MCL/sf/mw/remotemgmt: comparison terminalsecurity/SCP/SCPServer/src/SCPServer.cpp

equal deleted inserted replaced

-:13d7c31c74e0
+:b183ec05bd8c
 #include <featmgr.h>
 // For Device encryption
 #include <DevEncEngineConstants.h>
 #include <DevEncSessionBase.h>
 #include <startupdomainpskeys.h>
-/*
-#ifdef _DEBUG
-#define __SCP_DEBUG
-#endif // _DEBUG
-// Define this so the precompiler in CW 3.1 won't complain about token pasting,
-// the warnings are not valid
-#pragma warn_illtokenpasting off
-#ifdef __SCP_DEBUG
-#define Dprint(a) RDebug::Print##a
-#else
-#define Dprint(a)
-#endif // _DEBUG*/
 // ==================== LOCAL FUNCTIONS ====================
 // ---------------------------------------------------------
 // PanicServer Panics the server thread
 iConfiguration.Initialize();
 // Assign default config flag
 iConfiguration.iConfigFlag = KSCPConfigUnknown;
+iConfiguration.iConfigChecked = EFalse;
 // Assign the default codes
 iConfiguration.iSecCode.Zero();
 iConfiguration.iSecCode.Append( KSCPDefaultSecCode );
 CleanupStack::PopAndDestroy( codeHBuf );
 }
 //#endif
 // Assign the default max timeout
-iConfiguration.iMaxTimeout = 0;
+iConfiguration.iMaxTimeout = KSCPDefaultMaxTO;
 	iConfiguration.iBlockedInOOS = 0;
 // Read the configuration, overwriting the default values
 TInt ret = KErrNone;
 TRAPD( err, ret = iConfiguration.ReadSetupL() );
 {
 Dprint( (_L("CSCPServer::ConstructL(): Configration read OK") ));
 }
+//If Configuration is not validated already, validate it
+if (!iConfiguration.iConfigChecked)
+{
+TInt valerr = KErrNone;
+TRAP( valerr, ValidateConfigurationL( KSCPComplete ));
+if (valerr != KErrNone)
+{
+Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation failed: %d"), valerr ));
+}
+else
+{
+Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation Passed")));
+}
+}
 Dprint( (_L("CSCPServer::ConstructL(): Connecting to CenRep") ));
 iALPeriodRep = CRepository::NewL( KCRUidSecuritySettings );
 // Check for factory settings
 CheckIfRfsPerformedL();
 // Status : Approved
 // ---------------------------------------------------------
 //
 void CSCPServer::ValidateConfigurationL( TInt aMode )
 {
-if (aMode == KSCPInitial) {
+Dprint( (_L("--> CSCPServer::ValidateConfigurationL()") ));
-// Return here, must be checked by complete mode
+RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()"));
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@@aMode == KSCPInitial "));
+TInt startupReason(ENormalStartup);
-User::Leave(KErrAccessDenied);
+RProperty::Get(KPSUidStartup, KPSStartupReason, startupReason);
-}
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): startupReason = %d"), startupReason));
+if((startupReason == ENormalRFSReset)||(startupReason ==  EDeepRFSReset)||(startupReason == EFirmwareUpdate)||(iConfiguration.iConfigFlag == KSCPConfigUnknown))
-RMobilePhone::TMobilePassword storedCode;
+{
+	RMobilePhone::TMobilePassword storedCode;
 storedCode.Zero();
 User::LeaveIfError(GetCode(storedCode));
-TBool isDefaultLockcode = ETrue;
-TInt err = KErrNone;
+	Dprint( (_L("CSCPServer::ValidateConfigurationL(): Checking code: %s"), storedCode.PtrZ() ));
-RMobilePhone::TMobilePassword defaultLockcode;
+	// Check that the ISA code is stored correctly
-defaultLockcode.Zero();
+	TRAPD( err, CheckISACodeL( storedCode ) );
-defaultLockcode.Copy(KSCPDefaultSecCode);
+	 //Bool for the correction of Defaultlockcode cenrep
-if (storedCode.Compare(KSCPDefaultSecCode) == 0) {
+TBool lCorrectDefaultlockcode = EFalse;
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@config has KSCPDefaultSecCode "));
-TRAP( err, CheckISACodeL( defaultLockcode ) );
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): iConfigFlag = %d, iConfigChecked = %d"), iConfiguration.iConfigFlag, iConfiguration.iConfigChecked));
-if (err == KErrNone) {
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA also has KSCPDefaultSecCode "));
+if ((iConfiguration.iConfigFlag == KSCPConfigOK)
-iConfiguration.iConfigFlag = KSCPConfigOK;
+&& (iConfiguration.iConfigChecked) && (err == KErrNone))
-isDefaultLockcode = ETrue;
+{
-}
+// The configuration has already been checked, exit
-else {
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): Configuration is non-default.") ));
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA doesn't has KSCPDefaultSecCode "));
+User::Leave( KErrNone );
-iConfiguration.iConfigFlag = KSCPConfigInvalid;
+}
-iConfiguration.iFailedAttempts++;
+else if ( aMode == KSCPInitial )
-isDefaultLockcode = EFalse;
+{
-}
+// Return here, must be checked by complete mode
-}
+User::Leave( KErrAccessDenied );
-else {
+}
-RDebug::Print(_L("CSCPServer::CheckISACodeL(): config lock code %s"), storedCode.PtrZ());
-TRAP( err, CheckISACodeL( storedCode ) );
-if (err == KErrNone) {
+TInt hashedISAcode;
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA and config are in SYNC !! "));
+TSCPSecCode hashedCode;
-iConfiguration.iConfigFlag = KSCPConfigOK;
+//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS
-isDefaultLockcode = EFalse;
+if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
-}
+{
-else {
+	/*TInt*/ hashedISAcode = HashISACode( iConfiguration.iEnhSecCode );
-iConfiguration.iSecCode.Zero();
+// TSCPSecCode hashedCode;
-iConfiguration.iSecCode.Append(KSCPDefaultSecCode);
+hashedCode.Zero();
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@May be ISA has KSCPDefaultSecCode "));
+hashedCode.AppendNum( hashedISAcode );
-TRAP(err,ChangeISACodeL(storedCode));
+}
-if (err == KErrNone) {
+//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()chnaged ISA code with config value "));
+if (err != KErrNone)
+{
+lCorrectDefaultlockcode = ETrue;
+}
+if ( err == KErrNone )
+{
+iConfiguration.iConfigFlag = KSCPConfigOK;
+}
+else if ( err == KErrAccessDenied )
+{
+iConfiguration.iConfigFlag = KSCPConfigInvalid;
+}
+else if ( err == KErrLocked )
+{
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): ISA code locked.") ));
+}
+else
+{
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): ERROR in validation.") ));
+}
+//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS
+if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
+{
+if ( err == KErrNone )
+{
+// Check that the codes are in-sync with each other. Especially the default ISA code must
+// be changed according to the default enhanced code.
+if ( storedCode.Compare( hashedCode ) != 0 )
+{
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): Correct ISA code stored.\
+Changing ISA code to match enhanced code => %d"), hashedISAcode ));
+storedCode.Copy( hashedCode );
+// Change the ISA code to match the hashed code
+ChangeISACodeL( storedCode );
+}
+}
+else if ( ( err == KErrAccessDenied ) && ( storedCode.Compare( hashedCode ) != 0 ) )
+{
+// Try again with the hashed code
+TRAP( err, CheckISACodeL( hashedCode ) );
+if ( err == KErrNone )
+{
+Dprint( (_L("CSCPServer::ValidateConfigurationL(): Hashed code is correct.\
+Storing hashed code(%d)"), hashedISAcode ));
+if ( StoreCode( hashedCode ) == KErrNone )
+{
 iConfiguration.iConfigFlag = KSCPConfigOK;
-isDefaultLockcode = EFalse;
+lCorrectDefaultlockcode = ETrue;
 }
-else
+}
-{
+}
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()it shouldn't reach this :( "));
-}
+//If Correction of Defaultlockcode cenrep is required for the mismatch between Config and ISA
-}
+if (lCorrectDefaultlockcode)
-}
+{
+TInt lDefCode = -1;
-CRepository* repository = CRepository::NewL(KCRUidSCPLockCode);
+CRepository* lRepository = CRepository::NewL(KCRUidSCPLockCode);
-CleanupStack::PushL(repository);
+CleanupStack::PushL(lRepository);
-if (isDefaultLockcode ) {
+TInt lRet = lRepository->Get(KSCPLockCodeDefaultLockCode,
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 12345 "));
+lDefCode);
-repository->Set(KSCPLockCodeDefaultLockCode, 12345);
+if (lRet == KErrNone && lDefCode != -1)
-}
+{
-else {
+if (lDefCode == 12345)
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 0 "));
+{
-repository->Set(KSCPLockCodeDefaultLockCode, 0);
+//Although lock code is already set, due to some unexpected condition
-}
+//like C drive wipe, cenrep status is wrongly shown. Correcting it here.
-CleanupStack::PopAndDestroy(repository);
+lRepository->Set(KSCPLockCodeDefaultLockCode, 0);
+Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 0") ));
-TRAP( err, iConfiguration.WriteSetupL() );
+}
-if (err != KErrNone) {
+else if (lDefCode == 0)
+{
+//If only ISA side is formatted, then the lock code on ISA side is default;
+//Cenrep status remains wrongly as the lock code is already set. Correcting it here.
+lRepository->Set(KSCPLockCodeDefaultLockCode, 12345);
+Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 12345") ));
+}
+}
+CleanupStack::PopAndDestroy(lRepository);
+}
+}
+//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS
+//Set the flag to True, after config is validated
+iConfiguration.iConfigChecked = ETrue;
+TRAPD( err2, iConfiguration.WriteSetupL() );
+if ( err2 != KErrNone )
+{
 Dprint( (_L("CSCPServer::ValidateConfigurationL(): WARNING: failed to write configuration\
-: %d"), err ));
+: %d"), err2 ));
 }
-if (iConfiguration.iConfigFlag == KSCPConfigOK) {
+User::LeaveIfError( err );
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KSCPConfigOK "));
+}
-err = KErrNone;
+Dprint( (_L("<-- CSCPServer::ValidateConfigurationL()") ));
 }
-else {
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KErrAccessDenied "));
-err = KErrAccessDenied;
-}
-User::LeaveIfError(err);
-}
 // ---------------------------------------------------------
 #ifdef __WINS__
 (void)aCode;
 #endif // __WINS__
-Dprint( (_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ() ));
-RDebug::Print(_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ());
 RMobilePhone::TMobilePhoneSecurityCode secCodeType;
 secCodeType = RMobilePhone::ESecurityCodePhonePassword;
 RMobilePhone::TMobilePassword required_fourth;
 Dprint( (_L("CSCPServer::CheckISACodeL(): ISA code NOT OK") ));
 if (iConfiguration.iBlockedInOOS == 1)
 	         {
 	            	iConfiguration.iBlockedInOOS = 0;
 	            	Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 0, KErrAccessDenied") ));
-	            	RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@iBlockedInOOS = 0, KErrAccessDenie"));
 	         }
 ret = KErrAccessDenied;
 }
 else if ( ( ret == KErrGsmSSPasswordAttemptsViolation ) || ( ret == KErrLocked ) )
 {
 Dprint( (_L("CSCPServer::CheckISACodeL(): ISA code BLOCKED") ));
 if (ret==KErrGsmSSPasswordAttemptsViolation)
 {
 	Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") ));
-	RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrGsmSSPasswordAttemptsViolation"));
 }
 else
 {
 	Dprint( (_L("CSCPServer::CheckISACodeL(): KErrLocked") ));
-	RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrLocked"));
 }
 ret = KErrLocked;
 if (iConfiguration.iBlockedInOOS == 0)
 	 {
 	iConfiguration.iBlockedInOOS = 1;
 	Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 1, KSCPErrCodeBlockStarted") ));
-	RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@@@@"));
 	ret = KSCPErrCodeBlockStarted;
 	 }
 }
 else
 {
 Dprint( (_L("CSCPServer::CheckISACodeL(): ERROR reply checking ISA code: %d"),
 status.Int() ));
-RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()"));
 }
 }
 TRAPD( err, iConfiguration.WriteSetupL() );
 if ( err != KErrNone )
 {
 		 * already set
 		 * */
 		TRAP(err, repository = CRepository :: NewL(KCRUidSCPLockCode));
 		if(err == KErrNone) {
-			RDebug::Print(_L("<-- CSCPServer::StoreEnhCode()  setting KSCPLockCodeDefaultLockCode to 0"));
 err = repository->Set(KSCPLockCodeDefaultLockCode, 0);
 delete repository;
 		}
 	}
 }
 #endif // __SCP_DEBUG
 TInt lRetStatus(KErrNone);
 Dprint(_L("[CSCPServer]-> Initiating branching on parameter..."));
-switch(aID) {
+switch ( aID )
-case ESCPAutolockPeriod:
+{
-case ESCPMaxAutolockPeriod: {
+case ( ESCPAutolockPeriod ):
+// Flow through
+case ( ESCPMaxAutolockPeriod ):
+{
 // Convert the value, and set it
 TInt value;
 TLex lex(aValue);
 lRetStatus = lex.Val(value);
 if((lRetStatus != KErrNone ) || ( value < 0) || ( value > KSCPAutolockPeriodMaximum )) {
 lRetStatus = KErrArgument;
 break;
 }
 //Check if the device memory is encrypted or not.
 TBool encryptionEnabled = IsDeviceMemoryEncrypted();
-CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC();
 // Value OK
-if(aID == ESCPMaxAutolockPeriod) {
+if(aID == ESCPMaxAutolockPeriod)
-if( encryptionEnabled ) {
+						{
-Dprint(_L("[CSCPServer]-> Memory is encrypted"));
+						   if (  encryptionEnabled )
+{
+Dprint(_L("Memory is encrypted"));
+if (( 0 == value) || value > KMaxAutolockPeriod)
+{
+Dprint((_L("Denying setting of max auto lock as value is %d"), value));
+User::Leave( KErrPermissionDenied );
+}
+}
+else
+{
+Dprint(_L("Memory is decrypted, hence no restrictions to max autolock"));
+}
-if(( 0 == value) || value > KMaxAutolockPeriod) {
+Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod..."));
-Dprint((_L("[CSCPServer]-> Denying setting of max auto lock as value is %d"), value));
+CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC();
-User :: Leave( KErrPermissionDenied );
-}
-}
-else {
-Dprint(_L("Memory is decrypted, hence no restrictions to max autolock"));
-}
-Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod..."));
 lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: EMaxTimeout, aValue, aCallerIdentity, lParamDB);
-if(lRetStatus == KErrNone) {
+if(lRetStatus == KErrNone)
+								{
 // Do we have to change the Autolock period as well?
 TInt currentALperiod;
 lRetStatus = GetAutolockPeriodL(currentALperiod);
-if(lRetStatus == KErrNone) {
+if(lRetStatus == KErrNone)
-if( (iConfiguration.iMaxTimeout > 0) &&
+										{
-((iConfiguration.iMaxTimeout < currentALperiod) ||
+if((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < currentALperiod) || (currentALperiod == 0)))
-(currentALperiod == 0))) {
+												{
 Dprint((_L("[CSCPServer]-> Changing AL period to Max. AL period (Current ALP: %d, Max. ALP: %d)"), currentALperiod, value));
-//lRetStatus = SetAutolockPeriodL(value);
+lRetStatus = SetAutolockPeriodL(value);
-/*
-* Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in
-* both the internal DB and the CenRep
-*/
-lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB);
 }
 }
-else {
+else
+										{
 Dprint((_L("[CSCPServer]-> ERROR: Couldn't get the Autolock period: %d"), lRetStatus));
 }
 }
-}
-// Autolock Period
+CleanupStack :: PopAndDestroy(); //lParamDB
-else {
+}
-//Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state.
-/*  if ( 0 == value ) {
+else
-if(encryptionEnabled) {
+{ // Autolock Period
+			//Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state.
+	     /*  if ( 0 == value )
+{
+if ( encryptionEnabled )
+{
 Dprint(_L("Permission denied!"));
-User :: Leave(KErrPermissionDenied);
+User::Leave( KErrPermissionDenied );
 }
 }*/
 Dprint(_L("[CSCPServer]-> Branched to ESCPAutolockPeriod..."));
 //  Check if this value is not allowed by the Max. Autolock period
 if ((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < value) || (value == 0))) {
 Dprint((_L("[CSCPServer]-> ERROR: The value %d for AL period not allowed (Max. AL period: %d)"), value, iConfiguration.iMaxTimeout));
 lRetStatus = KErrArgument;
 }
 else {
-//lRetStatus = SetAutolockPeriodL(value);
+lRetStatus = SetAutolockPeriodL(value);
-/*
-* Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in
-* both the internal DB and the CenRep
-*/
-lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB);
 if(lRetStatus != KErrNone) {
 Dprint((_L("[CSCPServer]-> ERROR: Couldn't set the Autolock period: %d"), lRetStatus));
 }
 }
 }
-CleanupStack :: PopAndDestroy(); //lParamDB
 }
 break;
 case ESCPCodeChangePolicy:
 Dprint(_L("[CSCPServer]-> Branched to ESCPCodeChangePolicy..."));
 lRetStatus = ChangeCodePolicy( aValue );
 }
 }
 if ( getFromCommonStorage )
 {
+Dprint(_L("[CSCPServer]-> Fetching from Common storage..."));
 // OK, no objection, so try to get the value from common storage
 ret = iPluginEventHandler->GetParameters().Get( aID, aValue );
 }
 if ( repParams != NULL )
 // Status : Approved
 // ---------------------------------------------------------
 //
 TInt CSCPServer::IsCorrectEnhCode( TDes& aCode, TInt aFlags )
 {
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): ") ));
+Dprint( (_L("CSCPServer::IsCorrectEnhCode") ));
 if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
 {
 	return KErrNotSupported;
 }
 TInt ret = KErrAccessDenied;
 // Hash the code
 TBuf<KSCPMaxHashLength> hashBuf;
 hashBuf.Zero();
 iPluginEventHandler->HashInput( aCode, hashBuf );
 pswCandidate.AppendNum( ISACode );
 TBool enhancedCodeMatches = EFalse;
 if ( hashBuf.Compare( iConfiguration.iEnhSecCode ) == 0 )
 {
-	Dprint( (_L("CSCPServer::IsCorrectEnhCode(): enh code matches.") ));
 enhancedCodeMatches = ETrue;
 }
 // Check if the code is blocked (don't check if we're out-of-sync)
 if ( ( iConfiguration.iConfigFlag == KSCPConfigOK ) && ( IsCodeBlocked() ) )
 {
-	Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 1") ));
 if ( aFlags & KSCPEtelRequest )
 {
-	Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 2") ));
 // Check if the code is correct
 if ( enhancedCodeMatches )
 {
 // Mess-up the code
 RMobilePhone::TMobilePassword codeToSend;
 SendInvalidDOSCode( codeToSend );
 }
 else
 {
 // OK, the code is already invalid
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 3") ));
 SendInvalidDOSCode( pswCandidate );
 }
 }
 return KErrLocked;
 }
 if ( iConfiguration.iConfigFlag == KSCPConfigOK )
 {
 // Normal situation: we have the correct code stored.
 // Compare the hashes (hashing error will result in EFalse )
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 4") ));
 if ( enhancedCodeMatches )
 {
 ret = KErrNone;
 if ( aFlags & KSCPEtelRequest )
 {
 // Send the correct code to DOS side
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 5") ));
 TRAP( ret, CheckISACodeL( pswCandidate ) );
 }
 if ( ret == KErrNone )
 {
 if ( iConfiguration.iFailedAttempts > 0 )
 {
 iConfiguration.iFailedAttempts = 0;
-Dprint( (_L("CSCPServer::IsCorrectEnhCode():: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
+Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
 writeSetup = ETrue;
 }
 }
 else
 {
 else
 {
 ret = KErrAccessDenied;
 iConfiguration.iFailedAttempts++;
-Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
+Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
 writeSetup = ETrue;
 if ( iConfiguration.iFailedAttempts == KSCPCodeBlockLimit )
 {
-	Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit  ") ));
 // Block the code
 TTime curTime;
 curTime.UniversalTime();
 iConfiguration.iBlockedAtTime.Zero();
 }
 }
 else
 {
 // iConfiguration.iConfigFlag == KSCPConfigInvalid or KSCPConfigUnknown
 // We might be out-of-sync, no idea about the real code.
 // Check if the DOS code hashed from the given code is correct.
 Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Attempting to correct OoS situation.") ));
-if (IsCodeBlocked()) {
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): OOS ->KErrLocked  ") ));
-return KErrLocked;
-}
 TRAP( ret, CheckISACodeL( pswCandidate ) );
-if (ret == KErrNone) {
+if ( ret == KErrNone )
+{
 // OK, we must assume that this is the correct code, since
 // the hashed DOS code is correct. Save the codes, and return OK.
 Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code has the correct hash (%d)\
 , saving codes."), ISACode ));
 iConfiguration.iEnhSecCode.Zero();
-iConfiguration.iEnhSecCode.Copy(hashBuf);
+iConfiguration.iEnhSecCode.Copy( hashBuf );
 iConfiguration.iSecCode.Zero();
-iConfiguration.iSecCode.AppendNum(ISACode);
+iConfiguration.iSecCode.AppendNum( ISACode );
 // Unset the invalid configuration flag
 iConfiguration.iConfigFlag = KSCPConfigOK;
 writeSetup = ETrue;
 }
-else {
+else
-ret = KErrAccessDenied;
+{
-iConfiguration.iFailedAttempts++;
+Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code does not have the \
-Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
+correct hash: ret; %d user enter password: %d"), ret ));
+			TRAP( ret, CheckISACodeL( aCode ) );
+			if (ret == KErrNone)
+			{
+				//store this code in our interal storage as it is used as oldpassword while changing at ISA side in next command
+				//ChangeISACodeL.
+				iConfiguration.iSecCode.Zero();
+				iConfiguration.iSecCode.Append( aCode );
+				TRAP(ret,ChangeISACodeL(pswCandidate));
+			}
+			if (ret == KErrNone)
+			{
+			iConfiguration.iEnhSecCode.Zero();
+iConfiguration.iEnhSecCode.Copy( hashBuf );
+iConfiguration.iSecCode.Zero();
+iConfiguration.iSecCode.AppendNum( ISACode );
+// Unset the invalid configuration flag
+iConfiguration.iConfigFlag = KSCPConfigOK;
 writeSetup = ETrue;
+			}
-if (iConfiguration.iFailedAttempts == KSCPCodeBlockLimit) {
+}
-Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit  ") ));
+}
-// Block the code
-TTime curTime;
-curTime.UniversalTime();
-iConfiguration.iBlockedAtTime.Zero();
-iConfiguration.iBlockedAtTime.AppendNum(curTime.Int64());
-// The code will be blocked for now on
-ret = KSCPErrCodeBlockStarted;
-}
-}
-}
 // Write setup if needed
 if ( writeSetup )
 {
-	Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 7  ") ));
 TRAPD( err, iConfiguration.WriteSetupL() );
 if ( err != KErrNone )
 {
 Dprint( (_L("CSCPServer::IsCorrectEnhCode(): WARNING:\
 failed to write configuration: %d"), err ));
 }
 }
+Dprint( (_L("CSCPServer::IsCorrectEnhCode %d"), ret ));
 return ret;
 }
 TInt CSCPServer::CheckAndChangeEnhCodeL( TDes& aOldPass,
 TDes& aNewPass,
 CSCPParamObject*& aRetParams,
 TSCPSecCode& aNewDOSCode )
 {
+Dprint(_L("CSCPServer::CheckAndChangeEnhCodeL >>"));
 if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
 {
 	return KErrNotSupported;
 }
 TInt ret = KErrNone;
 inParams->Set( KSCPParamStatus, KErrNone );
 inParams->Set( KSCPParamContext, KSCPContextChangePsw );
 CSCPParamObject* repParams =
 iPluginManager->PostEvent( KSCPEventAuthenticationAttempted, *inParams );
-if ( repParams != NULL )
+if ( repParams != NULL ) {
+// Ignore the return params at this point
+delete repParams;
+	}
+CleanupStack::PopAndDestroy(inParams);
+ret = ValidateLockcodeAgainstPoliciesL(aNewPass, aRetParams);
+if(ret != KErrNone) {
+Dprint(_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() failed in CheckAndChangeEnhCodeL() ret=%d"), ret);
+return ret;
+}
+if ( IsValidEnhCode( aNewPass ) )
+{
+ret = StoreEnhCode( aNewPass, &aNewDOSCode );
+}
+else
+{
+// Invalid code format! Should not happen at this point, but make sure.
+ret = KErrArgument;
+}
+if ( ret == KErrNone )
+{
+CSCPParamObject* inParams = CSCPParamObject::NewL();
+CleanupStack::PushL( inParams );
+inParams->Set( KSCPParamPassword, aNewPass );
+CSCPParamObject* repParams =
+iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams );
+CleanupStack::PopAndDestroy( inParams );
+if ( repParams != NULL )
 {
 // Ignore the return params at this point
 delete repParams;
-}
-inParams->Reset();
-// Validate the code
-inParams->Set( KSCPParamPassword, aNewPass );
-repParams = iPluginManager->PostEvent( KSCPEventValidate, *inParams );
-CleanupStack::PopAndDestroy( inParams );
-if ( repParams != NULL )
-{
-// Check if the validation failed
-TInt status;
-if ( repParams->Get( KSCPParamStatus, status ) == KErrNone )
-{
-if ( status != KErrNone )
-{
-ret = status;
-}
 }
-aRetParams = repParams; // pointer ownership changed
-}
-// Set the new code, if it was OK
-if ( ret == KErrNone )
-{
-if ( IsValidEnhCode( aNewPass ) )
-{
-ret = StoreEnhCode( aNewPass, &aNewDOSCode );
-}
-else
-{
-// Invalid code format! Should not happen at this point, but make sure.
-ret = KErrArgument;
-}
-if ( ret == KErrNone )
-{
-CSCPParamObject* inParams = CSCPParamObject::NewL();
-CleanupStack::PushL( inParams );
-inParams->Set( KSCPParamPassword, aNewPass );
-CSCPParamObject* repParams =
-iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams );
-CleanupStack::PopAndDestroy( inParams );
-if ( repParams != NULL )
-{
-// Ignore the return params at this point
-delete repParams;
-}
-}
 }
 }
 else
 {
 if ( ( ret == KErrAccessDenied ) || ( ret == KSCPErrCodeBlockStarted ) )
 {
 	    ret = KErrLocked; // Set this as the external error code
 }
 }
 }
+Dprint(_L("[CSCPServer]-> CheckAndChangeEnhCodeL ret=%d"), ret);
 return ret;
 }
 // Status : Approved
 // ---------------------------------------------------------
 TInt CSCPServer::IsPasswordChangeAllowedL( CSCPParamObject*& aRetParams )
 {
+Dprint(_L("CSCPServer::IsPasswordChangeAllowedL >>"));
 if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
 {
 	return KErrNotSupported;
 }
 TInt ret = KErrNone;
 // Checks if phone memory is encrypted or not.
 // ---------------------------------------------------------
 TBool CSCPServer::IsDeviceMemoryEncrypted()
 {
 Dprint(_L("CSCPServer::IsDeviceMemoryEncrypted >>"));
 TBool ret(EFalse);
 //First check if the feature is supported on device
 TRAPD(ferr, FeatureManager::InitializeLibL());
 if (ferr != KErrNone)
 {
 Dprint(_L("feature mgr initialization error, %d"), ferr);
 }
 ret = FeatureManager::FeatureSupported( KFeatureIdFfDeviceEncryptionFeature);
 FeatureManager::UnInitializeLib();
 //If feature is supported, check if any drive is encrypted.
 if (ret)
 {
 RLibrary library;
 CDevEncSessionBase* devEncSession = NULL;
 TInt err = library.Load(KDevEncCommonUtils);
 *
 * @return TInt: KErrNone is successful, otherwise a system error code
 */
 TInt CSCPServer :: SetBestPolicyL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity, CSCPParamDBController* aParamDB ) {
 Dprint( (_L("[CSCPServer]-> SetBestPolicyL() >>>")));
-Dprint( (_L("[CSCPServer]-> ParamID=%d "), aID, aValue));
-Dprint( (_L("[CSCPServer]-> ParamValue=%d "), aValue));
 TBool lFirstTime(EFalse);
 TInt32 lNumValue (-1);
 TInt32 lNumValDB (-1);
-TInt lRetStatus = KErrNone;
+TInt32 lRetStatus = KErrNone;
 switch(aID) {
-case RTerminalControl3rdPartySession :: ETimeout:
 case RTerminalControl3rdPartySession :: EMaxTimeout:
 case RTerminalControl3rdPartySession :: EPasscodeMinLength:
 case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
 case RTerminalControl3rdPartySession :: EPasscodeRequireUpperAndLower:
 case RTerminalControl3rdPartySession :: EPasscodeRequireCharsAndNumbers:
 lRetStatus = aParamDB->DropValuesL(aID);
 }
 else {
 // Fetch the previous value of the parameter from the private database
 switch(aID) {
-case RTerminalControl3rdPartySession :: ETimeout:
-// No need to fetch previous value for ETimeout since Stronger/Weaker check is not required for it.
-break;
 case RTerminalControl3rdPartySession :: EMaxTimeout:
 case RTerminalControl3rdPartySession :: EPasscodeMinLength:
 case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
 case RTerminalControl3rdPartySession :: EPasscodeRequireUpperAndLower:
 case RTerminalControl3rdPartySession :: EPasscodeRequireCharsAndNumbers:
 lRetStatus = KErrNone;
 // Decision code that verifies if policy is strongest
 switch(aID) {
-case RTerminalControl3rdPartySession :: ETimeout:
-/*
-* No need to check stronger/weaker for ETimeout. The value just has to be maintained in both
-* DB and the CenRep
-*/
-break;
 case RTerminalControl3rdPartySession :: EMaxTimeout:
 case RTerminalControl3rdPartySession :: EPasscodeMaxRepeatedCharacters:
 case RTerminalControl3rdPartySession :: EPasscodeExpiration:
 case RTerminalControl3rdPartySession :: EPasscodeMinChangeTolerance:
 case RTerminalControl3rdPartySession :: EPasscodeMinChangeInterval:
 * from iPluginEventHandler->GetParameters() fails.
 * (WriteToFileL() is called in some destructor when the SCPServer terminates)
 */
 if (lRetStatus == KErrNone) {
 switch (aID) {
-case RTerminalControl3rdPartySession :: ETimeout:
-lRetStatus = SetAutolockPeriodL(TInt(lNumValue));
-Dprint(_L("[CSCPServer]-> After setting ETimeout lRetStatus = %d "), lRetStatus);
-break;
 case RTerminalControl3rdPartySession :: EMaxTimeout:
 iConfiguration.iMaxTimeout = lNumValue;
 lRetStatus = iConfiguration.WriteSetupL();
 Dprint(_L("[CSCPServer]-> After setting EMaxTimeout lRetStatus = %d "), lRetStatus);
 break;
 default:
 TUint16* ptr = const_cast<TUint16*>(aValue.Ptr());
 TPtr valBuf(ptr, aValue.Length(), aValue.Length());
 lRetStatus = iPluginEventHandler->GetParameters().Set(aID, valBuf);
 Dprint(_L("[CSCPServer]-> After setting (%d ) lRetStatus = %d "), aID, lRetStatus);
 lParamIds[lMinTolIndex] = RTerminalControl3rdPartySession :: EPasscodeHistoryBuffer;
 Dprint(_L("[CSCPServer]-> Switching the cleanup order of EPasscodeHistoryBuffer and EPasscodeMinChangeTolerance"));
 Dprint(_L("[CSCPServer]-> Old Index of EPasscodeHistoryBuffer=%d"), lHistBuffIndex);
 Dprint(_L("[CSCPServer]-> Old Index of EPasscodeMinChangeTolerance=%d"), lMinTolIndex);
 }
-/*
-* If both ETimeout and EMaxTimeout are marked for cleanup then interchange the cleanup order of
-* ETimeout and EMaxTimeout since AutoLock (ETimeout) cannot be disabled
-* if MaxAutolock (EMaxTimeout) is still enabled
-*/
-if( lParamIds[0] == RTerminalControl3rdPartySession :: ETimeout &&
-lParamIds[1] == RTerminalControl3rdPartySession :: EMaxTimeout) {
-lParamIds[0] = RTerminalControl3rdPartySession :: EMaxTimeout;
-lParamIds[1] = RTerminalControl3rdPartySession :: ETimeout;
-}
 	}
 for(TInt j=0; j < lCount; j++) {
 TInt lCurrParamID = lParamIds[j];
 lDefValueBuf->Des().Zero();
 lDefValueBuf->Des().Format(_L("%d "), 0);
 // Initialize the default values here...
 switch(lCurrParamID) {
-case RTerminalControl3rdPartySession :: ETimeout:
-// lDefValueBuf already has the default value, 0 initialized...
-lCurrParamID = ESCPAutolockPeriod;
-break;
 case RTerminalControl3rdPartySession :: EMaxTimeout:
 // lDefValueBuf already has the default value, 0 initialized...
 lCurrParamID = ESCPMaxAutolockPeriod;
 break;
 case RTerminalControl3rdPartySession :: EPasscodeMinLength:
 iOverrideForCleanup = ETrue;
 TInt lDesCount = lDesArr.Count();
 for(TInt k=0; k < lDesCount; k++) {
 TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDesArr[k]->Des(), lAppID));
 if(KErrNone != lStatus) {
 Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus);
 lSubOpsFailed = ETrue;
 }
 }
 lDesArr.ResetAndDestroy();
 CleanupStack :: PopAndDestroy(1); // lDesArray
 }
 break;
-case ESCPAutolockPeriod: {
-TInt32 lParamValueDB(0);
-TInt lParamValueCenRep(0);
-TInt32 lCurrParamOwner(0);
-lStatus = lParamDB->GetValueL(RTerminalControl3rdPartySession :: ETimeout, lParamValueDB, lCurrParamOwner);
-if(lStatus != KErrNone) {
-Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from DB..."));
-lSubOpsFailed = ETrue;
-break;
-}
-lStatus = GetAutolockPeriodL(lParamValueCenRep);
-if(lStatus != KErrNone) {
-Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from CenRep..."));
-lSubOpsFailed = ETrue;
-break;
-}
-/*
-*  It is possible that AutoLock set from UI is different. In that case internal DB and CenRep
-*  are not in sync. Compare the two values and if they are same assume that the values are in sync.
-*  Limitation is that if the user sets the AutoLock with the same value as set by the current app then
-*  AutoLock will get disabled.
-*
-*/
-if(lParamValueCenRep != lParamValueDB) {
-break;
-}
-}
 default: {
 iOverrideForCleanup = ETrue;
 TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDefValueBuf->Des(), lAppID));
 iOverrideForCleanup = EFalse;
 // No need to destroy lTmpBuffer, it will be cleaned up by the caller (on cleanup of aParamValArray)
 aParamValArray.AppendL(lTmpBuffer);
 }
 }
-break;
+}
-};
 if(KErrNone != lStatus) {
 Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus);
 lSubOpsFailed = ETrue;
 }
 Dprint( (_L("[CSCPServer]-> PerformCleanupL() <<<")));
 CleanupStack :: PopAndDestroy(4); // lParamIds lParamDB lBufReadStream lDefValueBuf
 return (lSubOpsFailed) ? KErrGeneral : KErrNone;
 }
+void CSCPServer :: GetPoliciesL(HBufC8* aAppIDBuffer, TUint32 aCallerIdentity) {
+TInt lValue;
+TInt lRet = KErrNone;
+TBuf<25> lParamValBuf;
+TPtr8 lBufPtr = aAppIDBuffer->Des();
+RDesWriteStream lWriteStream(lBufPtr);
+CleanupClosePushL(lWriteStream);
+lRet = GetAutolockPeriodL(lValue);
+if(lRet != KErrNone) {
+User :: Leave(lRet);
+}
+Dprint((_L("[CSCPServer]-> appending AutoLockPeriod value=%d"), lValue));
+lWriteStream.WriteInt32L(lValue);
+Dprint((_L("[CSCPServer]-> appending MaxAutoLockPeriod value=%d"), iConfiguration.iMaxTimeout));
+lWriteStream.WriteInt32L(iConfiguration.iMaxTimeout);
+if(FeatureManager :: FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) {
+Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() complete. Fetching values now..."));
+/* Fetch parameters starting from RTerminalControl3rdPartySession :: EPasscodeMinLength to
+* RTerminalControl3rdPartySession :: EPasscodeMinChangeInterval
+*/
+TInt lPID = RTerminalControl3rdPartySession :: EPasscodeMinLength;
+for(; lPID <= RTerminalControl3rdPartySession :: EPasscodeDisallowSimple; lPID++) {
+switch(lPID) {
+default:
+break;
+case RTerminalControl3rdPartySession :: EPasscodeCheckSpecificStrings:
+case RTerminalControl3rdPartySession :: EPasscodeAllowSpecific:
+case RTerminalControl3rdPartySession :: EPasscodeClearSpecificStrings:
+// No need to fetch these three parameters
+continue;
+case RTerminalControl3rdPartySession :: EPasscodeDisallowSpecific:
+Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSpecific value..."));
+// Get on EPasscodeDisallowSpecific returning -1 instead
+lWriteStream.WriteInt32L(-1);
+continue;
+case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple:
+Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSimple value..."));
+lWriteStream.WriteInt32L(1);
+lWriteStream.WriteInt32L(1);
+continue;
+}
+//lRet = GetParameterValueL(lPID, lParamValBuf, aCallerIdentity);
+lRet = iPluginEventHandler->GetParameters().Get(lPID, lValue);
+switch(lRet) {
+case KErrNotFound: {
+switch(lPID) {
+case RTerminalControl3rdPartySession :: EPasscodeMinLength:
+lValue = KSCPPasscodeMinLength;
+break;
+case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
+lValue = KSCPPasscodeMaxLength;
+break;
+default:
+lValue = 0;
+break;
+}
+}
+break;
+case KErrNone: {
+//                    TLex lLex(lParamValBuf);
+//                    lRet = lLex.Val(lValue);
+//                    User :: LeaveIfError(lRet);
+}
+break;
+default:
+User :: Leave(lRet);
+}
+Dprint((_L("[CSCPServer]-> appending value for lPID=%d"), lPID));
+Dprint((_L("[CSCPServer]-> lValue=%d"), lValue));
+switch(lPID) {
+default:
+lWriteStream.WriteInt32L(lValue);
+break;
+case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple:
+lWriteStream.WriteInt32L(1);
+lWriteStream.WriteInt32L(1);
+break;
+}
+}
+}
+else {
+Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() failed!!..."));
+}
+CleanupStack :: PopAndDestroy(1); // lWriteStream
+}
+TInt CSCPServer :: ValidateLockcodeAgainstPoliciesL(TDes& aLockcode, CSCPParamObject*& aRetParams) {
+Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() >>>")));
+TInt ret = KErrNone;
+CSCPParamObject* inParams = CSCPParamObject :: NewL();
+inParams->Set(KSCPParamPassword, aLockcode);
+CSCPParamObject* repParams = iPluginManager->PostEvent(KSCPEventValidate, *inParams);
+delete inParams;
+if (repParams != NULL) {
+// Check if the validation failed
+TInt status;
+if (repParams->Get(KSCPParamStatus, status) == KErrNone) {
+if (status != KErrNone) {
+ret = status;
+}
+}
+aRetParams = repParams; // pointer ownership changed
+}
+Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() <<<")));
+return ret;
+}
 //#endif //  __SAP_DEVICE_LOCK_ENHANCEMENTS
 // <<<< ********************** NEW FEATURES ********************
 // ================= OTHER EXPORTED FUNCTIONS ==============

branch	RCL_3
changeset 25	b183ec05bd8c
parent 24	13d7c31c74e0
child 26	19bba8228ff0