18 |
18 |
19 |
19 |
20 /** |
20 /** |
21 @file spdb.cpp |
21 @file spdb.cpp |
22 */ |
22 */ |
23 #include <featdiscovery.h> |
|
24 #include <featureuids.h> |
|
25 #include <networking/pfkeyv2.h> |
|
26 #include <networking/ipsecerr.h> |
|
27 #include <e32std.h> |
|
28 |
|
29 #include "sa_spec.h" |
|
30 #include "epdb.h" |
23 #include "epdb.h" |
31 #include "spdb.h" |
24 #include "spdb.h" |
32 |
25 #include <networking/pfkeyv2.h> |
|
26 #include "sa_spec.h" |
|
27 #include <networking/ipsecerr.h> |
|
28 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
29 #include <e32std.h> |
|
30 #endif // SYMBIAN_IPSEC_VOIP_SUPPORT |
33 #ifndef OLD_SELECTOR_ORDERING |
31 #ifndef OLD_SELECTOR_ORDERING |
34 /** @deprecated |
32 /** @deprecated |
35 * The old syntax allowed total mixing of "filter" and "selector" |
33 * The old syntax allowed total mixing of "filter" and "selector" |
36 * keywords. The new syntax requires the filter keywords (outbound, |
34 * keywords. The new syntax requires the filter keywords (outbound, |
37 * inbound, merge, final, etc.) to precede any real selectors. |
35 * inbound, merge, final, etc.) to precede any real selectors. |
166 private: |
164 private: |
167 void ParseEndPointL(); |
165 void ParseEndPointL(); |
168 void SetAddressOrEndPointL(RIpAddress &aAddr, TInt aMask, TInt aError); |
166 void SetAddressOrEndPointL(RIpAddress &aAddr, TInt aMask, TInt aError); |
169 void ParseAddressL(RIpAddress &aAddr, TInt aMask, TInt aError); |
167 void ParseAddressL(RIpAddress &aAddr, TInt aMask, TInt aError); |
170 void ParseAddressAndMaskL(RIpAddress &aAddr, RIpAddress& aMask); |
168 void ParseAddressAndMaskL(RIpAddress &aAddr, RIpAddress& aMask); |
171 void ParseSecurityBundleL(RPolicyActions &aBundle, CTransportSelector *aTS, CPolicySelector* aPs);//UMA support |
|
172 void ParseSecurityBundleL(RPolicyActions &aBundle, CTransportSelector *aTS); |
169 void ParseSecurityBundleL(RPolicyActions &aBundle, CTransportSelector *aTS); |
173 void CheckFeatureSupportL(TUid aFeature); |
|
174 |
|
175 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
170 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
176 void ParseAssociationParametersL(CPolicySpec *aSpec); |
171 void ParseAssociationParametersL(CPolicySpec *aSpec); |
177 #else |
172 #else |
178 void ParseAssociationParametersL(TSecurityAssocSpec &aSpec); |
173 void ParseAssociationParametersL(TSecurityAssocSpec &aSpec); |
179 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
174 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
186 void SkipSpaceAndMark(); |
181 void SkipSpaceAndMark(); |
187 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
182 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
188 token_type CheckProposalCloseAndMoreProposals(TInt &aPropBraces); |
183 token_type CheckProposalCloseAndMoreProposals(TInt &aPropBraces); |
189 CSecurityProposalSpec* CreateProposalL(CPropList& aPropList); |
184 CSecurityProposalSpec* CreateProposalL(CPropList& aPropList); |
190 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
185 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
191 |
|
192 private: |
|
193 TPtrC iToken; //< The current token. |
186 TPtrC iToken; //< The current token. |
194 CSecurityPolicy *iSp; //< The result of the parsing operation, The new policy |
187 CSecurityPolicy *iSp; //< The result of the parsing operation, The new policy |
195 REndPoints &iEp; //< The End Point collection to use for the named endpoints. |
188 REndPoints &iEp; //< The End Point collection to use for the named endpoints. |
196 TBool iIPSecGANSupported; //To check whether FF_IPSEC_UMA_SUPPORT_ENABLE is defined and UMA supported |
|
197 }; |
189 }; |
198 |
190 |
199 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
191 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
200 CSecurityProposalSpec* TParser::CreateProposalL(CPropList& aPropList) |
192 CSecurityProposalSpec* TParser::CreateProposalL(CPropList& aPropList) |
201 { |
193 { |
862 #else |
854 #else |
863 ParseAssociationParametersL(ps->iSpec); |
855 ParseAssociationParametersL(ps->iSpec); |
864 #endif // SYMBIAN_IPSEC_VOIP_SUPPORT |
856 #endif // SYMBIAN_IPSEC_VOIP_SUPPORT |
865 } |
857 } |
866 |
858 |
867 /** |
|
868 * Parse security actions |
|
869 * @code [ sa-name '(' [ address ] ')' ]* '}' |
|
870 * @endcode |
|
871 * |
|
872 * Parse a (possibly empty) list of references to security specifications. This will |
|
873 * be the bundle of security actions for a selector. |
|
874 * |
|
875 * @retval aActions The colleted actions |
|
876 * @param aTS The traffic selector. |
|
877 * @param aPS the policy selector |
|
878 * * This is called only when UMA/ GAN is supported. |
|
879 */ |
|
880 void TParser::ParseSecurityBundleL(RPolicyActions &aActions, CTransportSelector *aTS, CPolicySelector *aPs) |
|
881 { |
|
882 |
|
883 LOG(Log::Printf(_L("TParser::ParseSecurityBundleL(RPolicyActions &aActions, CTransportSelector *aTS, CPolicySelector *aPs)"))); |
|
884 |
|
885 if(iIPSecGANSupported) |
|
886 { |
|
887 LOG(Log::Printf(_L("TParser::ParseSecurityBundleL: UMA supported FF_IPSEC_UMA_SUPPORT_ENABLE defined"))); |
|
888 } |
|
889 else |
|
890 { |
|
891 LOG(Log::Printf(_L("TParser::ParseSecurityBundleL:functionality not suppoted.FF_IPSEC_UMA_SUPPORT_ENABLE not defined"))); |
|
892 User::Leave(KErrNotSupported); |
|
893 } |
|
894 |
|
895 _LIT(K_tunnel, "tunnel"); |
|
896 |
|
897 token_type val; |
|
898 |
|
899 TUint opt = 0; |
|
900 _LIT(K_Exception, "UMAException");//UMA exception defined |
|
901 for (;;) |
|
902 { |
|
903 val = NextToken(); |
|
904 // |
|
905 // Experimental addition, allow optional bundle items |
|
906 // by prefixing them with '?'... |
|
907 // |
|
908 if (opt == 0 && val == token_question) |
|
909 { |
|
910 opt = 1; |
|
911 continue; |
|
912 } |
|
913 else if (val != token_string) |
|
914 break; |
|
915 // A temporary(?) special kluge: if the keyword is 'tunnel' |
|
916 // assume this is a plain tunnel specification, without any |
|
917 // relation to the IPSEC. if nobody defined a "tunnel" sa |
|
918 // specification. (should probably disallow 'tunnel' as SA |
|
919 // spec name, to avoid confusion.. ) |
|
920 // |
|
921 CPolicySpec *spec = iSp->FindSpec(iToken); |
|
922 |
|
923 if(spec== NULL && !iToken.Compare(K_Exception)) |
|
924 { |
|
925 LOG(Log::Printf(_L("Found Exception Policy identifier"))); |
|
926 //FInd Next token... Things looks hacky here. IPsec really need re-designing. |
|
927 TInt tokenVal = (TInt)NextToken(); |
|
928 LOG(Log::Printf(_L("NextToken value is = [%d]"),tokenVal)); |
|
929 |
|
930 TBuf8<32> buf; |
|
931 buf.Copy(iToken); |
|
932 TLex8 lex(buf); |
|
933 TInt scope; |
|
934 lex.Val(scope); |
|
935 |
|
936 //assiging scope to the policy. This will be policy selector with Exception scope being setalong with |
|
937 //exception flags |
|
938 aPs->iScope_Exception = scope; |
|
939 LOG(Log::Printf(_L("TParser::ParseSecurityBundleL, Exception tunnel Scope is = [%d]"),scope)); |
|
940 while((val = NextToken())!= token_brace_right) |
|
941 { |
|
942 //do nothing |
|
943 } //while |
|
944 break; |
|
945 } |
|
946 |
|
947 // A temporary(?) special kluge: if the keyword is 'tunnel' |
|
948 // assume this is a plain tunnel specification, without any |
|
949 // relation to the IPSEC. if nobody defined a "tunnel" sa |
|
950 // specification. (should probably disallow 'tunnel' as SA |
|
951 // spec name, to avoid confusion.. ) |
|
952 // |
|
953 if (spec == NULL && iToken.Compare(K_tunnel) != 0) |
|
954 User::Leave(EIpsec_PolicySpecNotFound); |
|
955 |
|
956 if (NextToken() != token_par_left) |
|
957 User::Leave(EIpsec_PolicyLeftParen); |
|
958 |
|
959 CPolicyAction *action = new (ELeave) CPolicyAction; |
|
960 if (aActions.Append(action) != KErrNone) |
|
961 { |
|
962 action->Close(); |
|
963 User::Leave(KErrNoMemory); |
|
964 } |
|
965 if ((action->iSpec = spec) != NULL) |
|
966 spec->Open(); |
|
967 // Record the current selector into each action (this is to make it |
|
968 // easier to generate the TS list into Acquire message). |
|
969 if ((action->iTS = aTS) != NULL) |
|
970 aTS->Open(); |
|
971 action->iOptional = opt; |
|
972 |
|
973 if ((val = NextToken()) == token_string) |
|
974 { |
|
975 SetAddressOrEndPointL(action->iTunnel, 0, EIpsec_PolicyInvalidIpAddress); |
|
976 action->iIsTunnel = 1; // Flag a tunnel. |
|
977 val = NextToken(); |
|
978 } |
|
979 if (val != token_par_right) |
|
980 User::Leave(EIpsec_PolicyRightParen); |
|
981 opt = 0; // Optional only affects single item at time. |
|
982 } |
|
983 if (val != token_brace_right) |
|
984 User::Leave(EIpsec_PolicyCloseBraceExpected); |
|
985 } |
|
986 |
|
987 /** |
|
988 * Parse security actions |
|
989 * @code [ sa-name '(' [ address ] ')' ]* '}' |
|
990 * @endcode |
|
991 * |
|
992 * Parse a (possibly empty) list of references to security specifications. This will |
|
993 * be the bundle of security actions for a selector. |
|
994 * |
|
995 * @retval aActions The colleted actions |
|
996 * @param aTS The traffic selector. |
|
997 * This is called in case of No UMA/ GAN support. |
|
998 */ |
|
999 void TParser::ParseSecurityBundleL(RPolicyActions &aActions, CTransportSelector *aTS) |
859 void TParser::ParseSecurityBundleL(RPolicyActions &aActions, CTransportSelector *aTS) |
1000 //#endif |
860 /** |
|
861 * Parse security actions |
|
862 * @code [ sa-name '(' [ address ] ')' ]* '}' |
|
863 * @endcode |
|
864 * |
|
865 * Parse a (possibly empty) list of references to security specifications. This will |
|
866 * be the bundle of security actions for a selector. |
|
867 * |
|
868 * @retval aActions The colleted actions |
|
869 * @param aTS The traffic selector. |
|
870 */ |
1001 { |
871 { |
1002 _LIT(K_tunnel, "tunnel"); |
872 _LIT(K_tunnel, "tunnel"); |
1003 |
873 |
1004 token_type val; |
874 token_type val; |
1005 |
875 |
1024 // relation to the IPSEC. if nobody defined a "tunnel" sa |
894 // relation to the IPSEC. if nobody defined a "tunnel" sa |
1025 // specification. (should probably disallow 'tunnel' as SA |
895 // specification. (should probably disallow 'tunnel' as SA |
1026 // spec name, to avoid confusion.. ) |
896 // spec name, to avoid confusion.. ) |
1027 // |
897 // |
1028 CPolicySpec *spec = iSp->FindSpec(iToken); |
898 CPolicySpec *spec = iSp->FindSpec(iToken); |
1029 |
|
1030 // A temporary(?) special kluge: if the keyword is 'tunnel' |
|
1031 // assume this is a plain tunnel specification, without any |
|
1032 // relation to the IPSEC. if nobody defined a "tunnel" sa |
|
1033 // specification. (should probably disallow 'tunnel' as SA |
|
1034 // spec name, to avoid confusion.. ) |
|
1035 // |
|
1036 if (spec == NULL && iToken.Compare(K_tunnel) != 0) |
899 if (spec == NULL && iToken.Compare(K_tunnel) != 0) |
1037 User::Leave(EIpsec_PolicySpecNotFound); |
900 User::Leave(EIpsec_PolicySpecNotFound); |
1038 |
901 |
1039 if (NextToken() != token_par_left) |
902 if (NextToken() != token_par_left) |
1040 User::Leave(EIpsec_PolicyLeftParen); |
903 User::Leave(EIpsec_PolicyLeftParen); |
1342 case E_if: |
1200 case E_if: |
1343 if (aPs->iInterface || NextToken() != token_string) |
1201 if (aPs->iInterface || NextToken() != token_string) |
1344 User::Leave(EIpsec_PolicySyntaxError); // <-- need own error code? |
1202 User::Leave(EIpsec_PolicySyntaxError); // <-- need own error code? |
1345 aPs->iInterface = iSp->LookupInterfaceL(iToken); |
1203 aPs->iInterface = iSp->LookupInterfaceL(iToken); |
1346 break; |
1204 break; |
1347 case E_UMAExceptionTrafficSelector: |
|
1348 if(iIPSecGANSupported) |
|
1349 { |
|
1350 //UMA support |
|
1351 LOG(Log::Printf(_L("TParser::ParseSelectorL Setting Exception selector flag"))); |
|
1352 //The flags signifies special case for UMA/exception selectors. These selectors |
|
1353 //will be present in case when there is no inbound and bypass filter data or selectors |
|
1354 //are set. This selector will only allow traffic whose scope match the exception scope |
|
1355 aPs->iFilterData|=KPolicyFilter_Exception; |
|
1356 aPs->iFilterMask |= KPolicyFilter_Exception; |
|
1357 } |
|
1358 else |
|
1359 { |
|
1360 LOG(Log::Printf(_L("TParser::ParseSelectorL error GAN/ UMA feature is not enabled "))); |
|
1361 } |
|
1362 break; |
|
1363 default: |
1205 default: |
1364 val = TransportSelectorL(aPs->iTS); |
1206 val = TransportSelectorL(aPs->iTS); |
1365 #if OLD_SELECTOR_ORDERING |
1207 #if OLD_SELECTOR_ORDERING |
1366 if (Lookup(list, E_max_parameters, iToken) < E_max_parameters) |
1208 if (Lookup(list, E_max_parameters, iToken) < E_max_parameters) |
1367 goto check_again; |
1209 goto check_again; |
1399 #endif |
1230 #endif |
1400 |
1231 |
1401 TParser::TParser(CSecurityPolicy *aSp, const TDesC &aPolicy, REndPoints &aEp) : |
1232 TParser::TParser(CSecurityPolicy *aSp, const TDesC &aPolicy, REndPoints &aEp) : |
1402 TLex(aPolicy), iSp(aSp), iEp(aEp) |
1233 TLex(aPolicy), iSp(aSp), iEp(aEp) |
1403 { |
1234 { |
1404 |
|
1405 } |
|
1406 /** |
|
1407 * To check the feature support |
|
1408 */ |
|
1409 void TParser::CheckFeatureSupportL(TUid aFeature) |
|
1410 { |
|
1411 // Check Gan support from feature manager |
|
1412 iIPSecGANSupported = CFeatureDiscovery::IsFeatureSupportedL(aFeature); |
|
1413 |
|
1414 if(iIPSecGANSupported != (TInt)ETrue) |
|
1415 { |
|
1416 LOG(Log::Printf(_L("TParser::CheckFeatureSupport Error Checking Feature Support"))); |
|
1417 } |
|
1418 else |
|
1419 { |
|
1420 LOG(Log::Printf(_L("TParser::CheckFeatureSupport %d Feature Supported %d"),aFeature,iIPSecGANSupported)); |
|
1421 } |
|
1422 } |
1235 } |
1423 |
1236 |
1424 void TParser::ParseL(TUint aStartOffset) |
1237 void TParser::ParseL(TUint aStartOffset) |
1425 /** |
1238 /** |
1426 * Parse complete security policy |
1239 * Parse complete security policy |