--- a/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Thu Aug 19 10:44:50 2010 +0300
+++ b/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Tue Aug 31 16:04:06 2010 +0300
@@ -53,20 +53,6 @@
#include <DevEncEngineConstants.h>
#include <DevEncSessionBase.h>
#include <startupdomainpskeys.h>
-/*
-#ifdef _DEBUG
-#define __SCP_DEBUG
-#endif // _DEBUG
-
-// Define this so the precompiler in CW 3.1 won't complain about token pasting,
-// the warnings are not valid
-#pragma warn_illtokenpasting off
-
-#ifdef __SCP_DEBUG
-#define Dprint(a) RDebug::Print##a
-#else
-#define Dprint(a)
-#endif // _DEBUG*/
// ==================== LOCAL FUNCTIONS ====================
@@ -129,7 +115,7 @@
// Assign default config flag
iConfiguration.iConfigFlag = KSCPConfigUnknown;
-
+ iConfiguration.iConfigChecked = EFalse;
// Assign the default codes
iConfiguration.iSecCode.Zero();
@@ -169,7 +155,7 @@
//#endif
// Assign the default max timeout
- iConfiguration.iMaxTimeout = 0;
+ iConfiguration.iMaxTimeout = KSCPDefaultMaxTO;
iConfiguration.iBlockedInOOS = 0;
// Read the configuration, overwriting the default values
@@ -186,8 +172,24 @@
}
-
-
+ //If Configuration is not validated already, validate it
+
+ if (!iConfiguration.iConfigChecked)
+ {
+ TInt valerr = KErrNone;
+ TRAP( valerr, ValidateConfigurationL( KSCPComplete ));
+ if (valerr != KErrNone)
+ {
+ Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation failed: %d"), valerr ));
+ }
+ else
+ {
+ Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation Passed")));
+ }
+ }
+
+
+
Dprint( (_L("CSCPServer::ConstructL(): Connecting to CenRep") ));
iALPeriodRep = CRepository::NewL( KCRUidSecuritySettings );
@@ -652,92 +654,156 @@
//
void CSCPServer::ValidateConfigurationL( TInt aMode )
{
- if (aMode == KSCPInitial) {
- // Return here, must be checked by complete mode
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@@aMode == KSCPInitial "));
- User::Leave(KErrAccessDenied);
- }
+ Dprint( (_L("--> CSCPServer::ValidateConfigurationL()") ));
+ RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()"));
+ TInt startupReason(ENormalStartup);
+ RProperty::Get(KPSUidStartup, KPSStartupReason, startupReason);
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): startupReason = %d"), startupReason));
+ if((startupReason == ENormalRFSReset)||(startupReason == EDeepRFSReset)||(startupReason == EFirmwareUpdate)||(iConfiguration.iConfigFlag == KSCPConfigUnknown))
+ {
- RMobilePhone::TMobilePassword storedCode;
+ RMobilePhone::TMobilePassword storedCode;
storedCode.Zero();
User::LeaveIfError(GetCode(storedCode));
- TBool isDefaultLockcode = ETrue;
- TInt err = KErrNone;
+
+
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): Checking code: %s"), storedCode.PtrZ() ));
+ // Check that the ISA code is stored correctly
+ TRAPD( err, CheckISACodeL( storedCode ) );
+ //Bool for the correction of Defaultlockcode cenrep
+ TBool lCorrectDefaultlockcode = EFalse;
- RMobilePhone::TMobilePassword defaultLockcode;
- defaultLockcode.Zero();
- defaultLockcode.Copy(KSCPDefaultSecCode);
- if (storedCode.Compare(KSCPDefaultSecCode) == 0) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@config has KSCPDefaultSecCode "));
- TRAP( err, CheckISACodeL( defaultLockcode ) );
- if (err == KErrNone) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA also has KSCPDefaultSecCode "));
- iConfiguration.iConfigFlag = KSCPConfigOK;
- isDefaultLockcode = ETrue;
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): iConfigFlag = %d, iConfigChecked = %d"), iConfiguration.iConfigFlag, iConfiguration.iConfigChecked));
+
+ if ((iConfiguration.iConfigFlag == KSCPConfigOK)
+ && (iConfiguration.iConfigChecked) && (err == KErrNone))
+ {
+ // The configuration has already been checked, exit
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): Configuration is non-default.") ));
+ User::Leave( KErrNone );
}
- else {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA doesn't has KSCPDefaultSecCode "));
- iConfiguration.iConfigFlag = KSCPConfigInvalid;
- iConfiguration.iFailedAttempts++;
- isDefaultLockcode = EFalse;
+ else if ( aMode == KSCPInitial )
+ {
+ // Return here, must be checked by complete mode
+ User::Leave( KErrAccessDenied );
}
- }
- else {
- RDebug::Print(_L("CSCPServer::CheckISACodeL(): config lock code %s"), storedCode.PtrZ());
- TRAP( err, CheckISACodeL( storedCode ) );
- if (err == KErrNone) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA and config are in SYNC !! "));
- iConfiguration.iConfigFlag = KSCPConfigOK;
- isDefaultLockcode = EFalse;
+
+
+ TInt hashedISAcode;
+ TSCPSecCode hashedCode;
+//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS
+if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
+{
+ /*TInt*/ hashedISAcode = HashISACode( iConfiguration.iEnhSecCode );
+ // TSCPSecCode hashedCode;
+ hashedCode.Zero();
+ hashedCode.AppendNum( hashedISAcode );
+}
+//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS
+
+
+
+
+ if (err != KErrNone)
+ {
+ lCorrectDefaultlockcode = ETrue;
+ }
+ if ( err == KErrNone )
+ {
+ iConfiguration.iConfigFlag = KSCPConfigOK;
}
- else {
- iConfiguration.iSecCode.Zero();
- iConfiguration.iSecCode.Append(KSCPDefaultSecCode);
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@May be ISA has KSCPDefaultSecCode "));
- TRAP(err,ChangeISACodeL(storedCode));
- if (err == KErrNone) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()chnaged ISA code with config value "));
- iConfiguration.iConfigFlag = KSCPConfigOK;
- isDefaultLockcode = EFalse;
- }
- else
+ else if ( err == KErrAccessDenied )
+ {
+ iConfiguration.iConfigFlag = KSCPConfigInvalid;
+ }
+ else if ( err == KErrLocked )
+ {
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): ISA code locked.") ));
+ }
+ else
+ {
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): ERROR in validation.") ));
+ }
+
+//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS
+if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
+{
+ if ( err == KErrNone )
+ {
+ // Check that the codes are in-sync with each other. Especially the default ISA code must
+ // be changed according to the default enhanced code.
+ if ( storedCode.Compare( hashedCode ) != 0 )
{
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()it shouldn't reach this :( "));
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): Correct ISA code stored.\
+ Changing ISA code to match enhanced code => %d"), hashedISAcode ));
+
+ storedCode.Copy( hashedCode );
+ // Change the ISA code to match the hashed code
+ ChangeISACodeL( storedCode );
}
}
- }
-
- CRepository* repository = CRepository::NewL(KCRUidSCPLockCode);
- CleanupStack::PushL(repository);
- if (isDefaultLockcode ) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 12345 "));
- repository->Set(KSCPLockCodeDefaultLockCode, 12345);
- }
- else {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 0 "));
- repository->Set(KSCPLockCodeDefaultLockCode, 0);
- }
- CleanupStack::PopAndDestroy(repository);
+ else if ( ( err == KErrAccessDenied ) && ( storedCode.Compare( hashedCode ) != 0 ) )
+ {
+ // Try again with the hashed code
+ TRAP( err, CheckISACodeL( hashedCode ) );
+
+ if ( err == KErrNone )
+ {
+ Dprint( (_L("CSCPServer::ValidateConfigurationL(): Hashed code is correct.\
+ Storing hashed code(%d)"), hashedISAcode ));
+
+ if ( StoreCode( hashedCode ) == KErrNone )
+ {
+ iConfiguration.iConfigFlag = KSCPConfigOK;
+ lCorrectDefaultlockcode = ETrue;
+ }
+ }
+ }
- TRAP( err, iConfiguration.WriteSetupL() );
- if (err != KErrNone) {
+ //If Correction of Defaultlockcode cenrep is required for the mismatch between Config and ISA
+ if (lCorrectDefaultlockcode)
+ {
+ TInt lDefCode = -1;
+ CRepository* lRepository = CRepository::NewL(KCRUidSCPLockCode);
+ CleanupStack::PushL(lRepository);
+ TInt lRet = lRepository->Get(KSCPLockCodeDefaultLockCode,
+ lDefCode);
+ if (lRet == KErrNone && lDefCode != -1)
+ {
+ if (lDefCode == 12345)
+ {
+ //Although lock code is already set, due to some unexpected condition
+ //like C drive wipe, cenrep status is wrongly shown. Correcting it here.
+ lRepository->Set(KSCPLockCodeDefaultLockCode, 0);
+ Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 0") ));
+ }
+ else if (lDefCode == 0)
+ {
+ //If only ISA side is formatted, then the lock code on ISA side is default;
+ //Cenrep status remains wrongly as the lock code is already set. Correcting it here.
+ lRepository->Set(KSCPLockCodeDefaultLockCode, 12345);
+ Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 12345") ));
+ }
+ }
+ CleanupStack::PopAndDestroy(lRepository);
+ }
+ }
+//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS
+ //Set the flag to True, after config is validated
+ iConfiguration.iConfigChecked = ETrue;
+
+ TRAPD( err2, iConfiguration.WriteSetupL() );
+ if ( err2 != KErrNone )
+ {
Dprint( (_L("CSCPServer::ValidateConfigurationL(): WARNING: failed to write configuration\
- : %d"), err ));
+ : %d"), err2 ));
+ }
+
+ User::LeaveIfError( err );
+ }
+ Dprint( (_L("<-- CSCPServer::ValidateConfigurationL()") ));
}
- if (iConfiguration.iConfigFlag == KSCPConfigOK) {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KSCPConfigOK "));
- err = KErrNone;
- }
- else {
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KErrAccessDenied "));
- err = KErrAccessDenied;
- }
-
- User::LeaveIfError(err);
-}
-
-
@@ -757,10 +823,7 @@
(void)aCode;
#endif // __WINS__
-
-
-Dprint( (_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ() ));
-RDebug::Print(_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ());
+
RMobilePhone::TMobilePhoneSecurityCode secCodeType;
secCodeType = RMobilePhone::ESecurityCodePhonePassword;
@@ -796,7 +859,6 @@
{
iConfiguration.iBlockedInOOS = 0;
Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 0, KErrAccessDenied") ));
- RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@iBlockedInOOS = 0, KErrAccessDenie"));
}
ret = KErrAccessDenied;
}
@@ -805,20 +867,17 @@
Dprint( (_L("CSCPServer::CheckISACodeL(): ISA code BLOCKED") ));
if (ret==KErrGsmSSPasswordAttemptsViolation)
{
- Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") ));
- RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrGsmSSPasswordAttemptsViolation"));
+ Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") ));
}
else
{
Dprint( (_L("CSCPServer::CheckISACodeL(): KErrLocked") ));
- RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrLocked"));
}
ret = KErrLocked;
if (iConfiguration.iBlockedInOOS == 0)
{
iConfiguration.iBlockedInOOS = 1;
Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 1, KSCPErrCodeBlockStarted") ));
- RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@@@@"));
ret = KSCPErrCodeBlockStarted;
}
}
@@ -826,7 +885,6 @@
{
Dprint( (_L("CSCPServer::CheckISACodeL(): ERROR reply checking ISA code: %d"),
status.Int() ));
- RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()"));
}
}
TRAPD( err, iConfiguration.WriteSetupL() );
@@ -944,7 +1002,6 @@
TRAP(err, repository = CRepository :: NewL(KCRUidSCPLockCode));
if(err == KErrNone) {
- RDebug::Print(_L("<-- CSCPServer::StoreEnhCode() setting KSCPLockCodeDefaultLockCode to 0"));
err = repository->Set(KSCPLockCodeDefaultLockCode, 0);
delete repository;
}
@@ -1280,74 +1337,84 @@
TInt lRetStatus(KErrNone);
Dprint(_L("[CSCPServer]-> Initiating branching on parameter..."));
- switch(aID) {
- case ESCPAutolockPeriod:
- case ESCPMaxAutolockPeriod: {
+ switch ( aID )
+ {
+ case ( ESCPAutolockPeriod ):
+ // Flow through
+ case ( ESCPMaxAutolockPeriod ):
+ {
// Convert the value, and set it
TInt value;
TLex lex(aValue);
lRetStatus = lex.Val(value);
+
if((lRetStatus != KErrNone ) || ( value < 0) || ( value > KSCPAutolockPeriodMaximum )) {
lRetStatus = KErrArgument;
break;
- }
+ }
//Check if the device memory is encrypted or not.
TBool encryptionEnabled = IsDeviceMemoryEncrypted();
- CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC();
// Value OK
- if(aID == ESCPMaxAutolockPeriod) {
- if( encryptionEnabled ) {
- Dprint(_L("[CSCPServer]-> Memory is encrypted"));
+ if(aID == ESCPMaxAutolockPeriod)
+ {
+ if ( encryptionEnabled )
+ {
+ Dprint(_L("Memory is encrypted"));
+ if (( 0 == value) || value > KMaxAutolockPeriod)
+ {
+ Dprint((_L("Denying setting of max auto lock as value is %d"), value));
+ User::Leave( KErrPermissionDenied );
+ }
+
+ }
+ else
+ {
+ Dprint(_L("Memory is decrypted, hence no restrictions to max autolock"));
+ }
- if(( 0 == value) || value > KMaxAutolockPeriod) {
- Dprint((_L("[CSCPServer]-> Denying setting of max auto lock as value is %d"), value));
- User :: Leave( KErrPermissionDenied );
- }
- }
- else {
- Dprint(_L("Memory is decrypted, hence no restrictions to max autolock"));
- }
-
- Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod..."));
+ Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod..."));
+ CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC();
lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: EMaxTimeout, aValue, aCallerIdentity, lParamDB);
- if(lRetStatus == KErrNone) {
+ if(lRetStatus == KErrNone)
+ {
// Do we have to change the Autolock period as well?
TInt currentALperiod;
lRetStatus = GetAutolockPeriodL(currentALperiod);
- if(lRetStatus == KErrNone) {
- if( (iConfiguration.iMaxTimeout > 0) &&
- ((iConfiguration.iMaxTimeout < currentALperiod) ||
- (currentALperiod == 0))) {
-
+ if(lRetStatus == KErrNone)
+ {
+ if((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < currentALperiod) || (currentALperiod == 0)))
+ {
Dprint((_L("[CSCPServer]-> Changing AL period to Max. AL period (Current ALP: %d, Max. ALP: %d)"), currentALperiod, value));
- //lRetStatus = SetAutolockPeriodL(value);
- /*
- * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in
- * both the internal DB and the CenRep
- */
- lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB);
+ lRetStatus = SetAutolockPeriodL(value);
}
}
- else {
+ else
+ {
Dprint((_L("[CSCPServer]-> ERROR: Couldn't get the Autolock period: %d"), lRetStatus));
}
}
+
+ CleanupStack :: PopAndDestroy(); //lParamDB
}
- // Autolock Period
- else {
- //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state.
- /* if ( 0 == value ) {
- if(encryptionEnabled) {
+
+ else
+ { // Autolock Period
+
+ //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state.
+ /* if ( 0 == value )
+ {
+ if ( encryptionEnabled )
+ {
Dprint(_L("Permission denied!"));
- User :: Leave(KErrPermissionDenied);
- }
- }*/
-
+ User::Leave( KErrPermissionDenied );
+ }
+ }*/
+
Dprint(_L("[CSCPServer]-> Branched to ESCPAutolockPeriod..."));
// Check if this value is not allowed by the Max. Autolock period
if ((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < value) || (value == 0))) {
@@ -1356,20 +1423,13 @@
lRetStatus = KErrArgument;
}
else {
- //lRetStatus = SetAutolockPeriodL(value);
- /*
- * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in
- * both the internal DB and the CenRep
- */
- lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB);
+ lRetStatus = SetAutolockPeriodL(value);
if(lRetStatus != KErrNone) {
Dprint((_L("[CSCPServer]-> ERROR: Couldn't set the Autolock period: %d"), lRetStatus));
}
}
}
-
- CleanupStack :: PopAndDestroy(); //lParamDB
}
break;
case ESCPCodeChangePolicy:
@@ -1697,6 +1757,7 @@
if ( getFromCommonStorage )
{
+ Dprint(_L("[CSCPServer]-> Fetching from Common storage..."));
// OK, no objection, so try to get the value from common storage
ret = iPluginEventHandler->GetParameters().Get( aID, aValue );
}
@@ -2009,13 +2070,13 @@
//
TInt CSCPServer::IsCorrectEnhCode( TDes& aCode, TInt aFlags )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): ") ));
+ Dprint( (_L("CSCPServer::IsCorrectEnhCode") ));
if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
{
return KErrNotSupported;
}
TInt ret = KErrAccessDenied;
-
+
// Hash the code
TBuf<KSCPMaxHashLength> hashBuf;
hashBuf.Zero();
@@ -2030,17 +2091,14 @@
TBool enhancedCodeMatches = EFalse;
if ( hashBuf.Compare( iConfiguration.iEnhSecCode ) == 0 )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): enh code matches.") ));
enhancedCodeMatches = ETrue;
}
// Check if the code is blocked (don't check if we're out-of-sync)
if ( ( iConfiguration.iConfigFlag == KSCPConfigOK ) && ( IsCodeBlocked() ) )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 1") ));
if ( aFlags & KSCPEtelRequest )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 2") ));
// Check if the code is correct
if ( enhancedCodeMatches )
{
@@ -2054,7 +2112,6 @@
else
{
// OK, the code is already invalid
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 3") ));
SendInvalidDOSCode( pswCandidate );
}
}
@@ -2067,7 +2124,6 @@
{
// Normal situation: we have the correct code stored.
// Compare the hashes (hashing error will result in EFalse )
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 4") ));
if ( enhancedCodeMatches )
{
ret = KErrNone;
@@ -2075,7 +2131,6 @@
if ( aFlags & KSCPEtelRequest )
{
// Send the correct code to DOS side
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 5") ));
TRAP( ret, CheckISACodeL( pswCandidate ) );
}
@@ -2084,7 +2139,7 @@
if ( iConfiguration.iFailedAttempts > 0 )
{
iConfiguration.iFailedAttempts = 0;
- Dprint( (_L("CSCPServer::IsCorrectEnhCode():: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
+ Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
writeSetup = ETrue;
}
}
@@ -2099,12 +2154,11 @@
ret = KErrAccessDenied;
iConfiguration.iFailedAttempts++;
- Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
+ Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
writeSetup = ETrue;
if ( iConfiguration.iFailedAttempts == KSCPCodeBlockLimit )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") ));
// Block the code
TTime curTime;
curTime.UniversalTime();
@@ -2125,60 +2179,63 @@
else
{
// iConfiguration.iConfigFlag == KSCPConfigInvalid or KSCPConfigUnknown
-
+
// We might be out-of-sync, no idea about the real code.
// Check if the DOS code hashed from the given code is correct.
Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Attempting to correct OoS situation.") ));
- if (IsCodeBlocked()) {
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): OOS ->KErrLocked ") ));
- return KErrLocked;
- }
+
TRAP( ret, CheckISACodeL( pswCandidate ) );
- if (ret == KErrNone) {
+ if ( ret == KErrNone )
+ {
// OK, we must assume that this is the correct code, since
// the hashed DOS code is correct. Save the codes, and return OK.
Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code has the correct hash (%d)\
, saving codes."), ISACode ));
-
+
iConfiguration.iEnhSecCode.Zero();
- iConfiguration.iEnhSecCode.Copy(hashBuf);
+ iConfiguration.iEnhSecCode.Copy( hashBuf );
iConfiguration.iSecCode.Zero();
- iConfiguration.iSecCode.AppendNum(ISACode);
-
+ iConfiguration.iSecCode.AppendNum( ISACode );
+
// Unset the invalid configuration flag
iConfiguration.iConfigFlag = KSCPConfigOK;
writeSetup = ETrue;
- }
- else {
- ret = KErrAccessDenied;
-
- iConfiguration.iFailedAttempts++;
- Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts ));
- writeSetup = ETrue;
+ }
+ else
+ {
+
+ Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code does not have the \
+ correct hash: ret; %d user enter password: %d"), ret ));
+ TRAP( ret, CheckISACodeL( aCode ) );
+ if (ret == KErrNone)
+ {
+ //store this code in our interal storage as it is used as oldpassword while changing at ISA side in next command
+ //ChangeISACodeL.
+ iConfiguration.iSecCode.Zero();
+ iConfiguration.iSecCode.Append( aCode );
+ TRAP(ret,ChangeISACodeL(pswCandidate));
+ }
+ if (ret == KErrNone)
+ {
+ iConfiguration.iEnhSecCode.Zero();
+ iConfiguration.iEnhSecCode.Copy( hashBuf );
- if (iConfiguration.iFailedAttempts == KSCPCodeBlockLimit) {
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") ));
- // Block the code
- TTime curTime;
- curTime.UniversalTime();
-
- iConfiguration.iBlockedAtTime.Zero();
- iConfiguration.iBlockedAtTime.AppendNum(curTime.Int64());
-
- // The code will be blocked for now on
- ret = KSCPErrCodeBlockStarted;
+ iConfiguration.iSecCode.Zero();
+ iConfiguration.iSecCode.AppendNum( ISACode );
+
+ // Unset the invalid configuration flag
+ iConfiguration.iConfigFlag = KSCPConfigOK;
+ writeSetup = ETrue;
+ }
}
}
-
- }
// Write setup if needed
if ( writeSetup )
{
- Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 7 ") ));
TRAPD( err, iConfiguration.WriteSetupL() );
if ( err != KErrNone )
{
@@ -2186,7 +2243,7 @@
failed to write configuration: %d"), err ));
}
}
-
+ Dprint( (_L("CSCPServer::IsCorrectEnhCode %d"), ret ));
return ret;
}
@@ -2307,7 +2364,7 @@
CSCPParamObject*& aRetParams,
TSCPSecCode& aNewDOSCode )
{
-
+ Dprint(_L("CSCPServer::CheckAndChangeEnhCodeL >>"));
if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
{
return KErrNotSupported;
@@ -2326,66 +2383,47 @@
CSCPParamObject* repParams =
iPluginManager->PostEvent( KSCPEventAuthenticationAttempted, *inParams );
- if ( repParams != NULL )
+ if ( repParams != NULL ) {
+ // Ignore the return params at this point
+ delete repParams;
+ }
+
+ CleanupStack::PopAndDestroy(inParams);
+
+ ret = ValidateLockcodeAgainstPoliciesL(aNewPass, aRetParams);
+
+ if(ret != KErrNone) {
+ Dprint(_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() failed in CheckAndChangeEnhCodeL() ret=%d"), ret);
+ return ret;
+ }
+
+
+ if ( IsValidEnhCode( aNewPass ) )
+ {
+ ret = StoreEnhCode( aNewPass, &aNewDOSCode );
+ }
+ else
+ {
+ // Invalid code format! Should not happen at this point, but make sure.
+ ret = KErrArgument;
+ }
+
+ if ( ret == KErrNone )
+ {
+ CSCPParamObject* inParams = CSCPParamObject::NewL();
+ CleanupStack::PushL( inParams );
+ inParams->Set( KSCPParamPassword, aNewPass );
+
+ CSCPParamObject* repParams =
+ iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams );
+
+ CleanupStack::PopAndDestroy( inParams );
+
+ if ( repParams != NULL )
{
// Ignore the return params at this point
delete repParams;
- }
-
- inParams->Reset();
-
- // Validate the code
- inParams->Set( KSCPParamPassword, aNewPass );
-
- repParams = iPluginManager->PostEvent( KSCPEventValidate, *inParams );
-
- CleanupStack::PopAndDestroy( inParams );
-
- if ( repParams != NULL )
- {
- // Check if the validation failed
- TInt status;
- if ( repParams->Get( KSCPParamStatus, status ) == KErrNone )
- {
- if ( status != KErrNone )
- {
- ret = status;
- }
}
-
- aRetParams = repParams; // pointer ownership changed
- }
-
- // Set the new code, if it was OK
- if ( ret == KErrNone )
- {
- if ( IsValidEnhCode( aNewPass ) )
- {
- ret = StoreEnhCode( aNewPass, &aNewDOSCode );
- }
- else
- {
- // Invalid code format! Should not happen at this point, but make sure.
- ret = KErrArgument;
- }
-
- if ( ret == KErrNone )
- {
- CSCPParamObject* inParams = CSCPParamObject::NewL();
- CleanupStack::PushL( inParams );
- inParams->Set( KSCPParamPassword, aNewPass );
-
- CSCPParamObject* repParams =
- iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams );
-
- CleanupStack::PopAndDestroy( inParams );
-
- if ( repParams != NULL )
- {
- // Ignore the return params at this point
- delete repParams;
- }
- }
}
}
else
@@ -2415,7 +2453,7 @@
}
}
}
-
+ Dprint(_L("[CSCPServer]-> CheckAndChangeEnhCodeL ret=%d"), ret);
return ret;
}
@@ -2449,7 +2487,7 @@
TInt CSCPServer::IsPasswordChangeAllowedL( CSCPParamObject*& aRetParams )
{
-
+ Dprint(_L("CSCPServer::IsPasswordChangeAllowedL >>"));
if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements))
{
return KErrNotSupported;
@@ -2495,7 +2533,9 @@
TBool CSCPServer::IsDeviceMemoryEncrypted()
{
Dprint(_L("CSCPServer::IsDeviceMemoryEncrypted >>"));
+
TBool ret(EFalse);
+
//First check if the feature is supported on device
TRAPD(ferr, FeatureManager::InitializeLibL());
if (ferr != KErrNone)
@@ -2507,9 +2547,6 @@
FeatureManager::UnInitializeLib();
//If feature is supported, check if any drive is encrypted.
-
-
-
if (ret)
{
RLibrary library;
@@ -2591,16 +2628,12 @@
*/
TInt CSCPServer :: SetBestPolicyL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity, CSCPParamDBController* aParamDB ) {
Dprint( (_L("[CSCPServer]-> SetBestPolicyL() >>>")));
- Dprint( (_L("[CSCPServer]-> ParamID=%d "), aID, aValue));
- Dprint( (_L("[CSCPServer]-> ParamValue=%d "), aValue));
-
TBool lFirstTime(EFalse);
TInt32 lNumValue (-1);
TInt32 lNumValDB (-1);
- TInt lRetStatus = KErrNone;
+ TInt32 lRetStatus = KErrNone;
switch(aID) {
- case RTerminalControl3rdPartySession :: ETimeout:
case RTerminalControl3rdPartySession :: EMaxTimeout:
case RTerminalControl3rdPartySession :: EPasscodeMinLength:
case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
@@ -2642,9 +2675,6 @@
else {
// Fetch the previous value of the parameter from the private database
switch(aID) {
- case RTerminalControl3rdPartySession :: ETimeout:
- // No need to fetch previous value for ETimeout since Stronger/Weaker check is not required for it.
- break;
case RTerminalControl3rdPartySession :: EMaxTimeout:
case RTerminalControl3rdPartySession :: EPasscodeMinLength:
case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
@@ -2713,12 +2743,6 @@
// Decision code that verifies if policy is strongest
switch(aID) {
- case RTerminalControl3rdPartySession :: ETimeout:
- /*
- * No need to check stronger/weaker for ETimeout. The value just has to be maintained in both
- * DB and the CenRep
- */
- break;
case RTerminalControl3rdPartySession :: EMaxTimeout:
case RTerminalControl3rdPartySession :: EPasscodeMaxRepeatedCharacters:
case RTerminalControl3rdPartySession :: EPasscodeExpiration:
@@ -2772,17 +2796,11 @@
*/
if (lRetStatus == KErrNone) {
switch (aID) {
- case RTerminalControl3rdPartySession :: ETimeout:
- lRetStatus = SetAutolockPeriodL(TInt(lNumValue));
- Dprint(_L("[CSCPServer]-> After setting ETimeout lRetStatus = %d "), lRetStatus);
- break;
-
case RTerminalControl3rdPartySession :: EMaxTimeout:
iConfiguration.iMaxTimeout = lNumValue;
lRetStatus = iConfiguration.WriteSetupL();
Dprint(_L("[CSCPServer]-> After setting EMaxTimeout lRetStatus = %d "), lRetStatus);
break;
-
default:
TUint16* ptr = const_cast<TUint16*>(aValue.Ptr());
TPtr valBuf(ptr, aValue.Length(), aValue.Length());
@@ -2877,31 +2895,14 @@
Dprint(_L("[CSCPServer]-> Old Index of EPasscodeHistoryBuffer=%d"), lHistBuffIndex);
Dprint(_L("[CSCPServer]-> Old Index of EPasscodeMinChangeTolerance=%d"), lMinTolIndex);
}
-
- /*
- * If both ETimeout and EMaxTimeout are marked for cleanup then interchange the cleanup order of
- * ETimeout and EMaxTimeout since AutoLock (ETimeout) cannot be disabled
- * if MaxAutolock (EMaxTimeout) is still enabled
- */
- if( lParamIds[0] == RTerminalControl3rdPartySession :: ETimeout &&
- lParamIds[1] == RTerminalControl3rdPartySession :: EMaxTimeout) {
-
- lParamIds[0] = RTerminalControl3rdPartySession :: EMaxTimeout;
- lParamIds[1] = RTerminalControl3rdPartySession :: ETimeout;
- }
}
for(TInt j=0; j < lCount; j++) {
TInt lCurrParamID = lParamIds[j];
lDefValueBuf->Des().Zero();
lDefValueBuf->Des().Format(_L("%d "), 0);
-
// Initialize the default values here...
switch(lCurrParamID) {
- case RTerminalControl3rdPartySession :: ETimeout:
- // lDefValueBuf already has the default value, 0 initialized...
- lCurrParamID = ESCPAutolockPeriod;
- break;
case RTerminalControl3rdPartySession :: EMaxTimeout:
// lDefValueBuf already has the default value, 0 initialized...
lCurrParamID = ESCPMaxAutolockPeriod;
@@ -2930,7 +2931,6 @@
for(TInt k=0; k < lDesCount; k++) {
TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDesArr[k]->Des(), lAppID));
-
if(KErrNone != lStatus) {
Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus);
lSubOpsFailed = ETrue;
@@ -2944,40 +2944,6 @@
CleanupStack :: PopAndDestroy(1); // lDesArray
}
break;
-
- case ESCPAutolockPeriod: {
- TInt32 lParamValueDB(0);
- TInt lParamValueCenRep(0);
- TInt32 lCurrParamOwner(0);
-
- lStatus = lParamDB->GetValueL(RTerminalControl3rdPartySession :: ETimeout, lParamValueDB, lCurrParamOwner);
-
- if(lStatus != KErrNone) {
- Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from DB..."));
- lSubOpsFailed = ETrue;
- break;
- }
-
- lStatus = GetAutolockPeriodL(lParamValueCenRep);
-
- if(lStatus != KErrNone) {
- Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from CenRep..."));
- lSubOpsFailed = ETrue;
- break;
- }
-
- /*
- * It is possible that AutoLock set from UI is different. In that case internal DB and CenRep
- * are not in sync. Compare the two values and if they are same assume that the values are in sync.
- * Limitation is that if the user sets the AutoLock with the same value as set by the current app then
- * AutoLock will get disabled.
- *
- */
- if(lParamValueCenRep != lParamValueDB) {
- break;
- }
- }
-
default: {
iOverrideForCleanup = ETrue;
TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDefValueBuf->Des(), lAppID));
@@ -2994,8 +2960,7 @@
aParamValArray.AppendL(lTmpBuffer);
}
}
- break;
- };
+ }
if(KErrNone != lStatus) {
Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus);
@@ -3009,6 +2974,131 @@
return (lSubOpsFailed) ? KErrGeneral : KErrNone;
}
+void CSCPServer :: GetPoliciesL(HBufC8* aAppIDBuffer, TUint32 aCallerIdentity) {
+ TInt lValue;
+ TInt lRet = KErrNone;
+ TBuf<25> lParamValBuf;
+ TPtr8 lBufPtr = aAppIDBuffer->Des();
+ RDesWriteStream lWriteStream(lBufPtr);
+ CleanupClosePushL(lWriteStream);
+
+ lRet = GetAutolockPeriodL(lValue);
+
+ if(lRet != KErrNone) {
+ User :: Leave(lRet);
+ }
+
+ Dprint((_L("[CSCPServer]-> appending AutoLockPeriod value=%d"), lValue));
+ lWriteStream.WriteInt32L(lValue);
+
+ Dprint((_L("[CSCPServer]-> appending MaxAutoLockPeriod value=%d"), iConfiguration.iMaxTimeout));
+ lWriteStream.WriteInt32L(iConfiguration.iMaxTimeout);
+
+ if(FeatureManager :: FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) {
+ Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() complete. Fetching values now..."));
+ /* Fetch parameters starting from RTerminalControl3rdPartySession :: EPasscodeMinLength to
+ * RTerminalControl3rdPartySession :: EPasscodeMinChangeInterval
+ */
+ TInt lPID = RTerminalControl3rdPartySession :: EPasscodeMinLength;
+
+ for(; lPID <= RTerminalControl3rdPartySession :: EPasscodeDisallowSimple; lPID++) {
+ switch(lPID) {
+ default:
+ break;
+ case RTerminalControl3rdPartySession :: EPasscodeCheckSpecificStrings:
+ case RTerminalControl3rdPartySession :: EPasscodeAllowSpecific:
+ case RTerminalControl3rdPartySession :: EPasscodeClearSpecificStrings:
+ // No need to fetch these three parameters
+ continue;
+ case RTerminalControl3rdPartySession :: EPasscodeDisallowSpecific:
+ Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSpecific value..."));
+ // Get on EPasscodeDisallowSpecific returning -1 instead
+ lWriteStream.WriteInt32L(-1);
+ continue;
+ case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple:
+ Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSimple value..."));
+ lWriteStream.WriteInt32L(1);
+ lWriteStream.WriteInt32L(1);
+ continue;
+ }
+
+ //lRet = GetParameterValueL(lPID, lParamValBuf, aCallerIdentity);
+ lRet = iPluginEventHandler->GetParameters().Get(lPID, lValue);
+
+ switch(lRet) {
+
+
+ case KErrNotFound: {
+ switch(lPID) {
+ case RTerminalControl3rdPartySession :: EPasscodeMinLength:
+ lValue = KSCPPasscodeMinLength;
+ break;
+ case RTerminalControl3rdPartySession :: EPasscodeMaxLength:
+ lValue = KSCPPasscodeMaxLength;
+ break;
+ default:
+ lValue = 0;
+ break;
+ }
+ }
+ break;
+ case KErrNone: {
+// TLex lLex(lParamValBuf);
+// lRet = lLex.Val(lValue);
+// User :: LeaveIfError(lRet);
+ }
+ break;
+ default:
+ User :: Leave(lRet);
+ }
+
+ Dprint((_L("[CSCPServer]-> appending value for lPID=%d"), lPID));
+ Dprint((_L("[CSCPServer]-> lValue=%d"), lValue));
+
+ switch(lPID) {
+ default:
+ lWriteStream.WriteInt32L(lValue);
+ break;
+ case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple:
+ lWriteStream.WriteInt32L(1);
+ lWriteStream.WriteInt32L(1);
+ break;
+ }
+ }
+ }
+ else {
+ Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() failed!!..."));
+ }
+
+ CleanupStack :: PopAndDestroy(1); // lWriteStream
+}
+
+TInt CSCPServer :: ValidateLockcodeAgainstPoliciesL(TDes& aLockcode, CSCPParamObject*& aRetParams) {
+ Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() >>>")));
+
+ TInt ret = KErrNone;
+ CSCPParamObject* inParams = CSCPParamObject :: NewL();
+ inParams->Set(KSCPParamPassword, aLockcode);
+ CSCPParamObject* repParams = iPluginManager->PostEvent(KSCPEventValidate, *inParams);
+ delete inParams;
+
+ if (repParams != NULL) {
+ // Check if the validation failed
+ TInt status;
+
+ if (repParams->Get(KSCPParamStatus, status) == KErrNone) {
+ if (status != KErrNone) {
+ ret = status;
+ }
+ }
+
+ aRetParams = repParams; // pointer ownership changed
+ }
+
+ Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() <<<")));
+ return ret;
+}
+
//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS
// <<<< ********************** NEW FEATURES ********************