|
1 // Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // IPSecPolicyManHandler.h - IPSec Policy Manager Handler |
|
15 // |
|
16 |
|
17 |
|
18 |
|
19 /** |
|
20 @internalComponent |
|
21 */ |
|
22 #ifndef __IPSECPOLICYMANHANDLER__ |
|
23 #define __IPSECPOLICYMANHANDLER__ |
|
24 |
|
25 #include <e32base.h> |
|
26 #include <e32std.h> |
|
27 #include <f32file.h> |
|
28 #include <es_sock.h> |
|
29 #include <in_sock.h> |
|
30 |
|
31 #include "ipsecpolapi.h" |
|
32 #include "ipsecpol.h" |
|
33 #include "autoloadlistitem.h" |
|
34 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
35 #include "spdb.h" |
|
36 #endif // SYMBIAN_IPSEC_VOIP_SUPPORT |
|
37 |
|
38 // |
|
39 // Direction codes |
|
40 // |
|
41 // |
|
42 enum direction |
|
43 { |
|
44 EInbound = 1, |
|
45 EOutbound |
|
46 }; |
|
47 |
|
48 // |
|
49 // iBypassOrDropMode flags |
|
50 // |
|
51 // |
|
52 const TInt KDropMode = 0; // Drop mode |
|
53 const TInt KInboundBypass = (1 << 0); // Inbound bypass mode |
|
54 const TInt KOutboundBypass = (1 << 1); // Outbound bypass mode |
|
55 |
|
56 // |
|
57 // Forward declarations |
|
58 // |
|
59 // |
|
60 class CSecpolReader; |
|
61 class CIPSecPolicyManagerServer; |
|
62 class CPolicySelector; |
|
63 class CIPSecPolicyManagerSession; |
|
64 class CSelectorList; |
|
65 class CIpSecurityPiece; |
|
66 class TIpsecSelectorInfo; |
|
67 class TIpsecSaSpec; |
|
68 class CAutoloadListItem; |
|
69 class CSecurityPolicy; |
|
70 class TSecurityAssocSpec; |
|
71 |
|
72 // |
|
73 // Active Policy list entry |
|
74 // |
|
75 struct TActivePolicyListEntry |
|
76 { |
|
77 TPolicyHandle iPolicyHandle; |
|
78 HBufC8* iPolicyBuf; |
|
79 TBool iActiveState; // EFalse = loaded, not active; ETrue = active |
|
80 TInt iBypassOrDropMode; // See flags below |
|
81 TPolicyType iPolicyType; |
|
82 }; |
|
83 typedef CArrayFixFlat<TActivePolicyListEntry*> CActivePolicyList; |
|
84 |
|
85 // |
|
86 // |
|
87 // |
|
88 struct TManualAutoloadHandlePair |
|
89 { |
|
90 TPolicyHandle iManualPreloadHandle; |
|
91 TPolicyHandle iManualPostLoadHandle; |
|
92 }; |
|
93 |
|
94 // |
|
95 // Policy Manager Handler Class |
|
96 // |
|
97 class CIPSecPolicyManagerHandler : public CBase |
|
98 { |
|
99 public: |
|
100 static CIPSecPolicyManagerHandler* NewL(CIPSecPolicyManagerServer* aServer); |
|
101 void ConstructL(); |
|
102 |
|
103 ~CIPSecPolicyManagerHandler(); |
|
104 |
|
105 // |
|
106 // Policy Manager API related methods |
|
107 // |
|
108 TInt ProcessLoadPolicyL( |
|
109 const RMessage2& aMsg, |
|
110 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession, |
|
111 TPolicyType aPolType); |
|
112 |
|
113 TInt ProcessLoadPoliciesL( |
|
114 const RMessage2& aMsg, |
|
115 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
116 |
|
117 TInt ProcessActivatePolicyL( |
|
118 const RMessage2& aMsg, |
|
119 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
120 |
|
121 TInt ProcessActivateAutoloadPolicyL( |
|
122 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
123 |
|
124 TInt ProcessUnloadPolicyL( |
|
125 const RMessage2& aMsg, |
|
126 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
127 |
|
128 TInt ProcessUnloadPoliciesL( |
|
129 const RMessage2& aMsg, |
|
130 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
131 |
|
132 TInt UnloadPolicyByHandleL( |
|
133 TUint32 aPolicyHandle, |
|
134 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
135 |
|
136 TInt GetIPSecSAInfoL( |
|
137 const RMessage2& aMsg, |
|
138 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
139 |
|
140 TInt GetLastConflictInfoL( |
|
141 const RMessage2& aMsg, |
|
142 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
143 |
|
144 #ifdef TESTFLAG |
|
145 |
|
146 TInt RequestEvent( |
|
147 const RMessage2& aMsg, |
|
148 const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); |
|
149 |
|
150 #endif |
|
151 |
|
152 void ErrorHandlingL(TInt aMainCode, TInt aDetailCode); |
|
153 |
|
154 void ReleaseResources(); |
|
155 |
|
156 void ParseCurrentPolicyL(); |
|
157 |
|
158 void UpdateSelectorsAndTunnels(); |
|
159 |
|
160 void ConvertFromObjectsToStringWithSectionsL(TInt aFunction, |
|
161 TInt aBypassDropMode); |
|
162 |
|
163 void ConvertFromObjectsToStringWithoutSectionsL(); |
|
164 |
|
165 void StorePolicyToActiveListL(TPolicyType aPolType, |
|
166 TInt aBypassDropMode); |
|
167 |
|
168 void ParseAllPolicyFilesL(); |
|
169 |
|
170 void MakeUniqueSANamesL(); |
|
171 |
|
172 void SortSelectors(); |
|
173 |
|
174 void ConvertFromObjectsToStringL(); |
|
175 |
|
176 void SendAlgorithmsAndPolicyToIPSecL(const TDesC& aSocket); |
|
177 |
|
178 void SendNullFileToIPSecL(const TDesC& aSocket); |
|
179 |
|
180 void ReturnPolicyFileHandleL(const RMessage2& aMsg); |
|
181 |
|
182 void ApiCallCompleted(); |
|
183 |
|
184 TInt DeletePolicyFromList(); |
|
185 |
|
186 TInt SearchPolicyFromListAndActivate(); |
|
187 |
|
188 TInt GetAvailableSelectors(const RMessage2& aMsg); |
|
189 TInt GetSelectorsCount(const RMessage2& aMsg); |
|
190 |
|
191 // |
|
192 // Miscallenious utilities related to building policy data |
|
193 // |
|
194 TInt WriteTunnelModeIkeNegotiationStringsL(HBufC8*& aPolBfr); |
|
195 |
|
196 void BuildTunnelModeIkeString( |
|
197 TDes8& aString, |
|
198 TInt aDirection, |
|
199 TInt aPort, |
|
200 TInetAddr& aGWAddr); |
|
201 |
|
202 TInt WriteTransportModeIkeNegotiationStrings(HBufC8*& aPolBfr); |
|
203 |
|
204 void BuildTransportModeIkeString( |
|
205 TDes8& aString, |
|
206 TInt aPort, |
|
207 TInetAddr& aRemote, |
|
208 TInetAddr& aRemoteMask); |
|
209 |
|
210 TInt BuildDhcpProtocolString(HBufC8*& aPolBfr); |
|
211 |
|
212 TInt BuildMip4BypassSelectors(HBufC8*& aPolBfr); |
|
213 |
|
214 TInt BuildComparisonWord(CSelectorList* aSelList); |
|
215 |
|
216 TInt SetSequenceNumbers(CSelectorList* aSelList); |
|
217 |
|
218 TInt CalculateMaskLength(TInetAddr& aMask); |
|
219 |
|
220 TInt MaskLength(TUint32 aAddr); |
|
221 |
|
222 TInt MaskLength(const TIp6Addr &aAddr); |
|
223 |
|
224 void DeleteExtraInboundOutboundSelectors(); |
|
225 |
|
226 TInt AddInboundOutboundSelectorPair(); |
|
227 |
|
228 void InboundOutboundSelectors(); |
|
229 |
|
230 CPolicySelector* FindMatchingSelector(); |
|
231 |
|
232 void FillSAInfoObject(CPolicySelector* aPolicySelector, TInt aIndex); |
|
233 |
|
234 TBool IsBypassEverythingElse(const CPolicySelector& aPolicySelector) const; |
|
235 |
|
236 TBool IsDropEverythingElse(const CPolicySelector& aPolicySelector) const; |
|
237 |
|
238 TBool IsEqualInterface(const CPolicySelector& aP1, |
|
239 const CPolicySelector& aP2) const; |
|
240 |
|
241 TBool IsEqualRemoteAddress(const CPolicySelector& aP1, |
|
242 const CPolicySelector& aP2) const; |
|
243 |
|
244 TBool IsEqualLocalAddress(const CPolicySelector& aP1, |
|
245 const CPolicySelector& aP2) const; |
|
246 |
|
247 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
248 TBool IsEqualSaSpec(CSecpolBundleItem* aS1, |
|
249 CSecpolBundleItem* aS2) const; |
|
250 #else |
|
251 TBool IsEqualSaSpec(TSecurityAssocSpec* aS1, |
|
252 TSecurityAssocSpec* aS2) const; |
|
253 #endif |
|
254 |
|
255 void FillSelectorInfoObject(); |
|
256 |
|
257 // |
|
258 // Policy conflict checking related methods |
|
259 // |
|
260 TBool CalculateCombinedPolicyBypassDropMode(); |
|
261 |
|
262 void CheckSelectorConflictsL(); |
|
263 |
|
264 void TakeNextActivePolicyL(TInt aIndex); |
|
265 |
|
266 void CompareSelectorsL(CPolicySelector *aPolicySelector); |
|
267 |
|
268 TInt CompareSAParameters( |
|
269 CPolicySelector* aPolicySelectorNew, |
|
270 CPolicySelector* aPolicySelectorOld); |
|
271 |
|
272 TBool CheckAddressOverlapping( |
|
273 TUint32 aNet1IpAddress, // Net1 low address |
|
274 TUint32 aNet1Mask, // Net1 mask |
|
275 TUint32 aNet2IpAddress, // Net2 low address |
|
276 TUint32 aNet2Mask); // Net2 mask |
|
277 |
|
278 TInt GetRangeHighAddress( |
|
279 TUint32& aNetIpAddressHigh, |
|
280 TUint32 aNetIpAddressLow, |
|
281 TUint32 aNetMask); |
|
282 |
|
283 void ConflictTestForPortsAndProtocolL(); |
|
284 |
|
285 TInt ComparePortProtocol( |
|
286 CPolicySelector *aPolicySelector1, |
|
287 CPolicySelector *aPolicySelector2); |
|
288 |
|
289 void BuildConflictInfoL(); |
|
290 |
|
291 // Autoload related methods |
|
292 void ReadAutoloadConfigDataL(); |
|
293 |
|
294 // Perform autoload policies |
|
295 void AutoloadPoliciesL( |
|
296 const TZoneInfoSet& aZoneInfoSet, |
|
297 HBufC8* aPolicyBuffer, |
|
298 TAutoloadFlags aAutoloadType = EAutoloadNone); |
|
299 |
|
300 // Get the autoload flag |
|
301 inline TBool IsPreloadNeeded() |
|
302 { |
|
303 return iIsPreloadNeeded; |
|
304 } |
|
305 |
|
306 // Set autoload flag |
|
307 inline void SetAutoloadStatus(TAutoloadFlags aAutoloadFlag) |
|
308 { |
|
309 iAutoloadFlag = aAutoloadFlag; |
|
310 } |
|
311 |
|
312 // Check if autoload policy is active |
|
313 TBool IsAutoloadPolicyActive(); |
|
314 |
|
315 // Set the autoload policy flag |
|
316 void SetAutoloadPolicyActive(TBool aIsAutoloadPolicyActive); |
|
317 |
|
318 // Store autoload policy handle |
|
319 void StorePreloadPolicyHandle(); |
|
320 |
|
321 // Return autoload policy handle |
|
322 TUint32 GetAutoloadPolicyHandle(); |
|
323 |
|
324 // Find an autoload policy handle based on the parent policy handle |
|
325 CAutoloadListItem* FindScopedAutoloadPolicyPair( |
|
326 TUint32 aParentPolicyHandle); |
|
327 |
|
328 // Add an autoload policy handle based on the parent policy handle |
|
329 void AddScopedAutoloadPolicyPairL( |
|
330 TUint32 aPreloadPolicyHandle, |
|
331 TUint32 aPostloadPolicyHandle, |
|
332 TUint32 aParentPolicyHandle); |
|
333 |
|
334 //delete the scoped autoload policy pair |
|
335 void DeleteScopedAutoloadPolicyPair(TUint32 aParentPolicyHandle); |
|
336 |
|
337 //calculate the bypass mode |
|
338 void CalculateBypassOrDropMode(TBool aForLoadPolicy); |
|
339 |
|
340 //determines whether the last manual autoload policy has been unloaded |
|
341 TBool IsLastManualLoadPolicy(TUint32 aPolicyHandle); |
|
342 |
|
343 private: |
|
344 // Read the algorithms.conf file |
|
345 void ReadAlgorithmsFileL(); |
|
346 |
|
347 void ReadNextAutoloadPolicyL( |
|
348 HBufC8*& aAutoloadPolicyBuffer, |
|
349 TPtrC& aPolicyFileName); |
|
350 |
|
351 void UpdatePolicySelectorScopeId(CPolicySelector& aPolicySelector, |
|
352 TInt aScopeId); |
|
353 |
|
354 void UpdatePolicyBundleScopeId(CPolicySelector& aPolicySelector, |
|
355 TInt aScopeId, |
|
356 TInt aGwScopeId, |
|
357 TBool& aIsTunnelMode); |
|
358 |
|
359 TInt CalculatePolicyBypassDropMode(CSecurityPolicy& aSp) const; |
|
360 |
|
361 public: |
|
362 |
|
363 // List containing all loaded policies |
|
364 CActivePolicyList* iActivePolicyList; |
|
365 |
|
366 // Handle into the Socket server |
|
367 RSocketServ iSS; |
|
368 |
|
369 private: |
|
370 TPolicyHandle iNextPolicyHandle; |
|
371 TPolicyHandle iCurrentPolicyHandle; |
|
372 |
|
373 TPckg<TIpsecSaSpec>* iPckgSAInfo; |
|
374 TIpsecSaSpec* iSAInfo; |
|
375 |
|
376 TInt iVPNNetId; |
|
377 TInt iGwNetId; |
|
378 |
|
379 TInt iFunction; |
|
380 |
|
381 HBufC8* iPolicyHBufC8; |
|
382 HBufC8* iPolBfr; |
|
383 HBufC8* iAlgorithmsHBufC8; |
|
384 |
|
385 // Info section data of active policy |
|
386 HBufC8* iLastConflictInfo; |
|
387 |
|
388 // A string copied from ipsecpolparser |
|
389 HBufC8* iLastParsingErrorInfo; |
|
390 |
|
391 #ifdef TESTFLAG |
|
392 |
|
393 HBufC* iStringBuf; |
|
394 |
|
395 TAutoloadHandles* iHandles; |
|
396 |
|
397 #endif |
|
398 |
|
399 TIpsecSelectorInfo* iSelectorInfo; |
|
400 |
|
401 // Used to parse current policy |
|
402 CIpSecurityPiece* iPieceData; |
|
403 |
|
404 // Used to parse active policy list entries |
|
405 CIpSecurityPiece* iPieceData2; |
|
406 |
|
407 // Bypass/Drop mode of the combined policy |
|
408 TInt iBypassOrDropMode; |
|
409 |
|
410 const CIPSecPolicyManagerSession *iSession; |
|
411 |
|
412 CSecpolReader* iSecpolReader6; |
|
413 |
|
414 RSocket iSock; |
|
415 |
|
416 RFs iFs; |
|
417 |
|
418 RFile iAlgFile; |
|
419 |
|
420 TBool iSecpolSocketOpen; |
|
421 TBool iAlgorithmsFileOpen; |
|
422 |
|
423 // Autoload member variables |
|
424 TBool iIsPreloadNeeded; |
|
425 TManualAutoloadHandlePair iManualAutoloadHandlePair; |
|
426 |
|
427 // Autoload flag |
|
428 TAutoloadFlags iAutoloadFlag; |
|
429 |
|
430 TBool iIsAutoloadPolicyActive; |
|
431 HBufC8* iPreloadPolicy; |
|
432 HBufC8* iBeforeManualLoadPolicy; |
|
433 HBufC8* iAfterManualLoadPolicy; |
|
434 HBufC8* iBeforeScopedLoadPolicy; |
|
435 HBufC8* iAfterScopedLoadPolicy; |
|
436 |
|
437 TPolicyHandle iPreloadPolicyHandle; |
|
438 |
|
439 // Array storing the autoload-parent |
|
440 RPointerArray<CAutoloadListItem> iScopedAutoloadPolicyPairs; |
|
441 |
|
442 // Used to retrieve the gateway address passed by client in RIpsecPolicyServ::AvailableSelectors API |
|
443 TInetAddr iTunnel; |
|
444 |
|
445 CArrayFixFlat<TIpsecSelectorInfo>* iSelectorInfoArray; |
|
446 }; |
|
447 |
|
448 #endif |