diff -r 000000000000 -r b497e44ab2fc terminalsecurity/SCP/SCPServer/inc/SCPServer.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/terminalsecurity/SCP/SCPServer/inc/SCPServer.h Thu Dec 17 09:07:52 2009 +0200 @@ -0,0 +1,623 @@ +/* +* Copyright (c) 2000 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: Implementation of terminalsecurity components +* +*/ + + +#ifndef SCPSERVER_H +#define SCPSERVER_H + +// Define this so the precompiler in CW 3.1 won't complain about token pasting, +// the warnings are not valid +#pragma warn_illtokenpasting off + +#define SCP_USE_POLICY_ENGINE +#define SCP_ENFORCE_SECURITY + +#ifdef __REMOTE_LOCK +#define SCP_SMS_LOCK_AVAILABLE +#endif // __REMOTE_LOCK + +// Note: Copy the definitions also to SCPServer.mmp + +// INCLUDES +#include +#include +#include +#include +#include + +#include "SCPServerInterface.h" +#include "SCPConfiguration.h" +#include "SCPTimer.h" + +#include "SCPParamDB.h" +#include +#include + +#include "SCPDebug.h" +#include +/*#ifdef _DEBUG +#define __SCP_DEBUG +#endif // _DEBUG + +#ifdef __SCP_DEBUG +#define Dprint(a) RDebug::Print ## a +#else +#define Dprint(a) +#endif // _DEBUG*/ + + +// LOCAL CONSTANTS +const TInt KSCPConfigUnknown = 0; +const TInt KSCPConfigOK = 1; +const TInt KSCPConfigInvalid = 2; + +const TUint KSCPServerShutdownTimeout( 10000000 ); // 10 seconds + +const TUint KSCPLockOperationTimeout( 10000000 ); // 10 seconds +const TUint KSCPAutolockPeriodMaximum( 1440 ); // Autolock period max. value + +const TInt KSCPCodeBlockLimit( 5 ); // The fifth attempt will lock the code +const TInt KSCPCodeBlockedTimeMin( 5 ); // Block the code for 5min +_LIT( KSCPNotBlocked, "NB" ); + +const TInt KSCPErrCodeBlockStarted = -102; + +// Policy engine -related definitions. Used to retrieve and set the code change -policy. +_LIT8( KSCPOKResponse, "Operation Ok"); + +_LIT8( KSCPCodePolicyDisallowOperation, + "]]>"); + +_LIT8( KSCPCodePolicyAllowOperation, + ""); + +_LIT8( KCodePolicySubject, "subject" ); +_LIT8( KCodePolicySubjectValue, "autolock" ); +_LIT8( KCodePolicyAction, "action" ); +_LIT8( KCodePolicyActionValue, "lock" ); +_LIT8( KCodePolicyTypeId, "http://www.w3.org/2001/XMLSchema#string" ); + +// Allowed SIDs for the functions +const TUint32 KSCPServerSIDTerminalControl( 0x10207825 ); // Terminal Control Server +const TUint32 KSCPServerSIDGeneralSettings( 0x100058EC ); // General Settings +//const TUint32 KSCPServerSIDSecurityObserver( 0x10000938 ); // Security Observer +const TUint32 KAknNfySrvUid( 0x10281EF2 ); // Security Notifier +const TUint32 KSCPServerSIDAutolock( 0x100059B5 ); // Autolock +const TUint32 KSCPEvntHndlrUid( 0x20026F5C ); // UID of the DMEventNotifier -> SCPEventHandler +const TUint32 KDevEncUiUid( 0x2000259A ); // SID of Device Encryption UI +const TUint32 KSCPServerSIDSysAp (0x100058F3); + +#ifdef SCP_ENFORCE_SECURITY +// Policy server elements +const CPolicyServer::TPolicyElement SCPPolicyElements[]= + { + { + _INIT_SECURITY_POLICY_S0( KSCPServerSIDTerminalControl ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + // Access to the query-functionality will be checked in the service code + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + // Access to the get-functionality will be checked in the service code + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + // Anyone can access the authentication calls + }, + { + _INIT_SECURITY_POLICY_S0( KSCPServerSIDAutolock ), + CPolicyServer::EFailClient + // Only Autolock allowed for the Check configuration call + }, + { + _INIT_SECURITY_POLICY_S0( KSCPEvntHndlrUid ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapabilityAllFiles ), + CPolicyServer::EFailClient + } + }; +#else +const CPolicyServer::TPolicyElement SCPPolicyElements[]= + { + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + }, + { + _INIT_SECURITY_POLICY_C1( ECapability_None ), + CPolicyServer::EFailClient + } + }; +#endif // SCP_ENFORCE_SECURITY + +// Policy server ranges +const TInt SCPPolicyRanges[] = + { + 0, // Functional calls + 10, // Store call + 20, // Query call + 30, // Getparam call + 40, // Authentication calls + 50, // CheckConfig call + 60, // App cleanup call + 70 // SetAutoLock period from UI + }; + +// Policy server elements index +const TUint8 SCPPolicyElementsIndex[] = + { + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7 + }; + +// Actual policy definition +const CPolicyServer::TPolicy CSCPServerPolicy = + { + CPolicyServer::EAlwaysPass, // Connection policy + 8, // Range count + SCPPolicyRanges, + SCPPolicyElementsIndex, + SCPPolicyElements + }; + +const TInt KSCPDefaultMaxTO( 0 ); + +// reasons for server panic +enum TSCPServPanic + { + ESvrCreateServer, + ESvrStartServer, + ECreateTrapCleanup, + EBadRequest, + EBadHashDigest + }; + + +// DATA TYPES + +// FORWARD DECLARATIONS +class CSCPSessionbase; + +//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS +class CSCPPluginManager; +class CSCPPluginEventHandler; +class CSCPParamObject; +class MSCPPluginEventHandler; +//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + +// function to panic the server +void PanicServer( TSCPServPanic aPanic ); + +// FORWARD CLASS DECLARATION +class CSCPParamDBController; + +/** +* The class which contains the actual SCP server implementation +*/ +class CSCPServer : public CPolicyServer, public MSCPTimeoutHandler + { + + public: // Methods + + enum { EPriority = CActive::EPriorityStandard }; + + // Constructors and destructor + + /** + * Static constructor. + */ + static CSCPServer* NewL(); + + /** + * Destructor. + */ + virtual ~CSCPServer(); + + // New methods + + /** + * The initial entry point to the actual server code + * @param aNone Not used + * @return Always success, may panic if the server or + * the cleanup stack cannot be created + */ + static TInt ThreadFunction(TAny* aNone); + + /** + * A method to retrieve the code stored on the server + * @param aCode A descriptor buffer that is to contain the code + * @return TInt: A generic status value + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt GetCode( TDes& aCode ); + + /** + * A method to store a new ISA code value to the server + * @param aCode A descriptor buffer that contains the new code + * @return TInt: A generic status value + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt StoreCode( TDes& aCode ); + + /** + * Tries to change the ISA-side code using the stored old code. + * @param aNewPassword The new password + */ + void ChangeISACodeL( RMobilePhone::TMobilePassword& aNewPassword ); + +//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** + * Get the 5-digit ISA code value from the given hash-buffer. + * @param aHashBuf A descriptor buffer that contains a MD5 digest + * @return TInt: The hashed DOS code + *
Name of return value: DOS code + *
Type of return value: TInt + *
Range of return value: 10000-99999 + *
Contents of return value: The hashed code + */ + static TInt HashISACode( TDes& aHashBuf ); + + /** + * A method to store a new enhanced code value to the server + * @param aCode A descriptor buffer that contains the new code + * @param aNewDOScode A ptr to a descriptor buffer, which will contain the new + * DOS code after a successful call + * @return TInt: A generic status value + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt StoreEnhCode( TDes& aCode, TSCPSecCode* aNewDOSCode = NULL ); +//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** + * A method for checking if a session has the given operation in progress + * @param aCommand The command to check for + * @return The status of the given command + *
Name of return value: Status + *
Type of return value: TBool + *
Range of return value: ETrue/EFalse + *
Contents of return value: The status code + */ + TBool IsOperationInProgress( TSCPAdminCommand aCommand ); + + /** + * A method for acknowledging commands of a given type, also returns if a + * session was waiting for the acknowledgement + * @param aCommand The command the acknowledgement is for + * @return ETrue if a session was waiting, otherwise EFalse + *
Name of return value: Status + *
Type of return value: TBool + *
Range of return value: ETrue/EFalse + *
Contents of return value: The status code + */ + TBool AcknowledgementReceived( TSCPAdminCommand aCommand ); + + /** + * Handles get parameter value messages. + * @param aMessage The message received from the client + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt SetParameterValueL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity ); + + /** + * Handles set parameter value messages. + * @param aMessage The message received from the client + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt GetParameterValueL( TInt aID, TDes& aValue, TUint32 aCallerIdentity ); + + /** + * Checks the validity of the given ISA code string. + * @param aCode The code whose validity is to be checked. + *
Name of return value: Code validity state + *
Type of return value: TBool + *
Range of return value: ETrue/EFalse + *
Contents of return value: A truth value indicating the validity + */ + static TBool IsValidISACode( TDes& aCode ); + + /** + * Sets the autolock period. + * @param aValue The new value for the period + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt SetAutolockPeriodL( TInt aValue ); + + /** + * Gets the autolock period. + * @param aValue A reference that will contain the value on success + *
Name of return value: Status + *
Type of return value: TInt + *
Range of return value: A system error code + *
Contents of return value: The status code + */ + TInt GetAutolockPeriodL( TInt& aValue ); + + /** + * Informs the server that a session has been closed. + */ + void SessionClosed(); + + /** + * Informs the server that a session has been opened. + */ + void SessionOpened(); + + /** + * Check if the given DOS code is correct. + */ + void CheckISACodeL( RMobilePhone::TMobilePassword aCode ); + + /** + * Check if the server configuration is valid and in-sync with the DOS. + * @param aMode The check mode, initial or complete. The initial mode only checks if the + * configuration has already been validated. + */ + void ValidateConfigurationL( TInt aMode ); + + /** + * Fetches the server's handles to Etel sever and RMobilePhone API. Opens + * if required. + * @param aTelServ A handle ptr to receive the Etel API handle ptr + * @param aPhone A handle ptr to receive the RMobilePhone API handle ptr + */ + void GetEtelHandlesL( RTelServer** aTelServ = NULL, RMobilePhone** aPhone = NULL ); + +//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** + * Checks the validity of the given enhanced code string. + * @param aCode The code whose validity is to be checked. + *
Name of return value: Code validity state + *
Type of return value: TBool + *
Range of return value: ETrue/EFalse + *
Contents of return value: A truth value indicating the validity + */ + static TBool IsValidEnhCode( TDes& aCode ); + + /** + * Check if the code is blocked + * @return The status + */ + TBool IsCodeBlocked(); + + /** + * Send a DOS code known to be invalid. Makes sure the DOS code isn't blocked. + */ + void SendInvalidDOSCode( RMobilePhone::TMobilePassword& aCodeToSend ); + + /** + * The end-point method for authentication calls. Checks the given code and returns + * the correct/incorrect ISA code. + */ + TInt CheckCodeAndGiveISAL( TDes& aCodeToCheck, + TDes& aISACodeToReturn, + CSCPParamObject*& aRetParams, + TInt aFlags ); + + /** + * The end-point method for the change security code -call. Checks the given code, and + * changes the code, if it was correct. + */ + TInt CheckAndChangeEnhCodeL( TDes& aOldPass, + TDes& aNewPass, + CSCPParamObject*& aRetParams, + TSCPSecCode& aNewDOSCode ); + + /** + * Retrieves the plugin event handler -object to be used. + */ + MSCPPluginEventHandler* GetEventHandlerL(); + + /** + * Checks from the plugins, if the password is allowed to be changed at this time. + */ + TInt IsPasswordChangeAllowedL( CSCPParamObject*& aRetParams ); + + /** + * This method is called to remove the parameters set by the application(s) provided as arguments. + */ + TInt PerformCleanupL( HBufC8* aAppIDBuffer, RArray& aChangeArray, RPointerArray& aParamValArray ); +//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + + // Methods from base classes + + /** + * From CPolicyServer The session creation function + * @param aVersion The version of the requesting client + * @param aMsg The connection message + * @return A pointer to a new session + *
Name of return value: New session pointer + *
Type of return value: CSession2* + *
Range of return value: A valid pointer to a new session + *
Contents of return value: A valid pointer to a new session + */ + CSession2* NewSessionL(const TVersion &aVersion, const RMessage2& aMsg ) const; + + /** + * From MSCPTimeoutHandler Timeout callback + * @param aParam The parameter passed to the timer object + */ + void Timeout( TAny* aParam ); + + private: //Methods + + // New Methods + + /** + * C++ default constructor. + */ + CSCPServer( TInt aPriority ); + + /** + * The actual worker method for the server + * @return TInt: KErrNone is successful + */ + static TInt ThreadFunctionStage2L(); + + /** + * By default Symbian 2nd phase constructor is private. + */ + void ConstructL(); + + /** + * Set the change policy for the security code + * @return TInt: KErrNone is successful, otherwise a system error code + */ + TInt ChangeCodePolicy( const TDesC& aValue ); + + /** + * Sets the best policy for the given parameter + * @return TInt: KErrNone if successful, otherwise a system wide error + */ + TInt SetBestPolicyL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity, CSCPParamDBController* aParamDB ); + + /** + * Retrieve the change policy for the security code + * @return TInt: KErrNone is successful, otherwise a system error code + */ + TInt GetCodePolicy( TDes& aValue ); + + /** + * Check if Restore Factory Settings has been run, and reset the server + * configuration if it has. + */ + void CheckIfRfsPerformedL(); + + + // #ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** + * Retrieve the change policy for the security code + * @return TInt: KErrNone is successful, otherwise a system error code + */ + TInt IsCorrectEnhCode( TDes& aCode, TInt aFlags ); + + //#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** + * Checks if device memory is encrypted or not. The check is only done for phone memory. + * @return TBool. ETrue if phone memory is encrypted, otherwise EFalse. + */ + TBool IsDeviceMemoryEncrypted(); + + private: // Data + /** An object that contains the configuration data for the server */ + TSCPConfiguration iConfiguration; + + #ifndef SCP_USE_POLICY_ENGINE + /** Used to store the state of the code change policy */ + TInt iCodePolicy; + #endif // SCP_USE_POLICY_ENGINE + + /** Used for retrieving and changing the Autolock period, owned. */ + CRepository* iALPeriodRep; + + /** Pointer to a timer-object used to shut down the server after + all sessions have been closed and a specified time has elapsed. Owned.*/ + CSCPTimer* iShutdownTimer; + + /** A handle to ETel server */ + RTelServer iTelServ; + /** A handle to the multimode TSY */ + RMobilePhone iPhone; + + /** A handle to the File Server */ + RFs iRfs; + + // #ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS + + /** A pointer to the plugin manager object, owned */ + CSCPPluginManager* iPluginManager; + + /** A pointer to the plugin event handler object, owned */ + CSCPPluginEventHandler* iPluginEventHandler; + + /** An integer variable to define the input mode of the lock code query */ + TInt def_mode; + + /** A character variable to get the very first character of the lock code */ + TChar ch; + + TBool iOverrideForCleanup; + // #endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + }; + +#endif // SCPSERVER_H + +// End of File +