From: Michael J. Rubinsky <mrubinsk@horde.org>
Date: Wed, 31 Mar 2010 00:23:26 +0000 (-0400)
Subject: Use passed in configuration to build the policies string
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=63cb6839086813c7ab9dcb0be7ee58c6e5c4fb44;p=horde.git

Use passed in configuration to build the policies string
---

diff --git a/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Base.php b/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Base.php
index e9d553883..b36531386 100644
--- a/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Base.php
+++ b/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Base.php
@@ -69,6 +69,27 @@ abstract class Horde_ActiveSync_Driver_Base
     protected $_params;
 
     /**
+     * Secuirity Policies. These settings can be overridden by the backend
+     * provider by passing in a 'policies' key in the const'r params array. This
+     * way the server can provide user-specific policies.
+     *
+     * <pre>
+     * Currently supported settings are:
+     *   requirePin     - Device must have a pin lock enabled.
+     *   computerUnlock - Device can be unlocked docked to a computer.??
+     * </pre>
+     */
+    protected $_policies = array(
+        'requirePin' => true,
+        'computerUnlock' => true,
+        'AEFrequencyType' => 0,
+        'DeviceWipeThreshold' => 10,
+        'CodewordFrequency' => 5,
+        'MinimumPasswordLength' => 4,
+        'PasswordComplexity' => 2,
+        );
+
+    /**
      * The state object for this request. Needs to be injected into this class.
      * Different Sync objects may require more then one type of stateObject.
      * For instance, Horde can sync contacts and caledar data with a history
@@ -97,14 +118,13 @@ abstract class Horde_ActiveSync_Driver_Base
     public function __construct($params = array())
     {
         $this->_params = $params;
-
         if (empty($params['state_basic']) ||
             !($params['state_basic'] instanceof Horde_ActiveSync_State_Base)) {
 
             throw new Horde_ActiveSync_Exception('Missing required state object');
         }
 
-        // Create a stub if we don't have a useable logger.
+        /* Create a stub if we don't have a useable logger. */
         if (isset($params['logger'])
             && is_callable(array($params['logger'], 'log'))) {
             $this->_logger = $params['logger'];
@@ -116,6 +136,11 @@ abstract class Horde_ActiveSync_Driver_Base
         $this->_stateObject = $params['state_basic'];
         $this->_stateObject->setLogger($this->_logger);
         $this->_stateObject->setBackend($this);
+
+        /* Override any security policies */
+        if (!empty($params['policies'])) {
+            array_merge($this->_policies, $params['policies']);
+        }
     }
 
     /**
@@ -539,4 +564,48 @@ abstract class Horde_ActiveSync_Driver_Base
         return array();
     }
 
+    /**
+     * Build a <wap-provisioningdoc> for the given security settings provided
+     * by the backend.
+     *
+     * 4131 (Enforce password on device) 0: enabled 1: disabled
+     * 4133 (Unlock from computer) 0: disabled 1: enabled
+     * AEFrequencyType 0: no inactivity time 1: inactivity time is set
+     * AEFrequencyValue inactivity time in minutes
+     * DeviceWipeThreshold after how many worng password to device should get wiped
+     * CodewordFrequency validate every 3 wrong passwords, that a person is using the device which is able to read and write. should be half of DeviceWipeThreshold
+     * MinimumPasswordLength minimum password length
+     * PasswordComplexity 0: Require alphanumeric 1: Require only numeric, 2: anything goes
+     *
+     * @param string  The type of policy to return.
+     *
+     * @return string
+     */
+    public function getCurrentPolicy($policyType = 'MS-WAP-Provisioning-XML')
+    {
+        return '<wap-provisioningdoc><characteristic type="SecurityPolicy">'
+        . '<parm name="4131" value="' . ($this->_policies['requirePin'] ? 0 : 1) . '"/>'
+        . '<parm name="4133" value="' . ($this->_policies['computerUnlock'] ? 1 : 0) . '"/>'
+        . '</characteristic>'
+        . '<characteristic type="Registry">'
+        .   '<characteristic type="HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}">'
+        .        '<parm name="AEFrequencyType" value="' . $this->_policies['AEFrequencyType'] . '"/>'
+        .        (!empty($this->_policies['AEFrequencyValue']) ? '<parm name="AEFrequencyValue" value="' . $this->_policies['AEFrequencyValue'] . '"/>' : '')
+        .    '</characteristic>'
+        .    '<characteristic type="HKLM\Comm\Security\Policy\LASSD">'
+        .        '<parm name="DeviceWipeThreshold" value="' . $this->_policies['DeviceWipeThreshold'] . '"/>'
+        .    '</characteristic>'
+        .    '<characteristic type="HKLM\Comm\Security\Policy\LASSD">'
+        .        '<parm name="CodewordFrequency" value="' . $this->_policies['CodewordFrequency'] . '"/>'
+        .    '</characteristic>'
+        .    '<characteristic type="HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw">'
+        .        '<parm name="MinimumPasswordLength" value="' . $this->_policies['MinimumPasswordLength'] . '"/>'
+        .    '</characteristic>'
+        .    '<characteristic type="HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw">'
+        .        '<parm name="PasswordComplexity" value="' . $this->_policies['PasswordComplexity'] . '"/>'
+        .    '</characteristic>'
+        . '</characteristic>'
+        . '</wap-provisioningdoc>';
+    }
+
 }
\ No newline at end of file
diff --git a/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Horde.php b/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Horde.php
index 199804a54..bf513a412 100644
--- a/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Horde.php
+++ b/framework/ActiveSync/lib/Horde/ActiveSync/Driver/Horde.php
@@ -138,6 +138,7 @@ class Horde_ActiveSync_Driver_Horde extends Horde_ActiveSync_Driver_Base
     /**
      * Return a list of available folders
      *
+     * @TODO: only return those folders we configure horde to serve
      * @return array  An array of folder stats
      */
     public function getFolderList()
diff --git a/framework/ActiveSync/lib/Horde/ActiveSync/Request/Provision.php b/framework/ActiveSync/lib/Horde/ActiveSync/Request/Provision.php
index 4657506bc..3ed3c28ea 100644
--- a/framework/ActiveSync/lib/Horde/ActiveSync/Request/Provision.php
+++ b/framework/ActiveSync/lib/Horde/ActiveSync/Request/Provision.php
@@ -41,6 +41,9 @@ class Horde_ActiveSync_Request_Provision extends Horde_ActiveSync_Request_Base
     const RWSTATUS_PENDING = 2;
     const RWSTATUS_WIPED = 3;
 
+    const POLICYTYPE_XML = 'MS-WAP-Provisioning-XML';
+    const POLICYTYPE_WBXML = 'MS-EAS-Provisioning-WBXML';
+
     /**
      * Handle the Provision request. This is a 3-phase process. Phase 1 is
      * actually the enforcement, when the server rejects a request and forces
@@ -90,7 +93,7 @@ class Horde_ActiveSync_Request_Provision extends Horde_ActiveSync_Request_Base
             }
 
             $policytype = $this->_decoder->getElementContent();
-            if ($policytype != 'MS-WAP-Provisioning-XML') {
+            if ($policytype != self::POLICYTYPE_XML) {
                 $policyStatus = self::STATUS_POLICYUNKNOWN;
             }
             if (!$this->_decoder->getElementEndTag()) {//policytype
@@ -100,6 +103,7 @@ class Horde_ActiveSync_Request_Provision extends Horde_ActiveSync_Request_Base
             /* POLICYKEY is only sent by client in phase 3 */
             if ($this->_decoder->getElementStartTag(SYNC_PROVISION_POLICYKEY)) {
                 $policykey = $this->_decoder->getElementContent();
+                $this->_logger->debug('PHASE 3 policykey sent from PIM: ' . $policykey);
                 if (!$this->_decoder->getElementEndTag() ||
                     !$this->_decoder->getElementStartTag(SYNC_PROVISION_STATUS)) {
 
@@ -181,9 +185,10 @@ class Horde_ActiveSync_Request_Provision extends Horde_ActiveSync_Request_Base
         /* Send security policies - configure this/move to it's own method...*/
         if ($phase2 && $status == self::STATUS_SUCCESS && $policyStatus == self::STATUS_SUCCESS) {
             $this->_encoder->startTag(SYNC_PROVISION_DATA);
-            if ($policytype == 'MS-WAP-Provisioning-XML') {
-                // Set 4131 to 0 to require a PIN, 4133
-                $this->_encoder->content('<wap-provisioningdoc><characteristic type="SecurityPolicy"><parm name="4131" value="1"/><parm name="4133" value="0"/></characteristic></wap-provisioningdoc>');
+            if ($policytype == self::POLICYTYPE_XML) {
+                $this->_encoder->content($this->_driver->getCurrentPolicy(self::POLICYTYPE_XML));
+            } else {
+                // TODO wbxml for 12.0
             }
             $this->_encoder->endTag();//data
         }