranularity, |
51 CTransNegotiation::CTransNegotiation( TInt aGranularity, |
46 TBool aUseXauth, |
52 TBool aUseXauth, |
47 TBool aUseCfgMode, |
53 TBool aUseCfgMode, |
48 CIkev1PluginSession* aPluginSession, |
54 CIkev1PluginSession* aPluginSession, |
112 { |
119 { |
113 if ( !iPluginSession || !iNegotiation || (!iUseXauth && !iUseCfgMode)) |
120 if ( !iPluginSession || !iNegotiation || (!iUseXauth && !iUseCfgMode)) |
114 { |
121 { |
115 User::Leave(KErrArgument); |
122 User::Leave(KErrArgument); |
116 } |
123 } |
117 |
124 |
118 DEBUG_LOG(_L("Transaction exchange object constructed")); |
|
119 if ( !iUseXauth ) |
125 if ( !iUseXauth ) |
120 { |
126 { |
121 iXauthCompleted = ETrue; |
127 iXauthCompleted = ETrue; |
122 iNegotiation->iTimer->Cancel(); // Stop retransmission timer |
128 iNegotiation->iTimer->Cancel(); // Stop retransmission timer |
123 } |
129 } |
124 else |
130 else |
125 { |
131 { |
126 if ( !iUseCfgMode ) |
132 if ( !iUseCfgMode ) |
127 iCfgModeCompleted = ETrue; |
133 iCfgModeCompleted = ETrue; |
128 DEBUG_LOG(_L("Starting to Wait XAUTH request")); |
134 DEBUG_LOG(_L("Starting to Wait XAUTH request")); |
129 } |
135 } |
|
136 |
|
137 if( EFalse != iPluginSession->IkeData().iUseCache ) |
|
138 { |
|
139 iCache = CCredentialCache::NewL( iDebug ); |
|
140 } |
|
141 |
|
142 DEBUG_LOG(_L("Transaction exchange object constructed")); |
130 } |
143 } |
131 |
144 |
132 /**------------------------------------------------------------------- |
145 /**------------------------------------------------------------------- |
133 * |
146 * |
134 * Method GetAuthMethod() |
147 * Method GetAuthMethod() |
281 // |
294 // |
282 delete iUserName; // Delete old user name buffer for sure |
295 delete iUserName; // Delete old user name buffer for sure |
283 iUserName = HBufC8::New(aDialogInfo->iUsername->Length() + 16); // 16 bytes space for padding |
296 iUserName = HBufC8::New(aDialogInfo->iUsername->Length() + 16); // 16 bytes space for padding |
284 if ( iUserName ) { |
297 if ( iUserName ) { |
285 iUserName->Des().Copy(aDialogInfo->iUsername->Des()); |
298 iUserName->Des().Copy(aDialogInfo->iUsername->Des()); |
286 } |
299 } |
|
300 |
|
301 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
302 { |
|
303 iCache->SetUserName( *aDialogInfo->iUsername ); |
|
304 } |
287 } |
305 } |
288 |
306 |
289 if ( aDialogInfo->iSecret ) { |
307 if ( aDialogInfo->iSecret ) { |
290 // |
308 // |
291 // Add either password, passcode or next pin attribute. |
309 // Add either password, passcode or next pin attribute. |
306 case (1 << (ATTR_NEXT_PIN - ATTR_XAUTH_TYPE)): |
324 case (1 << (ATTR_NEXT_PIN - ATTR_XAUTH_TYPE)): |
307 AttrType = ATTR_NEXT_PIN; |
325 AttrType = ATTR_NEXT_PIN; |
308 break; |
326 break; |
309 |
327 |
310 default: |
328 default: |
|
329 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
330 { |
|
331 iCache->SetSecret( *aDialogInfo->iSecret ); |
|
332 } |
311 break; |
333 break; |
312 |
334 } |
313 } |
|
314 AddAttributeData(attr_ptr, AttrType, aDialogInfo->iSecret->Length(), |
335 AddAttributeData(attr_ptr, AttrType, aDialogInfo->iSecret->Length(), |
315 (TUint8*)aDialogInfo->iSecret->Ptr()); |
336 (TUint8*)aDialogInfo->iSecret->Ptr()); |
316 } |
337 } |
317 |
338 |
318 BuildAndSendMessageL(attr_ptr, ISAKMP_CFG_REPLY); |
339 BuildAndSendMessageL(attr_ptr, ISAKMP_CFG_REPLY); |
798 |
819 |
799 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSWORD - ATTR_XAUTH_TYPE))): |
820 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSWORD - ATTR_XAUTH_TYPE))): |
800 // |
821 // |
801 // User name/Password authentication required |
822 // User name/Password authentication required |
802 // |
823 // |
803 iDialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
824 GetCredentialsL(); |
804 iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, XAUTH_DIALOG_ID, iNegotiation->SAId(), iCurrExchange->iMessageId); |
|
805 iDialog->GetAsyncUNPWDialogL(iDialogInfo, (MIkeDialogComplete*)this); |
|
806 break; |
825 break; |
807 |
826 |
808 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSCODE - ATTR_XAUTH_TYPE))): |
827 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSCODE - ATTR_XAUTH_TYPE))): |
809 // |
828 // |
810 // User name/Secure ID authentication required |
829 // User name/Secure ID authentication required |
854 TInt CTransNegotiation::ProcessXauthStatusL(TDataISAKMP* aAttr, TInt aLth) |
872 TInt CTransNegotiation::ProcessXauthStatusL(TDataISAKMP* aAttr, TInt aLth) |
855 { |
873 { |
856 TBuf8<16> attributes; |
874 TBuf8<16> attributes; |
857 TInt status = TRANSACTION_CONTINUE; |
875 TInt status = TRANSACTION_CONTINUE; |
858 TInt16 attr_status; |
876 TInt16 attr_status; |
859 |
877 |
860 while ( aLth > 0 ) { |
878 while ( aLth > 0 ) { |
861 |
879 |
862 aLth = aLth - aAttr->Size(); |
880 aLth = aLth - aAttr->Size(); |
863 if ( aLth < 0 ) { |
881 if ( aLth < 0 ) { |
864 DEBUG_LOG(_L("XAUTH SET ERROR (Length mismatch in the attibutes)")); |
882 DEBUG_LOG(_L("XAUTH SET ERROR (Length mismatch in the attibutes)")); |
|
883 iCredentialType = KCredentialTypeUnknown; |
865 return TRANSACTION_FAILED; |
884 return TRANSACTION_FAILED; |
866 } |
885 } |
867 |
886 |
868 switch ( aAttr->Type() ) { |
887 switch ( aAttr->Type() ) { |
869 |
888 |
899 AddAttributeData(attributes, AttrType, 2, (TUint8*)&attr_status); |
918 AddAttributeData(attributes, AttrType, 2, (TUint8*)&attr_status); |
900 BuildAndSendMessageL(attributes, ISAKMP_CFG_ACK); |
919 BuildAndSendMessageL(attributes, ISAKMP_CFG_ACK); |
901 if ( status == TRANSACTION_SUCCESS ) { |
920 if ( status == TRANSACTION_SUCCESS ) { |
902 DEBUG_LOG(_L("XAUTH authentication succeeded!")); |
921 DEBUG_LOG(_L("XAUTH authentication succeeded!")); |
903 iXauthCompleted = ETrue; |
922 iXauthCompleted = ETrue; |
|
923 |
|
924 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
925 { |
|
926 iCache->Store( iPluginSession->VpnIapId() ); |
|
927 } |
|
928 |
904 if ( iUserName ) { |
929 if ( iUserName ) { |
905 // |
|
906 // Cache user name into user name file |
930 // Cache user name into user name file |
907 // |
|
908 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
931 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
909 CleanupStack::PushL(Dialog); |
932 CleanupStack::PushL(Dialog); |
910 TInt err(KErrNone); |
933 TInt err(KErrNone); |
911 TRAP(err, Dialog->StoreUserNameL(iUserName->Des())); |
934 TRAP(err, Dialog->StoreUserNameL(iUserName->Des())); |
|
935 |
912 #ifdef _DEBUG |
936 #ifdef _DEBUG |
913 if (err == KErrNone) |
937 if (err == KErrNone) |
914 DEBUG_LOG(_L("User Name caching succeeded")); |
938 DEBUG_LOG(_L("User Name caching succeeded")); |
915 else DEBUG_LOG(_L("User Name caching failed")); |
939 else DEBUG_LOG(_L("User Name caching failed")); |
916 #endif // _DEBUG |
940 #endif // _DEBUG |
917 CleanupStack::PopAndDestroy(); |
941 CleanupStack::PopAndDestroy(); |
918 } |
942 } |
919 } |
943 } |
920 else { |
944 else { |
|
945 if( iCache ) |
|
946 { |
|
947 iCache->Clear(); |
|
948 } |
921 DEBUG_LOG(_L("XAUTH authentication failed!")); |
949 DEBUG_LOG(_L("XAUTH authentication failed!")); |
922 // Dialog object shall be delete in Dialog->RunL when dialog completed |
|
923 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
|
924 Dialog->ShowErrorDialogL(TVpnNoteDialog::EKmdAuthenticationFailed, NULL, NULL); |
|
925 } |
950 } |
926 } |
951 } |
927 |
952 |
|
953 iCredentialType = KCredentialTypeUnknown; |
|
954 |
928 return status; |
955 return status; |
929 } |
956 } |
930 |
957 |
931 /**-------------------------------------------------------------------------------- |
958 /**-------------------------------------------------------------------------------- |
932 * |
959 * |
978 * -- DNS address(es) in secure network = INTERNAL_IP4_DNS |
1005 * -- DNS address(es) in secure network = INTERNAL_IP4_DNS |
979 * |
1006 * |
980 *--------------------------------------------------------------------*/ |
1007 *--------------------------------------------------------------------*/ |
981 TInt CTransNegotiation::BuildConfigRequestL() |
1008 TInt CTransNegotiation::BuildConfigRequestL() |
982 { |
1009 { |
983 |
|
984 TBuf8<16> attributes; |
1010 TBuf8<16> attributes; |
985 |
1011 |
986 TUint32 message_id = iNegotiation->RandomMessageId(); |
1012 TUint32 message_id = iNegotiation->RandomMessageId(); |
987 |
1013 |
988 iCurrExchange = AddExchangeL(message_id, INITIATOR); //Add a new transaction exchange |
1014 iCurrExchange = AddExchangeL(message_id, INITIATOR); //Add a new transaction exchange |
996 |
1022 |
997 BuildAndSendMessageL(attributes, ISAKMP_CFG_REQUEST); |
1023 BuildAndSendMessageL(attributes, ISAKMP_CFG_REQUEST); |
998 DEBUG_LOG(_L("CONFIG-MODE started, request xmitted!")); |
1024 DEBUG_LOG(_L("CONFIG-MODE started, request xmitted!")); |
999 |
1025 |
1000 return TRANSACTION_CONTINUE; |
1026 return TRANSACTION_CONTINUE; |
1001 |
|
1002 |
|
1003 } |
1027 } |
1004 |
1028 |
1005 /**------------------------------------------------------------------- |
1029 /**------------------------------------------------------------------- |
1006 * |
1030 * |
1007 * Method AddAttributeData() |
1031 * Method AddAttributeData() |
1112 } |
1136 } |
1113 |
1137 |
1114 // |
1138 // |
1115 // The implementation for class MIkeDialogComplete virtual function |
1139 // The implementation for class MIkeDialogComplete virtual function |
1116 // |
1140 // |
1117 TInt CTransNegotiation::DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo, |
1141 TInt CTransNegotiation::DialogCompleteL( |
1118 HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain) |
1142 TAny* aUserInfo, HBufC8* aUsername, HBufC8* aSecret) |
1119 { |
1143 { |
1120 /*--------------------------------------------------------------------------- |
1144 /*--------------------------------------------------------------------------- |
1121 * |
1145 * |
1122 * A response received from client user (through asynchronous dialog) |
1146 * A response received from client user (through asynchronous dialog) |
1123 * This method is introduced as a TUserCallback for CGetIKEPassword dialog |
1147 * This method is introduced as a TUserCallback for CGetIKEPassword dialog |
1127 * entry |
1151 * entry |
1128 * |
1152 * |
1129 *-------------------------------------------------------------------------*/ |
1153 *-------------------------------------------------------------------------*/ |
1130 TUint32 obj_id = 1; |
1154 TUint32 obj_id = 1; |
1131 CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo; |
1155 CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo; |
1132 DEBUG_LOG1(_L("CIKECRACKNegotiation::DialogCompleteL(), aUserInfo = %x"), aUserInfo); |
1156 DEBUG_LOG1(_L("CTransNegotiation::DialogCompleteL(), aUserInfo=%x"), aUserInfo); |
1133 |
1157 |
1134 if ( info ) |
1158 if ( info ) |
1135 { |
1159 { |
1136 obj_id = info->GetObjId(); |
1160 obj_id = info->GetObjId(); |
1137 DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id); |
1161 DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id); |
1138 if ( obj_id == XAUTH_DIALOG_ID ) |
1162 if ( obj_id == XAUTH_DIALOG_ID ) |
1139 { |
1163 { |
1140 info->iUsername = aUsername; |
1164 info->SetUserName( aUsername ); |
1141 info->iSecret = aSecret; |
1165 info->SetSecret( aSecret ); |
1142 info->iDomain = aDomain; |
|
1143 obj_id = info->PluginSession()->AuthDialogCompletedL(info); |
1166 obj_id = info->PluginSession()->AuthDialogCompletedL(info); |
1144 } |
1167 } |
1145 } |
1168 } |
1146 |
1169 |
1147 return obj_id; |
1170 return obj_id; |
1148 } |
1171 } |
|
1172 |
|
1173 |
|
1174 void CTransNegotiation::GetCredentialsL() |
|
1175 { |
|
1176 DEBUG_LOG( _L( "CTransNegotiation::GetCredentialsL" ) ); |
|
1177 |
|
1178 TInt ret = KErrNotFound; |
|
1179 |
|
1180 delete iDialogInfo; iDialogInfo = NULL; |
|
1181 |
|
1182 iDialogInfo = new (ELeave) CAuthDialogInfo( |
|
1183 iPluginSession, |
|
1184 XAUTH_DIALOG_ID, |
|
1185 iNegotiation->SAId(), |
|
1186 iCurrExchange->iMessageId ); |
|
1187 |
|
1188 if( iCache && KCredentialTypeUnknown == iCredentialType ) |
|
1189 { |
|
1190 ret = iCache->GetCredentials( |
|
1191 iPluginSession->VpnIapId(), |
|
1192 iDialogInfo->iUsername, |
|
1193 iDialogInfo->iSecret |
|
1194 ); |
|
1195 } |
|
1196 |
|
1197 if( KErrNone == ret ) |
|
1198 { |
|
1199 iCredentialType = KCredentialTypeCached; |
|
1200 TUint32 id = iPluginSession->AuthDialogCompletedL( iDialogInfo ); |
|
1201 } |
|
1202 else |
|
1203 { |
|
1204 iCredentialType = KCredentialTypeNew; |
|
1205 |
|
1206 delete iDialog; iDialog = NULL; |
|
1207 |
|
1208 iDialog = CIkev1Dialog::NewL( |
|
1209 iPluginSession, iPluginSession->DialogAnchor(), iDebug ); |
|
1210 |
|
1211 iDialog->GetAsyncUNPWDialogL( iDialogInfo, (MIkeDialogComplete*)this ); |
|
1212 } |
|
1213 } |
|
1214 |
|
1215 |
|
1216 /***/ |