author Pat Downey <>
Wed, 01 Sep 2010 12:33:58 +0100
changeset 22 8d540f55e491
parent 21 abbed5a4b42a
permissions -rw-r--r--
Revert incorrect RCL_3 drop: Revision: 201035 Kit: 201035

// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "".
// Initial Contributors:
// Nokia Corporation - initial contribution.
// Contributors:
// Description:
// IPSecPolicyManHandler.h - IPSec Policy Manager Handler


#include <e32base.h>
#include <e32std.h>
#include <f32file.h>
#include <es_sock.h>
#include <in_sock.h>
#include <featdiscovery.h>

#include "ipsecpolapi.h"
#include "ipsecpol.h"
#include "autoloadlistitem.h"
#include "log_ipsecpol.H"
#include "spdb.h"

// Direction codes
enum direction
    EInbound = 1,

// iBypassOrDropMode flags
const TInt KDropMode       = 0;          // Drop mode
const TInt KInboundBypass  = (1 << 0);   // Inbound bypass mode
const TInt KOutboundBypass = (1 << 1);   // Outbound bypass mode
const TInt KSymmetricBypass = (KInboundBypass | KOutboundBypass ); // To allow UMA traffic

// Forward declarations
class CSecpolReader;
class CIPSecPolicyManagerServer;
class CPolicySelector;
class CIPSecPolicyManagerSession;
class CSelectorList;
class CIpSecurityPiece;
class TIpsecSelectorInfo;
class TIpsecSaSpec;
class CAutoloadListItem;
class CSecurityPolicy;
class TSecurityAssocSpec;

// Active Policy list entry
struct TActivePolicyListEntry
    TPolicyHandle iPolicyHandle;
    HBufC8* iPolicyBuf;
    TBool iActiveState;       // EFalse = loaded, not active; ETrue = active
    TInt iBypassOrDropMode;   // See flags below
    TPolicyType iPolicyType;
    TBool iException;			// UMA exception
typedef CArrayFixFlat<TActivePolicyListEntry*> CActivePolicyList;

struct TManualAutoloadHandlePair
    TPolicyHandle iManualPreloadHandle;
    TPolicyHandle iManualPostLoadHandle;

// Policy Manager Handler Class
class CIPSecPolicyManagerHandler : public CBase
    static CIPSecPolicyManagerHandler* NewL(CIPSecPolicyManagerServer* aServer);
    void ConstructL();

    // Policy Manager API related methods
    TInt ProcessLoadPolicyL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession,
        TPolicyType aPolType);

    TInt ProcessLoadPoliciesL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt ProcessActivatePolicyL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt ProcessActivateAutoloadPolicyL(
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt ProcessUnloadPolicyL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt ProcessUnloadPoliciesL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt UnloadPolicyByHandleL(
        TUint32 aPolicyHandle,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt GetIPSecSAInfoL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);

    TInt GetLastConflictInfoL(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession);
    TInt RequestEvent(
        const RMessage2& aMsg,
        const CIPSecPolicyManagerSession* aIPSecPolicyManagerSession); 

    void ErrorHandlingL(TInt aMainCode, TInt aDetailCode);

    void ReleaseResources();

    void ParseCurrentPolicyL();

    void UpdateSelectorsAndTunnels();

    void ConvertFromObjectsToStringWithSectionsL(TInt aFunction,
                                                 TInt aBypassDropMode);

    void ConvertFromObjectsToStringWithoutSectionsL();

    void StorePolicyToActiveListL(TPolicyType aPolType,
                                  TInt aBypassDropMode);

    void ParseAllPolicyFilesL();

    void MakeUniqueSANamesL();

    void SortSelectors();

    void ConvertFromObjectsToStringL();

    void SendAlgorithmsAndPolicyToIPSecL(const TDesC& aSocket);

    void SendNullFileToIPSecL(const TDesC& aSocket);

    void ReturnPolicyFileHandleL(const RMessage2& aMsg);

    void ApiCallCompleted();

    TInt DeletePolicyFromList();

    TInt SearchPolicyFromListAndActivate();
    TInt GetAvailableSelectors(const RMessage2& aMsg);
    TInt GetSelectorsCount(const RMessage2& aMsg);

    // Miscallenious utilities related to building policy data  
    TInt WriteTunnelModeIkeNegotiationStringsL(HBufC8*& aPolBfr);

    void BuildTunnelModeIkeString(
        TDes8& aString,
        TInt aDirection,
        TInt aPort,
        TInetAddr& aGWAddr);

    TInt WriteTransportModeIkeNegotiationStrings(HBufC8*& aPolBfr);

    void BuildTransportModeIkeString(
        TDes8& aString,
        TInt aPort,
        TInetAddr& aRemote,
        TInetAddr& aRemoteMask);

    TInt BuildDhcpProtocolString(HBufC8*& aPolBfr);

    TInt BuildMip4BypassSelectors(HBufC8*& aPolBfr);

    TInt BuildComparisonWord(CSelectorList* aSelList);

    TInt SetSequenceNumbers(CSelectorList* aSelList);

    TInt CalculateMaskLength(TInetAddr& aMask);

    TInt MaskLength(TUint32 aAddr);

    TInt MaskLength(const TIp6Addr &aAddr);

    void DeleteExtraInboundOutboundSelectors();

    TInt AddInboundOutboundSelectorPair();

    void InboundOutboundSelectors();

    CPolicySelector* FindMatchingSelector();

    void FillSAInfoObject(CPolicySelector* aPolicySelector, TInt aIndex);
    TBool IsBypassEverythingElse(const CPolicySelector& aPolicySelector) const;

    TBool IsDropEverythingElse(const CPolicySelector& aPolicySelector) const;

    TBool IsEqualInterface(const CPolicySelector& aP1,
                           const CPolicySelector& aP2) const;

    TBool IsEqualRemoteAddress(const CPolicySelector& aP1,
                               const CPolicySelector& aP2) const;

    TBool IsEqualLocalAddress(const CPolicySelector& aP1,
                              const CPolicySelector& aP2) const;

    TBool IsEqualSaSpec(CSecpolBundleItem* aS1, 
                        CSecpolBundleItem* aS2) const;
    TBool IsEqualSaSpec(TSecurityAssocSpec* aS1, 
                        TSecurityAssocSpec* aS2) const;
    void FillSelectorInfoObject();

    // Policy conflict checking related methods
    TBool CalculateCombinedPolicyBypassDropMode();
    void CheckSelectorConflictsL();

    void TakeNextActivePolicyL(TInt aIndex);

    void CompareSelectorsL(CPolicySelector *aPolicySelector);

    TInt CompareSAParameters(
        CPolicySelector* aPolicySelectorNew,
        CPolicySelector* aPolicySelectorOld);

    TBool CheckAddressOverlapping(
        TUint32 aNet1IpAddress,    // Net1 low address
        TUint32 aNet1Mask,         // Net1 mask
        TUint32 aNet2IpAddress,    // Net2 low address
        TUint32 aNet2Mask);        // Net2 mask

    TInt GetRangeHighAddress(
        TUint32& aNetIpAddressHigh,
        TUint32 aNetIpAddressLow,
        TUint32 aNetMask);

    void ConflictTestForPortsAndProtocolL();

    TInt ComparePortProtocol(
        CPolicySelector *aPolicySelector1,
        CPolicySelector *aPolicySelector2);

    void BuildConflictInfoL();

    // Autoload related methods
    void ReadAutoloadConfigDataL();

    // Perform autoload policies
    void AutoloadPoliciesL(
        const TZoneInfoSet& aZoneInfoSet,
        HBufC8* aPolicyBuffer,
        TAutoloadFlags aAutoloadType = EAutoloadNone);

    // Get the autoload flag
    inline TBool IsPreloadNeeded()
        return iIsPreloadNeeded;

    // Set autoload flag
    inline void SetAutoloadStatus(TAutoloadFlags aAutoloadFlag)
        iAutoloadFlag = aAutoloadFlag;

    // Check if autoload policy is active
    TBool IsAutoloadPolicyActive();

    // Set the autoload policy flag
    void SetAutoloadPolicyActive(TBool aIsAutoloadPolicyActive);

    // Store autoload policy handle
    void StorePreloadPolicyHandle();

    // Return autoload policy handle
    TUint32 GetAutoloadPolicyHandle();

    // Find an autoload policy handle based on the parent policy handle
    CAutoloadListItem* FindScopedAutoloadPolicyPair(
        TUint32 aParentPolicyHandle);

    // Add an autoload policy handle based on the parent policy handle
    void AddScopedAutoloadPolicyPairL(
        TUint32 aPreloadPolicyHandle,
        TUint32 aPostloadPolicyHandle,
        TUint32 aParentPolicyHandle);

    //delete the scoped autoload policy pair
    void DeleteScopedAutoloadPolicyPair(TUint32 aParentPolicyHandle);

    //calculate the bypass mode
    void CalculateBypassOrDropMode(TBool aForLoadPolicy);

    //determines whether the last manual autoload policy has been unloaded
    TBool IsLastManualLoadPolicy(TUint32 aPolicyHandle);

    //Exception Selectors to be loaded.
     TInt AddExceptionSelectors();
     //Check for Exception policy loading. Work around done for UMA. Need to check more. 
     TBool CheckException();

	//Method to set the SID of the application that load policy 
	 void SetOptL(const RMessage2& aMsg);

    // Read the algorithms.conf file
    void ReadAlgorithmsFileL();

    void ReadNextAutoloadPolicyL(
        HBufC8*& aAutoloadPolicyBuffer,
        TPtrC& aPolicyFileName);

    void UpdatePolicySelectorScopeId(CPolicySelector& aPolicySelector,
                                     TInt aScopeId);

    void UpdatePolicyBundleScopeId(CPolicySelector& aPolicySelector,
                                   TInt aScopeId,
                                   TInt aGwScopeId,
                                   TBool& aIsTunnelMode);

    TInt CalculatePolicyBypassDropMode(CSecurityPolicy& aSp) const;

    //UMA support
	void SearchIAPIdL( const TUint32& aNetId, TUint32& aIapId );
    TBool CheckUMAL(TUint32 aIapId);
	void CheckFeatureSupportL(TUid aFeature);////To check a Feature flag is enabled or not

	 *This method to check the exception.
	void CheckUMAEXception(TUint32 aVpnNetId);


    // List containing all loaded policies
    CActivePolicyList* iActivePolicyList;

    // Handle into the Socket server
    RSocketServ iSS;
    TPolicyHandle iNextPolicyHandle;
    TPolicyHandle iCurrentPolicyHandle;

    TPckg<TIpsecSaSpec>* iPckgSAInfo;
    TIpsecSaSpec* iSAInfo;

    TInt iVPNNetId;
    TInt iGwNetId;

    TInt iFunction;

    HBufC8* iPolicyHBufC8;
    HBufC8* iPolBfr;
    HBufC8* iAlgorithmsHBufC8;

    // Info section data of active policy
    HBufC8* iLastConflictInfo;

    // A string copied from ipsecpolparser
    HBufC8* iLastParsingErrorInfo;
    HBufC* iStringBuf;
    TAutoloadHandles* iHandles;

    TIpsecSelectorInfo* iSelectorInfo;

    // Used to parse current policy
    CIpSecurityPiece* iPieceData;

    // Used to parse active policy list entries
    CIpSecurityPiece* iPieceData2;

    // Bypass/Drop mode of the combined policy
    TInt iBypassOrDropMode;

    const CIPSecPolicyManagerSession *iSession;

    CSecpolReader* iSecpolReader6;
    RSocket iSock;
    RFs iFs;
    RFile iAlgFile;

    TBool iSecpolSocketOpen;
    TBool iAlgorithmsFileOpen;

    // Autoload member variables
    TBool iIsPreloadNeeded;
    TManualAutoloadHandlePair iManualAutoloadHandlePair;

    // Autoload flag
    TAutoloadFlags iAutoloadFlag;

    TBool iIsAutoloadPolicyActive;
    HBufC8* iPreloadPolicy;
    HBufC8* iBeforeManualLoadPolicy;
    HBufC8* iAfterManualLoadPolicy;
    HBufC8* iBeforeScopedLoadPolicy;
    HBufC8* iAfterScopedLoadPolicy;

    TPolicyHandle iPreloadPolicyHandle;

    // Array storing the autoload-parent
    RPointerArray<CAutoloadListItem> iScopedAutoloadPolicyPairs;
    // Used to retrieve the gateway address passed by client in RIpsecPolicyServ::AvailableSelectors API
    TInetAddr iTunnel;
    CArrayFixFlat<TIpsecSelectorInfo>* iSelectorInfoArray;
    //UMA support
    TBool iCurrentException;	
    //This variable holds sid of the application that loads 
    //exception policies
    TUint32 iAppSid;
    TBool iIPSecGANSupported; //To check whether FF_IPSEC_UMA_SUPPORT_ENABLE is defined and UMA supported
