diff -r b183ec05bd8c -r 19bba8228ff0 terminalsecurity/SCP/SCPServer/src/SCPServer.cpp --- a/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Tue Aug 31 16:04:06 2010 +0300 +++ b/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Wed Sep 01 12:27:42 2010 +0100 @@ -53,6 +53,20 @@ #include #include #include +/* +#ifdef _DEBUG +#define __SCP_DEBUG +#endif // _DEBUG + +// Define this so the precompiler in CW 3.1 won't complain about token pasting, +// the warnings are not valid +#pragma warn_illtokenpasting off + +#ifdef __SCP_DEBUG +#define Dprint(a) RDebug::Print##a +#else +#define Dprint(a) +#endif // _DEBUG*/ // ==================== LOCAL FUNCTIONS ==================== @@ -115,7 +129,7 @@ // Assign default config flag iConfiguration.iConfigFlag = KSCPConfigUnknown; - iConfiguration.iConfigChecked = EFalse; + // Assign the default codes iConfiguration.iSecCode.Zero(); @@ -155,7 +169,7 @@ //#endif // Assign the default max timeout - iConfiguration.iMaxTimeout = KSCPDefaultMaxTO; + iConfiguration.iMaxTimeout = 0; iConfiguration.iBlockedInOOS = 0; // Read the configuration, overwriting the default values @@ -172,24 +186,8 @@ } - //If Configuration is not validated already, validate it - - if (!iConfiguration.iConfigChecked) - { - TInt valerr = KErrNone; - TRAP( valerr, ValidateConfigurationL( KSCPComplete )); - if (valerr != KErrNone) - { - Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation failed: %d"), valerr )); - } - else - { - Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation Passed"))); - } - } - - - + + Dprint( (_L("CSCPServer::ConstructL(): Connecting to CenRep") )); iALPeriodRep = CRepository::NewL( KCRUidSecuritySettings ); @@ -654,155 +652,91 @@ // void CSCPServer::ValidateConfigurationL( TInt aMode ) { - Dprint( (_L("--> CSCPServer::ValidateConfigurationL()") )); - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()")); - TInt startupReason(ENormalStartup); - RProperty::Get(KPSUidStartup, KPSStartupReason, startupReason); - Dprint( (_L("CSCPServer::ValidateConfigurationL(): startupReason = %d"), startupReason)); - if((startupReason == ENormalRFSReset)||(startupReason == EDeepRFSReset)||(startupReason == EFirmwareUpdate)||(iConfiguration.iConfigFlag == KSCPConfigUnknown)) - { + if (aMode == KSCPInitial) { + // Return here, must be checked by complete mode + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@@aMode == KSCPInitial ")); + User::Leave(KErrAccessDenied); + } - RMobilePhone::TMobilePassword storedCode; + RMobilePhone::TMobilePassword storedCode; storedCode.Zero(); User::LeaveIfError(GetCode(storedCode)); - - - Dprint( (_L("CSCPServer::ValidateConfigurationL(): Checking code: %s"), storedCode.PtrZ() )); - // Check that the ISA code is stored correctly - TRAPD( err, CheckISACodeL( storedCode ) ); - //Bool for the correction of Defaultlockcode cenrep - TBool lCorrectDefaultlockcode = EFalse; - - Dprint( (_L("CSCPServer::ValidateConfigurationL(): iConfigFlag = %d, iConfigChecked = %d"), iConfiguration.iConfigFlag, iConfiguration.iConfigChecked)); - - if ((iConfiguration.iConfigFlag == KSCPConfigOK) - && (iConfiguration.iConfigChecked) && (err == KErrNone)) - { - // The configuration has already been checked, exit - Dprint( (_L("CSCPServer::ValidateConfigurationL(): Configuration is non-default.") )); - User::Leave( KErrNone ); - } - else if ( aMode == KSCPInitial ) - { - // Return here, must be checked by complete mode - User::Leave( KErrAccessDenied ); - } - - - TInt hashedISAcode; - TSCPSecCode hashedCode; -//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS -if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) -{ - /*TInt*/ hashedISAcode = HashISACode( iConfiguration.iEnhSecCode ); - // TSCPSecCode hashedCode; - hashedCode.Zero(); - hashedCode.AppendNum( hashedISAcode ); -} -//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS - - + TBool isDefaultLockcode = ETrue; + TInt err = KErrNone; - - if (err != KErrNone) - { - lCorrectDefaultlockcode = ETrue; + RMobilePhone::TMobilePassword defaultLockcode; + defaultLockcode.Zero(); + defaultLockcode.Copy(KSCPDefaultSecCode); + if (storedCode.Compare(KSCPDefaultSecCode) == 0) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@config has KSCPDefaultSecCode ")); + TRAP( err, CheckISACodeL( defaultLockcode ) ); + if (err == KErrNone) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA also has KSCPDefaultSecCode ")); + iConfiguration.iConfigFlag = KSCPConfigOK; + isDefaultLockcode = ETrue; } - if ( err == KErrNone ) - { - iConfiguration.iConfigFlag = KSCPConfigOK; - } - else if ( err == KErrAccessDenied ) - { - iConfiguration.iConfigFlag = KSCPConfigInvalid; - } - else if ( err == KErrLocked ) - { - Dprint( (_L("CSCPServer::ValidateConfigurationL(): ISA code locked.") )); + else { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA doesn't has KSCPDefaultSecCode ")); + iConfiguration.iConfigFlag = KSCPConfigInvalid; + iConfiguration.iFailedAttempts++; + isDefaultLockcode = EFalse; } - else - { - Dprint( (_L("CSCPServer::ValidateConfigurationL(): ERROR in validation.") )); + } + else { + RDebug::Print(_L("CSCPServer::CheckISACodeL(): config lock code %s"), storedCode.PtrZ()); + TRAP( err, CheckISACodeL( storedCode ) ); + if (err == KErrNone) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA and config are in SYNC !! ")); + iConfiguration.iConfigFlag = KSCPConfigOK; + isDefaultLockcode = EFalse; } - -//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS -if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) -{ - if ( err == KErrNone ) - { - // Check that the codes are in-sync with each other. Especially the default ISA code must - // be changed according to the default enhanced code. - if ( storedCode.Compare( hashedCode ) != 0 ) + else { + iConfiguration.iSecCode.Zero(); + iConfiguration.iSecCode.Append(KSCPDefaultSecCode); + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@May be ISA has KSCPDefaultSecCode ")); + TRAP(err,ChangeISACodeL(storedCode)); + if (err == KErrNone) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()chnaged ISA code with config value ")); + iConfiguration.iConfigFlag = KSCPConfigOK; + isDefaultLockcode = EFalse; + } + else { - Dprint( (_L("CSCPServer::ValidateConfigurationL(): Correct ISA code stored.\ - Changing ISA code to match enhanced code => %d"), hashedISAcode )); - - storedCode.Copy( hashedCode ); - // Change the ISA code to match the hashed code - ChangeISACodeL( storedCode ); + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()it shouldn't reach this :( ")); } } - else if ( ( err == KErrAccessDenied ) && ( storedCode.Compare( hashedCode ) != 0 ) ) - { - // Try again with the hashed code - TRAP( err, CheckISACodeL( hashedCode ) ); - - if ( err == KErrNone ) - { - Dprint( (_L("CSCPServer::ValidateConfigurationL(): Hashed code is correct.\ - Storing hashed code(%d)"), hashedISAcode )); - - if ( StoreCode( hashedCode ) == KErrNone ) - { - iConfiguration.iConfigFlag = KSCPConfigOK; - lCorrectDefaultlockcode = ETrue; - } - } - } + } + + CRepository* repository = CRepository::NewL(KCRUidSCPLockCode); + CleanupStack::PushL(repository); + if (isDefaultLockcode ) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 12345 ")); + repository->Set(KSCPLockCodeDefaultLockCode, 12345); + } + else { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 0 ")); + repository->Set(KSCPLockCodeDefaultLockCode, 0); + } + CleanupStack::PopAndDestroy(repository); - //If Correction of Defaultlockcode cenrep is required for the mismatch between Config and ISA - if (lCorrectDefaultlockcode) - { - TInt lDefCode = -1; - CRepository* lRepository = CRepository::NewL(KCRUidSCPLockCode); - CleanupStack::PushL(lRepository); - TInt lRet = lRepository->Get(KSCPLockCodeDefaultLockCode, - lDefCode); - if (lRet == KErrNone && lDefCode != -1) - { - if (lDefCode == 12345) - { - //Although lock code is already set, due to some unexpected condition - //like C drive wipe, cenrep status is wrongly shown. Correcting it here. - lRepository->Set(KSCPLockCodeDefaultLockCode, 0); - Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 0") )); - } - else if (lDefCode == 0) - { - //If only ISA side is formatted, then the lock code on ISA side is default; - //Cenrep status remains wrongly as the lock code is already set. Correcting it here. - lRepository->Set(KSCPLockCodeDefaultLockCode, 12345); - Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 12345") )); - } - } - CleanupStack::PopAndDestroy(lRepository); - } - } -//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS - //Set the flag to True, after config is validated - iConfiguration.iConfigChecked = ETrue; - - TRAPD( err2, iConfiguration.WriteSetupL() ); - if ( err2 != KErrNone ) - { + TRAP( err, iConfiguration.WriteSetupL() ); + if (err != KErrNone) { Dprint( (_L("CSCPServer::ValidateConfigurationL(): WARNING: failed to write configuration\ - : %d"), err2 )); - } - - User::LeaveIfError( err ); - } - Dprint( (_L("<-- CSCPServer::ValidateConfigurationL()") )); + : %d"), err )); + } + + if (iConfiguration.iConfigFlag == KSCPConfigOK) { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KSCPConfigOK ")); + err = KErrNone; } + else { + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KErrAccessDenied ")); + err = KErrAccessDenied; + } + + User::LeaveIfError(err); +} + @@ -823,7 +757,10 @@ (void)aCode; #endif // __WINS__ - + + +Dprint( (_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ() )); +RDebug::Print(_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ()); RMobilePhone::TMobilePhoneSecurityCode secCodeType; secCodeType = RMobilePhone::ESecurityCodePhonePassword; @@ -859,6 +796,7 @@ { iConfiguration.iBlockedInOOS = 0; Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 0, KErrAccessDenied") )); + RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@iBlockedInOOS = 0, KErrAccessDenie")); } ret = KErrAccessDenied; } @@ -867,17 +805,20 @@ Dprint( (_L("CSCPServer::CheckISACodeL(): ISA code BLOCKED") )); if (ret==KErrGsmSSPasswordAttemptsViolation) { - Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") )); + Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") )); + RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrGsmSSPasswordAttemptsViolation")); } else { Dprint( (_L("CSCPServer::CheckISACodeL(): KErrLocked") )); + RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrLocked")); } ret = KErrLocked; if (iConfiguration.iBlockedInOOS == 0) { iConfiguration.iBlockedInOOS = 1; Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 1, KSCPErrCodeBlockStarted") )); + RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@@@@")); ret = KSCPErrCodeBlockStarted; } } @@ -885,6 +826,7 @@ { Dprint( (_L("CSCPServer::CheckISACodeL(): ERROR reply checking ISA code: %d"), status.Int() )); + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()")); } } TRAPD( err, iConfiguration.WriteSetupL() ); @@ -1002,6 +944,7 @@ TRAP(err, repository = CRepository :: NewL(KCRUidSCPLockCode)); if(err == KErrNone) { + RDebug::Print(_L("<-- CSCPServer::StoreEnhCode() setting KSCPLockCodeDefaultLockCode to 0")); err = repository->Set(KSCPLockCodeDefaultLockCode, 0); delete repository; } @@ -1337,84 +1280,74 @@ TInt lRetStatus(KErrNone); Dprint(_L("[CSCPServer]-> Initiating branching on parameter...")); - switch ( aID ) - { - case ( ESCPAutolockPeriod ): - // Flow through - case ( ESCPMaxAutolockPeriod ): - { + switch(aID) { + case ESCPAutolockPeriod: + case ESCPMaxAutolockPeriod: { // Convert the value, and set it TInt value; TLex lex(aValue); lRetStatus = lex.Val(value); - if((lRetStatus != KErrNone ) || ( value < 0) || ( value > KSCPAutolockPeriodMaximum )) { lRetStatus = KErrArgument; break; - } + } //Check if the device memory is encrypted or not. TBool encryptionEnabled = IsDeviceMemoryEncrypted(); + CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC(); // Value OK - if(aID == ESCPMaxAutolockPeriod) - { - if ( encryptionEnabled ) - { - Dprint(_L("Memory is encrypted")); - if (( 0 == value) || value > KMaxAutolockPeriod) - { - Dprint((_L("Denying setting of max auto lock as value is %d"), value)); - User::Leave( KErrPermissionDenied ); - } - - } - else - { + if(aID == ESCPMaxAutolockPeriod) { + if( encryptionEnabled ) { + Dprint(_L("[CSCPServer]-> Memory is encrypted")); + + if(( 0 == value) || value > KMaxAutolockPeriod) { + Dprint((_L("[CSCPServer]-> Denying setting of max auto lock as value is %d"), value)); + User :: Leave( KErrPermissionDenied ); + } + } + else { Dprint(_L("Memory is decrypted, hence no restrictions to max autolock")); - } + } - Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod...")); - CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC(); + Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod...")); lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: EMaxTimeout, aValue, aCallerIdentity, lParamDB); - if(lRetStatus == KErrNone) - { + if(lRetStatus == KErrNone) { // Do we have to change the Autolock period as well? TInt currentALperiod; lRetStatus = GetAutolockPeriodL(currentALperiod); - if(lRetStatus == KErrNone) - { - if((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < currentALperiod) || (currentALperiod == 0))) - { + if(lRetStatus == KErrNone) { + if( (iConfiguration.iMaxTimeout > 0) && + ((iConfiguration.iMaxTimeout < currentALperiod) || + (currentALperiod == 0))) { + Dprint((_L("[CSCPServer]-> Changing AL period to Max. AL period (Current ALP: %d, Max. ALP: %d)"), currentALperiod, value)); - lRetStatus = SetAutolockPeriodL(value); + //lRetStatus = SetAutolockPeriodL(value); + /* + * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in + * both the internal DB and the CenRep + */ + lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB); } } - else - { + else { Dprint((_L("[CSCPServer]-> ERROR: Couldn't get the Autolock period: %d"), lRetStatus)); } } + } + // Autolock Period + else { + //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state. + /* if ( 0 == value ) { + if(encryptionEnabled) { + Dprint(_L("Permission denied!")); + User :: Leave(KErrPermissionDenied); + } + }*/ - CleanupStack :: PopAndDestroy(); //lParamDB - } - - else - { // Autolock Period - - //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state. - /* if ( 0 == value ) - { - if ( encryptionEnabled ) - { - Dprint(_L("Permission denied!")); - User::Leave( KErrPermissionDenied ); - } - }*/ - Dprint(_L("[CSCPServer]-> Branched to ESCPAutolockPeriod...")); // Check if this value is not allowed by the Max. Autolock period if ((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < value) || (value == 0))) { @@ -1423,13 +1356,20 @@ lRetStatus = KErrArgument; } else { - lRetStatus = SetAutolockPeriodL(value); + //lRetStatus = SetAutolockPeriodL(value); + /* + * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in + * both the internal DB and the CenRep + */ + lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB); if(lRetStatus != KErrNone) { Dprint((_L("[CSCPServer]-> ERROR: Couldn't set the Autolock period: %d"), lRetStatus)); } } } + + CleanupStack :: PopAndDestroy(); //lParamDB } break; case ESCPCodeChangePolicy: @@ -1757,7 +1697,6 @@ if ( getFromCommonStorage ) { - Dprint(_L("[CSCPServer]-> Fetching from Common storage...")); // OK, no objection, so try to get the value from common storage ret = iPluginEventHandler->GetParameters().Get( aID, aValue ); } @@ -2070,13 +2009,13 @@ // TInt CSCPServer::IsCorrectEnhCode( TDes& aCode, TInt aFlags ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode") )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): ") )); if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; } TInt ret = KErrAccessDenied; - + // Hash the code TBuf hashBuf; hashBuf.Zero(); @@ -2091,14 +2030,17 @@ TBool enhancedCodeMatches = EFalse; if ( hashBuf.Compare( iConfiguration.iEnhSecCode ) == 0 ) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): enh code matches.") )); enhancedCodeMatches = ETrue; } // Check if the code is blocked (don't check if we're out-of-sync) if ( ( iConfiguration.iConfigFlag == KSCPConfigOK ) && ( IsCodeBlocked() ) ) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 1") )); if ( aFlags & KSCPEtelRequest ) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 2") )); // Check if the code is correct if ( enhancedCodeMatches ) { @@ -2112,6 +2054,7 @@ else { // OK, the code is already invalid + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 3") )); SendInvalidDOSCode( pswCandidate ); } } @@ -2124,6 +2067,7 @@ { // Normal situation: we have the correct code stored. // Compare the hashes (hashing error will result in EFalse ) + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 4") )); if ( enhancedCodeMatches ) { ret = KErrNone; @@ -2131,6 +2075,7 @@ if ( aFlags & KSCPEtelRequest ) { // Send the correct code to DOS side + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 5") )); TRAP( ret, CheckISACodeL( pswCandidate ) ); } @@ -2139,7 +2084,7 @@ if ( iConfiguration.iFailedAttempts > 0 ) { iConfiguration.iFailedAttempts = 0; - Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode():: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); writeSetup = ETrue; } } @@ -2154,11 +2099,12 @@ ret = KErrAccessDenied; iConfiguration.iFailedAttempts++; - Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); writeSetup = ETrue; if ( iConfiguration.iFailedAttempts == KSCPCodeBlockLimit ) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") )); // Block the code TTime curTime; curTime.UniversalTime(); @@ -2179,63 +2125,60 @@ else { // iConfiguration.iConfigFlag == KSCPConfigInvalid or KSCPConfigUnknown - + // We might be out-of-sync, no idea about the real code. // Check if the DOS code hashed from the given code is correct. Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Attempting to correct OoS situation.") )); - + if (IsCodeBlocked()) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): OOS ->KErrLocked ") )); + return KErrLocked; + } TRAP( ret, CheckISACodeL( pswCandidate ) ); - if ( ret == KErrNone ) - { + if (ret == KErrNone) { // OK, we must assume that this is the correct code, since // the hashed DOS code is correct. Save the codes, and return OK. Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code has the correct hash (%d)\ , saving codes."), ISACode )); - + iConfiguration.iEnhSecCode.Zero(); - iConfiguration.iEnhSecCode.Copy( hashBuf ); + iConfiguration.iEnhSecCode.Copy(hashBuf); iConfiguration.iSecCode.Zero(); - iConfiguration.iSecCode.AppendNum( ISACode ); - + iConfiguration.iSecCode.AppendNum(ISACode); + // Unset the invalid configuration flag iConfiguration.iConfigFlag = KSCPConfigOK; writeSetup = ETrue; - } - else - { - - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code does not have the \ - correct hash: ret; %d user enter password: %d"), ret )); - TRAP( ret, CheckISACodeL( aCode ) ); - if (ret == KErrNone) - { - //store this code in our interal storage as it is used as oldpassword while changing at ISA side in next command - //ChangeISACodeL. - iConfiguration.iSecCode.Zero(); - iConfiguration.iSecCode.Append( aCode ); - TRAP(ret,ChangeISACodeL(pswCandidate)); - } - if (ret == KErrNone) - { - iConfiguration.iEnhSecCode.Zero(); - iConfiguration.iEnhSecCode.Copy( hashBuf ); + } + else { + ret = KErrAccessDenied; + + iConfiguration.iFailedAttempts++; + Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); + writeSetup = ETrue; - iConfiguration.iSecCode.Zero(); - iConfiguration.iSecCode.AppendNum( ISACode ); - - // Unset the invalid configuration flag - iConfiguration.iConfigFlag = KSCPConfigOK; - writeSetup = ETrue; - } + if (iConfiguration.iFailedAttempts == KSCPCodeBlockLimit) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") )); + // Block the code + TTime curTime; + curTime.UniversalTime(); + + iConfiguration.iBlockedAtTime.Zero(); + iConfiguration.iBlockedAtTime.AppendNum(curTime.Int64()); + + // The code will be blocked for now on + ret = KSCPErrCodeBlockStarted; } } + + } // Write setup if needed if ( writeSetup ) { + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 7 ") )); TRAPD( err, iConfiguration.WriteSetupL() ); if ( err != KErrNone ) { @@ -2243,7 +2186,7 @@ failed to write configuration: %d"), err )); } } - Dprint( (_L("CSCPServer::IsCorrectEnhCode %d"), ret )); + return ret; } @@ -2364,7 +2307,7 @@ CSCPParamObject*& aRetParams, TSCPSecCode& aNewDOSCode ) { - Dprint(_L("CSCPServer::CheckAndChangeEnhCodeL >>")); + if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; @@ -2383,47 +2326,66 @@ CSCPParamObject* repParams = iPluginManager->PostEvent( KSCPEventAuthenticationAttempted, *inParams ); - if ( repParams != NULL ) { - // Ignore the return params at this point - delete repParams; - } - - CleanupStack::PopAndDestroy(inParams); - - ret = ValidateLockcodeAgainstPoliciesL(aNewPass, aRetParams); - - if(ret != KErrNone) { - Dprint(_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() failed in CheckAndChangeEnhCodeL() ret=%d"), ret); - return ret; - } - - - if ( IsValidEnhCode( aNewPass ) ) - { - ret = StoreEnhCode( aNewPass, &aNewDOSCode ); - } - else - { - // Invalid code format! Should not happen at this point, but make sure. - ret = KErrArgument; - } - - if ( ret == KErrNone ) - { - CSCPParamObject* inParams = CSCPParamObject::NewL(); - CleanupStack::PushL( inParams ); - inParams->Set( KSCPParamPassword, aNewPass ); - - CSCPParamObject* repParams = - iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams ); - - CleanupStack::PopAndDestroy( inParams ); - - if ( repParams != NULL ) + if ( repParams != NULL ) { // Ignore the return params at this point delete repParams; + } + + inParams->Reset(); + + // Validate the code + inParams->Set( KSCPParamPassword, aNewPass ); + + repParams = iPluginManager->PostEvent( KSCPEventValidate, *inParams ); + + CleanupStack::PopAndDestroy( inParams ); + + if ( repParams != NULL ) + { + // Check if the validation failed + TInt status; + if ( repParams->Get( KSCPParamStatus, status ) == KErrNone ) + { + if ( status != KErrNone ) + { + ret = status; + } } + + aRetParams = repParams; // pointer ownership changed + } + + // Set the new code, if it was OK + if ( ret == KErrNone ) + { + if ( IsValidEnhCode( aNewPass ) ) + { + ret = StoreEnhCode( aNewPass, &aNewDOSCode ); + } + else + { + // Invalid code format! Should not happen at this point, but make sure. + ret = KErrArgument; + } + + if ( ret == KErrNone ) + { + CSCPParamObject* inParams = CSCPParamObject::NewL(); + CleanupStack::PushL( inParams ); + inParams->Set( KSCPParamPassword, aNewPass ); + + CSCPParamObject* repParams = + iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams ); + + CleanupStack::PopAndDestroy( inParams ); + + if ( repParams != NULL ) + { + // Ignore the return params at this point + delete repParams; + } + } } } else @@ -2453,7 +2415,7 @@ } } } - Dprint(_L("[CSCPServer]-> CheckAndChangeEnhCodeL ret=%d"), ret); + return ret; } @@ -2487,7 +2449,7 @@ TInt CSCPServer::IsPasswordChangeAllowedL( CSCPParamObject*& aRetParams ) { - Dprint(_L("CSCPServer::IsPasswordChangeAllowedL >>")); + if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; @@ -2533,9 +2495,7 @@ TBool CSCPServer::IsDeviceMemoryEncrypted() { Dprint(_L("CSCPServer::IsDeviceMemoryEncrypted >>")); - TBool ret(EFalse); - //First check if the feature is supported on device TRAPD(ferr, FeatureManager::InitializeLibL()); if (ferr != KErrNone) @@ -2547,6 +2507,9 @@ FeatureManager::UnInitializeLib(); //If feature is supported, check if any drive is encrypted. + + + if (ret) { RLibrary library; @@ -2628,12 +2591,16 @@ */ TInt CSCPServer :: SetBestPolicyL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity, CSCPParamDBController* aParamDB ) { Dprint( (_L("[CSCPServer]-> SetBestPolicyL() >>>"))); + Dprint( (_L("[CSCPServer]-> ParamID=%d "), aID, aValue)); + Dprint( (_L("[CSCPServer]-> ParamValue=%d "), aValue)); + TBool lFirstTime(EFalse); TInt32 lNumValue (-1); TInt32 lNumValDB (-1); - TInt32 lRetStatus = KErrNone; + TInt lRetStatus = KErrNone; switch(aID) { + case RTerminalControl3rdPartySession :: ETimeout: case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMinLength: case RTerminalControl3rdPartySession :: EPasscodeMaxLength: @@ -2675,6 +2642,9 @@ else { // Fetch the previous value of the parameter from the private database switch(aID) { + case RTerminalControl3rdPartySession :: ETimeout: + // No need to fetch previous value for ETimeout since Stronger/Weaker check is not required for it. + break; case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMinLength: case RTerminalControl3rdPartySession :: EPasscodeMaxLength: @@ -2743,6 +2713,12 @@ // Decision code that verifies if policy is strongest switch(aID) { + case RTerminalControl3rdPartySession :: ETimeout: + /* + * No need to check stronger/weaker for ETimeout. The value just has to be maintained in both + * DB and the CenRep + */ + break; case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMaxRepeatedCharacters: case RTerminalControl3rdPartySession :: EPasscodeExpiration: @@ -2796,11 +2772,17 @@ */ if (lRetStatus == KErrNone) { switch (aID) { + case RTerminalControl3rdPartySession :: ETimeout: + lRetStatus = SetAutolockPeriodL(TInt(lNumValue)); + Dprint(_L("[CSCPServer]-> After setting ETimeout lRetStatus = %d "), lRetStatus); + break; + case RTerminalControl3rdPartySession :: EMaxTimeout: iConfiguration.iMaxTimeout = lNumValue; lRetStatus = iConfiguration.WriteSetupL(); Dprint(_L("[CSCPServer]-> After setting EMaxTimeout lRetStatus = %d "), lRetStatus); break; + default: TUint16* ptr = const_cast(aValue.Ptr()); TPtr valBuf(ptr, aValue.Length(), aValue.Length()); @@ -2895,14 +2877,31 @@ Dprint(_L("[CSCPServer]-> Old Index of EPasscodeHistoryBuffer=%d"), lHistBuffIndex); Dprint(_L("[CSCPServer]-> Old Index of EPasscodeMinChangeTolerance=%d"), lMinTolIndex); } + + /* + * If both ETimeout and EMaxTimeout are marked for cleanup then interchange the cleanup order of + * ETimeout and EMaxTimeout since AutoLock (ETimeout) cannot be disabled + * if MaxAutolock (EMaxTimeout) is still enabled + */ + if( lParamIds[0] == RTerminalControl3rdPartySession :: ETimeout && + lParamIds[1] == RTerminalControl3rdPartySession :: EMaxTimeout) { + + lParamIds[0] = RTerminalControl3rdPartySession :: EMaxTimeout; + lParamIds[1] = RTerminalControl3rdPartySession :: ETimeout; + } } for(TInt j=0; j < lCount; j++) { TInt lCurrParamID = lParamIds[j]; lDefValueBuf->Des().Zero(); lDefValueBuf->Des().Format(_L("%d "), 0); + // Initialize the default values here... switch(lCurrParamID) { + case RTerminalControl3rdPartySession :: ETimeout: + // lDefValueBuf already has the default value, 0 initialized... + lCurrParamID = ESCPAutolockPeriod; + break; case RTerminalControl3rdPartySession :: EMaxTimeout: // lDefValueBuf already has the default value, 0 initialized... lCurrParamID = ESCPMaxAutolockPeriod; @@ -2931,6 +2930,7 @@ for(TInt k=0; k < lDesCount; k++) { TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDesArr[k]->Des(), lAppID)); + if(KErrNone != lStatus) { Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus); lSubOpsFailed = ETrue; @@ -2944,6 +2944,40 @@ CleanupStack :: PopAndDestroy(1); // lDesArray } break; + + case ESCPAutolockPeriod: { + TInt32 lParamValueDB(0); + TInt lParamValueCenRep(0); + TInt32 lCurrParamOwner(0); + + lStatus = lParamDB->GetValueL(RTerminalControl3rdPartySession :: ETimeout, lParamValueDB, lCurrParamOwner); + + if(lStatus != KErrNone) { + Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from DB...")); + lSubOpsFailed = ETrue; + break; + } + + lStatus = GetAutolockPeriodL(lParamValueCenRep); + + if(lStatus != KErrNone) { + Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from CenRep...")); + lSubOpsFailed = ETrue; + break; + } + + /* + * It is possible that AutoLock set from UI is different. In that case internal DB and CenRep + * are not in sync. Compare the two values and if they are same assume that the values are in sync. + * Limitation is that if the user sets the AutoLock with the same value as set by the current app then + * AutoLock will get disabled. + * + */ + if(lParamValueCenRep != lParamValueDB) { + break; + } + } + default: { iOverrideForCleanup = ETrue; TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDefValueBuf->Des(), lAppID)); @@ -2960,7 +2994,8 @@ aParamValArray.AppendL(lTmpBuffer); } } - } + break; + }; if(KErrNone != lStatus) { Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus); @@ -2974,131 +3009,6 @@ return (lSubOpsFailed) ? KErrGeneral : KErrNone; } -void CSCPServer :: GetPoliciesL(HBufC8* aAppIDBuffer, TUint32 aCallerIdentity) { - TInt lValue; - TInt lRet = KErrNone; - TBuf<25> lParamValBuf; - TPtr8 lBufPtr = aAppIDBuffer->Des(); - RDesWriteStream lWriteStream(lBufPtr); - CleanupClosePushL(lWriteStream); - - lRet = GetAutolockPeriodL(lValue); - - if(lRet != KErrNone) { - User :: Leave(lRet); - } - - Dprint((_L("[CSCPServer]-> appending AutoLockPeriod value=%d"), lValue)); - lWriteStream.WriteInt32L(lValue); - - Dprint((_L("[CSCPServer]-> appending MaxAutoLockPeriod value=%d"), iConfiguration.iMaxTimeout)); - lWriteStream.WriteInt32L(iConfiguration.iMaxTimeout); - - if(FeatureManager :: FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { - Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() complete. Fetching values now...")); - /* Fetch parameters starting from RTerminalControl3rdPartySession :: EPasscodeMinLength to - * RTerminalControl3rdPartySession :: EPasscodeMinChangeInterval - */ - TInt lPID = RTerminalControl3rdPartySession :: EPasscodeMinLength; - - for(; lPID <= RTerminalControl3rdPartySession :: EPasscodeDisallowSimple; lPID++) { - switch(lPID) { - default: - break; - case RTerminalControl3rdPartySession :: EPasscodeCheckSpecificStrings: - case RTerminalControl3rdPartySession :: EPasscodeAllowSpecific: - case RTerminalControl3rdPartySession :: EPasscodeClearSpecificStrings: - // No need to fetch these three parameters - continue; - case RTerminalControl3rdPartySession :: EPasscodeDisallowSpecific: - Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSpecific value...")); - // Get on EPasscodeDisallowSpecific returning -1 instead - lWriteStream.WriteInt32L(-1); - continue; - case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple: - Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSimple value...")); - lWriteStream.WriteInt32L(1); - lWriteStream.WriteInt32L(1); - continue; - } - - //lRet = GetParameterValueL(lPID, lParamValBuf, aCallerIdentity); - lRet = iPluginEventHandler->GetParameters().Get(lPID, lValue); - - switch(lRet) { - - - case KErrNotFound: { - switch(lPID) { - case RTerminalControl3rdPartySession :: EPasscodeMinLength: - lValue = KSCPPasscodeMinLength; - break; - case RTerminalControl3rdPartySession :: EPasscodeMaxLength: - lValue = KSCPPasscodeMaxLength; - break; - default: - lValue = 0; - break; - } - } - break; - case KErrNone: { -// TLex lLex(lParamValBuf); -// lRet = lLex.Val(lValue); -// User :: LeaveIfError(lRet); - } - break; - default: - User :: Leave(lRet); - } - - Dprint((_L("[CSCPServer]-> appending value for lPID=%d"), lPID)); - Dprint((_L("[CSCPServer]-> lValue=%d"), lValue)); - - switch(lPID) { - default: - lWriteStream.WriteInt32L(lValue); - break; - case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple: - lWriteStream.WriteInt32L(1); - lWriteStream.WriteInt32L(1); - break; - } - } - } - else { - Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() failed!!...")); - } - - CleanupStack :: PopAndDestroy(1); // lWriteStream -} - -TInt CSCPServer :: ValidateLockcodeAgainstPoliciesL(TDes& aLockcode, CSCPParamObject*& aRetParams) { - Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() >>>"))); - - TInt ret = KErrNone; - CSCPParamObject* inParams = CSCPParamObject :: NewL(); - inParams->Set(KSCPParamPassword, aLockcode); - CSCPParamObject* repParams = iPluginManager->PostEvent(KSCPEventValidate, *inParams); - delete inParams; - - if (repParams != NULL) { - // Check if the validation failed - TInt status; - - if (repParams->Get(KSCPParamStatus, status) == KErrNone) { - if (status != KErrNone) { - ret = status; - } - } - - aRetParams = repParams; // pointer ownership changed - } - - Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() <<<"))); - return ret; -} - //#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS // <<<< ********************** NEW FEATURES ********************