# HG changeset patch # User Dremov Kirill (Nokia-D-MSW/Tampere) # Date 1274784490 -10800 # Node ID d1a0d37b52a13fbece857e3ddac0058096284c6c # Parent f1aca205825367914c9633ff170bbabaede5501b Revision: 201019 Kit: 2010121 diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/inc/ikev1crack.h --- a/vpnengine/ikev1lib/inc/ikev1crack.h Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/inc/ikev1crack.h Tue May 25 13:48:10 2010 +0300 @@ -1,5 +1,5 @@ /* -* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies). * All rights reserved. * This component and the accompanying materials are made available * under the terms of "Eclipse Public License v1.0" @@ -100,6 +100,7 @@ TInt GetDataL(HBufC8* aChallenge); TInt GetDatafromUserL(HBufC8 *aChallenge); TInt GetUNPWDFromPolicyL(); + TInt GetUNPWDFromNegotiationL(); TInt ProcessCHREAttibutesL(const TCHREISAKMP *aCHRE_PAYLOAD); void SendCredentialsL(TUint16 aAttr1, TUint16 aAttr2, TUint16 aAttr3, HBufC8* aBfr1, HBufC8* aBfr2, HBufC8* aBfr3); diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/inc/ikev1dialog.h --- a/vpnengine/ikev1lib/inc/ikev1dialog.h Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/inc/ikev1dialog.h Tue May 25 13:48:10 2010 +0300 @@ -1,5 +1,5 @@ /* -* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies). * All rights reserved. * This component and the accompanying materials are made available * under the terms of "Eclipse Public License v1.0" @@ -82,7 +82,6 @@ void ShowErrorDialogL(TInt aDialogType, TAny *aUserInfo, MIkeDialogComplete* aCallback); void StoreUserNameL(TPtr8 aUserName); void StartDialogL(); - TInt GetSyncUNPWCacheDialog(TDes& aUserName, TDes& aPassword); static TInt GetSyncUNPWDialog(TDes& aUserName, TDes& aPassword); static void PurgeDialogQueue(CIkev1Dialog* aQueuedDialog); diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/inc/ikev1negotiation.h --- a/vpnengine/ikev1lib/inc/ikev1negotiation.h Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/inc/ikev1negotiation.h Tue May 25 13:48:10 2010 +0300 @@ -25,6 +25,8 @@ #include "ikev1SAdata.h" #include "ikepolparser.h" #include "ipsecsaspiretriever.h" +#include "ikev1dialog.h" + #define INITIATOR 0 #define RESPONDER 1 @@ -84,7 +86,8 @@ // Class CIkev1Negotiation: Contains all the info for each negotiation in progress // NONSHARABLE_CLASS(CIkev1Negotiation) : public CBase, - public MIpsecSaSpiRetrieverCallback + public MIpsecSaSpiRetrieverCallback, + public MIkeDialogComplete { friend class CIkev1InfoNegotiation; friend class TIkev1IsakmpStream; @@ -173,6 +176,10 @@ void IpsecSaSpiRetrieved(TUint32 aSpiRequestId, TInt aStatus, TUint32 aSpi); + + TInt ProcessUserResponseL(CAuthDialogInfo *aUserInfo); + TInt DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo, HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain); + private: @@ -536,6 +543,11 @@ CIpsecSaSpiRetriever* iIpsecSaSpiRetriever; CPFKeySocketIf& iPFKeySocketIf; MIkeDebug& iDebug; + + HBufC8* iCRACKLAMUserName; + HBufC8* iCRACKLAMPassword; + CIkev1Dialog* iDialog; // Pending dialog object + CAuthDialogInfo* iDialogInfo; // Dialog info object }; #endif // C_IKEV1NEGOTIATION_H diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/src/ikev1crack.cpp --- a/vpnengine/ikev1lib/src/ikev1crack.cpp Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/src/ikev1crack.cpp Tue May 25 13:48:10 2010 +0300 @@ -1,5 +1,5 @@ /* -* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies). * All rights reserved. * This component and the accompanying materials are made available * under the terms of "Eclipse Public License v1.0" @@ -223,6 +223,14 @@ { return GetUNPWDFromPolicyL(); } + + else if ( iLAMType == CRACK_PASSWORD && + iNegotiation->iCRACKLAMUserName && + iNegotiation->iCRACKLAMPassword) + { + return GetUNPWDFromNegotiationL(); + } + else { return GetDatafromUserL(aChallenge); @@ -297,6 +305,42 @@ return CRACK_CONTINUE; } + +TInt CIKECRACKNegotiation::GetUNPWDFromNegotiationL() +{ + ASSERT(iLAMType == CRACK_PASSWORD); + + iNegotiation->iTimer->Cancel(); //Cancel previous timer because reply received & processed + DEBUG_LOG(_L("Timer Cancelled!")); + iNegotiation->iRetryNum = 0; + + /*-------------------------------------------------------- + * + * Store attributes: User name, Secret, Domain + * + *--------------------------------------------------------*/ + + TUint16 attr1 = CRACK_T_USERNAME; + HBufC8* bfr1 = iNegotiation->iCRACKLAMUserName; + TUint16 attr2 = CRACK_T_SECRET; + HBufC8* bfr2 = iNegotiation->iCRACKLAMPassword; + HBufC8* bfr3 = iDomain; + TUint16 attr3 = 0; + if ( bfr3 ) + { + attr3 = CRACK_T_DOMAIN; + } + + SendCredentialsL(attr1, attr2, attr3, bfr1, bfr2, bfr3); + + delete iNegotiation->iCRACKLAMUserName; + iNegotiation->iCRACKLAMUserName = NULL; + delete iNegotiation->iCRACKLAMPassword; + iNegotiation->iCRACKLAMPassword = NULL; + + return CRACK_CONTINUE; +} + void CIKECRACKNegotiation::SendCredentialsL(TUint16 aAttr1, TUint16 aAttr2, TUint16 aAttr3, HBufC8* aBfr1, HBufC8* aBfr2, HBufC8* aBfr3) { diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/src/ikev1dialog.cpp --- a/vpnengine/ikev1lib/src/ikev1dialog.cpp Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/src/ikev1dialog.cpp Tue May 25 13:48:10 2010 +0300 @@ -1,5 +1,5 @@ /* -* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies). * All rights reserved. * This component and the accompanying materials are made available * under the terms of "Eclipse Public License v1.0" @@ -240,37 +240,6 @@ return status; } -/*-------------------------------------------------------------------- - * - * Get user name and password data for Legacy authentication - * This is a synchronous dialog which does NOT convert user name and - * password data into the 8-bit ASCII text - * Uses username cache - * - *---------------------------------------------------------------------*/ -TInt CIkev1Dialog::GetSyncUNPWCacheDialog(TDes& aUserName, TDes& aPassword) -{ - TInt status = KErrGeneral; - TIPSecDialogOutput output; - - TIPSecDialogInfo dialog_input(TKMDDialog::EUserPwd, 0); - - iInputData = CreateDialogInput(dialog_input, ETrue);// TRUE = Use user name cache - - TPckgBuf ResponseBuf(output);//create the buf to receive the response - - if ( iInputData ) - status = LauchSyncDialog((TPckgBuf&)*iInputData, ResponseBuf); - - if ( status == KErrNone ) { - TIPSecDialogOutput& resp = ResponseBuf(); - aUserName = resp.iOutBuf; - aPassword = resp.iOutBuf2; - } - - return status; -} - void CIkev1Dialog::ShowErrorDialogL(TInt aDialogText, TAny *aUserInfo, MIkeDialogComplete* aCallback ) { iDialogType = TNoteDialog::EInfo; diff -r f1aca2058253 -r d1a0d37b52a1 vpnengine/ikev1lib/src/ikev1negotiation.cpp --- a/vpnengine/ikev1lib/src/ikev1negotiation.cpp Tue May 11 17:09:49 2010 +0300 +++ b/vpnengine/ikev1lib/src/ikev1negotiation.cpp Tue May 25 13:48:10 2010 +0300 @@ -217,6 +217,9 @@ delete iNatDiscovery; delete iSARekeyInfo; delete iLastMsg; + + delete iDialog; + delete iDialogInfo; } @@ -1073,24 +1076,28 @@ else { if ( iCRACKneg ) + { status = iCRACKneg->ProcessUserResponseL(aUserInfo); - else status = CRACK_FAILED; - - if ( status == CRACK_FAILED ) - { - /*-------------------------------------------------------- - * - * Crack negotiation failed. Negotiation shall be deleted - * - *--------------------------------------------------------*/ - LOG_KMD_EVENT( MKmdEventLoggerIf::KLogError, - R_VPN_MSG_VPN_GW_AUTH_FAIL, - status, - iPluginSession->VpnIapId(), - &iRemoteAddr ); - SetErrorStatus(KKmdIkeAuthFailedErr); - AcquireSAErrorResponse(KKmdIkeAuthFailedErr); - } + + if ( status == CRACK_FAILED ) + { + /*-------------------------------------------------------- + * + * Crack negotiation failed. Negotiation shall be deleted + * + *--------------------------------------------------------*/ + LOG_KMD_EVENT( MKmdEventLoggerIf::KLogError, + R_VPN_MSG_VPN_GW_AUTH_FAIL, + status, + iPluginSession->VpnIapId(), + &iRemoteAddr ); + SetErrorStatus(KKmdIkeAuthFailedErr); + AcquireSAErrorResponse(KKmdIkeAuthFailedErr); + } + } + else + status = ProcessUserResponseL(aUserInfo);; + } } @@ -1266,6 +1273,19 @@ //Sends the initial IKE packets to start the negotiation. PHASE I void CIkev1Negotiation::InitNegotiationL() //Equiv. to stage 1 { + + if (iProposal_I.iAttrList->iAuthMethod == IKE_A_CRACK && + !iHostData->iCRACKLAMUserName && + !iHostData->iCRACKLAMPassword && + !iCRACKLAMUserName && + !iCRACKLAMPassword) + { + + iDialog = CIkev1Dialog::NewL( iPluginSession, iPluginSession->DialogAnchor(), iDebug ); + iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, DIALOG_INFO_ID, SAId(), 0); + iDialog->GetAsyncUNPWDialogL(iDialogInfo, (MIkeDialogComplete*)this); + return; + } TIkev1IsakmpStream* msg = SaveIkeMsgBfr( new (ELeave) TIkev1IsakmpStream(iDebug) ); TInt vendor_id_type; @@ -1308,7 +1328,6 @@ TBool cert_required = EFalse; //If any proposal requires a cert to send a CR if needed TBool preshared_key = EFalse; //Preshared key authentication - TBool crack_used = EFalse; TAttrib *transf = iProposal_I.iAttrList; for (TInt i=0; (i < iProposal_I.iNumTransforms) && (!cert_required); i++) @@ -1321,7 +1340,6 @@ break; case IKE_A_CRACK: cert_required = ETrue; - crack_used = ETrue; break; default: // No cert involved preshared_key = ETrue; @@ -1329,24 +1347,6 @@ } } - if (crack_used && - !iHostData->iCRACKLAMUserName && - !iHostData->iCRACKLAMPassword) - { - TBuf<256> UserName; - TBuf<64> Password; - CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug); - if (KErrNone != Dialog->GetSyncUNPWCacheDialog(UserName, Password)) - { - DEBUG_LOG(_L("Failed to get credentials for crack auth!")); - SetFinished(); - delete Dialog; - return; - } - iHostData->iCRACKLAMUserName = TStringData::NewL(UserName); - iHostData->iCRACKLAMPassword = TStringData::NewL(Password); - delete Dialog; - } if (iExchange == ISAKMP_EXCHANGE_AGGR) //Aggressive contains more payloads { @@ -8393,4 +8393,55 @@ } } - +TInt CIkev1Negotiation::ProcessUserResponseL(CAuthDialogInfo *aDialogInfo ) +{ + delete iDialog; /* delete dialog object */ + iDialog = NULL; + + iCRACKLAMUserName = aDialogInfo->iUsername->AllocL(); + iCRACKLAMPassword = aDialogInfo->iSecret->AllocL(); + + delete aDialogInfo; /* release dialog info object */ + iDialogInfo = NULL; /* reset dialog info pointer */ + DEBUG_LOG(_L("Continue negotiation from begining")); + InitNegotiationL(); + + return KErrNone; + +} +// +// The implementation for class MIkeDialogComplete virtual function +// +TInt CIkev1Negotiation::DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo, + HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain) +{ +/*--------------------------------------------------------------------------- + * + * A response received from client user (through asynchronous dialog) + * This method is introduced as a TUserCallback for CGetIKEPassword dialog + * object is created. When the dialog is completed this callback function + * is called + * + *-------------------------------------------------------------------------*/ + TUint32 obj_id = 1; + CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo; + DEBUG_LOG1(_L("CIkev1Negotiation::DialogCompleteL(), aUserInfo = %x"), aUserInfo); + + if ( info ) + { + obj_id = info->GetObjId(); + DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id); + if ( obj_id == DIALOG_INFO_ID ) + { + info->iUsername = aUsername; + info->iSecret = aSecret; + info->iDomain = aDomain; + obj_id = info->PluginSession()->AuthDialogCompletedL(info); + } + } + + return obj_id; + +} + +