34 #include "ikev1payload.h" |
34 #include "ikev1payload.h" |
35 #include "ikev1timeout.h" |
35 #include "ikev1timeout.h" |
36 #include "ikev1crack.h" |
36 #include "ikev1crack.h" |
37 #include "ikev1isakmpstream.h" |
37 #include "ikev1isakmpstream.h" |
38 #include "ikev1crypto.h" |
38 #include "ikev1crypto.h" |
|
39 #include "credentialcache.h" |
|
40 |
39 |
41 |
40 const TUint8 XAUTH_VID_DATA[8] = {0x09, 0x00, 0x26, 0x89, 0xdf, 0xd6, 0xb7, 0x12}; |
42 const TUint8 XAUTH_VID_DATA[8] = {0x09, 0x00, 0x26, 0x89, 0xdf, 0xd6, 0xb7, 0x12}; |
41 const TUint8 CISCO_UNITY_VID_DATA[16] = {0x12, 0xf5, 0xf2, 0x8c, 0x45, 0x71, 0x68, 0xa9, |
43 const TUint8 CISCO_UNITY_VID_DATA[16] = {0x12, 0xf5, 0xf2, 0x8c, 0x45, 0x71, 0x68, 0xa9, |
42 0x70, 0x2d, 0x9f, 0xe2, 0x74, 0xcc, 0x01, 0x00}; |
44 0x70, 0x2d, 0x9f, 0xe2, 0x74, 0xcc, 0x01, 0x00}; |
43 |
45 |
|
46 const TInt KCredentialTypeUnknown = 0; |
|
47 const TInt KCredentialTypeNew = 1; |
|
48 const TInt KCredentialTypeCached = 2; |
|
49 |
44 |
50 |
45 CTransNegotiation::CTransNegotiation( TInt aGranularity, |
51 CTransNegotiation::CTransNegotiation( TInt aGranularity, |
46 TBool aUseXauth, |
52 TBool aUseXauth, |
47 TBool aUseCfgMode, |
53 TBool aUseCfgMode, |
48 CIkev1PluginSession* aPluginSession, |
54 CIkev1PluginSession* aPluginSession, |
112 { |
119 { |
113 if ( !iPluginSession || !iNegotiation || (!iUseXauth && !iUseCfgMode)) |
120 if ( !iPluginSession || !iNegotiation || (!iUseXauth && !iUseCfgMode)) |
114 { |
121 { |
115 User::Leave(KErrArgument); |
122 User::Leave(KErrArgument); |
116 } |
123 } |
117 |
124 |
118 DEBUG_LOG(_L("Transaction exchange object constructed")); |
|
119 if ( !iUseXauth ) |
125 if ( !iUseXauth ) |
120 { |
126 { |
121 iXauthCompleted = ETrue; |
127 iXauthCompleted = ETrue; |
122 iNegotiation->iTimer->Cancel(); // Stop retransmission timer |
128 iNegotiation->iTimer->Cancel(); // Stop retransmission timer |
123 } |
129 } |
124 else |
130 else |
125 { |
131 { |
126 if ( !iUseCfgMode ) |
132 if ( !iUseCfgMode ) |
127 iCfgModeCompleted = ETrue; |
133 iCfgModeCompleted = ETrue; |
128 DEBUG_LOG(_L("Starting to Wait XAUTH request")); |
134 DEBUG_LOG(_L("Starting to Wait XAUTH request")); |
129 } |
135 } |
|
136 |
|
137 if( EFalse != iPluginSession->IkeData().iUseCache ) |
|
138 { |
|
139 iCache = CCredentialCache::NewL( iDebug ); |
|
140 } |
|
141 |
|
142 DEBUG_LOG(_L("Transaction exchange object constructed")); |
130 } |
143 } |
131 |
144 |
132 /**------------------------------------------------------------------- |
145 /**------------------------------------------------------------------- |
133 * |
146 * |
134 * Method GetAuthMethod() |
147 * Method GetAuthMethod() |
281 // |
294 // |
282 delete iUserName; // Delete old user name buffer for sure |
295 delete iUserName; // Delete old user name buffer for sure |
283 iUserName = HBufC8::New(aDialogInfo->iUsername->Length() + 16); // 16 bytes space for padding |
296 iUserName = HBufC8::New(aDialogInfo->iUsername->Length() + 16); // 16 bytes space for padding |
284 if ( iUserName ) { |
297 if ( iUserName ) { |
285 iUserName->Des().Copy(aDialogInfo->iUsername->Des()); |
298 iUserName->Des().Copy(aDialogInfo->iUsername->Des()); |
286 } |
299 } |
|
300 |
|
301 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
302 { |
|
303 iCache->SetUserName( *aDialogInfo->iUsername ); |
|
304 } |
287 } |
305 } |
288 |
306 |
289 if ( aDialogInfo->iSecret ) { |
307 if ( aDialogInfo->iSecret ) { |
290 // |
308 // |
291 // Add either password, passcode or next pin attribute. |
309 // Add either password, passcode or next pin attribute. |
306 case (1 << (ATTR_NEXT_PIN - ATTR_XAUTH_TYPE)): |
324 case (1 << (ATTR_NEXT_PIN - ATTR_XAUTH_TYPE)): |
307 AttrType = ATTR_NEXT_PIN; |
325 AttrType = ATTR_NEXT_PIN; |
308 break; |
326 break; |
309 |
327 |
310 default: |
328 default: |
|
329 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
330 { |
|
331 iCache->SetSecret( *aDialogInfo->iSecret ); |
|
332 } |
311 break; |
333 break; |
312 |
334 } |
313 } |
|
314 AddAttributeData(attr_ptr, AttrType, aDialogInfo->iSecret->Length(), |
335 AddAttributeData(attr_ptr, AttrType, aDialogInfo->iSecret->Length(), |
315 (TUint8*)aDialogInfo->iSecret->Ptr()); |
336 (TUint8*)aDialogInfo->iSecret->Ptr()); |
316 } |
337 } |
317 |
338 |
318 BuildAndSendMessageL(attr_ptr, ISAKMP_CFG_REPLY); |
339 BuildAndSendMessageL(attr_ptr, ISAKMP_CFG_REPLY); |
673 * |
694 * |
674 *--------------------------------------------------------------------*/ |
695 *--------------------------------------------------------------------*/ |
675 TInt CTransNegotiation::ProcessXauthRequestL(TDataISAKMP* aAttr, TInt aLth) |
696 TInt CTransNegotiation::ProcessXauthRequestL(TDataISAKMP* aAttr, TInt aLth) |
676 { |
697 { |
677 TInt status = TRANSACTION_CONTINUE; |
698 TInt status = TRANSACTION_CONTINUE; |
|
699 TUint16 xauth_type = ATTR_XAUTH_GENERIC; |
678 TUint32 request_flags = 0; |
700 TUint32 request_flags = 0; |
679 TPtr8 challenge(NULL, 0); |
701 TPtr8 challenge(NULL, 0); |
680 TUint16 attr_type; |
702 TUint16 attr_type; |
681 |
703 |
682 while ( aLth > 0 ) { |
704 while ( aLth > 0 ) { |
797 |
819 |
798 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSWORD - ATTR_XAUTH_TYPE))): |
820 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSWORD - ATTR_XAUTH_TYPE))): |
799 // |
821 // |
800 // User name/Password authentication required |
822 // User name/Password authentication required |
801 // |
823 // |
802 iDialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
824 GetCredentialsL(); |
803 iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, XAUTH_DIALOG_ID, iNegotiation->SAId(), iCurrExchange->iMessageId); |
|
804 iDialog->GetAsyncUNPWDialogL(iDialogInfo, (MIkeDialogComplete*)this); |
|
805 break; |
825 break; |
806 |
826 |
807 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSCODE - ATTR_XAUTH_TYPE))): |
827 case ( (1 << (ATTR_USER_NAME - ATTR_XAUTH_TYPE)) | (1 << (ATTR_PASSCODE - ATTR_XAUTH_TYPE))): |
808 // |
828 // |
809 // User name/Secure ID authentication required |
829 // User name/Secure ID authentication required |
820 iDialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
840 iDialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
821 iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, XAUTH_DIALOG_ID, iNegotiation->SAId(), iCurrExchange->iMessageId); |
841 iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, XAUTH_DIALOG_ID, iNegotiation->SAId(), iCurrExchange->iMessageId); |
822 iDialog->GetAsyncSecureNextPinDialogL(iDialogInfo, (MIkeDialogComplete*)this); |
842 iDialog->GetAsyncSecureNextPinDialogL(iDialogInfo, (MIkeDialogComplete*)this); |
823 break; |
843 break; |
824 |
844 |
|
845 case ( (1 << (ATTR_CHALLENGE - ATTR_XAUTH_TYPE)) ): |
|
846 // |
|
847 // User Challenge response dialog |
|
848 // |
|
849 if ( xauth_type == ATTR_XAUTH_RADIUS_CHAP ) |
|
850 { |
|
851 iDialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
|
852 iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, XAUTH_DIALOG_ID, iNegotiation->SAId(), iCurrExchange->iMessageId); |
|
853 iDialog->GetAsyncRespDialog(challenge, iDialogInfo, (MIkeDialogComplete*)this); |
|
854 } |
|
855 break; |
|
856 |
825 default: |
857 default: |
826 break; |
858 break; |
827 |
859 |
828 } |
860 } |
829 |
861 |
830 return status; |
862 return status; |
831 |
|
832 } |
863 } |
833 |
864 |
834 /**------------------------------------------------------------------- |
865 /**------------------------------------------------------------------- |
835 * |
866 * |
836 * Method ProcessXauthStatus() |
867 * Method ProcessXauthStatus() |
841 TInt CTransNegotiation::ProcessXauthStatusL(TDataISAKMP* aAttr, TInt aLth) |
872 TInt CTransNegotiation::ProcessXauthStatusL(TDataISAKMP* aAttr, TInt aLth) |
842 { |
873 { |
843 TBuf8<16> attributes; |
874 TBuf8<16> attributes; |
844 TInt status = TRANSACTION_CONTINUE; |
875 TInt status = TRANSACTION_CONTINUE; |
845 TInt16 attr_status; |
876 TInt16 attr_status; |
846 |
877 |
847 while ( aLth > 0 ) { |
878 while ( aLth > 0 ) { |
848 |
879 |
849 aLth = aLth - aAttr->Size(); |
880 aLth = aLth - aAttr->Size(); |
850 if ( aLth < 0 ) { |
881 if ( aLth < 0 ) { |
851 DEBUG_LOG(_L("XAUTH SET ERROR (Length mismatch in the attibutes)")); |
882 DEBUG_LOG(_L("XAUTH SET ERROR (Length mismatch in the attibutes)")); |
|
883 iCredentialType = KCredentialTypeUnknown; |
852 return TRANSACTION_FAILED; |
884 return TRANSACTION_FAILED; |
853 } |
885 } |
854 |
886 |
855 switch ( aAttr->Type() ) { |
887 switch ( aAttr->Type() ) { |
856 |
888 |
886 AddAttributeData(attributes, AttrType, 2, (TUint8*)&attr_status); |
918 AddAttributeData(attributes, AttrType, 2, (TUint8*)&attr_status); |
887 BuildAndSendMessageL(attributes, ISAKMP_CFG_ACK); |
919 BuildAndSendMessageL(attributes, ISAKMP_CFG_ACK); |
888 if ( status == TRANSACTION_SUCCESS ) { |
920 if ( status == TRANSACTION_SUCCESS ) { |
889 DEBUG_LOG(_L("XAUTH authentication succeeded!")); |
921 DEBUG_LOG(_L("XAUTH authentication succeeded!")); |
890 iXauthCompleted = ETrue; |
922 iXauthCompleted = ETrue; |
|
923 |
|
924 if( iCache && KCredentialTypeNew == iCredentialType ) |
|
925 { |
|
926 iCache->Store( iPluginSession->VpnIapId() ); |
|
927 } |
|
928 |
891 if ( iUserName ) { |
929 if ( iUserName ) { |
892 // |
|
893 // Cache user name into user name file |
930 // Cache user name into user name file |
894 // |
|
895 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
931 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
896 CleanupStack::PushL(Dialog); |
932 CleanupStack::PushL(Dialog); |
897 TInt err(KErrNone); |
933 TInt err(KErrNone); |
898 TRAP(err, Dialog->StoreUserNameL(iUserName->Des())); |
934 TRAP(err, Dialog->StoreUserNameL(iUserName->Des())); |
|
935 |
899 #ifdef _DEBUG |
936 #ifdef _DEBUG |
900 if (err == KErrNone) |
937 if (err == KErrNone) |
901 DEBUG_LOG(_L("User Name caching succeeded")); |
938 DEBUG_LOG(_L("User Name caching succeeded")); |
902 else DEBUG_LOG(_L("User Name caching failed")); |
939 else DEBUG_LOG(_L("User Name caching failed")); |
903 #endif // _DEBUG |
940 #endif // _DEBUG |
904 CleanupStack::PopAndDestroy(); |
941 CleanupStack::PopAndDestroy(); |
905 } |
942 } |
906 } |
943 } |
907 else { |
944 else { |
|
945 if( iCache ) |
|
946 { |
|
947 iCache->Clear(); |
|
948 } |
908 DEBUG_LOG(_L("XAUTH authentication failed!")); |
949 DEBUG_LOG(_L("XAUTH authentication failed!")); |
909 // Dialog object shall be delete in Dialog->RunL when dialog completed |
|
910 CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); |
|
911 Dialog->ShowErrorDialogL(TVpnNoteDialog::EKmdAuthenticationFailed, NULL, NULL); |
|
912 } |
950 } |
913 } |
951 } |
914 |
952 |
|
953 iCredentialType = KCredentialTypeUnknown; |
|
954 |
915 return status; |
955 return status; |
916 } |
956 } |
917 |
957 |
918 /**-------------------------------------------------------------------------------- |
958 /**-------------------------------------------------------------------------------- |
919 * |
959 * |
965 * -- DNS address(es) in secure network = INTERNAL_IP4_DNS |
1005 * -- DNS address(es) in secure network = INTERNAL_IP4_DNS |
966 * |
1006 * |
967 *--------------------------------------------------------------------*/ |
1007 *--------------------------------------------------------------------*/ |
968 TInt CTransNegotiation::BuildConfigRequestL() |
1008 TInt CTransNegotiation::BuildConfigRequestL() |
969 { |
1009 { |
970 |
|
971 TBuf8<16> attributes; |
1010 TBuf8<16> attributes; |
972 |
1011 |
973 TUint32 message_id = iNegotiation->RandomMessageId(); |
1012 TUint32 message_id = iNegotiation->RandomMessageId(); |
974 |
1013 |
975 iCurrExchange = AddExchangeL(message_id, INITIATOR); //Add a new transaction exchange |
1014 iCurrExchange = AddExchangeL(message_id, INITIATOR); //Add a new transaction exchange |
983 |
1022 |
984 BuildAndSendMessageL(attributes, ISAKMP_CFG_REQUEST); |
1023 BuildAndSendMessageL(attributes, ISAKMP_CFG_REQUEST); |
985 DEBUG_LOG(_L("CONFIG-MODE started, request xmitted!")); |
1024 DEBUG_LOG(_L("CONFIG-MODE started, request xmitted!")); |
986 |
1025 |
987 return TRANSACTION_CONTINUE; |
1026 return TRANSACTION_CONTINUE; |
988 |
|
989 |
|
990 } |
1027 } |
991 |
1028 |
992 /**------------------------------------------------------------------- |
1029 /**------------------------------------------------------------------- |
993 * |
1030 * |
994 * Method AddAttributeData() |
1031 * Method AddAttributeData() |
1099 } |
1136 } |
1100 |
1137 |
1101 // |
1138 // |
1102 // The implementation for class MIkeDialogComplete virtual function |
1139 // The implementation for class MIkeDialogComplete virtual function |
1103 // |
1140 // |
1104 TInt CTransNegotiation::DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo, |
1141 TInt CTransNegotiation::DialogCompleteL( |
1105 HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain) |
1142 TAny* aUserInfo, HBufC8* aUsername, HBufC8* aSecret) |
1106 { |
1143 { |
1107 /*--------------------------------------------------------------------------- |
1144 /*--------------------------------------------------------------------------- |
1108 * |
1145 * |
1109 * A response received from client user (through asynchronous dialog) |
1146 * A response received from client user (through asynchronous dialog) |
1110 * This method is introduced as a TUserCallback for CGetIKEPassword dialog |
1147 * This method is introduced as a TUserCallback for CGetIKEPassword dialog |
1114 * entry |
1151 * entry |
1115 * |
1152 * |
1116 *-------------------------------------------------------------------------*/ |
1153 *-------------------------------------------------------------------------*/ |
1117 TUint32 obj_id = 1; |
1154 TUint32 obj_id = 1; |
1118 CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo; |
1155 CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo; |
1119 DEBUG_LOG1(_L("CIKECRACKNegotiation::DialogCompleteL(), aUserInfo = %x"), aUserInfo); |
1156 DEBUG_LOG1(_L("CTransNegotiation::DialogCompleteL(), aUserInfo=%x"), aUserInfo); |
1120 |
1157 |
1121 if ( info ) |
1158 if ( info ) |
1122 { |
1159 { |
1123 obj_id = info->GetObjId(); |
1160 obj_id = info->GetObjId(); |
1124 DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id); |
1161 DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id); |
1125 if ( obj_id == XAUTH_DIALOG_ID ) |
1162 if ( obj_id == XAUTH_DIALOG_ID ) |
1126 { |
1163 { |
1127 info->iUsername = aUsername; |
1164 info->SetUserName( aUsername ); |
1128 info->iSecret = aSecret; |
1165 info->SetSecret( aSecret ); |
1129 info->iDomain = aDomain; |
|
1130 obj_id = info->PluginSession()->AuthDialogCompletedL(info); |
1166 obj_id = info->PluginSession()->AuthDialogCompletedL(info); |
1131 } |
1167 } |
1132 } |
1168 } |
1133 |
1169 |
1134 return obj_id; |
1170 return obj_id; |
1135 } |
1171 } |
|
1172 |
|
1173 |
|
1174 void CTransNegotiation::GetCredentialsL() |
|
1175 { |
|
1176 DEBUG_LOG( _L( "CTransNegotiation::GetCredentialsL" ) ); |
|
1177 |
|
1178 TInt ret = KErrNotFound; |
|
1179 |
|
1180 delete iDialogInfo; iDialogInfo = NULL; |
|
1181 |
|
1182 iDialogInfo = new (ELeave) CAuthDialogInfo( |
|
1183 iPluginSession, |
|
1184 XAUTH_DIALOG_ID, |
|
1185 iNegotiation->SAId(), |
|
1186 iCurrExchange->iMessageId ); |
|
1187 |
|
1188 if( iCache && KCredentialTypeUnknown == iCredentialType ) |
|
1189 { |
|
1190 ret = iCache->GetCredentials( |
|
1191 iPluginSession->VpnIapId(), |
|
1192 iDialogInfo->iUsername, |
|
1193 iDialogInfo->iSecret |
|
1194 ); |
|
1195 } |
|
1196 |
|
1197 if( KErrNone == ret ) |
|
1198 { |
|
1199 iCredentialType = KCredentialTypeCached; |
|
1200 TUint32 id = iPluginSession->AuthDialogCompletedL( iDialogInfo ); |
|
1201 } |
|
1202 else |
|
1203 { |
|
1204 iCredentialType = KCredentialTypeNew; |
|
1205 |
|
1206 delete iDialog; iDialog = NULL; |
|
1207 |
|
1208 iDialog = CIkev1Dialog::NewL( |
|
1209 iPluginSession, iPluginSession->DialogAnchor(), iDebug ); |
|
1210 |
|
1211 iDialog->GetAsyncUNPWDialogL( iDialogInfo, (MIkeDialogComplete*)this ); |
|
1212 } |
|
1213 } |
|
1214 |
|
1215 |
|
1216 /***/ |