// Copyright (c) 2013-2015 IONU Security, Inc. All rights reserved. // Copyright (c) 2016 Sequence Logic, Inc. All rights reserved // // Shared constants #ifndef eyeconstants_h #define eyeconstants_h #ifdef WIN32 #define SL_ENDL_LEN 2 #define SL_MAX_PATH 260 // MAX_PATH=260 in winapi, extended paths may be longer "\\?\D:\very long path" #define SL_MAX_NAME SL_MAX_PATH #elif defined(__APPLE__) #include #define SL_MAX_PATH PATH_MAX #define SL_MAX_NAME NAME_MAX #define SL_ENDL_LEN 1 #elif defined(LIN64) #include #define SL_MAX_PATH PATH_MAX #define SL_MAX_NAME NAME_MAX #define SL_ENDL_LEN 1 #else #define SL_MAX_PATH 255 #define SL_MAX_NAME 255 #define SL_ENDL_LEN 1 #endif //generic dictionary keys used all over #define DICT_KEY_DELETED "deleted" #define SL_PATH_MAX_LEN 247 #define SL_PATH_INTERNAL_MAX (SL_PATH_MAX_LEN+2) #define SL_PATH_BUFFER_MAX (SL_PATH_INTERNAL_MAX+2) #define SL_MAX_XATTR_LENGTH 4096 // this is name\000value\n max for shadow xattr #define SL_EYE_TYPE "sequencelogic" #define SL_EYE_GZIP_HEADER "1f8b08" // File header for compressed files #define SL_EYE_STREAM_CHUNK 65536 // Process streams in 64k chunks #define SL_DIGEST_DEFAULT "sha1" #define SL_CIPHER_DEFAULT "aes256cbc" #define SL_PK_DEFAULT "rsa2048" #define SL_AES_KEY_BITS 256 // 32 bytes = 256 bits #define SL_AES_KEY_LEN 32 // 32 bytes = 256 bits #define SL_AES_BLOCK_LEN 16 // 16 bytes = 128 bits #define SL_RSA_KEY_BITS 2048 // 256 bytes = 2048 bits #define SL_RSA_KEY_LEN 256 // 128 bytes (1024 bit + public exponent) #define SL_RSA_PUBLIC_EXP 65537 // Default public exponent #define SL_MD5_LEN 16 // 16 bytes or 128 bits #define SL_SHA1_LEN 20 // 20 bytes or 160 bits #define SL_SHA224_LEN 28 // 28 bytes or 224 bits #define SL_SHA256_LEN 32 // 32 bytes or 256 bits #define SL_SHA512_LEN 64 // 64 bytes or 512 bits #define SL_TGI_SIG_LEN 12 // 12 bytes or 96 bits #define SL_ISIS_PIN_HASH "fc342bb3a2f691c9fb7916ca2ed2473db3388ab2" #define SL_URN_PREFIX "urn:sl:" #define SL_URN_DEFAULT "urn:sl:000000:00000000:0000:000000000000" #define SL_URN_MIN_LEN 12 // "urn:sl::::" #define SL_URN_MAX_LEN 55 // "urn:sl:000000:00000000:0000:000000000000{:00000000000}" #define SL_URN_VAN_LEN 6 #define SL_URN_PMO_LEN 8 #define SL_URN_DEV_LEN 4 #define SL_URN_DOC_LEN 12 #define SL_URN_MSG_LEN 16 #define SL_URN_USERGRP_LEN 8 #define SL_ISO8601_DATE_LEN 20 // 2012-08-25T14:30:56Z (GMT! trailing Z optional and assumed!) #define SL_PASSWORD_MAX_LEN 255 #define SL_SYNC_DEPTH_MAX 50 #define TEST_VAN_ID "000000" // Unit test van ID. Do not use this VAN except for localhost/integration QA #define TEST_PMO_ID "00000000" // This is for automated unit tests #define CG_PMO_ID "00000000" // CG thinks it's an office for keyring management purposes #define SG_PMO_ID "00000001" // Storage guard office user #define RESERVED_PMO_ID_REGEX "000000.." // Reserved PMO are six zeroes 00:FF #define TEST_DEVICE_ID "FFFF" // Do not use this device ID for testing in ANY VAN or ANY PMO #define BROWSER_DEVICE_ID "0000" // Special device UUID signifying a web browse #define CG_DEV_ID "0000" #define HEADLESS_DEVICE_ID "0001" // Special device UUID signifying headless device (e.g. Nikki) #define GROUP_DOC_DEVICE_ID "FFFD" // Special device UUID for group docs #define ANDROID_DEVICE_ID "FFFE" // Special device for android testing #define PMO_ALL_ID "FFFFFFFF" // When seen in a permission URN as the PMO value, this signifies that "all" can perform the operation #define CG_PUBLIC_KEY_ALIAS "cgPublic" #define VAN_PUBLIC_KEY_ALIAS "vanPublic" #define DEVICE_PUBLIC_KEY_ALIAS "devicePublic" #define OFFICE_PUBLIC_KEY_ALIAS "officePublic" #define DEVICE_PRIVATE_KEY_ALIAS "devicePrivate" #define OFFICE_PRIVATE_KEY_ALIAS "officePrivate" #define EG_KEYRING_CONFIG "keyringConfig" // A "message" name indicating keyring office JSON #define K2_ONLINE "online" #define NPMO_PARAM_VERSION "v" #define NPMO_PARAM_STUB "stub" #define NPMO_PARAM_OTHER_STUB "_stub" #define NPMO_PARAM_OFFICES "offices" #define NPMO_PARAM_PMO "pmo" //namespace PermissionConsts { #define PERMISSION_AUTHORITY "authority" /** Authority key */ #define PERMISSION_KEY_OWNER "owner" /** Owner key */ #define PERMISSION_KEY_SIGNATURE "signature" #define PERMISSION_READ "read" #define PERMISSION_WRITE "write" #define PERMISSION_SHOW_SHREDDED "hide" #define PERMISSION_ADMIN "admin" #define PERMISSION_DOORWAY "doorway" #define PERMISSION_STREAM "stream" #define PERMISSION_ALL "read|write|hide|admin|doorway|stream|readAssign|writeAssign|hideAssign|doorwayAssign|adminAssign|streamAssign" #define PERMISSION_VALUE_OWNER "owner" #define PERMISSION_VALUE_OTHER "other" #define PERMISSION_GROUP_PREFIX "g@" // g@docuuid #define PERMISSION_ROOT_KEY "perms" #define PERMISSION_TYPE_KEY "type" // unset/empty "file" "group" #define PERMISSION_NAME_KEY "name" // for groups #define PERMISSION_ASSIGNMENT_SUFFIX "Assign" #define PERMISSION_TYPE_VALUES "file|group" // unset/empty implies "file" #define PERMISSION_MEMBERS_KEY "mbrs" // The members key and data [pmo-uuid,...] is built by the updateMembers method //} #define PMO_USER_CONFIGURATION "uc" #define PMO_CONFIG_SDE_IOS "sde_ios" #define POLICY_NAME "policyName" #define POLICY_TYPE "type" #define POLICY_VALUE "value" #define MT_STORAGE "storage" #define MT_DEVICES "devices" #define MT_STORAGE_GUARD "storage-guard" #define MT_DIRECTORY_SELECTOR "directory-selector" #define MT_DEVICE_ROOT "device-root" // Inbox or Documents local to device #define MT_DOORWAY "doorway" #define MT_CLOUD_FOLDERS "cloud-folders" #define MT_MOUNT "mount" #define MT_ACTION "action" #define MT_AVAILABLE_PEERS "available-peers" #define MT_DIRECTORY "directory" #define MT_FILE "file" #define MT_PEER "peer" // typ. overridden by device #define MT_PEER_DIRECTORY "peer-directory" #define MT_PEER_FILE "peer-file" #define MT_DEVICE_DIRECTORY "device-directory" #define MT_DEVICE_FILE "device-file" #define MT_LOCAL_FILE "local-file" #define MT_CREATE_GROUP "create-group" #define MT_GROUP "group" #define MT_MESSAGE "message" #define SNT_ACTION_MIME_TYPE "application/json" #define IM_CHAT_HTML_MIME_TYPE1 "text/html" #define IM_CHAT_HTML_MIME_TYPE2 "application/html" #define IM_CHAT_PDF_MIME_TYPE "application/pdf" #define STORAGE_NODE_NAME "name" #define STORAGE_NODE_ID "_id" #define STORAGE_NODE_MIME_TYPE "mimetype" #define STORAGE_NODE_LENGTH "length" #define STORAGE_NODE_LAST_ACCESS "lastAccessTime" #define STORAGE_NODE_LAST_MODIFIED "lastModifiedTime" #define STORAGE_NODE_CREATE_TIME "creationTime" #define STORAGE_NODE_HOST "host" #define STORAGE_NODE_LOC "loc" #define STORAGE_NODE_MOUNT "mount" #define STORAGE_NODE_SOURCE "source" #define STORAGE_NODE_PATH "path" #define STORAGE_NODE_FOLDER "folder" #define STORAGE_NODE_PARENTS "parents" #define STORAGE_NODE_STATUS "status" #define STORAGE_NODE_TYPE "type" #define STORAGE_NODE_META_TYPE "metaType" #define STORAGE_NODE_CHILDREN "contents" #define STORAGE_NODE_META_DATA "metaData" #define STORAGE_NODE_REMOTE_KIND "remoteKind" #define STORAGE_NODE_REMOTE_STATUS "remoteStatus" #define STORAGE_NODE_UTIME "utime" #define STORAGE_NODE_SIZE "size" #define STORAGE_NODE_ABS_PATH "abspath" #define STORAGE_NODE_DESC "description" #define STORAGE_NODE_HASH "hash" #define STORAGE_NODE_URN "urn" #define STORAGE_NODE_SYNC "sync" #define STORAGE_NODE_VIEW "view" #define STORAGE_NODE_PORT "port" #define STORAGE_NODE_MTIME "mtime" #define STORAGE_NODE_ISDIR "isDirectory" #define STORAGE_NODE_FILENAME "_filename" #define STORAGE_NODE_SIGNATURE "signature" #define STORAGE_NODE_CHECKSUM "md5chk" #define STORAGE_NODE_DOCURN "docURN" #define STORAGE_NODE_PERMISSIONS "permissions" #define MIME_TYPE_APP_UNKNOWN "application/unknown" #define URL_ARGUMENT_SHARE "share" #define URL_VALUE_BOOL_TRUE "true" #define URL_VALUE_BOOL_FALSE "false" #define URL_ARGUMENT_MKDIR "mkdir" #define URL_ARGUMENT_DELETE "delete" #define URL_ARGUMENT_RENAME "rename" /** * Policy names. Note that these are auto-extracted from this file to src/com/ionu/PolicyNames.java. */ // @todo many more // FORMATTING IS IMPORTANT: // #define PN_name "name" // type defaultValue ["listval1",...] @@en_US_prompt // allowed types are: boolean/int/long/string/duration/date // duration is simply a long whose value is interpreted as millisecs // date is stored as ISO8601 string // The ["listval1",...] is optional // //namespace PolicyNames { #define PN_USER_REGEX "userRegex" // regex "[a-zA-Z0-9][a-zA-Z0-9_@.+-]{1,32}" @@"Username must be 2 to 20 characters and begin with a letter or digit then consist only of letters, digits and the characters '_@.+-'" #define PN_ALLOW_USER_PASSWORD_CHANGE "allowUserPasswordChange" // boolean true @@"{logic-only}" #define PN_PASSWORD_MIN_LENGTH "passwordMinLength" // int 8 @@"Password minimum length is 8 characters" #define PN_PASSWORD_DIGIT_REQUIRED "passwordDigitRequired" // boolean false @@"Your password must include a digit" #define PN_PASSWORD_ALPHA_REQUIRED "passwordAlphaRequired" // boolean true @@"Your password must include a letter" #define PN_CHALLENGE_RESPONSE_MIN_LENGTH "challengeResponseMinLength" // int 3 @@"Your security response must be at least 3 characters" #define PN_PASSWORD_STRENGTH_MIN "passwordStrengthMin" // double 0.5 @@"Your password is not strong/complex enough" #define PN_PASSPHRASE_MIN_LENGTH "passphraseMinLength" // int 10 @@"Your passphrase must be at least 10 characters" #define PN_PASSPHRASE_STRENGTH_MIN "passphraseStrengthMin" // double 0.75 @@"Your passphrase is not strong enough" #define PN_PASSPHRASE_CHALLENGE_OPTIONAL "passphraseChallengeOptional" // boolean true @@"{logic-only}" #define PN_PASSPHRASE_CHALLENGE_REQUIRED "passphraseChallengeRequired" // boolean false @@"You must select a passphrase" #define PN_PASSWORD_RESET_ALLOWED "passwordResetAllowed" // boolean true @@"{logic-only}" #define PN_PASSWORD_RECOVERY_ENABLED "passwordRecoveryEnabled" // boolean true @@"{logic-only}" #define PN_MIN_NUMBER_CHALLENGES_INC_PASSWORD "minNumberChallengesIncludingPassword" // int 4 @@"{logic-only}" #define PN_CUSTOM_CHALLENGE_REQUIRED "customChallengeRequired" // boolean false @@"A custom security question is required to be selected" #define PN_CUSTOM_CHALLENGE_MIN_LENGTH "customChallengeMinLength" // int 6 @@"Custom security questions must be at least 6 characters" #define PN_PASSWORD_FAIL_LOCKOUT "passwordFailLockout" // int 5 @@"{logic-only}" #define PN_PASSWORD_LOCKOUT_ACTION "passwordLockoutAction" // list "delay" ["delay","disable-account"] @@"{logic-only}" #define PN_PASSWORD_LOCKOUT_DELAY "passwordLockoutDelay" // duration 15000 @@"{logic-only 15secs}" #define PN_MAX_VAN_USERS "maxUsers" // long 50000 @@"A maximum of 50,000 users is currently supported" #define PN_REQUIRE_OFFICE_ACTIVATION "requireOfficeActivation" // boolean true @@"{logic-only}" #define PN_ALLLOW_ACTIVATION_BYPASS "allowActivationBypass" // regex "qa[^@]+@sl-int[.]com" @@"{logic-only}" #define PN_REQUIRE_CAPTCHA_ON_CREATE_OFFICE "requireCreateOfficeCaptcha" // boolean false @@"{logic-only}" #define PN_REQUIRE_CAPTCHA_ON_WEB_LOGIN "requireWebLoginCaptcha" // boolean false @@"{logic-only}" #define PN_DELAY_LOGIN_FAILURE "delayLoginFailure" // duration 1500 @@"{logic-only 1.5secs}" #define PN_MAX_DEVICES "maxDevices" // int 100 @@"A maximum of 100 devices is supported per user" #define PN_AUTO_LOGOUT_INACTIVITY_MAX "autoLogoutMax" // duration 604800000 @@"The maximum inactivity time before auto logout is one week" #define PN_COMPATIBILITY_REQUIRMENT "compatibilityRequirement" // regex "default" @@"This application is not compatible with the server VAN" #define PN_SERVER_USER_TRACKING "serverUserTracking" // list "on" ["user-selectable","off","on"] @@"Allow user to have web service events tracked" #define PN_SERVER_USER_TRACKING_TTL "serverUserTrackingTTL" // duration 2592000000 @@"Server tracking events expire after 30 days" #define PN_WEB_TOKEN_EXPIRY "webTokenExpiry" // duration 14400000 @@"{logic-only 4 hours}" #define PN_TEAMS_SUPPORTED "secureManagedNetworkSupportEnabled" // boolean true @@"{logic-only should admin UX support network features}" #define PN_TEAMS_ALLOW_USER_VIEW_MEMBERS "smnViewMembersEnabled" // boolean true @@"{logic-only can users see members in web admin}" #define PN_EMAIL_REGEX "emailRegex" // regex "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$" @@"A valid email must contain an @ and a domain" #define PN_PHONE_REGEX "phoneRegex" // regex "^[01]?[-\\s.]?\\(?[2-9]\\d{2}\\)?[-\\s.]?\\d{3}[-\\s.]?\\d{4}$" @@"A valid phone number is of the form (303)555-1212" #define PN_ALLOW_USER_PRECREATION "userPrecreationEnabled" // boolean true @@"{logic-only should admin UX support account precreation}" #define PN_NO_LOGIN_INACTIVATE_DURATION "noLoginInactivateDuration" // duration 2709400000 @@"Device not logged in inactivation duration" #define PN_NO_LOGIN_REMOVE_DURATION "noLoginRemoveDuration" // duration 15732000000 @@"Device not logged in removal duration" #define PN_BROWSER_PROVISIONING "browserProvisioning" // list "allow" ["prohibit","insecure","allow","activation"] @@"Allow browsers to be provisioned as data devices" #define PN_DATA_ENCRYPTION "dataEncryption" // list "files_data" ["files_data","files","data","none"] @@"Encrypt files and data; files only; data only; nothing" #define PN_DEMO_ENABLED "demoEnabled" // boolean false @@"Enable demo features" #define PN_WORFLOW_EMAIL "workflowEmailAddresses" // string "" @@"Comma or bar separated list of email addresses to send on important workflow events" #define PN_MAX_BROWSER_FILE_SIZE "maxBrowserFileSize" // long 10485760 @@"A maximum file size of 10MB is supported within the browser" //} // end generation of policy constants #endif // previously... #define PN_PASSWORD_LOCKOUT_ACTION "passwordLockoutAction" // list "delay" ["delay","disable-account","re-enter-challenges"] @@"{logic-only}" /* Obsoleted 10/20/16 #define PN_VERSION_ANDROID_CURRENT "versionANDROIDCurrent" // int 29 @@"{logic-only}" #define PN_VERSION_IOS_CURRENT "versionIOSCurrent" // int 0 @@"{logic-only}" #define PN_VERSION_OSX_CURRENT "versionOSXCurrent" // int 0 @@"{logic-only}" #define PN_VERSION_WINDOWS_CURRENT "versionWINDOWSCurrent" // int 0 @@"{logic-only}" #define PN_VERSION_ANDROID_MIN "versionANDROIDMin" // int 1 @@"This application version does not meet the minimum allowed by the server" #define PN_VERSION_IOS_MIN "versionIOSMin" // int 1 @@"This application version does not meet the minimum allowed by the server" #define PN_VERSION_OSX_MIN "versionOSXMin" // int 1 @@"This application version does not meet the minimum allowed by the server" #define PN_VERSION_WINDOWS_MIN "versionWINDOWSMin" // int 1 @@"This application version does not meet the minimum allowed by the server" #define PN_MAX_CHAT_MESSAGE_LENGTH "maxChatMessageLength" // int 1024 @@"Maximum length of a chat message is 1024 characters" #define PN_VANISH_ON_READ_TIME_TO_DISPLAY "vanishOnReadTimeToDisplay" // duration 30000 @@"You have 30 seconds to read this message" #define PN_SMS_APP_DOWNLOAD_LINK "smsAppDownloadLink" // string "http://www.sequencelogic.net/download" @@"Please click on this link to visit the downloads page" #define PN_VAN_SOLO_RESIDENCY "vanSoloResidency" // boolean false @@"The selected VAN may not be used in conjunction with any other VANs on this device" #define PN_MAX_ATTACHMENT_SIZE "maxAttachmentSize" // int 5242880 @@"The maximum size of an attachment is 5MB" #define PN_LINK_WINDOWS_APP "linkWindowsApp" // string "https://prod1.sl.com/release/win32/IOnUSetupBeta.exe" @@"{logic-only IONU Windows installer deep link}" #define PN_PAYMENT_ENABLED "paymentEnabled" // boolean true @@"{logic-only should admin UX support payment features}" #define PN_CLOUD_PROVIDERS_SUPPORTED "cloudProvidersSupported" // regex "^(?:dropbox|box|google)$" @@"Supported Cloud Providers" #define PN_ALLOW_CREDENTIALS_IN_KEYCHAIN "allowCredentialsInKeychain" // boolean true @@"{logic-only Apps may persist cloud or other credentials in OS keychain}" #define PN_ALLOW_TOUCH_ID "allowTouchID" // boolean true @@"{logic-only Touch ID allowed to unlock iOS app}" #define PN_MAX_FILE_SIZE "maxFileSize" // long 2147483648 @@"A maximum file size of 2GB is supported" #define PN_ALLOW_SEARCHABLE_GROUPS "allowSearchableGroups" // boolean true @@"Allow searchable setting for groups to be modified" #define PN_ALLOW_NESTED_GROUPS "allowNestedGroups" // boolean true @@"Allow groups to contain groups" #define PN_TRACK_BANDWIDTH "trackBandwidth" // boolean false @@"Track (and thus enforce) bandwidth consumption per product configurations" */