diff -r 13d7c31c74e0 -r b183ec05bd8c terminalsecurity/SCP/SCPServer/src/SCPServer.cpp --- a/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Thu Aug 19 10:44:50 2010 +0300 +++ b/terminalsecurity/SCP/SCPServer/src/SCPServer.cpp Tue Aug 31 16:04:06 2010 +0300 @@ -53,20 +53,6 @@ #include #include #include -/* -#ifdef _DEBUG -#define __SCP_DEBUG -#endif // _DEBUG - -// Define this so the precompiler in CW 3.1 won't complain about token pasting, -// the warnings are not valid -#pragma warn_illtokenpasting off - -#ifdef __SCP_DEBUG -#define Dprint(a) RDebug::Print##a -#else -#define Dprint(a) -#endif // _DEBUG*/ // ==================== LOCAL FUNCTIONS ==================== @@ -129,7 +115,7 @@ // Assign default config flag iConfiguration.iConfigFlag = KSCPConfigUnknown; - + iConfiguration.iConfigChecked = EFalse; // Assign the default codes iConfiguration.iSecCode.Zero(); @@ -169,7 +155,7 @@ //#endif // Assign the default max timeout - iConfiguration.iMaxTimeout = 0; + iConfiguration.iMaxTimeout = KSCPDefaultMaxTO; iConfiguration.iBlockedInOOS = 0; // Read the configuration, overwriting the default values @@ -186,8 +172,24 @@ } - - + //If Configuration is not validated already, validate it + + if (!iConfiguration.iConfigChecked) + { + TInt valerr = KErrNone; + TRAP( valerr, ValidateConfigurationL( KSCPComplete )); + if (valerr != KErrNone) + { + Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation failed: %d"), valerr )); + } + else + { + Dprint( (_L("CSCPServer::ConstructL(): Configuration Validation Passed"))); + } + } + + + Dprint( (_L("CSCPServer::ConstructL(): Connecting to CenRep") )); iALPeriodRep = CRepository::NewL( KCRUidSecuritySettings ); @@ -652,92 +654,156 @@ // void CSCPServer::ValidateConfigurationL( TInt aMode ) { - if (aMode == KSCPInitial) { - // Return here, must be checked by complete mode - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@@aMode == KSCPInitial ")); - User::Leave(KErrAccessDenied); - } + Dprint( (_L("--> CSCPServer::ValidateConfigurationL()") )); + RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()")); + TInt startupReason(ENormalStartup); + RProperty::Get(KPSUidStartup, KPSStartupReason, startupReason); + Dprint( (_L("CSCPServer::ValidateConfigurationL(): startupReason = %d"), startupReason)); + if((startupReason == ENormalRFSReset)||(startupReason == EDeepRFSReset)||(startupReason == EFirmwareUpdate)||(iConfiguration.iConfigFlag == KSCPConfigUnknown)) + { - RMobilePhone::TMobilePassword storedCode; + RMobilePhone::TMobilePassword storedCode; storedCode.Zero(); User::LeaveIfError(GetCode(storedCode)); - TBool isDefaultLockcode = ETrue; - TInt err = KErrNone; + + + Dprint( (_L("CSCPServer::ValidateConfigurationL(): Checking code: %s"), storedCode.PtrZ() )); + // Check that the ISA code is stored correctly + TRAPD( err, CheckISACodeL( storedCode ) ); + //Bool for the correction of Defaultlockcode cenrep + TBool lCorrectDefaultlockcode = EFalse; - RMobilePhone::TMobilePassword defaultLockcode; - defaultLockcode.Zero(); - defaultLockcode.Copy(KSCPDefaultSecCode); - if (storedCode.Compare(KSCPDefaultSecCode) == 0) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@config has KSCPDefaultSecCode ")); - TRAP( err, CheckISACodeL( defaultLockcode ) ); - if (err == KErrNone) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA also has KSCPDefaultSecCode ")); - iConfiguration.iConfigFlag = KSCPConfigOK; - isDefaultLockcode = ETrue; + Dprint( (_L("CSCPServer::ValidateConfigurationL(): iConfigFlag = %d, iConfigChecked = %d"), iConfiguration.iConfigFlag, iConfiguration.iConfigChecked)); + + if ((iConfiguration.iConfigFlag == KSCPConfigOK) + && (iConfiguration.iConfigChecked) && (err == KErrNone)) + { + // The configuration has already been checked, exit + Dprint( (_L("CSCPServer::ValidateConfigurationL(): Configuration is non-default.") )); + User::Leave( KErrNone ); } - else { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA doesn't has KSCPDefaultSecCode ")); - iConfiguration.iConfigFlag = KSCPConfigInvalid; - iConfiguration.iFailedAttempts++; - isDefaultLockcode = EFalse; + else if ( aMode == KSCPInitial ) + { + // Return here, must be checked by complete mode + User::Leave( KErrAccessDenied ); } - } - else { - RDebug::Print(_L("CSCPServer::CheckISACodeL(): config lock code %s"), storedCode.PtrZ()); - TRAP( err, CheckISACodeL( storedCode ) ); - if (err == KErrNone) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@ISA and config are in SYNC !! ")); - iConfiguration.iConfigFlag = KSCPConfigOK; - isDefaultLockcode = EFalse; + + + TInt hashedISAcode; + TSCPSecCode hashedCode; +//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS +if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) +{ + /*TInt*/ hashedISAcode = HashISACode( iConfiguration.iEnhSecCode ); + // TSCPSecCode hashedCode; + hashedCode.Zero(); + hashedCode.AppendNum( hashedISAcode ); +} +//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + + + + + if (err != KErrNone) + { + lCorrectDefaultlockcode = ETrue; + } + if ( err == KErrNone ) + { + iConfiguration.iConfigFlag = KSCPConfigOK; } - else { - iConfiguration.iSecCode.Zero(); - iConfiguration.iSecCode.Append(KSCPDefaultSecCode); - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@May be ISA has KSCPDefaultSecCode ")); - TRAP(err,ChangeISACodeL(storedCode)); - if (err == KErrNone) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()chnaged ISA code with config value ")); - iConfiguration.iConfigFlag = KSCPConfigOK; - isDefaultLockcode = EFalse; - } - else + else if ( err == KErrAccessDenied ) + { + iConfiguration.iConfigFlag = KSCPConfigInvalid; + } + else if ( err == KErrLocked ) + { + Dprint( (_L("CSCPServer::ValidateConfigurationL(): ISA code locked.") )); + } + else + { + Dprint( (_L("CSCPServer::ValidateConfigurationL(): ERROR in validation.") )); + } + +//#ifdef __SAP_DEVICE_LOCK_ENHANCEMENTS +if(FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) +{ + if ( err == KErrNone ) + { + // Check that the codes are in-sync with each other. Especially the default ISA code must + // be changed according to the default enhanced code. + if ( storedCode.Compare( hashedCode ) != 0 ) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()it shouldn't reach this :( ")); + Dprint( (_L("CSCPServer::ValidateConfigurationL(): Correct ISA code stored.\ + Changing ISA code to match enhanced code => %d"), hashedISAcode )); + + storedCode.Copy( hashedCode ); + // Change the ISA code to match the hashed code + ChangeISACodeL( storedCode ); } } - } - - CRepository* repository = CRepository::NewL(KCRUidSCPLockCode); - CleanupStack::PushL(repository); - if (isDefaultLockcode ) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 12345 ")); - repository->Set(KSCPLockCodeDefaultLockCode, 12345); - } - else { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()setting def. lockcode to 0 ")); - repository->Set(KSCPLockCodeDefaultLockCode, 0); - } - CleanupStack::PopAndDestroy(repository); + else if ( ( err == KErrAccessDenied ) && ( storedCode.Compare( hashedCode ) != 0 ) ) + { + // Try again with the hashed code + TRAP( err, CheckISACodeL( hashedCode ) ); + + if ( err == KErrNone ) + { + Dprint( (_L("CSCPServer::ValidateConfigurationL(): Hashed code is correct.\ + Storing hashed code(%d)"), hashedISAcode )); + + if ( StoreCode( hashedCode ) == KErrNone ) + { + iConfiguration.iConfigFlag = KSCPConfigOK; + lCorrectDefaultlockcode = ETrue; + } + } + } - TRAP( err, iConfiguration.WriteSetupL() ); - if (err != KErrNone) { + //If Correction of Defaultlockcode cenrep is required for the mismatch between Config and ISA + if (lCorrectDefaultlockcode) + { + TInt lDefCode = -1; + CRepository* lRepository = CRepository::NewL(KCRUidSCPLockCode); + CleanupStack::PushL(lRepository); + TInt lRet = lRepository->Get(KSCPLockCodeDefaultLockCode, + lDefCode); + if (lRet == KErrNone && lDefCode != -1) + { + if (lDefCode == 12345) + { + //Although lock code is already set, due to some unexpected condition + //like C drive wipe, cenrep status is wrongly shown. Correcting it here. + lRepository->Set(KSCPLockCodeDefaultLockCode, 0); + Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 0") )); + } + else if (lDefCode == 0) + { + //If only ISA side is formatted, then the lock code on ISA side is default; + //Cenrep status remains wrongly as the lock code is already set. Correcting it here. + lRepository->Set(KSCPLockCodeDefaultLockCode, 12345); + Dprint( (_L("RSCPClient::ValidateConfigurationL(): Corrected the Default lock code cenrep status to 12345") )); + } + } + CleanupStack::PopAndDestroy(lRepository); + } + } +//#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS + //Set the flag to True, after config is validated + iConfiguration.iConfigChecked = ETrue; + + TRAPD( err2, iConfiguration.WriteSetupL() ); + if ( err2 != KErrNone ) + { Dprint( (_L("CSCPServer::ValidateConfigurationL(): WARNING: failed to write configuration\ - : %d"), err )); + : %d"), err2 )); + } + + User::LeaveIfError( err ); + } + Dprint( (_L("<-- CSCPServer::ValidateConfigurationL()") )); } - if (iConfiguration.iConfigFlag == KSCPConfigOK) { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KSCPConfigOK ")); - err = KErrNone; - } - else { - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()@iConfigFlag == KErrAccessDenied ")); - err = KErrAccessDenied; - } - - User::LeaveIfError(err); -} - - @@ -757,10 +823,7 @@ (void)aCode; #endif // __WINS__ - - -Dprint( (_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ() )); -RDebug::Print(_L("CSCPServer::CheckISACodeL(): current lock code %s"), aCode.PtrZ()); + RMobilePhone::TMobilePhoneSecurityCode secCodeType; secCodeType = RMobilePhone::ESecurityCodePhonePassword; @@ -796,7 +859,6 @@ { iConfiguration.iBlockedInOOS = 0; Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 0, KErrAccessDenied") )); - RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@iBlockedInOOS = 0, KErrAccessDenie")); } ret = KErrAccessDenied; } @@ -805,20 +867,17 @@ Dprint( (_L("CSCPServer::CheckISACodeL(): ISA code BLOCKED") )); if (ret==KErrGsmSSPasswordAttemptsViolation) { - Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") )); - RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrGsmSSPasswordAttemptsViolation")); + Dprint( (_L("CSCPServer::CheckISACodeL(): KErrGsmSSPasswordAttemptsViolation") )); } else { Dprint( (_L("CSCPServer::CheckISACodeL(): KErrLocked") )); - RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@KErrLocked")); } ret = KErrLocked; if (iConfiguration.iBlockedInOOS == 0) { iConfiguration.iBlockedInOOS = 1; Dprint( (_L("CSCPServer::CheckISACodeL():iBlockedInOOS = 1, KSCPErrCodeBlockStarted") )); - RDebug::Print(_L("--> CSCPServer::CheckISACodeL()@@@@@")); ret = KSCPErrCodeBlockStarted; } } @@ -826,7 +885,6 @@ { Dprint( (_L("CSCPServer::CheckISACodeL(): ERROR reply checking ISA code: %d"), status.Int() )); - RDebug::Print(_L("--> CSCPServer::ValidateConfigurationL()")); } } TRAPD( err, iConfiguration.WriteSetupL() ); @@ -944,7 +1002,6 @@ TRAP(err, repository = CRepository :: NewL(KCRUidSCPLockCode)); if(err == KErrNone) { - RDebug::Print(_L("<-- CSCPServer::StoreEnhCode() setting KSCPLockCodeDefaultLockCode to 0")); err = repository->Set(KSCPLockCodeDefaultLockCode, 0); delete repository; } @@ -1280,74 +1337,84 @@ TInt lRetStatus(KErrNone); Dprint(_L("[CSCPServer]-> Initiating branching on parameter...")); - switch(aID) { - case ESCPAutolockPeriod: - case ESCPMaxAutolockPeriod: { + switch ( aID ) + { + case ( ESCPAutolockPeriod ): + // Flow through + case ( ESCPMaxAutolockPeriod ): + { // Convert the value, and set it TInt value; TLex lex(aValue); lRetStatus = lex.Val(value); + if((lRetStatus != KErrNone ) || ( value < 0) || ( value > KSCPAutolockPeriodMaximum )) { lRetStatus = KErrArgument; break; - } + } //Check if the device memory is encrypted or not. TBool encryptionEnabled = IsDeviceMemoryEncrypted(); - CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC(); // Value OK - if(aID == ESCPMaxAutolockPeriod) { - if( encryptionEnabled ) { - Dprint(_L("[CSCPServer]-> Memory is encrypted")); + if(aID == ESCPMaxAutolockPeriod) + { + if ( encryptionEnabled ) + { + Dprint(_L("Memory is encrypted")); + if (( 0 == value) || value > KMaxAutolockPeriod) + { + Dprint((_L("Denying setting of max auto lock as value is %d"), value)); + User::Leave( KErrPermissionDenied ); + } + + } + else + { + Dprint(_L("Memory is decrypted, hence no restrictions to max autolock")); + } - if(( 0 == value) || value > KMaxAutolockPeriod) { - Dprint((_L("[CSCPServer]-> Denying setting of max auto lock as value is %d"), value)); - User :: Leave( KErrPermissionDenied ); - } - } - else { - Dprint(_L("Memory is decrypted, hence no restrictions to max autolock")); - } - - Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod...")); + Dprint(_L("[CSCPServer]-> Branched to ESCPMaxAutolockPeriod...")); + CSCPParamDBController* lParamDB = CSCPParamDBController :: NewLC(); lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: EMaxTimeout, aValue, aCallerIdentity, lParamDB); - if(lRetStatus == KErrNone) { + if(lRetStatus == KErrNone) + { // Do we have to change the Autolock period as well? TInt currentALperiod; lRetStatus = GetAutolockPeriodL(currentALperiod); - if(lRetStatus == KErrNone) { - if( (iConfiguration.iMaxTimeout > 0) && - ((iConfiguration.iMaxTimeout < currentALperiod) || - (currentALperiod == 0))) { - + if(lRetStatus == KErrNone) + { + if((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < currentALperiod) || (currentALperiod == 0))) + { Dprint((_L("[CSCPServer]-> Changing AL period to Max. AL period (Current ALP: %d, Max. ALP: %d)"), currentALperiod, value)); - //lRetStatus = SetAutolockPeriodL(value); - /* - * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in - * both the internal DB and the CenRep - */ - lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB); + lRetStatus = SetAutolockPeriodL(value); } } - else { + else + { Dprint((_L("[CSCPServer]-> ERROR: Couldn't get the Autolock period: %d"), lRetStatus)); } } + + CleanupStack :: PopAndDestroy(); //lParamDB } - // Autolock Period - else { - //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state. - /* if ( 0 == value ) { - if(encryptionEnabled) { + + else + { // Autolock Period + + //Code is commented as it is already taken care by the below condition #1343 irrespective of the drive encryption state. + /* if ( 0 == value ) + { + if ( encryptionEnabled ) + { Dprint(_L("Permission denied!")); - User :: Leave(KErrPermissionDenied); - } - }*/ - + User::Leave( KErrPermissionDenied ); + } + }*/ + Dprint(_L("[CSCPServer]-> Branched to ESCPAutolockPeriod...")); // Check if this value is not allowed by the Max. Autolock period if ((iConfiguration.iMaxTimeout > 0) && ((iConfiguration.iMaxTimeout < value) || (value == 0))) { @@ -1356,20 +1423,13 @@ lRetStatus = KErrArgument; } else { - //lRetStatus = SetAutolockPeriodL(value); - /* - * Call to SetBestPolicyL will not check for Stronger/Weaker. The value of ETimeout just gets stored in - * both the internal DB and the CenRep - */ - lRetStatus = SetBestPolicyL(RTerminalControl3rdPartySession :: ETimeout, aValue, aCallerIdentity, lParamDB); + lRetStatus = SetAutolockPeriodL(value); if(lRetStatus != KErrNone) { Dprint((_L("[CSCPServer]-> ERROR: Couldn't set the Autolock period: %d"), lRetStatus)); } } } - - CleanupStack :: PopAndDestroy(); //lParamDB } break; case ESCPCodeChangePolicy: @@ -1697,6 +1757,7 @@ if ( getFromCommonStorage ) { + Dprint(_L("[CSCPServer]-> Fetching from Common storage...")); // OK, no objection, so try to get the value from common storage ret = iPluginEventHandler->GetParameters().Get( aID, aValue ); } @@ -2009,13 +2070,13 @@ // TInt CSCPServer::IsCorrectEnhCode( TDes& aCode, TInt aFlags ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): ") )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode") )); if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; } TInt ret = KErrAccessDenied; - + // Hash the code TBuf hashBuf; hashBuf.Zero(); @@ -2030,17 +2091,14 @@ TBool enhancedCodeMatches = EFalse; if ( hashBuf.Compare( iConfiguration.iEnhSecCode ) == 0 ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): enh code matches.") )); enhancedCodeMatches = ETrue; } // Check if the code is blocked (don't check if we're out-of-sync) if ( ( iConfiguration.iConfigFlag == KSCPConfigOK ) && ( IsCodeBlocked() ) ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 1") )); if ( aFlags & KSCPEtelRequest ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 2") )); // Check if the code is correct if ( enhancedCodeMatches ) { @@ -2054,7 +2112,6 @@ else { // OK, the code is already invalid - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 3") )); SendInvalidDOSCode( pswCandidate ); } } @@ -2067,7 +2124,6 @@ { // Normal situation: we have the correct code stored. // Compare the hashes (hashing error will result in EFalse ) - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 4") )); if ( enhancedCodeMatches ) { ret = KErrNone; @@ -2075,7 +2131,6 @@ if ( aFlags & KSCPEtelRequest ) { // Send the correct code to DOS side - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 5") )); TRAP( ret, CheckISACodeL( pswCandidate ) ); } @@ -2084,7 +2139,7 @@ if ( iConfiguration.iFailedAttempts > 0 ) { iConfiguration.iFailedAttempts = 0; - Dprint( (_L("CSCPServer::IsCorrectEnhCode():: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); writeSetup = ETrue; } } @@ -2099,12 +2154,11 @@ ret = KErrAccessDenied; iConfiguration.iFailedAttempts++; - Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); + Dprint( (_L("CSCPServer::IsCorrectEnhCode():KErrAccessDenied: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); writeSetup = ETrue; if ( iConfiguration.iFailedAttempts == KSCPCodeBlockLimit ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") )); // Block the code TTime curTime; curTime.UniversalTime(); @@ -2125,60 +2179,63 @@ else { // iConfiguration.iConfigFlag == KSCPConfigInvalid or KSCPConfigUnknown - + // We might be out-of-sync, no idea about the real code. // Check if the DOS code hashed from the given code is correct. Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Attempting to correct OoS situation.") )); - if (IsCodeBlocked()) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): OOS ->KErrLocked ") )); - return KErrLocked; - } + TRAP( ret, CheckISACodeL( pswCandidate ) ); - if (ret == KErrNone) { + if ( ret == KErrNone ) + { // OK, we must assume that this is the correct code, since // the hashed DOS code is correct. Save the codes, and return OK. Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code has the correct hash (%d)\ , saving codes."), ISACode )); - + iConfiguration.iEnhSecCode.Zero(); - iConfiguration.iEnhSecCode.Copy(hashBuf); + iConfiguration.iEnhSecCode.Copy( hashBuf ); iConfiguration.iSecCode.Zero(); - iConfiguration.iSecCode.AppendNum(ISACode); - + iConfiguration.iSecCode.AppendNum( ISACode ); + // Unset the invalid configuration flag iConfiguration.iConfigFlag = KSCPConfigOK; writeSetup = ETrue; - } - else { - ret = KErrAccessDenied; - - iConfiguration.iFailedAttempts++; - Dprint( (_L("CSCPServer::IsCorrectEnhCode():@@@: iFailedAttempts (%d)."), iConfiguration.iFailedAttempts )); - writeSetup = ETrue; + } + else + { + + Dprint( (_L("CSCPServer::IsCorrectEnhCode(): Given code does not have the \ + correct hash: ret; %d user enter password: %d"), ret )); + TRAP( ret, CheckISACodeL( aCode ) ); + if (ret == KErrNone) + { + //store this code in our interal storage as it is used as oldpassword while changing at ISA side in next command + //ChangeISACodeL. + iConfiguration.iSecCode.Zero(); + iConfiguration.iSecCode.Append( aCode ); + TRAP(ret,ChangeISACodeL(pswCandidate)); + } + if (ret == KErrNone) + { + iConfiguration.iEnhSecCode.Zero(); + iConfiguration.iEnhSecCode.Copy( hashBuf ); - if (iConfiguration.iFailedAttempts == KSCPCodeBlockLimit) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): KSCPCodeBlockLimit ") )); - // Block the code - TTime curTime; - curTime.UniversalTime(); - - iConfiguration.iBlockedAtTime.Zero(); - iConfiguration.iBlockedAtTime.AppendNum(curTime.Int64()); - - // The code will be blocked for now on - ret = KSCPErrCodeBlockStarted; + iConfiguration.iSecCode.Zero(); + iConfiguration.iSecCode.AppendNum( ISACode ); + + // Unset the invalid configuration flag + iConfiguration.iConfigFlag = KSCPConfigOK; + writeSetup = ETrue; + } } } - - } // Write setup if needed if ( writeSetup ) { - Dprint( (_L("CSCPServer::IsCorrectEnhCode(): 7 ") )); TRAPD( err, iConfiguration.WriteSetupL() ); if ( err != KErrNone ) { @@ -2186,7 +2243,7 @@ failed to write configuration: %d"), err )); } } - + Dprint( (_L("CSCPServer::IsCorrectEnhCode %d"), ret )); return ret; } @@ -2307,7 +2364,7 @@ CSCPParamObject*& aRetParams, TSCPSecCode& aNewDOSCode ) { - + Dprint(_L("CSCPServer::CheckAndChangeEnhCodeL >>")); if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; @@ -2326,66 +2383,47 @@ CSCPParamObject* repParams = iPluginManager->PostEvent( KSCPEventAuthenticationAttempted, *inParams ); - if ( repParams != NULL ) + if ( repParams != NULL ) { + // Ignore the return params at this point + delete repParams; + } + + CleanupStack::PopAndDestroy(inParams); + + ret = ValidateLockcodeAgainstPoliciesL(aNewPass, aRetParams); + + if(ret != KErrNone) { + Dprint(_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() failed in CheckAndChangeEnhCodeL() ret=%d"), ret); + return ret; + } + + + if ( IsValidEnhCode( aNewPass ) ) + { + ret = StoreEnhCode( aNewPass, &aNewDOSCode ); + } + else + { + // Invalid code format! Should not happen at this point, but make sure. + ret = KErrArgument; + } + + if ( ret == KErrNone ) + { + CSCPParamObject* inParams = CSCPParamObject::NewL(); + CleanupStack::PushL( inParams ); + inParams->Set( KSCPParamPassword, aNewPass ); + + CSCPParamObject* repParams = + iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams ); + + CleanupStack::PopAndDestroy( inParams ); + + if ( repParams != NULL ) { // Ignore the return params at this point delete repParams; - } - - inParams->Reset(); - - // Validate the code - inParams->Set( KSCPParamPassword, aNewPass ); - - repParams = iPluginManager->PostEvent( KSCPEventValidate, *inParams ); - - CleanupStack::PopAndDestroy( inParams ); - - if ( repParams != NULL ) - { - // Check if the validation failed - TInt status; - if ( repParams->Get( KSCPParamStatus, status ) == KErrNone ) - { - if ( status != KErrNone ) - { - ret = status; - } } - - aRetParams = repParams; // pointer ownership changed - } - - // Set the new code, if it was OK - if ( ret == KErrNone ) - { - if ( IsValidEnhCode( aNewPass ) ) - { - ret = StoreEnhCode( aNewPass, &aNewDOSCode ); - } - else - { - // Invalid code format! Should not happen at this point, but make sure. - ret = KErrArgument; - } - - if ( ret == KErrNone ) - { - CSCPParamObject* inParams = CSCPParamObject::NewL(); - CleanupStack::PushL( inParams ); - inParams->Set( KSCPParamPassword, aNewPass ); - - CSCPParamObject* repParams = - iPluginManager->PostEvent( KSCPEventPasswordChanged, *inParams ); - - CleanupStack::PopAndDestroy( inParams ); - - if ( repParams != NULL ) - { - // Ignore the return params at this point - delete repParams; - } - } } } else @@ -2415,7 +2453,7 @@ } } } - + Dprint(_L("[CSCPServer]-> CheckAndChangeEnhCodeL ret=%d"), ret); return ret; } @@ -2449,7 +2487,7 @@ TInt CSCPServer::IsPasswordChangeAllowedL( CSCPParamObject*& aRetParams ) { - + Dprint(_L("CSCPServer::IsPasswordChangeAllowedL >>")); if(!FeatureManager::FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { return KErrNotSupported; @@ -2495,7 +2533,9 @@ TBool CSCPServer::IsDeviceMemoryEncrypted() { Dprint(_L("CSCPServer::IsDeviceMemoryEncrypted >>")); + TBool ret(EFalse); + //First check if the feature is supported on device TRAPD(ferr, FeatureManager::InitializeLibL()); if (ferr != KErrNone) @@ -2507,9 +2547,6 @@ FeatureManager::UnInitializeLib(); //If feature is supported, check if any drive is encrypted. - - - if (ret) { RLibrary library; @@ -2591,16 +2628,12 @@ */ TInt CSCPServer :: SetBestPolicyL( TInt aID, const TDesC& aValue, TUint32 aCallerIdentity, CSCPParamDBController* aParamDB ) { Dprint( (_L("[CSCPServer]-> SetBestPolicyL() >>>"))); - Dprint( (_L("[CSCPServer]-> ParamID=%d "), aID, aValue)); - Dprint( (_L("[CSCPServer]-> ParamValue=%d "), aValue)); - TBool lFirstTime(EFalse); TInt32 lNumValue (-1); TInt32 lNumValDB (-1); - TInt lRetStatus = KErrNone; + TInt32 lRetStatus = KErrNone; switch(aID) { - case RTerminalControl3rdPartySession :: ETimeout: case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMinLength: case RTerminalControl3rdPartySession :: EPasscodeMaxLength: @@ -2642,9 +2675,6 @@ else { // Fetch the previous value of the parameter from the private database switch(aID) { - case RTerminalControl3rdPartySession :: ETimeout: - // No need to fetch previous value for ETimeout since Stronger/Weaker check is not required for it. - break; case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMinLength: case RTerminalControl3rdPartySession :: EPasscodeMaxLength: @@ -2713,12 +2743,6 @@ // Decision code that verifies if policy is strongest switch(aID) { - case RTerminalControl3rdPartySession :: ETimeout: - /* - * No need to check stronger/weaker for ETimeout. The value just has to be maintained in both - * DB and the CenRep - */ - break; case RTerminalControl3rdPartySession :: EMaxTimeout: case RTerminalControl3rdPartySession :: EPasscodeMaxRepeatedCharacters: case RTerminalControl3rdPartySession :: EPasscodeExpiration: @@ -2772,17 +2796,11 @@ */ if (lRetStatus == KErrNone) { switch (aID) { - case RTerminalControl3rdPartySession :: ETimeout: - lRetStatus = SetAutolockPeriodL(TInt(lNumValue)); - Dprint(_L("[CSCPServer]-> After setting ETimeout lRetStatus = %d "), lRetStatus); - break; - case RTerminalControl3rdPartySession :: EMaxTimeout: iConfiguration.iMaxTimeout = lNumValue; lRetStatus = iConfiguration.WriteSetupL(); Dprint(_L("[CSCPServer]-> After setting EMaxTimeout lRetStatus = %d "), lRetStatus); break; - default: TUint16* ptr = const_cast(aValue.Ptr()); TPtr valBuf(ptr, aValue.Length(), aValue.Length()); @@ -2877,31 +2895,14 @@ Dprint(_L("[CSCPServer]-> Old Index of EPasscodeHistoryBuffer=%d"), lHistBuffIndex); Dprint(_L("[CSCPServer]-> Old Index of EPasscodeMinChangeTolerance=%d"), lMinTolIndex); } - - /* - * If both ETimeout and EMaxTimeout are marked for cleanup then interchange the cleanup order of - * ETimeout and EMaxTimeout since AutoLock (ETimeout) cannot be disabled - * if MaxAutolock (EMaxTimeout) is still enabled - */ - if( lParamIds[0] == RTerminalControl3rdPartySession :: ETimeout && - lParamIds[1] == RTerminalControl3rdPartySession :: EMaxTimeout) { - - lParamIds[0] = RTerminalControl3rdPartySession :: EMaxTimeout; - lParamIds[1] = RTerminalControl3rdPartySession :: ETimeout; - } } for(TInt j=0; j < lCount; j++) { TInt lCurrParamID = lParamIds[j]; lDefValueBuf->Des().Zero(); lDefValueBuf->Des().Format(_L("%d "), 0); - // Initialize the default values here... switch(lCurrParamID) { - case RTerminalControl3rdPartySession :: ETimeout: - // lDefValueBuf already has the default value, 0 initialized... - lCurrParamID = ESCPAutolockPeriod; - break; case RTerminalControl3rdPartySession :: EMaxTimeout: // lDefValueBuf already has the default value, 0 initialized... lCurrParamID = ESCPMaxAutolockPeriod; @@ -2930,7 +2931,6 @@ for(TInt k=0; k < lDesCount; k++) { TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDesArr[k]->Des(), lAppID)); - if(KErrNone != lStatus) { Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus); lSubOpsFailed = ETrue; @@ -2944,40 +2944,6 @@ CleanupStack :: PopAndDestroy(1); // lDesArray } break; - - case ESCPAutolockPeriod: { - TInt32 lParamValueDB(0); - TInt lParamValueCenRep(0); - TInt32 lCurrParamOwner(0); - - lStatus = lParamDB->GetValueL(RTerminalControl3rdPartySession :: ETimeout, lParamValueDB, lCurrParamOwner); - - if(lStatus != KErrNone) { - Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from DB...")); - lSubOpsFailed = ETrue; - break; - } - - lStatus = GetAutolockPeriodL(lParamValueCenRep); - - if(lStatus != KErrNone) { - Dprint(_L("[CSCPServer]-> ERROR: Unable to get current value of ETimeout from CenRep...")); - lSubOpsFailed = ETrue; - break; - } - - /* - * It is possible that AutoLock set from UI is different. In that case internal DB and CenRep - * are not in sync. Compare the two values and if they are same assume that the values are in sync. - * Limitation is that if the user sets the AutoLock with the same value as set by the current app then - * AutoLock will get disabled. - * - */ - if(lParamValueCenRep != lParamValueDB) { - break; - } - } - default: { iOverrideForCleanup = ETrue; TRAP(lStatus, lStatus = SetParameterValueL(lCurrParamID, lDefValueBuf->Des(), lAppID)); @@ -2994,8 +2960,7 @@ aParamValArray.AppendL(lTmpBuffer); } } - break; - }; + } if(KErrNone != lStatus) { Dprint(_L("[CSCPServer]-> ERROR: Unable to cleanup parameter %d error %d"), lParamIds[j], lStatus); @@ -3009,6 +2974,131 @@ return (lSubOpsFailed) ? KErrGeneral : KErrNone; } +void CSCPServer :: GetPoliciesL(HBufC8* aAppIDBuffer, TUint32 aCallerIdentity) { + TInt lValue; + TInt lRet = KErrNone; + TBuf<25> lParamValBuf; + TPtr8 lBufPtr = aAppIDBuffer->Des(); + RDesWriteStream lWriteStream(lBufPtr); + CleanupClosePushL(lWriteStream); + + lRet = GetAutolockPeriodL(lValue); + + if(lRet != KErrNone) { + User :: Leave(lRet); + } + + Dprint((_L("[CSCPServer]-> appending AutoLockPeriod value=%d"), lValue)); + lWriteStream.WriteInt32L(lValue); + + Dprint((_L("[CSCPServer]-> appending MaxAutoLockPeriod value=%d"), iConfiguration.iMaxTimeout)); + lWriteStream.WriteInt32L(iConfiguration.iMaxTimeout); + + if(FeatureManager :: FeatureSupported(KFeatureIdSapDeviceLockEnhancements)) { + Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() complete. Fetching values now...")); + /* Fetch parameters starting from RTerminalControl3rdPartySession :: EPasscodeMinLength to + * RTerminalControl3rdPartySession :: EPasscodeMinChangeInterval + */ + TInt lPID = RTerminalControl3rdPartySession :: EPasscodeMinLength; + + for(; lPID <= RTerminalControl3rdPartySession :: EPasscodeDisallowSimple; lPID++) { + switch(lPID) { + default: + break; + case RTerminalControl3rdPartySession :: EPasscodeCheckSpecificStrings: + case RTerminalControl3rdPartySession :: EPasscodeAllowSpecific: + case RTerminalControl3rdPartySession :: EPasscodeClearSpecificStrings: + // No need to fetch these three parameters + continue; + case RTerminalControl3rdPartySession :: EPasscodeDisallowSpecific: + Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSpecific value...")); + // Get on EPasscodeDisallowSpecific returning -1 instead + lWriteStream.WriteInt32L(-1); + continue; + case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple: + Dprint(_L("[CSCPServer]-> appending EPasscodeDisallowSimple value...")); + lWriteStream.WriteInt32L(1); + lWriteStream.WriteInt32L(1); + continue; + } + + //lRet = GetParameterValueL(lPID, lParamValBuf, aCallerIdentity); + lRet = iPluginEventHandler->GetParameters().Get(lPID, lValue); + + switch(lRet) { + + + case KErrNotFound: { + switch(lPID) { + case RTerminalControl3rdPartySession :: EPasscodeMinLength: + lValue = KSCPPasscodeMinLength; + break; + case RTerminalControl3rdPartySession :: EPasscodeMaxLength: + lValue = KSCPPasscodeMaxLength; + break; + default: + lValue = 0; + break; + } + } + break; + case KErrNone: { +// TLex lLex(lParamValBuf); +// lRet = lLex.Val(lValue); +// User :: LeaveIfError(lRet); + } + break; + default: + User :: Leave(lRet); + } + + Dprint((_L("[CSCPServer]-> appending value for lPID=%d"), lPID)); + Dprint((_L("[CSCPServer]-> lValue=%d"), lValue)); + + switch(lPID) { + default: + lWriteStream.WriteInt32L(lValue); + break; + case RTerminalControl3rdPartySession :: EPasscodeDisallowSimple: + lWriteStream.WriteInt32L(1); + lWriteStream.WriteInt32L(1); + break; + } + } + } + else { + Dprint(_L("[CSCPServer]-> (FeatureManager :: FeatureSupported() failed!!...")); + } + + CleanupStack :: PopAndDestroy(1); // lWriteStream +} + +TInt CSCPServer :: ValidateLockcodeAgainstPoliciesL(TDes& aLockcode, CSCPParamObject*& aRetParams) { + Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() >>>"))); + + TInt ret = KErrNone; + CSCPParamObject* inParams = CSCPParamObject :: NewL(); + inParams->Set(KSCPParamPassword, aLockcode); + CSCPParamObject* repParams = iPluginManager->PostEvent(KSCPEventValidate, *inParams); + delete inParams; + + if (repParams != NULL) { + // Check if the validation failed + TInt status; + + if (repParams->Get(KSCPParamStatus, status) == KErrNone) { + if (status != KErrNone) { + ret = status; + } + } + + aRetParams = repParams; // pointer ownership changed + } + + Dprint( (_L("[CSCPServer]-> ValidateLockcodeAgainstPoliciesL() <<<"))); + return ret; +} + //#endif // __SAP_DEVICE_LOCK_ENHANCEMENTS // <<<< ********************** NEW FEATURES ********************