Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / utils / sigma-dut / 50be56039f7462a0014cb023b55de42b42a0ca76 / . / server.c
blob: be8d4e113db3ad00f73d677c56e4ff0c03681264 [file] [log] [blame]
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1/*
2 * Sigma Control API DUT (server)
3 * Copyright (c) 2014, Qualcomm Atheros, Inc.
Jouni Malinen2feb9132021-11-16 00:53:06 +0200[diff] [blame]4 * Copyright (c) 2018-2021, The Linux Foundation
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]5 * All Rights Reserved.
6 * Licensed under the Clear BSD license. See README for more details.
7 */
8
9#include "sigma_dut.h"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]10#include <sqlite3.h>
11
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]12#ifndef ROOT_DIR
13#define ROOT_DIR "/home/user/hs20-server"
14#endif /* ROOT_DIR */
15
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]16#ifndef SERVER_DB
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]17#define SERVER_DB ROOT_DIR "/AS/DB/eap_user.db"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]18#endif /* SERVER_DB */
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]19
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]20#ifndef CERT_DIR
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]21#define CERT_DIR ROOT_DIR "/certs"
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]22#endif /* CERT_DIR */
23
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]24
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]25static enum sigma_cmd_result cmd_server_ca_get_version(struct sigma_dut *dut,
26 struct sigma_conn *conn,
27 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]28{
Jouni Malinendf866472019-01-23 12:21:47 +0200[diff] [blame]29 send_resp(dut, conn, SIGMA_COMPLETE, "version," SIGMA_DUT_VER);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]30 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]31}
32
33
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]34static enum sigma_cmd_result cmd_server_get_info(struct sigma_dut *dut,
35 struct sigma_conn *conn,
36 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]37{
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]38 char ver[128], resp[256];
39
40 get_ver(ROOT_DIR "/spp/hs20_spp_server -v", ver, sizeof(ver));
41
42 snprintf(resp, sizeof(resp), "vendor,OSU,model,OS,version,%s", ver);
43 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]44 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]45}
46
47
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]48static int server_reset_user(struct sigma_dut *dut, const char *user)
49{
50 sqlite3 *db;
51 int res = -1;
52 char *sql = NULL;
53 const char *realm = "wi-fi.org";
54 const char *methods = "TTLS-MSCHAPV2";
55 const char *password = "ChangeMe";
56 int phase2 = 1;
57 int machine_managed = 1;
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]58 const char *remediation = "";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]59 int fetch_pps = 0;
60 const char *osu_user = NULL;
61 const char *osu_password = NULL;
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]62 const char *policy = NULL;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]63
64 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user);
65
66 if (sqlite3_open(SERVER_DB, &db)) {
67 sigma_dut_print(dut, DUT_MSG_ERROR,
68 "Failed to open SQLite database %s",
69 SERVER_DB);
70 return -1;
71 }
72
73 if (strcmp(user, "test01") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]74 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]75 } else if (strcmp(user, "test02") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]76 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]77 machine_managed = 0;
78 } else if (strcmp(user, "test03") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]79 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]80 policy = "ruckus130";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]81 } else if (strcmp(user, "test04") == 0) {
82 } else if (strcmp(user, "test05") == 0) {
83 } else if (strcmp(user, "test06") == 0) {
84 realm = "example.com";
85 } else if (strcmp(user, "test07") == 0) {
86 } else if (strcmp(user, "test08") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]87 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]88 osu_user = "testdmacc08";
89 osu_password = "P@ssw0rd";
90 } else if (strcmp(user, "test09") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]91 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]92 policy = "ruckus130";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]93 osu_user = "testdmacc09";
94 osu_password = "P@ssw0rd";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]95 } else if (strcmp(user, "test10") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]96 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]97 methods = "TLS";
98 } else if (strcmp(user, "test11") == 0) {
99 } else if (strcmp(user, "test12") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]100 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]101 methods = "TLS";
102 } else if (strcmp(user, "test20") == 0) {
103 } else if (strcmp(user, "test26") == 0) {
104 /* TODO: Cred01 with username/password? */
105 user = "1310026000000001";
106 methods = "SIM";
107 } else if (strcmp(user, "test30") == 0) {
108 osu_user = "testdmacc30";
109 osu_password = "P@ssw0rd";
110 } else if (strcmp(user, "test31") == 0) {
111 osu_user = "testdmacc31";
112 osu_password = "P@ssw0rd";
113 } else if (strcmp(user, "test32") == 0) {
114 osu_user = "testdmacc32";
115 osu_password = "P@ssw0rd";
116 } else if (strcmp(user, "test33") == 0) {
117 osu_user = "testdmacc33";
118 osu_password = "P@ssw0rd";
119 } else if (strcmp(user, "test34") == 0) {
120 osu_user = "testdmacc34";
121 osu_password = "P@ssw0rd";
122 } else if (strcmp(user, "test35") == 0) {
123 osu_user = "testdmacc35";
124 osu_password = "P@ssw0rd";
125 } else if (strcmp(user, "test36") == 0) {
126 } else if (strcmp(user, "test37") == 0) {
127 osu_user = "testdmacc37";
128 osu_password = "P@ssw0rd";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]129 } else if (strcmp(user, "testdmacc08") == 0 ||
130 strcmp(user, "testdmacc09") == 0) {
131 /* No need to set anything separate for testdmacc* users */
132 sqlite3_close(db);
133 return 0;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]134 } else {
135 sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'",
136 user);
137 goto fail;
138 }
139
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]140 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q)",
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]141 user, realm, methods, password,
142 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]143 osu_user, osu_password, policy);
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]144
145 if (!sql)
146 goto fail;
147
148 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
149
150 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
151 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
152 sqlite3_errmsg(db));
153 } else {
154 res = 0;
155 }
156
157 sqlite3_free(sql);
158
159fail:
160 sqlite3_close(db);
161
162 return res;
163}
164
165
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]166static int server_reset_serial(struct sigma_dut *dut, const char *serial)
167{
168 sqlite3 *db;
169 int res = -1;
170 char *sql = NULL;
171 const char *realm = "wi-fi.org";
172 const char *methods = "TLS";
173 int phase2 = 0;
174 int machine_managed = 1;
175 const char *remediation = "";
176 int fetch_pps = 0;
177 const char *osu_user = NULL;
178 const char *osu_password = NULL;
179 const char *policy = NULL;
180 char user[128];
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]181 const char *cert = "";
182 const char *subrem = "";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]183
184 snprintf(user, sizeof(user), "cert-%s", serial);
185 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s (serial number: %s)",
186 user, serial);
187
188 if (sqlite3_open(SERVER_DB, &db)) {
189 sigma_dut_print(dut, DUT_MSG_ERROR,
190 "Failed to open SQLite database %s",
191 SERVER_DB);
192 return -1;
193 }
194
195 if (strcmp(serial, "1046") == 0) {
196 remediation = "machine";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]197 cert = "3786eb9ef44778fe8048f9fa6f8c3e611f2dbdd15f239fa93edcc417debefa5a";
198 subrem = "homeoi";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]199 } else if (strcmp(serial, "1047") == 0) {
200 remediation = "user";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]201 cert = "55cd0af162f2fb6de5b9481e37a0b0887f42e477ab09586b0c10f24b269b893f";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]202 } else {
203 sigma_dut_print(dut, DUT_MSG_INFO,
204 "Unsupported serial number '%s'", serial);
205 goto fail;
206 }
207
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]208 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy,cert,subrem) VALUES (%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q,%Q,%Q)",
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]209 user, realm, methods,
210 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]211 osu_user, osu_password, policy, cert, subrem);
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]212
213 if (!sql)
214 goto fail;
215
216 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
217
218 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
219 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
220 sqlite3_errmsg(db));
221 } else {
222 res = 0;
223 }
224
225 sqlite3_free(sql);
226
227fail:
228 sqlite3_close(db);
229
230 return res;
231}
232
233
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]234static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr)
235{
236 sqlite3 *db;
237 char *sql;
238
239 sigma_dut_print(dut, DUT_MSG_DEBUG,
240 "Reset certificate enrollment status for %s", addr);
241
242 if (sqlite3_open(SERVER_DB, &db)) {
243 sigma_dut_print(dut, DUT_MSG_ERROR,
244 "Failed to open SQLite database %s",
245 SERVER_DB);
246 return -1;
247 }
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]248
249 if (strcasecmp(addr, "any") == 0)
250 sql = sqlite3_mprintf("DELETE FROM cert_enroll");
251 else
252 sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q",
253 addr);
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]254 if (!sql) {
255 sqlite3_close(db);
256 return -1;
257 }
258 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
259
260 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
261 sigma_dut_print(dut, DUT_MSG_ERROR,
262 "SQL operation failed: %s",
263 sqlite3_errmsg(db));
264 sqlite3_free(sql);
265 sqlite3_close(db);
266 return -1;
267 }
268
269 sqlite3_free(sql);
270 sqlite3_close(db);
271
272 return 0;
273}
274
275
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]276static int server_reset_imsi(struct sigma_dut *dut, const char *imsi)
277{
278 sqlite3 *db;
279 char *sql;
280
281 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset policy provisioning for %s",
282 imsi);
283
284 if (sqlite3_open(SERVER_DB, &db)) {
285 sigma_dut_print(dut, DUT_MSG_ERROR,
286 "Failed to open SQLite database %s",
287 SERVER_DB);
288 return -1;
289 }
290 sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q", imsi);
291 if (!sql) {
292 sqlite3_close(db);
293 return -1;
294 }
295 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
296
297 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
298 sigma_dut_print(dut, DUT_MSG_ERROR,
299 "SQL operation failed: %s",
300 sqlite3_errmsg(db));
301 sqlite3_free(sql);
302 sqlite3_close(db);
303 return -1;
304 }
305
306 sqlite3_free(sql);
307 sqlite3_close(db);
308
309 return 0;
310}
311
312
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]313static enum sigma_cmd_result cmd_server_reset_default(struct sigma_dut *dut,
314 struct sigma_conn *conn,
315 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]316{
317 const char *var;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]318 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]319
320 var = get_param(cmd, "Program");
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]321 if (!var) {
322 send_resp(dut, conn, SIGMA_ERROR,
323 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]324 return STATUS_SENT;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]325 }
326
327 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]328 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
329 prog != PROGRAM_HS2_R4) {
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]330 send_resp(dut, conn, SIGMA_ERROR,
331 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]332 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]333 }
334
335 var = get_param(cmd, "UserName");
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]336 if (var && server_reset_user(dut, var) < 0) {
337 send_resp(dut, conn, SIGMA_ERROR,
338 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]339 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]340 }
341
342 var = get_param(cmd, "SerialNo");
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]343 if (var && server_reset_serial(dut, var)) {
344 send_resp(dut, conn, SIGMA_ERROR,
345 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]346 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]347 }
348
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]349 var = get_param(cmd, "ClientMACAddr");
350 if (var && server_reset_cert_enroll(dut, var) < 0) {
351 send_resp(dut, conn, SIGMA_ERROR,
352 "errorCode,Failed to reset cert enroll to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]353 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]354 }
355
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]356 var = get_param(cmd, "imsi_val");
357 if (var && server_reset_imsi(dut, var) < 0) {
358 send_resp(dut, conn, SIGMA_ERROR,
359 "errorCode,Failed to reset IMSI/SIM user");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]360 return STATUS_SENT;
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]361 }
362
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]363 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]364}
365
366
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]367static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[])
368{
369 char **last_msk = ctx;
370
371 if (argc < 1 || !argv[0])
372 return 0;
373
374 free(*last_msk);
375 *last_msk = strdup(argv[0]);
376
377 return 0;
378}
379
380
381static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db,
382 const char *username)
383{
384 char *sql, *last_msk = NULL;
385
386 sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q",
387 username);
388 if (!sql)
389 return NULL;
390
391 if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) !=
392 SQLITE_OK) {
393 sigma_dut_print(dut, DUT_MSG_ERROR,
394 "SQL operation to fetch last_msk failed: %s",
395 sqlite3_errmsg(db));
396 sqlite3_free(sql);
397 return NULL;
398 }
399
400 sqlite3_free(sql);
401
402 return last_msk;
403}
404
405
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]406static enum sigma_cmd_result
407aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn,
408 struct sigma_cmd *cmd, const char *username, int timeout)
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]409{
410 sqlite3 *db;
411 char *sql = NULL;
412 int i;
413 char resp[500];
414
415 if (sqlite3_open(SERVER_DB, &db)) {
416 sigma_dut_print(dut, DUT_MSG_ERROR,
417 "Failed to open SQLite database %s",
418 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]419 return INVALID_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]420 }
421
422 sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q",
423 username);
424 if (!sql) {
425 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]426 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]427 }
428
429 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
430 sigma_dut_print(dut, DUT_MSG_ERROR,
431 "SQL operation to clear last_msk failed: %s",
432 sqlite3_errmsg(db));
433 sqlite3_free(sql);
434 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]435 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]436 }
437
438 sqlite3_free(sql);
439
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]440 if (sqlite3_changes(db) < 1) {
441 sigma_dut_print(dut, DUT_MSG_ERROR,
442 "No DB rows modified (specified user not found)");
443 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]444 return ERROR_SEND_STATUS;
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]445 }
446
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]447 snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL");
448
449 for (i = 0; i < timeout; i++) {
450 char *last_msk;
451
452 last_msk = get_last_msk(dut, db, username);
453 if (last_msk) {
454 if (strcmp(last_msk, "FAIL") == 0) {
455 snprintf(resp, sizeof(resp),
456 "AuthStatus,FAIL,MSK,NULL");
457 } else {
458 snprintf(resp, sizeof(resp),
459 "AuthStatus,SUCCESS,MSK,%s", last_msk);
460 }
461 free(last_msk);
462 break;
463 }
464 sleep(1);
465 }
466
467 sqlite3_close(db);
468
469 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]470 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]471}
472
473
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]474static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[])
475{
476 char **last_serial = ctx;
477
478 if (argc < 1 || !argv[0])
479 return 0;
480
481 free(*last_serial);
482 *last_serial = strdup(argv[0]);
483
484 return 0;
485}
486
487
488static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db,
489 const char *addr)
490{
491 char *sql, *last_serial = NULL;
492
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]493 if (!addr || strcasecmp(addr, "any") == 0)
494 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll");
495 else
496 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q",
497 addr);
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]498 if (!sql)
499 return NULL;
500 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
501
502 if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) !=
503 SQLITE_OK) {
504 sigma_dut_print(dut, DUT_MSG_ERROR,
505 "SQL operation to fetch last_serial failed: %s",
506 sqlite3_errmsg(db));
507 sqlite3_free(sql);
508 return NULL;
509 }
510
511 sqlite3_free(sql);
512
513 return last_serial;
514}
515
516
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]517static enum sigma_cmd_result
518osu_cert_enroll_status(struct sigma_dut *dut, struct sigma_conn *conn,
519 struct sigma_cmd *cmd, const char *addr, int timeout)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]520{
521 sqlite3 *db;
522 int i;
523 char resp[500];
524
525 if (sqlite3_open(SERVER_DB, &db)) {
526 sigma_dut_print(dut, DUT_MSG_ERROR,
527 "Failed to open SQLite database %s",
528 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]529 return INVALID_SEND_STATUS;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]530 }
531
532 snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT");
533
534 for (i = 0; i < timeout; i++) {
535 char *last_serial;
536
537 last_serial = get_last_serial(dut, db, addr);
538 if (last_serial) {
539 if (strcmp(last_serial, "FAIL") == 0) {
540 snprintf(resp, sizeof(resp),
541 "OSUStatus,FAIL");
542 } else if (strlen(last_serial) > 0) {
543 snprintf(resp, sizeof(resp),
544 "OSUStatus,SUCCESS,SerialNo,%s",
545 last_serial);
546 }
547 free(last_serial);
548 break;
549 }
550 sleep(1);
551 }
552
553 sqlite3_close(db);
554
555 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]556 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]557}
558
559
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]560static int get_user_field_cb(void *ctx, int argc, char *argv[], char *col[])
561{
562 char **val = ctx;
563
564 if (argc < 1 || !argv[0])
565 return 0;
566
567 free(*val);
568 *val = strdup(argv[0]);
569
570 return 0;
571}
572
573
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]574static char * get_user_field_helper(struct sigma_dut *dut, sqlite3 *db,
575 const char *id_field,
576 const char *identity, const char *field)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]577{
578 char *sql, *val = NULL;
579
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]580 sql = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q",
581 field, id_field, identity);
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]582 if (!sql)
583 return NULL;
584 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
585
586 if (sqlite3_exec(db, sql, get_user_field_cb, &val, NULL) != SQLITE_OK) {
587 sigma_dut_print(dut, DUT_MSG_ERROR,
588 "SQL operation to fetch user field failed: %s",
589 sqlite3_errmsg(db));
590 sqlite3_free(sql);
591 return NULL;
592 }
593
594 sqlite3_free(sql);
595
596 return val;
597}
598
599
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]600static char * get_user_field(struct sigma_dut *dut, sqlite3 *db,
601 const char *identity, const char *field)
602{
603 return get_user_field_helper(dut, db, "identity", identity, field);
604}
605
606
607static char * get_user_dmacc_field(struct sigma_dut *dut, sqlite3 *db,
608 const char *identity, const char *field)
609{
610 return get_user_field_helper(dut, db, "osu_user", identity, field);
611}
612
613
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]614static int get_eventlog_new_serialno_cb(void *ctx, int argc, char *argv[],
615 char *col[])
616{
617 char **serialno = ctx;
618 char *val;
619
620 if (argc < 1 || !argv[0])
621 return 0;
622
623 val = argv[0];
624 if (strncmp(val, "renamed user to: cert-", 22) != 0)
625 return 0;
626 val += 22;
627 free(*serialno);
628 *serialno = strdup(val);
629
630 return 0;
631}
632
633
634static char * get_eventlog_new_serialno(struct sigma_dut *dut, sqlite3 *db,
635 const char *username)
636{
637 char *sql, *serial = NULL;
638
639 sql = sqlite3_mprintf("SELECT notes FROM eventlog WHERE user=%Q AND notes LIKE %Q",
640 username, "renamed user to:%");
641 if (!sql)
642 return NULL;
643
644 if (sqlite3_exec(db, sql, get_eventlog_new_serialno_cb, &serial,
645 NULL) != SQLITE_OK) {
646 sigma_dut_print(dut, DUT_MSG_ERROR,
647 "SQL operation to fetch new serialno failed: %s",
648 sqlite3_errmsg(db));
649 sqlite3_free(sql);
650 return NULL;
651 }
652
653 sqlite3_free(sql);
654
655 return serial;
656}
657
658
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]659static enum sigma_cmd_result
660osu_remediation_status(struct sigma_dut *dut, struct sigma_conn *conn,
661 int timeout, const char *username, const char *serialno)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]662{
663 sqlite3 *db;
664 int i;
665 char resp[500];
666 char name[100];
667 char *remediation = NULL;
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]668 int dmacc = 0;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]669
670 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]671 return INVALID_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]672 if (!username) {
673 snprintf(name, sizeof(name), "cert-%s", serialno);
674 username = name;
675 }
676
677 if (sqlite3_open(SERVER_DB, &db)) {
678 sigma_dut_print(dut, DUT_MSG_ERROR,
679 "Failed to open SQLite database %s",
680 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]681 return ERROR_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]682 }
683
684 remediation = get_user_field(dut, db, username, "remediation");
685 if (!remediation) {
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]686 remediation = get_user_dmacc_field(dut, db, username,
687 "remediation");
688 dmacc = 1;
689 }
690 if (!remediation) {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]691 snprintf(resp, sizeof(resp),
692 "RemediationStatus,User entry not found");
693 goto done;
694 }
695 if (remediation[0] == '\0') {
696 snprintf(resp, sizeof(resp),
697 "RemediationStatus,User was not configured to need remediation");
698 goto done;
699 }
700
701 snprintf(resp, sizeof(resp), "RemediationStatus,TIMEOUT");
702
703 for (i = 0; i < timeout; i++) {
704 sleep(1);
705 free(remediation);
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]706 if (dmacc)
707 remediation = get_user_dmacc_field(dut, db, username,
708 "remediation");
709 else
710 remediation = get_user_field(dut, db, username,
711 "remediation");
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]712 if (!remediation && serialno) {
713 char *new_serial;
714
715 /* Certificate reenrollment through subscription
716 * remediation - fetch the new serial number */
717 new_serial = get_eventlog_new_serialno(dut, db,
718 username);
719 if (!new_serial) {
720 /* New SerialNo not known?! */
721 snprintf(resp, sizeof(resp),
722 "RemediationStatus,Remediation Complete,SerialNo,Unknown");
723 break;
724 }
725 snprintf(resp, sizeof(resp),
726 "RemediationStatus,Remediation Complete,SerialNo,%s",
727 new_serial);
728 free(new_serial);
729 break;
730 } else if (remediation && remediation[0] == '\0') {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]731 snprintf(resp, sizeof(resp),
732 "RemediationStatus,Remediation Complete");
733 break;
734 }
735 }
736
737done:
738 free(remediation);
739 sqlite3_close(db);
740
741 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]742 return STATUS_SENT;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]743}
744
745
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]746static enum sigma_cmd_result
747osu_polupd_status(struct sigma_dut *dut, struct sigma_conn *conn, int timeout,
748 const char *username, const char *serialno)
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]749{
750 sqlite3 *db;
751 char *sql;
752 int i;
753 char resp[500];
754 char name[100];
755 char *policy = NULL;
756 int dmacc = 0;
757
758 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]759 return INVALID_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]760 if (!username) {
761 snprintf(name, sizeof(name), "cert-%s", serialno);
762 username = name;
763 }
764
765 if (sqlite3_open(SERVER_DB, &db)) {
766 sigma_dut_print(dut, DUT_MSG_ERROR,
767 "Failed to open SQLite database %s",
768 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]769 return ERROR_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]770 }
771
772 policy = get_user_field(dut, db, username, "policy");
773 if (!policy) {
774 policy = get_user_dmacc_field(dut, db, username, "policy");
775 dmacc = 1;
776 }
777 if (!policy) {
778 snprintf(resp, sizeof(resp),
779 "PolicyUpdateStatus,User entry not found");
780 goto done;
781 }
782 if (policy[0] == '\0') {
783 snprintf(resp, sizeof(resp),
784 "PolicyUpdateStatus,User was not configured to need policy update");
785 goto done;
786 }
787
788 sql = sqlite3_mprintf("UPDATE users SET polupd_done=0 WHERE %s=%Q",
789 (dmacc ? "osu_user" : "identity"),
790 username);
791 if (!sql) {
792 snprintf(resp, sizeof(resp),
793 "PolicyUpdateStatus,Internal error");
794 goto done;
795 }
796 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
797 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
798 sigma_dut_print(dut, DUT_MSG_ERROR,
799 "SQL operation to fetch user field failed: %s",
800 sqlite3_errmsg(db));
801 sqlite3_free(sql);
802 goto done;
803 }
804 sqlite3_free(sql);
805
806 snprintf(resp, sizeof(resp), "PolicyUpdateStatus,TIMEOUT");
807
808 for (i = 0; i < timeout; i++) {
809 sleep(1);
810 free(policy);
811 if (dmacc)
812 policy = get_user_dmacc_field(dut, db, username,
813 "polupd_done");
814 else
815 policy = get_user_field(dut, db, username,
816 "polupd_done");
817 if (policy && atoi(policy)) {
818 snprintf(resp, sizeof(resp),
819 "PolicyUpdateStatus,UpdateComplete");
820 break;
821 }
822 }
823
824done:
825 free(policy);
826 sqlite3_close(db);
827
828 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]829 return STATUS_SENT;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]830}
831
832
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]833static enum sigma_cmd_result
834osu_sim_policy_provisioning_status(struct sigma_dut *dut,
835 struct sigma_conn *conn,
836 const char *imsi, int timeout)
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]837{
838 sqlite3 *db;
839 int i;
840 char resp[500];
841 char *id = NULL;
842
843 if (sqlite3_open(SERVER_DB, &db)) {
844 sigma_dut_print(dut, DUT_MSG_ERROR,
845 "Failed to open SQLite database %s",
846 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]847 return INVALID_SEND_STATUS;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]848 }
849
850 snprintf(resp, sizeof(resp), "PolicyProvisioning,TIMEOUT");
851
852 for (i = 0; i < timeout; i++) {
853 free(id);
854 id = get_user_field(dut, db, imsi, "identity");
855 if (id) {
856 snprintf(resp, sizeof(resp),
857 "PolicyProvisioning,Provisioning Complete");
858 break;
859 }
860 sleep(1);
861 }
862
863 free(id);
864 sqlite3_close(db);
865
866 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]867 return STATUS_SENT;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]868}
869
870
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]871static enum sigma_cmd_result cmd_server_request_status(struct sigma_dut *dut,
872 struct sigma_conn *conn,
873 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]874{
875 const char *var, *username, *serialno, *imsi, *addr, *status;
876 int osu, timeout;
877 char resp[500];
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]878 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]879
880 var = get_param(cmd, "Program");
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]881 if (!var) {
882 send_resp(dut, conn, SIGMA_ERROR,
883 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]884 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]885 }
886
887 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]888 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
889 prog != PROGRAM_HS2_R4) {
Jouni Malinen0b1be632022-05-16 20:02:13 +0300[diff] [blame]890 send_resp(dut, conn, SIGMA_ERROR,
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]891 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]892 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]893 }
894
895 var = get_param(cmd, "Device");
896 if (!var ||
897 (strcasecmp(var, "AAAServer") != 0 &&
898 strcasecmp(var, "OSUServer") != 0)) {
899 send_resp(dut, conn, SIGMA_ERROR,
900 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]901 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]902 }
903 osu = strcasecmp(var, "OSUServer") == 0;
904
905 var = get_param(cmd, "Timeout");
906 if (!var) {
907 send_resp(dut, conn, SIGMA_ERROR,
908 "errorCode,Missing timeout");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]909 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]910 }
911 timeout = atoi(var);
912 sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout);
913
914 username = get_param(cmd, "UserName");
915 if (username)
916 sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username);
917 serialno = get_param(cmd, "SerialNo");
918 if (serialno)
919 sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno);
920 imsi = get_param(cmd, "imsi_val");
921 if (imsi)
922 sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi);
923 addr = get_param(cmd, "ClientMACAddr");
924 if (addr)
925 sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr);
926 status = get_param(cmd, "Status");
927 if (status)
928 sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status);
929
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]930 if (osu && status && strcasecmp(status, "Remediation") == 0)
931 return osu_remediation_status(dut, conn, timeout, username,
932 serialno);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]933
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]934 if (osu && status && strcasecmp(status, "PolicyUpdate") == 0)
935 return osu_polupd_status(dut, conn, timeout, username,
936 serialno);
937
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]938 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
939 username)
940 return aaa_auth_status(dut, conn, cmd, username, timeout);
941
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]942 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
943 serialno) {
944 snprintf(resp, sizeof(resp), "cert-%s", serialno);
945 return aaa_auth_status(dut, conn, cmd, resp, timeout);
946 }
947
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]948 if (osu && status && strcasecmp(status, "OSU") == 0)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]949 return osu_cert_enroll_status(dut, conn, cmd, addr, timeout);
950
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]951 if (osu && status && strcasecmp(status, "PolicyProvisioning") == 0 &&
952 imsi)
953 return osu_sim_policy_provisioning_status(dut, conn, imsi,
954 timeout);
955
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]956 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]957}
958
959
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]960static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial,
961 int enable)
962{
963 sqlite3 *db;
964 char *sql;
965 char id[100];
966 int ret = -1;
967
968 if (sqlite3_open(SERVER_DB, &db)) {
969 sigma_dut_print(dut, DUT_MSG_ERROR,
970 "Failed to open SQLite database %s",
971 SERVER_DB);
972 return -1;
973 }
974
975 snprintf(id, sizeof(id), "cert-%s", serial);
976 sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)",
Jouni Malinen959372f2018-12-04 13:49:45 +0200[diff] [blame]977 enable ? "reenroll" : "", id);
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]978 if (!sql)
979 goto fail;
980 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
981 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
982 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
983 sqlite3_errmsg(db));
984 goto fail;
985 }
986
987 if (sqlite3_changes(db) < 1) {
988 sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)");
989 goto fail;
990 }
991
992 ret = 0;
993fail:
994 sqlite3_close(db);
995
996 return ret;
997}
998
999
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1000static enum sigma_cmd_result cmd_server_set_parameter(struct sigma_dut *dut,
1001 struct sigma_conn *conn,
1002 struct sigma_cmd *cmd)
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1003{
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1004 const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1005 const char *reenroll, *serial;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1006 int osu, timeout = -1;
1007 enum sigma_program prog;
1008
1009 var = get_param(cmd, "Program");
1010 if (!var) {
1011 send_resp(dut, conn, SIGMA_ERROR,
1012 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1013 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1014 }
1015
1016 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]1017 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
1018 prog != PROGRAM_HS2_R4) {
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1019 send_resp(dut, conn, SIGMA_ERROR,
1020 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1021 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1022 }
1023
1024 var = get_param(cmd, "Device");
1025 if (!var ||
1026 (strcasecmp(var, "AAAServer") != 0 &&
1027 strcasecmp(var, "OSUServer") != 0)) {
1028 send_resp(dut, conn, SIGMA_ERROR,
1029 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1030 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1031 }
1032 osu = strcasecmp(var, "OSUServer") == 0;
1033
1034 var = get_param(cmd, "Timeout");
1035 if (var)
1036 timeout = atoi(var);
1037
1038 var = get_param(cmd, "ProvisioningProto");
1039 if (var && strcasecmp(var, "SOAP") != 0) {
1040 send_resp(dut, conn, SIGMA_ERROR,
1041 "errorCode,Unsupported ProvisioningProto");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1042 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1043 }
1044
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1045 reenroll = get_param(cmd, "CertReEnroll");
1046 serial = get_param(cmd, "SerialNo");
1047 if (reenroll && serial) {
1048 int enable;
1049
1050 if (strcasecmp(reenroll, "Enable") == 0) {
1051 enable = 1;
1052 } else if (strcasecmp(reenroll, "Disable") == 0) {
1053 enable = 0;
1054 } else {
1055 send_resp(dut, conn, SIGMA_ERROR,
1056 "errorCode,Invalid CertReEnroll value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1057 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1058 }
1059
1060 if (osu_set_cert_reenroll(dut, serial, enable) < 0) {
1061 send_resp(dut, conn, SIGMA_ERROR,
1062 "errorCode,Failed to update certificate reenrollment state");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1063 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1064 }
1065 }
1066
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1067 name = get_param(cmd, "Name");
1068 root_ca = get_param(cmd, "TrustRootCACert");
1069 inter_ca = get_param(cmd, "InterCACert");
1070 osu_cert = get_param(cmd, "OSUServerCert");
1071 issuing_arch = get_param(cmd, "Issuing_Arch");
1072
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1073 if (timeout > -1) {
1074 /* TODO */
1075 }
1076
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1077 if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) {
1078 const char *srv;
1079 char buf[500];
1080 char buf2[500];
1081 int col;
1082
1083 sigma_dut_print(dut, DUT_MSG_DEBUG,
1084 "Update server certificate setup");
1085
1086 if (strcasecmp(name, "ruckus") == 0) {
1087 srv = "RKS";
1088 } else if (strcasecmp(name, "aruba") == 0) {
1089 srv = "ARU";
1090 } else {
1091 send_resp(dut, conn, SIGMA_ERROR,
1092 "errorCode,Unsupported Name value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1093 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1094 }
1095
1096 if (strcasecmp(issuing_arch, "col2") == 0) {
1097 col = 2;
1098 } else if (strcasecmp(issuing_arch, "col4") == 0) {
1099 col = 4;
1100 } else {
1101 send_resp(dut, conn, SIGMA_ERROR,
1102 "errorCode,Unsupported Issuing_Arch value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1103 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1104 }
1105
1106 if (strcasecmp(root_ca, "ID-T") == 0) {
1107 sigma_dut_print(dut, DUT_MSG_DEBUG,
1108 "OSU trust root: NetworkFX");
1109 if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem "
1110 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1111 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1112 } else if (strcasecmp(root_ca, "ID-Y") == 0) {
1113 sigma_dut_print(dut, DUT_MSG_DEBUG,
1114 "OSU trust root: NetworkFX");
1115 if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem "
1116 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1117 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1118 } else if (strcasecmp(root_ca, "ID-K.1") == 0) {
1119 sigma_dut_print(dut, DUT_MSG_DEBUG,
1120 "OSU trust root: Not-trusted");
1121 if (system("cp " CERT_DIR "/IDK1-ca.pem "
1122 CERT_DIR "/cacert.pem") < 0)
1123 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1124 } else {
1125 send_resp(dut, conn, SIGMA_ERROR,
1126 "errorCode,Unsupported TrustRootCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1127 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1128 }
1129
1130 if (strcasecmp(inter_ca, "ID-Z.2") == 0) {
1131 sigma_dut_print(dut, DUT_MSG_DEBUG,
1132 "OSU intermediate CA: NetworkFX (col2)");
1133 if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> "
1134 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1135 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1136 } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) {
1137 sigma_dut_print(dut, DUT_MSG_DEBUG,
1138 "OSU intermediate CA: DigiCert (col2)");
1139 if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> "
1140 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1141 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1142 } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) {
1143 sigma_dut_print(dut, DUT_MSG_DEBUG,
1144 "OSU intermediate CA: NetworkFX (col4)");
1145 if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> "
1146 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1147 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1148 } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) {
1149 sigma_dut_print(dut, DUT_MSG_DEBUG,
1150 "OSU intermediate CA: DigiCert (col4)");
1151 if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> "
1152 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1153 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1154 } else if (strcasecmp(inter_ca, "ID-K.1") == 0) {
1155 sigma_dut_print(dut, DUT_MSG_DEBUG,
1156 "OSU intermediate CA: Not-trusted");
1157 if (system("cat " CERT_DIR "/IDK1-IntCA.pem >> "
1158 CERT_DIR "/cacert.pem") < 0)
1159 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1160 } else {
1161 send_resp(dut, conn, SIGMA_ERROR,
1162 "errorCode,Unsupported InterCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1163 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1164 }
1165
1166 if (strcasecmp(osu_cert, "ID-Q") == 0) {
1167 sigma_dut_print(dut, DUT_MSG_DEBUG,
1168 "OSU server cert: NetworkFX col%d",
1169 col);
1170 snprintf(buf, sizeof(buf),
1171 "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem "
1172 CERT_DIR "/server.pem",
1173 col, srv);
1174 snprintf(buf2, sizeof(buf2),
1175 "cp " CERT_DIR "/IDQ-key-%s.pem "
1176 CERT_DIR "/server.key", srv);
1177 } else if (strcasecmp(osu_cert, "ID-W") == 0) {
1178 sigma_dut_print(dut, DUT_MSG_DEBUG,
1179 "OSU server cert: DigiCert col%d",
1180 col);
1181 snprintf(buf, sizeof(buf),
1182 "cp " CERT_DIR "/IDW-cert-c%d-%s.pem "
1183 CERT_DIR "/server.pem",
1184 col, srv);
1185 snprintf(buf2, sizeof(buf2),
1186 "cp " CERT_DIR "/IDW-key-%s.pem "
1187 CERT_DIR "/server.key", srv);
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1188 } else if (strcasecmp(osu_cert, "ID-K.1") == 0) {
1189 sigma_dut_print(dut, DUT_MSG_DEBUG,
1190 "OSU server cert: Not-trusted");
1191 snprintf(buf, sizeof(buf),
1192 "cp " CERT_DIR "/IDK1-cert-%s.pem "
1193 CERT_DIR "/server.pem",
1194 srv);
1195 snprintf(buf2, sizeof(buf2),
1196 "cp " CERT_DIR "/IDK1-key-%s.pem "
1197 CERT_DIR "/server.key", srv);
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1198 } else if (strcasecmp(osu_cert, "ID-R.2") == 0) {
1199 sigma_dut_print(dut, DUT_MSG_DEBUG,
1200 "OSU server cert: NetworkFX revoked col%d",
1201 col);
1202 snprintf(buf, sizeof(buf),
1203 "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem "
1204 CERT_DIR "/server.pem",
1205 col, srv);
1206 snprintf(buf2, sizeof(buf2),
1207 "cp " CERT_DIR "/IDR2-key-%s.pem "
1208 CERT_DIR "/server.key", srv);
1209 } else if (strcasecmp(osu_cert, "ID-R.4") == 0) {
1210 sigma_dut_print(dut, DUT_MSG_DEBUG,
1211 "OSU server cert: DigiCert revoked col%d",
1212 col);
1213 snprintf(buf, sizeof(buf),
1214 "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem "
1215 CERT_DIR "/server.pem",
1216 col, srv);
1217 snprintf(buf2, sizeof(buf2),
1218 "cp " CERT_DIR "/IDR4-key-%s.pem "
1219 CERT_DIR "/server.key", srv);
1220 } else {
1221 send_resp(dut, conn, SIGMA_ERROR,
1222 "errorCode,Unsupported OSUServerCert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1223 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1224 }
1225
1226 if (system(buf) < 0 || system(buf2) < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1227 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1228
1229 if (system("service apache2 reload") < 0) {
1230 send_resp(dut, conn, SIGMA_ERROR,
1231 "errorCode,Failed to restart Apache");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1232 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1233 }
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1234 }
1235
1236 /* TODO */
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1237 return SUCCESS_SEND_STATUS;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1238}
1239
1240
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1241void server_register_cmds(void)
1242{
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]1243 sigma_dut_reg_cmd("server_ca_get_version", NULL,
1244 cmd_server_ca_get_version);
1245 sigma_dut_reg_cmd("server_get_info", NULL,
1246 cmd_server_get_info);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1247 sigma_dut_reg_cmd("server_reset_default", NULL,
1248 cmd_server_reset_default);
1249 sigma_dut_reg_cmd("server_request_status", NULL,
1250 cmd_server_request_status);
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1251 sigma_dut_reg_cmd("server_set_parameter", NULL,
1252 cmd_server_set_parameter);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1253}