--- a/vpnengine/ikev1lib/inc/ikev1crack.h Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/inc/ikev1crack.h Tue May 25 13:48:10 2010 +0300
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
@@ -100,6 +100,7 @@
TInt GetDataL(HBufC8* aChallenge);
TInt GetDatafromUserL(HBufC8 *aChallenge);
TInt GetUNPWDFromPolicyL();
+ TInt GetUNPWDFromNegotiationL();
TInt ProcessCHREAttibutesL(const TCHREISAKMP *aCHRE_PAYLOAD);
void SendCredentialsL(TUint16 aAttr1, TUint16 aAttr2, TUint16 aAttr3,
HBufC8* aBfr1, HBufC8* aBfr2, HBufC8* aBfr3);
--- a/vpnengine/ikev1lib/inc/ikev1dialog.h Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/inc/ikev1dialog.h Tue May 25 13:48:10 2010 +0300
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
@@ -82,7 +82,6 @@
void ShowErrorDialogL(TInt aDialogType, TAny *aUserInfo, MIkeDialogComplete* aCallback);
void StoreUserNameL(TPtr8 aUserName);
void StartDialogL();
- TInt GetSyncUNPWCacheDialog(TDes& aUserName, TDes& aPassword);
static TInt GetSyncUNPWDialog(TDes& aUserName, TDes& aPassword);
static void PurgeDialogQueue(CIkev1Dialog* aQueuedDialog);
--- a/vpnengine/ikev1lib/inc/ikev1negotiation.h Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/inc/ikev1negotiation.h Tue May 25 13:48:10 2010 +0300
@@ -25,6 +25,8 @@
#include "ikev1SAdata.h"
#include "ikepolparser.h"
#include "ipsecsaspiretriever.h"
+#include "ikev1dialog.h"
+
#define INITIATOR 0
#define RESPONDER 1
@@ -84,7 +86,8 @@
// Class CIkev1Negotiation: Contains all the info for each negotiation in progress
//
NONSHARABLE_CLASS(CIkev1Negotiation) : public CBase,
- public MIpsecSaSpiRetrieverCallback
+ public MIpsecSaSpiRetrieverCallback,
+ public MIkeDialogComplete
{
friend class CIkev1InfoNegotiation;
friend class TIkev1IsakmpStream;
@@ -173,6 +176,10 @@
void IpsecSaSpiRetrieved(TUint32 aSpiRequestId,
TInt aStatus,
TUint32 aSpi);
+
+ TInt ProcessUserResponseL(CAuthDialogInfo *aUserInfo);
+ TInt DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo, HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain);
+
private:
@@ -536,6 +543,11 @@
CIpsecSaSpiRetriever* iIpsecSaSpiRetriever;
CPFKeySocketIf& iPFKeySocketIf;
MIkeDebug& iDebug;
+
+ HBufC8* iCRACKLAMUserName;
+ HBufC8* iCRACKLAMPassword;
+ CIkev1Dialog* iDialog; // Pending dialog object
+ CAuthDialogInfo* iDialogInfo; // Dialog info object
};
#endif // C_IKEV1NEGOTIATION_H
--- a/vpnengine/ikev1lib/src/ikev1crack.cpp Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/src/ikev1crack.cpp Tue May 25 13:48:10 2010 +0300
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
@@ -223,6 +223,14 @@
{
return GetUNPWDFromPolicyL();
}
+
+ else if ( iLAMType == CRACK_PASSWORD &&
+ iNegotiation->iCRACKLAMUserName &&
+ iNegotiation->iCRACKLAMPassword)
+ {
+ return GetUNPWDFromNegotiationL();
+ }
+
else
{
return GetDatafromUserL(aChallenge);
@@ -297,6 +305,42 @@
return CRACK_CONTINUE;
}
+
+TInt CIKECRACKNegotiation::GetUNPWDFromNegotiationL()
+{
+ ASSERT(iLAMType == CRACK_PASSWORD);
+
+ iNegotiation->iTimer->Cancel(); //Cancel previous timer because reply received & processed
+ DEBUG_LOG(_L("Timer Cancelled!"));
+ iNegotiation->iRetryNum = 0;
+
+ /*--------------------------------------------------------
+ *
+ * Store attributes: User name, Secret, Domain
+ *
+ *--------------------------------------------------------*/
+
+ TUint16 attr1 = CRACK_T_USERNAME;
+ HBufC8* bfr1 = iNegotiation->iCRACKLAMUserName;
+ TUint16 attr2 = CRACK_T_SECRET;
+ HBufC8* bfr2 = iNegotiation->iCRACKLAMPassword;
+ HBufC8* bfr3 = iDomain;
+ TUint16 attr3 = 0;
+ if ( bfr3 )
+ {
+ attr3 = CRACK_T_DOMAIN;
+ }
+
+ SendCredentialsL(attr1, attr2, attr3, bfr1, bfr2, bfr3);
+
+ delete iNegotiation->iCRACKLAMUserName;
+ iNegotiation->iCRACKLAMUserName = NULL;
+ delete iNegotiation->iCRACKLAMPassword;
+ iNegotiation->iCRACKLAMPassword = NULL;
+
+ return CRACK_CONTINUE;
+}
+
void CIKECRACKNegotiation::SendCredentialsL(TUint16 aAttr1, TUint16 aAttr2, TUint16 aAttr3,
HBufC8* aBfr1, HBufC8* aBfr2, HBufC8* aBfr3)
{
--- a/vpnengine/ikev1lib/src/ikev1dialog.cpp Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/src/ikev1dialog.cpp Tue May 25 13:48:10 2010 +0300
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
@@ -240,37 +240,6 @@
return status;
}
-/*--------------------------------------------------------------------
- *
- * Get user name and password data for Legacy authentication
- * This is a synchronous dialog which does NOT convert user name and
- * password data into the 8-bit ASCII text
- * Uses username cache
- *
- *---------------------------------------------------------------------*/
-TInt CIkev1Dialog::GetSyncUNPWCacheDialog(TDes& aUserName, TDes& aPassword)
-{
- TInt status = KErrGeneral;
- TIPSecDialogOutput output;
-
- TIPSecDialogInfo dialog_input(TKMDDialog::EUserPwd, 0);
-
- iInputData = CreateDialogInput(dialog_input, ETrue);// TRUE = Use user name cache
-
- TPckgBuf<TIPSecDialogOutput> ResponseBuf(output);//create the buf to receive the response
-
- if ( iInputData )
- status = LauchSyncDialog((TPckgBuf<TIPSecDialogInfo>&)*iInputData, ResponseBuf);
-
- if ( status == KErrNone ) {
- TIPSecDialogOutput& resp = ResponseBuf();
- aUserName = resp.iOutBuf;
- aPassword = resp.iOutBuf2;
- }
-
- return status;
-}
-
void CIkev1Dialog::ShowErrorDialogL(TInt aDialogText, TAny *aUserInfo, MIkeDialogComplete* aCallback )
{
iDialogType = TNoteDialog::EInfo;
--- a/vpnengine/ikev1lib/src/ikev1negotiation.cpp Tue May 11 17:09:49 2010 +0300
+++ b/vpnengine/ikev1lib/src/ikev1negotiation.cpp Tue May 25 13:48:10 2010 +0300
@@ -217,6 +217,9 @@
delete iNatDiscovery;
delete iSARekeyInfo;
delete iLastMsg;
+
+ delete iDialog;
+ delete iDialogInfo;
}
@@ -1073,24 +1076,28 @@
else
{
if ( iCRACKneg )
+ {
status = iCRACKneg->ProcessUserResponseL(aUserInfo);
- else status = CRACK_FAILED;
-
- if ( status == CRACK_FAILED )
- {
- /*--------------------------------------------------------
- *
- * Crack negotiation failed. Negotiation shall be deleted
- *
- *--------------------------------------------------------*/
- LOG_KMD_EVENT( MKmdEventLoggerIf::KLogError,
- R_VPN_MSG_VPN_GW_AUTH_FAIL,
- status,
- iPluginSession->VpnIapId(),
- &iRemoteAddr );
- SetErrorStatus(KKmdIkeAuthFailedErr);
- AcquireSAErrorResponse(KKmdIkeAuthFailedErr);
- }
+
+ if ( status == CRACK_FAILED )
+ {
+ /*--------------------------------------------------------
+ *
+ * Crack negotiation failed. Negotiation shall be deleted
+ *
+ *--------------------------------------------------------*/
+ LOG_KMD_EVENT( MKmdEventLoggerIf::KLogError,
+ R_VPN_MSG_VPN_GW_AUTH_FAIL,
+ status,
+ iPluginSession->VpnIapId(),
+ &iRemoteAddr );
+ SetErrorStatus(KKmdIkeAuthFailedErr);
+ AcquireSAErrorResponse(KKmdIkeAuthFailedErr);
+ }
+ }
+ else
+ status = ProcessUserResponseL(aUserInfo);;
+
}
}
@@ -1266,6 +1273,19 @@
//Sends the initial IKE packets to start the negotiation. PHASE I
void CIkev1Negotiation::InitNegotiationL() //Equiv. to stage 1
{
+
+ if (iProposal_I.iAttrList->iAuthMethod == IKE_A_CRACK &&
+ !iHostData->iCRACKLAMUserName &&
+ !iHostData->iCRACKLAMPassword &&
+ !iCRACKLAMUserName &&
+ !iCRACKLAMPassword)
+ {
+
+ iDialog = CIkev1Dialog::NewL( iPluginSession, iPluginSession->DialogAnchor(), iDebug );
+ iDialogInfo = new(ELeave) CAuthDialogInfo(iPluginSession, DIALOG_INFO_ID, SAId(), 0);
+ iDialog->GetAsyncUNPWDialogL(iDialogInfo, (MIkeDialogComplete*)this);
+ return;
+ }
TIkev1IsakmpStream* msg = SaveIkeMsgBfr( new (ELeave) TIkev1IsakmpStream(iDebug) );
TInt vendor_id_type;
@@ -1308,7 +1328,6 @@
TBool cert_required = EFalse; //If any proposal requires a cert to send a CR if needed
TBool preshared_key = EFalse; //Preshared key authentication
- TBool crack_used = EFalse;
TAttrib *transf = iProposal_I.iAttrList;
for (TInt i=0; (i < iProposal_I.iNumTransforms) && (!cert_required); i++)
@@ -1321,7 +1340,6 @@
break;
case IKE_A_CRACK:
cert_required = ETrue;
- crack_used = ETrue;
break;
default: // No cert involved
preshared_key = ETrue;
@@ -1329,24 +1347,6 @@
}
}
- if (crack_used &&
- !iHostData->iCRACKLAMUserName &&
- !iHostData->iCRACKLAMPassword)
- {
- TBuf<256> UserName;
- TBuf<64> Password;
- CIkev1Dialog* Dialog = CIkev1Dialog::NewL(iPluginSession, iPluginSession->DialogAnchor(), iDebug);
- if (KErrNone != Dialog->GetSyncUNPWCacheDialog(UserName, Password))
- {
- DEBUG_LOG(_L("Failed to get credentials for crack auth!"));
- SetFinished();
- delete Dialog;
- return;
- }
- iHostData->iCRACKLAMUserName = TStringData::NewL(UserName);
- iHostData->iCRACKLAMPassword = TStringData::NewL(Password);
- delete Dialog;
- }
if (iExchange == ISAKMP_EXCHANGE_AGGR) //Aggressive contains more payloads
{
@@ -8393,4 +8393,55 @@
}
}
-
+TInt CIkev1Negotiation::ProcessUserResponseL(CAuthDialogInfo *aDialogInfo )
+{
+ delete iDialog; /* delete dialog object */
+ iDialog = NULL;
+
+ iCRACKLAMUserName = aDialogInfo->iUsername->AllocL();
+ iCRACKLAMPassword = aDialogInfo->iSecret->AllocL();
+
+ delete aDialogInfo; /* release dialog info object */
+ iDialogInfo = NULL; /* reset dialog info pointer */
+ DEBUG_LOG(_L("Continue negotiation from begining"));
+ InitNegotiationL();
+
+ return KErrNone;
+
+}
+//
+// The implementation for class MIkeDialogComplete virtual function
+//
+TInt CIkev1Negotiation::DialogCompleteL(CIkev1Dialog* /*aDialog*/, TAny* aUserInfo,
+ HBufC8* aUsername, HBufC8* aSecret, HBufC8* aDomain)
+{
+/*---------------------------------------------------------------------------
+ *
+ * A response received from client user (through asynchronous dialog)
+ * This method is introduced as a TUserCallback for CGetIKEPassword dialog
+ * object is created. When the dialog is completed this callback function
+ * is called
+ *
+ *-------------------------------------------------------------------------*/
+ TUint32 obj_id = 1;
+ CAuthDialogInfo* info = (CAuthDialogInfo*)aUserInfo;
+ DEBUG_LOG1(_L("CIkev1Negotiation::DialogCompleteL(), aUserInfo = %x"), aUserInfo);
+
+ if ( info )
+ {
+ obj_id = info->GetObjId();
+ DEBUG_LOG1(_L("Preparing to call AuthDialogCompletedL(), ObjId = %x"), obj_id);
+ if ( obj_id == DIALOG_INFO_ID )
+ {
+ info->iUsername = aUsername;
+ info->iSecret = aSecret;
+ info->iDomain = aDomain;
+ obj_id = info->PluginSession()->AuthDialogCompletedL(info);
+ }
+ }
+
+ return obj_id;
+
+}
+
+