diff -r 000000000000 -r af10295192d8 networksecurity/ipsec/ipsecpol/inc/ipsecpolmanhandler.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/networksecurity/ipsec/ipsecpol/inc/ipsecpolmanhandler.h Tue Jan 26 15:23:49 2010 +0200 @@ -0,0 +1,448 @@ +// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// IPSecPolicyManHandler.h - IPSec Policy Manager Handler +// + + + +/** + @internalComponent +*/ +#ifndef __IPSECPOLICYMANHANDLER__ +#define __IPSECPOLICYMANHANDLER__ + +#include +#include +#include +#include +#include + +#include "ipsecpolapi.h" +#include "ipsecpol.h" +#include "autoloadlistitem.h" +#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT +#include "spdb.h" +#endif // SYMBIAN_IPSEC_VOIP_SUPPORT + +// +// Direction codes +// +// +enum direction +{ + EInbound = 1, + EOutbound +}; + +// +// iBypassOrDropMode flags +// +// +const TInt KDropMode = 0; // Drop mode +const TInt KInboundBypass = (1 << 0); // Inbound bypass mode +const TInt KOutboundBypass = (1 << 1); // Outbound bypass mode + +// +// Forward declarations +// +// +class CSecpolReader; +class CIPSecPolicyManagerServer; +class CPolicySelector; +class CIPSecPolicyManagerSession; +class CSelectorList; +class CIpSecurityPiece; +class TIpsecSelectorInfo; +class TIpsecSaSpec; +class CAutoloadListItem; +class CSecurityPolicy; +class TSecurityAssocSpec; + +// +// Active Policy list entry +// +struct TActivePolicyListEntry + { + TPolicyHandle iPolicyHandle; + HBufC8* iPolicyBuf; + TBool iActiveState; // EFalse = loaded, not active; ETrue = active + TInt iBypassOrDropMode; // See flags below + TPolicyType iPolicyType; + }; +typedef CArrayFixFlat CActivePolicyList; + +// +// +// +struct TManualAutoloadHandlePair + { + TPolicyHandle iManualPreloadHandle; + TPolicyHandle iManualPostLoadHandle; + }; + +// +// Policy Manager Handler Class +// +class CIPSecPolicyManagerHandler : public CBase + { +public: + static CIPSecPolicyManagerHandler* NewL(CIPSecPolicyManagerServer* aServer); + void ConstructL(); + + ~CIPSecPolicyManagerHandler(); + + // + // Policy Manager API related methods + // + TInt ProcessLoadPolicyL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession, + TPolicyType aPolType); + + TInt ProcessLoadPoliciesL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt ProcessActivatePolicyL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt ProcessActivateAutoloadPolicyL( + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt ProcessUnloadPolicyL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt ProcessUnloadPoliciesL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt UnloadPolicyByHandleL( + TUint32 aPolicyHandle, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt GetIPSecSAInfoL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + + TInt GetLastConflictInfoL( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + +#ifdef TESTFLAG + + TInt RequestEvent( + const RMessage2& aMsg, + const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); + +#endif + + void ErrorHandlingL(TInt aMainCode, TInt aDetailCode); + + void ReleaseResources(); + + void ParseCurrentPolicyL(); + + void UpdateSelectorsAndTunnels(); + + void ConvertFromObjectsToStringWithSectionsL(TInt aFunction, + TInt aBypassDropMode); + + void ConvertFromObjectsToStringWithoutSectionsL(); + + void StorePolicyToActiveListL(TPolicyType aPolType, + TInt aBypassDropMode); + + void ParseAllPolicyFilesL(); + + void MakeUniqueSANamesL(); + + void SortSelectors(); + + void ConvertFromObjectsToStringL(); + + void SendAlgorithmsAndPolicyToIPSecL(const TDesC& aSocket); + + void SendNullFileToIPSecL(const TDesC& aSocket); + + void ReturnPolicyFileHandleL(const RMessage2& aMsg); + + void ApiCallCompleted(); + + TInt DeletePolicyFromList(); + + TInt SearchPolicyFromListAndActivate(); + + TInt GetAvailableSelectors(const RMessage2& aMsg); + TInt GetSelectorsCount(const RMessage2& aMsg); + + // + // Miscallenious utilities related to building policy data + // + TInt WriteTunnelModeIkeNegotiationStringsL(HBufC8*& aPolBfr); + + void BuildTunnelModeIkeString( + TDes8& aString, + TInt aDirection, + TInt aPort, + TInetAddr& aGWAddr); + + TInt WriteTransportModeIkeNegotiationStrings(HBufC8*& aPolBfr); + + void BuildTransportModeIkeString( + TDes8& aString, + TInt aPort, + TInetAddr& aRemote, + TInetAddr& aRemoteMask); + + TInt BuildDhcpProtocolString(HBufC8*& aPolBfr); + + TInt BuildMip4BypassSelectors(HBufC8*& aPolBfr); + + TInt BuildComparisonWord(CSelectorList* aSelList); + + TInt SetSequenceNumbers(CSelectorList* aSelList); + + TInt CalculateMaskLength(TInetAddr& aMask); + + TInt MaskLength(TUint32 aAddr); + + TInt MaskLength(const TIp6Addr &aAddr); + + void DeleteExtraInboundOutboundSelectors(); + + TInt AddInboundOutboundSelectorPair(); + + void InboundOutboundSelectors(); + + CPolicySelector* FindMatchingSelector(); + + void FillSAInfoObject(CPolicySelector* aPolicySelector, TInt aIndex); + + TBool IsBypassEverythingElse(const CPolicySelector& aPolicySelector) const; + + TBool IsDropEverythingElse(const CPolicySelector& aPolicySelector) const; + + TBool IsEqualInterface(const CPolicySelector& aP1, + const CPolicySelector& aP2) const; + + TBool IsEqualRemoteAddress(const CPolicySelector& aP1, + const CPolicySelector& aP2) const; + + TBool IsEqualLocalAddress(const CPolicySelector& aP1, + const CPolicySelector& aP2) const; + +#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT + TBool IsEqualSaSpec(CSecpolBundleItem* aS1, + CSecpolBundleItem* aS2) const; +#else + TBool IsEqualSaSpec(TSecurityAssocSpec* aS1, + TSecurityAssocSpec* aS2) const; +#endif + + void FillSelectorInfoObject(); + + // + // Policy conflict checking related methods + // + TBool CalculateCombinedPolicyBypassDropMode(); + + void CheckSelectorConflictsL(); + + void TakeNextActivePolicyL(TInt aIndex); + + void CompareSelectorsL(CPolicySelector *aPolicySelector); + + TInt CompareSAParameters( + CPolicySelector* aPolicySelectorNew, + CPolicySelector* aPolicySelectorOld); + + TBool CheckAddressOverlapping( + TUint32 aNet1IpAddress, // Net1 low address + TUint32 aNet1Mask, // Net1 mask + TUint32 aNet2IpAddress, // Net2 low address + TUint32 aNet2Mask); // Net2 mask + + TInt GetRangeHighAddress( + TUint32& aNetIpAddressHigh, + TUint32 aNetIpAddressLow, + TUint32 aNetMask); + + void ConflictTestForPortsAndProtocolL(); + + TInt ComparePortProtocol( + CPolicySelector *aPolicySelector1, + CPolicySelector *aPolicySelector2); + + void BuildConflictInfoL(); + + // Autoload related methods + void ReadAutoloadConfigDataL(); + + // Perform autoload policies + void AutoloadPoliciesL( + const TZoneInfoSet& aZoneInfoSet, + HBufC8* aPolicyBuffer, + TAutoloadFlags aAutoloadType = EAutoloadNone); + + // Get the autoload flag + inline TBool IsPreloadNeeded() + { + return iIsPreloadNeeded; + } + + // Set autoload flag + inline void SetAutoloadStatus(TAutoloadFlags aAutoloadFlag) + { + iAutoloadFlag = aAutoloadFlag; + } + + // Check if autoload policy is active + TBool IsAutoloadPolicyActive(); + + // Set the autoload policy flag + void SetAutoloadPolicyActive(TBool aIsAutoloadPolicyActive); + + // Store autoload policy handle + void StorePreloadPolicyHandle(); + + // Return autoload policy handle + TUint32 GetAutoloadPolicyHandle(); + + // Find an autoload policy handle based on the parent policy handle + CAutoloadListItem* FindScopedAutoloadPolicyPair( + TUint32 aParentPolicyHandle); + + // Add an autoload policy handle based on the parent policy handle + void AddScopedAutoloadPolicyPairL( + TUint32 aPreloadPolicyHandle, + TUint32 aPostloadPolicyHandle, + TUint32 aParentPolicyHandle); + + //delete the scoped autoload policy pair + void DeleteScopedAutoloadPolicyPair(TUint32 aParentPolicyHandle); + + //calculate the bypass mode + void CalculateBypassOrDropMode(TBool aForLoadPolicy); + + //determines whether the last manual autoload policy has been unloaded + TBool IsLastManualLoadPolicy(TUint32 aPolicyHandle); + +private: + // Read the algorithms.conf file + void ReadAlgorithmsFileL(); + + void ReadNextAutoloadPolicyL( + HBufC8*& aAutoloadPolicyBuffer, + TPtrC& aPolicyFileName); + + void UpdatePolicySelectorScopeId(CPolicySelector& aPolicySelector, + TInt aScopeId); + + void UpdatePolicyBundleScopeId(CPolicySelector& aPolicySelector, + TInt aScopeId, + TInt aGwScopeId, + TBool& aIsTunnelMode); + + TInt CalculatePolicyBypassDropMode(CSecurityPolicy& aSp) const; + +public: + + // List containing all loaded policies + CActivePolicyList* iActivePolicyList; + + // Handle into the Socket server + RSocketServ iSS; + +private: + TPolicyHandle iNextPolicyHandle; + TPolicyHandle iCurrentPolicyHandle; + + TPckg* iPckgSAInfo; + TIpsecSaSpec* iSAInfo; + + TInt iVPNNetId; + TInt iGwNetId; + + TInt iFunction; + + HBufC8* iPolicyHBufC8; + HBufC8* iPolBfr; + HBufC8* iAlgorithmsHBufC8; + + // Info section data of active policy + HBufC8* iLastConflictInfo; + + // A string copied from ipsecpolparser + HBufC8* iLastParsingErrorInfo; + +#ifdef TESTFLAG + + HBufC* iStringBuf; + + TAutoloadHandles* iHandles; + +#endif + + TIpsecSelectorInfo* iSelectorInfo; + + // Used to parse current policy + CIpSecurityPiece* iPieceData; + + // Used to parse active policy list entries + CIpSecurityPiece* iPieceData2; + + // Bypass/Drop mode of the combined policy + TInt iBypassOrDropMode; + + const CIPSecPolicyManagerSession *iSession; + + CSecpolReader* iSecpolReader6; + + RSocket iSock; + + RFs iFs; + + RFile iAlgFile; + + TBool iSecpolSocketOpen; + TBool iAlgorithmsFileOpen; + + // Autoload member variables + TBool iIsPreloadNeeded; + TManualAutoloadHandlePair iManualAutoloadHandlePair; + + // Autoload flag + TAutoloadFlags iAutoloadFlag; + + TBool iIsAutoloadPolicyActive; + HBufC8* iPreloadPolicy; + HBufC8* iBeforeManualLoadPolicy; + HBufC8* iAfterManualLoadPolicy; + HBufC8* iBeforeScopedLoadPolicy; + HBufC8* iAfterScopedLoadPolicy; + + TPolicyHandle iPreloadPolicyHandle; + + // Array storing the autoload-parent + RPointerArray iScopedAutoloadPolicyPairs; + + // Used to retrieve the gateway address passed by client in RIpsecPolicyServ::AvailableSelectors API + TInetAddr iTunnel; + + CArrayFixFlat* iSelectorInfoArray; + }; + +#endif