|
1 /* |
|
2 * Copyright (c) 2002-2005 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IPSec policy parser main module. |
|
15 * A parser for IPsec policies. Converts textual IPsec policies into |
|
16 * in-memory data structures and vice versa. |
|
17 * |
|
18 */ |
|
19 |
|
20 |
|
21 |
|
22 #include <e32std.h> |
|
23 #include <coeutils.h> |
|
24 |
|
25 #include "ipsecpolparser.h" |
|
26 #include "logvpncommon.h" |
|
27 |
|
28 // Policies Parsing |
|
29 |
|
30 // Symbian change - start |
|
31 #ifdef __VC32__ |
|
32 #pragma warning(disable : 4097) // typedef-name used as synonym for class-name |
|
33 #endif |
|
34 // Symbian change - end |
|
35 |
|
36 EXPORT_C |
|
37 TPolicyParser::TPolicyParser(const TDesC &aPolicy) : TLex(aPolicy) |
|
38 {} |
|
39 |
|
40 EXPORT_C TInt |
|
41 TPolicyParser::ParseL(CIpSecurityPiece* aPieceData) |
|
42 { |
|
43 LOG_("TPolicyParser::ParseL()\n"); |
|
44 TInt err(KErrNone); |
|
45 iLine = 1; |
|
46 |
|
47 CSecurityPolicy* sp = aPieceData->Policies(); |
|
48 while (!err && NextToken() == token_string) |
|
49 { |
|
50 if (iToken.Compare(_L("sa")) == 0) |
|
51 { |
|
52 err = parse_sa_specL(sp); |
|
53 } |
|
54 else if (iToken.Compare(_L("ep")) == 0) |
|
55 { |
|
56 err = parse_ep_specL(sp); |
|
57 } |
|
58 else |
|
59 { |
|
60 err = parse_conn2saL(sp); |
|
61 } |
|
62 } |
|
63 |
|
64 if (!err && !Eos()) |
|
65 { |
|
66 // Parsing didn't detect error, but not all parsed! |
|
67 err = KErrGeneral; |
|
68 } |
|
69 |
|
70 if (err) |
|
71 { |
|
72 if (iMsg.Length() > 0 && iMsg.Length() < 200) |
|
73 { |
|
74 aPieceData->iErrorInfo.Copy(iMsg); |
|
75 } |
|
76 } |
|
77 |
|
78 return (err); |
|
79 } |
|
80 |
|
81 EXPORT_C TInt |
|
82 TPolicyParser::BufferAppend(HBufC8*& aPolBfr, const TDesC8& aText) |
|
83 { |
|
84 LOG_("TPolicyParser::BufferAppend()\n"); |
|
85 TInt err(KErrNone); |
|
86 |
|
87 // Make sure that we have enough space for the new text |
|
88 TInt spaceLeft = aPolBfr->Des().MaxLength() - aPolBfr->Des().Length(); |
|
89 if (aText.Length() > spaceLeft) |
|
90 { |
|
91 // Allocate enough space for the new text + some additional |
|
92 // free space so that allocations are not too frequent |
|
93 TInt newMaxLength = aPolBfr->Des().MaxLength() |
|
94 + aText.Length() |
|
95 + KPolicyBufferSizeIncrement; |
|
96 HBufC8* tempBfr = aPolBfr->ReAlloc(newMaxLength); |
|
97 if (tempBfr != NULL) |
|
98 { |
|
99 aPolBfr = tempBfr; |
|
100 } |
|
101 else |
|
102 { |
|
103 return KErrNoMemory; |
|
104 } |
|
105 } |
|
106 |
|
107 aPolBfr->Des().Append(aText); |
|
108 return err; |
|
109 } |
|
110 |
|
111 EXPORT_C TInt |
|
112 TPolicyParser::Write(CSecurityPolicy *aSp, |
|
113 HBufC8*& aPolBfr, |
|
114 TBool aSortingOrder) |
|
115 { |
|
116 LOG_("TPolicyParser::Write()\n"); |
|
117 TInt err = WriteSAs(aSp->SAList(), aPolBfr); |
|
118 if (err) |
|
119 { |
|
120 return err; |
|
121 } |
|
122 |
|
123 if (aSortingOrder) |
|
124 { |
|
125 err = WriteSelectorsInSortingOrder(aSp->SelectorList(), |
|
126 aPolBfr, |
|
127 aSortingOrder); |
|
128 } |
|
129 else |
|
130 { |
|
131 err = WriteSelectors(aSp->SelectorList(), aPolBfr, aSortingOrder); |
|
132 } |
|
133 |
|
134 return err; |
|
135 } |
|
136 |
|
137 TInt |
|
138 TPolicyParser::WriteSAs(CSAList* aSAList, HBufC8*& aPolBfr) |
|
139 { |
|
140 LOG_("TPolicyParser::WriteSAs()\n"); |
|
141 TBuf8<1024> aux; |
|
142 TInt err(KErrNone); |
|
143 TInt count = aSAList->Count(); |
|
144 for (TInt i = 0; i < count ; i++) |
|
145 { |
|
146 TextSA(aSAList->At(i), aux); |
|
147 err = BufferAppend(aPolBfr, aux); |
|
148 if (err != KErrNone) |
|
149 { |
|
150 return err; |
|
151 } |
|
152 } |
|
153 return KErrNone; |
|
154 } |
|
155 |
|
156 void |
|
157 TPolicyParser::TextSA(CPolicySpec* aSA, TDes8& aBuf) |
|
158 { |
|
159 LOG_("TPolicyParser::TextSA()\n"); |
|
160 if (aSA->iSpectype == EPolSpecSA) |
|
161 { |
|
162 aBuf.Format(_L8("sa ")); |
|
163 // SA name |
|
164 aBuf.Append(aSA->iName->Des()); |
|
165 aBuf.Append(_L8(" = {\n")); |
|
166 switch (aSA->iSpec.iType) |
|
167 { |
|
168 case SADB_SATYPE_AH: |
|
169 aBuf.Append(_L8(" ah\n")); |
|
170 break; |
|
171 case SADB_SATYPE_ESP: |
|
172 aBuf.Append(_L8(" esp\n")); |
|
173 break; |
|
174 default: //SADB_SATYPE_UNSPEC |
|
175 aBuf.Append(_L8(" ???")); //Shouldn't happen |
|
176 } |
|
177 |
|
178 // Encryption Algorithm |
|
179 |
|
180 |
|
181 |
|
182 if (aSA->iSpec.iEalg != 0) |
|
183 { |
|
184 // Encryption Alg |
|
185 aBuf.AppendFormat(_L8(" encrypt_alg %d\n"), aSA->iSpec.iEalg); |
|
186 } |
|
187 |
|
188 if (aSA->iSpec.iEalgLen != 0) |
|
189 { |
|
190 aBuf.AppendFormat(_L8(" max_encrypt_bits %d\n"), aSA->iSpec.iEalgLen); |
|
191 } |
|
192 |
|
193 // Authentication Algorithm |
|
194 if (aSA->iSpec.iAalg != 0) |
|
195 { |
|
196 aBuf.AppendFormat(_L8(" auth_alg %d\n"), aSA->iSpec.iAalg); |
|
197 } |
|
198 |
|
199 if (aSA->iSpec.iAalgLen != 0) |
|
200 { |
|
201 aBuf.AppendFormat(_L8(" max_auth_bits %d\n"), aSA->iSpec.iAalgLen); |
|
202 } |
|
203 |
|
204 if (aSA->iSpec.iPfs != 0) |
|
205 { |
|
206 aBuf.Append(_L8(" pfs\n")); |
|
207 } |
|
208 |
|
209 if (aSA->iRemoteIdentity != NULL) |
|
210 { |
|
211 aBuf.Append(_L8(" identity_remote ")); |
|
212 aBuf.Append(aSA->iRemoteIdentity->Des()); |
|
213 aBuf.Append('\n'); |
|
214 } |
|
215 |
|
216 if (aSA->iLocalIdentity != NULL) |
|
217 { |
|
218 aBuf.Append(_L8(" identity_local ")); |
|
219 aBuf.Append(aSA->iLocalIdentity->Des()); |
|
220 aBuf.Append('\n'); |
|
221 } |
|
222 |
|
223 if (aSA->iSpec.iReplayWindowLength != 0) |
|
224 { |
|
225 aBuf.AppendFormat(_L8(" replay_win_len %d\n"), |
|
226 aSA->iSpec.iReplayWindowLength); |
|
227 } |
|
228 |
|
229 if (aSA->iSpec.iMatchProtocol != 0) |
|
230 { |
|
231 aBuf.Append(_L8(" protocol_specific\n")); |
|
232 } |
|
233 |
|
234 if (aSA->iSpec.iMatchLocalPort != 0) |
|
235 { |
|
236 aBuf.Append(_L8(" local_port_specific\n")); |
|
237 } |
|
238 |
|
239 if (aSA->iSpec.iMatchRemotePort != 0) |
|
240 { |
|
241 aBuf.Append(_L8(" remote_port_specific\n")); |
|
242 } |
|
243 |
|
244 if (aSA->iSpec.iMatchProxy != 0) |
|
245 { |
|
246 aBuf.Append(_L8(" proxy_specific\n")); |
|
247 } |
|
248 |
|
249 if (aSA->iSpec.iMatchSrc != 0) |
|
250 { |
|
251 aBuf.Append(_L8(" src_specific\n")); |
|
252 } |
|
253 |
|
254 if (aSA->iSpec.iMatchLocal != 0) |
|
255 { |
|
256 aBuf.Append(_L8(" local_specific\n")); |
|
257 } |
|
258 |
|
259 if (aSA->iSpec.iMatchRemote != 0) |
|
260 { |
|
261 aBuf.Append(_L8(" remote_specific\n")); |
|
262 } |
|
263 |
|
264 if (aSA->iSpec.iHard.sadb_lifetime_allocations != 0) |
|
265 { |
|
266 aBuf.AppendFormat(_L8(" hard_lifetime_allocations %d\n"), |
|
267 aSA->iSpec.iHard.sadb_lifetime_allocations); |
|
268 } |
|
269 |
|
270 if (aSA->iSpec.iHard.sadb_lifetime_bytes != 0) |
|
271 { |
|
272 aBuf.AppendFormat(_L8(" hard_lifetime_bytes %d\n"), |
|
273 aSA->iSpec.iHard.sadb_lifetime_bytes); |
|
274 } |
|
275 |
|
276 if (aSA->iSpec.iHard.sadb_lifetime_addtime != 0) |
|
277 { |
|
278 aBuf.AppendFormat(_L8(" hard_lifetime_addtime %d\n"), |
|
279 aSA->iSpec.iHard.sadb_lifetime_addtime); |
|
280 } |
|
281 |
|
282 if (aSA->iSpec.iHard.sadb_lifetime_usetime != 0) |
|
283 { |
|
284 aBuf.AppendFormat(_L8(" hard_lifetime_usetime %d\n"), |
|
285 aSA->iSpec.iHard.sadb_lifetime_usetime); |
|
286 } |
|
287 |
|
288 if (aSA->iSpec.iSoft.sadb_lifetime_allocations != 0) |
|
289 { |
|
290 aBuf.AppendFormat(_L8(" soft_lifetime_allocations %d\n"), |
|
291 aSA->iSpec.iSoft.sadb_lifetime_allocations); |
|
292 } |
|
293 |
|
294 if (aSA->iSpec.iSoft.sadb_lifetime_bytes != 0) |
|
295 { |
|
296 aBuf.AppendFormat(_L8(" soft_lifetime_bytes %d\n"), |
|
297 aSA->iSpec.iSoft.sadb_lifetime_bytes); |
|
298 } |
|
299 |
|
300 if (aSA->iSpec.iSoft.sadb_lifetime_addtime != 0) |
|
301 { |
|
302 aBuf.AppendFormat(_L8(" soft_lifetime_addtime %d\n"), |
|
303 aSA->iSpec.iSoft.sadb_lifetime_addtime); |
|
304 } |
|
305 |
|
306 if (aSA->iSpec.iSoft.sadb_lifetime_usetime != 0) |
|
307 { |
|
308 aBuf.AppendFormat(_L8(" soft_lifetime_usetime %d\n"), |
|
309 aSA->iSpec.iSoft.sadb_lifetime_usetime); |
|
310 } |
|
311 aBuf.AppendFormat(_L8(" }\n\n")); |
|
312 } |
|
313 else |
|
314 { |
|
315 TBuf<39> addr; |
|
316 aBuf.Format(_L8("ep ")); |
|
317 |
|
318 // EndPoint name |
|
319 aBuf.Append(aSA->iName->Des()); |
|
320 aBuf.Append(_L8(" = {")); |
|
321 |
|
322 if (aSA->iEpSpec.iIsOptional) |
|
323 { |
|
324 aBuf.Append(_L8(" ? ")); |
|
325 } |
|
326 aSA->iEpSpec.iEpAddr.OutputWithScope(addr); |
|
327 aBuf.Append(addr); |
|
328 aBuf.Append(_L8(" }\n\n")); |
|
329 } |
|
330 } |
|
331 |
|
332 TInt |
|
333 TPolicyParser::WriteSelectors(CSelectorList* aSelList, |
|
334 HBufC8*& aPolBfr, |
|
335 TBool /* aSortingOrder */) |
|
336 { |
|
337 LOG_("TPolicyParser::WriteSelectors()\n"); |
|
338 TBuf8<1024> aux; |
|
339 TInt err(KErrNone); |
|
340 TInt count(aSelList->Count()); |
|
341 for (TInt i = 0; i < count; i++) |
|
342 { |
|
343 aux.Zero(); |
|
344 CPolicySelector* ps = aSelList->At(i); |
|
345 |
|
346 // Bypass the selector, if sequence number is 0xFFFFFFFF. |
|
347 // This sequence number indicates that the selector |
|
348 // is of type 'bypass/drop_everything_else' |
|
349 if (ps->iSequenceNumber == 0xFFFFFFFF) |
|
350 { |
|
351 continue; |
|
352 } |
|
353 |
|
354 // Convert selector to text format and print it into buffer |
|
355 TextSel(ps, aux, EFalse); |
|
356 err = BufferAppend(aPolBfr, aux); |
|
357 if (err != KErrNone) |
|
358 { |
|
359 return err; |
|
360 } |
|
361 } |
|
362 |
|
363 // All selectors have been written |
|
364 err = BufferAppend(aPolBfr, (_L8("\n"))); |
|
365 return (err); |
|
366 } |
|
367 |
|
368 /////////////////////////////////////////////////////////////////// |
|
369 // This function writes the selectors to a file according |
|
370 // to the sequence numbers available in the CPolicySelector. |
|
371 /////////////////////////////////////////////////////////////////// |
|
372 // |
|
373 TInt |
|
374 TPolicyParser::WriteSelectorsInSortingOrder( |
|
375 CSelectorList* aSelList, |
|
376 HBufC8*& aPolBfr, |
|
377 TBool /* aSortingOrder */) |
|
378 { |
|
379 LOG_("TPolicyParser::WriteSelectorsInSortingOrder()\n"); |
|
380 TInt err(KErrNone); |
|
381 TInt count(aSelList->Count()); |
|
382 TInt currentSequenceNumber(1); |
|
383 |
|
384 // Loop here until all selectors have been written |
|
385 TBool found = ETrue; |
|
386 while (found) |
|
387 { |
|
388 found = EFalse; |
|
389 |
|
390 // Loop through the selector list and search the |
|
391 // the selector corresponding to the current sequence number |
|
392 for (TInt i = 0; i < count; i++) |
|
393 { |
|
394 TBuf8<1024> aux; |
|
395 aux.Zero(); |
|
396 CPolicySelector* ps = aSelList->At(i); |
|
397 |
|
398 if (ps->iSequenceNumber == currentSequenceNumber) |
|
399 { |
|
400 // Build a selector output string |
|
401 TextSel(ps, aux, ETrue); |
|
402 |
|
403 // Write a string to the file |
|
404 err = BufferAppend(aPolBfr, aux); |
|
405 if (err != KErrNone) |
|
406 { |
|
407 return err; |
|
408 } |
|
409 // Prepare for the next selector |
|
410 currentSequenceNumber++; |
|
411 found = ETrue; |
|
412 break; |
|
413 } |
|
414 } |
|
415 } |
|
416 |
|
417 // All selectors have been written |
|
418 err = BufferAppend(aPolBfr, (_L8("\n"))); |
|
419 return (err); |
|
420 } |
|
421 |
|
422 /////////////////////////////////////////////////////////////////// |
|
423 // Prints the supplied selector into a given buffer in text format |
|
424 /////////////////////////////////////////////////////////////////// |
|
425 // |
|
426 void |
|
427 TPolicyParser::TextSel(CPolicySelector* aSel, |
|
428 TDes8& aBuf, |
|
429 TBool aOrdered) |
|
430 { |
|
431 LOG_("TPolicyParser::TextSel()\n"); |
|
432 aBuf.Format(_L8(" ")); |
|
433 |
|
434 if (aSel->iIsFinal) |
|
435 { |
|
436 aBuf.Append(_L8(" final ")); |
|
437 } |
|
438 |
|
439 if (aSel->iIsMerge) |
|
440 { |
|
441 aBuf.Append(_L8(" merge ")); |
|
442 } |
|
443 |
|
444 // NOTE: |
|
445 // This is a kludge to save the global selector definition |
|
446 // when policy is loaded/parsed and then finally cached into |
|
447 // a list in text format. When combined policy is build |
|
448 // before sending it to IPSEC6.PRT component, the selector |
|
449 // list is ordered so this definition is then not included |
|
450 // in the policy text that is sent into the protocol component |
|
451 if (aSel->iGlobalSelector && !aOrdered) |
|
452 { |
|
453 aBuf.Append(_L8(" scope:global ")); |
|
454 } |
|
455 |
|
456 switch (aSel->iDirection) |
|
457 { |
|
458 default: |
|
459 break; |
|
460 |
|
461 case KPolicySelector_SYMMETRIC: |
|
462 break; |
|
463 |
|
464 case KPolicySelector_INBOUND: |
|
465 aBuf.Append(_L8(" inbound ")); |
|
466 break; |
|
467 |
|
468 case KPolicySelector_OUTBOUND: |
|
469 aBuf.Append(_L8(" outbound ")); |
|
470 break; |
|
471 |
|
472 case KPolicySelector_INTERFACE: |
|
473 TBuf8<20> name; |
|
474 name.Copy(aSel->iInterface); |
|
475 aBuf.Append(_L8(" if ")); |
|
476 aBuf.Append(name); |
|
477 aBuf.Append(_L8(" ")); |
|
478 break; |
|
479 } |
|
480 |
|
481 // Check if remote address exists and no interface name defined |
|
482 if (aSel->iDirection != KPolicySelector_INTERFACE |
|
483 && aSel->iRemote.Family() != KAFUnspec) |
|
484 { |
|
485 TBuf<39> addr; |
|
486 TBuf<39> mask; |
|
487 |
|
488 aSel->iRemote.OutputWithScope(addr); |
|
489 aSel->iRemoteMask.OutputWithScope(mask); |
|
490 |
|
491 // Add remote address/mask with scope into the buffer |
|
492 aBuf.Append(_L8(" remote ")); |
|
493 aBuf.Append(addr); |
|
494 aBuf.Append(_L8(" ")); |
|
495 aBuf.Append(mask); |
|
496 } |
|
497 else |
|
498 { |
|
499 if (aSel->iRemSelEpName != NULL) |
|
500 { |
|
501 // Remote Endpoint name exists so add it into the buffer |
|
502 aBuf.Append(_L8(" remote ")); |
|
503 aBuf.Append(aSel->iRemSelEpName->Des()); |
|
504 } |
|
505 if (aSel->iRemMaskEpName != NULL) |
|
506 { |
|
507 aBuf.Append(_L8(" ")); |
|
508 aBuf.Append(aSel->iRemMaskEpName->Des()); |
|
509 } |
|
510 } |
|
511 |
|
512 // Check if local address exists and no interface name defined |
|
513 if (aSel->iDirection != KPolicySelector_INTERFACE |
|
514 && aSel->iLocal.Family() != KAFUnspec) |
|
515 { |
|
516 TBuf<39> addr; |
|
517 TBuf<39> mask; |
|
518 |
|
519 aSel->iLocal.OutputWithScope(addr); |
|
520 aSel->iLocalMask.OutputWithScope(mask); |
|
521 |
|
522 // Add local address/mask with scope into the buffer |
|
523 aBuf.Append(_L8(" local ")); |
|
524 aBuf.Append(addr); |
|
525 aBuf.Append(_L8(" ")); |
|
526 aBuf.Append(mask); |
|
527 } |
|
528 else |
|
529 { |
|
530 if (aSel->iLocSelEpName != NULL) |
|
531 { |
|
532 // Local Endpoint name exists so add it into the buffer |
|
533 aBuf.Append(_L8(" local ")); |
|
534 aBuf.Append(aSel->iLocSelEpName->Des()); |
|
535 } |
|
536 if (aSel->iLocMaskEpName != NULL) |
|
537 { |
|
538 aBuf.Append(_L8(" ")); |
|
539 aBuf.Append(aSel->iLocMaskEpName->Des()); |
|
540 } |
|
541 } |
|
542 |
|
543 if (aSel->iProtocol != 0) |
|
544 { |
|
545 aBuf.AppendFormat(_L8(" protocol %d "), aSel->iProtocol); |
|
546 } |
|
547 |
|
548 if (aSel->iLocal.Port() != 0) |
|
549 { |
|
550 aBuf.AppendFormat(_L8(" local_port %d "), aSel->iLocal.Port()); |
|
551 } |
|
552 |
|
553 if (aSel->iRemote.Port() != 0) |
|
554 { |
|
555 aBuf.AppendFormat(_L8(" remote_port %d "), aSel->iRemote.Port()); |
|
556 } |
|
557 |
|
558 if (aSel->iIcmpType != -1) |
|
559 { |
|
560 aBuf.AppendFormat(_L8(" icmp_type %d "), aSel->iIcmpType); |
|
561 } |
|
562 |
|
563 if (aSel->iType != -1) |
|
564 { |
|
565 aBuf.AppendFormat(_L8(" type %d "), aSel->iType); |
|
566 } |
|
567 |
|
568 if (aSel->iIcmpCode != -1) |
|
569 { |
|
570 aBuf.AppendFormat(_L8(" icmp_code %d "), aSel->iIcmpCode); |
|
571 } |
|
572 |
|
573 if (aSel->iDropAction) |
|
574 { |
|
575 aBuf.Append(_L8(" = drop\n ")); |
|
576 return ; |
|
577 } |
|
578 |
|
579 aBuf.Append(_L8(" = { ")); |
|
580 |
|
581 TSecpolBundleIter iterl(aSel->iBundle); |
|
582 CSecpolBundleItem* iteml(NULL); |
|
583 while ((iteml = iterl++) != NULL) |
|
584 { |
|
585 if (iteml->iSpec != NULL) |
|
586 aBuf.Append(*iteml->iSpec->iName); |
|
587 else |
|
588 aBuf.Append(_L8(" tunnel")); |
|
589 |
|
590 aBuf.Append(_L8("(")); |
|
591 |
|
592 if (!iteml->iTunnel.IsUnspecified()) |
|
593 { |
|
594 TBuf<39> addr; |
|
595 iteml->iTunnel.OutputWithScope(addr); |
|
596 aBuf.Append(addr); |
|
597 } |
|
598 else if (iteml->iTunnelEpName != NULL) |
|
599 { |
|
600 aBuf.Append(iteml->iTunnelEpName->Des()); |
|
601 } |
|
602 aBuf.Append(_L8(") ")); |
|
603 } |
|
604 |
|
605 aBuf.Append(_L8(" }\n")); |
|
606 } |
|
607 |
|
608 void |
|
609 TPolicyParser::Error(TRefByValue<const TDesC> aFmt, ...) |
|
610 { |
|
611 VA_LIST list; |
|
612 VA_START(list, aFmt); |
|
613 iMsg.FormatList(aFmt, list); |
|
614 iMsg += (_L(" at line ")); |
|
615 iMsg.AppendNum(iLine); |
|
616 }; |
|
617 |
|
618 // |
|
619 // Skip white space and mark, including comments! |
|
620 // |
|
621 void |
|
622 TPolicyParser::SkipSpaceAndMark() |
|
623 { |
|
624 TChar ch; |
|
625 TInt comment = 0; |
|
626 |
|
627 while (!Eos()) |
|
628 { |
|
629 ch = Get(); |
|
630 if (ch == '\n') |
|
631 { |
|
632 iLine++; |
|
633 comment = 0; |
|
634 } |
|
635 else if (comment || ch == '#') |
|
636 comment = 1; |
|
637 else if (!ch.IsSpace()) |
|
638 { |
|
639 UnGet(); |
|
640 break; |
|
641 } |
|
642 } |
|
643 Mark(); |
|
644 } |
|
645 |
|
646 // |
|
647 // |
|
648 token_type TPolicyParser::NextToken() |
|
649 { |
|
650 TChar ch; |
|
651 token_type val; |
|
652 |
|
653 SkipSpaceAndMark(); |
|
654 if (Eos()) |
|
655 { |
|
656 val = token_eof; |
|
657 } |
|
658 else |
|
659 { |
|
660 ch = Get(); |
|
661 if (ch == '{') |
|
662 val = token_brace_left; |
|
663 else if (ch == '}') |
|
664 val = token_brace_right; |
|
665 else if (ch == '(') |
|
666 val = token_par_left; |
|
667 else if (ch == ')') |
|
668 val = token_par_right; |
|
669 else if (ch == '=') |
|
670 val = token_equal; |
|
671 else if (ch == ',') |
|
672 val = token_comma; |
|
673 else |
|
674 { |
|
675 val = token_string; |
|
676 while (!Eos()) |
|
677 { |
|
678 ch = Peek(); |
|
679 if (ch == '{' || ch == '}' || |
|
680 ch == '(' || ch == ')' || |
|
681 ch == '=' || ch == '#' || ch.IsSpace()) |
|
682 break; |
|
683 Inc(); |
|
684 } |
|
685 } |
|
686 } |
|
687 iToken.Set(MarkedToken()); |
|
688 SkipSpaceAndMark(); |
|
689 return (val); |
|
690 } |
|
691 |
|
692 TInt |
|
693 TPolicyParser::parse_sa_spec_paramsL(CPolicySpec& aSpec) |
|
694 { |
|
695 LOG_("TPolicyParser::parse_sa_spec_paramsL()\n"); |
|
696 TInt sa_type_defined(0); |
|
697 TInt err(KErrNone); |
|
698 token_type val; |
|
699 |
|
700 while ((val = NextToken()) == token_string) |
|
701 { |
|
702 if (iToken.Compare(_L("ah")) == 0) |
|
703 { |
|
704 sa_type_defined++; |
|
705 aSpec.iSpec.iType = SADB_SATYPE_AH; |
|
706 } |
|
707 else if (iToken.Compare(_L("esp")) == 0) |
|
708 { |
|
709 sa_type_defined++; |
|
710 aSpec.iSpec.iType = SADB_SATYPE_ESP; |
|
711 } |
|
712 else if (iToken.Compare(_L("encrypt_alg")) == 0) |
|
713 { |
|
714 err = Val(aSpec.iSpec.iEalg, EDecimal); |
|
715 if ((err != KErrNone) || (aSpec.iSpec.iEalg > MAX_EALG_VALUE)) |
|
716 { |
|
717 Error(_L("invalid encrypt alg %d"), (TUint)aSpec.iSpec.iEalg); |
|
718 return (KErrGeneral); |
|
719 } |
|
720 } |
|
721 else if (iToken.Compare(_L("max_encrypt_bits")) == 0) |
|
722 { |
|
723 err = Val(aSpec.iSpec.iEalgLen, EDecimal); |
|
724 if (err != KErrNone) |
|
725 { |
|
726 Error(_L("invalid encrypt alg key length %d"), |
|
727 aSpec.iSpec.iEalgLen); |
|
728 return (KErrGeneral); |
|
729 } |
|
730 } |
|
731 else if (iToken.Compare(_L("auth_alg")) == 0) |
|
732 { |
|
733 err = Val(aSpec.iSpec.iAalg, EDecimal); |
|
734 if (err != KErrNone) |
|
735 { |
|
736 Error(_L("invalid auth alg %d"), aSpec.iSpec.iAalg); |
|
737 return (KErrGeneral); |
|
738 } |
|
739 } |
|
740 else if (iToken.Compare(_L("max_auth_bits")) == 0) |
|
741 { |
|
742 err = Val(aSpec.iSpec.iAalgLen, EDecimal); |
|
743 if (err != KErrNone) |
|
744 { |
|
745 Error(_L("invalid auth alg length %d"), aSpec.iSpec.iAalgLen); |
|
746 return (KErrGeneral); |
|
747 } |
|
748 } |
|
749 else if ((iToken.Compare(_L("identity")) == 0) || |
|
750 (iToken.Compare(_L("identity_remote")) == 0)) |
|
751 { |
|
752 if (aSpec.iRemoteIdentity) |
|
753 { |
|
754 Error(_L("duplicate remote identity")); |
|
755 err = KErrGeneral; |
|
756 } |
|
757 else if ((val = NextToken()) == token_string) |
|
758 { |
|
759 aSpec.iRemoteIdentity = HBufC8::NewL(iToken.Length() + 1); |
|
760 aSpec.iRemoteIdentity->Des().Copy(iToken); |
|
761 } |
|
762 else |
|
763 { |
|
764 Error(_L("invalid remote identity value")); |
|
765 err = KErrGeneral; |
|
766 } |
|
767 } |
|
768 else if (iToken.Compare(_L("identity_local")) == 0) |
|
769 { |
|
770 if (aSpec.iLocalIdentity) |
|
771 { |
|
772 Error(_L("duplicate local identity")); |
|
773 err = KErrGeneral; |
|
774 } |
|
775 else if ((val = NextToken()) == token_string) |
|
776 { |
|
777 aSpec.iLocalIdentity = HBufC8::NewL(iToken.Length() + 1); |
|
778 aSpec.iLocalIdentity->Des().Copy(iToken); |
|
779 } |
|
780 else |
|
781 { |
|
782 Error(_L("invalid local identity value")); |
|
783 err = KErrGeneral; |
|
784 } |
|
785 } |
|
786 else if (iToken.Compare(_L("pfs")) == 0) |
|
787 { |
|
788 aSpec.iSpec.iPfs = 1; |
|
789 } |
|
790 else if (iToken.Compare(_L("connid_specific")) == 0) |
|
791 { |
|
792 // For backward compatibility |
|
793 aSpec.iSpec.iMatchProtocol = 1; |
|
794 aSpec.iSpec.iMatchRemotePort = 1; |
|
795 aSpec.iSpec.iMatchLocalPort = 1; |
|
796 } |
|
797 else if (iToken.Compare(_L("protocol_specific")) == 0) |
|
798 { |
|
799 aSpec.iSpec.iMatchProtocol = 1; |
|
800 } |
|
801 else if ((iToken.Compare(_L("src_port_specific")) == 0) |
|
802 || (iToken.Compare(_L("local_port_specific")) == 0)) |
|
803 { |
|
804 aSpec.iSpec.iMatchLocalPort = 1; |
|
805 } |
|
806 else if ((iToken.Compare(_L("dst_port_specific")) == 0) |
|
807 || (iToken.Compare(_L("remote_port_specific")) == 0)) |
|
808 { |
|
809 aSpec.iSpec.iMatchRemotePort = 1; |
|
810 } |
|
811 else if (iToken.Compare(_L("proxy_specific")) == 0) |
|
812 { |
|
813 aSpec.iSpec.iMatchProxy = 1; |
|
814 } |
|
815 else if (iToken.Compare(_L("src_specific")) == 0) |
|
816 { |
|
817 aSpec.iSpec.iMatchSrc = 1; |
|
818 } |
|
819 else if (iToken.Compare(_L("local_specific")) == 0) |
|
820 { |
|
821 aSpec.iSpec.iMatchLocal = 1; |
|
822 } |
|
823 else if (iToken.Compare(_L("remote_specific")) == 0) |
|
824 { |
|
825 aSpec.iSpec.iMatchRemote = 1; |
|
826 } |
|
827 else if (iToken.Compare(_L("replay_win_len")) == 0) |
|
828 { |
|
829 err = Val(aSpec.iSpec.iReplayWindowLength, EDecimal); |
|
830 } |
|
831 else if (iToken.Compare(_L("hard_lifetime_allocations")) == 0) |
|
832 { |
|
833 err = Val(aSpec.iSpec.iHard.sadb_lifetime_allocations, EDecimal); |
|
834 } |
|
835 else if (iToken.Compare(_L("hard_lifetime_bytes")) == 0) |
|
836 { |
|
837 err = Val(aSpec.iSpec.iHard.sadb_lifetime_bytes, EDecimal); |
|
838 } |
|
839 else if (iToken.Compare(_L("hard_lifetime_addtime")) == 0) |
|
840 { |
|
841 err = Val(aSpec.iSpec.iHard.sadb_lifetime_addtime, EDecimal); |
|
842 } |
|
843 else if (iToken.Compare(_L("hard_lifetime_usetime")) == 0) |
|
844 { |
|
845 err = Val(aSpec.iSpec.iHard.sadb_lifetime_usetime, EDecimal); |
|
846 } |
|
847 else if (iToken.Compare(_L("soft_lifetime_allocations")) == 0) |
|
848 { |
|
849 err = Val(aSpec.iSpec.iSoft.sadb_lifetime_allocations, EDecimal); |
|
850 } |
|
851 else if (iToken.Compare(_L("soft_lifetime_bytes")) == 0) |
|
852 { |
|
853 err = Val(aSpec.iSpec.iSoft.sadb_lifetime_bytes, EDecimal); |
|
854 } |
|
855 else if (iToken.Compare(_L("soft_lifetime_addtime")) == 0) |
|
856 { |
|
857 err = Val(aSpec.iSpec.iSoft.sadb_lifetime_addtime, EDecimal); |
|
858 } |
|
859 else if (iToken.Compare(_L("soft_lifetime_usetime")) == 0) |
|
860 { |
|
861 err = Val(aSpec.iSpec.iSoft.sadb_lifetime_usetime, EDecimal); |
|
862 } |
|
863 else |
|
864 { |
|
865 Error(_L("invalid keyword")); |
|
866 return (KErrGeneral); |
|
867 } |
|
868 if (err != KErrNone) |
|
869 { |
|
870 Error(_L("invalid numeric value")); |
|
871 return (err); |
|
872 } |
|
873 } |
|
874 |
|
875 if (val != token_brace_right) |
|
876 { |
|
877 Error(_L("right brace not found")); |
|
878 return (KErrGeneral); |
|
879 } |
|
880 else if (sa_type_defined < 1) |
|
881 { |
|
882 Error(_L("sa type not defined for sa")); |
|
883 return (KErrGeneral); |
|
884 } |
|
885 else if (sa_type_defined > 1) |
|
886 { |
|
887 Error(_L("sa type defined times for sa")); |
|
888 return (KErrGeneral); |
|
889 } |
|
890 else if ((aSpec.iSpec.iType == SADB_SATYPE_AH) && !aSpec.iSpec.iAalg) |
|
891 { |
|
892 Error(_L("auth alg not defined for sa")); |
|
893 return (KErrGeneral); |
|
894 } |
|
895 else if ((aSpec.iSpec.iType == SADB_SATYPE_ESP) && !aSpec.iSpec.iEalg) |
|
896 { |
|
897 Error(_L("encrypt alg not defined for sa")); |
|
898 return (KErrGeneral); |
|
899 } |
|
900 else if ((aSpec.iSpec.iType == SADB_SATYPE_UNSPEC) && |
|
901 (aSpec.iSpec.iEalg || aSpec.iSpec.iAalg)) |
|
902 { |
|
903 Error(_L("null SA cannot have any algorithms")); |
|
904 return (KErrGeneral); |
|
905 } |
|
906 |
|
907 return (KErrNone); |
|
908 } |
|
909 |
|
910 TInt |
|
911 TPolicyParser::parse_sa_specL(CSecurityPolicy* aSp) |
|
912 { |
|
913 LOG_("TPolicyParser::parse_sa_specL()\n"); |
|
914 TInt err(KErrNone); |
|
915 CPolicySpec* spec(NULL); |
|
916 |
|
917 if (NextToken() != token_string) |
|
918 { |
|
919 Error(_L("Syntax error")); |
|
920 err = KErrGeneral; |
|
921 } |
|
922 else |
|
923 { |
|
924 spec = CPolicySpec::NewL(iToken); |
|
925 aSp->Add(spec); |
|
926 |
|
927 if (NextToken() != token_equal || NextToken() != token_brace_left) |
|
928 { |
|
929 Error(_L("Syntax error")); |
|
930 err = KErrGeneral; |
|
931 } |
|
932 else |
|
933 { |
|
934 err = parse_sa_spec_paramsL(*spec); |
|
935 } |
|
936 } |
|
937 |
|
938 return (err); |
|
939 } |
|
940 |
|
941 TInt |
|
942 TPolicyParser::parse_sa_spec_listL(TSecpolBundle& aBundle, |
|
943 CSecurityPolicy* aSp, TInt& aFQDNCount) |
|
944 { |
|
945 LOG_("TPolicyParser::parse_sa_spec_listL()\n"); |
|
946 CSecpolBundleItem* item(NULL); |
|
947 CPolicySpec* spec(NULL); |
|
948 token_type val; |
|
949 TInt err(KErrNone); |
|
950 |
|
951 while ((val = NextToken()) == token_string) |
|
952 { |
|
953 // Find the SA transform specification from the given policy |
|
954 HBufC8 * hbuf = HBufC8::NewL(iToken.Length()); |
|
955 hbuf->Des().Copy(iToken); |
|
956 spec = aSp->FindSpec(hbuf->Des()); |
|
957 delete hbuf; |
|
958 hbuf = NULL; |
|
959 |
|
960 // A temporary(?) special kludge: if the keyword is 'tunnel' |
|
961 // assume this is a plain tunnel specification, without any |
|
962 // IPsec processing |
|
963 |
|
964 // NOTE: |
|
965 // This works only when the SA specification name is not 'tunnel |
|
966 // ('tunnel' should be illegal name for SA specification to |
|
967 // avoid confusion) |
|
968 if (!spec && iToken.Compare(_L("tunnel"))) |
|
969 { |
|
970 Error(_L("sa or plain tunnel not defined")); |
|
971 err = KErrGeneral; |
|
972 break; |
|
973 } |
|
974 |
|
975 // Allocate memory for new bundle item |
|
976 item = new (ELeave) CSecpolBundleItem; |
|
977 CleanupStack::PushL(item); |
|
978 |
|
979 // Init bundle item by using the SA transform template found |
|
980 item->iSpec = spec; |
|
981 |
|
982 // Read next token |
|
983 val = NextToken(); |
|
984 |
|
985 // Check that '(' found |
|
986 if (val != token_par_left) |
|
987 { |
|
988 // Remove bundle item from the CleanupStack and set error code |
|
989 CleanupStack::PopAndDestroy(); |
|
990 Error(_L("missing left parenthesis")); |
|
991 err = KErrGeneral; |
|
992 break; |
|
993 } |
|
994 |
|
995 // Read next token |
|
996 val = NextToken(); |
|
997 |
|
998 // Check if tunnel specification is set |
|
999 if (val == token_string) |
|
1000 { |
|
1001 // Tunnel entry found so determine if name or plain address |
|
1002 if (aSp->SearchForEPNameL(iToken) == KErrNone) |
|
1003 { |
|
1004 // Tunnel name is set so copy it |
|
1005 item->iTunnelEpName = HBufC8::NewL(iToken.Length()); |
|
1006 item->iTunnelEpName->Des().Copy(iToken); |
|
1007 } |
|
1008 else |
|
1009 { |
|
1010 // Try to instantiate IP address -- if not possible, |
|
1011 // consider the entry to represent an FQDN address, |
|
1012 // which needs to be looked up via DNS later on. |
|
1013 LOG_1("Found tunnel address: '%S'\n", &iToken); |
|
1014 err = item->iTunnel.Input(iToken); |
|
1015 if (err) |
|
1016 { |
|
1017 LOG_("Tunnel address invalid IP, assuming FQDN\n"); |
|
1018 item->iTunnelEpFQDN = iToken.AllocL(); |
|
1019 err = KErrNone; |
|
1020 aFQDNCount++; |
|
1021 } |
|
1022 } |
|
1023 |
|
1024 LOG_("Parser proceeding to next token...\n"); |
|
1025 // Read next token |
|
1026 val = NextToken(); |
|
1027 } |
|
1028 |
|
1029 // Check that ')' terminates the definition correctly |
|
1030 if (val != token_par_right) |
|
1031 { |
|
1032 // Remove bundle item from the CleanupStack and set error code |
|
1033 LOG_("Error: Closing parenthesis missing in ipsec policy section\n"); |
|
1034 CleanupStack::PopAndDestroy(); |
|
1035 Error(_L("missing right parenthesis")); |
|
1036 err = KErrGeneral; |
|
1037 break; |
|
1038 } |
|
1039 |
|
1040 LOG_("Adding bundle to the list\n"); |
|
1041 // Remove bundle item from the CleanupStack and add it into the list |
|
1042 CleanupStack::Pop(); |
|
1043 aBundle.AddLast(*item); |
|
1044 } |
|
1045 |
|
1046 // Check that terminating '}' is found |
|
1047 if (!err && val != token_brace_right) |
|
1048 { |
|
1049 LOG_("Error, missing right brace\n"); |
|
1050 Error(_L("missing right brace")); |
|
1051 err = KErrGeneral; |
|
1052 } |
|
1053 |
|
1054 LOG_1("Exiting, with error code %d\n", err); |
|
1055 |
|
1056 return (err); |
|
1057 } |
|
1058 |
|
1059 TInt |
|
1060 TPolicyParser::parse_ip_addr_and_maskL( |
|
1061 TInetAddr& addr, |
|
1062 TInetAddr& mask, |
|
1063 HBufC8*& aSelEpName, |
|
1064 HBufC8*& aMaskEpName, |
|
1065 CSecurityPolicy* aSecPol) |
|
1066 { |
|
1067 LOG_("TPolicyParser::parse_ip_addr_and_maskL()\n"); |
|
1068 TInt err(KErrNone); |
|
1069 if (NextToken() != token_string) |
|
1070 { |
|
1071 Error(_L("ip address not found")); |
|
1072 return (KErrGeneral); |
|
1073 } |
|
1074 |
|
1075 if (aSecPol->SearchForEPNameL(iToken) == KErrNone) |
|
1076 { |
|
1077 aSelEpName = HBufC8::NewL(iToken.Length()); |
|
1078 aSelEpName->Des().Copy(iToken); |
|
1079 } |
|
1080 else |
|
1081 { |
|
1082 err = addr.Input(iToken); |
|
1083 if (err != 0) |
|
1084 { |
|
1085 Error(_L("invalid ip address ")); |
|
1086 return (err); |
|
1087 } |
|
1088 } |
|
1089 |
|
1090 if (NextToken() != token_string) |
|
1091 { |
|
1092 Error(_L("address mask not found")); |
|
1093 return (KErrGeneral); |
|
1094 } |
|
1095 |
|
1096 if (aSecPol->SearchForEPNameL(iToken) == KErrNone) |
|
1097 { |
|
1098 aMaskEpName = HBufC8::NewL(iToken.Length()); |
|
1099 aMaskEpName->Des().Copy(iToken); |
|
1100 } |
|
1101 else |
|
1102 { |
|
1103 err = mask.Input(iToken); |
|
1104 if (err != 0) |
|
1105 { |
|
1106 Error(_L("invalid address mask ")); |
|
1107 return (err); |
|
1108 } |
|
1109 } |
|
1110 |
|
1111 return (KErrNone); |
|
1112 } |
|
1113 |
|
1114 //////////////////////////////////////////////////////////// |
|
1115 // Parse the endpoint name entry |
|
1116 //////////////////////////////////////////////////////////// |
|
1117 // |
|
1118 TInt |
|
1119 TPolicyParser::parse_ep_specL(CSecurityPolicy* aSp) |
|
1120 { |
|
1121 LOG_("TPolicyParser::parse_ep_specL()\n"); |
|
1122 TInt err(KErrNone); |
|
1123 CPolicySpec* spec(NULL); |
|
1124 |
|
1125 if (NextToken() != token_string) |
|
1126 { |
|
1127 Error(_L("Syntax error")); |
|
1128 err = KErrGeneral; |
|
1129 } |
|
1130 else |
|
1131 { |
|
1132 spec = CPolicySpec::NewL(iToken, EPolSpecEP); |
|
1133 aSp->Add(spec); |
|
1134 |
|
1135 if (NextToken() != token_equal || NextToken() != token_brace_left) |
|
1136 { |
|
1137 Error(_L("Syntax error")); |
|
1138 err = KErrGeneral; |
|
1139 } |
|
1140 else |
|
1141 { |
|
1142 err = parse_ep_spec_paramsL(*spec); |
|
1143 } |
|
1144 } |
|
1145 |
|
1146 return (err); |
|
1147 } |
|
1148 |
|
1149 //////////////////////////////////////////////////////////// |
|
1150 // Parse the endpoint name parameters |
|
1151 //////////////////////////////////////////////////////////// |
|
1152 TInt |
|
1153 TPolicyParser::parse_ep_spec_paramsL(CPolicySpec &aSpec) |
|
1154 { |
|
1155 LOG_("TPolicyParser::parse_ep_spec_paramsL()\n"); |
|
1156 TInt err(KErrNone); |
|
1157 token_type val; |
|
1158 |
|
1159 while ((val = NextToken()) == token_string) |
|
1160 { |
|
1161 if (iToken.Compare(_L("?")) == 0) |
|
1162 { |
|
1163 aSpec.iEpSpec.iIsOptional = ETrue; |
|
1164 } |
|
1165 else |
|
1166 { |
|
1167 err = aSpec.iEpSpec.iEpAddr.Input(iToken); |
|
1168 if (err != 0) |
|
1169 { |
|
1170 Error(_L("invalid ip address ")); |
|
1171 return (err); |
|
1172 } |
|
1173 } |
|
1174 } |
|
1175 |
|
1176 if (val != token_brace_right) |
|
1177 { |
|
1178 Error(_L("right brace not found")); |
|
1179 err = KErrGeneral; |
|
1180 } |
|
1181 |
|
1182 return (err); |
|
1183 } |
|
1184 |
|
1185 TInt |
|
1186 TPolicyParser::parse_conn2saL(CSecurityPolicy* aSp) |
|
1187 { |
|
1188 LOG_("TPolicyParser::parse_conn2saL()\n"); |
|
1189 CPolicySelector* csa(NULL); |
|
1190 TInt err(KErrNone); |
|
1191 token_type val; |
|
1192 TUint port(0); |
|
1193 |
|
1194 TInt fqdnCount(0); |
|
1195 csa = CPolicySelector::NewL(); |
|
1196 aSp->Add(csa); |
|
1197 |
|
1198 do |
|
1199 { |
|
1200 if ((iToken.Compare(_L("dst")) == 0) |
|
1201 || (iToken.Compare(_L("remote")) == 0)) |
|
1202 { |
|
1203 err = parse_ip_addr_and_maskL(csa->iRemote, |
|
1204 csa->iRemoteMask, |
|
1205 csa->iRemSelEpName, |
|
1206 csa->iRemMaskEpName, |
|
1207 aSp); |
|
1208 } |
|
1209 else if ((iToken.Compare(_L("src")) == 0) |
|
1210 || (iToken.Compare(_L("local")) == 0)) |
|
1211 { |
|
1212 err = parse_ip_addr_and_maskL(csa->iLocal, |
|
1213 csa->iLocalMask, |
|
1214 csa->iLocSelEpName, |
|
1215 csa->iLocMaskEpName, |
|
1216 aSp); |
|
1217 } |
|
1218 else if (iToken.Compare(_L("outbound")) == 0) |
|
1219 { |
|
1220 if (csa->iDirection != KPolicySelector_SYMMETRIC) |
|
1221 { |
|
1222 Error(_L("Only one inbound or outbound allowed")); |
|
1223 return (KErrGeneral); |
|
1224 } |
|
1225 csa->iDirection = KPolicySelector_OUTBOUND; |
|
1226 } |
|
1227 else if (iToken.Compare(_L("inbound")) == 0) |
|
1228 { |
|
1229 if (csa->iDirection != KPolicySelector_SYMMETRIC) |
|
1230 { |
|
1231 Error(_L("Only one inbound or outbound allowed")); |
|
1232 return (KErrGeneral); |
|
1233 } |
|
1234 csa->iDirection = KPolicySelector_INBOUND; |
|
1235 } |
|
1236 else if (iToken.Compare(_L("user_id")) == 0) |
|
1237 { |
|
1238 ; // Needs to be examined, TIdentity? -- msa |
|
1239 } |
|
1240 else if (iToken.Compare(_L("protocol")) == 0) |
|
1241 { |
|
1242 err = Val(csa->iProtocol); |
|
1243 } |
|
1244 else if ((iToken.Compare(_L("src_port")) == 0) || |
|
1245 (iToken.Compare(_L("local_port")) == 0)) |
|
1246 { |
|
1247 err = Val(port); |
|
1248 csa->iLocal.SetPort(port); |
|
1249 } |
|
1250 else if ((iToken.Compare(_L("dst_port")) == 0) || |
|
1251 (iToken.Compare(_L("remote_port")) == 0)) |
|
1252 { |
|
1253 err = Val(port); |
|
1254 csa->iRemote.SetPort(port); |
|
1255 } |
|
1256 else if (iToken.Compare(_L("icmp_type")) == 0) |
|
1257 { |
|
1258 err = Val(csa->iIcmpType); |
|
1259 } |
|
1260 else if (iToken.Compare(_L("type")) == 0) |
|
1261 { |
|
1262 err = Val(csa->iType); |
|
1263 } |
|
1264 else if (iToken.Compare(_L("icmp_code")) == 0) |
|
1265 { |
|
1266 err = Val(csa->iIcmpCode); |
|
1267 } |
|
1268 else if (iToken.Compare(_L("if")) == 0) |
|
1269 { |
|
1270 if (NextToken() != token_string) |
|
1271 { |
|
1272 Error(_L("Invalid interface specifier")); |
|
1273 err = KErrGeneral; |
|
1274 } |
|
1275 csa->iInterface.Append(iToken); |
|
1276 csa->iDirection = KPolicySelector_INTERFACE; |
|
1277 } |
|
1278 else if (iToken.Compare(_L("scope:global")) == 0) |
|
1279 { |
|
1280 csa->iGlobalSelector = ETrue; |
|
1281 } |
|
1282 else if (iToken.Compare(_L("final")) == 0 ) |
|
1283 { |
|
1284 csa->iIsFinal = ETrue; |
|
1285 } |
|
1286 else if (iToken.Compare(_L("merge")) == 0 ) |
|
1287 { |
|
1288 csa->iIsMerge = ETrue; |
|
1289 } |
|
1290 else |
|
1291 { |
|
1292 Error(_L("invalid keyword ")); |
|
1293 return (KErrGeneral); |
|
1294 } |
|
1295 |
|
1296 if (err != KErrNone) |
|
1297 { |
|
1298 // iMsg already contains an error text |
|
1299 if (iMsg.Length() != 0) |
|
1300 { |
|
1301 return err; |
|
1302 } |
|
1303 Error(_L("Error = %d"), err); |
|
1304 return err; |
|
1305 } |
|
1306 } |
|
1307 while ((val = NextToken()) == token_string); |
|
1308 |
|
1309 if (val != token_equal ) |
|
1310 { |
|
1311 Error(_L("Syntax error")); |
|
1312 err = KErrGeneral; |
|
1313 } |
|
1314 else if (NextToken() == token_brace_left) |
|
1315 { |
|
1316 err = parse_sa_spec_listL(csa->iBundle, aSp, fqdnCount); |
|
1317 } |
|
1318 else if (iToken.Compare(_L("drop")) == 0) |
|
1319 { |
|
1320 csa->iDropAction = ETrue; |
|
1321 } |
|
1322 else |
|
1323 { |
|
1324 Error(_L("Syntax error")); |
|
1325 err = KErrGeneral; |
|
1326 } |
|
1327 |
|
1328 LOG_1("SA FQDN Count: %d\n", fqdnCount); |
|
1329 aSp->IncFQDNCount(fqdnCount); |
|
1330 return (err); |
|
1331 } |
|
1332 |
|
1333 // |
|
1334 // Keys Parsing |
|
1335 // |
|
1336 EXPORT_C CKeysData::CKeysData() |
|
1337 {} |
|
1338 |
|
1339 EXPORT_C CKeysData::CKeysData(CKeysData* aKey) |
|
1340 { |
|
1341 sa_type = aKey->sa_type; |
|
1342 spi = aKey->spi; |
|
1343 encr_alg = aKey->encr_alg; |
|
1344 auth_alg = aKey->auth_alg; |
|
1345 direction = aKey->direction; |
|
1346 lifetime_bytes = aKey->lifetime_bytes; |
|
1347 lifetime_sec = aKey->lifetime_sec; |
|
1348 src_addr = aKey->src_addr; // Include port |
|
1349 dst_addr = aKey->dst_addr; // Include port |
|
1350 protocol = aKey->protocol; |
|
1351 auth_key = aKey->auth_key; |
|
1352 encr_key = aKey->encr_key; |
|
1353 } |
|
1354 |
|
1355 // |
|
1356 // CKeysDataArray |
|
1357 // |
|
1358 CKeysDataArray::CKeysDataArray(TInt aGranularity) : |
|
1359 CArrayFixFlat<class CKeysData *>(aGranularity) |
|
1360 {} |
|
1361 |
|
1362 EXPORT_C CKeysDataArray* CKeysDataArray::NewL(TInt aGranularity) |
|
1363 { |
|
1364 CKeysDataArray* self = new (ELeave) CKeysDataArray(aGranularity); |
|
1365 self->Construct(aGranularity); |
|
1366 return self; |
|
1367 } |
|
1368 |
|
1369 EXPORT_C void CKeysDataArray::Construct(TInt /* aGranularity */) |
|
1370 {} |
|
1371 |
|
1372 CKeysDataArray::CKeysDataArray(CKeysDataArray* aData) : |
|
1373 CArrayFixFlat<class CKeysData *>(aData->Count()) |
|
1374 {} |
|
1375 |
|
1376 EXPORT_C CKeysDataArray* CKeysDataArray::NewL(CKeysDataArray* aData) |
|
1377 { |
|
1378 CKeysDataArray* self = new (ELeave) CKeysDataArray(aData); |
|
1379 CleanupStack::PushL(self); |
|
1380 self->ConstructL(aData); |
|
1381 CleanupStack::Pop(); |
|
1382 return self; |
|
1383 } |
|
1384 |
|
1385 EXPORT_C void CKeysDataArray::ConstructL(CKeysDataArray* aData) |
|
1386 { |
|
1387 CopyL(aData); |
|
1388 } |
|
1389 |
|
1390 EXPORT_C CKeysDataArray::~CKeysDataArray() |
|
1391 { |
|
1392 Empty(); |
|
1393 } |
|
1394 |
|
1395 // Construct this from the data in aData |
|
1396 EXPORT_C void CKeysDataArray::CopyL(CKeysDataArray* aData) |
|
1397 { |
|
1398 CKeysData* key_data(NULL); |
|
1399 for (TInt i = 0; i < aData->Count(); i++) |
|
1400 { |
|
1401 key_data = new (ELeave) CKeysData(aData->At(i)); |
|
1402 CleanupStack::PushL(key_data); |
|
1403 AppendL(key_data); |
|
1404 CleanupStack::Pop(); |
|
1405 } |
|
1406 } |
|
1407 |
|
1408 EXPORT_C void |
|
1409 CKeysDataArray::Empty() |
|
1410 { |
|
1411 for (TInt i = 0; i < Count(); i++) |
|
1412 { |
|
1413 delete At(i); |
|
1414 } |
|
1415 |
|
1416 Reset(); |
|
1417 } |
|
1418 |
|
1419 // |
|
1420 // TKeyParser |
|
1421 // |
|
1422 EXPORT_C |
|
1423 TKeyParser::TKeyParser(const TDesC &aStr) : TLex(aStr) |
|
1424 { |
|
1425 iFirst = 1; |
|
1426 } |
|
1427 |
|
1428 EXPORT_C TInt |
|
1429 TKeyParser::ParseL(CKeysDataArray *aKeys) |
|
1430 { |
|
1431 LOG_("TKeyParser::ParseL()\n"); |
|
1432 TInt err(KErrNone); |
|
1433 |
|
1434 while (!err) |
|
1435 { |
|
1436 // Skip until first token in line |
|
1437 while (iFirst == 0) |
|
1438 NextToken(); |
|
1439 |
|
1440 if (iFirst < 0) |
|
1441 break; |
|
1442 |
|
1443 NextToken(); |
|
1444 if ((iToken.Compare(_L("pfkey_add")) == 0)) |
|
1445 { |
|
1446 TInt val(0); |
|
1447 CKeysData* keyData(NULL); |
|
1448 for (int i = 0; !err && iFirst == 0; ++i) |
|
1449 { |
|
1450 switch (i) |
|
1451 { |
|
1452 // sa type: 1=AH, 2=ESP |
|
1453 case 0: |
|
1454 keyData = new (ELeave) CKeysData; |
|
1455 err = Val(val); |
|
1456 if (val == 1) |
|
1457 keyData->sa_type = SADB_SATYPE_AH; |
|
1458 else if (val == 2) |
|
1459 keyData->sa_type = SADB_SATYPE_ESP; |
|
1460 else |
|
1461 err = KErrGeneral; |
|
1462 break; |
|
1463 |
|
1464 // spi: 1..MAX_UINT32 |
|
1465 case 1: |
|
1466 err = Val(keyData->spi); |
|
1467 break; |
|
1468 |
|
1469 // Pass encryption alg numbers as is |
|
1470 case 2: |
|
1471 err = Val(keyData->encr_alg, EDecimal); |
|
1472 break; |
|
1473 |
|
1474 // Pass authentication alg numbers as is |
|
1475 case 3: |
|
1476 err = Val(keyData->auth_alg, EDecimal); |
|
1477 break; |
|
1478 |
|
1479 // direction: 4 = inbound, 8 = outbound |
|
1480 case 4: |
|
1481 err = Val(keyData->direction); |
|
1482 // Not used, direction is implicit by the src/dst pair |
|
1483 if (keyData->direction & ~(PFKEY_INI_INBOUND |
|
1484 | PFKEY_INI_OUTBOUND)) |
|
1485 err = KErrGeneral; |
|
1486 break; |
|
1487 |
|
1488 // lifetime as bytes: 0 = not used, |
|
1489 // 1..MAX_UINT32=max sa lifetime |
|
1490 case 5: |
|
1491 err = Val(keyData->lifetime_bytes); |
|
1492 break; |
|
1493 |
|
1494 // lifetime as seconds: 0 = not used, |
|
1495 // 1..MAX_UINT32=max sa lifetime |
|
1496 case 6: |
|
1497 err = Val(keyData->lifetime_sec); |
|
1498 break; |
|
1499 |
|
1500 // src ip addr: in a.b.c.d format |
|
1501 case 7: |
|
1502 NextToken(); |
|
1503 err = keyData->src_addr.Input(iToken); |
|
1504 break; |
|
1505 |
|
1506 // dst ip addr: in a.b.c.d format |
|
1507 case 8: |
|
1508 NextToken(); |
|
1509 err = keyData->dst_addr.Input(iToken); |
|
1510 break; |
|
1511 |
|
1512 // protocol: 0 = sa NOT protocol specific, |
|
1513 // 1 = ICMP, 4 = IPIP, 6 = TCP, 17 = UDP |
|
1514 case 9: |
|
1515 err = Val(val); |
|
1516 keyData->protocol = (TUint8)val; |
|
1517 break; |
|
1518 |
|
1519 // local port: 0 = sa NOT src port specific, |
|
1520 // 1..MAX_UINT16 = src port for which sa |
|
1521 // dedicated |
|
1522 case 10: |
|
1523 err = Val(val); |
|
1524 keyData->src_addr.SetPort(val); |
|
1525 break; |
|
1526 |
|
1527 // remote port: 0 = sa NOT dst port specific, |
|
1528 // 1..MAX_UINT16 = dst port for which |
|
1529 // sa dedicated |
|
1530 case 11: |
|
1531 err = Val(val); |
|
1532 keyData->dst_addr.SetPort(val); |
|
1533 break; |
|
1534 |
|
1535 // authentication key: as hex string WITHOUT leading 0x, |
|
1536 // two hex digits for every 8 bits of key, |
|
1537 // HMAC-MD5: 128 bit = 16 byte key, |
|
1538 // HMAC-SHA1: 160 bit = 20 byte key |
|
1539 case 12: |
|
1540 NextToken(); |
|
1541 if (iToken != _L("0")) |
|
1542 { |
|
1543 // 0 is No key assigned |
|
1544 keyData->auth_key.Copy(iToken); |
|
1545 } |
|
1546 break; |
|
1547 |
|
1548 // encryption key: as hex string WITHOUT leading 0x, |
|
1549 // two hex digits for every 8 bits of key, |
|
1550 // DES-CBC: 64 bit = 8 byte key, |
|
1551 // DES-EDE3-CBC: 192 bit = 24 byte key |
|
1552 case 13: |
|
1553 NextToken(); |
|
1554 if (iToken != _L("0")) //0 is No key assigned |
|
1555 keyData->encr_key.Copy(iToken); |
|
1556 break; |
|
1557 |
|
1558 default: |
|
1559 NextToken(); |
|
1560 err = KErrKeyParser; |
|
1561 break; |
|
1562 } // switch |
|
1563 SkipSpaceAndMark(); |
|
1564 } // for |
|
1565 |
|
1566 if (err == KErrNone && keyData) |
|
1567 { |
|
1568 CleanupStack::PushL(keyData); |
|
1569 aKeys->AppendL(keyData); |
|
1570 CleanupStack::Pop(); |
|
1571 } |
|
1572 else |
|
1573 { |
|
1574 delete keyData; |
|
1575 keyData = NULL; |
|
1576 } |
|
1577 } // if |
|
1578 } // while |
|
1579 |
|
1580 return (err); |
|
1581 } |
|
1582 |
|
1583 EXPORT_C TInt |
|
1584 TKeyParser::Write(CKeysDataArray *aKeys, RFile &aFile) |
|
1585 { |
|
1586 LOG_("TKeyParser::Write()\n"); |
|
1587 TBuf8<500> text; |
|
1588 TInt err(KErrNone); |
|
1589 TInt count = aKeys->Count(); |
|
1590 for (TInt i = 0; i < count ; i++) |
|
1591 { |
|
1592 TextPFKey(aKeys->At(i), text); |
|
1593 err = aFile.Write(text); |
|
1594 if (err != KErrNone) |
|
1595 break; |
|
1596 } |
|
1597 return (err); |
|
1598 } |
|
1599 |
|
1600 void |
|
1601 TKeyParser::TextPFKey(CKeysData *aKey, TDes8 &aElem) |
|
1602 { |
|
1603 TBuf<39> addr; |
|
1604 TBuf8<39> addr8; |
|
1605 |
|
1606 aElem.Format(_L8("pfkey_add ")); |
|
1607 |
|
1608 if (aKey->sa_type == SADB_SATYPE_AH) |
|
1609 aElem.AppendFormat(_L8("%d "), 1); |
|
1610 else |
|
1611 aElem.AppendFormat(_L8("%d "), 2); |
|
1612 |
|
1613 aElem.AppendFormat(_L8("%d "), aKey->spi); |
|
1614 |
|
1615 // Algorithms |
|
1616 aElem.AppendFormat(_L8("%d "), aKey->encr_alg); |
|
1617 aElem.AppendFormat(_L8("%d "), aKey->auth_alg); |
|
1618 |
|
1619 |
|
1620 aElem.AppendFormat(_L8("%d "), aKey->direction); |
|
1621 |
|
1622 aElem.AppendFormat(_L8("%d "), aKey->lifetime_bytes); |
|
1623 aElem.AppendFormat(_L8("%d "), aKey->lifetime_sec); |
|
1624 |
|
1625 // Addresses |
|
1626 aKey->src_addr.OutputWithScope(addr); |
|
1627 |
|
1628 addr8.Copy(addr); |
|
1629 aElem.AppendFormat(addr8); |
|
1630 aElem.AppendFormat(_L8(" ")); |
|
1631 aKey->dst_addr.OutputWithScope(addr); |
|
1632 |
|
1633 addr8.Copy(addr); |
|
1634 aElem.AppendFormat(addr8); |
|
1635 aElem.AppendFormat(_L8(" ")); |
|
1636 aElem.AppendFormat(_L8("%d "), aKey->protocol); |
|
1637 |
|
1638 // Ports |
|
1639 aElem.AppendFormat(_L8("%d "), aKey->src_addr.Port()); |
|
1640 aElem.AppendFormat(_L8("%d "), aKey->dst_addr.Port()); |
|
1641 |
|
1642 // Keys |
|
1643 if (aKey->auth_key.Length() != 0) |
|
1644 aElem.Append(aKey->auth_key); |
|
1645 else |
|
1646 aElem.Append(_L8("0")); |
|
1647 |
|
1648 aElem.Append(_L8(" ")); |
|
1649 |
|
1650 if (aKey->encr_key.Length() != 0) |
|
1651 aElem.Append(aKey->encr_key); |
|
1652 else |
|
1653 aElem.Append(_L8("0")); |
|
1654 |
|
1655 aElem.Append(_L8("\n")); |
|
1656 } |
|
1657 |
|
1658 // |
|
1659 // Skip white space and mark, including comments! |
|
1660 // |
|
1661 TInt |
|
1662 TKeyParser::SkipSpaceAndMark() |
|
1663 { |
|
1664 TChar ch; |
|
1665 TInt comment = 0; |
|
1666 TInt newline = 0; |
|
1667 |
|
1668 while (!Eos()) |
|
1669 { |
|
1670 ch = Get(); |
|
1671 if (ch == '\n') |
|
1672 { |
|
1673 comment = 0; |
|
1674 newline = 1; |
|
1675 } |
|
1676 else if (comment || ch == '#') |
|
1677 comment = 1; |
|
1678 else if (!ch.IsSpace()) |
|
1679 { |
|
1680 UnGet(); |
|
1681 break; |
|
1682 } |
|
1683 } |
|
1684 Mark(); |
|
1685 return newline; |
|
1686 } |
|
1687 |
|
1688 // |
|
1689 // Extract Next token and return |
|
1690 // |
|
1691 void |
|
1692 TKeyParser::NextToken() |
|
1693 { |
|
1694 if (SkipSpaceAndMark()) |
|
1695 iFirst = 1; // New line! |
|
1696 |
|
1697 if (Eos()) |
|
1698 { |
|
1699 iFirst = -1; |
|
1700 return ; |
|
1701 } |
|
1702 |
|
1703 while (!Eos()) |
|
1704 { |
|
1705 TChar ch = Peek(); |
|
1706 if (ch == '#' || ch.IsSpace()) |
|
1707 break; |
|
1708 Inc(); |
|
1709 } |
|
1710 iToken.Set(MarkedToken()); |
|
1711 iFirst = SkipSpaceAndMark(); |
|
1712 } |
|
1713 |
|
1714 TUint8 |
|
1715 TKeyParser::HexVal(TUint8 c) |
|
1716 { |
|
1717 if (c >= 'a' && c <= 'f') |
|
1718 return (TUint8)(c - 'a' + 10); |
|
1719 else if (c >= 'A' && c <= 'F') |
|
1720 return (TUint8)(c - 'A'); |
|
1721 else if (c >= '0' && c <= '9') |
|
1722 return (TUint8)(c - '0'); |
|
1723 else |
|
1724 return 0; |
|
1725 } |
|
1726 |
|
1727 TPtrC8 |
|
1728 TKeyParser::DeHex(const TDesC &aStr) |
|
1729 { |
|
1730 const TUint8* s = (TUint8 *)aStr.Ptr(); |
|
1731 TUint8* d = (TUint8 *)iHex.Ptr(); |
|
1732 TInt i = aStr.Length(); |
|
1733 TUint8 d1 = 0; |
|
1734 TUint8 d2 = 0; |
|
1735 |
|
1736 while (i > 0) |
|
1737 { |
|
1738 d1 = TKeyParser::HexVal(*s++); |
|
1739 d2 = i > 1 ? TKeyParser::HexVal(*s++) : (TUint8)0; |
|
1740 i -= 2; |
|
1741 *d++ = (TUint8)(d1 * 16 + d2); |
|
1742 } |
|
1743 |
|
1744 iHex.SetLength(d - iHex.Ptr()); |
|
1745 return iHex; |
|
1746 } |
|
1747 |
|
1748 // |
|
1749 // Parses an security configuration file |
|
1750 // |
|
1751 EXPORT_C |
|
1752 TIpSecParser::TIpSecParser(const TDesC &aDes) : TLex(aDes) |
|
1753 { |
|
1754 LOG_("VPN ipsec policy parser instantiated\n"); |
|
1755 } |
|
1756 |
|
1757 EXPORT_C TInt |
|
1758 TIpSecParser::ParseL(CIpSecurityPiece *aPiece_data) |
|
1759 { |
|
1760 LOG_("TIpSecParser::ParseL()\n"); |
|
1761 return DoParseL(aPiece_data, ETrue); |
|
1762 } |
|
1763 |
|
1764 EXPORT_C TInt |
|
1765 TIpSecParser::ParseAndIgnoreIKEL(CIpSecurityPiece *aPiece_data) |
|
1766 { |
|
1767 LOG_("TIpSecParser::ParseAndIgnoreIKEL()\n"); |
|
1768 return DoParseL(aPiece_data, EFalse); |
|
1769 } |
|
1770 |
|
1771 TInt |
|
1772 TIpSecParser::DoParseL(CIpSecurityPiece *aPiece_data, |
|
1773 TBool /* aIncludeIKE */) |
|
1774 { |
|
1775 LOG_("TIpSecParser::DoParseL()\n"); |
|
1776 TPtrC token(NULL, 0); |
|
1777 TInt ret(0); |
|
1778 |
|
1779 if (!CheckVersion()) |
|
1780 return KErrNotSupported; // Invalid file or version |
|
1781 |
|
1782 while (!Eos()) |
|
1783 { |
|
1784 token.Set(NextToken()); |
|
1785 if (token.Compare(_L("[INFO]")) == 0) |
|
1786 { |
|
1787 ParseInfoL(aPiece_data); |
|
1788 } |
|
1789 else if (token.Compare(_L("[POLICY]")) == 0) |
|
1790 { |
|
1791 ret = ParsePoliciesL(aPiece_data); |
|
1792 if (ret != KErrNone) |
|
1793 return ret; |
|
1794 } |
|
1795 else if (token.Compare(_L("[KEYS]")) == 0) |
|
1796 { |
|
1797 ret = ParseKeysL(aPiece_data->Keys()); |
|
1798 if (ret != KErrNone) |
|
1799 return ret; |
|
1800 } |
|
1801 else |
|
1802 { |
|
1803 // Unknown Tag Ignored |
|
1804 NextTag(); |
|
1805 } |
|
1806 } |
|
1807 |
|
1808 return (KErrNone); |
|
1809 } |
|
1810 |
|
1811 TBool |
|
1812 TIpSecParser::CheckVersion() |
|
1813 { |
|
1814 TPtrC token(NULL, 0); |
|
1815 TLex version_num; |
|
1816 |
|
1817 token.Set(NextToken()); |
|
1818 if (token.Compare(_L("SECURITY_FILE_VERSION:")) == 0) |
|
1819 { |
|
1820 version_num = NextToken(); |
|
1821 if (version_num.Val(iVersion) != KErrNone) |
|
1822 return EFalse; |
|
1823 if ((iVersion < FIRST_SEC_PARSER_VERSION) || |
|
1824 (iVersion > SEC_PARSER_VERSION)) |
|
1825 return EFalse; |
|
1826 } |
|
1827 else |
|
1828 return EFalse; |
|
1829 |
|
1830 return ETrue; |
|
1831 |
|
1832 } |
|
1833 |
|
1834 void |
|
1835 TIpSecParser::ParseInfoL(CIpSecurityPiece *aPiece_data) |
|
1836 { |
|
1837 HBufC *buf = HBufC::NewL(MAX_INFO_SIZE); |
|
1838 TPtr ptr = buf->Des(); |
|
1839 TChar ch = Get(); |
|
1840 TInt i(0); |
|
1841 |
|
1842 CleanupStack::PushL(buf); |
|
1843 |
|
1844 ch = Get(); |
|
1845 while (((ch == ' ') || (ch == '\n')) && (!Eos())) |
|
1846 { |
|
1847 ch = Get(); |
|
1848 } |
|
1849 |
|
1850 while ((ch != '[') && (!Eos()) && i < MAX_INFO_SIZE) |
|
1851 { |
|
1852 ptr.Append(ch); |
|
1853 i++; |
|
1854 ch = Get(); |
|
1855 } |
|
1856 |
|
1857 if (i == MAX_INFO_SIZE) //The rest is ignored |
|
1858 { |
|
1859 ch = Get(); |
|
1860 while ( (ch != '[') && (!Eos()) ) |
|
1861 ch = Get(); |
|
1862 } |
|
1863 |
|
1864 if (ch == '[') |
|
1865 { |
|
1866 UnGet(); // the '[' |
|
1867 if (ptr.Length() > 0) //If empty no \n |
|
1868 ptr.SetLength(ptr.Length() - 1); //eliminates the \n at the end |
|
1869 } |
|
1870 |
|
1871 aPiece_data->SetInfoL(ptr); |
|
1872 CleanupStack::PopAndDestroy(); |
|
1873 } |
|
1874 |
|
1875 TInt |
|
1876 TIpSecParser::ParsePoliciesL(CIpSecurityPiece *aPieceData) |
|
1877 { |
|
1878 LOG_("TIpSecParser::ParsePoliciesL()\n"); |
|
1879 TInt err; |
|
1880 TInt pos = Remainder().Find(_L("SECURITY_FILE_VERSION:")); |
|
1881 if (pos == KErrNotFound) |
|
1882 { |
|
1883 pos = Remainder().Find(_L("[")); //The segment is until the next tag or Eos() |
|
1884 } |
|
1885 if (pos != KErrNotFound) |
|
1886 { |
|
1887 TPtr pol_ptr((TUint16 *)Remainder().Ptr(), pos, pos); //Until the next section |
|
1888 TPolicyParser parser(pol_ptr); |
|
1889 err = parser.ParseL(aPieceData); |
|
1890 Assign(Remainder().Ptr() + pos); //rest of the text to parse |
|
1891 } |
|
1892 else |
|
1893 { |
|
1894 TPolicyParser parser(Remainder()); |
|
1895 err = parser.ParseL(aPieceData); |
|
1896 } |
|
1897 return (err); |
|
1898 } |
|
1899 |
|
1900 TInt |
|
1901 TIpSecParser::ParseKeysL(CKeysDataArray *aKeys) |
|
1902 { |
|
1903 TInt err; |
|
1904 //The segment is until the next tag or Eos() |
|
1905 TInt pos = Remainder().Find(_L("[")); |
|
1906 if (pos != KErrNotFound) |
|
1907 { |
|
1908 // Until the next section |
|
1909 TPtr key_ptr((TUint16 *)Remainder().Ptr(), pos, pos); |
|
1910 TKeyParser parser(key_ptr); |
|
1911 err = parser.ParseL(aKeys); |
|
1912 |
|
1913 // Rest of the text to parse |
|
1914 Assign(Remainder().Ptr() + pos); |
|
1915 } |
|
1916 else |
|
1917 { |
|
1918 // No more tags |
|
1919 TKeyParser parser(Remainder()); |
|
1920 err = parser.ParseL(aKeys); |
|
1921 } |
|
1922 |
|
1923 return (err); |
|
1924 } |
|
1925 |
|
1926 void |
|
1927 TIpSecParser::NextTag() |
|
1928 { |
|
1929 while (!Eos()) |
|
1930 if (Get() == '[' ) |
|
1931 { |
|
1932 // Next tag found |
|
1933 UnGet(); |
|
1934 return ; |
|
1935 } |
|
1936 } |
|
1937 |
|
1938 // Puts the security file data into string format to be saved to the |
|
1939 // caller's buffer. |
|
1940 EXPORT_C TInt |
|
1941 TIpSecParser::Write(CIpSecurityPiece* aPiece_data, |
|
1942 HBufC8*& aPolBfr) |
|
1943 { |
|
1944 LOG_("TIpSecParser::Write()\n"); |
|
1945 TInt err(KErrNone); |
|
1946 |
|
1947 err = WriteVersion(aPolBfr); |
|
1948 if (err != KErrNone) |
|
1949 return err; |
|
1950 |
|
1951 err = WriteInfo(aPiece_data, aPolBfr); |
|
1952 if (err != KErrNone) |
|
1953 return err; |
|
1954 |
|
1955 err = WritePolicies(aPiece_data, aPolBfr); |
|
1956 if (err != KErrNone) |
|
1957 return err; |
|
1958 |
|
1959 return (err); |
|
1960 } |
|
1961 |
|
1962 TInt |
|
1963 TIpSecParser::WriteVersion(HBufC8*& aPolBfr) |
|
1964 { |
|
1965 TBuf8<32> buf; |
|
1966 buf.Format(_L8("SECURITY_FILE_VERSION: %d\n"), SEC_PARSER_VERSION); |
|
1967 return TPolicyParser::BufferAppend(aPolBfr, buf); |
|
1968 } |
|
1969 |
|
1970 TInt |
|
1971 TIpSecParser::WriteInfo(CIpSecurityPiece *aPiece_data, HBufC8*& aPolBfr) |
|
1972 { |
|
1973 TInt err; |
|
1974 |
|
1975 TBuf8<MAX_INFO_SIZE> buf = _L8("[INFO]\n"); |
|
1976 err = TPolicyParser::BufferAppend(aPolBfr, buf); |
|
1977 if (err != KErrNone) |
|
1978 return err; |
|
1979 |
|
1980 buf.Copy(aPiece_data->Info()->Des()); |
|
1981 err = TPolicyParser::BufferAppend(aPolBfr, buf); |
|
1982 if (err != KErrNone) |
|
1983 return err; |
|
1984 return TPolicyParser::BufferAppend(aPolBfr, (_L8("\n"))); |
|
1985 |
|
1986 } |
|
1987 |
|
1988 TInt |
|
1989 TIpSecParser::WritePolicies(CIpSecurityPiece *aPiece_data, HBufC8*& aPolBfr) |
|
1990 { |
|
1991 LOG_("TIpSecParser::WritePolicies()\n"); |
|
1992 TBuf8<10> buf = _L8("[POLICY]\n"); |
|
1993 TInt err = TPolicyParser::BufferAppend(aPolBfr, buf); |
|
1994 if (err != KErrNone) |
|
1995 return err; |
|
1996 return TPolicyParser::Write(aPiece_data->Policies(), aPolBfr); |
|
1997 } |
|
1998 |
|
1999 // |
|
2000 // CIpSecurityPiece |
|
2001 // |
|
2002 EXPORT_C void |
|
2003 CIpSecurityPiece::ConstructL(TInt aSize) |
|
2004 { |
|
2005 LOG_("CIpSecurityPiece::ConstructL()\n"); |
|
2006 iInfo = HBufC::NewL(aSize); |
|
2007 iPolicies = new (ELeave) CSecurityPolicy(); |
|
2008 iPolicies->ConstructL(); |
|
2009 iKeys = CKeysDataArray::NewL(1); |
|
2010 } |
|
2011 |
|
2012 EXPORT_C void |
|
2013 CIpSecurityPiece::SetInfoL(const TDesC &aDes) |
|
2014 { |
|
2015 LOG_("CIpSecurityPiece::SetInfoL()\n"); |
|
2016 if (aDes.Length() > iInfo->Des().MaxLength()) |
|
2017 { |
|
2018 // ReAllocs if needed |
|
2019 iInfo = iInfo->ReAllocL(aDes.Length()); |
|
2020 } |
|
2021 |
|
2022 iInfo->Des().Copy(aDes); |
|
2023 } |
|
2024 |
|
2025 EXPORT_C |
|
2026 CIpSecurityPiece::~CIpSecurityPiece() |
|
2027 { |
|
2028 LOG_("CIpSecurityPiece::~CIpSecurityPiece()\n"); |
|
2029 delete iInfo; |
|
2030 delete iPolicies; |
|
2031 delete iKeys; |
|
2032 delete iPolicyList; |
|
2033 } |
|
2034 |
|
2035 EXPORT_C CSecPolBundleList* CIpSecurityPiece::FQDNAddressListL() |
|
2036 { |
|
2037 LOG_("CIpSecurityPiece::GetFQDNAddressListL() entry\n"); |
|
2038 LOG_("Deleting policy list\n"); |
|
2039 if (iPolicyList) |
|
2040 { |
|
2041 delete iPolicyList; |
|
2042 iPolicyList = NULL; |
|
2043 } |
|
2044 LOG_("Querying DNS task count\n"); |
|
2045 TInt fqdnCount = iPolicies->FQDNCount(); |
|
2046 |
|
2047 LOG_1("DNS Task Count: %d\n", fqdnCount); |
|
2048 |
|
2049 if (fqdnCount > 0) |
|
2050 { |
|
2051 |
|
2052 LOG_("Instantiating new policy list\n"); |
|
2053 iPolicyList = new (ELeave) CSecPolBundleList(fqdnCount); |
|
2054 |
|
2055 LOG_("Querying DNS tasks\n"); |
|
2056 |
|
2057 if (iPolicies != NULL) |
|
2058 { |
|
2059 iPolicies->GetFQDNAddressListL(*iPolicyList); |
|
2060 } |
|
2061 else |
|
2062 { |
|
2063 LOG_("No ipsec policies!\n"); |
|
2064 } |
|
2065 LOG_("CIpSecurityPiece::GetFQDNAddressListL() exit\n"); |
|
2066 } |
|
2067 return iPolicyList; |
|
2068 } |